All of lore.kernel.org
 help / color / mirror / Atom feed
From: Pablo Neira <pablo@eurodev.net>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: Harald Welte <laforge@netfilter.org>,
	"Oleg V. Sapon" <sov.rbsec@gmail.com>,
	netfilter-devel@lists.netfilter.org
Subject: Re: NetFilter unclean modue in 2.6.x kernels
Date: Mon, 24 Jan 2005 11:21:51 +0100	[thread overview]
Message-ID: <41F4CC3F.7070505@eurodev.net> (raw)
In-Reply-To: <Pine.LNX.4.58.0501240922370.6574@blackhole.kfki.hu>

Jozsef Kadlecsik wrote:

>Hi Harald,
>
>On Sat, 22 Jan 2005, Harald Welte wrote:
>
>  
>
>>On Sat, Jan 22, 2005 at 12:13:56AM +0300, Oleg V. Sapon wrote:
>>    
>>
>>> Can you help locate unclean module for 2.6.x kernel or we must use
>>> source files from 2.6.0-test4?
>>>      
>>>
>>I fear nobody did that port to recent 2.6.x and put it into
>>patch-o-matic :(
>>
>>I just did that with the old code from 2.6.0-testX.  I didn't have the
>>time to give it any runtime testing, but at least it compiled (after
>>fixing up some includes).
>>    
>>
>
>I also ported the unclean patch to 2.6 some time ago. The main reason I
>did not post it was the slightly modified API.
>
>The port I created verifies the checksums as well, relying on hardware
>checksums when possible. 
>

Hm, the error API makes sure that we don't start a session in the 
connection tracking with unclean packets (since kernel 2.6.6). So 
something like:

iptables -m state INVALID -j ULOG

should be enough to log evil packets.

The checkings aren't so strict as those that the unclean module used to 
do but with a couple of patches I could tighten that. Actually I 
remember a discussion with Jozsef about this. As far as I can remember 
he didn't like so much the idea of putting half of the unclean module there.

--
Pablo

  parent reply	other threads:[~2005-01-24 10:21 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <200501220013.56429.sov.rbsec@gmail.com>
2005-01-21 23:33 ` NetFilter unclean modue in 2.6.x kernels Harald Welte
2005-01-24  8:40   ` Jozsef Kadlecsik
2005-01-24  8:57     ` Harald Welte
2005-01-24  9:13       ` Jozsef Kadlecsik
2005-01-24  9:22         ` Harald Welte
2005-01-24 10:21     ` Pablo Neira [this message]
2005-01-24 10:53       ` Jozsef Kadlecsik

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=41F4CC3F.7070505@eurodev.net \
    --to=pablo@eurodev.net \
    --cc=kadlec@blackhole.kfki.hu \
    --cc=laforge@netfilter.org \
    --cc=netfilter-devel@lists.netfilter.org \
    --cc=sov.rbsec@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.