From: Patrick McHardy <kaber@trash.net>
To: hadi@cyberus.ca
Cc: Andy Furniss <andy.furniss@dsl.pipex.com>,
Harald Welte <laforge@gnumonks.org>,
Remus <rmocius@auste.elnet.lt>, netdev <netdev@oss.sgi.com>,
Nguyen Dinh Nam <nguyendinhnam@gmail.com>,
Andre Tomt <andre@tomt.net>,
syrius.ml@no-log.org, Damion de Soto <damion@snapgear.com>
Subject: Re: iptables breakage WAS(Re: dummy as IMQ replacement
Date: Fri, 25 Mar 2005 21:18:20 +0100 [thread overview]
Message-ID: <4244720C.1040907@trash.net> (raw)
In-Reply-To: <1111781443.1092.631.camel@jzny.localdomain>
jamal wrote:
> I dont think connmark will work - yet. Patrick? I think you need
> something attached on the skb that is derived off the netfilter
> contracking code for it to be usable.
Correct.
> Things will work once the "action track" is in place; i.e you would
> then say:
> "match xxx .. \
> action track \
> action connmark"
>
> If i was to prioritize my time for new actions - how important is this?
> I also wish someone else would start writting some of these actions ;->
> Wanna right the tracking one? I could help - wink.
Before this the ipt action needs to make sure the packets are in valid
state from the view of conntrack/ip_tables. Right now it doesn't even
check if its IP. Both assume the length checks in ip_rcv() have been
performed, it actually creates security problems in a few places if
they haven't - length calculations can underflow and bad things will
happen.
Regards
Patrick
next prev parent reply other threads:[~2005-03-25 20:18 UTC|newest]
Thread overview: 126+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-30 22:12 dummy as IMQ replacement Jamal Hadi Salim
2005-01-31 8:20 ` Hasso Tepper
2005-01-31 12:25 ` jamal
2005-01-31 12:38 ` Hasso Tepper
2005-01-31 12:47 ` jamal
2005-01-31 13:02 ` Hasso Tepper
2005-01-31 13:28 ` Thomas Graf
2005-01-31 13:45 ` jamal
2005-01-31 14:06 ` Thomas Graf
2005-01-31 14:29 ` jamal
2005-01-31 13:39 ` jamal
2005-01-31 14:14 ` Hasso Tepper
2005-01-31 14:25 ` jamal
2005-01-31 14:46 ` Hasso Tepper
2005-01-31 15:34 ` jamal
2005-01-31 18:00 ` Lennert Buytenhek
2005-01-31 20:08 ` jamal
2005-01-31 13:58 ` Thomas Graf
2005-01-31 14:19 ` jamal
2005-01-31 15:15 ` Thomas Graf
2005-01-31 15:40 ` jamal
2005-01-31 15:59 ` Thomas Graf
2005-01-31 16:40 ` jamal
2005-01-31 18:15 ` Thomas Graf
2005-01-31 20:18 ` jamal
2005-01-31 22:53 ` Thomas Graf
2005-02-01 12:02 ` jamal
2005-02-01 12:51 ` Thomas Graf
2005-02-01 13:13 ` jamal
2005-02-01 22:44 ` Thomas Graf
2005-02-02 14:24 ` jamal
2005-02-02 15:40 ` Thomas Graf
2005-02-02 15:55 ` Thomas Graf
2005-01-31 20:28 ` David S. Miller
2005-02-01 1:02 ` Andy Furniss
2005-02-01 13:31 ` Thomas Graf
2005-02-01 15:03 ` Andy Furniss
2005-02-02 13:28 ` Thomas Graf
2005-01-31 16:27 ` Andre Correa
2005-01-31 16:51 ` Jamal Hadi Salim
2005-01-31 22:39 ` Andy Furniss
2005-02-01 11:49 ` jamal
2005-02-01 14:53 ` Andy Furniss
2005-02-02 14:05 ` jamal
2005-02-04 0:33 ` Andy Furniss
2005-02-01 11:32 ` Andy Furniss
[not found] ` <0fcf01c5077f$579e4b80$6e69690a@RIMAS>
[not found] ` <1107174142.8021.121.camel@jzny.localdomain>
2005-03-09 14:30 ` Remus
2005-03-09 14:38 ` jamal
2005-03-10 1:06 ` Jamal Hadi Salim
2005-03-10 9:18 ` Remus
2005-03-10 11:22 ` jamal
2005-03-19 1:09 ` Andy Furniss
2005-03-19 1:45 ` jamal
2005-03-19 10:23 ` Andy Furniss
2005-03-20 13:20 ` jamal
2005-03-20 13:55 ` jamal
2005-03-20 18:31 ` jamal
2005-03-21 22:08 ` Andy Furniss
2005-03-21 13:14 ` iptables breakage WAS(Re: " jamal
2005-03-21 21:50 ` Andy Furniss
2005-03-21 22:41 ` jamal
2005-03-22 1:15 ` Andy Furniss
2005-03-22 3:31 ` jamal
2005-03-22 21:09 ` Andy Furniss
2005-03-23 3:57 ` jamal
2005-03-23 19:33 ` Andy Furniss
2005-03-23 19:45 ` jamal
2005-03-23 20:53 ` Andy Furniss
2005-03-23 21:07 ` jamal
2005-03-23 22:46 ` Andy Furniss
2005-03-23 23:12 ` Andy Furniss
2005-03-24 0:34 ` jamal
2005-03-24 1:00 ` Andy Furniss
2005-03-24 0:53 ` jamal
2005-03-24 1:08 ` Andy Furniss
2005-03-24 11:32 ` jamal
2005-03-24 11:57 ` jamal
2005-03-24 15:41 ` Andy Furniss
2005-03-25 11:13 ` jamal
2005-03-25 12:39 ` jamal
2005-03-25 17:27 ` Patrick McHardy
2005-03-25 18:34 ` jamal
2005-03-25 19:01 ` Patrick McHardy
2005-03-25 20:07 ` Patrick McHardy
2005-03-25 20:31 ` jamal
2005-03-25 20:37 ` Patrick McHardy
2005-03-25 20:54 ` jamal
2005-03-25 21:23 ` Patrick McHardy
2005-03-25 19:08 ` jamal
2005-03-25 19:22 ` jamal
2005-03-25 19:59 ` Andy Furniss
2005-03-25 20:09 ` Patrick McHardy
2005-03-25 20:42 ` Andy Furniss
2005-03-25 20:10 ` jamal
2005-03-25 20:18 ` Patrick McHardy [this message]
2005-03-25 20:45 ` jamal
2005-03-25 21:10 ` Patrick McHardy
2005-03-25 21:57 ` jamal
2005-03-25 20:20 ` Thomas Graf
2005-03-25 20:48 ` jamal
2005-03-25 21:01 ` Thomas Graf
2005-03-25 21:48 ` jamal
2005-03-25 22:03 ` Thomas Graf
2005-03-25 22:20 ` jamal
2005-03-25 20:39 ` Patrick McHardy
2005-03-25 20:55 ` jamal
2005-03-25 21:00 ` Patrick McHardy
2005-03-25 21:44 ` jamal
2005-03-25 21:18 ` Andy Furniss
2005-03-25 22:12 ` IMQ again WAS(Re: " jamal
2005-03-25 23:26 ` Andy Furniss
2005-03-27 19:35 ` Andy Furniss
2005-03-28 13:39 ` Andy Furniss
2005-03-28 13:45 ` jamal
2005-03-28 13:55 ` Andy Furniss
2005-03-28 14:08 ` jamal
2005-03-28 13:57 ` jamal
2005-03-28 14:12 ` Andy Furniss
2005-03-28 14:20 ` jamal
2005-03-28 14:28 ` Andy Furniss
2005-03-28 14:36 ` Andy Furniss
2005-03-28 15:24 ` Andy Furniss
2005-03-28 19:27 ` jamal
2005-03-28 20:13 ` Andy Furniss
2005-03-23 1:31 ` Patrick McHardy
2005-03-23 4:01 ` jamal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4244720C.1040907@trash.net \
--to=kaber@trash.net \
--cc=andre@tomt.net \
--cc=andy.furniss@dsl.pipex.com \
--cc=damion@snapgear.com \
--cc=hadi@cyberus.ca \
--cc=laforge@gnumonks.org \
--cc=netdev@oss.sgi.com \
--cc=nguyendinhnam@gmail.com \
--cc=rmocius@auste.elnet.lt \
--cc=syrius.ml@no-log.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.