From: Patrick McHardy <kaber@trash.net>
To: Juha Heljoranta <juha.heljoranta@evtek.fi>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: Status of owner-socketlookup
Date: Wed, 27 Apr 2005 16:52:46 +0200 [thread overview]
Message-ID: <426FA73E.3090605@trash.net> (raw)
In-Reply-To: <426FA44A.2010008@evtek.fi>
Juha Heljoranta wrote:
> Ideas how to identify sending process are indeed needed. How about
> adding sender information (pid) into skb?
Well, it seems the whole concept of associating sockets with processes
is flawed, a socket can be owned by any number of processes, and even a
single packet can be created by multiple processes. For outgoing packets
it would be possible to store the pid in the skb and handle the unlikely
case of a packet created by multiple processes somehow, but for incoming
packets we really don't know which process is going to receive a packet
until it calls recvmsg(). This is too late for filtering with netfilter
because multiple references (device, conntrack, ..) need to be dropped
earlier.
Regards
Patrick
next prev parent reply other threads:[~2005-04-27 14:52 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-27 4:22 Status of owner-socketlookup James Morris
2005-04-27 4:22 ` David S. Miller
2005-04-27 4:44 ` James Morris
2005-04-27 10:09 ` Patrick McHardy
2005-04-27 13:59 ` James Morris
2005-04-27 14:04 ` Patrick McHardy
2005-04-27 18:47 ` David S. Miller
2005-04-27 14:40 ` Juha Heljoranta
2005-04-27 14:52 ` Patrick McHardy [this message]
2005-04-27 18:49 ` David S. Miller
2005-04-27 19:37 ` Patrick McHardy
2005-04-27 22:43 ` James Morris
2005-05-10 15:59 ` Netfilter socket hooks (was: Re: Status of owner-socketlookup) Patrick McHardy
2005-05-10 16:00 ` [netfilter socket hooks 1/5]: Add socket hook infrastructure Patrick McHardy
2005-05-11 23:22 ` James Morris
2005-05-11 23:27 ` James Morris
2005-05-11 23:27 ` Patrick McHardy
2005-05-10 16:00 ` [netfilter socket hooks 2/5]: Add protocol hooks Patrick McHardy
2005-05-10 16:01 ` [netfilter socket hooks 3/5]: Add struct sock * argument to ipt_do_table() Patrick McHardy
2005-05-10 16:01 ` [netfilter socket hooks 4/5]: Add struct sock * argument to match functions Patrick McHardy
2005-05-10 16:01 ` [netfilter socket hooks 5/5]: Add skfilter table Patrick McHardy
2005-05-10 18:26 ` Netfilter socket hooks (was: Re: Status of owner-socketlookup) James Morris
2005-05-10 20:37 ` Netfilter socket hooks Jonas Berlin
2005-05-11 0:04 ` David S. Miller
2005-05-11 23:57 ` Netfilter socket hooks (was: Re: Status of owner-socketlookup) James Morris
2005-05-12 0:12 ` Netfilter socket hooks Patrick McHardy
2005-04-27 6:04 ` [PATCH] owner-socketlookup update for 2.6.12-rc3 James Morris
2005-04-27 6:13 ` David S. Miller
2005-04-27 6:43 ` Patrick Schaaf
2005-04-27 6:55 ` Patrick Schaaf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=426FA73E.3090605@trash.net \
--to=kaber@trash.net \
--cc=juha.heljoranta@evtek.fi \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.