From: Patrick McHardy <kaber@trash.net>
To: "David S. Miller" <davem@davemloft.net>
Cc: netdev@vger.kernel.org, netfilter-devel@lists.netfilter.org,
yasuyuki.kozakai@toshiba.co.jp
Subject: Re: [PATCH 06/13]: [IPV4/6]: Netfilter IPsec input hooks
Date: Mon, 21 Nov 2005 17:52:56 +0100 [thread overview]
Message-ID: <4381FB68.2090103@trash.net> (raw)
In-Reply-To: <20051120.230034.105307423.davem@davemloft.net>
David S. Miller wrote:
> I've read over Patrick's two most recent postings of these patches
> and I think they are generally sane and I cannot find any holes in
> them. Herbert brought up the legitimate concern about defragmentation,
> but I think that's a detail and does not take away from the structural
> soundness of Patrick's approach.
I think we implicitly agreed on moving the POST_ROUTING hook before
fragmentation and change the user-visible behaviour of the mangle
POSTROUTING chain. At least neither Harald not Rusty objected to
the patch :)
next prev parent reply other threads:[~2005-11-21 16:52 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-20 16:31 [PATCH 00/13]: Netfilter IPsec support Patrick McHardy
2005-11-20 16:31 ` [PATCH 01/13]: [NETFILTER]: Remove okfn usage in ip_vs_core.c Patrick McHardy
2005-11-20 16:31 ` [PATCH 02/13]: [NETFILTER]: Call POST_ROUTING hook before fragmentation Patrick McHardy
2005-11-20 16:31 ` [PATCH 03/13]: [IPV4]: Replace dst_output by ip_dst_output Patrick McHardy
2005-11-20 16:31 ` [PATCH 04/13]: [IPV6]: Replace dst_output by ip6_dst_output Patrick McHardy
2005-11-20 16:31 ` [PATCH 05/13]: [IPV4/6]: Netfilter IPsec output hooks Patrick McHardy
2005-11-22 4:40 ` Herbert Xu
2005-11-22 4:53 ` Patrick McHardy
2005-11-22 5:13 ` Patrick McHardy
2005-11-22 10:30 ` Herbert Xu
2005-11-22 10:31 ` Herbert Xu
2005-11-22 12:13 ` Herbert Xu
2005-11-28 1:07 ` Patrick McHardy
2005-11-28 4:56 ` Herbert Xu
2005-11-28 12:25 ` Patrick McHardy
2005-12-04 22:09 ` Patrick McHardy
2005-12-04 22:15 ` Herbert Xu
2005-11-20 16:31 ` [PATCH 06/13]: [IPV4/6]: Netfilter IPsec input hooks Patrick McHardy
2005-11-21 4:42 ` Yasuyuki KOZAKAI
[not found] ` <200511210442.jAL4gPoO001846@toshiba.co.jp>
2005-11-21 6:52 ` Patrick McHardy
2005-11-21 7:00 ` David S. Miller
2005-11-21 7:47 ` Herbert Xu
2005-11-21 16:52 ` Patrick McHardy [this message]
2005-11-21 10:53 ` Yasuyuki KOZAKAI
[not found] ` <200511211053.jALAro04019574@toshiba.co.jp>
2005-11-21 16:34 ` Patrick McHardy
[not found] ` <438185ED.3050005@miyazawa.org>
2005-11-21 8:50 ` YOSHIFUJI Hideaki / 吉藤英明
2005-11-21 16:29 ` Patrick McHardy
2005-12-01 1:27 ` Herbert Xu
2005-12-04 22:06 ` Patrick McHardy
2005-12-04 22:10 ` Herbert Xu
2005-12-04 22:49 ` Patrick McHardy
2005-11-20 16:31 ` [PATCH 07/13]: [NETFILTER]: Fix xfrm lookup in ip_route_me_harder/ip6_route_me_harder Patrick McHardy
2005-11-28 21:06 ` Herbert Xu
2005-11-29 7:02 ` Patrick McHardy
2005-11-29 7:34 ` Herbert Xu
2005-11-29 7:49 ` David S. Miller
2005-11-29 11:31 ` Herbert Xu
2005-11-20 16:31 ` [PATCH 08/13]: [NETFILTER]: Use conntrack information to determine if packet was NATed Patrick McHardy
2005-11-20 16:31 ` [PATCH 09/13]: [NETFILTER]: Redo policy lookups after NAT when neccessary Patrick McHardy
2005-11-20 16:43 ` Patrick McHardy
2005-11-20 16:31 ` [PATCH 10/13]: [NETFILTER]: Keep the conntrack reference until after policy checks Patrick McHardy
2005-11-20 16:31 ` [PATCH 11/13]: [NETFILTER]: Handle NAT in IPsec " Patrick McHardy
2005-11-20 16:31 ` [PATCH 12/13]: [NETFILTER]: Export ip6_masked_addrcmp, don't pass IPv6 addresses on stack Patrick McHardy
2005-11-20 16:31 ` [PATCH 13/13]: [NETFILTER]: Add ipt_policy/ip6t_policy matches Patrick McHardy
[not found] ` <200511201902.10179.lists@naasa.net>
2005-11-20 18:07 ` [PATCH 00/13]: Netfilter IPsec support Patrick McHardy
2005-11-22 22:34 ` David S. Miller
2005-11-22 22:38 ` YOSHIFUJI Hideaki / 吉藤英明
2005-11-23 1:20 ` Patrick McHardy
2005-11-23 1:17 ` Patrick McHardy
2005-11-23 1:35 ` Herbert Xu
2005-11-23 3:36 ` David S. Miller
2005-11-23 4:47 ` Herbert Xu
2005-11-23 4:52 ` Yasuyuki KOZAKAI
2005-11-23 3:35 ` David S. Miller
[not found] <4381F4C7.9070903@trash.net>
[not found] ` <43826F77.7040502@miyazawa.org>
[not found] ` <438270F2.3000603@trash.net>
2005-11-23 10:38 ` [PATCH 06/13]: [IPV4/6]: Netfilter IPsec input hooks YOSHIFUJI Hideaki / 吉藤英明
2005-12-18 14:27 ` Patrick McHardy
2005-12-18 15:15 ` YOSHIFUJI Hideaki / 吉藤英明
2005-12-18 22:59 ` Patrick McHardy
2005-12-19 3:46 ` YOSHIFUJI Hideaki / 吉藤英明
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4381FB68.2090103@trash.net \
--to=kaber@trash.net \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=yasuyuki.kozakai@toshiba.co.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.