From: Patrick McHardy <kaber@trash.net>
To: Horms <horms@verge.net.au>
Cc: vyekkirala@TrustedCS.com, Ken Brownfield <krb@irridia.com>,
Roberto Nibali <ratz@drugphish.ch>,
netfilter-devel@lists.netfilter.org,
Farid Sarwari <fsarwari@exchangesolutions.com>,
Julian Anastasov <ja@ssi.bg>, David Black <dave@jamsoft.com>,
Joseph Mack NA3T <jmack@wm7d.net>,
David Miller <davem@davemloft.net>
Subject: Re: [patch 3/3] Replace reverse_route() with a call to ip_route_me_harder()
Date: Fri, 29 Sep 2006 15:38:51 +0200 [thread overview]
Message-ID: <451D21EB.9090500@trash.net> (raw)
In-Reply-To: <20060921093021.628489000@tabatha.lab.ultramonkey.org>
Horms wrote:
> Index: net-2.6.19/net/ipv4/netfilter/ipt_REJECT.c
> ===================================================================
> --- net-2.6.19.orig/net/ipv4/netfilter/ipt_REJECT.c 2006-09-19 12:50:43.000000000 +0900
> +++ net-2.6.19/net/ipv4/netfilter/ipt_REJECT.c 2006-09-21 17:55:37.000000000 +0900
> @@ -38,13 +38,9 @@
> #define DEBUGP(format, args...)
> #endif
>
> -static inline struct rtable *route_reverse(struct sk_buff *skb,
> - struct tcphdr *tcph, int hook)
> +static inline int send_reset_route(struct sk_buff **pskb, int hook)
> {
> ...
> - security_skb_classify_flow(skb, &fl);
With this patch we loose the security_skb_classify_flow call.
I think it is also needed in ip_route_me_harder, if so your
patch seems fine (but I get large rejects with the current
tree, so I'm going to redo it).
Venkat, is it correct to place a security_skb_classify_flow
call in ip_route_me_harder (which also handles currently
unlabeled protocols)?
next prev parent reply other threads:[~2006-09-29 13:38 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-09-19 2:45 [patch 0/3] Add addr_type to ip_route_me_harder() Horms
2006-09-19 2:45 ` [patch 1/3] add type parameter to ip_route_me_harder Horms
2006-09-20 10:30 ` Patrick McHardy
2006-09-20 14:17 ` Horms
2006-09-20 15:45 ` Patrick McHardy
2006-09-21 9:21 ` Horms
2006-09-21 9:22 ` [patch 0/3] Add addr_type to ip_route_me_harder() Horms
2006-09-21 9:22 ` [patch 1/3] add type parameter to ip_route_me_harder Horms
2006-09-21 9:22 ` [patch 2/3] Honour source routing for LVS-NAT Horms
2006-09-29 13:38 ` Patrick McHardy
2006-10-02 1:57 ` Horms
2006-09-21 9:22 ` [patch 3/3] Replace reverse_route() with a call to ip_route_me_harder() Horms
2006-09-29 13:38 ` Patrick McHardy [this message]
2006-09-19 2:45 ` [patch 2/3] Honour source routing for LVS-NAT Horms
2006-09-19 2:45 ` [patch 3/3] Replace reverse_route() with a call to ip_route_me_harder() Horms
2006-09-19 3:56 ` Horms
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=451D21EB.9090500@trash.net \
--to=kaber@trash.net \
--cc=dave@jamsoft.com \
--cc=davem@davemloft.net \
--cc=fsarwari@exchangesolutions.com \
--cc=horms@verge.net.au \
--cc=ja@ssi.bg \
--cc=jmack@wm7d.net \
--cc=krb@irridia.com \
--cc=netfilter-devel@lists.netfilter.org \
--cc=ratz@drugphish.ch \
--cc=vyekkirala@TrustedCS.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.