Re: [PATCH] Introducing socket mark socket option

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Laszlo Attila Toth <panther@balabit.hu>
Cc: Netfilter Developer Mailing List
	<netfilter-devel@vger.kernel.org>,
	netdev@vger.kernel.org, linux-arch@vger.kernel.org
Subject: Re: [PATCH] Introducing socket mark socket option
Date: Wed, 23 Jan 2008 15:19:51 +0100	[thread overview]
Message-ID: <47974D07.5040202@trash.net> (raw)
In-Reply-To: <12010920051270-git-send-email-panther@balabit.hu>

Laszlo Attila Toth wrote:
> A userspace program may wish to set the mark for each packets its send
> without using the netfilter MARK target. Changing the mark can be used
> mark based routing without netfilter or for packet filtering.
> 
> It requires CAP_NET_ADMIN capability.
> 

> @@ -403,6 +403,7 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb)
>  					      { .daddr = daddr,
>  						.saddr = rt->rt_spec_dst,
>  						.tos = RT_TOS(ip_hdr(skb)->tos) } },
> +				    .mark = sk->sk_mark,

This is useless, the icmp socket is not visible to userspace.

> --- a/net/ipv4/ip_output.c
> +++ b/net/ipv4/ip_output.c
 > ...

What about IPv6?

next prev parent reply	other threads:[~2008-01-23 14:20 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-01-23 12:40 [PATCH] Introducing socket mark socket option Laszlo Attila Toth
2008-01-23 14:19 ` Patrick McHardy [this message]
2008-01-24  9:38   ` [resend][PATCH] " Laszlo Attila Toth
2008-01-24  9:43     ` Patrick McHardy
2008-01-31  3:08       ` David Miller
     [not found] <12010124971855-git-send-email->
2008-01-22 14:38 ` [PATCH] " Patrick McHardy
2008-01-23  9:05   ` Laszlo Attila Toth
  -- strict thread matches above, loose matches on Subject: below --
2008-01-22 14:34 laszlo, attila, Toth <panther

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47974D07.5040202@trash.net \
    --to=kaber@trash.net \
    --cc=linux-arch@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=panther@balabit.hu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.