From: Mr Dash Four <mr.dash.four@googlemail.com>
To: netfilter@vger.kernel.org
Cc: Eric Paris <eparis@parisplace.org>
Subject: Re: decipher the secmark number from nf_conntrack/ip_conntrack
Date: Tue, 21 Sep 2010 21:13:02 +0100 [thread overview]
Message-ID: <4C9911CE.6090209@googlemail.com> (raw)
In-Reply-To: <4C988214.6050600@googlemail.com>
>> http://www.spinics.net/lists/netfilter/msg49106.html
>>
>> I don't think that approach is right. Exporting a number at ALL is
>> broken. It should only ever say the name.
>>
> I am aware of that and the proposed patch works as I did test it after
> Tom released it yesterday.
>
> As for your comment above - it is better than NOTHING.
>
> If you think that the current scenario, when I see meaningless number
> in the secmark field, helps me track the actual security context of
> the listed connection, then think again, because there is NO way I
> could know what number maps to which context.
>
> Tom's patch at least gives me that mapping when I list the mangle
> table, so it is a start and it works. Again, - the patch, if applied,
> is better than what currently exists in iptables. Also, 'exporting a
> number at all' is NOT broken - look at Tom's patch again - it does not
> break anything.
next prev parent reply other threads:[~2010-09-21 20:13 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-19 23:04 decipher the secmark number from nf_conntrack/ip_conntrack Mr Dash Four
2010-09-20 0:48 ` Jan Engelhardt
2010-09-20 10:41 ` Mr Dash Four
2010-09-20 12:23 ` Jan Engelhardt
2010-09-20 12:42 ` Mr Dash Four
2010-09-20 18:15 ` Mr Dash Four
2010-09-20 21:49 ` Tom Eastep
2010-09-20 23:26 ` Jan Engelhardt
2010-09-20 23:55 ` Tom Eastep
2010-09-21 9:59 ` Mr Dash Four
2010-09-21 20:13 ` Mr Dash Four [this message]
2010-09-21 20:26 ` Eric Paris
2010-09-21 21:00 ` Eric Paris
2010-09-21 22:38 ` Mr Dash Four
2010-09-21 22:42 ` Jan Engelhardt
2010-09-21 22:51 ` Mr Dash Four
2010-09-21 23:10 ` Eric Paris
2010-09-21 23:35 ` Jan Engelhardt
2010-09-23 18:39 ` Eric Paris
2010-09-23 18:49 ` Jan Engelhardt
2010-09-23 18:52 ` Eric Paris
2010-09-23 18:57 ` Jan Engelhardt
2010-09-23 18:58 ` Eric Paris
2010-09-23 19:20 ` Mr Dash Four
2010-09-23 19:51 ` Jan Engelhardt
2010-09-23 20:05 ` Mr Dash Four
2010-09-23 20:18 ` Mr Dash Four
2010-09-23 20:34 ` Eric Paris
2010-09-23 20:38 ` Mr Dash Four
2010-09-23 20:53 ` Jan Engelhardt
2010-09-23 20:56 ` Mr Dash Four
2010-09-23 21:23 ` Jan Engelhardt
2010-09-23 21:38 ` Mr Dash Four
2010-09-23 22:12 ` Jan Engelhardt
2010-09-23 22:30 ` Mr Dash Four
2010-09-23 22:42 ` Eric Paris
2010-09-23 23:59 ` Jan Engelhardt
2010-09-24 0:24 ` Tom Eastep
2010-09-24 0:32 ` Mr Dash Four
2010-09-24 1:18 ` Jan Engelhardt
2010-09-24 0:27 ` Mr Dash Four
2010-09-23 20:42 ` Jan Engelhardt
2010-09-23 20:53 ` Mr Dash Four
2010-09-21 22:29 ` Mr Dash Four
2010-09-22 2:25 ` Tom Eastep
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C9911CE.6090209@googlemail.com \
--to=mr.dash.four@googlemail.com \
--cc=eparis@parisplace.org \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.