From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Daniel Mack <daniel@zonque.org>
Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>,
Florian Westphal <fw@strlen.de>,
daniel@iogearbox.net, netfilter-devel@vger.kernel.org,
netdev@vger.kernel.org, balazs.scheidler@balabit.com
Subject: Re: [PATCH RFC 3/7] netfilter: add NF_INET_LOCAL_SOCKET_IN chain type
Date: Fri, 2 Oct 2015 13:07:56 +0200 [thread overview]
Message-ID: <20151002110756.GA29822@salvia> (raw)
In-Reply-To: <560DA092.60100@zonque.org>
On Thu, Oct 01, 2015 at 11:07:30PM +0200, Daniel Mack wrote:
[...]
> That, however, got rejected because it doesn't work for multicast. This
> patch set implements one of the things Pablo suggested in his reply.
People are rising valid concerns here, so far we got a RFC where you
say that you don't have a proper setup to validate performance impact.
>From the locking front, you indicated that there are possible problems
in this RFC, although you claim those can be fixed.
No examples on how you will use this are shown, which has triggered
questions on how you plan to use this. Only one use-case that has been
described in natural language.
Rergading inconsistent behaviour when no process are listening, your
argument is that "that can be documented".
Frankly, I would expect you do the work from your side to justify the
inclusion of this, and that requires that your cover open fronts from
the technical side, not just arguing.
Thanks.
next prev parent reply other threads:[~2015-10-02 11:07 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-29 11:12 [PATCH RFC 0/7] netfilter: introduce new chain type for local socket input Daniel Mack
2015-09-29 11:12 ` [PATCH RFC 1/7] netfilter: add socket to struct nft_pktinfo Daniel Mack
2015-09-29 18:25 ` Eric W. Biederman
2015-09-29 11:12 ` [PATCH RFC 2/7] netfilter: nft_meta: look at pkt->sk rather than skb->sk Daniel Mack
2015-09-29 13:37 ` kbuild test robot
2015-09-29 11:12 ` [PATCH RFC 3/7] netfilter: add NF_INET_LOCAL_SOCKET_IN chain type Daniel Mack
2015-09-29 21:19 ` Florian Westphal
2015-09-30 7:24 ` Daniel Mack
2015-09-30 7:40 ` Jan Engelhardt
2015-09-30 8:54 ` Daniel Mack
2015-09-30 21:48 ` Florian Westphal
2015-10-01 9:04 ` Daniel Mack
2015-10-01 17:13 ` Marcelo Ricardo Leitner
2015-10-01 21:07 ` Daniel Mack
2015-10-01 21:34 ` Marcelo Ricardo Leitner
2015-10-02 11:07 ` Pablo Neira Ayuso [this message]
2015-10-02 13:52 ` Daniel Mack
2015-09-29 11:12 ` [PATCH RFC 4/7] net: tcp_ipv4, udp_ipv4: hook up LOCAL_SOCKET_IN netfilter chains Daniel Mack
2015-09-29 11:12 ` [PATCH RFC 5/7] net: tcp_ipv6, udp_ipv6: " Daniel Mack
2015-09-29 11:12 ` [PATCH RFC 6/7] net: sctp: " Daniel Mack
2015-09-29 11:12 ` [PATCH RFC 7/7] net: dccp: " Daniel Mack
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151002110756.GA29822@salvia \
--to=pablo@netfilter.org \
--cc=balazs.scheidler@balabit.com \
--cc=daniel@iogearbox.net \
--cc=daniel@zonque.org \
--cc=fw@strlen.de \
--cc=marcelo.leitner@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).