From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
To: Eyal Birger <eyal.birger@gmail.com>
Cc: Phil Sutter <phil@nwl.cc>,
Steffen Klassert <steffen.klassert@secunet.com>,
linux-crypto@vger.kernel.org, netfilter-devel@vger.kernel.org,
Linux Kernel Network Developers <netdev@vger.kernel.org>
Subject: Re: [PATCH v2] xfrm: interface: Don't hide plain packets from netfilter
Date: Thu, 10 Dec 2020 14:18:45 +0100 [thread overview]
Message-ID: <b5c1259b-71e8-57d2-85f2-d5971f33e977@6wind.com> (raw)
In-Reply-To: <CAHsH6GsoavW+435MOTKy33iznMc_-JZ-kndr+G=YxuW7DWLNPA@mail.gmail.com>
Le 10/12/2020 à 12:48, Eyal Birger a écrit :
> Hi Nicolas,
Hi Eyal,
>
> On Thu, Dec 10, 2020 at 1:10 PM Nicolas Dichtel
> <nicolas.dichtel@6wind.com> wrote:
[snip]
> I also think they should be consistent. But it'd still be confusing to me
> to get an OUTPUT hook on the inner packet in the forwarding case.
I re-read the whole thread and I agree with you. There is no reason to pass the
inner packet through the OUTPUT hook (my comment about the consistency with ip
tunnels is still valid ;-)).
Sorry for the confusion.
Phil, with nftables, you can match the 'kind' of the interface, that should be
enough to match packets, isn't it?
Regards,
Nicolas
next prev parent reply other threads:[~2020-12-10 13:19 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-07 13:43 [PATCH v2] xfrm: interface: Don't hide plain packets from netfilter Phil Sutter
2020-12-08 9:02 ` Nicolas Dichtel
2020-12-08 14:00 ` Phil Sutter
2020-12-08 14:45 ` Nicolas Dichtel
2020-12-08 14:47 ` Eyal Birger
2020-12-08 18:51 ` Phil Sutter
2020-12-09 14:40 ` Eyal Birger
2020-12-10 11:10 ` Nicolas Dichtel
2020-12-10 11:48 ` Eyal Birger
2020-12-10 13:18 ` Nicolas Dichtel [this message]
2020-12-10 17:57 ` Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b5c1259b-71e8-57d2-85f2-d5971f33e977@6wind.com \
--to=nicolas.dichtel@6wind.com \
--cc=eyal.birger@gmail.com \
--cc=linux-crypto@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=phil@nwl.cc \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).