Hi,
On Wednesday 10 January 2007 13:19, Patrick McHardy wrote:
Of course it's true that doing early lookups and storing that
reference in the skb widens the window considerably, but I think this
race is already handled. Or is there anything I don't see?
You're right, it seems to be
KOVACS Krisztian wrote:
On Wednesday 10 January 2007 13:19, Patrick McHardy wrote:
Of course it's true that doing early lookups and storing that
reference in the skb widens the window considerably, but I think this
race is already handled. Or is there anything I don't see?
You're right, it
Hi,
On Wednesday 10 January 2007 13:32, Patrick McHardy wrote:
How exactly are dynamic ports handled? Do you just add a catch-all rule
that filters based on socket lookups?
In that case you could do something like this:
ip route add local default dev lo scope host table 1
ip rule add
On Wed, 2007-01-10 at 07:46 +0100, Patrick McHardy wrote:
KOVACS Krisztian wrote:
+ rth-u.dst.lastuse = jiffies;
+ dst_hold(rth-u.dst);
+ rth-u.dst.__use++;
+ RT_CACHE_STAT_INC(in_hit);
+
Hi,
On Wednesday 10 January 2007 07:46, Patrick McHardy wrote:
+ rcu_read_lock();
+ for (rth = rcu_dereference(rt_hash_table[hash].chain); rth;
+rth = rcu_dereference(rth-u.rt_next)) {
+ if (rth-fl.fl4_dst == iph-daddr
+ rth-fl.fl4_src ==
KOVACS Krisztian wrote:
On Wednesday 10 January 2007 07:46, Patrick McHardy wrote:
+if (sk) {
+sock_hold(sk);
+skb-sk = sk;
This looks racy, the socket could be closed between the lookup and
the actual use. Why do you
Patrick McHardy schrieb:
We support bitwise use of the mark everywhere in current kernels, so
that shouldn't be a problem anymore.
For firewall mark based policy routing to work, one must still disable
rp_filter, because this lookup doesn't take the mark into account[1].
So this statement is
Ingo Oeser wrote:
Patrick McHardy schrieb:
We support bitwise use of the mark everywhere in current kernels, so
that shouldn't be a problem anymore.
For firewall mark based policy routing to work, one must still disable
rp_filter, because this lookup doesn't take the mark into
KOVACS Krisztian wrote:
The input path for non-local bound sockets requires diverting certain
packets locally, even if their destination IP address is not
considered local. We achieve this by assigning a specially crafted dst
entry to these skbs, and optionally also attaching a socket to the
The input path for non-local bound sockets requires diverting certain
packets locally, even if their destination IP address is not
considered local. We achieve this by assigning a specially crafted dst
entry to these skbs, and optionally also attaching a socket to the skb
so that the upper layer
10 matches
Mail list logo
