Re: [RFC, PATCH 4/5]: netfilter+ipsec

netdev

Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup

To:	Patrick McHardy <kaber@xxxxxxxxx>
Subject:	Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup
From:	Alexander Samad <alex@xxxxxxxxxxxx>
Date:	Wed, 24 Mar 2004 13:15:14 +1100
Cc:	"David S. Miller" <davem@xxxxxxxxxx>, herbert@xxxxxxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx
In-reply-to:	<4059CF17.8090907@xxxxxxxxx>
Mail-followup-to:	Patrick McHardy <kaber@xxxxxxxxx>, "David S. Miller" <davem@xxxxxxxxxx>, herbert@xxxxxxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx
References:	<20040308110331.GA20719@xxxxxxxxxxxxxxxxxxx> <404C874D.4000907@xxxxxxxxx> <20040308115858.75cdddca.davem@xxxxxxxxxx> <4059CF17.8090907@xxxxxxxxx>
Sender:	netdev-bounce@xxxxxxxxxxx
User-agent:	Mutt/1.5.5.1+cvs20040105i

Hi

Think their might be a problem with this patch.

Potientially a packet could traverse the pre, forward and the post
routing, at which point it can be SNAT'ed or MASQ'ed and then re
injected into route_me_harder.  This potiential could allow packets to
be rerouted based on the new src/dst addresses differently to the intail
packet but this new packet doesn't traverse any of the chains with the
new information.

Alex

On Thu, Mar 18, 2004 at 05:32:23PM +0100, Patrick McHardy wrote:
> This patch adds policy lookups to ip_route_me_harder and makes NAT
> reroute for any change that affects route/policy lookups.
>

signature.asc
Description: Digital signature

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, (continued) Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Patrick McHardy Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Herbert Xu Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Patrick McHardy Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Herbert Xu Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Patrick McHardy Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Herbert Xu Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Herbert Xu Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Patrick McHardy Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Herbert Xu Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Patrick McHardy Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Alexander Samad <= Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Patrick McHardy Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Alexander Samad [RFC, PATCH 5/5]: netfilter+ipsec - policy checks, Patrick McHardy Re: [RFC, PATCH 5/5]: netfilter+ipsec - policy checks, David S. Miller Re: [RFC, PATCH 5/5]: netfilter+ipsec - policy checks, Patrick McHardy

Previous by Date:	Re: [PATCH] [RFT] 2.6.4 - epic100 napi, Francois Romieu
Next by Date:	Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Patrick McHardy
Previous by Thread:	Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Patrick McHardy
Next by Thread:	Re: [RFC, PATCH 4/5]: netfilter+ipsec - policy lookup, Patrick McHardy
Indexes:	[Date] [Thread] [Top] [All Lists]