| To: | "David S. Miller" <davem@xxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: [PATCH] [RFC] Support for wccp version 1 and 2 in ip_gre.c |
| From: | Lincoln Dale <ltd@xxxxxxxxx> |
| Date: | Tue, 14 Sep 2004 18:48:20 +1000 |
| Cc: | Paul P Komkoff Jr <i@xxxxxxxxxx>, i@xxxxxxxxxx, netdev@xxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx |
| In-reply-to: | <20040913161912.7dcc809f.davem@davemloft.net> |
| References: | <20040913051706.GB26337@stingr.sgu.ru> <20040911194108.GS28258@stingr.sgu.ru> <20040912170505.62916147.davem@davemloft.net> <20040913051706.GB26337@stingr.sgu.ru> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
At 09:19 AM 14/09/2004, David S. Miller wrote:
> As you can see, I am applying it unconditionally when fits. For most > cases, this will be OK. > There can be situations when this is not wanted (for example, when > debugging something), so in general, tuning knob will be useful, but > I just don't know where to add it, maybe tunnel->parms.i_flags ... the logic is correct, but it may make sense to call the appropriate netfilter hook again with the "unwrapped" GRE packet, as otherwise packets-inside-GRE represent a possible security hole where one can inject packets externally and bypass firewall rules.
lincoln. |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [PATCH 2.6] ip_nat_ftp - manip at the right place, Harald Welte |
|---|---|
| Next by Date: | Re: [RFC][PATCH 2/2] ip multipath, bk head (EXPERIMENTAL), jamal |
| Previous by Thread: | Re: [PATCH] [RFC] Support for wccp version 1 and 2 in ip_gre.c, David S. Miller |
| Next by Thread: | Re: [PATCH] [RFC] Support for wccp version 1 and 2 in ip_gre.c, Paul P Komkoff Jr |
| Indexes: | [Date] [Thread] [Top] [All Lists] |