bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-14 19:19 UTC
[Bug 449] [patch] mount-point+inode ipt_owner patch (created 18 months ago)
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=449 ------- Additional Comments From lkcl@lkcl.net 2006-02-14 19:19 MET ------- Created an attachment (id=212) --> (https://bugzilla.netfilter.org/bugzilla/attachment.cgi?id=212&action=view) patch to ipt_owner.c for "mountpoint+inode" functionality -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-14 19:19 UTC
[Bug 449] [patch] mount-point+inode ipt_owner patch (created 18 months ago)
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=449 ------- Additional Comments From lkcl@lkcl.net 2006-02-14 19:19 MET ------- Created an attachment (id=212) --> (https://bugzilla.netfilter.org/bugzilla/attachment.cgi?id=212&action=view) patch to ipt_owner.c for "mountpoint+inode" functionality -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-14 19:19 UTC
[Bug 449] [patch] mount-point+inode ipt_owner patch (created 18 months ago)
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=449 ------- Additional Comments From lkcl@lkcl.net 2006-02-14 19:19 MET ------- Created an attachment (id=213) --> (https://bugzilla.netfilter.org/bugzilla/attachment.cgi?id=213&action=view) corresponding and required iptables (userspace) patch -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-14 19:19 UTC
[Bug 449] [patch] mount-point+inode ipt_owner patch (created 18 months ago)
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=449 ------- Additional Comments From lkcl@lkcl.net 2006-02-14 19:19 MET ------- Created an attachment (id=213) --> (https://bugzilla.netfilter.org/bugzilla/attachment.cgi?id=213&action=view) corresponding and required iptables (userspace) patch -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-14 19:22 UTC
[Bug 449] [patch] mount-point+inode ipt_owner patch (created 18 months ago)
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=449
lkcl@lkcl.net changed:
What |Removed |Added
----------------------------------------------------------------------------
URL| |http://seclists.org/lists/li
| |nux-
| |kernel/2004/Sep/2979.html
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-14 19:22 UTC
[Bug 449] [patch] mount-point+inode ipt_owner patch (created 18 months ago)
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=449
lkcl@lkcl.net changed:
What |Removed |Added
----------------------------------------------------------------------------
URL| |http://seclists.org/lists/li
| |nux-
| |kernel/2004/Sep/2979.html
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-17 09:27 UTC
[Bug 449] [patch] mount-point+inode ipt_owner patch (created 18 months ago)
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=449
kaber@trash.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From kaber@trash.net 2006-02-17 09:27 MET -------
Patches need to be submitted throught the mailinglists.
The patch itself is broken, you can't use files_lock in softirq context.
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-17 09:27 UTC
[Bug 449] [patch] mount-point+inode ipt_owner patch (created 18 months ago)
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=449
kaber@trash.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From kaber@trash.net 2006-02-17 09:27 MET -------
Patches need to be submitted throught the mailinglists.
The patch itself is broken, you can't use files_lock in softirq context.
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-17 10:10 UTC
[Bug 449] [patch] mount-point+inode ipt_owner patch (created 18 months ago)
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=449
lkcl@lkcl.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|INVALID |
------- Additional Comments From lkcl@lkcl.net 2006-02-17 10:09 MET -------
hi,
perhaps i should put the comments here.
this will be your ONLY opportunity for the linux kernel to contain
such functionality.
can i therefore advise you to locate a suitable adopter who has far
more experience than i of the linux kernel (i.e. someone who knows
the rules because the documentation in the linux source code is
completely inadequate: where in the code does it explicitly and
_usefully_ say "you can't use files_lock() in softirq" such that
anyone who is _not_ familiar with that concept may avoid such an
error?).
i will be available to answer all and any questions about this simple
patch.
i will _not_, unless the circumstances arise where i have a requirement
to pursue this matter, be "actively" pursuing it.
if, therefore, you consider this to be useful functionality (as evidenced
by fireflier) then you need to locate a suitable netfilter-experienced
person who is willing to work on it.
bear in mind that this patch is NOT intended to deal with "incoming"
packets
(the softirq context)
it is ONLY intended to deal with OUTGOING packets ONLY, where, if i remember
correctly, it will be called from USERSPACE ONLY.
from what i remember of this matter, when an "incoming" packet is
received,
NONE of the required fields in the data structures are correctly filled in,
because it's required to drop down into userspace to call the function that
fills them in.
therefore, this code is NEVER ACTIVATED on "incoming" packets.
l.
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-17 10:10 UTC
[Bug 449] [patch] mount-point+inode ipt_owner patch (created 18 months ago)
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=449
lkcl@lkcl.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|INVALID |
------- Additional Comments From lkcl@lkcl.net 2006-02-17 10:09 MET -------
hi,
perhaps i should put the comments here.
this will be your ONLY opportunity for the linux kernel to contain
such functionality.
can i therefore advise you to locate a suitable adopter who has far
more experience than i of the linux kernel (i.e. someone who knows
the rules because the documentation in the linux source code is
completely inadequate: where in the code does it explicitly and
_usefully_ say "you can't use files_lock() in softirq" such that
anyone who is _not_ familiar with that concept may avoid such an
error?).
i will be available to answer all and any questions about this simple
patch.
i will _not_, unless the circumstances arise where i have a requirement
to pursue this matter, be "actively" pursuing it.
if, therefore, you consider this to be useful functionality (as evidenced
by fireflier) then you need to locate a suitable netfilter-experienced
person who is willing to work on it.
bear in mind that this patch is NOT intended to deal with "incoming"
packets
(the softirq context)
it is ONLY intended to deal with OUTGOING packets ONLY, where, if i remember
correctly, it will be called from USERSPACE ONLY.
from what i remember of this matter, when an "incoming" packet is
received,
NONE of the required fields in the data structures are correctly filled in,
because it's required to drop down into userspace to call the function that
fills them in.
therefore, this code is NEVER ACTIVATED on "incoming" packets.
l.
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-17 12:54 UTC
[Bug 449] [patch] mount-point+inode ipt_owner patch (created 18 months ago)
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=449
kaber@trash.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution| |WONTFIX
------- Additional Comments From kaber@trash.net 2006-02-17 12:54 MET -------
Well, the tasklist lock export will also go away very soon and the entire
approach is broken because there is no 1:1 mapping between sockets and
processes. The correct way to do this is using SELinux, patches for this will
hopefully be ready soon.
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon@bugzilla.netfilter.org
2006-Feb-17 12:54 UTC
[Bug 449] [patch] mount-point+inode ipt_owner patch (created 18 months ago)
https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=449
kaber@trash.net changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution| |WONTFIX
------- Additional Comments From kaber@trash.net 2006-02-17 12:54 MET -------
Well, the tasklist lock export will also go away very soon and the entire
approach is broken because there is no 1:1 mapping between sockets and
processes. The correct way to do this is using SELinux, patches for this will
hopefully be ready soon.
--
Configure bugmail:
https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You reported the bug, or are watching the reporter.
Reasonably Related Threads
- [Bug 449] New: [patch] mount-point+inode ipt_owner patch (created 18 months ago)
- [Bug 511] Premature ip_conntrack timer expiry on 3+ window size advertisements
- [Bug 460] Unknown error 4294967295
- [Bug 479] tunnel0 and br0
- [Bug 503] ip_conntrack_sip , ip_nat_sip DNAT