Re: Global ingress filter for ip

To: tls%rek.tjls.com@localhost
Subject: Re: Global ingress filter for ip
From: "Rodolphe De Saint Leger" <rdesaintleger%gmail.com@localhost>
Date: Sat, 29 Mar 2008 16:25:08 +0100

On Sat, Mar 29, 2008 at 4:24 PM, Rodolphe De Saint Leger
<rdesaintleger%gmail.com@localhost> wrote:
> On Fri, Mar 28, 2008 at 6:22 PM, Thor Lancelot Simon 
> <tls%rek.tjls.com@localhost> wrote:
>  Hi,
>
>  Just to illustrate my previous mail, i've modified if_gif.c
>  I've replaced the ingress test with the one I've done. Also, I've
>  modified sysctl declaration and added ipv6 support.
>  Some more optimisation could be done as the ingress_check function for
>  ip and ip6 are similar.
>
>  I did the test on if_stf.c (but I need to clean the nat part, so I did
>  not include it). Actually, if_stf and if_gif are the only subsystems
>  which use ingress checking
>
>  the patch allows if_stf and if_gif to operate the same way (ingress
>  filtering with iff_link flag) and adds a global ingress filter in ip
>  and ipv6.
>

Sorry, I forgot the patch link...

http://shumira.roroland.net/patch/20080329/ingress.diff

Regards,
Rodolphe

Follow-Ups:
- Re: Global ingress filter for ip
  - From: Darren Reed

References:
- Global ingress filter for ip
  - From: Rodolphe De Saint Leger
- Re: Global ingress filter for ip
  - From: Thor Lancelot Simon
- Re: Global ingress filter for ip
  - From: Rodolphe De Saint Leger

Prev by Date: Re: Global ingress filter for ip
Next by Date: GSoC 2008 - Create an in-kernel API for "packet classes"
Previous by Thread: Re: Global ingress filter for ip
Next by Thread: Re: Global ingress filter for ip
Indexes:

Home | Main Index | Thread Index | Old Index