Re: [PATCH RFC 3/7] netfilter: add NF_INET_LOCAL_SOCKET_IN chain type

[PATCH RFC 0/7] netfilter: introduce new chain type for local socket input · Daniel Mack <daniel@zonque.org> · 2015-09-29
[PATCH RFC 2/7] netfilter: nft_meta: look at pkt->sk rather than skb->sk · Daniel Mack <daniel@zonque.org> · 2015-09-29
Re: [PATCH RFC 2/7] netfilter: nft_meta: look at pkt->sk rather than skb->sk · kbuild test robot <hidden> · 2015-09-29
[PATCH RFC 3/7] netfilter: add NF_INET_LOCAL_SOCKET_IN chain type · Daniel Mack <daniel@zonque.org> · 2015-09-29
Re: [PATCH RFC 3/7] netfilter: add NF_INET_LOCAL_SOCKET_IN chain type · Florian Westphal <fw@strlen.de> · 2015-09-29
Re: [PATCH RFC 3/7] netfilter: add NF_INET_LOCAL_SOCKET_IN chain type · Daniel Mack <daniel@zonque.org> · 2015-09-30
Re: [PATCH RFC 3/7] netfilter: add NF_INET_LOCAL_SOCKET_IN chain type · Jan Engelhardt <hidden> · 2015-09-30
Re: [PATCH RFC 3/7] netfilter: add NF_INET_LOCAL_SOCKET_IN chain type · Daniel Mack <daniel@zonque.org> · 2015-09-30
Re: [PATCH RFC 3/7] netfilter: add NF_INET_LOCAL_SOCKET_IN chain type · Florian Westphal <fw@strlen.de> · 2015-09-30
Re: [PATCH RFC 3/7] netfilter: add NF_INET_LOCAL_SOCKET_IN chain type · Daniel Mack <daniel@zonque.org> · 2015-10-01
Re: [PATCH RFC 3/7] netfilter: add NF_INET_LOCAL_SOCKET_IN chain type · Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> · 2015-10-01
Re: [PATCH RFC 3/7] netfilter: add NF_INET_LOCAL_SOCKET_IN chain type · Daniel Mack <daniel@zonque.org> · 2015-10-01
Re: [PATCH RFC 3/7] netfilter: add NF_INET_LOCAL_SOCKET_IN chain type · Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> · 2015-10-01
Re: [PATCH RFC 3/7] netfilter: add NF_INET_LOCAL_SOCKET_IN chain type · Pablo Neira Ayuso <pablo@netfilter.org> · 2015-10-02
Re: [PATCH RFC 3/7] netfilter: add NF_INET_LOCAL_SOCKET_IN chain type · Daniel Mack <daniel@zonque.org> · 2015-10-02
[PATCH RFC 5/7] net: tcp_ipv6, udp_ipv6: hook up LOCAL_SOCKET_IN netfilter chains · Daniel Mack <daniel@zonque.org> · 2015-09-29
[PATCH RFC 6/7] net: sctp: hook up LOCAL_SOCKET_IN netfilter chains · Daniel Mack <daniel@zonque.org> · 2015-09-29
[PATCH RFC 7/7] net: dccp: hook up LOCAL_SOCKET_IN netfilter chains · Daniel Mack <daniel@zonque.org> · 2015-09-29
[PATCH RFC 1/7] netfilter: add socket to struct nft_pktinfo · Daniel Mack <daniel@zonque.org> · 2015-09-29
Re: [PATCH RFC 1/7] netfilter: add socket to struct nft_pktinfo · Eric W. Biederman <hidden> · 2015-09-29
[PATCH RFC 4/7] net: tcp_ipv4, udp_ipv4: hook up LOCAL_SOCKET_IN netfilter chains · Daniel Mack <daniel@zonque.org> · 2015-09-29

From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: 2015-10-02 11:01:04
Also in: netfilter-devel

On Thu, Oct 01, 2015 at 11:07:30PM +0200, Daniel Mack wrote:
[...]

That, however, got rejected because it doesn't work for multicast. This
patch set implements one of the things Pablo suggested in his reply.

People are rising valid concerns here, so far we got a RFC where you
say that you don't have a proper setup to validate performance impact.

From the locking front, you indicated that there are possible problems

in this RFC, although you claim those can be fixed.

No examples on how you will use this are shown, which has triggered
questions on how you plan to use this. Only one use-case that has been
described in natural language.

Rergading inconsistent behaviour when no process are listening, your
argument is that "that can be documented".

Frankly, I would expect you do the work from your side to justify the
inclusion of this, and that requires that your cover open fronts from
the technical side, not just arguing.

Thanks.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help