On 8/28/20 12:14 AM, Daniel Borkmann wrote:
> Hi Lukas,
>
> On 8/27/20 10:55 AM, Lukas Wunner wrote:
>> Introduce a netfilter egress hook to allow filtering outbound AF_PACKETs
>> such as DHCP and to prepare for in-kernel NAT64/NAT46.
>
> Thinking more about this, how will this allow to suffic
Hi Lukas,
On 8/27/20 10:55 AM, Lukas Wunner wrote:
Introduce a netfilter egress hook to allow filtering outbound AF_PACKETs
such as DHCP and to prepare for in-kernel NAT64/NAT46.
Thinking more about this, how will this allow to sufficiently filter AF_PACKET?
It won't. Any AF_PACKET application
Hi Lukas, thank you for your patches.
On Thu, Aug 27, 2020 at 10:55 AM Lukas Wunner wrote:
>
> Introduce a netfilter egress hook to allow filtering outbound AF_PACKETs
> such as DHCP and to prepare for in-kernel NAT64/NAT46.
>
Actually, we've found 2 additional use cases in container-based nodes
Introduce a netfilter egress hook to allow filtering outbound AF_PACKETs
such as DHCP and to prepare for in-kernel NAT64/NAT46.
An earlier version of this series was applied by Pablo Neira Ayuso back
in March and subsequently reverted by Daniel Borkmann over performance
concerns. I've now reworke
