|
Hello,
On Tue, 25 Sep 2001, Roberto Nibali wrote:
> Yes, I know. That's why I said I have to read the advisory first but
> it seems as if there is no static payload in this worm this time. CR2
> had static byte match where I just could say something (this is not the
> one) like:
>
> tc filter add eth0 parent 1:0 prio 100 handle ::1 u32 ht 800:: match ip\
> nofrag offset mask 0x0F00 shift 6 hashkey mask 0x00ff0000 at 8 link 801:
It is a common mistake in all examples to use "nofrag".
Switch to "firstfrag" :) So, you want LVS scheduling by tcindex :) ?
> And be faster and saner then any ipchains or iptables or whatever post-
> routing BH would be in. I started liking the new policy routing when I
> saw your fight with Andy Kleen and Mr. Savochyn. But I also see that
> this can only be used against worms for the fun part of it. We should
> and can use better tools for that :)
Yep
> BTW, I just found a very interesting replacement for the cbq qdisc for
> linux: http://luxik.cdi.cz/~devik/qos/htb/htbman.htm
I saw this site long time ago but it seems now there are more
things there ...
> > May be there is really a need for some pseudo-L7 classifiers in
> > the QoS code :) Then it could be useful for routers. May be it should
>
> LOL :)
> That's what I see after 10s grepping:
>
> struct tc_u32_key{
> __u32 mask;
> __u32 val;
> int off;
> int offmask;
> };
>
> struct tc_u32_sel
> {
> unsigned char flags;
> unsigned char offshift;
> unsigned char nkeys;
> __u16 offmask;
> __u16 off;
> short offoff;
> short hoff;
> __u32 hmask;
> struct tc_u32_key keys[0];
> };
>
> Let's add struct ip_vs_dest to it :)
Can you explain :)
> > be related somehow to the connection tracking but it is not an easy job.
> > Matching blindly strings is too simple.
>
> Agreed. That's why I have a snort and a SPADE preprocessor for :)
> Hey Julian, I see, you will reinvent the Internet ...
I know, this is only an idea. I don't have the time even to
think on it :)
> Have phun,
> Roberto Nibali, ratz
>
> BTW: Check out gen_new_htid(struct tc_u_common *tp_c) in
> ../net/sched/cls_u32.c.
> I definitely like the variable i :)
:)
Regards
--
Julian Anastasov <ja@xxxxxx>
|
