[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] net: add raw backend - some performance measur
From: |
Herbert Xu |
Subject: |
Re: [Qemu-devel] [PATCH] net: add raw backend - some performance measurements |
Date: |
Tue, 21 Jul 2009 09:46:53 +0800 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On Mon, Jul 20, 2009 at 09:20:32PM +0300, Michael S. Tsirkin wrote:
>
> > Is netfilter enabled on the bridge? If so you need to turn it off
> > because it's a huge security hole for virtualisation
>
> How is it a security hole?
Because bridge netfilter will perform defragmentation and conntrack,
both of which are global in scope. That means packets from two
unrelated bridges can be treated exactly as the same if their
IP addresses/port numbers are identical, causing information
leakage or worse, allowing an attacker to modify others' traffic.
Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <address@hidden>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
- Re: [Qemu-devel] [PATCH] net: add raw backend, (continued)
- Re: [Qemu-devel] [PATCH] net: add raw backend, Jamie Lokier, 2009/07/07
- Re: [Qemu-devel] [PATCH] net: add raw backend, Or Gerlitz, 2009/07/08
- Re: [Qemu-devel] [PATCH] net: add raw backend, Or Gerlitz, 2009/07/14
- Re: [Qemu-devel] [PATCH] net: add raw backend, Jamie Lokier, 2009/07/15
- Re: [Qemu-devel] [PATCH] net: add raw backend, Jan Kiszka, 2009/07/15
- Re: [Qemu-devel] [PATCH] net: add raw backend, Jamie Lokier, 2009/07/15
- Re: [Qemu-devel] [PATCH] net: add raw backend, Or Gerlitz, 2009/07/16
- Re: [Qemu-devel] [PATCH] net: add raw backend - some performance measurements, Or Gerlitz, 2009/07/20
- Re: [Qemu-devel] [PATCH] net: add raw backend - some performance measurements, Herbert Xu, 2009/07/20
- Re: [Qemu-devel] [PATCH] net: add raw backend - some performance measurements, Michael S. Tsirkin, 2009/07/20
- Re: [Qemu-devel] [PATCH] net: add raw backend - some performance measurements,
Herbert Xu <=
- Re: [Qemu-devel] [PATCH] net: add raw backend - some performance measurements, Or Gerlitz, 2009/07/21
- Re: [Qemu-devel] [PATCH] net: add raw backend - some performance measurements, Herbert Xu, 2009/07/21
- Re: [Qemu-devel] [PATCH] net: add raw backend - some performance measurements, Or Gerlitz, 2009/07/21
- Re: [Qemu-devel] [PATCH] net: add raw backend - some performance measurements, Michael S. Tsirkin, 2009/07/21
- Re: [Qemu-devel] [PATCH] net: add raw backend - some performance measurements, Or Gerlitz, 2009/07/21
- Re: [Qemu-devel] [PATCH] net: add raw backend - some performance measurements, Michael S. Tsirkin, 2009/07/21
- Re: [Qemu-devel] [PATCH] net: add raw backend - some performance measurements, Herbert Xu, 2009/07/21
- Re: [Qemu-devel] [PATCH] net: add raw backend - some performance measurements, Or Gerlitz, 2009/07/21
Message not available
Re: [Qemu-devel] [PATCH] net: add raw backend, Michael S. Tsirkin, 2009/07/02