LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

VERY interesting - but security implications to others?!?

VERY interesting - but security implications to others?!?

Posted Feb 3, 2006 18:57 UTC (Fri) by caitlinbestler (guest, #32532)
In reply to: VERY interesting - but security implications to others?!? by dwheeler
Parent article: Van Jacobson's network channels

The same filter rules that route inbound packets
can be used to validate outbound packets. You
simply do not accept packets from a channel if
the response packet would not be routed to
the matching channel.

So the privileged end of the channel can validate
that every packet on it is for a TCP connection
that is actually assigned to that channel.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds