LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for September 4, 2008

The Kernel Hacker's Bookshelf: UNIX Internals

DRI, BSD, and Linux

SCHED_FIFO and realtime throttling

LWN.net Weekly Edition for August 28, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

VERY interesting - but security implications to others?!?

VERY interesting - but security implications to others?!?

Posted Feb 3, 2006 18:57 UTC (Fri) by caitlinbestler (subscriber, #32532)
In reply to: VERY interesting - but security implications to others?!? by dwheeler
Parent article: Van Jacobson's network channels

The same filter rules that route inbound packets
can be used to validate outbound packets. You
simply do not accept packets from a channel if
the response packet would not be routed to
the matching channel.

So the privileged end of the channel can validate
that every packet on it is for a TCP connection
that is actually assigned to that channel.

(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds