From: Phil Oester <kernel@linuxace.com>
To: Patrick McHardy <kaber@trash.net>
Cc: Harald Welte <laforge@netfilter.org>,
Rusty Russell <rusty@rustcorp.com.au>,
netfilter-devel@lists.netfilter.org
Subject: Re: [PATCH] Fix NAT TCP sequence adjustment
Date: Mon, 18 Apr 2005 17:58:47 -0700 [thread overview]
Message-ID: <20050419005847.GA591@linuxace.com> (raw)
In-Reply-To: <4263108E.1030707@trash.net>
On Mon, Apr 18, 2005 at 03:42:38AM +0200, Patrick McHardy wrote:
> We have six cases to consider
No...let's simplify it a bit. At this point the only debate is over retransmit
handling, since I think we are in agreement that storing the client's seq in
correction_pos (not the adjusted seq) is appropriate. So that solves 1/2 of
the puzzle.
Since we now store the correct c_p as noted above, we are guaranteed that
ip_nat_seq_adjust will make the correct determination of whether a packet
is a retransmission.
Now assume a retransmit arrives, has offset_before added to it, and reaches
adjust_tcp_sequence. With my proposed test:
if (seq - this_way->offset_before != this_way->correction_pos)
which compares the pre-ip_nat_seq_adjust adjustment to the current c_p, I have
difficulty finding any scenario which this would fail to correctly find a
retransmit.
> 2.3. tcph->seq - offset_after > correction_pos &&
> tcph->seq - offset_before <= correction_pos
>
> In this case we can't determine whether the packet is a retransmission
> and what the original sequence number was.
I think you are failing to recognize that in the first transmit of a given
packet, offset_before and offset_after are adjusted, so that by the time the
retransmit arrives, the tests are different than they were on the first pass.
That possible?
If not, can you provide some sample seq/o_a/o_b numbers which you believe
would fail this test?
Phil
next prev parent reply other threads:[~2005-04-19 0:58 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-02 20:24 [PATCH] Fix NAT TCP sequence adjustment Phil Oester
2005-04-03 12:26 ` Milos Wimmer
2005-04-03 19:26 ` Patrick McHardy
2005-04-03 23:53 ` Phil Oester
2005-04-04 4:40 ` Phil Oester
2005-04-04 8:27 ` Patrick McHardy
2005-04-04 20:47 ` Phil Oester
2005-04-05 7:32 ` Patrick McHardy
2005-04-05 13:33 ` Patch lifetime " Amin Azez
2005-04-10 20:49 ` Harald Welte
2005-04-06 4:48 ` Phil Oester
2005-04-18 1:42 ` Patrick McHardy
2005-04-19 0:58 ` Phil Oester [this message]
2005-04-20 15:03 ` Patrick McHardy
2005-04-20 15:53 ` Phil Oester
2005-04-20 16:07 ` Patrick McHardy
2005-04-20 17:24 ` Phil Oester
2005-04-20 17:50 ` Patrick McHardy
2005-04-20 18:25 ` Phil Oester
2005-04-20 21:39 ` Martijn Lievaart
2005-04-21 1:41 ` Patrick McHardy
2005-04-21 1:38 ` Patrick McHardy
2005-04-21 12:31 ` Milos Wimmer
2005-04-21 12:32 ` Patrick McHardy
2005-04-21 13:31 ` Jonas Berlin
2005-04-21 23:01 ` Patrick McHardy
2005-04-27 0:44 ` Rusty Russell
2005-04-27 10:27 ` Patrick McHardy
2005-05-31 9:17 ` Rusty Russell
2005-05-31 13:02 ` Patrick McHardy
2005-05-31 13:48 ` Rusty Russell
2005-05-31 14:35 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050419005847.GA591@linuxace.com \
--to=kernel@linuxace.com \
--cc=kaber@trash.net \
--cc=laforge@netfilter.org \
--cc=netfilter-devel@lists.netfilter.org \
--cc=rusty@rustcorp.com.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.