From: Patrick McHardy <kaber@trash.net>
To: "lartc@manchotnetworks.net" <lartc@manchotnetworks.net>
Cc: netfilter-devel <netfilter-devel@lists.netfilter.org>
Subject: Re: policy routing on locally generated packets
Date: Mon, 25 Aug 2003 17:13:25 +0200 [thread overview]
Message-ID: <3F4A2795.3030805@trash.net> (raw)
In-Reply-To: <3F4A01BE.1090805@trash.net>
I don't know what i was thinking, this patch is going to confuse
all kinds of stuff (especially conntrack & nat). Sorry.
Patrick
Patrick McHardy wrote:
> lartc@manchotnetworks.net wrote:
>
>> The statement would force a new routing decision to be made using the
>> properties of the packet as it traverses the nat table, respecting any
>> marking, tos, etc.
>>
>> Could any of you be kind enough to offer an analysis of such a new
>> target, i.e. would it work, would it be terribly complex, ...
>>
>
> A new lookup is performed for outgoing packet if any key affecting
> routing decision is changed. However source address is not influenced
> by this lookup, for locally originating packets it is set to rt_src in
> ip_queue_xmit and ip_build_and_send_pkt but it doesn't happen
> automatically with a new lookup. I'm not sure if it would be possible
> to set a new source address, sockets which are bound to interfaces
> might not accept packets anymore. You could try this patch, it changes
> the packets source after the routing key changed, please make sure
> both unbound and bound sockets work correctly.
>
> Bye
> Patrick
>
>>
>>
>> Sincerely Yours,
>>
>> Charles Shick
>>
>>
>>
>>
>>
>>
>>
>>
>------------------------------------------------------------------------
>
>===== net/core/netfilter.c 1.23 vs edited =====
>--- 1.23/net/core/netfilter.c Thu Jul 31 01:57:26 2003
>+++ edited/net/core/netfilter.c Mon Aug 25 14:25:19 2003
>@@ -645,6 +645,7 @@
> /* Drop old route. */
> dst_release((*pskb)->dst);
> (*pskb)->dst = &rt->u.dst;
>+ iph->saddr = rt->rt_src;
> } else {
> /* non-local src, find valid iif to satisfy
> * rp-filter when calling ip_route_input. */
>
>
next prev parent reply other threads:[~2003-08-25 15:13 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-08-25 12:09 policy routing on locally generated packets lartc
2003-08-25 12:31 ` Patrick McHardy
2003-08-25 15:13 ` Patrick McHardy [this message]
2003-08-25 18:53 ` lartc
2003-08-25 19:07 ` Patrick Schaaf
2003-08-26 8:47 ` lartc
2003-08-26 11:09 ` Patrick Schaaf
2003-08-26 12:01 ` lartc
2003-08-26 12:14 ` Cedric de Launois
2003-08-26 18:47 ` lartc
2003-08-26 19:40 ` Henrik Nordstrom
2003-08-26 13:17 ` Patrick McHardy
2003-08-26 19:37 ` Henrik Nordstrom
2003-08-26 13:12 ` Patrick McHardy
2003-08-26 19:45 ` Henrik Nordstrom
2003-08-27 14:46 ` policy routing on locally generated packets [summary] lartc
2003-08-27 14:57 ` Patrick McHardy
2003-08-27 16:19 ` lartc
2003-08-27 14:58 ` Henrik Nordstrom
2003-08-26 13:06 ` policy routing on locally generated packets Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F4A2795.3030805@trash.net \
--to=kaber@trash.net \
--cc=lartc@manchotnetworks.net \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.