From: Patrick McHardy <kaber@trash.net>
To: "Jorge Boncompte [DTI2]" <jorge@dti2.net>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: [PATCH] xx_nat_proto_gre: do not modify/corrupt GREv0 packets thought NAT
Date: Wed, 02 May 2007 15:23:34 +0200 [thread overview]
Message-ID: <463890D6.9060605@trash.net> (raw)
In-Reply-To: <027301c78cbc$baff1cd0$061010ac@intranet.dti2.net>
Jorge Boncompte [DTI2] wrote:
> ----- Original Message ----- From: "Patrick McHardy" <kaber@trash.net>
>> Applied, thanks. I removed the FIXME though since its the intended
>> behaviour and not something that needs to be fixed. I'll push it
>> to -stable as well.
>
>
> Well, I don't have an opinion on the comment. My only intention was
> to reflect the fact that we do not NAT those packets as the comment states.
Yes, I left that part intact, I just removed the FIXME.
> Just for the records:
> The code can be made to NAT GREv0 packets with a key, at least if the
> orig and repl direction use the same key. This is the normal behaviour
> when you configure GRE tunnels on Cisco gears, Linux "ip tunnel" allows
> to use different keys for transmitting and receiving. I have tested that
> SNAT tracks the packets and that I can use several tunnels between the
> same endpoints with different keys, it did require only some minor
> modifications but to do it right it will need some more changes like to
> expand the key field to a 32bit type again all over the code.
> If someone ever needs it, just ask.
I think the problem with this is that we don't know whether both keys
are identical at connection setup time and thus might fail to even
track the connection if they are not.
If thats not correct feel free to send a patch on top of the previous
one :)
next prev parent reply other threads:[~2007-05-02 13:23 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-04-19 16:18 [PATCH] xx_nat_proto_gre: gre_key returns wrong pointer Jorge Boncompte [DTI2]
2007-04-24 12:50 ` Patrick McHardy
2007-04-26 17:34 ` Jorge Boncompte [DTI2]
2007-04-27 11:21 ` Patrick McHardy
2007-04-27 11:47 ` [PATCH] xx_nat_proto_gre: do not modify/corrupt GREv0 packets thought NAT Jorge Boncompte [DTI2]
2007-05-02 12:25 ` Patrick McHardy
2007-05-02 13:21 ` Jorge Boncompte [DTI2]
2007-05-02 13:23 ` Patrick McHardy [this message]
2007-05-02 13:48 ` Jorge Boncompte [DTI2]
2007-05-02 13:52 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=463890D6.9060605@trash.net \
--to=kaber@trash.net \
--cc=jorge@dti2.net \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.