From: Patrick McHardy <kaber@trash.net>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH 8/9] netfilter: xtables: inclusion of xt_TEE
Date: Tue, 23 Mar 2010 14:45:21 +0100 [thread overview]
Message-ID: <4BA8C5F1.9060301@trash.net> (raw)
In-Reply-To: <alpine.LSU.2.01.1003231341130.12922@obet.zrqbmnf.qr>
Jan Engelhardt wrote:
> On Tuesday 2010-03-23 13:38, Patrick McHardy wrote:
>>> 1. sending the clone through a tunnel - admin can't do much about MTU getting
>>> smaller here.
>> It either happens locally (before encapsulation) or for the
>> encapsulated packets, which isn't a problem.
>
> That is what I am referring to. Suppose -j TEE is using
> a --gateway address whose route resolves to
>
> default dev ipip0 [mtu 1480]
>
> (There is no encapsulation or MTU decrease on the original path.) The
> admin then has two possibilities, to either drop the clone, or coerce
> the source in sending appropriately-sized packets.
True. He might also hack ipip to allow fragmentation of encapsulated
packets independant of the IP_DF flag of the original packet.
But in my opinion he should make sure not to send anything to the
source for duplicated packets.
BTW, I just noticed TEE is still using init_net. This should be
fixed.
next prev parent reply other threads:[~2010-03-23 13:45 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-17 13:18 nf-next: checks and three modules Jan Engelhardt
2010-03-17 13:18 ` [PATCH 1/9] netfilter: xtables: do without explicit XT_ALIGN Jan Engelhardt
2010-03-17 13:18 ` [PATCH 2/9] netfilter: xtables: slightly more detailed checkentry return values Jan Engelhardt
2010-03-17 13:39 ` Patrick McHardy
2010-03-17 14:05 ` Jan Engelhardt
2010-03-17 14:16 ` Patrick McHardy
2010-03-17 14:27 ` Jan Engelhardt
2010-03-17 14:36 ` Patrick McHardy
2010-03-17 14:40 ` Patrick McHardy
2010-03-17 21:54 ` Jan Engelhardt
2010-03-18 11:14 ` Patrick McHardy
2010-03-17 13:18 ` [PATCH 3/9] netfilter: xtables: restrict TCPMSS to mangle table as intended Jan Engelhardt
2010-03-17 13:30 ` Patrick McHardy
2010-03-17 13:34 ` Jan Engelhardt
2010-03-17 13:36 ` Patrick McHardy
2010-03-17 13:18 ` [PATCH 4/9] netfilter: xtables: clean up xt_mac match routine Jan Engelhardt
2010-03-17 13:19 ` [PATCH 5/9] netfilter: xtables: limit xt_mac to ethernet devices Jan Engelhardt
2010-03-17 13:31 ` Patrick McHardy
2010-03-17 13:37 ` Jan Engelhardt
2010-03-17 13:40 ` Patrick McHardy
2010-03-17 13:19 ` [PATCH 6/9] netfilter: xtables: resort osf kconfig text Jan Engelhardt
2010-03-17 13:19 ` [PATCH 7/9] netfilter: xtables: inclusion of xt_SYSRQ Jan Engelhardt
2010-03-17 13:56 ` Patrick McHardy
2010-03-17 14:11 ` John Haxby
2010-03-17 14:43 ` Patrick McHardy
2010-03-20 1:47 ` Jan Engelhardt
2010-03-22 15:14 ` John Haxby
2010-03-22 16:49 ` Patrick McHardy
2010-03-17 14:21 ` Jan Engelhardt
2010-03-17 14:24 ` Patrick McHardy
2010-03-17 13:19 ` [PATCH 8/9] netfilter: xtables: inclusion of xt_TEE Jan Engelhardt
2010-03-17 13:35 ` Patrick McHardy
2010-03-17 13:43 ` Jan Engelhardt
2010-03-17 13:55 ` Patrick McHardy
2010-03-23 1:55 ` Jan Engelhardt
2010-03-23 11:57 ` Patrick McHardy
2010-03-26 2:39 ` Jan Engelhardt
2010-03-20 2:03 ` Jan Engelhardt
2010-03-22 16:58 ` Patrick McHardy
2010-03-22 17:45 ` Jan Engelhardt
2010-03-23 12:04 ` Patrick McHardy
2010-03-23 12:29 ` Jan Engelhardt
2010-03-23 12:38 ` Patrick McHardy
2010-03-23 12:46 ` Jan Engelhardt
2010-03-23 13:45 ` Patrick McHardy [this message]
2010-03-17 13:19 ` [PATCH 9/9] netfilter: xtables: inclusion of xt_condition Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BA8C5F1.9060301@trash.net \
--to=kaber@trash.net \
--cc=jengelh@medozas.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.