From: leroy christophe <christophe.leroy@c-s.fr>
To: Patrick McHardy <kaber@trash.net>
Cc: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>,
Pablo Neira Ayuso <pablo@netfilter.org>,
GUITTON Alex <alex.guitton@c-s.fr>,
Netfilter Development Mailing list
<netfilter-devel@vger.kernel.org>
Subject: Re: bug : nft_redirect port byteorder issue
Date: Fri, 12 Dec 2014 17:20:43 +0100 [thread overview]
Message-ID: <548B15DB.70707@c-s.fr> (raw)
In-Reply-To: <20141212152523.GI8013@acer.localdomain>
Le 12/12/2014 16:25, Patrick McHardy a écrit :
> On 12.12, leroy christophe wrote:
>> Le 12/12/2014 12:55, Arturo Borrero Gonzalez a écrit :
>>> On 12 December 2014 at 12:07, leroy christophe <christophe.leroy@c-s.fr> wrote:
>> I'm not sure what I proposed it the correct patch, maybe it shall be fixed
>> earlier in the chain, I don't know.
> Yeah, I'm not so sure myself.
>
> Could you please try what happens if you do:
>
> ... tcp dport 222 redir :tcp dport
>
> Which should redirect to the same port, but I'm interested if it
> actually does that.
>
Without my patch, I get the following. Note the strange value in the DPT
on the second line.
[ 61.377273] redirIN=eth0 OUT=
MAC=08:00:51:20:44:5b:08:00:27:fe:42:1e:08:00 SRC=172.25.231.37
DST=172.25.231.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29122 DF PROTO=TCP
SPT=55626 DPT=222 WINDOW=14600 RES=0x00 SYN URGP=0
[ 61.377816] rejected IN=eth0 OUT=
MAC=08:00:51:20:44:5b:08:00:27:fe:42:1e:08:00 SRC=172.25.231.37
DST=172.25.231.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29122 DF PROTO=TCP
SPT=55626 DPT=20 WINDOW=14600 RES=0x00 SYN URGP=0
With my patch, I get correct port.
[ 511.994597] redirIN=eth0 OUT=
MAC=08:00:51:20:44:5b:08:00:27:fe:42:1e:08:00 SRC=172.25.231.37
DST=172.25.231.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21300 DF PROTO=TCP
SPT=55622 DPT=222 WINDOW=14600 RES=0x00 SYN URGP=0
[ 511.994999] rejected IN=eth0 OUT=
MAC=08:00:51:20:44:5b:08:00:27:fe:42:1e:08:00 SRC=172.25.231.37
DST=172.25.231.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21300 DF PROTO=TCP
SPT=55622 DPT=222 WINDOW=14600 RES=0x00 SYN URGP=0
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2014-12-12 16:20 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-10 14:39 Problem setting up nftables dnat : dport set to 0 instead of requested value (22) leroy christophe
2014-12-10 18:22 ` Pablo Neira Ayuso
2014-12-10 20:29 ` Arturo Borrero Gonzalez
2014-12-11 13:12 ` leroy christophe
2014-12-12 10:08 ` leroy christophe
2014-12-12 10:16 ` bug : nft_redirect port byteorder issue leroy christophe
2014-12-12 10:49 ` Arturo Borrero Gonzalez
2014-12-12 11:07 ` leroy christophe
2014-12-12 11:55 ` Arturo Borrero Gonzalez
2014-12-12 12:55 ` leroy christophe
2014-12-12 15:25 ` Patrick McHardy
2014-12-12 16:20 ` leroy christophe [this message]
2014-12-12 16:40 ` Patrick McHardy
2014-12-22 11:54 ` Pablo Neira Ayuso
2014-12-22 12:44 ` Patrick McHardy
2014-12-22 13:00 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=548B15DB.70707@c-s.fr \
--to=christophe.leroy@c-s.fr \
--cc=alex.guitton@c-s.fr \
--cc=arturo.borrero.glez@gmail.com \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.