From: "Sérgio Bernardino" <sergio.bernardino@gmail.com>
To: Patrick McHardy <kaber@trash.net>
Cc: netfilter-devel@lists.netfilter.org
Subject: Re: LibIPQ issue
Date: Mon, 7 Mar 2005 19:17:15 +0000 [thread overview]
Message-ID: <e54bc1880503071117322999d@mail.gmail.com> (raw)
In-Reply-To: <422C52AB.4030801@trash.net>
On Mon, 07 Mar 2005 14:10:03 +0100, Patrick McHardy <kaber@trash.net> wrote:
> Sérgio Bernardino wrote:
> >
> > iptables -t filter -A OUTPUT -p ip -j QUEUE
> >
> > I can alter the destination address of the outgoing packet (for
> > example, a packet that goes from A to B becomes a packet that goes
> > from A to A, a localhost packet), and it all works fine.
> > I seems like i'm doing something wrong but i can't quite figure out
> > what. Any ideas?
>
> Packets in LOCAL_OUT are manually rerouted by ip_queue. Packets
> mangled in PRE_ROUTING should be routed correctly according to
> the data contained in the new packet. Could it be that you are
> testing on loopback ?
>
> Regards
> Patrick
>
I've always tested it with two or three different machines and the
only rerouting that always worked was the one that occurred when i
changed packet caught in LOCAL_OUT. Curiously enough the packet that i
mangle in PRE_ROUTING seems to disappear. It doesn't "show" on the
current machine (machine B, according to my previous example), on the
intended machine (machine C) and i can't seem to track it with tcpdump
after i committed the changes and ACCEPTed the packet.
The example i gave with LOCAL_OUT rerouting a packet to make it seem
like it's a localhost packet is just that, an example. In fact, i can
reroute packets intended to a machine so that they show up on another
one by changing them in LOCAL_OUT. It works fine. But since you say
that that ip_queue manually reroutes the packets, the situation is
clearly different from what occurs in PRE_ROUTING. I pretty certain
that the information is modified correctly. In fact, the code i use to
change packets caught in PRE_ROUTING is virtually identical to the
code i use to change packets caught in LOCAL_OUT. So, basically, i'm
quite unsure of what's exactly wrong. Specially since you've confirmed
that it should work.
Thank you for your time.
--
Sérgio Bernardino
============================================
"The Dragon awakens in the darkness
with a frozen heart he roars.
If you are close, the dragon sleeps
And when the wings appear before him
people's dreams will fill the sky..."
next prev parent reply other threads:[~2005-03-07 19:17 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-07 12:51 LibIPQ issue Sérgio Bernardino
2005-03-07 13:10 ` Patrick McHardy
2005-03-07 19:17 ` Sérgio Bernardino [this message]
2005-03-07 19:30 ` Patrick McHardy
2005-03-08 23:08 ` Sérgio Bernardino
2005-03-08 23:29 ` Patrick McHardy
2005-03-08 23:30 ` Sven Schuster
2005-03-09 0:36 ` Sérgio Bernardino
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e54bc1880503071117322999d@mail.gmail.com \
--to=sergio.bernardino@gmail.com \
--cc=kaber@trash.net \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.