Re: LibIPQ issue

["Sérgio Bernardino" <sergio.bernardino@gmail.com>]

After a bit more time working with this i realized something "interesting":
When i send a packet from a machine A to a machine B and capture it in
PRE_ROUTING, if i change the destination address so that it points to
machine C, the packet disappears and i can't track it anywhere. On the
other hand, if i instead change the source address of the packet so
that it points to machine C everything works fine. I can "see" the
packet traversing into machine B, which receives the packet and
promptly replies sending a packet to machine C. Machine A never
receives a reply to the packet it sent and machine C receives a reply
from a packet it never sent. Exactly the behaviour expected when
changing the source address field. Now, if this works in this case,
merely changing it to alter the destination address (my original
intention) should work also, but it doesn't.
My code can't be incorrect in a situation like this, so what exactly
is wrong? And is there a away to solve such situation?
Ideas anyone?


On Mon, 7 Mar 2005 20:30:03 +0100 (CET), Patrick McHardy
<kaber@trash.net> wrote:
> On Mon, 7 Mar 2005, [x-unknown] Sérgio Bernardino wrote:
> 
> > I've always tested it with two or three different machines and the
> > only rerouting that always worked was the one that occurred when i
> > changed packet caught in LOCAL_OUT. Curiously enough the packet that i
> > mangle in PRE_ROUTING seems to disappear. It doesn't "show" on the
> > current machine (machine B, according to my previous example), on the
> > intended machine (machine C) and i can't seem to track it with tcpdump
> > after i committed the changes and ACCEPTed the packet.
> > The example i gave with LOCAL_OUT rerouting a packet to make it seem
> > like it's a localhost packet is just that, an example. In fact, i can
> > reroute packets intended to a machine so that they show up on another
> > one by changing them in LOCAL_OUT. It works fine. But since you say
> > that that ip_queue manually reroutes the packets, the situation is
> > clearly different from what occurs in PRE_ROUTING. I pretty certain
> > that the information is modified correctly. In fact, the code i use to
> > change packets caught in PRE_ROUTING is virtually identical to the
> > code i use to change packets caught in LOCAL_OUT. So, basically, i'm
> > quite unsure of what's exactly wrong. Specially since you've confirmed
> > that it should work.
> 
> Please send the code you use for testing so I can try myself.
> 
> Regards
> Patrick
> 


-- 
Sérgio Bernardino

============================================
"The Dragon awakens in the darkness
with a frozen heart he roars.
If you are close, the dragon sleeps
And when the wings appear before him
people's dreams will fill the sky..."