From: Kristian Evensen <kristian.evensen@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: Wrong MAC in redirected packet
Date: Wed, 25 Mar 2009 15:27:18 +0100 [thread overview]
Message-ID: <17e3a8f80903250727q739fac53r6325a8eefff96a97@mail.gmail.com> (raw)
Hello,
I have a setup where I have a sender and a multihomed receiver
connected through a switch, and I am working on a module that
currently does more or less the same as RAWDNAT [1] (at least it is
supposed to). My goal is to redirect packets destined for one
interface on the multihomed receiver to the other, and changing the IP
address works. Unfortunately, the packet keeps the original
destination MAC-address, so it arrives at the wrong interface on the
multihomed receiver. The sender has the correct mapping between IP's
and MAC's (arp_filter is 1 on the receiver) and it works when I do the
redirection using DNAT or for example ping each interface separately.
Does anyone have any suggestions or hints? Reconstructing the SKB
would most likely solve it, but that seems a bit drastic.
My theory is that the original MAC-address is somehow added to the SKB
before it reaches the output-part of the RAW-table (which is where I
hook in), because of the sender's mapping between the original
destination IP and MAC. However, I have not been able to figure this
out. Also, I looked at the NAT-code, but it seems to "only" change
IP-address as well. Have I overlooked something or am I correct?
Btw, RAWDNAT throws up a couple of errors on my machine, so I have not
been able to see it it does what I want to do.
Please let me know if you need more information.
Thanks,
Kristian
[1] - http://dev.medozas.de/gitweb.cgi?p=xtables-addons;a=blob;f=extensions/libxt_RAWDNAT.c;h=1d50b9188ae5e1e2b257ac15afcb2857c9353c25;hb=RAWNAT
next reply other threads:[~2009-03-25 14:27 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-03-25 14:27 Kristian Evensen [this message]
2009-03-25 14:33 ` Wrong MAC in redirected packet Jan Engelhardt
2009-03-25 15:00 ` Kristian Evensen
2009-03-25 15:04 ` Jan Engelhardt
2009-03-25 15:17 ` Kristian Evensen
2009-03-25 15:20 ` Jan Engelhardt
2009-03-25 19:47 ` Kristian Evensen
2009-03-25 19:48 ` Jan Engelhardt
2009-03-25 19:56 ` Kristian Evensen
2009-03-25 19:57 ` Jan Engelhardt
2009-03-25 21:00 ` Kristian Evensen
2009-03-26 10:26 ` Kristian Evensen
2009-03-26 20:07 ` Jan Engelhardt
2009-03-26 20:54 ` Kristian Evensen
2009-04-26 9:46 ` Jan Engelhardt
2009-04-26 16:22 ` Kristian Evensen
2009-04-26 21:29 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=17e3a8f80903250727q739fac53r6325a8eefff96a97@mail.gmail.com \
--to=kristian.evensen@gmail.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).