From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Torsten Luettgert <ml-netfilter@enda.eu>,
netfilter-devel@vger.kernel.org
Subject: Re: TEE broken in 3.6
Date: Wed, 17 Oct 2012 10:23:23 +0200 [thread overview]
Message-ID: <20121017082323.GA13289@1984> (raw)
In-Reply-To: <1350460131.26103.68.camel@edumazet-glaptop>
[-- Attachment #1: Type: text/plain, Size: 769 bytes --]
On Wed, Oct 17, 2012 at 09:48:51AM +0200, Eric Dumazet wrote:
> On Wed, 2012-10-17 at 09:45 +0200, Torsten Luettgert wrote:
> > On Tue, 16 Oct 2012 22:00:18 +0200
> > Eric Dumazet <eric.dumazet@gmail.com> wrote:
> >
> > > Could you try latest tree, with the following patch ?
> >
> > Yeah, that works.
> >
> > I'm still a bit sad, though, since I'll have to wait for 3.7 now (no
> > FLOWI_FLAG_KNOWN_NH in 3.6.*), or is there any solution for those "old"
> > kernels, too?
> >
> > Regards,
> > Torsten
>
> I believe its stable material, it will reach 3.6.3 or 3.6.4 dont worry.
@Eric: I've included the description to the patch (just to save you
some time to make it yourself).
Let me know if you're OK with the one attached. If not, feel free to
pass me yours.
[-- Attachment #2: 0001-netfilter-xt_TEE-fix-routing-due-to-rt_gateway-seman.patch --]
[-- Type: text/x-diff, Size: 1159 bytes --]
>From d977416de1ceb9ec960b34c0202d711a9a6dead4 Mon Sep 17 00:00:00 2001
From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Wed, 17 Oct 2012 10:18:15 +0200
Subject: [PATCH] netfilter: xt_TEE: fix routing due to rt_gateway semantic
changes
Since (f8126f1 ipv4: Adjust semantics of rt->rt_gateway.), xt_TEE
stopped working.
The problem is that it tries to ARP lookup the original destination
address of the forwarded packet, not the address of the gateway.
Reported-by: Torsten Luettgert <ml-netfilter@enda.eu>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/xt_TEE.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/netfilter/xt_TEE.c b/net/netfilter/xt_TEE.c
index ee2e5bc..bd93e51 100644
--- a/net/netfilter/xt_TEE.c
+++ b/net/netfilter/xt_TEE.c
@@ -70,6 +70,7 @@ tee_tg_route4(struct sk_buff *skb, const struct xt_tee_tginfo *info)
fl4.daddr = info->gw.ip;
fl4.flowi4_tos = RT_TOS(iph->tos);
fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
+ fl4.flowi4_flags = FLOWI_FLAG_KNOWN_NH;
rt = ip_route_output_key(net, &fl4);
if (IS_ERR(rt))
return false;
--
1.7.10.4
next prev parent reply other threads:[~2012-10-17 8:23 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-10-16 19:13 TEE broken in 3.6 Torsten Luettgert
2012-10-16 20:00 ` Eric Dumazet
2012-10-17 7:45 ` Torsten Luettgert
2012-10-17 7:48 ` Eric Dumazet
2012-10-17 8:15 ` Pablo Neira Ayuso
2012-10-17 8:33 ` [PATCH] netfilter: xt_TEE: dont use destination address found in header Eric Dumazet
2012-10-17 8:23 ` Pablo Neira Ayuso [this message]
2012-10-17 8:34 ` TEE broken in 3.6 Eric Dumazet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121017082323.GA13289@1984 \
--to=pablo@netfilter.org \
--cc=eric.dumazet@gmail.com \
--cc=ml-netfilter@enda.eu \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).