From: Stephen Clark <sclark46@earthlink.net>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: Changli Gao <xiaosuo@gmail.com>, netfilter-devel@vger.kernel.org
Subject: Re: clone packet with new destination address
Date: Mon, 01 Nov 2010 10:29:49 -0400 [thread overview]
Message-ID: <4CCECEDD.2030107@earthlink.net> (raw)
In-Reply-To: <alpine.LNX.2.01.1011011405480.4499@obet.zrqbmnf.qr>
On 11/01/2010 09:09 AM, Jan Engelhardt wrote:
> On Monday 2010-11-01 13:46, Stephen Clark wrote:
>
>>> Oh, iptables can also do it. Please see iptables target TEE and
>>> RAWNAT in xtables-addons. http://xtables-addons.sourceforge.net/
>>>
>> In testing this it looks like, to me anyhow, that the cloned packet
>> gets sent to the new gw with the original destination address, so
>> now the destination address has to get fixed up on the gw, this
>> seems pretty kludgy to me. Why can't the cloned packet simply have
>> its destination address replaced with the new destination address?
>>
> Because that would incur a loss of information (namely, the
> destination address).
>
>
>> This seems to me like it would make a lot more sense, instead of
>> having to make changes to the packet on two different systems.
>>
> You can do the changes on a single machine if you want to.
>
>
I am not sure on how to go about doing that, looking at the code for TEE
it looks
like the cloned packet bypasses any of the remaining iptables chains. So
where
would I change the destination address? Also if I am mistaken and it
does hit
one of the remaining iptables chains how do I tell it is not the
original but the
cloned packet I want to change to the new destination address?
Anyway thanks for your response.
--
"They that give up essential liberty to obtain temporary safety,
deserve neither liberty nor safety." (Ben Franklin)
"The course of history shows that as a government grows, liberty
decreases." (Thomas Jefferson)
next prev parent reply other threads:[~2010-11-01 14:29 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-22 12:31 clone packet with new destination address Stephen Clark
2010-10-22 13:24 ` Changli Gao
2010-10-22 13:36 ` Changli Gao
2010-10-22 14:16 ` Stephen Clark
2010-11-01 12:46 ` Stephen Clark
2010-11-01 13:09 ` Jan Engelhardt
2010-11-01 14:29 ` Stephen Clark [this message]
2010-11-01 15:00 ` Changli Gao
2010-11-01 15:02 ` Changli Gao
2010-11-01 15:16 ` Stephen Clark
2010-11-01 19:37 ` Jan Engelhardt
2010-11-01 19:29 ` Jan Engelhardt
2010-11-02 13:44 ` Stephen Clark
2010-11-02 13:46 ` Jan Engelhardt
2010-11-02 13:53 ` Stephen Clark
2010-11-02 22:35 ` Changli Gao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4CCECEDD.2030107@earthlink.net \
--to=sclark46@earthlink.net \
--cc=jengelh@medozas.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=xiaosuo@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).