netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re-routing packets via netfilter (ip_rt_bug)

from [Patrick McHardy] [Permanent Link][Original]
To: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Subject: Re: Re-routing packets via netfilter (ip_rt_bug)
From: Patrick McHardy <kaber@xxxxxxxxx>
Date: Wed, 27 Apr 2005 14:05:06 +0200
Cc: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx>, netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx, Yair@xxxxxxx, linux-kernel@xxxxxxxxxxxxxxx
In-reply-to: <20050427115414.GA22562@xxxxxxxxxxxxxxxxxxx>
References: <426D8672.1030001@xxxxxxxxx> <20050426003925.GA13650@xxxxxxxxxxxxxxxxxxx> <426E3F67.8090006@xxxxxxxxx> <20050426232857.GA18358@xxxxxxxxxxxxxxxxxxx> <426EE350.1070902@xxxxxxxxx> <20050427010730.GA18919@xxxxxxxxxxxxxxxxxxx> <426F68C5.4010109@xxxxxxxxx> <20050427103056.GB22099@xxxxxxxxxxxxxxxxxxx> <Pine.LNX.4.58.0504271237350.4795@xxxxxxxxxxxxxxxxx> <20050427113542.GB22433@xxxxxxxxxxxxxxxxxxx> <20050427115414.GA22562@xxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.6) Gecko/20050324 Debian/1.7.6-1 
Herbert Xu wrote:

Here is another reason why these packets should go through FORWARD.
They were generated in response to packets in INPUT/FORWARD/OUTPUT.
The original packet has not undergone SNAT in any of these cases.

However, if we feed the response packet through LOCAL_OUT it will
be subject to DNAT.  This creates a NAT asymmetry and we may end
up with the wrong destination address.

By pushing it through FORWARD it will only undergo SNAT which is
correct since the original packet would have undergone DNAT.


This is only a problem since the recent NAT changes, but I agree
that we should fix it by moving these packets to FORWARD.

Regards
Patrick
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [PATCH 2.6 4/6][SCTP] Fix bug in sctp_init() error handling code., Sridhar Samudrala
Next by Date:  [PATCH 2.6 2/6][SCTP] Implement Sec 2.41 of SCTP Implementers guide., Sridhar Samudrala
Previous by Thread:  Re: Re-routing packets via netfilter (ip_rt_bug), Herbert Xu
Next by Thread:  RE: Re-routing packets via netfilter (ip_rt_bug), Yair Itzhaki
Indexes:  [Date] [Thread] [Top] [All Lists]