netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re-routing packets via netfilter (ip_rt_bug)

from [Herbert Xu] [Permanent Link][Original]
To: Patrick McHardy <kaber@xxxxxxxxx>
Subject: Re: Re-routing packets via netfilter (ip_rt_bug)
From: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 27 Apr 2005 11:07:30 +1000
Cc: Yair@xxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx
In-reply-to: <426EE350.1070902@xxxxxxxxx>
References: <E1DQ1Ct-00055s-00@xxxxxxxxxxxxxxxxxxxxxxxx> <426D0CB9.4060500@xxxxxxxxx> <20050425213400.GB29288@xxxxxxxxxxxxxxxxxxx> <426D8672.1030001@xxxxxxxxx> <20050426003925.GA13650@xxxxxxxxxxxxxxxxxxx> <426E3F67.8090006@xxxxxxxxx> <20050426232857.GA18358@xxxxxxxxxxxxxxxxxxx> <426EE350.1070902@xxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.6+20040907i 
On Wed, Apr 27, 2005 at 02:56:48AM +0200, Patrick McHardy wrote:
> 
> The ipt_REJECT target can send TCP RSTs with foreign source which
> go through LOCAL_OUT. Restricting it to this case and adding proper

Couldn't we feed the TCP RST packets with foreign sources through
the FORWARD table? We're lying to the routing system already by
telling it that the packet is forwarded.  So I don't see anything
wrong with lying to netfilter as well :)

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [PATCH 2.6 1/6][SCTP] Fix SCTP_ASSOCINFO getsockopt for 1-1 style sockets., Sridhar Samudrala
Next by Date:  Badness in cache_free_debugcheck at linux/mm/slab.c:1909, Russell King
Previous by Thread:  Re: Re-routing packets via netfilter (ip_rt_bug), Patrick McHardy
Next by Thread:  Re: Re-routing packets via netfilter (ip_rt_bug), Herbert Xu
Indexes:  [Date] [Thread] [Top] [All Lists]