Re: Re-routing packets via netfilter (ip_rt_bug)

From: Herbert Xu
Date: Tue Apr 26 2005 - 20:10:00 EST

Next message: Neil Horman: "[Patch] add check to /proc/devices read routines"
Previous message: Nick Piggin: "Re: [patch] __block_write_full_page bug"
In reply to: Patrick McHardy: "Re: Re-routing packets via netfilter (ip_rt_bug)"
Next in thread: Patrick McHardy: "Re: Re-routing packets via netfilter (ip_rt_bug)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 27, 2005 at 02:56:48AM +0200, Patrick McHardy wrote:
>
> The ipt_REJECT target can send TCP RSTs with foreign source which
> go through LOCAL_OUT. Restricting it to this case and adding proper

Couldn't we feed the TCP RST packets with foreign sources through
the FORWARD table? We're lying to the routing system already by
telling it that the packet is forwarded. So I don't see anything
wrong with lying to netfilter as well :)

Cheers,
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@xxxxxxxxxxxxxxxxxxx>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Neil Horman: "[Patch] add check to /proc/devices read routines"
Previous message: Nick Piggin: "Re: [patch] __block_write_full_page bug"
In reply to: Patrick McHardy: "Re: Re-routing packets via netfilter (ip_rt_bug)"
Next in thread: Patrick McHardy: "Re: Re-routing packets via netfilter (ip_rt_bug)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]