Re: Dynamic IP hack (PR#294)

Erik Corry (corry@daimi.aau.dk)
Mon, 19 Oct 1998 15:54:13 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Majdi Abbas: "Re: bug in write(2) system call."
Previous message: Ragnar Hojland Espinosa: "Snippet to freeze 2.1.125"
In reply to: Max: "Re: Tiny patch: nice 20 as idle priority"

On Mon, Oct 19, 1998 at 02:39:46PM +0100, Alan Cox wrote:
> > Because once the PPP has been reestablished with a new
> > source address, the packets generated by the 'reject' rules
>
> So they come from the address the packets apparently went to. This is correct.
> That means they will kill sockets going to said wrong addresses.

This looks a little confused to me. The problematic packets
are going to perfectly valid addresses, but they are coming
from an address that is recorded in the socket, but which is
no longer yours. The reject packets have the destination
address taken from the source address of the problem packets.
But the whole point is that that source address was wrong, so
the reject packets go the wrong place.

Believe me, I've tried it. This is why firewall rules are
insufficient and either RST-provoking or Andi's new kleen
solution is needed.

-- Erik Corry erik@arbat.com Ceterum censeo, Microsoftem esse delendam!

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Majdi Abbas: "Re: bug in write(2) system call."
Previous message: Ragnar Hojland Espinosa: "Snippet to freeze 2.1.125"
In reply to: Max: "Re: Tiny patch: nice 20 as idle priority"