| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <462943A4.5060309@candelatech.com> Date: Fri, 20 Apr 2007 15:50:12 -0700 From: Ben Greear <greearb@...delatech.com> To: NetDev <netdev@...r.kernel.org> Subject: Associating connection tracking with a physical device. I am trying to NAT routed connections between pairs of devices very much like the etun patch recently posted. As far as I can tell, this is failing because the connection tracking does not take the interface into account. The result is that if you send on etun1a, receive on etun1b, and then route internally to etun2a for transmit, the packet uses the same nfct (printk shows the 'id' of the ct is the same even though the skb->dev has changed.) This appears to make it impossible to NAT on etun2a in this scenario. I believe what is needed to make this work is the addition of some extra fields in the conn-tracking tuple, or perhaps some explicit test for the outgoing netdev. Does that sound like the right approach for enabling NAT in this case? Thanks, Ben -- Ben Greear <greearb@...delatech.com> Candela Technologies Inc http://www.candelatech.com - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists