lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:	Fri, 20 Apr 2007 15:50:12 -0700
From:	Ben Greear <>
To:	NetDev <>
Subject: Associating connection tracking with a physical device.

I am trying to NAT routed connections between pairs of devices very
much like the etun patch recently posted.

As far as I can tell, this is failing because the connection tracking
does not take the interface into account.  The result is that if you
send on etun1a, receive on etun1b, and then route internally to
etun2a for transmit, the packet uses the same nfct (printk shows
the 'id' of the ct is the same even though the skb->dev has changed.)
This appears to make it impossible to NAT on etun2a in this scenario.

I believe what is needed to make this work is the addition of some
extra fields in the conn-tracking tuple, or perhaps some explicit test
for the outgoing netdev.

Does that sound like the right approach for enabling NAT in this case?


Ben Greear <>
Candela Technologies Inc

To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to
More majordomo info at

Powered by blists - more mailing lists