lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <49104FE7.7070509@trash.net>
Date:	Tue, 04 Nov 2008 14:36:39 +0100
From:	Patrick McHardy <kaber@...sh.net>
To:	Simon Arlott <simon@...ott.org>
CC:	netdev <netdev@...r.kernel.org>, kadlec@...ckhole.kfki.hu,
	netfilter-devel@...r.kernel.org
Subject: Re: [PATCH] netfilter: Remove warn_if_extra_mangle

Simon Arlott wrote:
> In net/ipv4/netfilter/nf_nat_rule.c, the function warn_if_extra_mangle was added 
> in commit 5b1158e909ecbe1a052203e0d8df15633f829930 (2006-12-02). I have a DNAT 
> target in the OUTPUT chain than changes connections with dst 2.0.0.1 to another 
> address which I'll substitute with 66.102.9.99 below.
> 
> On every boot I get the following message:
> [  146.252505] NAT: no longer support implicit source local NAT
> [  146.252517] NAT: packet src 66.102.9.99 -> dst 2.0.0.1
> 
> As far as I can tell from reading the function doing this, it should warn if the 
> source IP for the route to 66.102.9.99 is different from 2.0.0.1 but that is not 
> the case. It doesn't make sense to check the DNAT target against the local route 
> source.
> 
> Either the function should be changed to correctly check the route, or it should 
> be removed entirely as it's been nearly 2 years since it was added.

Removing it sounds fine to me. Applied, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ