lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <alpine.LNX.1.10.0811271927060.21626@fbirervta.pbzchgretzou.qr>
Date:	Thu, 27 Nov 2008 19:28:37 +0100 (CET)
From:	Jan Engelhardt <jengelh@...ozas.de>
To:	Patrick McHardy <kaber@...sh.net>
cc:	davem@...emloft.net, netdev@...r.kernel.org,
	netfilter-devel@...r.kernel.org
Subject: Re: netfilter 11/29: nf_nat: remove warn_if_extra_mangle


On Thursday 2008-11-27 17:15, Patrick McHardy wrote:

>    netfilter: nf_nat: remove warn_if_extra_mangle
>    
>    In net/ipv4/netfilter/nf_nat_rule.c, the function warn_if_extra_mangle was added
>    in commit 5b1158e909ecbe1a052203e0d8df15633f829930 (2006-12-02). I have a DNAT
>    target in the OUTPUT chain than changes connections with dst 2.0.0.1 to another
>    address which I'll substitute with 66.102.9.99 below.
>    
>    On every boot I get the following message:
>    [  146.252505] NAT: no longer support implicit source local NAT
>    [  146.252517] NAT: packet src 66.102.9.99 -> dst 2.0.0.1
>    
>    As far as I can tell from reading the function doing this, it should warn if the
>    source IP for the route to 66.102.9.99 is different from 2.0.0.1 but that is not
>    the case. It doesn't make sense to check the DNAT target against the local route
>    source.
>    
>    Either the function should be changed to correctly check the route, or it should
>    be removed entirely as it's been nearly 2 years since it was added.

Why did implicit local SNAT even go? It was kind of a neat way to
be able to issue `socat - tcp-client:localhost:1234` and have
it redirected elsewhere on the net.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ