| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 27 Nov 2008 19:28:37 +0100 (CET) From: Jan Engelhardt <jengelh@...ozas.de> To: Patrick McHardy <kaber@...sh.net> cc: davem@...emloft.net, netdev@...r.kernel.org, netfilter-devel@...r.kernel.org Subject: Re: netfilter 11/29: nf_nat: remove warn_if_extra_mangle On Thursday 2008-11-27 17:15, Patrick McHardy wrote: > netfilter: nf_nat: remove warn_if_extra_mangle > > In net/ipv4/netfilter/nf_nat_rule.c, the function warn_if_extra_mangle was added > in commit 5b1158e909ecbe1a052203e0d8df15633f829930 (2006-12-02). I have a DNAT > target in the OUTPUT chain than changes connections with dst 2.0.0.1 to another > address which I'll substitute with 66.102.9.99 below. > > On every boot I get the following message: > [ 146.252505] NAT: no longer support implicit source local NAT > [ 146.252517] NAT: packet src 66.102.9.99 -> dst 2.0.0.1 > > As far as I can tell from reading the function doing this, it should warn if the > source IP for the route to 66.102.9.99 is different from 2.0.0.1 but that is not > the case. It doesn't make sense to check the DNAT target against the local route > source. > > Either the function should be changed to correctly check the route, or it should > be removed entirely as it's been nearly 2 years since it was added. Why did implicit local SNAT even go? It was kind of a neat way to be able to issue `socat - tcp-client:localhost:1234` and have it redirected elsewhere on the net. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists