| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LSU.2.01.1007021416120.30410@obet.zrqbmnf.qr> Date: Fri, 2 Jul 2010 14:17:01 +0200 (CEST) From: Jan Engelhardt <jengelh@...ozas.de> To: Patrick McHardy <kaber@...sh.net> cc: davem@...emloft.net, netfilter-devel@...r.kernel.org, netdev@...r.kernel.org Subject: Re: [PATCH 1/9] netfilter: nf_nat: support user-specified SNAT rules in LOCAL_IN On Friday 2010-07-02 12:17, Patrick McHardy wrote: >> >> I still have not grasped why SNAT is needed in the INPUT path. For the >> tunnel scenario that you wanted to build I could not find a reason to >> do SNAT in that place - since the non-encapsulated packets don't go >> through INPUT anyway. > > Sure they do, if they are destined for the host itself. I'm not sure > what's so hard to understand about this patch, you have f.i. multiple > tunnels using the same remote network, on INPUT and POSTROUTING you SNAT > them to seperate networks based on criteria like the network device or > the IPsec tunnel to be able to distinguish them. But they are already distinguishable by the ctmark that is applied to these connections to do routing of the reply, are they not? -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists