[added explicit Cc to Dave] On Sun, Nov 07, 2004 at 10:18:25AM -0800, Phil Oester wrote: > The below patch addresses these issues by changing from using ifindex > comparisons to verifying that the masquerading ip still exists on the > box. > > To achieve this, two changes were required to core networking code (thus > the linux-net cc): Thanks, Phil. I think this solution is about the best we can get. Any other comments? Dave: would the two changes below be acceptable for you? > 1) export inet_confirm_addr > > 2) change inet_ifa_match to use ifa_local instead of ifa_address. > Since ifa_local != ifa_address on ppp interfaces, inet_ifa_match > could not be used to verify ppp interface addresses without > this change. -- - Harald Welte <laforge@netfilter.org> http://www.netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie
Attachment:
signature.asc
Description: Digital signature
