Ming-Ching Tiew wrote:
I sort of just forward this to netfilter-devel.
For those who in netfilter-devel but not in tproxy mail list, a little
background here :-
I discovered after applying the tproxy4 patch which allows one to spoof
originating traffic with a foreign IP address ( for the purpose of doing
transparent proxy ) that after doing it, traffics with foreign IP will
not leave the system if there is a FWMARK in the mangle table OUTPUT
chain. Any MARK will screw up the routing.
And the patch above seems to be able to get the packets out of the machine
again.
So the motivation here perhaps someone here could throw some light as to
how this situation is best handled.
IIRC the current TPROXY patches use a flag in the dst_entry
to indicate that the source address is non-local. So
ip_route_me_harder should probably check that flag and
use routing for foreign addresses for that case.
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
