Hi, On Wed, Oct 01, 2008 at 07:42:50AM -0700, David Miller wrote: > From: KOVACS Krisztian <hidden@xxxxxxxxxx> > Date: Wed, 01 Oct 2008 16:24:31 +0200 > > > The TCP stack sends out SYN+ACK/ACK/RST reply packets in response to > > incoming packets. The non-local source address check on output bites > > us again, as replies for transparently redirected traffic won't have a > > chance to leave the node. > > > > This patch selectively sets the FLOWI_FLAG_ANYSRC flag when doing > > the route lookup for those replies. Transparent replies are enabled if > > the listening socket has the transparent socket flag set. > > > > Signed-off-by: KOVACS Krisztian <hidden@xxxxxxxxxx> > > I had to make some modifications to make this build. > > I took two include/net/ip.h modifications from patch 7: > > 1) Adding flags to ip_reply_arg struct > 2) definition of IP_REPLY_ARG_NOSRCCHECK > > and the result is included below and added to net-next-2.6 Oops, my fault, sorry. Should have been more careful when juggling around with patches yesterday... -- KOVACS Krisztian -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
