Pablo Neira Ayuso wrote:
Patrick McHardy wrote:
Pablo Neira Ayuso wrote:
This patch adds the PKTTYPE target which can be used to mangle the
skbuff packet type field. This target is useful in conjunction with
the arptables mcmangle target to TCP working again when a
multicast hardware address is used. An example of its use:
iptables -I PREROUTING ! -s 224.0.0.0/4 -t mangle \
-j PKTTYPE --to-pkt-type unicast
Given the following arptables rule-set:
arptables -I OUTPUT -o eth0 -j mcmangle --h-length 6
\ --mc-mangle-mac 01:00:5e:00:01:01 --mc-mangle-dev eth0
arptables -I INPUT --h-length 6 --destination-mac 01:00:5e:00:01:01
\ -j mangle --mangle-mac-d 00:zz:yy:xx:5a:27
See arptables mcmangle target for further information.
That one refers to this patch :) So you're actually communicating
using TCP and multicast? Why don't you use UDP, which works fine
using multicast without pkttype mangling?
If the netdevice uses multicast MAC address, the link layer sets skbuff
pkttype to PACKET_MULTICAST and TCP (among others) doesn't like this.
This target is required to make TCP work again if a multicast MAC
address is used.
Yes, I know, I'm just wondering why you're using TCP at all for
synchronizing. Its not for traffic from the Internet I assume
since the node it ends up on is unknown to the outside anyways.
It really seems pretty hackish to add netfilter modules to work
around valid checks in the stack. I'd prefer if we can come up
with a nicer way that offers you the same functionality.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
