On Tue, 10 Feb 2009, Patrick McHardy wrote: > Pablo Neira Ayuso wrote: > > Patrick McHardy wrote: > > > Pablo Neira Ayuso wrote: > > > > This patch adds the PKTTYPE target which can be used to mangle the > > > > skbuff packet type field. This target is useful in conjunction with > > > > the arptables mcmangle target to TCP working again when a > > > > multicast hardware address is used. An example of its use: > > > > > > > > iptables -I PREROUTING ! -s 224.0.0.0/4 -t mangle \ > > > > -j PKTTYPE --to-pkt-type unicast > > > > > > > > Given the following arptables rule-set: > > > > > > > > arptables -I OUTPUT -o eth0 -j mcmangle --h-length 6 > > > > \ --mc-mangle-mac 01:00:5e:00:01:01 --mc-mangle-dev eth0 > > > > arptables -I INPUT --h-length 6 --destination-mac 01:00:5e:00:01:01 > > > > \ -j mangle --mangle-mac-d 00:zz:yy:xx:5a:27 > > > > > > > > See arptables mcmangle target for further information. > > > That one refers to this patch :) So you're actually communicating > > > using TCP and multicast? Why don't you use UDP, which works fine > > > using multicast without pkttype mangling? > > > > If the netdevice uses multicast MAC address, the link layer sets skbuff > > pkttype to PACKET_MULTICAST and TCP (among others) doesn't like this. > > This target is required to make TCP work again if a multicast MAC > > address is used. > > Yes, I know, I'm just wondering why you're using TCP at all for > synchronizing. Its not for traffic from the Internet I assume > since the node it ends up on is unknown to the outside anyways. No, that's not the syncronizing traffic, but the "normal" TCP traffic to be filtered by the firewalls, which have got multicast MAC addresses on their interfaces. Best regards, Jzosef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
