On Mon, 12 Nov 2012, Chris Wilson wrote: > On Mon, 12 Nov 2012, Jozsef Kadlecsik wrote: > > > What do you think about this? > > > > - add route change notification event to the net core > > - add --update-source-address flag to the MASQUERADE target > > - add a call for such events to the MASQUERADE target, when > > the flag is enabled > > > > The called function then can scan the conntrack table and for every entry > > which has got the update-source-address flag, can check whether the source > > IP address should be changed. Those entries are then deleted. > > That sounds like a relatively easy implementation that would solve the main > problem for us. > > I think there might be one element missing from the above process: the > actual conntrack entries created by the MASQUERADE > --update-source-address rule should be marked with an > UPDATE_SOURCE_ADDRESS flag, so that they can be found and deleted when > the routing changes. Yes, I thought that is implied by the the MASQUERADE flag. > Perhaps the flag/option should be called "--remove-if-routing-changes" or > "--routing-dependent" or something like that, since the source address is not > really being (directly) changed as I proposed at the beginning? I dunno, I'm not very good at naming. The "--routing-dependent" is shorter. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
