On Tue, Nov 13, 2012 at 05:11:11PM +0100, Jozsef Kadlecsik wrote: > On Tue, 13 Nov 2012, Pablo Neira Ayuso wrote: > > > On Mon, Nov 12, 2012 at 08:34:26PM +0100, Jozsef Kadlecsik wrote: > > > > > > What do you think about this? > > > > > > - add route change notification event to the net core > > > - add --update-source-address flag to the MASQUERADE target > > > - add a call for such events to the MASQUERADE target, when > > > the flag is enabled > > > > > > The called function then can scan the conntrack table and for every entry > > > which has got the update-source-address flag, can check whether the source > > > IP address should be changed. Those entries are then deleted. > > > > It seems to me this can be implemented this from user-space. It would > > require a new working mode for conntrackd that would: > > > > 1) subscribe to route events via rtnl and libmnl. > > 2) get new interface address for some monitored address, also via rtnl. > > 3) iterate over the table and remove those entries with outdated IP > > address. > > > > All the infrastructure is ready, and it would not require any kernel > > upgrade. What do you think about this approach? > > So far conntrackd implements conntrack replication. It could be extended > with such functionality, yes. However, it'd be just good if MASQUERADE > would not require an external component (i.e. userspace daemon) to work in > all cases. I see. If the change is more or small and it allows it to work for all cases, I'll be OK. > Step 2 does indeed required? Hm, not really, sorry. Your plan is to set some flag in ct->status so you can identify those that you need to kill, is it precise? Regards. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
