The MASQUERADE target does not handle the cases when the routing changes. (See thread "UDP packets sent with wrong source address after routing change [AV#3431]"). The first patch introduces a new in-kernel notification chain for the routing changes. The second one registers the MASQUERADE target to this events and adds the new "--route-dependent" flag (actually, the value of the flag) and conntrack flag to mark conntrack entries which may be affected by routing changes. As the first step, when routing changes, marked entries are simply deleted. Best regards, Jozsef Jozsef Kadlecsik (2): Introduce notification chain for routing changes Handle the routing changes in the MASQUERADE target include/linux/inetdevice.h | 2 + include/linux/netdevice.h | 1 + include/uapi/linux/netfilter/nf_conntrack_common.h | 4 ++ include/uapi/linux/netfilter/nf_nat.h | 1 + net/ipv4/fib_trie.c | 18 +++++++++ net/ipv4/netfilter/ipt_MASQUERADE.c | 40 ++++++++++++++++++++ 6 files changed, 66 insertions(+), 0 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
