Sorry,
Ok with the patch it works... I expected that ipv6 source address
would change and take the ipv6 adress of the new interface, which is
after reflexion stupid ... The packet exits the terminal with the new
interface, everything good... almost this creates a new problem for us
...
We would like to have the Source IPv6 address of the new interface and
not the IPv6 adress of the default route. Is it possible on PREROUTING
hook to change the IPv6 address of the outgoing packets ?
On 3/1/07, Boutin Maël <mael.boutin@xxxxxxxxxxx> wrote:
Sorry, i did not answer to the netfilter list.
It does not work with the 2.6.20 kernel although the patch is applied.
I followed the functions calls and i really do not understand what is
missing. In my opinion the ip rule is matched and applied to the
packet (the dst_entry seems to be good, at least the net_device
structure). The skb->dev field contain the good device (eth0) from
which the paket should leave the terminal (tested in function
ip6_output2) however the pcket continues to leave through the default
interface.
I am not an expert of Linux and the IPv6 stack, so your help would be
greatly appreciated !
On 2/28/07, Yasuyuki KOZAKAI <yasuyuki.kozakai@xxxxxxxxxxxxx> wrote:
>
> Hi,
>
> From: "Boutin Maël" <mael.boutin@xxxxxxxxxxx>
> Date: Wed, 28 Feb 2007 12:53:44 +0100
>
> > Thanks for the patch, however it does not work, the kernel does not compile :
> >
> > line 18:
> >
> > struct sk_buff has no member named mark (it should be nfmark no ?)
> > unknown field "mark" specified in initializer
>
> Ah yes. nfmark is renamed to mark at 2.6.20.
>
> > To answer your previous questions :
> > yes i have logs in the kernel for both out6 and post6.
>
> Thanks.
>
> > Of course i can try 2.6.20 but it seems to me that there is the same
> > problem (i tried before)
>
> I think so.
>
> > In my opinion the problem is due to the fact that the routing decision
> > is made before OUTPUT chain but not relaunched once the nfmark routing
> > key is changed which is i think how it should work.
>
> Yes. That is what ip6_route_me_harder does.
>
> How about this for 2.6.19 ?
>
> [NETFILTER]: ip6_route_me_harder should take into account mark
>
> Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@xxxxxxxxxxxxx>
>
> diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
> index f6294e5..ca50b58 100644
> --- a/net/ipv6/netfilter.c
> +++ b/net/ipv6/netfilter.c
> @@ -15,6 +15,7 @@ int ip6_route_me_harder(struct sk_buff *
> struct dst_entry *dst;
> struct flowi fl = {
> .oif = skb->sk ? skb->sk->sk_bound_dev_if : 0,
> + .mark = skb->nfmark,
> .nl_u =
> { .ip6_u =
> { .daddr = iph->daddr,
>
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc
