LVS
lvs-devel
[Top] [All Lists]
Google
 
Web LinuxVirtualServer.org
<prev [Date] next> <prev [Thread] next>

Re: [PATCH] nf_nat: restrict ICMP translation for embedded header

from [Patrick McHardy] [Permanent Link]
To: Julian Anastasov <ja@xxxxxx>
Subject: Re: [PATCH] nf_nat: restrict ICMP translation for embedded header
Cc: netfilter-devel@xxxxxxxxxxxxxxx, lvs-devel@xxxxxxxxxxxxxxx
From: Patrick McHardy <kaber@xxxxxxxxx>
Date: Wed, 13 Oct 2010 21:21:19 +0200 
Am 11.10.2010 10:23, schrieb Julian Anastasov:
> 
>     Skip ICMP translation of embedded protocol header
> if NAT bits are not set. Needed for IPVS to see the original
> embedded addresses because for IPVS traffic the IPS_SRC_NAT_BIT
> and IPS_DST_NAT_BIT bits are not set. It happens when IPVS performs
> DNAT for client packets after using nf_conntrack_alter_reply
> to expect replies from real server.
> 
> Signed-off-by: Julian Anastasov <ja@xxxxxx>
> ---
> 
>     I'm not very familiar with this code, so this change
> must not be considered as trivial. May be there was a
> reason the embedded header to be translated before the NAT
> bits are set?

This seems OK to me, but I need to think about it a bit more,
this code is subtle.
--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [RFC PATCH 4/9] ipvs network name space aware, Hans Schillstrom
Next by Date:  Re: [patch] IPVS: ip_vs_dbg_callid() is only needed for debugging, Patrick McHardy
Previous by Thread:  [PATCH] nf_nat: restrict ICMP translation for embedded header, Julian Anastasov
Next by Thread:  Re: [PATCH] nf_nat: restrict ICMP translation for embedded header, Patrick McHardy
Indexes:  [Date] [Thread] [Top] [All Lists]