thr3ads.net - netfilter buglog - [Bug 586] New: Problems changing the source address of a packet [Mar 2009]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at bugzilla.netfilter.org

2009-Mar-18 14:33 UTC

[Bug 586] New: Problems changing the source address of a packet

http://bugzilla.netfilter.org/show_bug.cgi?id=586

           Summary: Problems changing the source address of a packet
           Product: libnetfilter_queue
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: blocker
          Priority: P1
         Component: libnetfilter_queue
        AssignedTo: laforge at netfilter.org
        ReportedBy: damian.lezama at hotmail.com


Hi, I'm changing the source IP of incoming packets and it fails. If I change
it
in PREROUTING the packet disappears even if I ACCEPT or REPEAT as verdict. If I
change it in INPUT the application gets the old one, If I change it in FORWARD
the router uses the old one.


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at bugzilla.netfilter.org

2009-Mar-18 14:35 UTC

head link

[Bug 586] Problems changing the source address of a packet

http://bugzilla.netfilter.org/show_bug.cgi?id=586





------- Comment #1 from damian.lezama at hotmail.com  2009-03-18 15:35 -------
Oh, and changing the protocol also has similar efects


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at bugzilla.netfilter.org

2009-Mar-29 22:59 UTC

head link

[Bug 586] Problems changing the source address of a packet

http://bugzilla.netfilter.org/show_bug.cgi?id=586


jengelh at medozas.de changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WORKSFORME




------- Comment #2 from jengelh at medozas.de  2009-03-30 00:59 -------
Do not forget to update the checksums.

Please reopen if the problem persists.


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at bugzilla.netfilter.org

2009-Mar-30 07:02 UTC

head link

[Bug 586] Problems changing the source address of a packet

http://bugzilla.netfilter.org/show_bug.cgi?id=586


damian.lezama at hotmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|WORKSFORME                  |




------- Comment #3 from damian.lezama at hotmail.com  2009-03-30 09:02 -------
I update the checksums. I continued looking into this and the problem seems to
be specific to changing the source to a source asociated to your own host in
PREROUTING. This may be by design since a packet with the host as source
doesn't seem to be expected in PRE. Any workaround?


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at bugzilla.netfilter.org

2009-Mar-30 16:03 UTC

head link

[Bug 586] Problems changing the source address of a packet

http://bugzilla.netfilter.org/show_bug.cgi?id=586


jengelh at medozas.de changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|laforge at netfilter.org       |jengelh at medozas.de
             Status|REOPENED                    |NEW




------- Comment #4 from jengelh at medozas.de  2009-03-30 18:03 -------
nf_conntrack already recorded the connection with the given <src,dst,...>
addr
tuple, and changing them leads to confusion (ultimately dropping it)?? at
least for when this is done within the kernel, e.g. an Xtables target.
(libnetfilter_queue is exempt because skbs are new ones, with skb->nfct
reset,
when packets are received from userspace.)

Modifications to the packet that involve parts of this tuple need to be done in
the raw table (or rawpost for outgoing traffic). raw runs before connection
tracking, and rawpost (available via an Xtables-addons branch ATM) runs
afterwards, hence ct would never see the original addresses and thus have no
way to get confused.

An alternative is that you remove the nfct entry from the tuplehash array and
reinsert it with the new tuple but that may mean more hairy code.


-- 
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
You are the assignee for the bug, or are watching the assignee.

Apparently Analagous Threads

Search for more apparently analagous threads

netfilter buglog - Mar 2009 - [Bug 586] New: Problems changing the source address of a packet

[Bug 586] New: Problems changing the source address of a packet

[Bug 586] Problems changing the source address of a packet

[Bug 586] Problems changing the source address of a packet

[Bug 586] Problems changing the source address of a packet

[Bug 586] Problems changing the source address of a packet

Apparently Analagous Threads