/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */ I sent a message containing a new masquerading patch to these lists, and it was way too large at least for linux-kernel. I'm sending this message to clarify. The necessary files are at http://mail.helixsystems.com/~masq/ Also, in case you got the original message, the mbfw.c and ip_masq_mbfw.c files were an old version. Don't use them. Use the ones from the web site. original text follows (more or less) --- The following patch is a new version of the 2-dir masq patch I submitted to the kernel list about two months ago. It works very differently this time: packets coming in on 2-dir connections are marked with an skb flag, which is interpreted in the forward chain to force masquerading of that packet, with a second entry created for the other masq direction, also with the 2-dir flag set. Everything is defined out so that it can be a kernel compile option. The other patch is to ip_masq_app (the app support) and allows modules to key into the system by source port rather than dest port, so it works for servers behind a firewall being accessed from outside. This is also controlled by a #define. The FTP module has code to support masqing of passive FTP. While I was at it, I fixed a serious problem in the FTP module wherein it assumes the TCP data begins after the TCP header with no options in between. The following is a Bad Thing: data = (char *)&th[1]; this is the Right Thing: data = (char *)th; data += th->doff*4; ...assuming that proper bounds checking is also being performed which it is here. This fix is not #defined; it is included regardless of the options set. The problem affected the passive FTP specifically, but it is a bug no matter which way it is sliced. There's one bug in this patch - the tcp/udp checksum code in masq is conditioned out if the 2-dir option is enabled, because it wasn't working the second time through. This is a bug somewhere, but I need someone to explain to me exactly what it's doing and what all the checksum-related fields in the skb are... thanks. Oh yes: this _has_ been tested under pretty heavy load. :-) Any chance of seeing this in 2.2.1[34]? (btw: my employer waives all rights to this code. it's yours.) _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
