> I had an in-depth look on the sourcecode of your helper, and found several > issues: > > - It assumes that all GRE traffic is PPTP (there are other GRE-based protocols) > - GRE (a layer-four protocol) is implemented using an application layer helper. > As a result, the connection tracking core doesn't really know about GRE > data connections (and isn't showing them correctly in /proc/net/ip_conntrack) > Also, the NAT core is not used for GRE NAT alterations - but instead a helper > function called for every packet of the data connection. > - it is missing size checks at several places. short packets could make the > code read past the end of packet > - it assumes that tcp headers are fixed-length >
I have addressed some of these issues in a later patch. I am a believer in design and coding that is done the 'right way'. If there are shortcomings in my helper code (and I always knew there were!) or there is a better way to implement the helper, then I'm all for it. I hacked together that code quickly to fill an immediate need. It worked well enough for many people, myself included, for several months. But there is always room for improvement... -Brian > -- > Live long and prosper > - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ > ============================================================================ > GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ > V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
