On Monday, March 19, 2007 5:02 PM, Patrick McHardy wrote:
Martin Schiller wrote:
To be more exactly, it's the examination of
ct-tuplehash[dir].tuple.dst.u.all !=
ct-tuplehash[!dir].tuple.src.u.all which is only be done if XFRM
is configured. Since I don't need this anyway, I deactivated XFRM
This patch changes the behaivor of the iptables nat module to the style
before release 2.6.16 so it is possible again to use the ping -I iface
target command to send icmp requests to a target for which no route
exists.
Signed-off-by: Martin Schiller [EMAIL PROTECTED
On Thursday, March 15, 2007 9:51 AM, Patrick McHardy wrote:
diff -uNpr linux-2.6.19.org/net/ipv4/netfilter/ip_nat_standalone.c
linux-2.6.19/net/ipv4/netfilter/ip_nat_standalone.c
--- linux-2.6.19.org/net/ipv4/netfilter/ip_nat_standalone.c
2006-11-29 22:57:37.0 +0100
+++
On Tuesday, October 17, 2006 2:54 PM, Eric Dumazet wrote:
Well, did you solve Lennert problem if the final (third packet of
three packet TCP establishment handshake) packet is missing ? It
seems no timer will fire and tell you the socket is not usable...
Sorry, but I don't know what you
On Monday, October 16, 2006 9:02 AM, Lennert Buytenhek wrote:
I wrote something like this a couple of years ago:
http://marc.theaimsgroup.com/?l=linux-netdevm=103666165629419w=2
http://marc.theaimsgroup.com/?l=linux-netdevm=106089519611631w=2
There wasn't a whole lot of
On Friday, October 13, 2006 10:14 PM, Eric Dumazet wrote:
Martin, I played with libnetfilter_queue
(http://www.netfilter.org/projects/libnetfilter_queue/index.html)
With this single iptables rules, I was able to do what you want :
transmit the SYN message to a user application, that may
On Friday, October 13, 2006 7:42 AM, Stephen J. Bevan wrote:
Say you are writing a transparent proxy i.e. when a TCP connection is
made through the box, rather than forwarding the TCP SYN, it is
delivered locally where it accepted and then the proxy makes a
separate TCP connection to original
anybody have any hints for me where I should start to work?
Regards,
Martin Schiller
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
On Thursday, October 12, 2006 10:38 AM, Eric Dumazet wrote:
Well, it is already possible to delay the 'third packet' of an
outgoing connection with a litle hack. But AFAIK not the SYNACK of
incoming connection. It could be cool. Maybe some new syscalls are
needed:
int syn_recv(int
