Re: PROBLEM: Netfilter inconsistency?

Harald Welte (laforge@gnumonks.org)
Fri, 15 Feb 2002 08:43:13 +0100


On Fri, Feb 15, 2002 at 01:01:49AM +0100, Ulrich Mohr wrote:

Hi!

> When the LOCAL_OUT hook is called via ip_build_and_send_packet or
> ip_build_xmit, then ip_select_ident is called prior to the call to
> the LOCAL_OUT hook and will not change after the call to the hook.
>
> When the LOCAL_OUT hook is called via ip_queue_xmit, then the
> ip_select_ident is called after the call to the netfilter hook, and
> the value of the id field in the ip-header changes after a reinject.
>
[...]

> I tried to make the call to ip_select_ident before the hooks are called,
> and I did not see any side effects (the if field was set directly after
> the hook was called anyway on all execution paths, and it did not depend
> on any information which was not present prior to the hook was called).
> http, scp, ftp & icmp are working fine with this modification.

and in fact it seems cleaner to have a consistent behaviour with regard
to the id field.

But since the change is not inside the netfilter code, but in the core
networking, it's up to the core networking maintainers to decide if this
patch is acceptable or might break something.
>
> I insert the patch I did to ip_output.c on Kernel v. 2.4.10.

Please always use unified diff - it's difficult to understand your patch
just from reading it since it doesn't contain context (diff -u)

> Thank you,
> Uli

-- 
Live long and prosper
- Harald Welte / laforge@gnumonks.org               http://www.gnumonks.org/
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ 
V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/