RE: Re-routing packets via netfilter (ip_rt_bug)

From: Yair Itzhaki
Date: Mon Apr 25 2005 - 11:19:31 EST

No, this does not help.
The failure is now inside "ip_route_output_slow", since the reversed address packet has the source address of the remote machine, and the call to "ip_dev_find" fails to find a device with matching address.

In 2.4 the okfn pointer used to point to "ip_queue_xmit2" which evaluated the new route from scratch.
It was passed in as the completion function when calling the NF_HOOK chain.
In 2.6 this function is gone (replaced with a reference to "dst_output).

Was removing it a mistake?

-----Original Message-----
From: Patrick McHardy [mailto:kaber@xxxxxxxxx]
Sent: Monday, April 25, 2005 11:07
To: Yair Itzhaki
Cc: linux-kernel@xxxxxxxxxxxxxxx; Netfilter Development Mailinglist
Subject: Re: Re-routing packets via netfilter (ip_rt_bug)

Yair Itzhaki wrote:
> While traversing packets through Netfilter, changing dest address from a foreign to a local address causes the packet to drop (and show up at ip_rt_bug(), along a syslog entry).

Does this patch fix your problem?

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at