> Slightly revised version.
Seems, neither of version are correct.
Let me to explain it from historical viewpoint. This chunk of code:
if (maddr == 0)
#endif
maddr = inet_select_addr(dev2, rt->rt_gateway, RT_SCOPE_UNIVERSE);
was written by me in early 2.1. That time ip_masq_* did _no_ address
selection at all and the proposed scheme was roughly equivalent to one
used in 2.0.
That time I used policy routing rules to select arbitrary source
address, because ip_masq/ip_fw did not supply (and do not supply now)
this facility.
ip_masq_select_addr appeared much later and its using inside ip_masq_*
contradicts to logic of this code.
What can I propose? Remove these two lines and pass to ip_masq_* zero maddr.
And use ip_route_output() to select source address for rewriting inside
ip_masq_*, if passed maddr is zero. Seems, this approach satisfies all.
Also, it is apparent that ip_masq_user should receive maddr as input
address too, otherwise people who used to masquerade via policy routing
are in troubles.
BTW, Juan, did you solve this problem in netfilter? Someone asked
me recently, I did not know the answer and redirected him to you
and Paul.
Alexey
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/