1
linux/include/net/netfilter
Jozsef Kadlecsik a0ecb85a2c netfilter: nf_nat: Handle routing changes in MASQUERADE target
When the route changes (backup default route, VPNs) which affect a
masqueraded target, the packets were sent out with the outdated source
address. The patch addresses the issue by comparing the outgoing interface
directly with the masqueraded interface in the nat table.

Events are inefficient in this case, because it'd require adding route
events to the network core and then scanning the whole conntrack table
and re-checking the route for all entry.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2012-12-03 15:14:20 +01:00
..
ipv4
ipv6
nf_conntrack_acct.h
nf_conntrack_core.h
nf_conntrack_ecache.h netlink: Rename pid to portid to avoid confusion 2012-09-10 15:30:41 -04:00
nf_conntrack_expect.h netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_conntrack_extend.h
nf_conntrack_helper.h
nf_conntrack_l3proto.h
nf_conntrack_l4proto.h
nf_conntrack_timeout.h netfilter: nf_conntrack: add nf_ct_timeout_lookup 2012-09-03 13:33:03 +02:00
nf_conntrack_timestamp.h
nf_conntrack_tuple.h
nf_conntrack_zones.h
nf_conntrack.h netfilter: nf_conntrack: improve nf_conn object traceability 2012-12-03 15:06:33 +01:00
nf_log.h
nf_nat_core.h netfilter: add protocol independent NAT core 2012-08-30 03:00:14 +02:00
nf_nat_helper.h netfilter: nf_nat: add protoff argument to packet mangling functions 2012-08-30 03:00:13 +02:00
nf_nat_l3proto.h netfilter: ipv6: add IPv6 NAT support 2012-08-30 03:00:17 +02:00
nf_nat_l4proto.h netfilter: ipv6: add IPv6 NAT support 2012-08-30 03:00:17 +02:00
nf_nat.h netfilter: nf_nat: Handle routing changes in MASQUERADE target 2012-12-03 15:14:20 +01:00
nf_queue.h netfilter: kill support for per-af queue backends 2012-12-03 15:07:48 +01:00
nf_tproxy_core.h
nfnetlink_log.h
nfnetlink_queue.h
xt_log.h
xt_rateest.h