Hi, On Friday 18 May 2007 11:05, David Miller wrote: > From: Julian Anastasov <[EMAIL PROTECTED]> > Date: Fri, 18 May 2007 11:40:54 +0300 (EEST) > > > On Thu, 17 May 2007, Patrick McHardy wrote: > > > In any case some better solution than the current one needs to be > > > found, allowing users to send spoofed packets is far worse than > > > using a non-desired source address for ICMP packets. > > > > yes, I would prefer the sysctl_ip_nonlocal_bind change to be > > removed until such solution is found. > > Ok, I'll revert it.
I'm just about to publish the next round of tproxy patches (with the routing code modifications completely removed), but this issue is still present. I've posted a few patches making omitting this check possible selectively back in March. Do those changes look acceptable? http://marc.info/?l=linux-netdev&m=117310979823297&w=3 And the related socket layer changes: http://marc.info/?l=linux-netdev&m=117310979815374&w=3 http://marc.info/?l=linux-netdev&m=117310979902806&w=3 http://marc.info/?l=linux-netdev&m=117310980027541&w=3 -- Regards, Krisztian Kovacs - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
