On Tue, Oct 16, 2007 at 04:38:04PM +0200, Patrick McHardy wrote: > > Thats true, but for the first case we actually have something in the > stack doing that, which is NAT and routing by fwmark. Maybe netfilter > should just send an ICMP error back, that would also solve the problem > of silently dropped packets when rerouting to an unreachable > destination.
Crap, NAT is now bane :) OK Dave, please scratch everything starting from patch 7. The first 6 patches should be OK though, unless something else comes up :) Patrick, my plan to solve this is to move the POST_ROUTING calls up one-level. So we'd call them from ip_forward_finish and where we currently call dst_output. Let me play with this and see how it turns out. Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <[EMAIL PROTECTED]> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
