Fw: Networking: repeatable oops in 2.4.15-pre2
Tue, 13 Nov 2001 18:25:45 +0300 (MSK)
> The NAT code is special: it will always mangle packet the same way, so
> it doesn't *REALLY* matter if we mangle the original packet for local
> output (if we change IP headers in different ways for retransmission
> of the same packet, we would have much bigger problems).
No, this does not matter at all if you change only headers.
Netfilter is first who sees output packets and it may rewrite them
mostly arbitraririly: packet sockets, devices see only rewritten copy.
When retransmitting tcp prepares new headers and, hence, checks
for clonin itself, if someone holds the packet it prepares copy.
But if a hook changes _data_ (f.e. ftp packets), it can break original
packet sitting in tcp queue and this is fatal. So, when mangling
data, packet must be always copied. When mangling header, no copy
> Does this work for everyone? Particularly while running tcpdump?
It does, but I cannot say "for everyone", it will work with current
protocol suite, but probably will break with out-of-tree stacks.
Anyway, if it will not work, it will be problem not of netfilter,
but of the guy who did not prepare right ownership. :-)