8 Jul
2009
8 Jul
'09
7:19 a.m.
2009/7/7 KOVACS Krisztian <hidden@sch.bme.hu>:
Reusing the original port is usually a bad idea. A notable example of things breaking is Netfilter connection tracking, which gets confused if you reuse the exact same endpoints for a different connection.
Technically they are not the exact same if you include the interface. If it doesn't consider the interface then they would appear the same.
Netfilter conntrack is interface agnostic -- and you're right that it's exactly that what's causing the problem here.
So are you saying that the Linux TPROXY4 code as it stands won't handle the case of a client sending a connection out with a source port that the TPROXY4 proxy is currently using itself for a client IP spoofed connection? Adrian