Linux kernel: how to force TCP RST to be sent on incoming interface and not making routing decisions? -

-

i'm working in environment services isolated no routing between them. therefore need send tcp rst message through incoming interface , not make routing decisions @ since no route available dst , rst messages lost.

i've added line in linux kernel tcp_v4_send_reset function:

arg.bound_dev_if = (skb->dev != dev_net(skb->dev)->loopback_dev) ? skb->dev->ifindex : 0;

but can see tcpdumps rst message not sent on incoming interface routing decision made.

any help?

did miss something?

you not need modify kernel achieve this, use ip rule instead.

first mark connection coming different interface, , save mark in conntrack table (i'm using eth2/4 example):

iptables -t mangle -a routemark -i eth2 -j mark --set-mark 0x100 iptables -t mangle -a routemark -i eth4 -j mark --set-mark 0x200 iptables -t mangle -a routemark -m mark ! --mark 0x0/0xff00 -j connmark --save-mark --mask 0xff00

then create rt_table each interface in /etc/iproute2/rt_tables, insert default route table:

ip route add default via gateway-ip-eth2 dev eth2 table rt-eth2 ip route add default via gateway-ip-eth4 dev eth4 table rt-eth4

for every outgoing packet, restore connection mark packet mark, , lookup corresponding rt_table:

iptables -t mangle -a prerouting -m connmark ! --mark 0x0/0xff00 -j connmark --restore-mark --mask 0xff00 ip rule add fwmark 0x100/0xff00 ! iif eth2 lookup rt-eth2 ip rule add fwmark 0x200/0xff00 ! iif eth4 lookup rt-eth4

so responding packet sent interface origin packet comes from.


Comments

Post a Comment

Popular posts from this blog

javascript - DIV "hiding" when changing dropdown value -

-
this related previous question asked: hide / show multiple divs i have code in place previous question , seems work ok apart when change value in dropdown "after" ticket selection made. i have number of javascrpts in place wondering if there clash somewhere? first bit of code in head of document. <head> <script type="text/javascript"> $(function() { $('.cat_dropdown').change(function() { $('#paymethod').toggle($(this).val() >= 2); }); }); </script> <script type="text/javascript"> $(document).ready(function () { $(".paymentmethod").click(function () { $(".paymentinfo").hide(); switch ($(this).val()) { case "credit card authorisation": $("#pay0").show("slow"); break; ...
Read more

Does Firefox offer AppleScript support to get URL of windows? -

-
i trying write applescript that, among other things, gets url of every open webpage in firefox. in safari (and chrome), done simply: tell application "safari" return url of every tab in every window however, seems me firefox offers no real applescript support, such getting url of tab or window. when google terms "firefox" , "applescript" together, firefox bug requests asking applescript support restored, last updated in 2010 or 2011 (like this , this ). am right in thinking, then, firefox no longer offers proper applescript support? realize there semi-workarounds, such simulating key-commands in applescript, aren't practical purposes. to see of applescript commands firefox responds to, launch applescript editor, select menu file > open dictionary... , , choose firefox application. you'll find you're expecting: firefox doesn't offer useful applescript commands.
Read more

android - How to install packaged app on Firefox for mobile? -

-
how test-install packaged (zip) app on fennec? device: physical android phone or android emulator, don't care. install mozilla-apk-cli using npm: npm install -g mozilla-apk-cli use generate "debuggable" apk app either source directory or url mini-manifest: mozilla-apk-cli /path/to/source/dir/ arbitrary-name.apk mozilla-apk-cli http://example.com/path/to/mini/manifest.webapp arbitrary-name.apk (context-click > inspect element on "free" button in marketplace discover mini-manifest url app in marketplace.) install apk on android device: adb install -r arbitrary-name.apk launch app on device. notification area notification port remote debugger server listening on. forward port on desktop, f.e. if port 12345: adb forward tcp:12345 tcp:12345 go web developer > connect… in firefox on desktop , connect localhost @ forwarded port. commence debugging! notes: use nightly builds of fennec best experience. bug 929382 tracks ...
Read more