Is there anything I can provide or do to help get this issue fixed? Even with the patch provided, our application is still broken.
-Brandon From: Brandon Cazander Sent: Wednesday, August 3, 2016 8:47 AM To: Florian Westphal Cc: netdev@vger.kernel.org Subject: Re: PROBLEM: TPROXY and DNAT broken (bisected to 079096f103fa) I think that it is worth doing, as the original kernel change broke my user space program and could do the same to others as well. On another setup, even with the DIVERT rule in place, I'm still seeing the RST after the ACK. I'm not sure how it is behaving differently than the other setup so I need to look into that. But it definitely worked before the changes to the kernel. From: Florian Westphal <f...@strlen.de> Sent: Tuesday, August 2, 2016 3:11 PM To: Brandon Cazander Cc: Florian Westphal Subject: Re: PROBLEM: TPROXY and DNAT broken (bisected to 079096f103fa) Brandon Cazander <brandon.cazan...@multapplied.net> wrote: > > Please try this patch, it makes it work for me again. > > I decided to extend the existing snat support in xt_socket.c instead > > of changing TPROXY target: > > This fixes my example (with the DIVERT chain), but does not fix the two-line > example you gave below. Another setup I have is also still broken as of this > diff (similarly, there is a rule in nat PREROUTING that goes to a chain with > the TPROXY rule). Yes, I did not touch TPROXY target, we would need something similar (take tuple addresses from the conntrack entry) there as well if we need to make it work without the -m socket rule.
