KOVACS Krisztian wrote:
Hi Patrick,
On Monday 01 October 2007, Patrick McHardy wrote:
KOVACS Krisztian wrote:
The TPROXY target implements redirection of non-local TCP/UDP traffic
to local sockets. Additionally, it's possible to manipulate the
packet mark if and only if a socket has been found. (We need this
because we cannot use multiple targets in the same iptables rule.)
Signed-off-by: KOVACS Krisztian <hidden@xxxxxxxxxx>
---
+++ b/include/linux/netfilter_ipv4/ipt_TPROXY.h
@@ -0,0 +1,14 @@
+#ifndef _IPT_TPROXY_H_target
+#define _IPT_TPROXY_H_target
+
+/* TPROXY target is capable of marking the packet to perform
+ * redirection. We can get rid of that whenever we get support for
+ * mutliple targets in the same rule. */
+struct ipt_tproxy_target_info {
+ __be32 laddr;
+ __be16 lport;
+ unsigned long mark_mask;
+ unsigned long mark_value;
This should use fixed size types.
Yes, but marks are unsigned longs, aren't they? So if we restrict this to
say 32bit then we lose the ability to use the upper half of the mark...
No, marks are 32 bit for a long time now. The unsigned longs in
the mark target and matches are just there for compatiblity.
(BTW, going to sleep now, will continue tommorrow)
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html