Hi Patrick,
On Monday 01 October 2007, Patrick McHardy wrote:
> KOVACS Krisztian wrote:
> > Hi Patrick,
> >
> > On Monday 01 October 2007, Patrick McHardy wrote:
> >> KOVACS Krisztian wrote:
> >>> The TPROXY target implements redirection of non-local TCP/UDP
> >>> traffic to local sockets. Additionally, it's possible to manipulate
> >>> the packet mark if and only if a socket has been found. (We need
> >>> this because we cannot use multiple targets in the same iptables
> >>> rule.)
> >>>
> >>> Signed-off-by: KOVACS Krisztian <hidden@xxxxxxxxxx>
> >>> ---
> >>> +++ b/include/linux/netfilter_ipv4/ipt_TPROXY.h
> >>> @@ -0,0 +1,14 @@
> >>> +#ifndef _IPT_TPROXY_H_target
> >>> +#define _IPT_TPROXY_H_target
> >>> +
> >>> +/* TPROXY target is capable of marking the packet to perform
> >>> + * redirection. We can get rid of that whenever we get support for
> >>> + * mutliple targets in the same rule. */
> >>> +struct ipt_tproxy_target_info {
> >>> + __be32 laddr;
> >>> + __be16 lport;
> >>> + unsigned long mark_mask;
> >>> + unsigned long mark_value;
> >>
> >> This should use fixed size types.
> >
> > Yes, but marks are unsigned longs, aren't they? So if we restrict
> > this to say 32bit then we lose the ability to use the upper half of
> > the mark...
>
> No, marks are 32 bit for a long time now. The unsigned longs in
> the mark target and matches are just there for compatiblity.
Indeed, I must have missed this. Obviously if this is the case then we
don't need all this cruft and can simply use 32 bit mark fields (and the
reordered info structure Jan suggested.)
> (BTW, going to sleep now, will continue tommorrow)
OK, me too. :)
--
KOVACS Krisztian
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
