Re: xt_owner-xt_socket plans

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On h, jan 21, 2008 at 11:58:34 +0100, Jan Engelhardt wrote:
> 
> On Jan 21 2008 10:11, Laszlo Attila Toth wrote:
> >
> > http://people.netfilter.org/hidden/tproxy/tproxy4-2.6.24-200710190050.tar.bz2
> >
> In the xt_socket code, I just noticed:
> 
> 	struct udphdr *hp;
> 	hp = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_hdr), &_hdr);
> 
> Does that mean xt_socket only receives UDP? Also, the header should always be
> available so that skb_header_pointer is not necessary.
> Where am I being misled?

No, not just UDP but it uses only the port part of the header which has
the same layout as the TCP header. It's ugly, though. (But I'm afraid this
is not the only place where this appears.)

The skb_header_pointer() might be unnecessary, bit I'm not quite sure
about this. Where exactly do we make sure that we have at least the UDP
header available?

And as already mentioned, the this match depends heavily on the other
parts of the tproxy patchset. In fact we'd need to create a new table to
make it work for NAT-ted connections (the current tproxy patchset has a
problem with SNAT), so it wouldn't be possible to use it on
mangle/PREROUTING... (Do you happen to have any ideas for this new table
name? I wouldn't call it tproxy but something else which tells you its
place in the flowchart, like 'postnat' or something like that.)

-- 
KOVACS Krisztian
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux