Hi, I am developing a netfilter target extension synproxy, that will work similar to the openbsd pf synproxy, i.e. it will (if a synflood to the destination address is detected) block the syn packet and answer with a syn cookie. If a correct ACK to the cookie is found it will send the syn packet to the actual server, intercepts the reply and then pass packets in both directions, only translating sequence numbers. The extension could then be used on a firewall to protect systems behind it from synflood attacks. I need to store some additional data to a connection in the connection tracker. Although infrastructure to do that appears to be in place, I could not find an obvious way to do that. I *did* read the kernel source and already know how to write and register a new netfilter extension. Btw, the netfilter hacking howto appears to be thoroughly outdated. I managed to find http://jengelh.medozas.de/documents/Netfilter_Modules.pdf which helped a lot, but not in this particular area. ______________________________________________________ GRATIS für alle WEB.DE-Nutzer: Die maxdome Movie-FLAT! Jetzt freischalten unter http://movieflat.web.de -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
