Hello,
I wish to build an extension that strips LSRR IPv4 Options from
outgoing traffic and re-inserts it for inbound traffic. I've been
given some pointers about how to approach this which are:
* A match extension which matches on the presence of LSRR options.
* A target extension, similar to NAT, that removes/reinserts the
appropriate LSRR options.
On the Netfilter Extensions HOWTO I have found a match extension by
Fabrice Marie (http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-3.html#ss3.6)
which should already do what I want. There is also a target extension
which strips all IP Options
(http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-4.html#ss4.2).
I believe these extensions were in the deprecated Patch-O-Matic system
(?) and this has been replaced by Xtables-addons which appears to
contain an IP Options match extension but not a target extension?
Also, regarding the switch to nftables from iptables. Will my approach
listed above work with iptables and nftables or is a different
approach required for nftables?
Thank you in advance.
Duncan
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
