Máté Eckl <ecklm94@xxxxxxxxx> wrote: > On Wed, Jun 20, 2018 at 01:29:51PM +0200, Florian Westphal wrote: > > Máté Eckl <ecklm94@xxxxxxxxx> wrote: > > > This patch is built on the commit not applied yet with the title: > > > evaluate: Detect address family in inet context > > > > You can add this ... > > > > > Example ruleset: > > > table inet x { > > > chain y { > > > type filter hook prerouting priority -150; policy accept; > > > socket transparent 1 mark set 0x00000001 accept > > > tproxy mark set 0x00000001 counter packets 611 bytes 46181 > > > meta l4proto tcp tproxy to :50080 mark set 0x00000001 counter packets 202 bytes 13600 > > > } > > > } > > > > > > Signed-off-by: Máté Eckl <ecklm94@xxxxxxxxx> > > > --- > > > > ... here, as its removed automatically when using 'git am'. > > I don't understand. You mean that I should not include examples in commit > messages? Err, no, sorry, I was referring to the first two lines only. ("this patch is built ..."). Example is good to have. > As I didn't add man page for socket matching either, I thought that it could be > a separate commit, once the functionality and the code is accepted. Thats fine as well. > > A patch to add test cases would also be nice (can be as followup > > after patch has been applied of course). > > > > I sent that. Yes, thanks, I saw it only after I had sent this email. > I think, it is a useful one. If I want to make proxy working only for web > traffic this simple tproxy statement is sufficient: > tcp dport 80 tproxy > if the proxy software is listening on port 80. Yes, but in that case TPROXY isn't needed as all of it can be done only by policy routing (i.e., use tcp dport 80 mark set mark 0x1 and add policy routing rule). > This use-case seems quite meaningful to me. Okay, but you don't need tproxy for this to work :-) tproxy is only needed if packet for destination port x should end up with socket on destination port y. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html