Hi Máté,
On Thu, Jun 28, 2018 at 06:42:58PM +0200, Máté Eckl wrote:
> v2:
> - address or port is now compulsory
> - nf_defrag_ipv{4,6}_enable called in init
> - nft_tproxy now selects NF_DEFRAG_IPV4/6
> - Add transport header presence test in ipv4 eval (in ipv6 it was
> already present)
> - Add check for the case when address is specified but the rule family
> is not set accordingly
>
> -- 8< --
> A great portion of the code is taken from xt_TPROXY.c
>
> There are some changes compared to the iptables implementation:
> - tproxy statement is not terminal here
Looks good to me, thanks.
Please, could you describe how you have tested the nft tproxy
datapath? Did you run any example configuration to make sure things
are working? If so, please slightly describe.
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
