On Sat, Jul 28, 2018 at 04:37:25PM +0200, Máté Eckl wrote: > A great portion of the code is taken from xt_TPROXY.c > > There are some changes compared to the iptables implementation: > - tproxy statement is not terminal here > - Either address or port has to be specified, but at least one of them > is necessary. If one of them is not specified, the evaluation will be > performed with the original attribute of the packet (ie. target port > is not specified => the packet's dport will be used). > > To make this work in inet tables, the tproxy structure has a family > member (typically called priv->family) which is not necessarily equal to > ctx->family. > > priv->family can have three values legally: > - NFPROTO_IPV4 if the table family is ip OR if table family is inet, > but an ipv4 address is specified as a target address. The rule only > evaluates ipv4 packets in this case. > - NFPROTO_IPV6 if the table family is ip6 OR if table family is inet, > but an ipv6 address is specified as a target address. The rule only > evaluates ipv6 packets in this case. > - NFPROTO_UNSPEC if the table family is inet AND if only the port is > specified. The rule will evaluate both ipv4 and ipv6 packets. Applied, thanks Mate. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
