On Thursday 2011-12-08 01:25, msk@xxxxxxxxxxxxx wrote: >I've been reading up on tproxy and nfqueue. Just to confirm my understanding >of the two: > >Could one write a layer of code that uses the nfq_*() functions to basically >implement what tproxy can do by simply adjusting the destination information >and checksum, and then returning NF_REPEAT verdicts for each? That would be really cumbersome, because with nf_queue, you end up just having the bare packet. With tproxy, you get the full benefits of a socket and TCP handling. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
