Re: Netfilter Extension Development Queries

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mart Frauenlob <mart.frauenlob@chello.at>
To: Duncan Eastoe <duncaneastoe@gmail.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: Netfilter Extension Development Queries
Date: Wed, 12 Feb 2014 23:03:47 +0100	[thread overview]
Message-ID: <52FBEFC3.1030706@chello.at> (raw)
In-Reply-To: <CAECcapiTOutsUuaukD7uzuXtLeJTmqua4jhzZFZZ735OQ+L9dA@mail.gmail.com>

On 11.02.2014 22:30, Duncan Eastoe wrote:
> Hello,
>
> I wish to build an extension that strips LSRR IPv4 Options from
> outgoing traffic and re-inserts it for inbound traffic. I've been
> given some pointers about how to approach this which are:
>      * A match extension which matches on the presence of LSRR options.
>      * A target extension, similar to NAT, that removes/reinserts the
> appropriate LSRR options.
>
> On the Netfilter Extensions HOWTO I have found a match extension by
> Fabrice Marie (http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-3.html#ss3.6)
> which should already do what I want. There is also a target extension
> which strips all IP Options
> (http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-4.html#ss4.2).
>
> I believe these extensions were in the deprecated Patch-O-Matic system
> (?) and this has been replaced by Xtables-addons which appears to
> contain an IP Options match extension but not a target extension?

Not that I'm a developer...
There's only TCPOPTSTRIP in main iptables.

>
> Also, regarding the switch to nftables from iptables. Will my approach
> listed above work with iptables and nftables or is a different
> approach required for nftables?

there is work in progress on a compat-layer:
http://git.netfilter.org/iptables-nftables/
which should transparently *translate* the syntax (if implemented in 
nftables).

Best regards

Mart

next prev parent reply	other threads:[~2014-02-12 22:02 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-02-11 21:30 Netfilter Extension Development Queries Duncan Eastoe
2014-02-12 22:03 ` Mart Frauenlob [this message]
2014-02-12 22:56   ` Arturo Borrero Gonzalez
2014-02-13 20:50     ` Duncan Eastoe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=52FBEFC3.1030706@chello.at \
    --to=mart.frauenlob@chello.at \
    --cc=duncaneastoe@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.