From: pablo@netfilter.org
To: netfilter-devel@vger.kernel.org
Cc: Hans Schillstrom <hans@schillstrom.com>
Subject: [PATCH 0/2] revamped HMARK extension
Date: Wed, 11 Jul 2012 01:17:25 +0200 [thread overview]
Message-ID: <1341962247-16217-1-git-send-email-pablo@netfilter.org> (raw)
From: Pablo Neira Ayuso <pablo@netfilter.org>
Hi Hans,
I'm taking over your initial HMARK extension for iptables and took the freedom
to revamp it.
It now provides a shortcut for easy configuration:
iptables -I PREROUTING -t mangle -j HMARK \
--hmark-tuple src,dst,proto \
--hmark-mod 2 \
--hmark-rnd 0xfeedcafe
Where --hmark-tuple can be src,dst,proto,sport,dport,spi,ct
Of course, you cannot set spi and sport/dport at the same time and ct must be
used all alone.
You can still use the advanced options for fine tweaking --hmark-*-prefix
and --hmark-*-mask.
I also needed to add some new functions to libxtables to obtain the network
prefix a.k.a CIDR notation. Also reworked xtables_ip[6]mask_to_numeric.
Frankly, I think they now look better from the string handling perspective.
Note that the --hmark-rnd and --hmark-mod are mandatory. Specifically, I don't
want any assumption on --hmark-rnd, users are lazy, they don't set what is not
mandatory (and I believe this parameter is important).
Please, test and report any issue with this asap. I'd like to integrate this
into iptables' master branch by when 3.5 is out so people upgrading to that
kernel can enjoy it.
I'm respecting your authorship in the HMARK extension, as you started this
code.
You can also find these two patches in the hmark branch of the iptables git tree.
Hans Schillstrom (1):
extensions: add HMARK target
Pablo Neira Ayuso (1):
libxtables: add xtables_ip[6]mask_to_cidr
extensions/libxt_HMARK.c | 441 ++++++++++++++++++++++++++++++++++++
extensions/libxt_HMARK.man | 60 +++++
include/linux/netfilter/xt_HMARK.h | 50 ++++
include/xtables.h.in | 2 +
libxtables/xtables.c | 33 ++-
5 files changed, 577 insertions(+), 9 deletions(-)
create mode 100644 extensions/libxt_HMARK.c
create mode 100644 extensions/libxt_HMARK.man
create mode 100644 include/linux/netfilter/xt_HMARK.h
--
1.7.10
next reply other threads:[~2012-07-10 23:18 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-10 23:17 pablo [this message]
2012-07-10 23:17 ` [PATCH 1/2] libxtables: add xtables_ip[6]mask_to_cidr pablo
2012-07-10 23:17 ` [PATCH 2/2] extensions: add HMARK target pablo
-- strict thread matches above, loose matches on Subject: below --
2012-07-12 7:23 [PATCH 0/2] revamped HMARK extension Hans Schillstrom
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1341962247-16217-1-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=hans@schillstrom.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).