From mboxrd@z Thu Jan 1 00:00:00 1970 From: KOVACS Krisztian Subject: Re: [PATCH] Transparent Proxying Patches, Take 3 - userspace Date: Mon, 1 Oct 2007 00:05:04 +0200 Message-ID: <200710010005.04553@nessa> References: <200709302318.11465@nessa> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Cc: Patrick McHardy , netfilter-devel@vger.kernel.org, Balazs Scheidler , Toth Laszlo Attila To: Jan Engelhardt Return-path: Received: from centaur.sch.bme.hu ([152.66.208.5]:41549 "EHLO centaur.sch.bme.hu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752550AbXI3WFD (ORCPT ); Sun, 30 Sep 2007 18:05:03 -0400 In-Reply-To: Content-Disposition: inline Sender: netfilter-devel-owner@vger.kernel.org List-Id: netfilter-devel.vger.kernel.org Hi Jan, On Sunday 30 September 2007, Jan Engelhardt wrote: > On Sep 30 2007 23:18, KOVACS Krisztian wrote: > >Hi Patrick, > > > >Here is the patch adding iptables components of the 'socket' match > >and the 'TPROXY' target. The code is pretty straightforward and basic > >manual pages describing what the two modules do are included in the > >patch. > > Hm, you asked me for my kernel patch, well you could have also asked > for the iptables part :-p > > Uses the kernel-level xt_TPROXY. Thanks, but this one is old: the userspace patch I've sent has received significant updates since than. As Attila has already done the userspace ipt->xt conversion we could update it to xt_* anytime: it's just that I don't think it's worth it -- it's heavily IPv4 dependent anyway. The 'socket' match does not support IPv6 either, however, we could add support _without_ any changes to the userspace, so that's why it's an x_tables match. -- KOVACS Krisztian