From: Olivier Mehani <shtrom@ssji.net>
To: netfilter-devel@vger.kernel.org
Cc: "Sebastian Claßen" <sebastian.classen@freenet.de>,
"Jan Engelhardt" <jengelh@medozas.de>
Subject: Re: [xtables-addons] [SOLVED] "unknown option `--gw'" for target TEE
Date: Wed, 25 Nov 2009 11:10:12 +0100 [thread overview]
Message-ID: <20091125101012.GD4295@lxiv.inria.fr> (raw)
In-Reply-To: <20091125083434.GC4295@lxiv.inria.fr>
[-- Attachment #1.1: Type: text/plain, Size: 961 bytes --]
Replying to self, funny how a night's sleep help find new approaches.
On Wed, Nov 25, 2009 at 09:34:34AM +0100, Olivier Mehani wrote:
> # ip6tables -t mangle -A PREROUTING -i eth0 -j TEE --gw PFX1:46ff:fee0:dfcc
> ip6tables v1.4.5: unknown option `--gw'
> Try `ip6tables -h' or 'ip6tables --help' for more information.
>
> As far as my understanding of the doc goes, my command is valid, but it
> doesn't work.
In contradiction with the documentation, the proper parameter is
actually --gateway, thus
# ip6tables -t mangle -A PREROUTING -i eth0 -j TEE --gateway PFX1:EUI64
works like a charm.
Maybe the documentation should be udpated as per the attached patch?
It removes all occurences of --gw in the dor and error messages, and
adds a quick example (quite similar to my scenario).
Finally, beware of router advertisements.
--
Olivier Mehani <shtrom@ssji.net>
PGP fingerprint: 4435 CF6A 7C8D DD9B E2DE F5F9 F012 A6E2 98C6 6655
[-- Attachment #1.2: TEE-doc.patch --]
[-- Type: text/plain, Size: 3079 bytes --]
Index: xtables-addons-1.20/extensions/libxt_TEE.c
===================================================================
--- xtables-addons-1.20.orig/extensions/libxt_TEE.c
+++ xtables-addons-1.20/extensions/libxt_TEE.c
@@ -51,7 +51,7 @@ static int tee_tg_parse(int c, char **ar
case 'g':
if (*flags & FLAG_GATEWAY)
xtables_error(PARAMETER_PROBLEM,
- "Cannot specify --gw more than once");
+ "Cannot specify --gateway more than once");
ia = xtables_numeric_to_ipaddr(optarg);
if (ia == NULL)
@@ -76,7 +76,7 @@ static int tee_tg6_parse(int c, char **a
case 'g':
if (*flags & FLAG_GATEWAY)
xtables_error(PARAMETER_PROBLEM,
- "Cannot specify --gw more than once");
+ "Cannot specify --gateway more than once");
ia = xtables_numeric_to_ip6addr(optarg);
if (ia == NULL)
Index: xtables-addons-1.20/extensions/libxt_TEE.man
===================================================================
--- xtables-addons-1.20.orig/extensions/libxt_TEE.man
+++ xtables-addons-1.20/extensions/libxt_TEE.man
@@ -3,6 +3,10 @@ machine on the \fBlocal\fP network segme
must be the target, or you will have to configure the nexthop to forward it
further if so desired.
.TP
-\fB\-\-gw\fP \fIipaddr\fP
+\fB\-\-gateway\fP \fIipaddr\fP
Send the cloned packet to the host reachable at the given IP address.
Use of 0.0.0.0 (for IPv4 packets) or :: (IPv6) is invalid.
+.TP
+To forward all incoming traffic on eth0 to an IP-level logging box:
+.IP
+\-t mangle -A PREROUTING -i eth0 -j TEE --gateway 2001:db8::1
Index: xtables-addons-1.20/extensions/xt_TEE.c
===================================================================
--- xtables-addons-1.20.orig/extensions/xt_TEE.c
+++ xtables-addons-1.20/extensions/xt_TEE.c
@@ -175,7 +175,7 @@ tee_tg4(struct sk_buff **pskb, const str
/*
* Copy the skb, and route the copy. Will later return %XT_CONTINUE for
* the original skb, which should continue on its way as if nothing has
- * happened. The copy should be independently delivered to the TEE --gw.
+ * happened. The copy should be independently delivered to the TEE --gateway.
*/
skb = skb_copy(skb, GFP_ATOMIC);
if (skb == NULL) {
Index: xtables-addons-1.20/xtables-addons.8
===================================================================
--- xtables-addons-1.20.orig/xtables-addons.8
+++ xtables-addons-1.20/xtables-addons.8
@@ -48,9 +48,13 @@ machine on the \fBlocal\fP network segme
must be the target, or you will have to configure the nexthop to forward it
further if so desired.
.TP
-\fB\-\-gw\fP \fIipaddr\fP
+\fB\-\-gateway\fP \fIipaddr\fP
Send the cloned packet to the host reachable at the given IP address.
Use of 0.0.0.0 (for IPv4 packets) or :: (IPv6) is invalid.
+.TP
+To forward all incoming traffic on eth0 to an IP-level logging box:
+.IP
+\-t mangle -A PREROUTING -i eth0 -j TEE --gateway 2001:db8::1
.SS RAWSNAT
The \fBRAWSNAT\fR and \fBRAWDNAT\fP targets provide stateless network address
translation.
[-- Attachment #2: Type: application/pgp-signature, Size: 490 bytes --]
next prev parent reply other threads:[~2009-11-25 10:20 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-25 8:34 [xtables-addons] "unknown option `--gw'" for target TEE Olivier Mehani
2009-11-25 9:05 ` Florian Westphal
2009-11-25 10:10 ` Olivier Mehani [this message]
2009-11-25 10:46 ` [xtables-addons] [SOLVED] " Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091125101012.GD4295@lxiv.inria.fr \
--to=shtrom@ssji.net \
--cc=jengelh@medozas.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=sebastian.classen@freenet.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).