Re: [patch] netfilter: implement TCPMSS target for IPv6

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Jan Engelhardt <jengelh@linux01.gwdg.de>
Cc: David Madore <david.madore@ens.fr>, netfilter-devel@lists.netfilter.org
Subject: Re: [patch] netfilter: implement TCPMSS target for IPv6
Date: Tue, 16 Jan 2007 13:20:17 +0100	[thread overview]
Message-ID: <45ACC301.9030701@trash.net> (raw)
In-Reply-To: <Pine.LNX.4.61.0701152047250.23841@yvahk01.tjqt.qr>

Jan Engelhardt wrote:
> On Jan 15 2007 19:42, Patrick McHardy wrote:
> 
>>+#endif /* _XT_TCPMSS_H*/
> 
>                         ^
> nitpick: space
> 
> 
>>+	  iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
>>+	                 -j TCPMSS --clamp-mss-to-pmtu
> 
> 
> This should probably be --tcp-flags SYN,RST,FIN SYN or just --syn.

Both fixed, thanks.

> 
> 
>>+MODULE_LICENSE("GPL");
>>+MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
>>+MODULE_DESCRIPTION("x_tables TCP MSS modification module");
>>+MODULE_ALIAS("ipt_TCPMSS");
>>+MODULE_ALIAS("ip6t_TCPMSS");
> 
> 
> One thing that comes to mind: what is the exact name of it? xtables?
> x_tables? In ipt_*, one could also see "IP tables" and so on. The
> actual userspace program is called 'iptables', so I'd go for
> 'xtables'. Though, it's just a userspace tool. Someone could come
> along and make a SuperTables that still works with the existing
> netfilter code in the kernel, making it 'netfilter TCP MSS
> modification module' rather than 'x_tables...'. Well, before my
> thoughts crumble, let me know something :)

Most modules use x_tables in their description. I don't care
at all.

>>+static int
>>+xt_tcpmss_checkentry4(const char *tablename,
>>+		      const void *entry,
>>+		      const struct xt_target *target,
>>+		      void *targinfo,
>>+		      unsigned int hook_mask)
>>+{
>>+	const struct xt_tcpmss_info *info = targinfo;
>>+	const struct ipt_entry *e = entry;
>>+
>>+	if (info->mss == XT_TCPMSS_CLAMP_PMTU &&
>>+	    (hook_mask & ~((1 << NF_IP_FORWARD) |
>>+			   (1 << NF_IP_LOCAL_OUT) |
>>+			   (1 << NF_IP_POST_ROUTING))) != 0) {
>>+		printk("xt_TCPMSS: path-MTU clamping only supported in "
>>+		       "FORWARD, OUTPUT and POSTROUTING hooks\n");
>>+		return 0;
>>+	}
>>+	if (IPT_MATCH_ITERATE(e, find_syn_match))
>>+		return 1;
>>+	printk("xt_TCPMSS: Only works on TCP SYN packets\n");
>>+	return 0;
>>+}
> 
> 
> The hook_mask check could be done with struct xt_target->hooks, could
> not it? (see this:)

No, the hooks only matter for pmtu clamping.

next prev parent reply	other threads:[~2007-01-16 12:20 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-01-14 19:20 [patch] netfilter: implement TCPMSS target for IPv6 David Madore
2007-01-14 20:10 ` Jan Engelhardt
2007-01-15  0:35   ` David Madore
2007-01-15  8:40     ` Patrick McHardy
2007-01-15  8:39   ` Patrick McHardy
2007-01-15 10:12     ` Jan Engelhardt
2007-01-15 10:18       ` Patrick McHardy
2007-01-15 13:01         ` Jan Engelhardt
2007-01-15 14:38           ` Patrick McHardy
2007-01-15 14:40         ` [PATCH] Re: ipt->xt (was: implement TCPMSS target for IPv6) Jan Engelhardt
2007-01-15 14:51           ` [PATCH] Re: ipt->xt Patrick McHardy
2007-01-15 16:34             ` ipt->xt Jan Engelhardt
2007-01-15 16:36               ` ipt->xt Patrick McHardy
2007-01-15 16:39                 ` ipt->xt [p2] Jan Engelhardt
2007-01-17 11:31                   ` Patrick McHardy
2007-01-17 12:38                     ` Jan Engelhardt
2007-01-17 12:40                       ` Patrick McHardy
2007-01-17 13:13                         ` ipt->xt [p3] Jan Engelhardt
2007-01-17 13:17                           ` Jan Engelhardt
2007-01-17 14:14                             ` [PATCH 1/3] Fix return values for LOG and ULOG Jan Engelhardt
2007-01-17 14:14                             ` [PATCH 2/3] XT: xt_match and xt_target Jan Engelhardt
2007-01-17 14:18                             ` [PATCH 3/3] XT: xt_table Jan Engelhardt
2007-01-15 18:42 ` [patch] netfilter: implement TCPMSS target for IPv6 Patrick McHardy
2007-01-15 20:02   ` Jan Engelhardt
2007-01-16 12:20     ` Patrick McHardy [this message]
2007-01-16 10:21   ` Arnaud Ebalard
2007-01-16 13:34     ` Patrick McHardy
2007-01-16 14:22       ` Arnaud Ebalard
2007-01-19  4:27   ` Yasuyuki KOZAKAI
     [not found]   ` <200701190427.l0J4RO51024049@toshiba.co.jp>
2007-01-19 12:16     ` Patrick McHardy
2007-02-12 16:08 ` Rémi Denis-Courmont
2007-02-12 16:33   ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=45ACC301.9030701@trash.net \
    --to=kaber@trash.net \
    --cc=david.madore@ens.fr \
    --cc=jengelh@linux01.gwdg.de \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).