From: Amos Jeffries <squid3@treenet.co.nz>
To: Jan Engelhardt <jengelh@medozas.de>
Cc: Balazs Scheidler <bazsi@balabit.hu>,
netfilter-devel@vger.kernel.org, tproxy@lists.balabit.hu,
Harry Mason <harry.mason@smoothwall.net>
Subject: Re: [PATCH 00/11] TProxy for IPv6
Date: Tue, 15 Sep 2009 00:20:00 +1200 [thread overview]
Message-ID: <4AAE34F0.2080301@treenet.co.nz> (raw)
In-Reply-To: <alpine.LSU.2.00.0909041124090.27609@obet.zrqbmnf.qr>
Jan Engelhardt wrote:
> On Friday 2009-09-04 08:07, Amos Jeffries wrote:
>>> Also, I have written a Python test script to test TProxy functionality
>>> automatically both for IPv4 and IPv6, I can post that as well if anyone is
>>> interested.
>> I'm interested :)
>>
>> Now that you have done this I'm going to have to find a robust userland
>> run-time test to see if the underlying TPROXY is v4-only or v6-enabled. If
>> anyone has suggestions they would be welcome.
>
> Would this perhaps suffice?
>
> assert(socket(PF_INET6, ...) >= 0);
> assert(setsockopt(fd, SOL_IP, IP_TRANSPARENT, ...) == 0);
> assert(bind(fd, {::2}) == 0);
>
> At least something like that I remember to have used to determine
> tproxy-2.x ipv4 availability in the days. (I.e. seeing if setsockopt
> failed.)
Thanks Jan. I gave a variant that a try. It does seem to detect the
feature support nicely.
However, trying to bind the real IP:port soon after results in "(98)
Address already in use" even with a shutdown(tmp_sock,...) added to
clean up after the test.
AYJ
next prev parent reply other threads:[~2009-09-14 12:20 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-26 14:03 [PATCH 00/11] TProxy for IPv6 Balazs Scheidler
2009-08-15 8:00 ` [PATCH 01/11] TProxy: kick out TIME_WAIT sockets in case a new connection comes in with the same tuple Balazs Scheidler
2009-08-15 12:01 ` [PATCH 02/11] TProxy: add lookup type checks for UDP in nf_tproxy_get_sock_v4() Balazs Scheidler
2009-08-23 9:02 ` [PATCH 03/11] TProxy: reuse a 32bit hole in struct ipv6_pinfo Balazs Scheidler
2009-08-29 16:46 ` Jan Engelhardt
2009-08-30 6:56 ` Balazs Scheidler
2009-08-30 10:49 ` Jan Engelhardt
2009-08-31 12:27 ` Patrick McHardy
2009-08-23 9:11 ` [PATCH 04/11] TProxy: split off ipv6 defragmentation to a separate module Balazs Scheidler
2009-08-23 9:16 ` [PATCH 05/11] TProxy: added const specifiers to udp lookup functions Balazs Scheidler
2009-08-23 9:19 ` [PATCH 06/11] TProxy: added udp6_lib_lookup function Balazs Scheidler
2009-08-24 12:47 ` [PATCH 07/11] TProxy: implement IPv6 "local" routing type Balazs Scheidler
2009-08-24 12:48 ` [PATCH 08/11] TProxy: allow non-local binds of IPv6 sockets if IP_TRANSPARENT is enabled Balazs Scheidler
2009-08-24 12:51 ` [PATCH 09/11] TProxy: added IPv6 socket lookup function to nf_tproxy_core Balazs Scheidler
2009-08-24 12:51 ` [PATCH 10/11] TProxy: added IPv6 support to the TPROXY target Balazs Scheidler
2009-08-24 12:52 ` [PATCH 11/11] TProxy: added IPv6 support to the socket match Balazs Scheidler
2009-09-04 6:07 ` [PATCH 00/11] TProxy for IPv6 Amos Jeffries
2009-09-04 9:28 ` Jan Engelhardt
2009-09-14 12:20 ` Amos Jeffries [this message]
2009-09-14 12:29 ` Jan Engelhardt
2009-09-15 11:58 ` Amos Jeffries
2009-09-08 18:42 ` Balazs Scheidler
2009-09-11 12:12 ` Amos Jeffries
[not found] ` <1252059564.7452.17.camel@nyarlathotep>
[not found] ` <1252435673.32029.45.camel@bzorp.balabit>
2009-09-14 7:41 ` Balazs Scheidler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AAE34F0.2080301@treenet.co.nz \
--to=squid3@treenet.co.nz \
--cc=bazsi@balabit.hu \
--cc=harry.mason@smoothwall.net \
--cc=jengelh@medozas.de \
--cc=netfilter-devel@vger.kernel.org \
--cc=tproxy@lists.balabit.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).