From: Balazs Scheidler <bazsi@balabit.hu>
To: netfilter-devel@vger.kernel.org, tproxy@lists.balabit.hu
Cc: Harry Mason <harry.mason@smoothwall.net>
Subject: [PATCH 00/11] TProxy for IPv6
Date: Wed, 26 Aug 2009 16:03:28 +0200 [thread overview]
Message-ID: <cover.1251295408.git.bazsi@balabit.hu> (raw)
[ Sorry if this reaches you twice, I sent to the wrong address the first time ]
I've just pushed a set of patches that implement TProxy for IPv6 to
http://git.balabit.hu/bazsi/tproxy-2.6.git
The patches are also posted in reply to this mail.
Although some work is still needed, basic testing shows that it works all
right.
The accompanying iptables patches are available at
http://git.balabit.hu/bazsi/iptables-tproxy.git
There are some things left to do:
* the recognition of related ICMPv6 packets missing (from xt_socket.c)
* I should probably split xt_TPROXY/xt_socket to IPv4 and IPv6 modules, as
right now those depend on both stacks at the same time.
I'm on a holiday right now, thus I might not respond to comments in a timely
manner, however I'm interested in any comments/feedback nevertheless.
Harry, I didn't remember that you actually wanted to work on TProxy for
IPv6, I just vaguely remembered that there was someone asking for IPv6
support, thus I implemented this without being in the know. If you started
hacking, I hope that we didn't completely duplicate effort. I'd appreciate
help in the missing bits and/or testing whichever fits you best.
Also, I have written a Python test script to test TProxy functionality
automatically both for IPv4 and IPv6, I can post that as well if anyone is
interested.
Balazs Scheidler (11):
TProxy: kick out TIME_WAIT sockets in case a new connection comes in
with the same tuple
TProxy: add lookup type checks for UDP in nf_tproxy_get_sock_v4()
TProxy: reuse a 32bit hole in struct ipv6_pinfo
TProxy: split off ipv6 defragmentation to a separate module
TProxy: added const specifiers to udp lookup functions
TProxy: added udp6_lib_lookup function
TProxy: implement IPv6 "local" routing type
TProxy: allow non-local binds of IPv6 sockets if IP_TRANSPARENT is
enabled
TProxy: added IPv6 socket lookup function to nf_tproxy_core
TProxy: added IPv6 support to the TPROXY target
TProxy: added IPv6 support to the socket match
include/linux/ipv6.h | 3 +-
include/linux/netfilter/xt_TPROXY.h | 15 +-
include/net/netfilter/ipv6/nf_defrag_ipv6.h | 6 +
include/net/netfilter/nf_tproxy_core.h | 192 +++++++++++++++++++-
include/net/udp.h | 3 +
net/ipv6/af_inet6.c | 2 +-
net/ipv6/netfilter/Makefile | 5 +-
net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 58 +------
net/ipv6/netfilter/nf_conntrack_reasm.c | 12 +-
net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | 109 +++++++++++
net/ipv6/route.c | 6 +-
net/ipv6/udp.c | 16 ++-
net/netfilter/nf_tproxy_core.c | 35 ----
net/netfilter/xt_TPROXY.c | 239 +++++++++++++++++++++---
net/netfilter/xt_socket.c | 113 +++++++++++-
15 files changed, 675 insertions(+), 139 deletions(-)
create mode 100644 include/net/netfilter/ipv6/nf_defrag_ipv6.h
create mode 100644 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c
next reply other threads:[~2009-08-29 15:50 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-26 14:03 Balazs Scheidler [this message]
2009-08-15 8:00 ` [PATCH 01/11] TProxy: kick out TIME_WAIT sockets in case a new connection comes in with the same tuple Balazs Scheidler
2009-08-15 12:01 ` [PATCH 02/11] TProxy: add lookup type checks for UDP in nf_tproxy_get_sock_v4() Balazs Scheidler
2009-08-23 9:02 ` [PATCH 03/11] TProxy: reuse a 32bit hole in struct ipv6_pinfo Balazs Scheidler
2009-08-29 16:46 ` Jan Engelhardt
2009-08-30 6:56 ` Balazs Scheidler
2009-08-30 10:49 ` Jan Engelhardt
2009-08-31 12:27 ` Patrick McHardy
2009-08-23 9:11 ` [PATCH 04/11] TProxy: split off ipv6 defragmentation to a separate module Balazs Scheidler
2009-08-23 9:16 ` [PATCH 05/11] TProxy: added const specifiers to udp lookup functions Balazs Scheidler
2009-08-23 9:19 ` [PATCH 06/11] TProxy: added udp6_lib_lookup function Balazs Scheidler
2009-08-24 12:47 ` [PATCH 07/11] TProxy: implement IPv6 "local" routing type Balazs Scheidler
2009-08-24 12:48 ` [PATCH 08/11] TProxy: allow non-local binds of IPv6 sockets if IP_TRANSPARENT is enabled Balazs Scheidler
2009-08-24 12:51 ` [PATCH 09/11] TProxy: added IPv6 socket lookup function to nf_tproxy_core Balazs Scheidler
2009-08-24 12:51 ` [PATCH 10/11] TProxy: added IPv6 support to the TPROXY target Balazs Scheidler
2009-08-24 12:52 ` [PATCH 11/11] TProxy: added IPv6 support to the socket match Balazs Scheidler
2009-09-04 6:07 ` [PATCH 00/11] TProxy for IPv6 Amos Jeffries
2009-09-04 9:28 ` Jan Engelhardt
2009-09-14 12:20 ` Amos Jeffries
2009-09-14 12:29 ` Jan Engelhardt
2009-09-15 11:58 ` Amos Jeffries
2009-09-08 18:42 ` Balazs Scheidler
2009-09-11 12:12 ` Amos Jeffries
[not found] ` <1252059564.7452.17.camel@nyarlathotep>
[not found] ` <1252435673.32029.45.camel@bzorp.balabit>
2009-09-14 7:41 ` Balazs Scheidler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1251295408.git.bazsi@balabit.hu \
--to=bazsi@balabit.hu \
--cc=harry.mason@smoothwall.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=tproxy@lists.balabit.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).