Jan Engelhardt wrote:
On Aug 21 2007 16:35, Marco Aurelio da Silva wrote:
chmod 755 extensions/.*-test*
No erros are returned:
This is what I did: -------------------------------- /usr/local/src/iptables-1.3.8# chmod 777 extensions/.*-test*
(There's a difference between 755 and 777, but it's not important now.)
in extensions/.tproxy-testx: #!/bin/sh [ -f $KERNEL_DIR/include/linux/netfilter/xt_TPROXY.h ] && echo TPROXY [ -f $KERNEL_DIR/net/netfilter/xt_tproxy.c ] && echo tproxy
root@srvsistema:/usr/local/src/iptables-1.3.8# make KERNEL_DIR=/usr/src/linux
And, does /usr/src/linux/include/linux/netfilter/xt_TPROXY.h exist? And how about /usr/src/linux/net/netfilter/xt_tproxy.c?
Jan
OK. Yes they exist. root@srvsistema:/usr/local/src/iptables-1.3.8/extensions# vi /usr/src/linux/include/linux/netfilter/xt_TPROXY.h /* * Transparent proxy support for Linux/iptables * * Copyright (c) 2002-2007 BalaBit IT Ltd. * Author: Bal?zs Scheidler * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. * */ #ifndef _XT_TPROXY_H_target #define _XT_TPROXY_H_target struct xt_tproxy_target_info { __be16 lport; __be32 laddr; }; #endif /*_XT_TPROXY_H_target*/ And root@srvsistema:/usr/local/src/iptables-1.3.8/extensions# vi /usr/src/linux/net/netfilter/xt_tproxy.c /* * Transparent proxy support for Linux/iptables * * Copyright (c) 2002-2006 BalaBit IT Ltd. * Author: Bal?zs Scheidler * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 as * published by the Free Software Foundation. * */ #include <linux/module.h> #include <linux/skbuff.h> #include <linux/netfilter/x_tables.h> static int match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const struct xt_match *match, const void *matchinfo, int offset, unsigned int protoff, int *hotdrop) { return skb->ip_tproxy; } static int check(const char *tablename, const void *entry, const struct xt_match *match, void *matchinfo, unsigned int matchsize, unsigned int hook_mask) { if (matchsize != 0) return 0; return 1; } static struct xt_match tproxy_match = { .name = "tproxy", .match = match, .checkentry = check, .family = AF_INET, .me = THIS_MODULE, }; static struct xt_match tproxy6_match = { .name = "tproxy", .match = match, .checkentry = check, .family = AF_INET6, .me = THIS_MODULE, }; static int __init xt_tproxy_init(void) { int ret; ret = xt_register_match(&tproxy_match); if (ret) return ret; ret = xt_register_match(&tproxy6_match); if (ret) xt_unregister_match(&tproxy_match); return ret; } static void __exit xt_tproxy_fini(void) { xt_unregister_match(&tproxy_match); xt_unregister_match(&tproxy6_match); } module_init(xt_tproxy_init); module_exit(xt_tproxy_fini); MODULE_LICENSE("GPL"); MODULE_AUTHOR("Krisztian Kovacs <hidden@balabit.hu>"); MODULE_DESCRIPTION("iptables tproxy matching module"); MODULE_ALIAS("ipt_tproxy"); MODULE_ALIAS("ip6t_tproxy");