[tproxy] tproxy 4.0 & zorp 3.0.8
Laszlo Attila Toth
panther at balabit.hu
Thu Aug 9 10:00:38 CEST 2007
Hello,
The Linux kernel 2.6.17 and 2.6.22 differs in the netfilter code,
also tproxy patch differs a little bit too. The tproxy target is ipt_TPROXY in
2.6.17 and xt_TPROXY in 2.6.22, but both version will be xt_TPROXY.
On Thursday 09 August 2007 09.16.40 Ondrej Kraus wrote:
> #!/bin/sh
> [ -f $KERNEL_DIR/include/linux/netfilter_ipv4/ipt_TPROXY.h ] && echo TPROXY
> [ -f $KERNEL_DIR/net/ipv4/netfilter/ipt_tproxy.c ] && echo tproxy
>
> Tested files are not included in kernel patch. I found ipt_TPROXY.h in
> patch for Ubuntu kernel and ipt_TPROXY.c in the same patch, but not
> ipt_tproxy.c.
The current files:
* tproxy table
net/ipv4/netfilter/iptable_tproxy.c
* tproxy target
In ubuntu-2.6.17 (it will be the same as in 2.6.22)
net/ipv4/netfilter/ipt_TPROXY.c
include/linux/netfilter_ipv4/ipt_TPROXY.h
in 2.6.22
net/netfilter/xt_TPROXY.c
include/linux/netfilter/xt_TPROXY.h
* tproxy match
net/netfilter/xt_tproxy.c
> # iptables -A INPUT -m tproxy -j ACCEPT
> produces 'Invalid argument'
Strange. 2.6.17 works well. I will check it.
> I think that it is obvious that I am new in Zorp/tproxy and these
> problems might be very trivial to resolve, but I cannot find anything
> useful to find resolusion.
TProxy 4 is new and the 2.6.22 is not fully tested: when INPUT chain empty in
the filter table and its default policy is accept it works.
--
Regards,
Laszlo Attila Toth
More information about the tproxy
mailing list