[tproxy] Issue with iptables 1.3.8

Marco Aurelio da Silva marco at lpnet.com.br
Tue Aug 21 21:45:56 CEST 2007 

Jan Engelhardt wrote:
> On Aug 21 2007 16:35, Marco Aurelio da Silva wrote:
>   
>>>>> chmod 755 extensions/.*-test*
>>>>>           
>> No erros are returned:
>>
>> This is what I did:
>> --------------------------------
>> /usr/local/src/iptables-1.3.8# chmod 777 extensions/.*-test*
>>     
>
> (There's a difference between 755 and 777, but it's not important now.)
>
>   
>> in extensions/.tproxy-testx:
>> #!/bin/sh
>> [ -f $KERNEL_DIR/include/linux/netfilter/xt_TPROXY.h ] && echo TPROXY
>> [ -f $KERNEL_DIR/net/netfilter/xt_tproxy.c ] && echo tproxy
>>
>> root at srvsistema:/usr/local/src/iptables-1.3.8# make 
>> KERNEL_DIR=/usr/src/linux
>>     
>
> And, does /usr/src/linux/include/linux/netfilter/xt_TPROXY.h exist?
> And how about /usr/src/linux/net/netfilter/xt_tproxy.c?
>
>
> 	Jan
>   
OK.

Yes they exist.

root at srvsistema:/usr/local/src/iptables-1.3.8/extensions# vi 
/usr/src/linux/include/linux/netfilter/xt_TPROXY.h
/*
* Transparent proxy support for Linux/iptables
*
* Copyright (c) 2002-2007 BalaBit IT Ltd.
* Author: Bal?zs Scheidler
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
*/

#ifndef _XT_TPROXY_H_target
#define _XT_TPROXY_H_target

struct xt_tproxy_target_info {
__be16 lport;
__be32 laddr;
};

#endif /*_XT_TPROXY_H_target*/


And

root at srvsistema:/usr/local/src/iptables-1.3.8/extensions# vi 
/usr/src/linux/net/netfilter/xt_tproxy.c
/*
* Transparent proxy support for Linux/iptables
*
* Copyright (c) 2002-2006 BalaBit IT Ltd.
* Author: Bal?zs Scheidler
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
*/

#include <linux/module.h>
#include <linux/skbuff.h>

#include <linux/netfilter/x_tables.h>

static int
match(const struct sk_buff *skb,
const struct net_device *in,
const struct net_device *out,
const struct xt_match *match,
const void *matchinfo,
int offset,
unsigned int protoff,
int *hotdrop)
{
return skb->ip_tproxy;
}

static int
check(const char *tablename,
const void *entry,
const struct xt_match *match,
void *matchinfo,
unsigned int matchsize,
unsigned int hook_mask)
{
if (matchsize != 0)
return 0;

return 1;
}

static struct xt_match tproxy_match = {
.name = "tproxy",
.match = match,
.checkentry = check,
.family = AF_INET,
.me = THIS_MODULE,
};

static struct xt_match tproxy6_match = {
.name = "tproxy",
.match = match,
.checkentry = check,
.family = AF_INET6,
.me = THIS_MODULE,
};

static int __init xt_tproxy_init(void)
{
int ret;
ret = xt_register_match(&tproxy_match);
if (ret)
return ret;

ret = xt_register_match(&tproxy6_match);
if (ret)
xt_unregister_match(&tproxy_match);

return ret;
}

static void __exit xt_tproxy_fini(void)
{
xt_unregister_match(&tproxy_match);
xt_unregister_match(&tproxy6_match);
}

module_init(xt_tproxy_init);
module_exit(xt_tproxy_fini);

MODULE_LICENSE("GPL");
MODULE_AUTHOR("Krisztian Kovacs <hidden at balabit.hu>");
MODULE_DESCRIPTION("iptables tproxy matching module");
MODULE_ALIAS("ipt_tproxy");
MODULE_ALIAS("ip6t_tproxy");

More information about the tproxy mailing list