[tproxy] Merging tproxy patch to standard kernel ?

NTPT NTPT at seznam.cz
Mon Jul 21 16:49:43 CEST 2008 

Redirecting ICMP related traffic - I am not an kernel / netfilter  hacker,  but what to extend netfilter CONNMARK  for that purpose ?

Addition of        --restore-mark-related    option to CONNMARK target , witch copy connmark from master connection to related traffic  probably will do this job.


so then it could look like this ? 

        iptables -t mangle -N DIVERT
        iptables -t mangle -A PREROUTING -p tcpo -m socket -j DIVERT
        iptables -t mangle -A DIVERT -j MARK --set-xmark 0x1/0xffffffff
        iptables -t mangle   -j CONNMARK  ---save-mark    // save mark on connection 
        iptables -t mangle -A DIVERT -j ACCEPT
        iptables -t mangle -p icmp  -j CONNMARK --restore-mark-related // copy connmark from master conenction to its  related stuff

// now related ICMP traffic is marked too and can be directed by routing code

Or I am miss some point ?


And  maybe marking a related traffic can be useful for other things not  only for tproxy...  

Regards. 

PS: please execuse my wrong english




   


>  ------------ Původní zpráva ------------
>  Od: KOVACS Krisztian <hidden at sch.bme.hu>
>  Předmět: Re: [tproxy] Merging tproxy patch to standard kernel ?
>  Datum: 21.7.2008 10:17:49
>  ----------------------------------------
>  Hi,
>  
>  On p, júl 18, 2008 at 11:15:38 +0900, Yoshioka Tsuneo wrote:
>  > It is often required to keeping source address on proxy, and tproxy
>  > seems be almost only one solution.
>  > Now, it seems be very nice if tproxy patch is merged to standard kernel.
>  > 
>  > Is there any plan to merge tproxy to standard kernel ?
>  
>  Well, that's always been the plan. However, we're still not in a position
>  to ask for merging -- there are still serious issues with the current
>  patch (handling of related ICMP traffic).
>  
>  We hope to be able to address this issues but progress has been very-very
>  slow recently...
>  
>  -- 
>  KOVACS Krisztian
>  _______________________________________________
>  tproxy mailing list
>  tproxy at lists.balabit.hu
>  https://lists.balabit.hu/mailman/listinfo/tproxy
>  
>  
>

More information about the tproxy mailing list