On Tue, Mar 26, 2002 at 04:21:04PM +0100, Balazs Scheidler wrote: > Hi, > > I found some time to get back to my transparent proxy support for Netfilter.
cool. We'd really like to see this getting forward. > - TPROXY target redirects a session > > - the original destination address/port number is stored in the IPCB() part > of the skb > > - as soon as the socket is created this address/port number is copied into > sk->tp_pinfo.af_tcp (struct tcp_opt) This would happen in tcp_v4_hnd_req() > > - this information is queried by the application using a getsockopt call to > fetch the original destination address, the getsockopt can be implemented > by registering an nf_sockopt_ops > > I'd like to have the core-members advice, is this a good way? Harald? This looks fine to me, but I'm not as much into the sockets code as others are. If you want to make it really correct, I'd send that Mail to the [EMAIL PROTECTED] Mailinglist. David Miller, Andi Kleen and Alexey Kuznetsov (the networking gods) are hanging out on that list, so you might get some comments related the 'abuse' of tp_pinfo.af_tcp and IPCB() from them. Based on their reaction you will see if there is a need to change something or if they would like something like this in the kernel. > Bazsi -- Live long and prosper - Harald Welte / [EMAIL PROTECTED] http://www.gnumonks.org/ ============================================================================ GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M+ V-- PS++ PE-- Y++ PGP++ t+ 5-- !X !R tv-- b+++ !DI !D G+ e* h--- r++ y+(*)
