[RFC] matching tproxied packets
Wed, 5 Jun 2002 12:21:11 +0200
On Wed, Jun 05, 2002 at 08:53:25AM +0200, Jozsef Kadlecsik wrote:
> On Tue, 4 Jun 2002, Balazs Scheidler wrote:
> > Possible solutions:
> > * use a new state (called TPROXY), which would be applied to all TPROXYed
> > packets (might interact badly with nat/conntrack).
> > * have the tproxy framework mark all packets with an fwmark, and let the
> > packets in based on the value of fwmark
> > * have a separate match (called tproxy), which matches tproxied sessions
> > based on some value stored in the associated conntrack entry
> > which one do you prefer?
> The latter seems to me the best solution.
ok, should I simply add fields somewhere in struct ip_conntrack, or there's
a bitfield I can add a flag to?
Looking at the struct I can't see a place general enough, so I can add a new
field just to hold a single bit, or a general "flags" field, which can be
used by other matches later.
PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1