On Wed, Jun 05, 2002 at 08:53:25AM +0200, Jozsef Kadlecsik wrote: > On Tue, 4 Jun 2002, Balazs Scheidler wrote: > > Possible solutions: > > > > * use a new state (called TPROXY), which would be applied to all TPROXYed > > packets (might interact badly with nat/conntrack). > > * have the tproxy framework mark all packets with an fwmark, and let the > > packets in based on the value of fwmark > > * have a separate match (called tproxy), which matches tproxied sessions > > based on some value stored in the associated conntrack entry > > > > which one do you prefer? > > The latter seems to me the best solution.
ok, should I simply add fields somewhere in struct ip_conntrack, or there's a bitfield I can add a flag to? Looking at the struct I can't see a place general enough, so I can add a new field just to hold a single bit, or a general "flags" field, which can be used by other matches later. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
