> What are you implementing? A layer four helper (like
> ip_conntrack_proto_tcp.c?)
I previously implemented one Match module,
and the trouble is: I need to release my own data when the conn_track is released.
For I don't want to use timeout to judge the conn_track's release.
> In CVS is a patc
On Sat, 6 Jul 2002, Henrik Nordstrom wrote:
> The recent discussions and Oskar Andreassons work on a iptables
> tutorial made me take a closer look into the TCP tracking states, and
> I notices a couple of odd things that looks like they may be bugs..
>
> 1. What is the use of LAST_ACK? From what
Hi. I'm having difficulties setting up the ip_nat_snmp_basic module.
I can't seem to find information how to define mapping rules for it,
There's no documentation of anything alike in iptables and ipchains.
If any of you could shed a light on this, I would be grateful.
Thanx in advance,
Eyal
Hi. I'm having difficulties setting up the ip_nat_snmp_basic module.
I can't seem to find information how to define mapping rules for it, there's
no documentation of anything alike in iptables and ipchains.
If any of you could shed a light on this, I would be grateful.
Thanx in advance,
Eyal
Hi!
I'm trying to figure out how to prepend rules into the INPUT/OUTPUT chains.
The way I see it, you do
1. getsockopt IPT_SO_GET_INFO and IPT_SO_GET_ENTRIES to get current entries
in chain.
2. construct a ``struct ipt_entry'' with the new rule.
3. construct a ``struct ipt_replace'' entry with
On Tue, 9 Jul 2002, Eyal k wrote:
>
> Hi. I'm having difficulties setting up the ip_nat_snmp_basic module.
> I can't seem to find information how to define mapping rules for it, there's
> no documentation of anything alike in iptables and ipchains.
> If any of you could shed a light on this, I
Hi,
The multiport match checks for the IPT_INV_PROTO flag in the 'flags'
member of struct ipt_ip instead of in the 'invflags' member.
diff -ur linux.current/net/ipv4/netfilter/ipt_multiport.c
linux-mine/net/ipv4/netfilter/ipt_multiport.c
--- linux-2.4.19-rc1/net/ipv4/netfilter/ipt_multiport.c T
I have a situation where I need to be able to
mark packets on the NF_IP_LOCAL_IN hook that
match certain patterns we will be watching
for. This because after accept the packet and
the response packet is generated (NF_IP_LOCAL_OUT),
we must be able to know how to modify this packet
depending on th
mark values are unique per packet. the response packet will get a new mark
value, initially 0..
but there is help. See the CONNMARK pactch in patch-o-matic. Adds a similar
mark value to conntrack, allowing you to mark a connection rather than
individual packets.
Why do you need mark values to
The incoming packets will fit a particular criteria
as in what port it is connecting to, what options
and flags are set, etc. The outgoing packet really
depends on what was incoming. We see what pattern
we matched as, and then we have a hash table of modifications
for the packet (just about anythi
I assume you by incoming/outgoing packets refer to incoming and response
packets.. not single packets coming in to a router on one interface and going
out on another after possibly having some kind of transformation applied to
them..
Will be damn hard...
a) As you seem to be messing around wi
11 matches
Mail list logo
