diff options
| author | KOVACS Krisztian <hidden@sch.bme.hu> | 2008-10-08 05:35:12 -0400 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2008-10-08 05:35:12 -0400 |
| commit | e84392707e10301b93121e1b74e2823db50cdf9e (patch) | |
| tree | d58858f585f9cc266928d3ec2be103922258fa97 /include/linux | |
| parent | 136cdc71fd54e77463e570643ac76e2b696e48a0 (diff) | |
netfilter: iptables TPROXY target
The TPROXY target implements redirection of non-local TCP/UDP traffic to local
sockets. Additionally, it's possible to manipulate the packet mark if and only
if a socket has been found. (We need this because we cannot use multiple
targets in the same iptables rule.)
Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/netfilter/xt_TPROXY.h | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/include/linux/netfilter/xt_TPROXY.h b/include/linux/netfilter/xt_TPROXY.h new file mode 100644 index 000000000000..152e8f97132b --- /dev/null +++ b/include/linux/netfilter/xt_TPROXY.h | |||
| @@ -0,0 +1,14 @@ | |||
| 1 | #ifndef _XT_TPROXY_H_target | ||
| 2 | #define _XT_TPROXY_H_target | ||
| 3 | |||
| 4 | /* TPROXY target is capable of marking the packet to perform | ||
| 5 | * redirection. We can get rid of that whenever we get support for | ||
| 6 | * mutliple targets in the same rule. */ | ||
| 7 | struct xt_tproxy_target_info { | ||
| 8 | u_int32_t mark_mask; | ||
| 9 | u_int32_t mark_value; | ||
| 10 | __be32 laddr; | ||
| 11 | __be16 lport; | ||
| 12 | }; | ||
| 13 | |||
| 14 | #endif /* _XT_TPROXY_H_target */ | ||