summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorKOVACS Krisztian <hidden@sch.bme.hu>2008-10-08 11:35:12 +0200
committerPatrick McHardy <kaber@trash.net>2008-10-08 11:35:12 +0200
commite84392707e10301b93121e1b74e2823db50cdf9e (patch)
treed58858f585f9cc266928d3ec2be103922258fa97 /include
parent136cdc71fd54e77463e570643ac76e2b696e48a0 (diff)
netfilter: iptables TPROXY target
The TPROXY target implements redirection of non-local TCP/UDP traffic to local sockets. Additionally, it's possible to manipulate the packet mark if and only if a socket has been found. (We need this because we cannot use multiple targets in the same iptables rule.) Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include')
-rw-r--r--include/linux/netfilter/xt_TPROXY.h14
1 files changed, 14 insertions, 0 deletions
diff --git a/include/linux/netfilter/xt_TPROXY.h b/include/linux/netfilter/xt_TPROXY.h
new file mode 100644
index 00000000000..152e8f97132
--- /dev/null
+++ b/include/linux/netfilter/xt_TPROXY.h
@@ -0,0 +1,14 @@
+#ifndef _XT_TPROXY_H_target
+#define _XT_TPROXY_H_target
+
+/* TPROXY target is capable of marking the packet to perform
+ * redirection. We can get rid of that whenever we get support for
+ * mutliple targets in the same rule. */
+struct xt_tproxy_target_info {
+ u_int32_t mark_mask;
+ u_int32_t mark_value;
+ __be32 laddr;
+ __be16 lport;
+};
+
+#endif /* _XT_TPROXY_H_target */