Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e281b198 authored by Jan Engelhardt's avatar Jan Engelhardt Committed by Patrick McHardy
Browse files

netfilter: xtables: inclusion of xt_TEE 

xt_TEE can be used to clone and reroute a packet. This can for
example be used to copy traffic at a router for logging purposes
to another dedicated machine.

References: http://www.gossamer-threads.com/lists/iptables/devel/68781


Signed-off-by: default avatarJan Engelhardt <jengelh@medozas.de>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent f0d57a54

include/linux/netfilter/Kbuild

+1 −0
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ header-y += xt_RATEEST.h 
header-y += xt_SECMARK.h

header-y += xt_TCPMSS.h

header-y += xt_TCPOPTSTRIP.h

header-y += xt_TEE.h

header-y += xt_TPROXY.h

header-y += xt_comment.h

header-y += xt_connbytes.h

include/linux/netfilter/xt_TEE.h

0 → 100644
+9 −0
Original line number Diff line number Diff line 
#ifndef _XT_TEE_TARGET_H

#define _XT_TEE_TARGET_H



struct xt_tee_tginfo {

	union nf_inet_addr gw;

	char oif[16];

};



#endif /* _XT_TEE_TARGET_H */

net/ipv4/ip_output.c

+1 −0
Original line number Diff line number Diff line
@@ -309,6 +309,7 @@ int ip_output(struct sk_buff *skb) 
			    ip_finish_output,

			    !(IPCB(skb)->flags & IPSKB_REROUTED));

}

EXPORT_SYMBOL_GPL(ip_output);



int ip_queue_xmit(struct sk_buff *skb, int ipfragok)

{

net/ipv6/ip6_output.c

+1 −0
Original line number Diff line number Diff line
@@ -176,6 +176,7 @@ int ip6_output(struct sk_buff *skb) 
			    ip6_finish_output,

			    !(IP6CB(skb)->flags & IP6SKB_REROUTED));

}

EXPORT_SYMBOL_GPL(ip6_output);



/*

 *	xmit an sk_buff (used by TCP)

net/netfilter/Kconfig

+7 −0
Original line number Diff line number Diff line
@@ -502,6 +502,13 @@ config NETFILTER_XT_TARGET_RATEEST 


	  To compile it as a module, choose M here.  If unsure, say N.



config NETFILTER_XT_TARGET_TEE

	tristate '"TEE" - packet cloning to alternate destiantion'

	depends on NETFILTER_ADVANCED

	---help---

	This option adds a "TEE" target with which a packet can be cloned and

	this clone be rerouted to another nexthop.



config NETFILTER_XT_TARGET_TPROXY

	tristate '"TPROXY" target support (EXPERIMENTAL)'

	depends on EXPERIMENTAL