On 2019-06-24 11:26 p.m., Joe Stringer wrote: [..]
I haven't got as far as UDP yet, but I didn't see any need for a dependency on netfilter.
I'd be curious to see what you did. My experience, even for TCP is the socket(transparent/tproxy) lookup code (to set skb->sk either listening or established) is entangled in CONFIG_NETFILTER_SOMETHING_OR_OTHER. You have to rip it out of there (in the tproxy tc action into that code). Only then can you compile out netfilter. I didnt bother to rip out code for udp case. i.e if you needed udp to work with the tc action, youd have to turn on NF. But that was because we had no need for udp transparent proxying. IOW: There is really no reason, afaik, for tproxy code to only be accessed if netfilter is compiled in. Not sure i made sense. cheers, jamal
