Daniel Ruggeri <DRuggeri <at> primary.net> writes: > > On 8/3/2010 9:57 AM, JeHo Park wrote: > > hello ~ > > it's my first mail to apache dev .. and i am beginner of the apache. > > Anyway ... recently, i wrote transparent proxy [tproxy2] patch to the > > httpd-2.2.15 > > because i needed web proxy and needed to know the source address of > > any client who try to connect to my web server > > and after all, i tested the performance of my patched tproxy with > > AVALANCHE 2900. if anyone ask me the performance result, i will send > > it to him [the size of the test result pdf is big size] > > *- here is the platform infomation this patch applied ---* > > 1. OS > > CentOS release 5.2 (Final) > > 2. KERNEL > > Linux version 2.6.18-194.el5-tproxy2 (root <at> localhost.localdomain > > <mailto:root <at> localhost.localdomain>) > > (gcc version 4.1.2 20080704 (Red Hat 4.1.2-46)) > > #10 SMP Wed May 26 17:35:19 KST 2010 > > 3. iptables > > iptables-1.3.8 + tproxy2 supporting patch > > *-- here is the usage of tproxy2 patched httpd configuration ---* > > httpd.conf > > <VirtualHost 192.168.200.1:80> > > ProxyTproxy On # On/Off flag > > ProxyTPifaddr 192.168.200.1 # IP address of bridge interface br0. > > example) br0 = eth0 + eth1 .... > > </VirtualHost> > > i attach the kernel tproxy2 patch to the kernel > > above[2.6.18-194.el5-tproxy2 ], httpd-2.2.15 tproxy2 patch and kernel > > configuration for tproxy2 > > above all, i want to know my patch is available or not .. and want > > feedback from anyone > > JeHo; > Hi, can you help me understand what the usage case is for this patch? > What service or capability does it provide that is not currently available? > -- > Daniel Ruggeri > >
I've been trying to configure Apache 2.2.17 for transparency. After applying the patch I observed that for IPv4 addresses when I try to fetch the client IP after accept () call, the IP was null. I think, The reason could be attributed to “--enable-v4-mapped” option due to which Apache treats the incoming IPv4 connections as IPv4 mapped IPv6 addresses and sets the “(apr_sockaddr_t)->family= APR_INET6”. So, I expect the option “--disable-v4-mapped” suffice transparency purpose and with this option Apache handle IPv4 and IPv6 connections on separate sockets. Please confirm my understanding OR if it require some additional/extra configuration. Please let me know the same.
