Graham Dumpleton <graham.dumpleton <at> gmail.com> writes: > > 2010/8/4 Daniel Ruggeri <DRuggeri <at> primary.net>: > > On 8/3/2010 9:57 AM, JeHo Park wrote: > >> hello ~ > >> it's my first mail to apache dev .. and i am beginner of the apache. > >> Anyway ... recently, i wrote transparent proxy [tproxy2] patch to the > >> httpd-2.2.15 > >> because i needed web proxy and needed to know the source address of > >> any client who try to connect to my web server > >> and after all, i tested the performance of my patched tproxy with > >> AVALANCHE 2900. if anyone ask me the performance result, i will send > >> it to him [the size of the test result pdf is big size] > >> *- here is the platform infomation this patch applied ---* > >> 1. OS > >> CentOS release 5.2 (Final) > >> 2. KERNEL > >> Linux version 2.6.18-194.el5-tproxy2 (root <at> localhost.localdomain > >> <mailto:root <at> localhost.localdomain>) > >> (gcc version 4.1.2 20080704 (Red Hat 4.1.2-46)) > >> #10 SMP Wed May 26 17:35:19 KST 2010 > >> 3. iptables > >> iptables-1.3.8 + tproxy2 supporting patch > >> *-- here is the usage of tproxy2 patched httpd configuration ---* > >> httpd.conf > >> <VirtualHost 192.168.200.1:80> > >> ProxyTproxy On # On/Off flag > >> ProxyTPifaddr 192.168.200.1 # IP address of bridge interface br0. > >> example) br0 = eth0 + eth1 .... > >> </VirtualHost> > >> i attach the kernel tproxy2 patch to the kernel > >> above[2.6.18-194.el5-tproxy2 ], httpd-2.2.15 tproxy2 patch and kernel > >> configuration for tproxy2 > >> above all, i want to know my patch is available or not .. and want > >> feedback from anyone > > > > JeHo; > > Hi, can you help me understand what the usage case is for this patch? > > What service or capability does it provide that is not currently available? > > In particular, how is X-Forwarded-For not going to provide the > information required. > > http://en.wikipedia.org/wiki/X-Forwarded-For > > Graham > >
I've been trying to configure Apache 2.2.17 for transparency. After applying the patch I observed that for IPv4 addresses when I try to fetch the client IP after accept () call, the IP was null. I think, The reason could be attributed to “--enable-v4-mapped” option due to which Apache treats the incoming IPv4 connections as IPv4 mapped IPv6 addresses and sets the “(apr_sockaddr_t)->family= APR_INET6”. So, I expect the option “--disable-v4-mapped” suffice transparency purpose and with this option Apache handle IPv4 and IPv6 connections on separate sockets. Please confirm my understanding OR if it require some additional/extra configuration. Please let me know the same. Rgds, Puneet Mohan