Hi,
On Wed, May 08, 2013 at 07:34:19PM +0200, PiBa-NL wrote:
Hi Willy,
Could you please let me know what your findings are about the proposed
patch?
I was on it this afternoon (didn't have time earlier) :-)
I haven't finished reviewing it yet, because I was trying to figure if
there would be an easy way to merge the CTTPROXY mode into the other
transparent proxy options, but I'm not sure that's really useful.
Also I found one issue here :
+ int ret = 0;
+ #if defined(SOL_IP) && defined(IP_TRANSPARENT)
+ ret |= setsockopt(fd, SOL_IP, IP_TRANSPARENT, &one,
sizeof(one)) == 0;
+ #endif
+ #if defined(SOL_IP) && defined(IP_FREEBIND)
+ ret |= setsockopt(fd, SOL_IP, IP_FREEBIND, &one,
sizeof(one)) == 0;
+ #endif
+ #if defined(IPPROTO_IP) && defined(IP_BINDANY)
+ ret |= setsockopt(fd, IPPROTO_IP, IP_BINDANY, &one,
sizeof(one)) == 0;
+ #endif
+ #if defined(SOL_SOCKET) && defined(SO_BINDANY)
+ ret |= setsockopt(fd, SOL_SOCKET, SO_BINDANY, &one,
sizeof(one)) == 0;
+ #endif
+ if (ret)
As you can see, if we have multiple defines, we'll call setsockopt multiple
times, which we don't want. I was thinking about something like this instead :
if (0
#if cond1
|| setsockopt(fd, SOL_IP, IP_TRANSPARENT, &one, sizeof(one)) == 0
#endif
#if cond2
|| setsockopt(fd, SOL_IP, IP_TRANSPARENT, &one, sizeof(one)) == 0
#endif
)
...
I'm still on it right now, to ensure we don't break anything.
Does it need some more work, is it implemented wrongly, or would it help
if i send my current haproxy.cfg file?
If i need to change something please let me know, thanks.
I do not think so, I can easily perform the changes above myself, I won't
harrass you with another iteration. Overall it's good but since we're
changing many things at once, I'm cautious. I'd prefer to break it in
two BTW :
1) change existing code to support CONFIG_HAP_TRANSPARENT everywhere
2) add FreeBSD support
But if that's OK for you, I'll simply perform the small adjustments
before merging it.
Cheers,
Willy