Hi, These patches are my second try at providing Linux 2.2-like transparent proxying support for Linux 2.6.
Major changes since the first version: - iptable_tproxy now does IPv4 fragment reassembly (necessary for processing TCP/UDP header) - The removal of the source address check in ip_route_output() was incorrect. Instead, I've implemented a separate setsockopt-settable per-socket flag (setting it requires CAP_NET_ADMIN) to selectively loosen that check in ip_route_output(). Besides these, I've tried to fix all the problems raised on netdev@ in January. Unfortunately the newly introduced IP_TRANSPARENT socket option leads to a quite intrusive set of patches touching core IPv4 routing and TCP code, however this was necessary as DaveM rejected our idea of using IP_FREEBIND instead (and he's right, of course, as it would have caused ABI breakage.) The current approach works by adding a new bit to the flag field in "struct flowi". Furthermore, I haven't removed the IPv4 routing local diversion code (caching socket lookups in the skb) yet. Patrick recommended throwing it out altogether and use mark-based policy routing instead, but I still think that would be harming usability as the user would need to harmonize the configuration in order to have two completely independent subsystems interoperate. -- Regards, Krisztian Kovacs - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
