Hi, I have the intent to develop real transparent proxy support into the kernel 2.4 series (not a backport of the original 2.2 code)
Since at a few places it affects network core I asked the question below on netfilter-devel and they directed me to here. Could you please comment on it? For a reference, the implementation tries to touch the networking code the least possible, so it rewrites destination addresses prior they enter the networking core. Its a simple, stateless DNAT. On Wed, Mar 27, 2002 at 08:59:01AM +0100, Harald Welte wrote: > On Tue, Mar 26, 2002 at 04:21:04PM +0100, Balazs Scheidler wrote: > > Hi, > > > > I found some time to get back to my transparent proxy support for Netfilter. > > cool. We'd really like to see this getting forward. > > > - TPROXY target redirects a session > > > > - the original destination address/port number is stored in the IPCB() part > > of the skb > > > > - as soon as the socket is created this address/port number is copied into > > sk->tp_pinfo.af_tcp (struct tcp_opt) This would happen in tcp_v4_hnd_req() > > > > - this information is queried by the application using a getsockopt call to > > fetch the original destination address, the getsockopt can be implemented > > by registering an nf_sockopt_ops > > > > I'd like to have the core-members advice, is this a good way? Harald? > > This looks fine to me, but I'm not as much into the sockets code as others > are. > > If you want to make it really correct, I'd send that Mail to > the [EMAIL PROTECTED] Mailinglist. > > David Miller, Andi Kleen and Alexey Kuznetsov (the networking gods) are hanging > out on that list, so you might get some comments related the 'abuse' of > tp_pinfo.af_tcp and IPCB() from them. > > Based on their reaction you will see if there is a need to change something > or if they would like something like this in the kernel. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1