[MAJOR] support for source binding via cttproxy
Using the cttproxy kernel patch, it's possible to bind to any source
address. It is highly recommended to use the 03-natdel patch with the
other ones.
A new keyword appears as a complement to the "source" keyword : "usesrc".
The source address is mandatory and must be valid on the interface which
will see the packets. The "usesrc" option supports "client" (for full
client_ip:client_port spoofing), "client_ip" (for client_ip spoofing)
and any 'IP[:port]' combination to pretend to be another machine.
Right now, the source binding is missing from server health-checks if
set to another address. It must be implemented (think restricted firewalls).
The doc is still missing too.
diff --git a/include/types/backend.h b/include/types/backend.h
index a6a393a..f70a370 100644
--- a/include/types/backend.h
+++ b/include/types/backend.h
@@ -53,6 +53,12 @@
#define PR_O_ABRT_CLOSE 0x00800000 /* immediately abort request when client closes */
#define PR_O_SSL3_CHK 0x01000000 /* use SSLv3 CLIENT_HELLO packets for server health */
+#define PR_O_TPXY_ADDR 0x02000000 /* bind to this non-local address when connect()ing */
+#define PR_O_TPXY_CIP 0x04000000 /* bind to the client's IP address when connect()ing */
+#define PR_O_TPXY_CLI 0x06000000 /* bind to the client's IP+port when connect()ing */
+#define PR_O_TPXY_MASK 0x06000000 /* bind to a non-local address when connect()ing */
+
+
#endif /* _TYPES_BACKEND_H */
/*