[MEDIUM] support fully transparent proxy on Linux (USE_LINUX_TPROXY) Using some Linux kernel patches, it is possible to redirect non-local traffic to local sockets when IP forwarding is enabled. In order to enable this option, we introduce the "transparent" option keyword on the "bind" command line. It will make the socket reachable by remote sources even if the destination address does not belong to the machine.

commit: b1e52e8c4403a9a4fcb7effffc9749afd8f497a8 [log] [tgz]
author: Willy Tarreau <w@1wt.eu> Sun Jan 13 14:49:51 2008 +0100
committer: Willy Tarreau <w@1wt.eu> Sun Jan 13 14:49:51 2008 +0100
tree: 7d84bd456524cf521518c0070d28a5cfcef90c45
parent: fe10a0619ddfe58d9dfbf9029a73651130843023 [diff] [blame]
diff --git a/Makefile b/Makefile
index 17d9dd1..43c05fd 100644
--- a/Makefile
+++ b/Makefile

@@ -19,6 +19,7 @@
 #   USE_STATIC_PCRE      : enable static libpcre. Recommended.
 #   USE_TCPSPLICE        : enable tcp_splice() on Linux (needs kernel patch).
 #   USE_TPROXY           : enable transparent proxy. Automatic.
+#   USE_LINUX_TPROXY     : enable full transparent proxy (need kernel patch).
 #
 # Options can be forced by specifying "USE_xxx=1" or can be disabled by using
 # "USE_xxx=" (empty string).
@@ -291,6 +292,11 @@
 BUILD_OPTIONS  += $(call ignore_implicit,USE_TPROXY)
 endif
 
+ifneq ($(USE_LINUX_TPROXY),)
+OPTIONS_CFLAGS += -DCONFIG_HAP_LINUX_TPROXY
+BUILD_OPTIONS  += $(call ignore_implicit,USE_LINUX_TPROXY)
+endif
+
 ifneq ($(USE_POLL),)
 OPTIONS_CFLAGS += -DENABLE_POLL
 OPTIONS_OBJS   += src/ev_poll.o
commit	b1e52e8c4403a9a4fcb7effffc9749afd8f497a8	[log] [tgz]
author	Willy Tarreau <w@1wt.eu>	Sun Jan 13 14:49:51 2008 +0100
committer	Willy Tarreau <w@1wt.eu>	Sun Jan 13 14:49:51 2008 +0100
tree	7d84bd456524cf521518c0070d28a5cfcef90c45
parent	fe10a0619ddfe58d9dfbf9029a73651130843023 [diff] [blame]