[MEDIUM] support fully transparent proxy on Linux (USE_LINUX_TPROXY) Using some Linux kernel patches, it is possible to redirect non-local traffic to local sockets when IP forwarding is enabled. In order to enable this option, we introduce the "transparent" option keyword on the "bind" command line. It will make the socket reachable by remote sources even if the destination address does not belong to the machine.

commit: b1e52e8c4403a9a4fcb7effffc9749afd8f497a8 [log] [tgz]
author: Willy Tarreau <w@1wt.eu> Sun Jan 13 14:49:51 2008 +0100
committer: Willy Tarreau <w@1wt.eu> Sun Jan 13 14:49:51 2008 +0100
tree: 7d84bd456524cf521518c0070d28a5cfcef90c45
parent: fe10a0619ddfe58d9dfbf9029a73651130843023 [diff] [blame]
diff --git a/include/common/compat.h b/include/common/compat.h
index 774f9b4..3c51fb2 100644
--- a/include/common/compat.h
+++ b/include/common/compat.h

@@ -2,7 +2,7 @@
   include/common/compat.h
   Operating system compatibility interface.
 
-  Copyright (C) 2000-2006 Willy Tarreau - w@1wt.eu
+  Copyright (C) 2000-2008 Willy Tarreau - w@1wt.eu
   
   This library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
@@ -66,6 +66,13 @@
 #include <linux/netfilter_ipv4.h>
 #endif
 
+/* On Linux, IP_TRANSPARENT generally requires a kernel patch */
+#if defined(CONFIG_HAP_LINUX_TPROXY)
+#if !defined(IP_TRANSPARENT)
+#define IP_TRANSPARENT 19
+#endif /* !IP_TRANSPARENT */
+#endif /* CONFIG_HAP_LINUX_TPROXY */
+
 /* We'll try to enable SO_REUSEPORT on Linux 2.4 and 2.6 if not defined.
  * There are two families of values depending on the architecture. Those
  * are at least valid on Linux 2.4 and 2.6, reason why we'll rely on the
commit	b1e52e8c4403a9a4fcb7effffc9749afd8f497a8	[log] [tgz]
author	Willy Tarreau <w@1wt.eu>	Sun Jan 13 14:49:51 2008 +0100
committer	Willy Tarreau <w@1wt.eu>	Sun Jan 13 14:49:51 2008 +0100
tree	7d84bd456524cf521518c0070d28a5cfcef90c45
parent	fe10a0619ddfe58d9dfbf9029a73651130843023 [diff] [blame]