On Sun, Feb 2, 2014 at 9:33 AM, Stuart Henderson <[email protected]> wrote:
[...]
> Rather than writing a helper running as root, you can change from using
> nat redirects (rdr-to) to using divert sockets (divert-to), then the proxy
> will receive unmodified packets and can just use getsockname(2) to retrieve
> the original address which does not require privileges.
That does look like a better way of doing it and would likely also
simplify things. If I'm reading commit logs correctly, divert-to was
added about 6 months after I originally wrote that code.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
