The following set of patches implement transparent proxying support loosely modeled on the Linux 2.2 transparent proxying functionality.
In the last few years we've been maintaining a set of patches implementing Netfilter NAT to provide similar functionality. However, as time passed, more and more bugs surfaced, some of which were not possible to fix using that approach. Also, those patches required modification of user-space application code and the "API" provided was neither clean nor easy to use. So instead of using NAT to dynamically redirect traffic to local addresses, we now rely on "native" non-locally-bound sockets and do early socket lookups for inbound IPv4 packets. These lookups are done in a separate Netfilter/iptables module, so there are only negligible performance implications of building transparent proxying support as a module and then not loading it. Small modifications were also necessary in IP/TCP/UDP core code to support the Netfilter modules. All those have been functionally split out into stand-alone patches among which there are no direct dependencies. Among these changes are ones which I think might be potentially risky, especially the core IPv4 routing code changes. Also please note that at the moment only IPv4 support is implemented, but opposed to the NAT-based approach taken by older TProxy versions IPv6 support is possible this way. Comments welcome... -- Regards, Krisztian Kovacs - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
