Hi, On Mon, 2011-04-18 at 07:50 -0700, Sumedh Sathaye wrote:
I am a new user of TPROXY, and wonder if there is an answer to this question already. Is there a sample piece of proxy (user process) code that I can look at to quickly understand how to write such a proxy? I looked at squid, stunnel etc. codes, but deciphering those is harder than I thought. Netcat version mismatch is another story altogether.
I assume you've already checked Documentation/networking/tproxy.txt in the kernel source. All you really need is the setsocktop() setting IP_TRANSPARENT on the socket and then binding the socket to a non-local address. By the 'netcat version mismatch' you mean the patch referenced in the docs no longer applies to netcat? I think we could easily fix that.
Can anyone point to sample transparent proxy code that uses the TPROXY feature? If it does not exist, then I think it should be created :-)
You could also check haproxy (http://haproxy.1wt.eu) by Willy Tarreau. (Though being a production-ready multi-platform product makes haproxy also quite a bit more complicated than what would probably qualify as sample code.) -- KOVACS Krisztian