Hi, After almost two months work, a new development version of TProxy has been released: 1.9.1. The 1.9 branch, when declared stable, will become TProxy version 2.0 -- the change in the major version number reflects complete API change, and some semantic changes. The iptables (userspace) patch is still the same, so this version is compatible with iptables compiled for the stable branch of TProxy, however, the sockopt interface has gone through a complete rewrite. New features are: * New API, see the updated examples in the tests directory. This makes TProxy version and compatibility checks possible, and provides easy extensibility. * TPROXY_ALLOC operation: makes it possible to allocate a unique foreign port automatically before the first packet is leaving. * TPROXY_CONNECT operation: informs TProxy about the peer. It helps a lot with NAT reservations, and is _needed_ before setting the ESTABLISHED flag on a sockref. (Instead of the dirty hack of requiring connect()-ing before setting the flag.) This release has a bit more patches inside than the usual: * 01-nat_reservations.diff: NAT reservations patch for the Netfilter NAT core, this is needed for TProxy to avoid a lot of NAT failures * 02-nat_reservations_tproxy_exports.diff: two extra exported functions from the NAT reservations support code * 03-tproxy.diff: transparent proxying support code * 04-nat_delete.diff: extended version of the older nat_delete patch, it is able to delete conntrack entries when a clashing NAT mapping is to be applied This release is available, as always, from: http://www.balabit.com/downloads/tproxy/linux-2.4/devel/ MD5: cttproxy-2.4.23-1.9.1.tar.gz 512fb80b37f8a9f260d3a90084f426ee Since this is the first development release of this completely new branch, its main purpose is to demonstrate the new API and feature set. It is certainly buggy, so handle with care :) Of course, any feedback (test results, problems, bugs, etc.) is appreciated. -- Regards, Krisztian KOVACS