[tproxy] TProxy version 4.0.0 released

Cameron Schaus cam at schaus.ca
Tue Aug 7 17:55:29 CEST 2007

Jan Engelhardt wrote:
> Well, _where_ did you add this entry? It must be added to .34.1,
> not .34.2 and not .34.99. And that raises problems, for example:
>  - .34.1 is not under your control and/or has no way to add ARP entries
>    (like most routers which only have a web interface)
>  - there is more than just .34.1, for example if
>    br0[eth0+eth1] were the combined .34.0/24 (no router so to speak),
>    then you would have to add ARP for all machines on all machines (yikes!)
I add the static arp entry on my web server.  I am doing this purely for 
testing purposes.  In the real system, the arp traffic flows across the 
bridge so the webserver has the client's MAC address.

To be clear, I have one test bridge running the tproxy code generating 
an HTTP GET request to a web server using a foreign source address for 
the request.  I have placed the static arp entry on the web server.

Using my setup I have validated that the tproxy v4.0.0 code does work 
without a bridge.  However, when I configure a bridge, per my previous 
posts, and run my test again, the client machine (with bridge+tproxy) 
sits and sends arp requests for the foreign IP address.

I would like to understand why the 4.0.0 code does not work when a 
bridge is involved, because based on previous discussions it sounds like 
should work when I create a static ARP entry on the web server.  The 
packets arriving back at the bridge have a dest ethernet address of the 
bridge, and so should make it up the stack correctly.

When I use ebtables brouting feature, the packets are processed 
correctly by the bridge, however, using ebtables brouting is not 
feasible for my application.


More information about the tproxy mailing list