[tproxy] tproxy 4.0 & zorp 3.0.8

KOVACS Krisztian hidden at sch.bme.hu
Fri Aug 10 23:02:24 CEST 2007


On p, aug 10, 2007 at 01:23:39 +0200, Jan Engelhardt wrote:
> (Seriously, what is xt_TPROXY good for?)

The TPROXY and the REDIRECT target used to be quite similar before tproxy
v4: both did a simple DNAT to the given address, and TPROXY had magic
added to 'mark' packets as tproxy-ed plus some hack to save the original
destination address. (Saving the destination address was necessary because
we DNAT-ting.)

In v4 TPROXY has nothing to do with REDIRECT: in fact it doesn't need NAT
at all. Instead, it just assigns the destination socket matching the
"redirection address" to the packet, and the TCP and UDP socket lookup
code is hacked to use this associated socket instead of doing a (re)lookup
with the proper data. Sounds horrible, doesn't it? ;)

KOVACS Krisztian

More information about the tproxy mailing list