[tproxy] TProxy version 4.0.0 released
Cameron Schaus
cam at schaus.ca
Tue Aug 14 00:49:30 CEST 2007
KOVACS Krisztian wrote:
>> I would like to understand why the 4.0.0 code does not work when a
>> bridge is involved, because based on previous discussions it sounds like
>> should work when I create a static ARP entry on the web server. The
>> packets arriving back at the bridge have a dest ethernet address of the
>> bridge, and so should make it up the stack correctly.
>>
>> When I use ebtables brouting feature, the packets are processed
>> correctly by the bridge, however, using ebtables brouting is not
>> feasible for my application.
>>
>
> If you configure ARP properly, then it should work. Definitely worth
> investigating... Do you have any clue _where_ things might go wrong inside
> the kernel? (It looks like the packet does get up to routing, but then the
> socket is somehow not found and the kernel tries to forward it.)
>
I added some debug information to the ip_tproxy_prerouting function, and
it appears that the incoming connection is found in the socket hash, and
that "freebind" is set in the struct. So, my initial speculation about
mismatched devices was not correct.
Do you have anymore ideas about why this code does not work with a bridge?
I'm going to investigate the ip_divert_local function, but I'm not 100%
clear about what it's doing to "short circut" the routing.
Thanks,
Cam
More information about the tproxy
mailing list