[tproxy] Squid-2.6 patch
Laszlo Attila Toth
panther at balabit.hu
Tue Mar 4 14:00:50 CET 2008
Hello,
Gonzalo Arana wrote:
> Lazlo,
>
> Is it possible to use tproxy 4.1 without conntrack or any other extra
> state-table? i.e. Do IP_TRANSPARENT requires nat? If that's the case,
> it involves an extra table (conntrack) to maintain.
> Freebind only uses filedescriptor table, so it uses less resources I
> believe. Am I right?
> Is freebind not accepted by kernel guys?
> Regards,
>
Both IP_TRANPARENT and IP_FREEBIND has administrative purpose:
enables/disables specific binds also no extra resource is necessary, and
they are not related to the netfilter code.
IP_TRANSPARENT is a new socket option for tproxy. It sets/unsets a bit
inside struct inet_sock.
TProxy 4.1 doesn't require NAT or connection tracking it is independent
from it. But if the conntrack is enabled, the socket match has different
code to let the SNAT works with it.
--
Panther
More information about the tproxy
mailing list