[tproxy] Sample/test code

KOVACS Krisztian hidden at balabit.hu
Sat Apr 23 12:14:47 CEST 2011


Hi,

On Mon, 2011-04-18 at 07:50 -0700, Sumedh Sathaye wrote:
> I am a new user of TPROXY, and wonder if there is an answer to this question 
> already.
> Is there a sample piece of proxy (user process) code that I can look at to 
> quickly understand
> how to write such a proxy? I looked at squid, stunnel etc. codes, but 
> deciphering those
> is harder than I thought. Netcat version mismatch is another story altogether.

I assume you've already checked Documentation/networking/tproxy.txt in
the kernel source. All you really need is the setsocktop() setting
IP_TRANSPARENT on the socket and then binding the socket to a non-local
address.

By the 'netcat version mismatch' you mean the patch referenced in the
docs no longer applies to netcat? I think we could easily fix that.

> Can anyone point to sample transparent proxy code that uses the TPROXY feature?
> If it does not exist, then I think it should be created :-)

You could also check haproxy (http://haproxy.1wt.eu) by Willy Tarreau.
(Though being a production-ready multi-platform product makes haproxy
also quite a bit more complicated than what would probably qualify as
sample code.)

-- 
KOVACS Krisztian




More information about the tproxy mailing list