[tproxy] Sample/test code
KOVACS Krisztian
hidden at balabit.hu
Sat Apr 23 12:14:47 CEST 2011
Hi,
On Mon, 2011-04-18 at 07:50 -0700, Sumedh Sathaye wrote:
> I am a new user of TPROXY, and wonder if there is an answer to this question
> already.
> Is there a sample piece of proxy (user process) code that I can look at to
> quickly understand
> how to write such a proxy? I looked at squid, stunnel etc. codes, but
> deciphering those
> is harder than I thought. Netcat version mismatch is another story altogether.
I assume you've already checked Documentation/networking/tproxy.txt in
the kernel source. All you really need is the setsocktop() setting
IP_TRANSPARENT on the socket and then binding the socket to a non-local
address.
By the 'netcat version mismatch' you mean the patch referenced in the
docs no longer applies to netcat? I think we could easily fix that.
> Can anyone point to sample transparent proxy code that uses the TPROXY feature?
> If it does not exist, then I think it should be created :-)
You could also check haproxy (http://haproxy.1wt.eu) by Willy Tarreau.
(Though being a production-ready multi-platform product makes haproxy
also quite a bit more complicated than what would probably qualify as
sample code.)
--
KOVACS Krisztian
More information about the tproxy
mailing list