[tproxy] Port redirection in TCP and SCTP

[maria isabel]

Hello,
   I was going through the historical mail archives for tproxy in tcp and I
found some changed functionality related to the hash tables
   and port redirection when TPROXY is involved.
   In SCTP the flow is proceeding as follows
        -Socket lookup in xt_TPROXY and xt_socket modules
        -Store the socket reference in skb->sk and redirect the packet
        -In input.c in sctp the association and endpoint structures are
filled but the socket is reused from skb->sk?? Is this alright?
         If this is not alright we can also store the entire endpoint
structure reference containing the socket in skb->cb
         and forward it to input.c after redirection.
        -Now INIT-ACK comes from the TPROXY port and not from the original
destination port.By looking at the tcp patches I can see that
         you are storing and reusing this information and also adding an
entry in the hash table to get the reply from the original port
          and not the tproxy port.
         Can somebody please tell me how to go about on the port redirection
part and hash table part as I have no idea?
         Also I'm getting confused reading the mail archives as the design
for TPROXY was changed (earlier it was a bit different I presume not
         using the IP_TRANSPARENT and the mangle tables)
         If you can tell me the outline followed for TCP I can look for
similar equivalent functionality in SCTP and modify.
         It would be a lot quicker considering the deadline I'm on. :(

         The background behind all of this is we are trying to build a Load
Balancer which will accept and route upto 2 million connections
          from clients.TPROXY is the core element for this.

Thanks and Regards,
              Maria
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20110517/4ea9df2e/attachment.htm