| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 21 Apr 2017 20:59:33 +0200 From: bert hubert <bert.hubert@...erdns.com> To: netdev@...r.kernel.org Subject: new documentation: IP_TRANSPARENT, is it correct? Hi everyone, 10 years after lartc.org I decided to document a little bit more of Linux networking, and I hope I got it right. This email asks for your help in making sure. Recently I attempted to use IP_TRANSPARENT as outlined in https://www.kernel.org/doc/Documentation/networking/tproxy.txt but I could not figure out how it really worked from there (although I could copy paste my way to some working code). The web also mostly offered little in the way of (correct) explanation. I think I have it figured out by now, but I'm sure there are nuances I have missed. I'm especially interested in understanding _exactly_ what the IP_TRANSPARENT socket option does, because it appears somewhat arbitrary right now: "The IP_TRANSPARENT socket option enables: * Binding to addresses that are not (usually) considered local * Receiving connections and packets from iptables TPROXY redirected sessions" https://ds9a.nl/tproxy/tproxy.md.html has somewhat prettified Markdown that requires Javascript, plain Markdown is on https://github.com/ahupowerdns/tproxydoc/blob/master/tproxy.md If you could give this a read and a comment on things I got wrong, that would be most appreciated. Pointers to other relevant documentation are also very welcome. Thanks! Bert
Powered by blists - more mailing lists