Patch: TPROXY support for listening sockets

[David Kostal]

Hi,
this patch is _not_ meant to provide transparently IP of clients to
the backends.

It is meant to for nginx to be able to listen on non-local IP, as
replacement for (eg.) NATing of incomming connections to local port.
My setups use LVS with direct routing and real-servers without the
public IPs, using NAT. However the problem I'm facing is IPv6 and one
option is to use TPROXY sockets to listen to (possibly large number
of) non-local IPs.

Would you recommend some other solution or is this TPROXY patch fine?

Thanks,
David

On Fri, Jun 15, 2012 at 7:56 AM, David Kostal <david.kostal at gmail.com> wrote:
> Hi all,
> I just run into the need to have nginx support the Linux TPROXY
> feature: there is not REDIRECT target for IPv6. As there is no support
> for TPROXY in nginx I created a small patch for core & http modules
> against 1.2.1. It's enabled by recompiling nginx with --with-tproxy
> and activating it by adding "tproxy" as an additional argument to
> listen.
>
> Unfortunately it is not possible to enable/disable tproxy behavior for
> existing sockets during reload, only on startup or when reload adds
> new listening sockets. This is due to fact that the setsockopt() call
> must be done before bind().
>
> Please have a look, so far it works for me but I did not do yet any
> heavy testing and it's not production yet:)
>
> david.kostal at gmail.com
> ----+



-- 
david.kostal at gmail.com
----+
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nginx-tproxy.patch
Type: application/octet-stream
Size: 5619 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20121017/f52df2fc/attachment.obj>