Hi, On Wed, May 08, 2013 at 07:34:19PM +0200, PiBa-NL wrote: > Hi Willy, > > Could you please let me know what your findings are about the proposed > patch?
I was on it this afternoon (didn't have time earlier) :-) I haven't finished reviewing it yet, because I was trying to figure if there would be an easy way to merge the CTTPROXY mode into the other transparent proxy options, but I'm not sure that's really useful. Also I found one issue here : + int ret = 0; + #if defined(SOL_IP) && defined(IP_TRANSPARENT) + ret |= setsockopt(fd, SOL_IP, IP_TRANSPARENT, &one, sizeof(one)) == 0; + #endif + #if defined(SOL_IP) && defined(IP_FREEBIND) + ret |= setsockopt(fd, SOL_IP, IP_FREEBIND, &one, sizeof(one)) == 0; + #endif + #if defined(IPPROTO_IP) && defined(IP_BINDANY) + ret |= setsockopt(fd, IPPROTO_IP, IP_BINDANY, &one, sizeof(one)) == 0; + #endif + #if defined(SOL_SOCKET) && defined(SO_BINDANY) + ret |= setsockopt(fd, SOL_SOCKET, SO_BINDANY, &one, sizeof(one)) == 0; + #endif + if (ret) As you can see, if we have multiple defines, we'll call setsockopt multiple times, which we don't want. I was thinking about something like this instead : if (0 #if cond1 || setsockopt(fd, SOL_IP, IP_TRANSPARENT, &one, sizeof(one)) == 0 #endif #if cond2 || setsockopt(fd, SOL_IP, IP_TRANSPARENT, &one, sizeof(one)) == 0 #endif ) ... I'm still on it right now, to ensure we don't break anything. > Does it need some more work, is it implemented wrongly, or would it help > if i send my current haproxy.cfg file? > > If i need to change something please let me know, thanks. I do not think so, I can easily perform the changes above myself, I won't harrass you with another iteration. Overall it's good but since we're changing many things at once, I'm cautious. I'd prefer to break it in two BTW : 1) change existing code to support CONFIG_HAP_TRANSPARENT everywhere 2) add FreeBSD support But if that's OK for you, I'll simply perform the small adjustments before merging it. Cheers, Willy