From: Alejandro Colomar Date: Mon, 24 Nov 2025 21:16:07 +0000 (+0100) Subject: man/man2const/{IPPROTO_IP,IP_TRANSPARENT}.2const: Split IP_TRANSPARENT from IPPROTO_I... X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ffc193fef8ad455499c1767ca8996d18c56eec84;p=thirdparty%2Fman-pages.git man/man2const/{IPPROTO_IP,IP_TRANSPARENT}.2const: Split IP_TRANSPARENT from IPPROTO_IP(2const) Signed-off-by: Alejandro Colomar --- diff --git a/man/man2const/IPPROTO_IP.2const b/man/man2const/IPPROTO_IP.2const index 5f38e47d6..5a2c0401b 100644 --- a/man/man2const/IPPROTO_IP.2const +++ b/man/man2const/IPPROTO_IP.2const @@ -122,31 +122,8 @@ fail with the error .BR IP_ROUTER_ALERT (2const) .TQ .BR IP_TOS (2const) -.TP -.BR IP_TRANSPARENT " (since Linux 2.6.24)" -.\" commit f5715aea4564f233767ea1d944b2637a5fd7cd2e -.\" This patch introduces the IP_TRANSPARENT socket option: enabling that -.\" will make the IPv4 routing omit the non-local source address check on -.\" output. Setting IP_TRANSPARENT requires NET_ADMIN capability. -.\" http://lwn.net/Articles/252545/ -Setting this boolean option enables transparent proxying on this socket. -This socket option allows -the calling application to bind to a nonlocal IP address and operate -both as a client and a server with the foreign address as the local endpoint. -NOTE: this requires that routing be set up in a way that -packets going to the foreign address are routed through the TProxy box -(i.e., the system hosting the application that employs the -.B IP_TRANSPARENT -socket option). -Enabling this socket option requires superuser privileges -(the -.B CAP_NET_ADMIN -or -.B CAP_NET_RAW -capability). -.IP -TProxy redirection with the iptables TPROXY target also requires that -this option be set on the redirected socket. +.TQ +.BR IP_TRANSPARENT (2const) .TP .BR IP_TTL " (since Linux 1.0)" Set or retrieve the current time-to-live field that is used in every packet @@ -223,9 +200,7 @@ See .BR setsockopt (2). See .BR ip (7). -.SH NOTES -.B IP_TRANSPARENT -is Linux-specific. +.\" .SH STANDARDS .\" IP_XFRM_POLICY is Linux-specific .\" IP_IPSEC_POLICY is a nonstandard extension, also present on some BSDs .SH SEE ALSO diff --git a/man/man2const/IP_TRANSPARENT.2const b/man/man2const/IP_TRANSPARENT.2const new file mode 100644 index 000000000..b35530a24 --- /dev/null +++ b/man/man2const/IP_TRANSPARENT.2const @@ -0,0 +1,59 @@ +.\" Copyright, the authors of the Linux man-pages project +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.TH IP_TRANSPARENT 2const (date) "Linux man-pages (unreleased)" +.SH NAME +IP_TRANSPARENT +\- +transparent proxying +.SH LIBRARY +Standard C library +.RI ( libc ,\~ \-lc ) +.SH SYNOPSIS +.nf +.BR "#include " " /* Definition of " IP* " constants */" +.B #include +.P +.BI int\~setsockopt(int\~ sockfd ,\~IPPROTO_IP,\~IP_TRANSPARENT, +.BI " const\~int\~*" enable ,\~sizeof(int)); +.fi +.SH DESCRIPTION +.TP +.BR IP_TRANSPARENT " (since Linux 2.6.24)" +.\" commit f5715aea4564f233767ea1d944b2637a5fd7cd2e +.\" This patch introduces the IP_TRANSPARENT socket option: enabling that +.\" will make the IPv4 routing omit the non-local source address check on +.\" output. Setting IP_TRANSPARENT requires NET_ADMIN capability. +.\" http://lwn.net/Articles/252545/ +Setting this boolean option enables transparent proxying on this socket. +This socket option allows +the calling application to bind to a nonlocal IP address and operate +both as a client and a server with the foreign address as the local endpoint. +NOTE: this requires that routing be set up in a way that +packets going to the foreign address are routed through the TProxy box +(i.e., the system hosting the application that employs the +.B IP_TRANSPARENT +socket option). +Enabling this socket option requires superuser privileges +(the +.B CAP_NET_ADMIN +or +.B CAP_NET_RAW +capability). +.IP +TProxy redirection with the iptables TPROXY target also requires that +this option be set on the redirected socket. +.SH ERRORS +See +.BR IPPROTO_IP (2const). +See +.BR setsockopt (2). +See +.BR ip (7). +.SH STANDARDS +Linux. +.SH SEE ALSO +.BR IPPROTO_IP (2const), +.BR setsockopt (2), +.BR ip (7)