Class MockServerIpTransparentHelper
IP_TRANSPARENT socket option on the server bootstrap when
TPROXY mode is enabled.
The IP_TRANSPARENT socket option (Linux SOL_IP = 0, IP_TRANSPARENT = 19)
allows the listener socket to accept connections destined for any IP address, not
just the local addresses of the host. This is required for the TPROXY iptables
target to work: the kernel redirects traffic to the listener socket while
preserving the original destination as the socket's local address.
On Netty epoll transport, this is exposed as
io.netty.channel.epoll.EpollChannelOption.IP_TRANSPARENT. On NIO transport
or non-Linux platforms, this method is a no-op (logs a debug message).
Usage: call applyIfEnabled(ServerBootstrap, Configuration) after
constructing the ServerBootstrap and before binding. This is idempotent.
Requires: CAP_NET_ADMIN on the process. Without it, the
setsockopt(IP_TRANSPARENT) call will fail with EPERM and the
Netty channel bind will fail. This is expected in non-TPROXY deployments.
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptionstatic booleanapplyIfEnabled(io.netty.bootstrap.ServerBootstrap bootstrap, Configuration configuration) Applies theIP_TRANSPARENTchannel option to the server bootstrap if TPROXY mode is enabled in configuration and the epoll transport is available.
-
Method Details
-
applyIfEnabled
public static boolean applyIfEnabled(io.netty.bootstrap.ServerBootstrap bootstrap, Configuration configuration) Applies theIP_TRANSPARENTchannel option to the server bootstrap if TPROXY mode is enabled in configuration and the epoll transport is available.- Parameters:
bootstrap- the server bootstrap to configureconfiguration- the MockServer configuration- Returns:
trueif the option was applied,falseotherwise
-