ip.7: Document IP_TRANSPARENT

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

man7/ip.7

@@ -716,12 +716,31 @@ The priority can also be set in a protocol independent way by the
 .RB ( SOL_SOCKET ", " SO_PRIORITY )
 socket option (see
 .BR socket (7)).
-.\" FIXME Document IP_TRANSPARENT
 .\" Needs CAP_NET_ADMIN
 .\" Boolean
 .\" Since Linux 2.6.27
-.\" commit f5715aea4564f233767ea1d944b2637a5fd7cd2e
 .\" Author: KOVACS Krisztian <hidden@sch.bme.hu>
+.\" http://lwn.net/Articles/252545/
+.TP
+.BR IP_TTL " (since Linux 2.6.24)"
+.\" commit f5715aea4564f233767ea1d944b2637a5fd7cd2e
+.\"     This patch introduces the IP_TRANSPARENT socket option: enabling that
+.\"     will make the IPv4 routing omit the non-local source address check on
+.\"     output. Setting IP_TRANSPARENT requires NET_ADMIN capability.
+.\" http://lwn.net/Articles/252545/
+Setting this boolean option enables transparent proxying on this socket.
+This socket option allows
+the calling application to bind to a nonlocal IP address and operate
+both as a client and a server with the foreign address as the local endpoint.
+NOTE: this requires that routing be set up in a way that
+packets going to the foreign address are routed through the TProxy box.
+Enabling this socket option requires superuser privileges
+(the
+.BR CAP_NET_ADMIN
+capability).
+.IP
+TProxy redirection with the iptables TPROXY target also requires that
+this option be set on the redirected socket.
 .TP
 .BR IP_TTL " (since Linux 1.0)"
 Set or retrieve the current time-to-live field that is used in every packet
@@ -966,9 +985,10 @@ and
 .BR IP_MTU ,
 .BR IP_MTU_DISCOVER ,
 .BR IP_PKTINFO ,
-.B IP_RECVERR
+.BR IP_RECVERR ,
+.BR IP_ROUTER_ALERT ,
 and
-.B IP_ROUTER_ALERT
+.BR IP_TRANSPARENT
 are Linux-specific.
 .\" IP_PASSSEC is Linux-specific
 .\" IP_XFRM_POLICY is Linux-specific