IpTransparentSocketOption::IpTransparentSocketOption() {

  ENVOY_LOG(debug, "Cilium IpTransparentSocketOption()");

}

    Network::Socket& socket, envoy::config::core::v3::SocketOption::SocketState state) const {

  if (state != envoy::config::core::v3::SocketOption::STATE_PREBIND) {

    ENVOY_LOG(trace, "Skipping setting socket ({}) option IP_TRANSPARENT, state != STATE_PREBIND",

              socket.ioHandle().fdDoNotUse());

    return true;

  }

  auto& cilium_calls = PrivilegedService::Singleton::get();

  auto ip_version = socket.ipVersion();

  if (!ip_version.has_value()) {

    ENVOY_LOG(critical, "Socket address family is not available, can not choose source address");

    return false;

  }

  uint32_t one = 1;

  auto ip_socket_level = SOL_IP;

  auto ip_transparent_socket_option = IP_TRANSPARENT;

  auto ip_transparent_socket_option_name = "IP_TRANSPARENT";

  if (*ip_version == Network::Address::IpVersion::v6) {

    ip_socket_level = SOL_IPV6;

    ip_transparent_socket_option = IPV6_TRANSPARENT;

    ip_transparent_socket_option_name = "IPV6_TRANSPARENT";

  }

  auto status = cilium_calls.setsockopt(socket.ioHandle().fdDoNotUse(), ip_socket_level,

                                        ip_transparent_socket_option, &one, sizeof(one));

  if (status.return_value_ < 0) {

    if (status.errno_ == EPERM) {

      ENVOY_LOG(critical,

                "Failed to set socket option {}, capability "

                "CAP_NET_ADMIN needed: {}",

                ip_transparent_socket_option_name, Envoy::errorDetails(status.errno_));

    } else {

      ENVOY_LOG(critical, "Socket option failure. Failed to set {}: {}",

                ip_transparent_socket_option_name, Envoy::errorDetails(status.errno_));

      return false;

    }

  }

  ENVOY_LOG(trace, "Successfully set socket option {} on socket: {}",

            ip_transparent_socket_option_name, socket.ioHandle().fdDoNotUse());

  return true;

}