Re: [tproxy] Protocol not available

18 Aug 2008

On Sun, 2008-08-17 at 18:28 +0200, Aleksandar Nasuovski wrote:
...
I used manual
http://wiki.squid-cache.org/ConfigExamples/TPROXYPatchingCentOS?highlight=%2...
Centos 5.2
kernel 2.6.25.11
tproxy-kernel-2.6.25-20080519-165031-1211208631.patch
tproxy-iptables-1.4.0
tproxy-iptables-1.4.0-20080521-113954-1211362794.patch
Squid3-HEAD
iptables -t mangle -N DIVERT iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0xffffffff
iptables -t mangle -A PREROUTING -p tcp --dport 80 -j TPROXY --tproxy-mark 0x1/0x1 --on-port 3128
I didn’t got problem with installation or compiling.
I didn’t used the wccp
I manual set proxy ip in browser
And got the address
ERROR:
IPInterception.cc(171) NetfilterTransparent:  NF
getsockopt(IP_TRANSPARENT) failed: (92) Protocol not available
ENOPROTOOPT is returned in case tproxy wasn't compiled into the kernel.
Are you sure you have properly patched and booted the patched kernel?

It is not even conditionally compiled in. This is the hunk that
implements ENOPROTOOPT:

diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index d6e76f5..871334d 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -420,7 +420,7 @@ static int do_ip_setsockopt(struct sock *sk, int level,
                             (1<<IP_TTL) | (1<<IP_HDRINCL) |
                             (1<<IP_MTU_DISCOVER) | (1<<IP_RECVERR) |
                             (1<<IP_ROUTER_ALERT) | (1<<IP_FREEBIND) |
-                            (1<<IP_PASSSEC))) ||
+                            (1<<IP_PASSSEC) | (1<<IP_TRANSPARENT))) ||
            optname == IP_MULTICAST_TTL ||
            optname == IP_MULTICAST_LOOP) {
                if (optlen >= sizeof(int)) {
@@ -879,6 +879,16 @@ static int do_ip_setsockopt(struct sock *sk, int level,
                err = xfrm_user_policy(sk, optname, optval, optlen);
                break;
 
+       case IP_TRANSPARENT:
+               if (!capable(CAP_NET_ADMIN)) {
+                       err = -EPERM;
+                       break;
+               }
+               if (optlen < 1)
+                       goto e_inval;
+               inet->transparent = !!val;
+               break;
+
        default:
                err = -ENOPROTOOPT;
                break;


Please double check that you have this code in your kernel.

-- 
Bazsi

    

Re: [tproxy] Protocol not available

Balazs Scheidler