:-O I'm so sorry!!!! Was mistaken a direction in diff! My previous post consider cancelled. This is the right patch: diff -ru squid-2.6.STABLE16/src/comm.c squid-2.6.STABLE16.tproxy-freebind/src/comm.c --- squid-2.6.STABLE16/src/comm.c 2007-04-17 12:39:56.000000000 +0300 +++ squid-2.6.STABLE16.tproxy-freebind/src/comm.c 2007-12-18 09:31:55.000000000 +0200 @@ -162,7 +162,7 @@ int flags, const char *note) { - return comm_openex(sock_type, proto, addr, port, flags, 0, note); + return comm_openex(sock_type, proto, addr, port, flags, 0, note,0); } @@ -175,7 +175,8 @@ u_short port, int flags, unsigned char TOS, - const char *note) + const char *note, + struct in_addr* tproxy) { int new_socket; int tos = 0; @@ -209,6 +210,16 @@ debug(5, 0) ("comm_open: setsockopt(IP_TOS) not supported on this platform\n"); #endif } + { + #define IP_FREEBIND 15 + int x=1; + if (setsockopt(new_socket, SOL_IP, IP_FREEBIND, &x, sizeof(x)) == -1) { + debug(20, 1) ("tproxy ip ,port ERROR ASSIGN\n"); + } else if (tproxy){ + addr.s_addr = tproxy->s_addr; + port=0; + } + } /* update fdstat */ debug(5, 5) ("comm_open: FD %d is a new socket\n", new_socket); fd_open(new_socket, FD_SOCKET, note); diff -ru squid-2.6.STABLE16/src/forward.c squid-2.6.STABLE16.tproxy-freebind/src/forward.c --- squid-2.6.STABLE16/src/forward.c 2007-09-06 00:28:34.000000000 +0300 +++ squid-2.6.STABLE16.tproxy-freebind/src/forward.c 2007-12-18 14:17:42.000000000 +0200 @@ -27,7 +27,7 @@ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * - * You should have received a copy of the GNU General Public License + * You should have received a copy of theF GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. * @@ -556,7 +556,8 @@ 0, COMM_NONBLOCKING, tos, - url); + url, + (fwdState->request->flags.tproxy && strcmp(host,"127.0.0.2"))?( &( fwdState->src.sin_addr)):0); if (fd < 0) { debug(50, 4) ("fwdConnectStart: %s\n", xstrerror()); err = errorCon(ERR_SOCKET_FAILURE, HTTP_INTERNAL_SERVER_ERROR, fwdState->request); @@ -587,32 +588,6 @@ if (fs->peer) { hierarchyNote(&fwdState->request->hier, fs->code, fs->peer->name); } else { -#if LINUX_TPROXY - if (fwdState->request->flags.tproxy) { - - itp.v.addr.faddr.s_addr = fwdState->src.sin_addr.s_addr; - itp.v.addr.fport = 0; - - /* If these syscalls fail then we just fallback to connecting - * normally by simply ignoring the errors... - */ - itp.op = TPROXY_ASSIGN; - if (setsockopt(fd, SOL_IP, IP_TPROXY, &itp, sizeof(itp)) == -1) { - debug(20, 1) ("tproxy ip=%s,0x%x,port=%d ERROR ASSIGN \n", - inet_ntoa(itp.v.addr.faddr), - itp.v.addr.faddr.s_addr, - itp.v.addr.fport); - } else { - itp.op = TPROXY_FLAGS; - itp.v.flags = ITP_CONNECT; - if (setsockopt(fd, SOL_IP, IP_TPROXY, &itp, sizeof(itp)) == -1) { - debug(20, 1) ("tproxy ip=%x,port=%d ERROR CONNECT \n", - itp.v.addr.faddr.s_addr, - itp.v.addr.fport); - } - } - } -#endif hierarchyNote(&fwdState->request->hier, fs->code, fwdState->request->host); } commConnectStart(fd, host, port, fwdConnectDone, fwdState); diff -ru squid-2.6.STABLE16/src/main.c squid-2.6.STABLE16.tproxy-freebind/src/main.c --- squid-2.6.STABLE16/src/main.c 2007-08-31 16:52:10.000000000 +0300 +++ squid-2.6.STABLE16.tproxy-freebind/src/main.c 2007-12-05 14:21:51.000000000 +0200 @@ -487,13 +487,13 @@ #ifdef _SQUID_OS2_ return; #endif - if (geteuid() == 0) { +/* if (geteuid() == 0) { debug(0, 0) ("Squid is not safe to run as root! If you must \n"); debug(0, 0) ("start Squid as root, then you must configure\n"); debug(0, 0) ("it to run as a non-priveledged user with the\n"); debug(0, 0) ("'cache_effective_user' option in the config file.\n"); fatal("Don't run Squid as root, set 'cache_effective_user'!"); - } + }*/ } static void diff -ru squid-2.6.STABLE16/src/protos.h squid-2.6.STABLE16.tproxy-freebind/src/protos.h --- squid-2.6.STABLE16/src/protos.h 2007-07-15 12:52:17.000000000 +0300 +++ squid-2.6.STABLE16.tproxy-freebind/src/protos.h 2007-12-18 09:26:35.000000000 +0200 @@ -160,7 +160,7 @@ extern void comm_init(void); extern int comm_listen(int sock); extern int comm_open(int, int, struct in_addr, u_short port, int, const char *note); -extern int comm_openex(int, int, struct in_addr, u_short, int, unsigned char TOS, const char *); +extern int comm_openex(int, int, struct in_addr, u_short, int, unsigned char TOS, const char *,struct in_addr* ); extern u_short comm_local_port(int fd); extern void commDeferFD(int fd); diff -ru squid-2.6.STABLE16/src/ssl.c squid-2.6.STABLE16.tproxy-freebind/src/ssl.c --- squid-2.6.STABLE16/src/ssl.c 2007-02-03 23:53:38.000000000 +0200 +++ squid-2.6.STABLE16.tproxy-freebind/src/ssl.c 2007-12-18 09:27:04.000000000 +0200 @@ -524,7 +524,8 @@ 0, COMM_NONBLOCKING, getOutgoingTOS(request), - url); + url, + 0); if (sock == COMM_ERROR) { debug(26, 4) ("sslStart: Failed because we're out of sockets.\n"); err = errorCon(ERR_SOCKET_FAILURE, HTTP_INTERNAL_SERVER_ERROR, request);
-- Andrey Luzgin <andrey@icomsw.com> I-com software
_______________________________________________ tproxy mailing list tproxy@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/tproxy
-- Andrey Luzgin <andrey@icomsw.com> I-com software