@@ -175,8 +175,7 @@
u_short port,
int flags,
unsigned char TOS,
- const char *note,
- struct in_addr* tproxy)
+ const char *note)
{
int new_socket;
int tos = 0;
@@ -210,16 +209,6 @@
debug(5, 0) ("comm_open: setsockopt(IP_TOS) not supported on this platform\n");
#endif
}
- {
- #define IP_FREEBIND 15
- int x=1;
- if (setsockopt(new_socket, SOL_IP, IP_FREEBIND, &x, sizeof(x)) == -1) {
- debug(20, 1) ("tproxy ip ,port ERROR ASSIGN\n");
- } else if (tproxy){
- addr.s_addr = tproxy->s_addr;
- port=0;
- }
- }
/* update fdstat */
debug(5, 5) ("comm_open: FD %d is a new socket\n", new_socket);
fd_open(new_socket, FD_SOCKET, note);
diff -ru squid-2.6.STABLE16.tproxy-freebind/src/forward.c squid-2.6.STABLE16/src/forward.c
--- squid-2.6.STABLE16.tproxy-freebind/src/forward.c 2007-12-18 14:17:42.000000000 +0200
+++ squid-2.6.STABLE16/src/forward.c 2007-09-06 00:28:34.000000000 +0300
@@ -27,7 +27,7 @@
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of theF GNU General Public License
+ * You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
*
@@ -556,8 +556,7 @@
0,
COMM_NONBLOCKING,
tos,
- url,
- (fwdState->request->flags.tproxy && strcmp(host,"127.0.0.2"))?( &( fwdState->src.sin_addr)):0);
+ url);
if (fd < 0) {
debug(50, 4) ("fwdConnectStart: %s\n", xstrerror());
err = errorCon(ERR_SOCKET_FAILURE, HTTP_INTERNAL_SERVER_ERROR, fwdState->request);
@@ -588,6 +587,32 @@
if (fs->peer) {
hierarchyNote(&fwdState->request->hier, fs->code, fs->peer->name);
} else {
+#if LINUX_TPROXY
+ if (fwdState->request->flags.tproxy) {
+
+ itp.v.addr.faddr.s_addr = fwdState->src.sin_addr.s_addr;
+ itp.v.addr.fport = 0;
+
+ /* If these syscalls fail then we just fallback to connecting
+ * normally by simply ignoring the errors...
+ */
+ itp.op = TPROXY_ASSIGN;
+ if (setsockopt(fd, SOL_IP, IP_TPROXY, &itp, sizeof(itp)) == -1) {
+ debug(20, 1) ("tproxy ip=%s,0x%x,port=%d ERROR ASSIGN\n",
+ inet_ntoa(itp.v.addr.faddr),
+ itp.v.addr.faddr.s_addr,
+ itp.v.addr.fport);
+ } else {
+ itp.op = TPROXY_FLAGS;
+ itp.v.flags = ITP_CONNECT;
+ if (setsockopt(fd, SOL_IP, IP_TPROXY, &itp, sizeof(itp)) == -1) {
+ debug(20, 1) ("tproxy ip=%x,port=%d ERROR CONNECT\n",
+ itp.v.addr.faddr.s_addr,
+ itp.v.addr.fport);
+ }
+ }
+ }
+#endif
hierarchyNote(&fwdState->request->hier, fs->code, fwdState->request->host);
}
commConnectStart(fd, host, port, fwdConnectDone, fwdState);
diff -ru squid-2.6.STABLE16.tproxy-freebind/src/main.c squid-2.6.STABLE16/src/main.c
--- squid-2.6.STABLE16.tproxy-freebind/src/main.c 2007-12-05 14:21:51.000000000 +0200
+++ squid-2.6.STABLE16/src/main.c 2007-08-31 16:52:10.000000000 +0300
@@ -487,13 +487,13 @@
#ifdef _SQUID_OS2_
return;
#endif
-/* if (geteuid() == 0) {
+ if (geteuid() == 0) {
debug(0, 0) ("Squid is not safe to run as root! If you must\n");
debug(0, 0) ("start Squid as root, then you must configure\n");
debug(0, 0) ("it to run as a non-priveledged user with the\n");
debug(0, 0) ("'cache_effective_user' option in the config file.\n");
fatal("Don't run Squid as root, set 'cache_effective_user'!");
- }*/
+ }
}