tproxy4, kernel 2.6.22 and squid-2.6.stable13
We tried to modify forward.c in squid source like this: #if LINUX_TPROXY /* hack to allow rewrite to 127.0.0.1: */ if (fwdState->request->flags.tproxy && strcmp(host,"127.0.0.1")) { itp.v.addr.faddr.s_addr = fwdState->src.sin_addr.s_addr; itp.v.addr.fport = 0; /* If these syscalls fail then we just fallback to connecting * normally by simply ignoring the errors... */ #define IP_FREEBIND 15 int x=1; if (setsockopt(fd, SOL_IP, IP_FREEBIND, &x, sizeof(x)) == -1) { debug(20, 1) ("tproxy ip=%s,0x%x,port=%d ERROR ASSIGN \n", inet_ntoa(itp.v.addr.faddr), itp.v.addr.faddr.s_addr, itp.v.addr.fport); } else { static struct sockaddr_in to_addr; bzero(&to_addr, sizeof(struct sockaddr_in)); to_addr.sin_family = AF_INET; to_addr.sin_port = 0; /*statuc IP-adress of the client for testing */ if( inet_aton( "XXX.XXX.XXX.XXX", &to_addr.sin_addr ) == 0 ) { debug(20, 1) ("tproxy fail to set to_addr.sin.addr \n"); } /* Here it falls */ if (bind(fd, (struct sockaddr *) &to_addr, sizeof(to_addr)) == -1) { debug(20, 1) ("tproxy fail to bind\n"); } /* itp.op = TPROXY_FLAGS; itp.v.flags = ITP_CONNECT; if (setsockopt(fd, SOL_IP, IP_TPROXY, &itp, sizeof(itp)) == -1) { debug(20, 1) ("tproxy ip=%x,port=%d ERROR CONNECT \n", itp.v.addr.faddr.s_addr, itp.v.addr.fport); } */ } } #endif We receive the message "tproxy fail to bind". -- Andrey Luzgin <andrey@icomsw.com> I-com software(www.icomsw.com)
From: "Andrey Luzgin" <andrey@icomsw.com>
We tried to modify forward.c in squid source like this:
#if LINUX_TPROXY /* Here it falls */ if (bind(fd, (struct sockaddr *) &to_addr, sizeof(to_addr)) == -1) { debug(20, 1) ("tproxy fail to bind\n"); } /*
We receive the message "tproxy fail to bind". --
This is likely due to you have binded to another IP earlier. In tproxy2, you have to set up 'tcp_outgoing_address' before tproxy will work. However, when using tproxy4, you should change of source code to ignore 'tcp_outgoing_address' setting ( ie don't bind to this IP at all ! ) and just bind straight to the HTTP requesters IP. I haven't quite tested it, but perhaps you can remove your tcp_outgoing_address setting in squid.conf. That might provide a fast work around. Cheers.
I not the programmer, i system administrator of our firm. Our programmer makes variations to a code of Squid. We shall complete all and we shall publish here changes. :-) В Втр, 18/12/2007 в 09:31 +0800, Ming-Ching Tiew пишет:
From: "Andrey Luzgin" <andrey@icomsw.com>
We tried to modify forward.c in squid source like this:
#if LINUX_TPROXY /* Here it falls */ if (bind(fd, (struct sockaddr *) &to_addr, sizeof(to_addr)) == -1) { debug(20, 1) ("tproxy fail to bind\n"); } /*
We receive the message "tproxy fail to bind". --
This is likely due to you have binded to another IP earlier.
In tproxy2, you have to set up 'tcp_outgoing_address' before tproxy will work. However, when using tproxy4, you should change of source code to ignore 'tcp_outgoing_address' setting ( ie don't bind to this IP at all ! ) and just bind straight to the HTTP requesters IP.
I haven't quite tested it, but perhaps you can remove your tcp_outgoing_address setting in squid.conf. That might provide a fast work around.
Cheers.
_______________________________________________ tproxy mailing list tproxy@lists.balabit.hu https://lists.balabit.hu/mailman/listinfo/tproxy
-- Andrey Luzgin <andrey@icomsw.com> I-com software
participants (2)
-
Andrey Luzgin
-
Ming-Ching Tiew