[tproxy] Re: Development version 1.9.2 released - Oops

James MacLean macleajb@ednet.ns.ca
Fri, 19 Mar 2004 22:35:06 -0400 (AST)

On Tue, 9 Mar 2004, KOVACS Krisztian wrote:

>   You should note that 1.9.2 is not compatible with Gianni Tedesco's
> Squid patches, and that his latest patches are actually quite old and
> buggy. You probably would have to use TProxy 1.2, which is for Linux
> 2.4... (Actually I have a patch for 2.6, but it's nor binary compatible
> with 2.4 versions, so you would have to recompile Squid, nor
> well-tested.)
>   Unfortunately I can't help more regarding Squid. Please contact Gianni
> Tedesco for more information.

Unfortunately I have not heard from Gianni, but I am hoping I might ask a 
couple of questions :) :

1. When an application sets up for a tproxy foreign source address 
according to the cttproxy-2.6.3-1.9.2 README, do any other iptables rules 
need to be added to activate what the application has setup?

2. Gianni's patches had :

	struct in_tproxy itp;
        itp.itp_faddr.s_addr = fwdState->src.sin_addr.s_addr;
        itp.itp_fport = fwdState->src.sin_port;
        setsockopt(fd, SOL_IP, IP_TPROXY_ASSIGN, &itp, sizeof(itp));
        setsockopt(fd, SOL_IP, IP_TPROXY_FLAGS, &f, sizeof(f));

which I have replaced with :

	struct in_tproxy itp;
        itp.v.addr.faddr.s_addr = fwdState->src.sin_addr.s_addr;
        itp.v.addr.fport = fwdState->src.sin_port;
        setsockopt(fd, SOL_IP, TPROXY_ASSIGN, &itp, sizeof(itp));
        setsockopt(fd, SOL_IP, TPROXY_FLAGS, &f, sizeof(f));

Does this appear to be a correct code update?

I ask because it compiles clean, strace says the setsockopt() calls are
successfull, but the outgoing source addresses are always the Squid PC's 
address :(.

Again, sorry to bother. Would appreciate even a pointer to a small code 
sample that does the transparent proxy this way that I could learn from.

James B. MacLean        macleajb@ednet.ns.ca
Department of Education 
Nova Scotia, Canada