[tproxy] Re: Development version 1.9.2 released - Oops
James MacLean
macleajb@ednet.ns.ca
Fri, 19 Mar 2004 22:35:06 -0400 (AST)
On Tue, 9 Mar 2004, KOVACS Krisztian wrote:
> You should note that 1.9.2 is not compatible with Gianni Tedesco's
> Squid patches, and that his latest patches are actually quite old and
> buggy. You probably would have to use TProxy 1.2, which is for Linux
> 2.4... (Actually I have a patch for 2.6, but it's nor binary compatible
> with 2.4 versions, so you would have to recompile Squid, nor
> well-tested.)
> Unfortunately I can't help more regarding Squid. Please contact Gianni
> Tedesco for more information.
Unfortunately I have not heard from Gianni, but I am hoping I might ask a
couple of questions :) :
1. When an application sets up for a tproxy foreign source address
according to the cttproxy-2.6.3-1.9.2 README, do any other iptables rules
need to be added to activate what the application has setup?
2. Gianni's patches had :
int f=ITP_CONNECT;
struct in_tproxy itp;
itp.itp_faddr.s_addr = fwdState->src.sin_addr.s_addr;
itp.itp_fport = fwdState->src.sin_port;
setsockopt(fd, SOL_IP, IP_TPROXY_ASSIGN, &itp, sizeof(itp));
setsockopt(fd, SOL_IP, IP_TPROXY_FLAGS, &f, sizeof(f));
which I have replaced with :
int f=ITP_CONNECT;
struct in_tproxy itp;
itp.v.addr.faddr.s_addr = fwdState->src.sin_addr.s_addr;
itp.v.addr.fport = fwdState->src.sin_port;
setsockopt(fd, SOL_IP, TPROXY_ASSIGN, &itp, sizeof(itp));
setsockopt(fd, SOL_IP, TPROXY_FLAGS, &f, sizeof(f));
Does this appear to be a correct code update?
I ask because it compiles clean, strace says the setsockopt() calls are
successfull, but the outgoing source addresses are always the Squid PC's
address :(.
Again, sorry to bother. Would appreciate even a pointer to a small code
sample that does the transparent proxy this way that I could learn from.
thanks,
JES
--
James B. MacLean macleajb@ednet.ns.ca
Department of Education
Nova Scotia, Canada