[tproxy] is there a release plan of tproxy patch for kernel 2.6.16 or 2.6.17

Jan Engelhardt jengelh at linux01.gwdg.de
Fri Jul 28 16:23:08 CEST 2006

>  Sure, I'm already testing those releases. Unfortunately I still have git 
>related problems with the linux-2.4 repository on kernel.org, so the 2.4 
>patch is still missing. That's why I did not release 2.0.5 today.

Who is really using 2.4 these days? I know, all those sad souls who bought 
a long-time support Redhat contract some years ago. :-( But given that you 
need to patch the kernel anyhow makes the jump to 2.6 easy. (Like in this 

>  For the impatient, however, there are pre-released patches for 2.6.16, 
>2.6.17, and 2.6.18-rc2. These patches have seen a limited amount of testing 
>and generally seem to work OK:
>  http://people.balabit.hu/hidden/tproxy2-2.6.16_20060727.tar.bz2
>  http://people.balabit.hu/hidden/tproxy2-2.6.17_20060727.tar.bz2
>  http://people.balabit.hu/hidden/tproxy2-2.6.18_20060727.tar.bz2

For the impatient, here is the squid3 patch (works with all 
versions of tproxy2):


It requires that you ... 'somehow' give the squid user CAP_NET_ADMIN. That 
is left as an exercise to the user, but the multiadm kernel module 
(http://freshmeat.net/p/multiadm/ ) has a solution for this too, and it's 
even documented.

squid 2.6 apparently seems to have tproxy support in mainline by now, but 
it does an icky way to get the CAP_NET_ADMIN thing, using prctl and 
thelike. I have no idea if and how it works, and I will not devote any 
time, for I really/only need squid3 (has better logging options!).

Jan Engelhardt

More information about the tproxy mailing list