[tproxy] is there a release plan of tproxy patch for kernel
2.6.16 or 2.6.17
Jan Engelhardt
jengelh at linux01.gwdg.de
Fri Jul 28 16:23:08 CEST 2006
> Sure, I'm already testing those releases. Unfortunately I still have git
>related problems with the linux-2.4 repository on kernel.org, so the 2.4
>patch is still missing. That's why I did not release 2.0.5 today.
Who is really using 2.4 these days? I know, all those sad souls who bought
a long-time support Redhat contract some years ago. :-( But given that you
need to patch the kernel anyhow makes the jump to 2.6 easy. (Like in this
case.)
> For the impatient, however, there are pre-released patches for 2.6.16,
>2.6.17, and 2.6.18-rc2. These patches have seen a limited amount of testing
>and generally seem to work OK:
>
> http://people.balabit.hu/hidden/tproxy2-2.6.16_20060727.tar.bz2
> http://people.balabit.hu/hidden/tproxy2-2.6.17_20060727.tar.bz2
> http://people.balabit.hu/hidden/tproxy2-2.6.18_20060727.tar.bz2
For the impatient, here is the squid3 patch (works with all
versions of tproxy2):
http://jengelh.hopto.org/f/squid-3.0-tproxy2.diff
It requires that you ... 'somehow' give the squid user CAP_NET_ADMIN. That
is left as an exercise to the user, but the multiadm kernel module
(http://freshmeat.net/p/multiadm/ ) has a solution for this too, and it's
even documented.
squid 2.6 apparently seems to have tproxy support in mainline by now, but
it does an icky way to get the CAP_NET_ADMIN thing, using prctl and
thelike. I have no idea if and how it works, and I will not devote any
time, for I really/only need squid3 (has better logging options!).
Cheers,
Jan Engelhardt
--
More information about the tproxy
mailing list