[tproxy] Tproxy + Squid 2.6

[Enrico Demarin (home)]

>/ However Squid doesnt seem to able to spoof the original IP:
/
> tproxy needs CAP_NET_ADMIN. Which you do not have when running in 
> unprivileged mode. And running in privileged mode (root) is inhibited by 
> squid.

>/ Did any one get squid+cttproxy to work on a bridge ? What am I missing
/>/ ?
/
> Something that gives your squid user the CAP_NET_ADMIN capability.

Doesnt this do it ( squid 2.6,  tools.c ) ? I added a debug message and it's printed during init however i still get the ERROR ASSIGN messages.


#if LINUX_TPROXY
    if (need_linux_tproxy) {
        cap_user_header_t head = (cap_user_header_t) xcalloc(1, sizeof(cap_user_header_t));
        cap_user_data_t cap = (cap_user_data_t) xcalloc(1, sizeof(cap_user_data_t));

        head->version = _LINUX_CAPABILITY_VERSION;
        head->pid = 0;
        cap->inheritable = cap->permitted = cap->effective = (1 << CAP_NET_ADMIN) + (1 << CAP_NET_BIND_SERVICE) + (1 << CAP_NET_BROADCAST);


        if (capset(head, cap) != 0) {
            xfree(head);
            xfree(cap);
            fatal("Error giving up capabilities");
        }
        debug(50,0) ("Caps set to %x",cap->effective);
        xfree(head);
        xfree(cap);
    }
#endif