[tproxy] tproxy4, kernel 2.6.22 and squid-2.6.stable13
Andrey Luzgin
andrey at icomsw.com
Sun Dec 16 01:22:30 CET 2007
We tried to modify forward.c in squid source like this:
#if LINUX_TPROXY
/* hack to allow rewrite to 127.0.0.1: */
if (fwdState->request->flags.tproxy && strcmp(host,"127.0.0.1"))
{
itp.v.addr.faddr.s_addr = fwdState->src.sin_addr.s_addr;
itp.v.addr.fport = 0;
/* If these syscalls fail then we just fallback to
connecting
* normally by simply ignoring the errors...
*/
#define IP_FREEBIND 15
int x=1;
if (setsockopt(fd, SOL_IP, IP_FREEBIND, &x, sizeof(x)) ==
-1) {
debug(20, 1) ("tproxy ip=%s,0x%x,port=%d ERROR ASSIGN
\n",
inet_ntoa(itp.v.addr.faddr),
itp.v.addr.faddr.s_addr,
itp.v.addr.fport);
} else {
static struct sockaddr_in to_addr;
bzero(&to_addr, sizeof(struct sockaddr_in));
to_addr.sin_family = AF_INET;
to_addr.sin_port = 0;
/*statuc IP-adress of the client for testing */
if( inet_aton( "XXX.XXX.XXX.XXX", &to_addr.sin_addr )
== 0 ) {
debug(20, 1) ("tproxy fail to set to_addr.sin.addr
\n");
}
/* Here it falls */
if (bind(fd, (struct sockaddr *) &to_addr,
sizeof(to_addr)) == -1) {
debug(20, 1) ("tproxy fail to bind\n");
}
/*
itp.op = TPROXY_FLAGS;
itp.v.flags = ITP_CONNECT;
if (setsockopt(fd, SOL_IP, IP_TPROXY, &itp, sizeof(itp))
== -1) {
debug(20, 1) ("tproxy ip=%x,port=%d ERROR CONNECT
\n",
itp.v.addr.faddr.s_addr,
itp.v.addr.fport);
}
*/
}
}
#endif
We receive the message "tproxy fail to bind".
--
Andrey Luzgin <andrey at icomsw.com>
I-com software(www.icomsw.com)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20071216/dcc3b0ba/attachment.htm
More information about the tproxy
mailing list