[tproxy] tproxy4, kernel 2.6.22 and squid-2.6.stable13

Andrey Luzgin andrey at icomsw.com
Sun Dec 16 01:22:30 CET 2007


We tried to modify forward.c in squid source like this:

#if LINUX_TPROXY
        /* hack to allow rewrite to 127.0.0.1: */
        if (fwdState->request->flags.tproxy && strcmp(host,"127.0.0.1"))
{
            itp.v.addr.faddr.s_addr = fwdState->src.sin_addr.s_addr;
            itp.v.addr.fport = 0;

            /* If these syscalls fail then we just fallback to
connecting
             * normally by simply ignoring the errors...
             */
            #define IP_FREEBIND 15
            int x=1;
            if (setsockopt(fd, SOL_IP, IP_FREEBIND, &x, sizeof(x)) ==
-1) {
                debug(20, 1) ("tproxy ip=%s,0x%x,port=%d ERROR ASSIGN
\n",
                    inet_ntoa(itp.v.addr.faddr),
                    itp.v.addr.faddr.s_addr,
                    itp.v.addr.fport);
            } else {

                static struct sockaddr_in to_addr;
                bzero(&to_addr, sizeof(struct sockaddr_in));
                to_addr.sin_family = AF_INET;
                to_addr.sin_port = 0;
                /*statuc  IP-adress of the client for testing */
                if( inet_aton(  "XXX.XXX.XXX.XXX", &to_addr.sin_addr )
== 0 ) { 
                    debug(20, 1) ("tproxy fail to set to_addr.sin.addr
\n");
                }
            /* Here it falls */
                if (bind(fd, (struct sockaddr *) &to_addr,
sizeof(to_addr)) == -1) {
                    debug(20, 1) ("tproxy fail to bind\n");
                }
                /*
                itp.op = TPROXY_FLAGS;
                itp.v.flags = ITP_CONNECT;
                if (setsockopt(fd, SOL_IP, IP_TPROXY, &itp, sizeof(itp))
== -1) {
                    debug(20, 1) ("tproxy ip=%x,port=%d ERROR CONNECT
\n",
                        itp.v.addr.faddr.s_addr,
                        itp.v.addr.fport);
                }
                */
            }

        }
#endif

We receive the message "tproxy fail to bind". 
-- 
Andrey Luzgin <andrey at icomsw.com>
I-com software(www.icomsw.com)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/tproxy/attachments/20071216/dcc3b0ba/attachment.htm 


More information about the tproxy mailing list