[tproxy] [Merak Spam 4.17] Problem with Tproxy more kernel 2.6.22.9

[Ming-Ching Tiew]

Welisson wrote:
> Hi all,
>
> Somebody it would know to say because of this error in the compilation 
> of kernel 2.6.22.9 <http://2.6.22.9/>, in system x86_64
>
> net/netfilter/xt_tproxy.c:48: warning: initialization from 
> incompatible pointer type
> net/netfilter/xt_tproxy.c:56: warning: initialization from 
> incompatible pointer type
>
> I applied patch tproxy-4.0.3-2.6.22, in this kernel, iptables 
> iptables-1-3.8.diff, and compiled squid-2.6STABLE17, and in going up 
> of squid it returns.
>
> "Missing needed capability support. Will continue without tproxy support"
>
> Parameter of compiled squid
>
> Squid Cache: Version 2.6.STABLE17-20080108
> configure options:  '--sysconfdir=/etc/squid' '--enable-storeio=aufs,coss
> ,diskd,ufs' '--enable-poll' '--enable-delay-pools' 
> '--enable-linux-tproxy' '--enable-htcp' '--enable-carp' 
> '--with-pthreads' '--enable-underscores' 
> '--enable-external--enable-arp-acl' '--enable-follow-x-forwarded-for'
>

If you haven't apply the squid patch, you will obviously won't be able 
to use tproxy4 with squid.

Note that the previous squid patch submitted here in this forum has got 
some problems :-

1. If does not patch the 'autoconfigure' at all, so if you apply the 
squid patch on a 2.6.22 system, Squid (being wired to look for tproxy2 
headers ) will still unable to enable linux-tproxy even if you specify 
the correct configure options, so ~lib/autoconf.h will still not define 
TPROXY as 1.

2. Even if you manually enable the linux-tproxy option by changing 
~include/autoconf.h to define TPROXY 1, squid will still not compile 
because of lack of tproxy2 headers, the source code ~src/forward.c  
should be modified to remove dependency on tproxy2 headers ( ie remove 
include <linux/netfiler_ipv4/ip_tproxy.h> ).

So even if you apply the squid patch, you will still have problems, does 
not matter if it is 32 bit or 64 bit.

Ming-Ching