[tproxy] Squid-2.6 patch

Ming-Ching Tiew mingching.tiew at redtone.com
Tue Mar 4 08:07:20 CET 2008

Gonzalo Arana wrote:
> Hi,
> On Mon, Mar 3, 2008 at 12:33 PM, Laszlo Attila Toth <panther at balabit.hu> wrote:
>> Hi,
>>  Gonzalo Arana wrote:
>>  >
>>  > Try the patch located in http://www.squid-cache.org/bugs/show_bug.cgi?id=2129
>>  > Please, note that this is still unofficial path.  Any feedback about
>>  > it is much appreciated.
>>  >
>>  Does the foreign bind work with this patch? I rewrote the patch for
> Indeed.  I believe it is called freebind.
>>  2.6-STABLE18 and perhaps I missed something. What I see on the webserver
>>  is that the squid connects with its own IP address instead of the
>>  client's address. Config:
>>  http_port 3128 tproxy
> Odd.  My patch requires that comm_fdopenex be called with
> COMM_FREEBIND, so that setsockopt(fd, SOL_IP, IP_FREEBIND, &on, ...)
> is called before bind(2) is.
Sorry if I mentioned something inaccurate, as this is based
on my reading of the patch ( and not based on actual testing ) :-

1. The patch requires LINUX_TPROXY to be defined.
2. The patch requires --enable-tproxy to be specified
     at 'configure'.
3. However, on a machine supporting tproxy-4.0.x,
     there is no such include file :-  
          #include <linux/netfilter_ipv4/ip_tproxy.h>
4. 'configure' detected the absence of this file, and it
    silently ignore '--enable-tproxy'.
5. therefore the program has been compiled without
    LINUX_TPROXY defined.

Does it explain why tproxy has not been honoured ?


More information about the tproxy mailing list