[tproxy] Squid-2.6 patch
Ming-Ching Tiew
mingching.tiew at redtone.com
Tue Mar 4 08:07:20 CET 2008
Gonzalo Arana wrote:
> Hi,
>
> On Mon, Mar 3, 2008 at 12:33 PM, Laszlo Attila Toth <panther at balabit.hu> wrote:
>
>> Hi,
>>
>> Gonzalo Arana wrote:
>> >
>> > Try the patch located in http://www.squid-cache.org/bugs/show_bug.cgi?id=2129
>> > Please, note that this is still unofficial path. Any feedback about
>> > it is much appreciated.
>> >
>>
>> Does the foreign bind work with this patch? I rewrote the patch for
>>
>
> Indeed. I believe it is called freebind.
>
>
>> 2.6-STABLE18 and perhaps I missed something. What I see on the webserver
>> is that the squid connects with its own IP address instead of the
>> client's address. Config:
>> http_port 3128 tproxy
>>
>
> Odd. My patch requires that comm_fdopenex be called with
> COMM_FREEBIND, so that setsockopt(fd, SOL_IP, IP_FREEBIND, &on, ...)
> is called before bind(2) is.
>
>
Sorry if I mentioned something inaccurate, as this is based
on my reading of the patch ( and not based on actual testing ) :-
1. The patch requires LINUX_TPROXY to be defined.
2. The patch requires --enable-tproxy to be specified
at 'configure'.
3. However, on a machine supporting tproxy-4.0.x,
there is no such include file :-
#include <linux/netfilter_ipv4/ip_tproxy.h>
4. 'configure' detected the absence of this file, and it
silently ignore '--enable-tproxy'.
5. therefore the program has been compiled without
LINUX_TPROXY defined.
Does it explain why tproxy has not been honoured ?
Cheers
More information about the tproxy
mailing list