[tproxy] Is there a usable TPROXY4+squid+linuxKernel patches?
Laszlo Attila Toth
panther at balabit.hu
Wed May 14 08:54:44 CEST 2008
Hello,
Anton VG wrote:
> Hello!
>
> Just confused with some staff and can't find answers myself, decided
> to finally ask here ;)
> I'm an old user of -tproxy for over than 3 years now, and used the
> first -tproxy with SQUID 2.4STABLE5 for a long while before upgrading
> to squid 2.6stable18 recently - but after a few months of use - I
> found that -tproxy patched kenel+SQUID2.6STABLE_X influences weirdly
> (inserts delay up to several seconds!) on the any transit traffic
> (kernel ip stack???) when it get's hit by certain type of traffic on
> the proxy-redirect port (I pcap-ed the weird traffic - but did not
> udertood yet why it has such impact) - and had to disable PROXY
> entirely on the transit cache and wait for next usable version to try.
> But still cannot find what version I could try on the production
> cache...
>
> For a 2 last monthes periodically looking at the
> http://www.balabit.com/downloads/files/tproxy/
> frequently saw a newer versions pf patches, but I was never able to
> cleanly apply any of the patches to any of the
> corresponding Linux Kernel v 2.6.24 or 2.6.25 and the SQUID-3.0STABLE-X
Strange because the patches are on the top of v2.6.24 and v2.6.25 tags
of Linus' git tree. If you use any other version of the kernel, could
you tell, where is it available? Now I can check the patches with kernel
releases of Gentoo or Ubuntu...
>
> Also even the patch
>
> tproxy4-squid-3.0.STABLE4.patch - looks suspicious since does not
> apply cleanly to any of the SQUID versions 3.0Stable 4 or STABLE5
> (below is the patch output)
I've deleted this patch because it is now in the official Squid-3
source, (its version is 3.1). It can be checked out as in:
http://wiki.squid-cache.org/Squid3VCS
When you have the source code, in the squid source directory:
./bootstrap.sh
./configure --enable-linux-netfilter &&
make &&
make install
>
> and notes internally to the STABLE6 - which is not yet released
> (according to the SQUID downloads page)
>
> Just please could you point out to the working versions of the
> tproxy4.1 patches for any of the 2.4.20+ kernels and squid
> 3.0STABLE_ANY ?
I'm sorry but TProxy 4.1 won't be released for the 2.4 tree. Both
squid-3 and squid-2.6 works with the cttproxy2 patches, also you get the
same functionality.
>
> Trying patching the kernel - looks I would need corresponding -git
> development branch - but I'm not so familiar
> with -git yet.
The following two commands are enough:
git clone
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git
cd linux-2.6
git checkout -b my-2.6.24 v2.6.24
or
git checkout -b my-2.6.25 v2.6.25
Then you can apply the patches from the latest tproxy-kernel-*bz2 files.
>
> I would be just gratefull if you could point me out to a working
> versions of patches for TPROXY 4.1 for kernel and squid.
>
> Below is my output for trying patching squid Stable4
>
> Kind regards,
> Anton.
>
> --
> What i get while trying patching the squid.
This patch is somehow not for squid-3.0.STABLE4 but for the bzr source.
>
> cacheng:/usr/src/TPROXY4/squid-3.0.STABLE4# patch -p0 <
> tproxy4-squid-3.0.STABLE4.patch
> patching file ChangeLog
> Hunk #1 FAILED at 1.
> 1 out of 1 hunk FAILED -- saving rejects to file ChangeLog.rej
> patching file configure.in
> Reversed (or previously applied) patch detected! Assume -R? [n] y
> can't find file to patch at input line 83
> Perhaps you used the wrong -p or --strip option?
> The text leading up to this was:
> --------------------------
> |
> |=== modified file 'doc/release-notes/release-3.0.sgml'
> |--- doc/release-notes/release-3.0.sgml 2008-04-01 11:51:41 +0000
> |+++ doc/release-notes/release-3.0.sgml 2008-04-24 07:39:18 +0000
> --------------------------
> File to patch:
> Skip this patch? [y] y
> Skipping patch.
> 2 out of 2 hunks ignored
> patching file src/ACLChecklist.cc
> patching file src/IPInterception.cc
> patching file src/IPInterception.h
> patching file src/cache_cf.cc
> patching file src/cf.data.pre
> patching file src/client_side.cc
> Hunk #1 succeeded at 1792 (offset 2 lines).
> Hunk #2 FAILED at 1963.
> Hunk #3 succeeded at 2188 (offset -1 lines).
> Hunk #4 succeeded at 2705 (offset -1 lines).
> Hunk #5 succeeded at 3013 (offset -1 lines).
> Hunk #6 succeeded at 3028 (offset -1 lines).
> 1 out of 6 hunks FAILED -- saving rejects to file src/client_side.cc.rej
> patching file src/client_side_request.h
> patching file src/comm.cc
> patching file src/fde.h
> patching file src/forward.cc
> Hunk #5 succeeded at 833 (offset 2 lines).
> Hunk #6 FAILED at 870.
> Hunk #7 succeeded at 1214 (offset -28 lines).
> 1 out of 7 hunks FAILED -- saving rejects to file src/forward.cc.rej
> patching file src/forward.h
> Hunk #1 succeeded at 94 (offset -1 lines).
> patching file src/globals.h
> patching file src/http.cc
> patching file src/structs.h
> patching file src/tools.cc
> cacheng:/usr/src/TPROXY4/squid-3.0.STABLE4#
> _______________________________________________
> tproxy mailing list
> tproxy at lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/tproxy
>
--
Panther
More information about the tproxy
mailing list