[tproxy] SQUID 3.1 and TPROXY

Laszlo Attila Toth panther at balabit.hu
Wed May 21 13:28:59 CEST 2008


Hello,

It seems that the kernel doesn't support IP_TRANSPARENT socket option. 
But if you use the tproxy 4.1 patch, it can't happen. ( ?? )

Anton wrote:
> Hi Laszlo!
> 
> Just a little question, regarding the partly working TPROXY in SQUID 3.1 (Surely you have seen my post in squid-dev with my results),
> do you think that the following is solely SQUID problem, or it might be TPROXY problem?
> 
> 2008/05/20 21:25:47| IPInterception.cc(169) NetfilterTransparent:  NF getsockopt(IP_TRANSPARENT) failed: (92) Protocol not available
> 2008/05/20 21:25:53| commBind: Cannot bind socket FD 35 to 192.168.1.177:3976: (98) Address already in use
> 2008/05/20 21:25:53| comm.cc(994) commResetFD: bind: (98) Address already in use
> 2008/05/20 21:25:59| commBind: Cannot bind socket FD 31 to 192.168.1.177:3977: (98) Address already in use
> 2008/05/20 21:25:59| comm.cc(994) commResetFD: bind: (98) Address already in use
> 
> On Friday 16 May 2008 14:07, Laszlo Attila Toth wrote:
>> Hello,
>>
>> Anton wrote:
>>> Dear Laszlo,
>>>
>>> Just a little confulsed with your statement (below) on
>>> the squid 3.1 wiki - does that mean that TPROXY in 3.1
>>> is non usable yet?
>>>
>>> --- from squid wiki - Feature: TPROXY Update
>>>
>>> "It is not yet finished, the squid proxy doesn't bind
>>> to the client's address. Furthermore I think it would
>>> be better to have a different option for this, and
>>> "tproxy" wouldn't imply this."
>> When I wrote this email, I tried to create a patch for
>> squid-2.6-STABLE18 with the mentioned results, also it is
>> still not (fully) working.
>>
>> But Squid-3.1 is works well with TProxy 4.1 and this code
>> is part of the official squid-3.1 code.
>>
>> Laszlo
> 


More information about the tproxy mailing list