[tproxy] SQUID 3.1 and TPROXY

Anton anton.vazir at gmail.com
Wed May 21 14:01:33 CEST 2008 

But it's a 4.1 patch for 2.6.24 kernel and the installation 
partially working and I'm getting this complain once in a 
dosen of requests. - maybe once in 20, sometimes 50 or 100 
requests. - the rest are ok and transparently handled by 
TPROXY and SQUID.

On Wednesday 21 May 2008 16:28, Laszlo Attila Toth wrote:
> Hello,
>
> It seems that the kernel doesn't support IP_TRANSPARENT
> socket option. But if you use the tproxy 4.1 patch, it
> can't happen. ( ?? )
>
> Anton wrote:
> > Hi Laszlo!
> >
> > Just a little question, regarding the partly working
> > TPROXY in SQUID 3.1 (Surely you have seen my post in
> > squid-dev with my results), do you think that the
> > following is solely SQUID problem, or it might be
> > TPROXY problem?
> >
> > 2008/05/20 21:25:47| IPInterception.cc(169)
> > NetfilterTransparent:  NF getsockopt(IP_TRANSPARENT)
> > failed: (92) Protocol not available 2008/05/20
> > 21:25:53| commBind: Cannot bind socket FD 35 to
> > 192.168.1.177:3976: (98) Address already in use
> > 2008/05/20 21:25:53| comm.cc(994) commResetFD: bind:
> > (98) Address already in use 2008/05/20 21:25:59|
> > commBind: Cannot bind socket FD 31 to
> > 192.168.1.177:3977: (98) Address already in use
> > 2008/05/20 21:25:59| comm.cc(994) commResetFD: bind:
> > (98) Address already in use
> >
> > On Friday 16 May 2008 14:07, Laszlo Attila Toth wrote:
> >> Hello,
> >>
> >> Anton wrote:
> >>> Dear Laszlo,
> >>>
> >>> Just a little confulsed with your statement (below)
> >>> on the squid 3.1 wiki - does that mean that TPROXY in
> >>> 3.1 is non usable yet?
> >>>
> >>> --- from squid wiki - Feature: TPROXY Update
> >>>
> >>> "It is not yet finished, the squid proxy doesn't bind
> >>> to the client's address. Furthermore I think it would
> >>> be better to have a different option for this, and
> >>> "tproxy" wouldn't imply this."
> >>
> >> When I wrote this email, I tried to create a patch for
> >> squid-2.6-STABLE18 with the mentioned results, also it
> >> is still not (fully) working.
> >>
> >> But Squid-3.1 is works well with TProxy 4.1 and this
> >> code is part of the official squid-3.1 code.
> >>
> >> Laszlo

More information about the tproxy mailing list