On Thu, 14 Dec 2000, Henrik Nordstrom wrote:
> Hmm... running Squid transparently on Linux-2.4 without this patch, and
> have not noticed any problems. But I will look again a little closer
> this time...
That is because you are using a new enough client that sends the "Host:"
header with the HTTP request. If you use an older client (thankfully, there
are few) which does not use this header, the request will fail because
Squid will not be able to determine where it is to go.
In this case, Squid looks up the original destination IP address by calling
getsockname() to get the local IP address of the socket. On Linux 2.0 and
2.2, for a transparently redirected connection (Destination NAT) it would
return the IP address of the original destination. In Linux 2.4 NAT has
been seperated from the TCP/IP core, so the getsockname() call will return
the IP address of the Squid proxy. Squid then tries to get a web page from
its own server. My patch instead calls getsockopt() with the new
SO_ORIGINAL_DST option to correctly get the original destination IP
address.
This is rarely needed because most clients do send the Host header, but for
Squid to work "correctly" on Linux 2.4 with transparent proxying, it needs
my patch.
-- Evan Jones - ejones@netwinder.org Technology with Attitude - Rebel.comReceived on Fri Dec 15 2000 - 04:24:59 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:04 MST