Laszlo Attila Toth wrote:
> Hello,
>
> We only supports TProxy version 4.1 but in the squid "--enable-tproxy"
> requires version 2 which is obsolete for a while.
>
> Current implementation doesn't require kernel support, only a new socket
> option, IP_TRANSPARENT, also I made a patch which drops
> "--enable-tproxy" because TProxy 4.1 uses netfilter/iptables (TPROXY
> target and socket match). If "--enable-linux-netfilter" is used, the
> "tproxy" option is available for "http_proxy".
>
> It is not yet finished, the squid proxy doesn't bind to the client's
> address. Furthermore I think it would be better to have a diferent
> option for this, and "tproxy" wouldn't imply this.
>
> The patch is available here for 2.6-STABLE18:
>
> http://www.balabit.com/downloads/files/tproxy/
>
>
> Any suggestions?
Dropping support for tproxy <4 entirely out of squid-2 is not a good
choice. Squid-3 this may be possibly done.
A new configure option --enable-linux-transparent-intercept which
pre-empts --enable-linux-netfilter and --enable-tproxy would be a better
choice.
Users of tproxy4+ can then use that option and choose their target.
Which code alteration means:
- migrate defined LINUX_TPROXY -> LINUX_TPROXY2
- add defined LINUX_TPROXY4
- make flags.tproxy:1 --> #if LINUX_NETFILTER || LINUX_TPROXY4
etc.
Amos
-- Please use Squid 2.6STABLE17+ or 3.0STABLE1+ There are serious security advisories out on all earlier releases.Received on Wed Mar 05 2008 - 03:15:27 MST
This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:10 MDT