Re: TPROXY support in Squid 3

From: Adrian Chadd <adrian@dont-contact.us>
Date: Tue, 1 Apr 2008 23:53:08 +0800

On Mon, Mar 31, 2008, Alex Rousskov wrote:

> What about Adrian plans (if I understood them correctly) to add
> TPROXY-like support to FreeBSD but not for TPROXY4-like API? Is that a
> good enough reason to continue supporting unsupported TPROXY versions?

The FreeBSD API will be almost like the TPROXY-4 API.

I'd suggest supporting TPROXY-2 for a few reasons:

* Those who are using it may not want to track the latest kernel + TPROXY
  patches for various reasons (if it just works; company policy; etc.)
  and I think its easy enough to maintain support for both without
  too much hassle.

* Supporting both TPROXY-2 and TPROXY-4 will (hopefully!) force someone
  to integrate it cleanishly and avoid the Squid-2 ip interception mess!

* Thus making it easier for me to drop in a FreeBSD version of "tproxy"
  without too much hassle (or #ifdef's for that matter.)

It shouldn't be that difficult to isolate the bits of the code required for
spoofing the client IP in the request versus the TPROXY-specific stuff.
In fact, the only tproxy-specific stuff I can really see is:

* the logic in forward.c to the local bind, which can be wrapped up as
  part of the socket creation process, and
* The initialisation code, which in the tproxy-2 case does capabilities
  magic.

Adrian

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
Received on Tue Apr 01 2008 - 09:36:13 MDT

This archive was generated by hypermail 2.2.0 : Wed Apr 30 2008 - 12:00:07 MDT