Re: TPROXY support in Squid 3 from Adrian Chadd on 2008-04-07 (squid-dev)

From: Adrian Chadd <adrian@dont-contact.us>
Date: Tue, 8 Apr 2008 01:16:18 +0800

In fact, there shouldn't be any LINUX_TPROXY* defines in the main codetree.
There should be a "SERVER_SPOOF" define which ties in all of the connection
tracking stuff, and a clean cut API for doing TPROXY2/TPROXY4/etc socket
manipulation.

Gah, this makes me want to just ignore more classwork and fix the tproxy
support in Squid-2 to show how it should be done..

Adrian

On Mon, Apr 07, 2008, Henrik Nordstrom wrote:
> m??n 2008-04-07 klockan 23:11 +1200 skrev Amos Jeffries:
> > We have come up with a 'final-beta' patch for squid-3 now.
> > http://treenet.co.nz/projects/squid/patches/tproxy-squid-3_20080407.patch
> > Just waiting on Laszlo final approval.
>
> Some comments...
>
> There should be a general TPROXY define, shared by all, or the common
> os-independent code should always be enabled. I do not want to see #if
> LINUX_TPROXY2 || LINUX_TPROXY4 defines in the general code. Such ifs
> should only be seen in the lowlevel implementation. And from a code
> maintenance perspective it's best is the common code is always built,
> just as is done for the transparent interception code. The drawback is
> that it costs one or two cpu cycles more per requests even if the
> feature is not available on the platform but it's much much less likely
> the feature gets broken by other changes.
>
>
>
> + /* AYJ: do we actually need to set this again on every accept? */
> + if(fd_table[fd].flags.transparent == 1) {
> + comm_set_transparent(sock);
> + F->flags.transparent = 1;
> + }
>
> You need to at least set the internal flag. But you most likely do no
> need to make the comm call telling the kernel it's a transparent
> connection (it already knows..)
>
>
> Is this indended?
>
>
> @@ -652,7 +673,6 @@
> addr.GetAddrInfo(AI);
> AI->ai_socktype = sock_type;
> AI->ai_protocol = proto;
> - AI->ai_flags = flags;
>
> debugs(50, 3, "comm_openex: Attempt open socket for: " << addr );
>
>
>
> Regards
> Henrik

-- 
- Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support -
- $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -

Received on Mon Apr 07 2008 - 10:58:49 MDT

This archive was generated by hypermail 2.2.0 : Wed Apr 30 2008 - 12:00:07 MDT