tis 2008-04-08 klockan 14:28 +0800 skrev Adrian Chadd:
> Take 2: includes initial modularisation (untested; I'll test it at home
> this weekend when I get my tproxy box back online) and configure magic
> (with placeholders for tproxy4/freebsd.)
>
> http://www.creative.net.au/diffs/20080408-tproxy-fix-2.diff
Comments:
commTransparentRemote needs to move into comm_openex. You can't fit
tproxy4/freebsd in a reasnoable manner otherwise.
By removing the need_linux_tproxy you just killed the capability to fall
back no non-tproxy connections if we failed to gain the capabilities
needed.. cache.log will now get filled with tons of errors in such
setups., where you earlier only got a single warning about continuing
without tproxy support..
> * pull out the capabilities stuff, removing the last #ifdef LINUX_TPROXY
> from the source
TPROXY both versions need the special capabilities, and we do not want
to keep these capabilities if TPROXY is not used..
> * make sure upstream/peer-forwarded requests aren't thrown to the tproxy
> code.
Consider a local proxy connecting to a remote proxy. You may want to
still show the actual client IPs to the remote proxy just as you do to
websites..
A cache_peer flag controlling this would make sense, probably defaulting
to not spoof the client ip on requests sent to peers..
Regards
Henrik
Received on Tue Apr 08 2008 - 07:32:10 MDT
This archive was generated by hypermail 2.2.0 : Wed Apr 30 2008 - 12:00:07 MDT