[PATCH] ACL to control TPROXY spoofing

From: Steve Hill <steve_at_opendium.com>
Date: Wed, 19 Dec 2012 16:04:53 +0000

The attached patch adds a "spoof" fast ACL to control whether TPROXY
requests have their source IP address spoofed by Squid. The ACL
defaults to allow (i.e. the current normal behaviour), but using an ACL
that results in a deny result will disable spoofing for that request.

Example config (disables spoofing for all requests):
        spoof deny all

The patch also does a bit of code-cleanup:

1. The flags.spoofClientIp flag was a general "this is a TPROXY request"
flag, which was a bit confusing given the name of the flag. So the
flags.spoofClientIp flag now only indicates whether we want to spoof the
source IP or not.

2. The logic for requests handled by a "tproxy" port and those handled
by an "intercept" port is pretty much identical, so the
flags.intercepted flag is now used to generically indicate that the
request has been intercepted either by "intercept" or "tproxy".

-- 
  - Steve Hill
    Technical Director
    Opendium Limited     http://www.opendium.com
Direct contacts:
    Instant messager: xmpp:steve_at_opendium.com
    Email:            steve_at_opendium.com
    Phone:            sip:steve_at_opendium.com
Sales / enquiries contacts:
    Email:            sales_at_opendium.com
    Phone:            +44-844-9791439 / sip:sales_at_opendium.com
Support contacts:
    Email:            support_at_opendium.com
    Phone:            +44-844-4844916 / sip:support_at_opendium.com

Received on Wed Dec 19 2012 - 16:05:02 MST

This archive was generated by hypermail 2.2.0 : Thu Dec 20 2012 - 12:00:16 MST