Adrian Chadd wrote:
On Wed, Mar 05, 2008, Laszlo Attila Toth wrote:
Okay, I simply add other hunks to squid code as Amos wrote:
- migrate defined LINUX_TPROXY -> LINUX_TPROXY2
- add defined LINUX_TPROXY4
Well, LINUX_TPROXY defines a whole bunch of stuff relevant to generic
"full" transparency as well as the TPROXY specific stuff.
That needs to broken out somewhat. Argh, I wish I had the time
to poke it.
Hm. I don't know what would be the best way, because I am not familiar
with the squid code. What I know is: TProxy4 requires minimal code
change. My problem is: where to change and how to use ifdef-ed codes
(LINUX_TPROXY and the two new: LINUX_TPROXY2, LINUX_TPROXY4).
It requires the following socket option:
#ifndef IP_TRANSPARENT
#define IP_TRANSPARENT 19
#endif
Then both the listening socket and the outgoing socket has to get this
socket option (if the setsockopt fails, tproxy can be ignored).
The socket option requires CAP_NET_ADMIN capability.
Regards,
Attila
