On Wed, Mar 05, 2008, Laszlo Attila Toth wrote: > Hm. I don't know what would be the best way, because I am not familiar > with the squid code. What I know is: TProxy4 requires minimal code > change. My problem is: where to change and how to use ifdef-ed codes > (LINUX_TPROXY and the two new: LINUX_TPROXY2, LINUX_TPROXY4).
> It requires the following socket option: > > #ifndef IP_TRANSPARENT > #define IP_TRANSPARENT 19 > #endif Yeah, you guys are doing it exactly like how we're fiddling with it in FreeBSD. :) Set socket option, then do bind() to non-local address. > Then both the listening socket and the outgoing socket has to get this > socket option (if the setsockopt fails, tproxy can be ignored). Yup. > The socket option requires CAP_NET_ADMIN capability. OK. Well, there's two part - part A is all the stuff which sets the client/server connections are participating in the "tproxy" connection; part B is the stuff to talk to TPROXY/FreeBSD to do the relevant socket options and what not. I'll look at combining your stuff, my stuff and Gonzalo's stuff into something for Squid-2 soon and see how it works out. Thanks! Adrian -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
