Re: [squid-users] CONNECT method support(for https) using squid3.1.0.6 + tproxy4

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 23 Apr 2009 03:07:21 +1200

Mikio Kishi wrote:
> Hi, Amos
>
>> Ah, you need the follow_x_forwarded_for feature on Proxy(1).
>
> That's right, I know about that, but I'd like to use "source address
> spoofing"...
>
> Just only following enables my anxiety.

lol.

>
> replacing In tunnelStart()#tunnel.cc
>
>> sock = comm_openex(SOCK_STREAM,
>> IPPROTO_TCP,
>> temp,
>> COMM_NONBLOCKING,
>> getOutgoingTOS(request),
>> url);
>
> with
>
>> if (request->flags.spoof_client_ip) {
>> sock = comm_openex(SOCK_STREAM,
>> IPPROTO_TCP,
>> temp,
>> (COMM_NONBLOCKING|COMM_TRANSPARENT),
>> getOutgoingTOS(request),
>> url);
>> } else {
>> sock = comm_openex(SOCK_STREAM,
>> IPPROTO_TCP,
>> temp,
>> COMM_NONBLOCKING,
>> getOutgoingTOS(request),
>> url);
>> }
>
> I think it has no harmful effects. I long for that.
> Would you modify that ?

Only slightly. The regular way is to move COMM_NONBLOCKING flag into a
local variable which gets |= COMM_TRANSPARENT done to it when spoofing
(reduced code to break).

But essentially I think so. Have you actually tested this at all?

Once this is confirmed no side-effects I'll merge.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
   Current Beta Squid 3.1.0.7
Received on Wed Apr 22 2009 - 15:07:25 MDT

This archive was generated by hypermail 2.2.0 : Wed Apr 22 2009 - 12:00:02 MDT