> On Tue, 2008-04-08 at 15:15 +0200, Henrik Nordstrom wrote:
>> tis 2008-04-08 klockan 17:59 +1200 skrev Amos Jeffries:
>> > Currently:
>> >fde::flags::transparent == 'intercept/non-intercept'
>> >fde::flags::tproxy == real-transparent/non-transparent
>> >(new) COMM_TRANSPARENT == real-
On Tue, Apr 08, 2008, Adrian Chadd wrote:
>
Take 3:
http://www.creative.net.au/diffs/20080408-tproxy-fix-2.diff
* restored the global flag which indicates "tproxy"ness; renamed to
enable_spoof_srv
* moved the tproxy "bind" stuff into comm.c, with a flag to comm_openex()
* changed forward.c to
tis 2008-04-08 klockan 22:17 +0800 skrev Adrian Chadd:
> > > * make sure upstream/peer-forwarded requests aren't thrown to the tproxy
> > > code.
> >
> I read the current code as "don't do that"; its the behaviour I'd like to
> maintain. We can always add the functionality later.
Yes, it is no
On Tue, 2008-04-08 at 15:15 +0200, Henrik Nordstrom wrote:
> tis 2008-04-08 klockan 17:59 +1200 skrev Amos Jeffries:
> > Currently:
> >fde::flags::transparent == 'intercept/non-intercept'
> >fde::flags::tproxy == real-transparent/non-transparent
> >(new) COMM_TRANSPARENT == real-transpa
On Tue, Apr 08, 2008, Henrik Nordstrom wrote:
>
> tis 2008-04-08 klockan 14:28 +0800 skrev Adrian Chadd:
> > Take 2: includes initial modularisation (untested; I'll test it at home
> > this weekend when I get my tproxy box back online) and configure magic
> > (with placeholders for tproxy4/freebsd
tis 2008-04-08 klockan 14:28 +0800 skrev Adrian Chadd:
> Take 2: includes initial modularisation (untested; I'll test it at home
> this weekend when I get my tproxy box back online) and configure magic
> (with placeholders for tproxy4/freebsd.)
>
> http://www.creative.net.au/diffs/20080408-tproxy
tis 2008-04-08 klockan 17:59 +1200 skrev Amos Jeffries:
> Currently:
>fde::flags::transparent == 'intercept/non-intercept'
>fde::flags::tproxy == real-transparent/non-transparent
>(new) COMM_TRANSPARENT == real-transparent
>
> Their use is currently good for what they do. A small re-na
Take 2: includes initial modularisation (untested; I'll test it at home
this weekend when I get my tproxy box back online) and configure magic
(with placeholders for tproxy4/freebsd.)
http://www.creative.net.au/diffs/20080408-tproxy-fix-2.diff
TODO:
* pull out the capabilities stuff, removing th
Adrian Chadd wrote:
On Mon, Apr 07, 2008, Amos Jeffries wrote:
We have come up with a 'final-beta' patch for squid-3 now.
http://treenet.co.nz/projects/squid/patches/tproxy-squid-3_20080407.patch
Just waiting on Laszlo final approval.
It's pretty much:
* adding a COMM_TRANSPARENT flag to com
On Mon, Apr 07, 2008, Amos Jeffries wrote:
> We have come up with a 'final-beta' patch for squid-3 now.
> http://treenet.co.nz/projects/squid/patches/tproxy-squid-3_20080407.patch
> Just waiting on Laszlo final approval.
>
> It's pretty much:
>
> * adding a COMM_TRANSPARENT flag to comm_openex(
On Tue, Apr 08, 2008, Henrik Nordstrom wrote:
> tis 2008-04-08 klockan 09:57 +1200 skrev Amos Jeffries:
> > But, baby steps people:
> > - Get it in
> > - Get it tested.
> > - Polish into a class.
> >
> > So far we are at #1
>
> And I won't approve the change of sprinkling #if LINUX_TPROXY4
On Mon, Apr 07, 2008, Henrik Nordstrom wrote:
> I say it shouldn't even be a SERVER_SPOOF define. Make the generic parts
> always compiled, doing nothing if spoofing capabilities is not
> available.
That makes it easier to do then. I'll go off and start doing that to
Squid-2.HEAD.
Adrian
--
tis 2008-04-08 klockan 09:57 +1200 skrev Amos Jeffries:
> But, baby steps people:
> - Get it in
> - Get it tested.
> - Polish into a class.
>
> So far we are at #1
And I won't approve the change of sprinkling #if LINUX_TPROXY4 over the
code, even if it's just adding to the existing #if..
G
Henrik Nordstrom wrote:
mån 2008-04-07 klockan 23:11 +1200 skrev Amos Jeffries:
We have come up with a 'final-beta' patch for squid-3 now.
http://treenet.co.nz/projects/squid/patches/tproxy-squid-3_20080407.patch
Just waiting on Laszlo final approval.
Some comments...
There should be a genera
Henrik Nordstrom wrote:
tis 2008-04-08 klockan 01:16 +0800 skrev Adrian Chadd:
In fact, there shouldn't be any LINUX_TPROXY* defines in the main codetree.
There should be a "SERVER_SPOOF" define which ties in all of the connection
tracking stuff, and a clean cut API for doing TPROXY2/TPROXY4/etc
tis 2008-04-08 klockan 01:16 +0800 skrev Adrian Chadd:
> In fact, there shouldn't be any LINUX_TPROXY* defines in the main codetree.
> There should be a "SERVER_SPOOF" define which ties in all of the connection
> tracking stuff, and a clean cut API for doing TPROXY2/TPROXY4/etc socket
> manipulati
In fact, there shouldn't be any LINUX_TPROXY* defines in the main codetree.
There should be a "SERVER_SPOOF" define which ties in all of the connection
tracking stuff, and a clean cut API for doing TPROXY2/TPROXY4/etc socket
manipulation.
Gah, this makes me want to just ignore more classwork and f
mån 2008-04-07 klockan 23:11 +1200 skrev Amos Jeffries:
> We have come up with a 'final-beta' patch for squid-3 now.
> http://treenet.co.nz/projects/squid/patches/tproxy-squid-3_20080407.patch
> Just waiting on Laszlo final approval.
Some comments...
There should be a general TPROXY define, share
Adrian Chadd wrote:
On Mon, Mar 31, 2008, Alex Rousskov wrote:
What about Adrian plans (if I understood them correctly) to add
TPROXY-like support to FreeBSD but not for TPROXY4-like API? Is that a
good enough reason to continue supporting unsupported TPROXY versions?
The FreeBSD API will be
On Mon, Mar 31, 2008, Alex Rousskov wrote:
> What about Adrian plans (if I understood them correctly) to add
> TPROXY-like support to FreeBSD but not for TPROXY4-like API? Is that a
> good enough reason to continue supporting unsupported TPROXY versions?
The FreeBSD API will be almost like the TP
mån 2008-03-31 klockan 13:31 -0600 skrev Alex Rousskov:
> What about Adrian plans (if I understood them correctly) to add
> TPROXY-like support to FreeBSD but not for TPROXY4-like API? Is that a
> good enough reason to continue supporting unsupported TPROXY versions?
FreeBSD and TPROXY4 uses pret
On Mon, 2008-03-31 at 20:28 +0200, Henrik Nordstrom wrote:
> mån 2008-03-31 klockan 08:26 -0600 skrev Alex Rousskov:
>
> > We may be able to provide better comments when we see the current code.
> > It does not have to be polished and ready for commit.
>
> I see no reason to continue supporting
mån 2008-03-31 klockan 08:26 -0600 skrev Alex Rousskov:
> We may be able to provide better comments when we see the current code.
> It does not have to be polished and ready for commit.
I see no reason to continue supporting now obsolete and no longer
supported TPROXY versions in new versions of
tis 2008-04-01 klockan 00:18 +1300 skrev Amos Jeffries:
> The merge It would be a whole lot cleaner and actually less change
> overall if we could drop the TPROXY version 2 support from Squid-3.
+1
Regards
Henrik
On Tue, 2008-04-01 at 00:18 +1300, Amos Jeffries wrote:
> Between Balabit and TreeNet we have come up with a working TPROXY 4+ patch.
>
> It'll be sent to trunk soon.
>
> The merge It would be a whole lot cleaner and actually less change
> overall if we could drop the TPROXY version 2 support fr
On Tue, Apr 01, 2008, Amos Jeffries wrote:
> Between Balabit and TreeNet we have come up with a working TPROXY 4+ patch.
>
> It'll be sent to trunk soon.
>
> The merge It would be a whole lot cleaner and actually less change
> overall if we could drop the TPROXY version 2 support from Squid-3.
>
26 matches
Mail list logo