On Mon, Mar 31, 2008, Alex Rousskov wrote: > What about Adrian plans (if I understood them correctly) to add > TPROXY-like support to FreeBSD but not for TPROXY4-like API? Is that a > good enough reason to continue supporting unsupported TPROXY versions?
The FreeBSD API will be almost like the TPROXY-4 API. I'd suggest supporting TPROXY-2 for a few reasons: * Those who are using it may not want to track the latest kernel + TPROXY patches for various reasons (if it just works; company policy; etc.) and I think its easy enough to maintain support for both without too much hassle. * Supporting both TPROXY-2 and TPROXY-4 will (hopefully!) force someone to integrate it cleanishly and avoid the Squid-2 ip interception mess! * Thus making it easier for me to drop in a FreeBSD version of "tproxy" without too much hassle (or #ifdef's for that matter.) It shouldn't be that difficult to isolate the bits of the code required for spoofing the client IP in the request versus the TPROXY-specific stuff. In fact, the only tproxy-specific stuff I can really see is: * the logic in forward.c to the local bind, which can be wrapped up as part of the socket creation process, and * The initialisation code, which in the tproxy-2 case does capabilities magic. Adrian -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -
