Mikio Kishi wrote:
Hi, Amos
Ah, you need the follow_x_forwarded_for feature on Proxy(1).
That's right, I know about that, but I'd like to use "source address
spoofing"...
Just only following enables my anxiety.
lol.
replacing In tunnelStart()#tunnel.cc
sock = comm_openex(SOCK_STREAM,
IPPROTO_TCP,
temp,
COMM_NONBLOCKING,
getOutgoingTOS(request),
url);
with
if (request->flags.spoof_client_ip) {
sock = comm_openex(SOCK_STREAM,
IPPROTO_TCP,
temp,
(COMM_NONBLOCKING|COMM_TRANSPARENT),
getOutgoingTOS(request),
url);
} else {
sock = comm_openex(SOCK_STREAM,
IPPROTO_TCP,
temp,
COMM_NONBLOCKING,
getOutgoingTOS(request),
url);
}
I think it has no harmful effects. I long for that.
Would you modify that ?
Only slightly. The regular way is to move COMM_NONBLOCKING flag into a
local variable which gets |= COMM_TRANSPARENT done to it when spoofing
(reduced code to break).
But essentially I think so. Have you actually tested this at all?
Once this is confirmed no side-effects I'll merge.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
Current Beta Squid 3.1.0.7
