Re: [PATCH] [RFC] Enforce separate http_port modes

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 22 Apr 2010 00:25:18 +0000

On Wed, 21 Apr 2010 23:16:48 +0200, Henrik Nordstrom
<henrik_at_henriknordstrom.net> wrote:
> ons 2010-04-21 klockan 02:44 +0000 skrev Amos Jeffries:
>
>> It alters documentation to call accel, tproxy, intercept, and sslbump
>> options "mode flags" since they determine the overall code paths which
>> traffic received is handled by.
>
> +1, but with a slight reservation on tproxy as technically there is
> nothing that stops tproxy + accel from being combined. Current
> implementation do not mix well however.
>
> In addition it may make sense to be able to selectively enable tproxy
> spoofing independent of interception, which would also solve the above
> reservation.

From TPROXYv4 the intercept options are mutually exclusive. Due to the
nature of the NAT and TPROXY lookups.
TProxy mode can appear the same as intercept if the spoofing step fails,
but there is no need for the intercept mode to be flagged for that to
happen.

TPROXY in other modes has a wide set of possibilities and potential
problems we will need to consider carefully before enabling.

Amos
Received on Thu Apr 22 2010 - 00:25:25 MDT

This archive was generated by hypermail 2.2.0 : Fri Apr 23 2010 - 12:00:09 MDT