Ok, I've had time to clean this patch up... I'm not sure how half my
patch went missing the last time I sent it - I was obviously having a
bad day. :)
The attached patch adds a "spoof_client_ip" fast ACL to control whether
TPROXY
requests have their source IP address spoofed by Squid. The ACL
defaults to allow (i.e. the current normal behaviour), but using an ACL
that results in a deny result will disable spoofing for that request.
Example config (disables spoofing for all requests):
spoof_client_ip deny all
I've implemented the changes suggested by both Alex and Amos.
The patch also does a bit of code-cleanup:
1. The flags.spoofClientIp flag was a general "this is a TPROXY request"
flag, which was a bit confusing given the name of the flag. So the
flags.spoofClientIp flag now only indicates whether we want to spoof the
source IP or not.
2. TPROXY requests now all set flags.interceptTproxy, irrespective of
whether there is going to be any address spoofing.
--
- Steve Hill
Technical Director
Opendium Limited http://www.opendium.com
Direct contacts:
Instant messager: xmpp:steve_at_opendium.com
Email: steve_at_opendium.com
Phone: sip:steve_at_opendium.com
Sales / enquiries contacts:
Email: sales_at_opendium.com
Phone: +44-844-9791439 / sip:sales_at_opendium.com
Support contacts:
Email: support_at_opendium.com
Phone: +44-844-4844916 / sip:support_at_opendium.com
This archive was generated by hypermail 2.2.0 : Tue Feb 26 2013 - 12:00:07 MST