From: Amos Jeffries <squid3@treenet.co.nz>
Date: Thu, 22 May 2008 12:26:57 +0000 (+1200)
Subject: Update interception documentation and debugging.
X-Git-Tag: SQUID_3_0_STABLE7~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=74bc8e555f3e3e9325d2a1897b621c70c3ce9a9d;p=thirdparty%2Fsquid.git

Update interception documentation and debugging.

Adds better documentation on effects of transparent and tproxy flags.

Alters debugging to clearly log components enabled/disabled on startup and
reconfigure of http(s)_port's using interception flags.
---

diff --git a/src/cache_cf.cc b/src/cache_cf.cc
index 4056090ace..42814a8110 100644
--- a/src/cache_cf.cc
+++ b/src/cache_cf.cc
@@ -2850,8 +2850,6 @@ parse_http_port_option(http_port_list * s, char *token)
     } else if (strncmp(token, "name=", 5) == 0) {
         safe_free(s->name);
         s->name = xstrdup(token + 5);
-    } else if (strcmp(token, "transparent") == 0) {
-        s->transparent = 1;
     } else if (strcmp(token, "vhost") == 0) {
         s->vhost = 1;
         s->accel = 1;
@@ -2876,11 +2874,19 @@ parse_http_port_option(http_port_list * s, char *token)
         else
             self_destruct();
 
-#if LINUX_TPROXY
+    } else if (strcmp(token, "transparent") == 0) {
+        s->transparent = 1;
+        /* Log information regarding the port modes under interception. */
+        debugs(3, 1, "Starting Authentication on port " << s->s);
+        debugs(3, 1, "Disabling Authentication on port " << s->s << " (interception enabled)");
 
+#if LINUX_TPROXY
     } else if (strcmp(token, "tproxy") == 0) {
         s->tproxy = 1;
         need_linux_tproxy = 1;
+        /* Log information regarding the port modes under transparency. */
+        debugs(3, 1, "Starting IP Spoofing on port " << s->s);
+        debugs(3, 1, "Disabling Authentication on port " << s->s << " (IP spoofing enabled)");
 #endif
 
     } else {
diff --git a/src/cf.data.pre b/src/cf.data.pre
index 1d0c116244..2fd3f3675d 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -106,6 +106,7 @@ DOC_START
 	proxy as the client then thinks it is talking to an origin server and
 	not the proxy. This is a limitation of bending the TCP/IP protocol to
 	transparently intercepting port 80, not a limitation in Squid.
+	Ports flagged 'transparent' or 'tproxy' have authentication disabled.
 
 	=== Parameters for the basic scheme follow. ===
 
@@ -895,9 +896,11 @@ DOC_START
 
 	   transparent	Support for transparent interception of
 			outgoing requests without browser settings.
+			NP: disables authentication on the port.
 
 	   tproxy	Support Linux TPROXY for spoofing outgoing
 			connections using the client IP address.
+			NP: disables authentication on the port.
 
 	   accel	Accelerator mode. Also needs at least one of
 			vhost / vport / defaultsite.