You should not have to recompile the kernel if its accepting connections through TPROXY properly. Double-check the IPs squid is identifying as the client IP though to make sure that arrival is happening correctly.
We found a small bit alignment bug in the 3.2 series not setting the spoof flag correctly on some systems, which caused this same behaviour. I thought 3.1 was okay but I will take a closer look later today to double check whether 3.1 has a similar regression.
You should not have to recompile the kernel if its accepting connections through TPROXY properly. Double-check the IPs squid is identifying as the client IP though to make sure that arrival is happening correctly.
We found a small bit alignment bug in the 3.2 series not setting the spoof flag correctly on some systems, which caused this same behaviour. I thought 3.1 was okay but I will take a closer look later today to double check whether 3.1 has a similar regression.