There seem to be no way to track outbound connections to originating
clients, at least when squid is retrieving URLs via peers.
Consider this scenario:
client ->(connection1)-> squid ->(connection2)-> parent_peer
->(connection3)-> internet
I'll use the following names for the local address/foreign address
pairs of the connections:
connection1: client_ip:client_port <-> squid_ip:squid_port
connection2: squidlo_ip:squidlo_port <-> peer_ip:peer_port
connection3: peerlo_ip:peerlo_port <-> ext_ip:ext_port
Now suppose that, at the company border firewall, you see that a
connection3 is using too much bandwidth, or causing other troubles,
and you need to find which client is originating it.
You start from the external connection and, analyzing the parent_peer,
you can identify the corresponding connection2, that is: you identify
that the request causing the "problem" is the one arriving from a
given squidlo_ip:squidlo_port address.
However, on the squid side, there seem to be no way to associate that
local address to a specific client request.
Using the manager interface and requesting e.g. "filedescriptors", you
can associate clients (client_ip:client_port) to requested URLs and
requested URLs to peer_ip:peer_port addresses. But I cannot find any
way to associate the requests to squidlo_ip:squidlo_port addresses. In
fact, the peer_ip:peer_port address is not enough to identify a
connection2 (all connections from squid to the parent peer use the
same peer_ip:peer_port foreign address), and apparently squid is not
logging/reporting the corresponding local address
squidlo_ip:squidlo_port anywhere.
Is there actually no way to track the originating client (maybe from
some logfile or other manager page)?
If not, then I think it would be important to add a "Local Address"
column to the "mgr:filedescriptor" page.
Cheers,
Livio
Received on Tue Mar 16 2010 - 15:21:32 MDT
This archive was generated by hypermail 2.2.0 : Tue Mar 16 2010 - 12:00:06 MDT