Re: [squid-users] Working of Tproxy4 with squid

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 18 Dec 2013 21:26:25 +1300

On 18/12/2013 8:47 p.m., SaRaVanAn wrote:
> Hi All,
> I have basic clarifications on working of Tproxy4 with Squid.
>
> With tproxy2, the destination port of http packets are getting changed
> to squid port 3128 and its handled by squid appropriately.
>
> TPROXY all -- eth0 any anywhere anywhere
> TPROXY redirect 0.0.0.0:3128
>
> With tproxy4,I understand http packets are routed to squid via lo
> interface

lo interface is not related specifically. Your rule above is on the eth0
interface, so that is where the packets are coming from to Squid.

> and there is no change in destination port.

Correct. This is transparent intercept at the TCP and IP layers.

>
> I want to understand how these packets are getting hooked by squid
> even its not destined for his port (3129).

To understand that you need to understand what a port is, and what a
socket is. Ask the kernel networking guys for more specifics.

>
> how tproxy4 works with squid?

To Squid it is simply TCP presented via the normal kernel TCP syscalls:
accept(), getsockname(), read(), write(), connect(), bind(), and
setsockopt().

The only special handling required by Squid is that it must perform
setsockopt() using IP_TRANSPARENT flag on outgoing connections before
use *if* the connection is spoofing the client IP.

>
> Also, How reverse traffic is getting handled by squid ?

see above. Squid does nothing, everything is kernel.

Amos
Received on Wed Dec 18 2013 - 08:26:34 MST

This archive was generated by hypermail 2.2.0 : Wed Dec 18 2013 - 12:00:05 MST