On 18/10/10 23:48, Ali Demiröz wrote:
> Hi squid developers,
>
> I need to setup a squid chain but I need them tproxied. As far as I
> search I know that tproxied-squid operates only if he gets request
> from iptables.
> I am here to find out if it can be improved/edited to get request from
> another squid.
>
> Currently I am digging squid source code. I think most of this tproxy
> feature is implemented in kernel code.(Right?)
Yes.
>
> So I am asking for your help about any starting points, suggestions
> about how to implement etc.
> Also is there a documentation that explains how tproxy operates(how he
> keeps tracks of incoming connections to send replies back) ?
There is none. Squid receives traffic on a port flagged in squid.conf
with "tproxy" and sends the requests to servers down sockets opened with
a system TPROXY flag.
The Intercept::Transparent logics decipher the client and destination
IPs the kernel handed over on accept().
Everything else is in the kernel.
In order to chain proxies which reside on different machines, just
implement tproxy in each one. The kernel of each machine does TPROXY
separately.
In order to chain proxies which exist on the same machine you require at
a minimum squid 3.2 with X-Forwarded-For TPROXY support.
In theory its as simple as this:
* set http_port tproxy flag on initial (client-facing) proxy.
* Set "forwarded_for on" in all proxies
* use "no-tproxy" flag on the cache_peer link between proxies.
* Enable exit proxies TPROXY spoofing of the XFF header value passed
from the initial receiving proxy to exiting proxy.
This may be expected to work. Though it has not been tested so there are
likely problems that still need fixing. Like how squid knows to set the
tproxy flag when it has no receiving port flag to work from.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.8 Beta testers wanted for 3.2.0.2Received on Mon Oct 18 2010 - 12:48:32 MDT
This archive was generated by hypermail 2.2.0 : Mon Oct 18 2010 - 12:00:05 MDT