Re: Transparent caching

From: Miguel A.L. Paraz <map@dont-contact.us>
Date: Sat, 4 Jan 1997 06:31:03 +0000 ()

Hello,

Nigel Metheringham wrote:

> In 2.0.x kernels you can take all forwarded packets matching a particular
> mask (say something like source 192.168.2.0/24 to 0/0) and redirect them
> to a specified local port. A proxy listening on that port can then take
> the connection, check the end points (using getsockname()), and deal with
> the connection.

Thus, our local "interceptor" will determine remote site of the
request via getsockname(), and transform:

        GET /stuff.html HTTP/1.0

into this, aimed at the local port 3128:

        GET http://198.17.46.59/stuff.html HTTP/1.0

Unless, they've got:

        GET /stuff.html HTTP/1.0
        Host: squid.nlanr.net

Which would make things easier, unless, there are clients who "lie"
on the Host header.

Without a Host header, you don't know that 198.17.46.59 is actually
squid.nlanr.net, unless you do an in-addr.arpa lookup, which will slow
you down.

Finally, your transparent proxy won't catch requests to non-80 ports,
unless you've got something listening to each and every port (!)

All the best,

-- 
miguel a.l. paraz  <map@iphil.net> | iphil communications, makati city, ph
pgp key id: 0x43F0D011             | <http://www.iphil.net>
Received on Fri Jan 03 1997 - 22:52:27 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:59 MST