Re: [squid-users] I thought transparent proxying wasn't working. No, it's something different...

> > As you can see, wget sends different HTTP requests with and without
> > http_proxy environment variable. Seems like squid dislike this
> > request: GET /
> > User-Agent: Wget/1.7
> > Host: www.ilyichevsk.net
> > Accept: */*
> > Connection: Keep-Alive
> >
> > Why???!!
> >
> > P.S. I verified that with telnet too.
>
> BTW, I seem to never hit this code (debug_options ALL,1 22,3 33,5
> but grep of 'parseHttpRequest: addr =' yields nothing in logs):
>
> src/client_side.c
> ...
> #if LINUX_NETFILTER
> /* If the call fails the address structure will be
> unchanged */ getsockopt(conn->fd, SOL_IP, SO_ORIGINAL_DST, &conn->me,
> &sock_sz); debug(33, 5) ("parseHttpRequest: addr = %s",
> inet_ntoa(conn->me.sin_addr)); if (vport_mode)
> vport = (int) ntohs(http->conn->me.sin_port);
> #endif

Let's take a closer look: this is the only place where I see
Linux transparent proxy handling:

src/client_side.c
=================
static clientHttpRequest *
parseHttpRequest(ConnStateData * conn, method_t * method_p, int *status,
    char **prefix_p, size_t * req_line_sz_p) {
...
    debug(33, 5) ("parseHttpRequest: Request Header is\n%s\n", (*prefix_p) + *req_line_sz_p);
#if THIS_VIOLATES_HTTP_SPECS_ON_URL_TRANSFORMATION
    if ((t = strchr(url, '#'))) /* remove HTML anchors */
        *t = '\0';
#endif

    /* handle internal objects */
    if (internalCheck(url)) {
        /* prepend our name & port */
        http->uri = xstrdup(internalLocalUri(NULL, url));
        http->flags.internal = 1;
        http->flags.accel = 1;
    }
    /* see if we running in Config2.Accel.on, if so got to convert it to URL */
    else if (Config2.Accel.on && *url == '/') {
        /* prepend the accel prefix */
        if (opt_accel_uses_host && (t = mime_get_header(req_hdr, "Host"))) {
                ...
        } else if (vhost_mode) {
            int vport;
            /* Put the local socket IP address as the hostname */
            url_sz = strlen(url) + 32 + Config.appendDomainLen;
            http->uri = xcalloc(url_sz, 1);
            if (vport_mode)
                vport = (int) ntohs(http->conn->me.sin_port);
            else
                vport = (int) Config.Accel.port;
#if IPF_TRANSPARENT
            ...
#elif PF_TRANSPARENT
            ...
#else
#if LINUX_NETFILTER
            /* If the call fails the address structure will be unchanged */
            getsockopt(conn->fd, SOL_IP, SO_ORIGINAL_DST, &conn->me, &sock_sz);
            debug(33, 5) ("parseHttpRequest: addr = %s", inet_ntoa(conn->me.sin_addr));
            if (vport_mode)
                vport = (int) ntohs(http->conn->me.sin_port);
#endif
            snprintf(http->uri, url_sz, "http://%s:%d%s",
                inet_ntoa(http->conn->me.sin_addr),
                vport, url);
#endif
...

So, to hit this code I have to have:

        (Config2.Accel.on && *url == '/')
and not (opt_accel_uses_host && (t = mime_get_header(req_hdr, "Host"))
    and (vhost_mode)

How to translate this into squid.conf options? After *much*
squid.conf.default reading and keeping above in mind, I came to this:

httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

which finally works.

Did I miss a nice FAQ? If not, I have to write it up...
Now I need to sleep... even five cups of coffee didn't help... ;)

P.S. It was totally unobvious that
IPF_TRANSPARENT takes precedence over PF_TRANSPARENT over LINUX_NETFILTER.

I compiled in all three options first, that will never work on Linux I suppose?
I didn't try, recompiled with LINUX_NETFILTER only.
Another FAQ item to write...

--
vda