On 18/12/2013 8:47 p.m., SaRaVanAn wrote: > Hi All, > I have basic clarifications on working of Tproxy4 with Squid. > > With tproxy2, the destination port of http packets are getting changed > to squid port 3128 and its handled by squid appropriately. > > TPROXY all -- eth0 any anywhere anywhere > TPROXY redirect 0.0.0.0:3128 > > With tproxy4,I understand http packets are routed to squid via lo > interface lo interface is not related specifically. Your rule above is on the eth0 interface, so that is where the packets are coming from to Squid. > and there is no change in destination port. Correct. This is transparent intercept at the TCP and IP layers. > > I want to understand how these packets are getting hooked by squid > even its not destined for his port (3129). To understand that you need to understand what a port is, and what a socket is. Ask the kernel networking guys for more specifics. > > how tproxy4 works with squid? To Squid it is simply TCP presented via the normal kernel TCP syscalls: accept(), getsockname(), read(), write(), connect(), bind(), and setsockopt(). The only special handling required by Squid is that it must perform setsockopt() using IP_TRANSPARENT flag on outgoing connections before use *if* the connection is spoofing the client IP. > > Also, How reverse traffic is getting handled by squid ? see above. Squid does nothing, everything is kernel. Amos