Just reading up on this, the Feature page http://wiki.squid-cache.org/Features/SslPeekAndSplice says: "... with Squid shoveling TCP bytes back and forth without any decryption" I can't see that squid actually uses the splice() system call, so that would mean squid would actually read the data into userspace then write it out again, is that right? I assume once this happens it's the same code as a CONNECT. What if there was a way to actually splice the two TCP connections at the kernel level so that Squid didn't actually need to be involved anymore, except when the connection closes to do the accounting? There appear to be a few historic attempts to implement this in the Linux kernel but I suspect they haven't been maintained. And would this be a worthwhile optimisation anyway or is shunting data not a significant part of squid load? Just curious. James _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users