Search squid archive

Re: [NOC] Using Nfqueue or DAQ in squid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

i know that.
i want to somehow change source code of squid to accept packet from nfqueue, to customize netfilter packet flow for my application(squid).

is it possible!?

Sent from my Huawei Mobile


-------- Original Message --------
Subject: Re: [NOC] Using Nfqueue or DAQ in squid
From: Amos Jeffries
To: morteza omidian ,Squid noc
CC:


In future please direct questions about Squid usage to the Vendor that
supplied your proxy, or the squid-users mailing list. This noc@ list is
for the squid-cache.org domain administrators.

Replies to this mail have been set to the squid-users mailing list, so
if you have any followup please ensure you are subscribed there.


On 11/09/18 2:54 AM, morteza omidian wrote:
> Hi
> i am in a dire need about using squid in my Linux iptables firewall as a
> transparent proxy. in my situation, i want squid to place after my
> forwards iptables rules, and redirect packets to the input chain does
> not work for me. my packet flow is : prerouting  >  Nat  > forward  >
> squid > post routing
>
> the important part is that forward rules must check before packets
> forwards to squid. i don't want packets destinate to input chain of
> firewall.
>
> i thought maybe its possible to use DAQ ,like the way snort use or
> nfqueue in iptables. i need some help about that, please help me if its
> possible or *there are any other ways* to solve it .
>
> thanks a lot.
>

What you are asking for is not possible. Please see the netfilter packet
flow diagram at

for reference.

In that diagram Squid is the "Application Layer" part of the forward
path. Snort, nfqueue etc by comparison are part of the "network layer"
or "link layer". Their actions and involvement in the traffic is quite
different from Squid and other application layer software.


It sounds to me like you are attempting to intercept traffic in the
OUTPUT path. For that situation follow the Localhost interception
example at


If that is not suitable, then please mention (on the squid-users-mailing
list) what your problem is, and what you have tried already. Someone
could point you at the specific config to use that meets your situation.


Amos Jeffries
The Squid Software Foundation

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux