On 1/12/18 3:43 am, Ahmad, Sarfaraz wrote: > I think almost every time squid opens a TCP connection, It also tried to > open a raw socket of type AF_NETLINK. Syscall pasted below. > ...> > Any thoughts ? > * To receive NAT intercepted connections Squid needs access to the system NAT table to identify what origin server the client was actually trying to get to before it was diverted into Squid. * To send traffic with TPROXY interception Squid must setup the socket for sending the spoofed IP addresses. * To perform Netfilter MARK operations (both fetch and set) Squid uses Netfilter Conntrack APIs. * To fetch EUI information about connections received or sent after they are open via POSIX getsockopt() or BSD ioctl() APIs. This is optional and on by default (eui_lookup to configure) Any of those may be defined by your system Netfilter libraries in terms of AF_NETLINK traffic in the background. If they are doing things like that then the ICMP sockets and (less likely) UDS sockets may also be affected. If the behaviour is as repeatable as you say you can use a ALL,9 level cache .log trace to see what exactly Squid is trying to do at the time it happens. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
