On 09/01/18 15:56, Lei Wen wrote:
Hi everyone,
This is Lei Wen, I am from Microsoft Azure team.
We are seeking a solution about on host transparent proxy for containers
with Squid on Windows.
We already tried Linux and by using iptables traffic can be redirected
to squid port(e.x. 3128).
We want to know what do we need do to enable transparent proxy on Squid
side on Windows Like on the Linux, --enable-linux-netfilter enables
transparent proxy.
Hi Lei,
For NAT interception, Squid needs an interface from the OS to lookup NAT
table mappings given either the accept() provided IP:port pair(s) and/or
the socket handle. The API needs to provide the original dst-IP:port
details the client used prior to the NAT alterations.
As far as I/we have been able to tell so far Windows does not provide
any such interface for use by applications running in user-space like
Squid. Once an interface is found or created adding a lookup function to
Squid using the API should be fairly simple.
There have been several attempts that I'm aware of to create custom
network drivers for Windows. But those turned out to be very much too
slow and required asynchronous operations inside the preferrably
synchronous NAT lookup.
An alternative API to look for is TPROXY. But, I've not seen or heard of
anything like that either for Windows.
Amos Jeffries
The Squid Software Foundation
_______________________________________________
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev