On Sunday 13 July 2003 11.11, [EMAIL PROTECTED] wrote: > i'm in the process of attempting to do packet level accounting for > users behind a squid proxy. in a few simple tests, i came to the > conclusion that access.log does not log the actual tcp/ip header as > part of the byte count, nor does it account for the syn, syn-ack, > ack packets when squid requests a page from an http server.
Correct. Squid is an TCP application and does not/can not know about packet details. > as i read through the archives, i ran accross something called > connection-pinning, and if i understand it correctly :-), it allows > for the originating client's address to be used by squid? Not quite what connection pinning is about, but it is a requirement if one wants a truly transparent proxy and is why it is mentioned in the same thread. What you need to make Squid use the clients IP address is a) A TCP kernel which allows Squid to freely set the source IP address b) A network where this is possible c) A squid patched/configured to use the TCP kernel feature of 'a'. It should be noted that all this is a gross hack far outside the TCP/IP specifications on how hosts may behave on the Internet. There is two core approaches to the above a) Use a TCP kernel patch, such as the Linux TPROXY patch. b) Use NAT services, by assigning a range of private IP addresses to the Squid server and teach Squid to use the correct IP address per client then NAT these to the clients real IP in a suitable NAT enabled router/gateway. This approach does not require any patching unless you have very many clients. > is this possible? is there a way to attribute every packet > that squid sends (assuming no icp) to a client? Everything is possible, it is only a matter of how much work is needed to make it true. Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
