[squid-users] Logs to confirm packets dropped/not forwarded by squid

Amos Jeffries squid3 at treenet.co.nz
Mon Feb 6 22:44:28 UTC 2017

On 7/02/2017 7:04 a.m., Anonymous cross wrote:
> We are using squid with tproxy4. All the packets destined to port 80 are
> forwarded to tproxy port 3129 using the below guide
> http://wiki.squid-cache.org/Features/Tproxy4
> Normal HTTP GET requests forwarded to Squid are working fine. But we do see
> problems with TCP segments which holds HTTP data. I am not sure how squid
> TCP reassembly logic works. I need some way to find out where it's getting
> dropped in squid.

As Matus said; Squid does not do any TCP level packet handling. That is
all done in the networking stack, same as for any other program.

TPROXY only affects the TCP accept() logic related to the TCP SYN
packet. Once that is over it is just a regular network socket I/O. Squid
uses the system read() for as much data as it can get. Then parses HTTP
messages out of the received data.

With "debug_options 11,2" configured Squid will log to cache.log all the
messages it is handling an the connection they occured on.

PS. Squid-4 logs to access.log connections which were received and
terminated or had errors before the HTTP message was received. Squid-3
just lets those connections die quietly.


More information about the squid-users mailing list