[squid-dev] Squid on Windows
Amos Jeffries
squid3 at treenet.co.nz
Tue Jan 9 05:11:15 UTC 2018
On 09/01/18 15:56, Lei Wen wrote:
> Hi everyone,
>
> This is Lei Wen, I am from Microsoft Azure team.
>
> We are seeking a solution about on host transparent proxy for containers
> with Squid on Windows.
>
> We already tried Linux and by using iptables traffic can be redirected
> to squid port(e.x. 3128).
>
> We want to know what do we need do to enable transparent proxy on Squid
> side on Windows Like on the Linux, --enable-linux-netfilter enables
> transparent proxy.
Hi Lei,
For NAT interception, Squid needs an interface from the OS to lookup NAT
table mappings given either the accept() provided IP:port pair(s) and/or
the socket handle. The API needs to provide the original dst-IP:port
details the client used prior to the NAT alterations.
As far as I/we have been able to tell so far Windows does not provide
any such interface for use by applications running in user-space like
Squid. Once an interface is found or created adding a lookup function to
Squid using the API should be fairly simple.
There have been several attempts that I'm aware of to create custom
network drivers for Windows. But those turned out to be very much too
slow and required asynchronous operations inside the preferrably
synchronous NAT lookup.
An alternative API to look for is TPROXY. But, I've not seen or heard of
anything like that either for Windows.
Amos Jeffries
The Squid Software Foundation
More information about the squid-dev
mailing list