Author: Adrian Chadd <adrian@squid-cache.org>
A tproxy cache cluster (eg behind WCCPv2) can't peer.
The issue stems from the forwarding logic creating source address spoofed
sockets to destinations that are inside the cluster. Since the WCCPv2
router won't redirect packets with an origin of the proxy MAC (at least for
L2 peering), source spoofed packets go out and are routed normally. The
packets back from the destination peer have a remote end of the spoofed IP,
and are instead sent to teh original client rather than the proxy.
The forwarding logic needs to be taught to optionally enable tproxy source
spoofing on connections based on a peer flag.
Just for completeness - tproxy'ed connections to a upstream or peer proxy
which is -outside- of the WCCPv2 tproxy cluster work fine.