[squid-dev] [PATCH] Fix external_acl problems
Amos Jeffries
squid3 at treenet.co.nz
Fri Jan 29 12:46:02 UTC 2016
On 29/01/2016 8:10 a.m., Christos Tsantilas wrote:
> Hi all,
>
> After the patch r14351 created the following problems:
> - external_acl requires AccessLogEntry but ALE is not available
> in many cases such as ssl_bump ACLs.
> - The %<cert_subject stopped working because it was supported by
> external_acl code and not by logformat code.
>
> This patch:
> - Passes AccessLogEntry in most cases.
> For example, PeerConnector-related classes are now covered.
> - Implements the %<cert_subject formating code for logformat.
>
>
> Still there are cases which are not handled correctly:
> - In the case of transparent SSL bumping, the patch uses a local
> AccessLogEntry to allow external_acl work with the ssl_bump access list.
>
> - The slow acls inside Ssl::PeerConnector can not support external_acl
> in the case of PeerPoolMgr
>
> - Most of the fast acls does not support ALE based acls. I know that
> currently the only ALE based acl is the external_acl, which is slow acl,
> but my opinion is that it is not bad idea to support cases the
> external_acl result is stored in cache.
>
> - Also we need to check and review if the informations passed with the
> ALE is the same passed using the FilledChecklist object. This is not
> obvious.
>
>
> This is a Measurement Factory project.
>
+1. Please apply.
But note that PeerConnector child classes are now in different files
when merging to trunk.
Amos
More information about the squid-dev
mailing list