[squid-dev] on_unsupported_protocol rewrite to support tcp connection, relay
squid3 at treenet.co.nz
Mon Mar 27 03:59:10 UTC 2017
On 27/03/2017 3:15 p.m., 钱国正 wrote:
>>> I want to know what's the
>>> pinning.serverConnection mean? and what it is used for?
>> Before we dive into low-level details, please allow me to ask an
>> important high-level question. Your answer may render those low-level
>> detail irrelevant:
>>> I want to rewrite the on_unsupported_protocol to support tcp connection
>>> (non-http protocol, called httpdns not readable, no http header) and
>>> relay it the server. [...] I need assign the server's address and port
>> Where will your code get the server address and port from? If the answer
>> is "from the received httpdns message header", then please do not abuse
>> on_unsupported_protocol to support "httpdns". Instead, add proper
>> support for httpdns (which may be limited to forwarding httpdns queries
>> to the right server if such blind forwarding makes sense).
> No, I got it from `clientConnection->local`, the httpdns is just a tcp connection to server with
> specified protocol, not known to me, it is designed by its user, use 80 port to transfer dns request.
If you want port 80 to just be relayed through - dont send it to Squid.
You will probably be able to identify the DNS packets with your firewall
rules easier than Squid can tell it apart from a mangled HTTP message.
>> BTW, can you post a link to the "httpdns" protocol specification (not
>> API)? And what do you mean by "not readable"?
> It is not a standard protocol in RFC or some standard specification, just some company use
> 80 (default for http protocol) port to transfer dns request, they do this because in China many
> ISP would use they own dns server in different places which makes it slow
> or unreachable to the some company's service.
Then please stop calling it "httpdns". It is "DNS". Calling it "httpdns"
implies some relationship to HTTP other than just stealing the port number.
There is actually a protocol called HTTPDNS being designed
Squid supports relaying that already because it uses real HTTP messages
on port 80.
More information about the squid-dev