[squid-dev] on_unsupported_protocol rewrite to support tcp connection, relay
钱国正
richard.qian at magicwifi.com.cn
Mon Mar 27 06:35:18 UTC 2017
>If you want port 80 to just be relayed through - dont send it to Squid.
>You will probably be able to identify the DNS packets with your firewall
>rules easier than Squid can tell it apart from a mangled HTTP message.
What I want to do is to use Squid ecap adaptation to modify some http response.
But during the running time, I found that some famous mobile app using 80 port
transport some unknown protocol (not http).
What if the protocol is not http, but using 80 port, can squid relay it to its target server?
------------------ Original ------------------
From: "Amos Jeffries"<squid3 at treenet.co.nz>;
Date: Mon, Mar 27, 2017 11:59 AM
To: "钱国正"<richard.qian at magicwifi.com.cn>; "squid-dev"<squid-dev at lists.squid-cache.org>;
Subject: Re: on_unsupported_protocol rewrite to support tcp connection, relay
On 27/03/2017 3:15 p.m., 钱国正 wrote:
>>> I want to know what's the
>>> pinning.serverConnection mean? and what it is used for?
>
>> Before we dive into low-level details, please allow me to ask an
>> important high-level question. Your answer may render those low-level
>> detail irrelevant:
>
>>> I want to rewrite the on_unsupported_protocol to support tcp connection
>>> (non-http protocol, called httpdns not readable, no http header) and
>>> relay it the server. [...] I need assign the server's address and port
>
>> Where will your code get the server address and port from? If the answer
>> is "from the received httpdns message header", then please do not abuse
>> on_unsupported_protocol to support "httpdns". Instead, add proper
>> support for httpdns (which may be limited to forwarding httpdns queries
>> to the right server if such blind forwarding makes sense).
>
> No, I got it from `clientConnection->local`, the httpdns is just a tcp connection to server with
> specified protocol, not known to me, it is designed by its user, use 80 port to transfer dns request.
>
If you want port 80 to just be relayed through - dont send it to Squid.
You will probably be able to identify the DNS packets with your firewall
rules easier than Squid can tell it apart from a mangled HTTP message.
>> BTW, can you post a link to the "httpdns" protocol specification (not
>> API)? And what do you mean by "not readable"?
>
>
>
> It is not a standard protocol in RFC or some standard specification, just some company use
> 80 (default for http protocol) port to transfer dns request, they do this because in China many
> ISP would use they own dns server in different places which makes it slow
> or unreachable to the some company's service.
>
Then please stop calling it "httpdns". It is "DNS". Calling it "httpdns"
implies some relationship to HTTP other than just stealing the port number.
There is actually a protocol called HTTPDNS being designed
(<https://tools.ietf.org/html/draft-ietf-dnsop-dns-wireformat-http-00>).
Squid supports relaying that already because it uses real HTTP messages
on port 80.
Amos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20170327/51adb759/attachment-0001.html>
More information about the squid-dev
mailing list