[squid-users] deny_info and squid's own IP address?

Wed May 2 15:41:28 UTC 2018

On 03/05/18 03:01, Amish wrote:
> On Wednesday 02 May 2018 10:05 AM, Amos Jeffries wrote:
>> On 02/05/18 16:20, Amish wrote:
>>> Does request->masterXaction->tcpClient->local hold Squid IP incase of
>>> intercepted traffic too?
>> The listening address (if any) will be in
>> request->masterXaction->squidPort->listenConn->local instead. It has no
>> relation to the client TCP connection and may be :: or 0.0.0.0.
>>  In this chain case request, squidPort, and listenConn may be nil.
>>
>> Amos
> 
> I am getting confused actually.
> 
> Squid 3.5
> http://www.squid-cache.org/Versions/v3/3.5/cfgman/external_acl_type.html
> 
> Above says %MYADDR = Squid interface address
> 
> Squid 4 (external_acl_type uses logformat FORMATs)
> And http://www.squid-cache.org/Doc/config/logformat/
> 
> This says %la = Local listening IP address the client connection was
> connected to
> 
> So description of %MYADDR and %la is different, but from source code
> (src/format/Token.cc) both appear to be same thing i.e.
> LFT_LOCAL_LISTENING_IP
> 

Yes.

> But the code in Format.cc looks complicated then simple one line:
> 
>         case LFT_LOCAL_LISTENING_IP: {
>             // avoid logging a dash if we have reliable info
>             const bool interceptedAtKnownPort = al->request ?
>                                                
> (al->request->flags.interceptTproxy ||
>                                                 
> al->request->flags.intercepted) && al->cache.port != NULL :
>                                                 false;
>             if (interceptedAtKnownPort) {
>                 const bool portAddressConfigured =
> !al->cache.port->s.isAnyAddr();
>                 if (portAddressConfigured)
>                     out = al->cache.port->s.toStr(tmp, sizeof(tmp));
>             } else if (al->tcpClient != NULL)
>                 out = al->tcpClient->local.toStr(tmp, sizeof(tmp));
>         }
> 
> So which is right way? Above code which considers interception too?

The above is the right logic to work with both types of traffic. Except
that code is working from an 'ALE' object "al". The error page code you
are working with does not currently have access to that.

NP: The TCP connection data is more reliable (never being :: or
0.0.0.0). But when interception is happening the TCP details are only
about client and server, not Squid - so the port config has to be used.

The Convert() equivalent of "al->request" is just "request".

The Convert() equivalent of "al->tcpClient" is
"request->masterXaction->tcpClient".

The Convert() equivalent of "al->cache.port" is
"request->masterXaction->squidPort".

> 
> OR one of the lines below?
> 
> request->masterXaction->tcpClient->local
> request->masterXaction->squidPort->listenConn->local
> 

These are the variables where you find the data. You still have to use
the logic from (or similar to) "case LFT_LOCAL_LISTENING_IP" to produce
the right value from them for both intercepted and non-intercepted traffic.

> i.e. something like (in errorpage.cc)
> case 'A':
>     if (request && request->masterXaction->squidPort &&
> request->masterXaction->squidPort->listenConn)
>         mb.appendf("%s",
> request->masterXaction->squidPort->listenConn->local.toStr(ntoabuf,MAX_IPSTRLEN));
>     else
>         mb.appendf("%s", getMyHostname());
> 
> 
> Note: Here %A would be same as %h if required information is not available.
> 
> Amish.
> 
> PS: Off for few days vacation - so may not be able to reply
> 

Amos