<div dir="auto">Hey Moti,<div dir="auto"><br></div><div dir="auto">It is a good assumption that the same caching dns server (not 8.8.8.8 or 1.1.1.1) that the client use will return the relevant destination ip for the domain.</div><div dir="auto">Its possible to do such a query in the icap service with low timeout(2-3) seconds.</div><div dir="auto">can this be good enough for your use case?</div><div dir="auto"><br></div><div dir="auto">Eliezer</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jan 18, 2021, 00:28 Moti Berger <<a href="mailto:moberger@metanetworks.com" target="_blank" rel="noreferrer">moberger@metanetworks.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="ltr">Hi<div><br></div><div>My goal is to obtain the destination IP when sending an HTTP request for my ICAP server so it would be able to decide the kind of adaptation required based on it.</div><div><br></div><div>Looking at squid (5.0.4) code I discovered the following:</div><div><br></div><div>It seems that "everything" starts at ClientRequestContext.</div><div>I've noticed that noteAdaptationAclCheckDone calls startAdaptation which calls more methods, eventually getting to Adaptation::Icap::ModXact::makeRequestHeaders where it iterates over headers defined by the adaptation_meta configurations in squid.conf.</div><div>For each, it calls the 'match' method where it tries to format (and assemble) it. There it seems that the value is taken from an AccessLogEntry:</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"> case LFT_SERVER_IP_ADDRESS:<br> if (al->hier.tcpServer)<br> out = al->hier.tcpServer->remote.toStr(tmp, sizeof(tmp));<br> break;<br></blockquote><div><br></div><div>So the AccessLogEntry object seems to be the key.</div><div>At REQMOD time, I don't get the value of the destination IP.</div><div>Looking further I found that the DNS resolving happens when it's decided that the request should be forwarded to the destination server.</div><div><br></div><div>So I tracked the flow and it seems to start from FwdState::Start method which gets an AccessLogEntryPointer.</div><div>Then it calls methods that eventually do the DNS resolving (Dns::nbgethostbyname) and ending in (FwdState::connectStart) which have the IP to connect to.</div><div>So it seems that this flow will populate the AccessLogEntry.</div><div>This seems right since during RESPMOD, the same code above (in Adaptation::Icap::ModXact::makeRequestHeaders) is running and this time the `match` method eventually gets the destination IP.</div><div><div>I added logs that prints the AccessLogEntryPointer and in the FwdState.cc the log says address 0x5592ab521e30*12 and in the Notes.cc the log says address 0x5592ab521e30*25.</div><div><br></div><div>Two things that I haven't found yet:</div><div></div></div><div>1. The place where the AccessLogEntry is populated</div><div>2. Where after the adaptation, the forwarding to the destination server occured (assuming it should be forwarded)</div><div><br></div><div><div>I couldn't figure out a way to start the DNS resolving just before the startAdaptation starts as it requires all sorts of objects that seem to be unavailable there.</div><div></div></div><div>I wonder if you can help me to find a way to do it.</div><div><br></div><div>Thanks,</div><div>Moti</div><div><br></div></div></div>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" rel="noreferrer noreferrer" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer noreferrer noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote></div>