[squid-dev] [PATCH] New format code %acl_matched to log the last matched acl

Alfonso Ali ali at infomed.sld.cu
Mon Nov 17 16:55:38 UTC 2014 

On 11/16/2014 06:14 AM, Amos Jeffries wrote:

> What exactly are those use-cases please? Accounting what exactly?

We have a lot of sites classified in some categories (tech, health, 
culture, etc.) and we need to generate traffic reports based on those 
categories. Each category can be composed of more than one acl type 
(dstdomain, url_regex). When parsing the logs we can extract to which 
category belongs each url based on the matched acl.

The other user case is related with quota accounting, we have a lot 
sites that are free (mainly the ones described above) for each user and 
the quota program use the acl matche to know if the request have to be 
accounted or not.


> This is important to document as it informs us whether this patch is
> only useful for you, or could be useful for others. It may also be

I understand, we decided to send it now becouse other institutions asked 
us about our solution, so i though it could be useful for other too.

> that your use-case is far better served by some other feature or patch
> addition.

Agreed, as i said before our first approach to the problem was to use an 
external acl that generated a log=%s reply to be used on the log files 
with the %ea format code.

> ? sounds like a bug. In which case fixing the bug is the right
> approach. Some details on what you found would be appreciated. You can
> report through bugzilla to keep this thread clean.

We looked into it, but is was very difficult to debug since it only 
ocurred at high loads and the way to verify it is parsing the whole log 
file to see if each url match the correct acl (we only found this issue 
becouse some users complained about been accounted incorrectly), at 
first we though it was a problem related with the acl's ttl or buffering 
but since squid already knows which acl was used to allow the request 
and logging it from squid will have the benefit of reducing the load 
associated with the external programs used for the external acl's we 
decided for this solution.

> Please be aware the named ACL is not valid to be used outside of
> Checklist matching sequences. It contains the last ACL to be named
> *including* any ACLs tested in figuring out where to log the traffic.
> Even if no ACLs are tested determining the log to write to, the name
> may be altered at any time by a concurrent request being processed
> through some other ACLs.

I don't have much knowledge of squid's code, i just looked at how others 
format codes where defined and how the debug info about the matched acl 
was generated (line 739 in client_side_request.cc).

I though (but don't checked) that the http object and AclMatchedName 
variable where unique for each request or at least until the log line 
was generated.

Do you think that if i make a copy of AclMatchedName's value on the http 
object i can ensure that the correct info is generated in the log file?

Regards,
  Ali


--
Nunca digas nunca, di mejor: gracias, permiso, disculpe.

Este mensaje le ha llegado mediante el servicio de correo electronico que ofrece Infomed para respaldar el cumplimiento de las misiones del Sistema Nacional de Salud. La persona que envia este correo asume el compromiso de usar el servicio a tales fines y cumplir con las regulaciones establecidas

Infomed: http://www.sld.cu/

More information about the squid-dev mailing list