[squid-dev] Support forward unknown protocol using http port which redirected to squid

[Alex Rousskov]

On 03/17/2017 01:06 AM, 钱国正 wrote:
> I am using squid as a transparent proxy in Router,
> redirecting data which destination port is 80 to squid,
> and it work fine for a long time, just days before, I found there is one
> case that will not make the mobile app not work.
> 
> The case is the mobile app using 80 port with non-http nor https protocol.
> 
> I have searched a lot on that and found an on_unsupported_protocol, but
> apparently, not for this case.

According to documentation, on_unsupported_protocol does support your
use case. If that support is broken, please consider fixing it (since
you are now posting to squid-dev and not squid-users).

The ConnStateData::mayTunnelUnsupportedProto() method may be relevant
here -- make sure it returns true for your use case (without breaking
other use cases). I suspect the condition in that method is currently
buggy because it does not seem to cover intercepted plain HTTP
connections where Squid ought to know the intended destination address:

> bool
> ConnStateData::mayTunnelUnsupportedProto()
> {
>     return Config.accessList.on_unsupported_protocol
> #if USE_OPENSSL
>            &&
>            ((port->flags.isIntercepted() && port->flags.tunnelSslBumping)
>             || (serverBump() && pinning.serverConnection))
> #endif
>            ;
> }

Alex.