[squid-dev] on_unsupported_protocol rewrite to support tcp connection, relay

Amos Jeffries squid3 at treenet.co.nz
Mon Mar 27 03:59:10 UTC 2017 

On 27/03/2017 3:15 p.m., 钱国正 wrote:
>>> I want to know what's the
>>> pinning.serverConnection mean? and what it is used for?
> 
>> Before we dive into low-level details, please allow me to ask an
>> important high-level question. Your answer may render those low-level
>> detail irrelevant:
> 
>>> I want to rewrite the on_unsupported_protocol to support tcp connection
>>> (non-http protocol, called httpdns not readable, no http header) and
>>> relay it the server. [...] I need assign the server's address and port
> 
>> Where will your code get the server address and port from? If the answer
>> is "from the received httpdns message header", then please do not abuse
>> on_unsupported_protocol to support "httpdns". Instead, add proper
>> support for httpdns (which may be limited to forwarding httpdns queries
>> to the right server if such blind forwarding makes sense).
> 
> No, I got it from `clientConnection->local`, the httpdns is just a tcp connection to server with
> specified protocol, not known to me, it is designed by its user, use 80 port to transfer dns request.
> 

If you want port 80 to just be relayed through - dont send it to Squid.

You will probably be able to identify the DNS packets with your firewall
rules easier than Squid can tell it apart from a mangled HTTP message.


>> BTW, can you post a link to the "httpdns" protocol specification (not
>> API)? And what do you mean by "not readable"?
> 
> 
> 
> It is not a standard protocol in RFC or some standard specification, just some company use 
> 80 (default for http protocol) port to transfer dns request, they do this because in China many 
> ISP would use they own dns server in different places which makes it slow 
> or unreachable to the some company's service.
> 

Then please stop calling it "httpdns". It is "DNS". Calling it "httpdns"
implies some relationship to HTTP other than just stealing the port number.

There is actually a protocol called HTTPDNS being designed
(<https://tools.ietf.org/html/draft-ietf-dnsop-dns-wireformat-http-00>).
Squid supports relaying that already because it uses real HTTP messages
on port 80.

Amos

More information about the squid-dev mailing list