[squid-users] deny_info and squid's own IP address?

Wed May 2 15:01:56 UTC 2018

On Wednesday 02 May 2018 10:05 AM, Amos Jeffries wrote:
> On 02/05/18 16:20, Amish wrote:
>> Does request->masterXaction->tcpClient->local hold Squid IP incase of
>> intercepted traffic too?
> The listening address (if any) will be in
> request->masterXaction->squidPort->listenConn->local instead. It has no
> relation to the client TCP connection and may be :: or 0.0.0.0.
>   In this chain case request, squidPort, and listenConn may be nil.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

I am getting confused actually.

Squid 3.5
http://www.squid-cache.org/Versions/v3/3.5/cfgman/external_acl_type.html

Above says %MYADDR = Squid interface address

Squid 4 (external_acl_type uses logformat FORMATs)
And http://www.squid-cache.org/Doc/config/logformat/

This says %la = Local listening IP address the client connection was 
connected to

So description of %MYADDR and %la is different, but from source code 
(src/format/Token.cc) both appear to be same thing i.e. 
LFT_LOCAL_LISTENING_IP

But the code in Format.cc looks complicated then simple one line:

         case LFT_LOCAL_LISTENING_IP: {
             // avoid logging a dash if we have reliable info
             const bool interceptedAtKnownPort = al->request ?
(al->request->flags.interceptTproxy ||
al->request->flags.intercepted) && al->cache.port != NULL :
                                                 false;
             if (interceptedAtKnownPort) {
                 const bool portAddressConfigured = 
!al->cache.port->s.isAnyAddr();
                 if (portAddressConfigured)
                     out = al->cache.port->s.toStr(tmp, sizeof(tmp));
             } else if (al->tcpClient != NULL)
                 out = al->tcpClient->local.toStr(tmp, sizeof(tmp));
         }

So which is right way? Above code which considers interception too?

OR one of the lines below?

request->masterXaction->tcpClient->local
request->masterXaction->squidPort->listenConn->local

i.e. something like (in errorpage.cc)
case 'A':
     if (request && request->masterXaction->squidPort && 
request->masterXaction->squidPort->listenConn)
         mb.appendf("%s", 
request->masterXaction->squidPort->listenConn->local.toStr(ntoabuf,MAX_IPSTRLEN));
     else
         mb.appendf("%s", getMyHostname());

Note: Here %A would be same as %h if required information is not available.

Amish.

PS: Off for few days vacation - so may not be able to reply
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180502/9176e421/attachment.html>