[squid-users] acl / format code evaluation

Amos Jeffries squid3 at treenet.co.nz
Fri Nov 5 08:53:54 UTC 2021 

On 5/11/21 04:14, Jason Spashett wrote:
> Hello,
> 
> I am using squid 5, and after reading the following I have attempted
> to link the connect requests to the other requests within a TLS
> tunnel.
> 
> Can anyone tell me why this isn't working, and or when the log format
> codes get evaluated.

The logformat %macros get expanded any time Squid needs to use the 
format string containing them.


For your config snippet below



That means usually;
  - helper queries at several points processing each request/transaction,
  - each time those ACLs of yours are *checked*,
  - log outputs when each request finishes, and
  - deny_info URL generation for redirection.


> 
> Squid configuration
> -------------------
> #
> acl connection_id_acl annotate_client conn_id+="%master_xaction/%random"
> acl has_conn_id_acl note conn_id
> acl set_conn_id_once_acl any-of has_conn_id_acl connection_id_acl
> note "" "" set_conn_id_once_acl
> #
> logformat log time="%tl" conn_id=%{conn_id}note request_type=%>rm url=%>ru
> 
> log output
> ----------
> time="04/Nov/2021:14:54:19 +0000" conn_id=2550/Fh0Lje1
> request_type=CONNECT url=blog.jason.spashett.com:443
> time="04/Nov/2021:14:54:19 +0000" conn_id=2550/e5sVhqi
> request_type=GET
> url=https://blog.jason.spashett.com/minecraft-4k-ported-to-the-d-programming-language/
> time="04/Nov/2021:14:54:20 +0000" conn_id=2550/e5sVhqi
> request_type=GET url=https://blog.jason.spashett.com/css/main.css

This looks like its working to me.

  "2550/" is the TCP connection being handled.

  "2550/Fh0Lje1" is the CONNECT received via TCP.

  "2550/e5sVhqi" are the requests decoded from inside the CONNECT tunnel.


The problem you have is that the CONNECT request ceases to exist at the 
point it is accepted to be decrypted. The TLS handshake takes time - so 
the conn_id %random value you assigned to that CONNECT is long gone by 
the time the decrypted requests are received. We have several bugs open 
about this situation, but my fix has got stuck with QA rejections from 
other team memmbers.

Amos

More information about the squid-users mailing list