Re: Hi there from Alex Rousskov on 2006-11-21 (squid-dev)

From: Alex Rousskov <rousskov@dont-contact.us>
Date: Tue, 21 Nov 2006 13:23:47 -0700

On Mon, 2006-11-20 at 10:44 +0100, Henrik Nordstrom wrote:
> mån 2006-11-20 klockan 14:53 +1100 skrev Alex North:
> > Hi team squid,
> >
> > I'm an Australian developer working to integrate super-fast content
> > filtering (viruses, malware and so on) directly into squid. I want to
> > get as close to the wire as possible so we can afford deep content
> > inspection and still have squid run as fast as it does.
>
> Ok. There is several reasonable alternatives for doing this, depending
> on how tightly integrated you want to be.
>
> a) Go the Squid-3 path and implement the filtering using the client
> streams API provided there.
>
> b) Hook into Squid via ICAP. A bit more heavyweight, but also has the
> benefit of being proxy vendor agnostic and easier to scale if the
> filtering process as such is rather heavy or hard to fit into the
> non-blocking scheme of Squid.
>
> c) The old and somewhat unmaintained filter patches for Squid-2.x.

d) Write a Squid module that talks to Squid core using existing ICAP
hooks, but without network communication delays. Your code will,
essentially, provide an ICAP Xaction alternative. Your transaction
implementation will talk directly to your filtering library instead of
using TCP sockets to shovel data back and forth with a true ICAP server.

Compared to (a), a correctly implemented option (d) will benefit from
the rest of the ICAP infrastructure such as ICAP service selection and
bypass.

Compared to (b), option (d) avoids ICAP parsing and network/loopback
communication overheads. You also do not need an ICAP server with (d)
but with (b) you can plug into other proxies, including very fast
ones(*).

Compared to (c), option (d) does not waste resources on "old and
somewhat unmaintained" code.

Personally, I would do (b) because I would care about compatibility with
all other popular proxies out there. If you do not care and are willing
to sacrifice standard interfaces and modularity for ~10% response time
improvement, do (d) or (a). I do not know much about (a) though.

HTH,

Alex.
(*) If you decide on (b), there are a few generic ICAP servers to plug
your code into, <plug mode=shameless>including Traffic Spicer</plug>.
Received on Tue Nov 21 2006 - 13:24:54 MST

This archive was generated by hypermail pre-2.1.9 : Wed Nov 29 2006 - 12:00:05 MST