Re: A few patches

From: Adrian Chadd <>
Date: Tue, 13 Mar 2007 15:58:50 +0800

On Tue, Mar 13, 2007, Steven Wilton wrote:

> Good point. The only problem is that (under Linux at least) we can't find
> out the original destination port (ie if traffic destined for port 80 is
> redirected to port 3128). Would you suggest this as a configuration option
> on a per-port basis? (ie squid can listen to multiple ports, and the port
> that the connection arrives on is used to determine the destination port).

What, this isn't accessible via clientNatLookup() ? Hm! I'm sure I've seen
it supported somehow/somewhere.

> > Make this configurable though. You don't want to allow people
> > to tunnel non-resolvable
> > stuff through without the administrator explicitly deciding to.
> You need to have an ACL that allows CONNECT requests destined for port 80,
> otherwise you will get an ACL denied message :)

Again, its a cute hack, and definitely something I'd like to see supported
in future Squid-2.6 versions.

> If there's no objections to applying this change (in principle), I'll
> re-work it to extend commConnectStart().

Certainly not from me, as long as there's a configuration knob that
defaults to off (and we've got somewhere clearly documented which
knobs to turn on to get better transparency behaviour.)

Received on Tue Mar 13 2007 - 01:49:41 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Apr 01 2007 - 12:00:01 MDT