Re: SquidShell,any ideas/suggestions?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 11 Aug 2011 21:14:01 +1200

On 11/08/11 19:15, Kinkie wrote:
>> Yes, that is a good option as well. Compared to using cache manager, we
>> would gain easier message parsing and some efficiency. We would lose:
>> - remote access ability (UDS are local);
>> - reusable access controls (there are no Coordinator ACLs for now);
>> - management transaction logging (no Coordinator actions log for now);
>> - a better understood firewall-friendly text-based protocol (HTTP+CGI
>> query strings compared to undocumented UDS Coordinator messages).
>>
>> Since performance is not an issue here, it feels like using cache
>> manager HTTP interface would be an overall better approach, especially
>> if we want non-programmers to be able to script beautiful yet
>> secure/traceable interfaces.
>
> I completely second Alex' idea.

Okay. I can go with that.

>
> To bring it one step forward, it would feel good to try and unify the
> data-collection API between CacheMgr and SNMP, so that the same
> callbacks are invoked for the various components, and have components
> return a structured language-neutral description of the data, to be
> rendered by the management framework into text, html, xml, json or
> SNMP.
>

I've been thinking about that since you first mentioned it.

The format changes required then have gone in now which makes the
alteration a little less tricky. I can send you at my txt vs html
experimental patch if you want a look at how it goes.

The remaining problems are:
  ** OID permanence. Once set we can't change them. So we need to be
very careful and planning out the report structure.

  ** Available SNMP types. Lack of 64-bit types is already hitting us in
a bad way. The mgr reports will need a lot of 64-bit or double types to
be displayed. Which the SNMPv2c library we have can't do.

  I would start by adding mgr text reports that match the existing SNMP
views (the grid sub-sections of
http://wiki.squid-cache.org/Features/Snmp#Squid_OIDs). Which will let
you crop the SNMP actions.

I guess its overdue time to fix that ipc<>mgr dependency loop and add
action Subscriptions too. :(

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.14
   Beta testers wanted for 3.2.0.10
Received on Thu Aug 11 2011 - 09:14:14 MDT

This archive was generated by hypermail 2.2.0 : Sun Aug 14 2011 - 12:00:06 MDT