On 03/14/2012 01:08 PM, Henrik Nordström wrote:
> ons 2012-03-14 klockan 09:35 -0300 skrev Marcus Kool:
>
>>> non-HTTP traffic do not fit URLs or ICAP either. How would you map an
>>> SSH session?
>>
>> Sorry, I know virtually nothing about the internals of Squid so how
>> to map it... I don't know.
>
> I am talking at the protocol level, ignoring Squid internals. I have
> absolutely no idea how to map an SSH CONNECT tunnel to ICAP in a
> meaningful manner.
Oh, come on! It is trivial to map a stream of bytes to ICAP and it will
be both ICAP-compliant and meaningful to an ICAP service that knows
about the mapping. As an extreme but simplest example, consider an ICAP
client sending every single byte as a single ICAP request message, with
the ICAP Encapsulated header set to req/resp-body=0. One tunnel byte. No
embedded HTTP headers at all.
Some ICAP header may contain a tunnel ID so that the service can stitch
bytes together as needed.
Unfortunately, most such mappings will be inefficient (and pointless
unless the ICAP service knows what to do with them).
Cheers,
Alex.
Received on Fri Mar 16 2012 - 23:14:23 MDT
This archive was generated by hypermail 2.2.0 : Sat Mar 17 2012 - 12:00:10 MDT