TCP client connections tagging is useful for faking various forms of
connection-based "authentication" when standard HTTP authentication
cannot be used. A URL rewriter or, external ACL helper may mark the
"authenticated" client connection to avoid going through
"authentication" steps during subsequent requests on the same connection
and to share connection "authentication" information with Squid ACLs,
other helpers, and logs.
After this change, Squid accepts optional clt_conn_id=ID pair from a
helper and associates the received ID with the client TCP connection.
Squid treats the received clt_conn_id=ID pair as a regular annotation,
but also keeps it across all requests on the same client connection. A
helper may update the client connection ID value during subsequent requests.
This patch documents the clt_conn_id key=value pair in cf.data.pre file
only for url rewriters. Because annotations are common to all helpers we
may want to make a special section at the beginning of cf.data.per for
all helpers. Suggestions are welcome.
I must also note that this patch adds an inconsistency. All annotation
key=values pairs received from helpers, accumulated to the existing key
notes values. The clt_conn_id=Id pair is always unique and replaces the
existing clt_conn_id=Id annotation pair.
We may want to make all annotations unique, or maybe implement a
configuration mechanism to define which annotations are overwriting
their previous values and which appending the new values.
This is a Measurement Factory project
Regards,
Christos
This archive was generated by hypermail 2.2.0 : Sat Jun 14 2014 - 12:00:11 MDT