Re: [squid-users] Extract session 5-tuples for HTTP requests in squid

From: Ahmed Talha Khan <auny87_at_gmail.com>
Date: Wed, 18 Apr 2012 17:41:24 +0500

On Wed, Apr 18, 2012 at 2:29 PM, Henrik Nordström
<henrik_at_henriknordstrom.net> wrote:
> ons 2012-04-18 klockan 14:03 +0500 skrev Ahmed Talha Khan:
>
>> Thanks for the info. I am aware but that these are TCP level
>> identifiers. I digged into it and saw that class HttpRequest has
>> members client_ip, host_ip, port and my_addr. Client_ip is very
>> obvious and i can see that the X-Client-IP field is populated with it.
>> What about the following fields
>>
>> host_ip: is this the ip of the origin server to which the request is
>> going? And will it remain same in the response?
>
> Not sure. Can't find any host_ip in my sources. Which version are you
> looking at?

The field name is host_addr in the HttpRequest class. I mistakenly
wrote host_ip. I am using 3.1.19 sources.

>
> But the destination server destination IP is not known until the request
> is forwarded, and then only if the request is forwarded directly and not
> via another proxy. Until then the destination is the requested host
> name.
What do you mean by until- then here? Does this have to do with the
vectoring point, ICAP coming in PRE_CACHE before the request going
out?

>
>> port: is this the port from which the request originated? Source port
>> of the request? What will be the value in response from the server?
>
> port is the port number from parsing the requested URL.
>
>> my_addr: This seems like the ip on which squid is listening. Correct
>> me if i am wrong
>
> Yes.
>
>> How to get destination port. It is either http (80) or https(443). But
>> how can i differentiate? How do i know what was the destination port
>> of the request?
>
> proxy requests are sent to the proxy, not the destination server. HTTP
> requests are addressed by the requested URL not IP:PORT.
>
> The URL tells which host name and port the request is targeted at.
>
> Regards
> Henrik
>

-- 
Regards,
-Ahmed Talha Khan
Received on Wed Apr 18 2012 - 12:41:31 MDT

This archive was generated by hypermail 2.2.0 : Wed Apr 18 2012 - 12:00:04 MDT