Re: %la and intercepted connections from Amos Jeffries on 2011-05-20 (squid-dev)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 21 May 2011 12:09:39 +1200

On 21/05/11 07:53, Alex Rousskov wrote:
> On 05/20/2011 12:16 AM, Amos Jeffries wrote:
>> On 20/05/11 04:00, Alex Rousskov wrote:
>>> Hello,
>>>
>>> %la logs the destination address of the HTTP client connection. For
>>> regular requests, this is the http_port address as promised by our
>>> squid.conf documentation quoted below. For intercepted requests, it
>>> appears to be the origin server address because that is where the
>>> connection was going.
>>>
>>>> <A Server IP address or peer name
>>>> la Local IP address (http_port)
>>>> lp Local port number (http_port)
>
>>> Should we fix documentation (i.e., warn the admin that %la logs origin
>>> server addresses for intercepted requests) or implementation (i.e., log
>>> the actual local address used by Squid to intercept the request)?
>
>> IMO. Implementation. With NAT there is no "local" IP:port. The more we
>> can make that clear the better.
>
> Sorry, the combination of "fix implementation" and "there is no local
> IP:port" confuses me. Do you mean that Squid should log a dash as a %la
> value for intercepted requests?

Yes exactly that.

>
> To clarify context, folks want to know which Squid and/or which Squid
> http_port handled the transaction. In my experience, that is the primary
> driver behind most %l* or "local" requests. Logging a dash for
> intercepted requests would not help these admins, but we can insist that
> that is the correct value and then suggest another way to distinguish
> Squid instances and/or http_ports.

When a box has 2 IPs NATing 4 subnets. Which one is arriving at:
"http_port 1234 intercept".

The OS socket API give us box primary IP (~50% wrong), fail, or the
client original destination.

>
> What do you think we should log for %la when the connection was
> intercepted by Squid?

"-" in most cases.

*If* there is an IP in the squid.conf details, that can be displayed.

Same limitations occur for %lp, but with the guarantee that the config
file at least always has a port number available.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.12
   Beta testers wanted for 3.2.0.7 and 3.1.12.1

Received on Sat May 21 2011 - 00:09:45 MDT

This archive was generated by hypermail 2.2.0 : Sat May 21 2011 - 12:00:04 MDT