Re: [squid-users] Marking outgoing packets
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/02/2015 1:35 p.m., Luis Miguel Silva wrote: > That's GREAT Amos, > > Where can I learn more about it? Can you point me to some > documentation? I was able to find this here: > http://www.eu.squid-cache.org/Doc/config/note/ > http://www.squid-cache.org/Versions/v3/3.4/RELEASENOTES.html#ss2.5 > It does seem that I could use this to note to tag things to an ACL > but it isn't clear to me how to use it (especially leveraging > I-CAP). Amos -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJU2rtOAAoJELJo5wb/XPRjg6sH/jwZnWyQ9AQ2H4zI7XM3QDrx RrUIdFPE2fiiZ3kLxcA312AwPaD4xXET/dt6m01aKKXy0kITybyMu26ql51Fx8Qy vrTEC5c168QqIFpYj9w/Fw6qAlDXD+FM7MtGUfQsolgk4f79AdFYNH/ELoiaQ/KY zNhMEhXzfDLgOCdzwgxyAu/2Z3nhlK4QuAOzXrmW9QmeIz1eU1pgn4VvBhuXHV3E hFI8glD6EF/30U9N1Xioh6yLnfua7ZgH4CJXxTRw3uRGtuuDHLo7dmGULVRlm6ha mUf/26tNYl+palLPOrII2ariEEnKAX7kxTAMuHw1icyYpxaNWb6YcDjDVyJu1pE= =QrGI -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Marking outgoing packets
That's GREAT Amos, Where can I learn more about it? Can you point me to some documentation? I was able to find this here: http://www.eu.squid-cache.org/Doc/config/note/ It does seem that I could use this to note to tag things to an ACL but it isn't clear to me how to use it (especially leveraging I-CAP). Thank you, Luis On Tue, Feb 10, 2015 at 3:21 PM, Amos Jeffries wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 11/02/2015 10:54 a.m., Yuri Voinov wrote: > > I think, the answer is 'no' without Squid code customization. > > > > I'm right, Amos? > > No your not ;-) > > We have this other really, REALLY cool feature of transaction > annotations. Where the squid helpers add little tags/notes to the > transaction and a "notes" type ACL can be used in any access control > list to decide things based on them. > > There is ICAP involvement too, but I'm only (halfway) sure about the > fact that notes get sent to ICAP. Not about what comes out. > > Amos > -BEGIN PGP SIGNATURE- > Version: GnuPG v2.0.22 (MingW32) > > iQEcBAEBAgAGBQJU2oRVAAoJELJo5wb/XPRj2QsH/A+In1a7ljaop/GhP1t1abTz > 33xPQwWfYtKiLEspX1/uDTGWJyklRkmV45c+31y5zIa2OUIU23B8xPABr8bqHQaZ > MtwB1FliT4CO/2lpNBwKgkCnl3C2LzbwIvI8ZC0NRukqL1drgDFSVUwoKuLmUs4n > 9+6I8o/rBYfy7aBsewCdkZoQzB5tD/oicgDT9r6WftutqVPdFA5E9tZtUgGoG9OX > J/6scu8rWU+2iTCrNZNM/0md6QMsnBVTIT3DYMznusnNrf+0sqSSR5PP2jyVbFdW > XQB8K7nfC1vNDxbicnPTEjLHnDqruMHjgLMr4u6Uy0JufuesJlnjPdpV4L0CN80= > =yyCw > -END PGP SIGNATURE- > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Marking outgoing packets
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wow, I have forgotten about this. It is really cool feature! 11.02.15 4:21, Amos Jeffries пишет: > On 11/02/2015 10:54 a.m., Yuri Voinov wrote: >> I think, the answer is 'no' without Squid code customization. > >> I'm right, Amos? > > No your not ;-) > > We have this other really, REALLY cool feature of transaction > annotations. Where the squid helpers add little tags/notes to the > transaction and a "notes" type ACL can be used in any access > control list to decide things based on them. > > There is ICAP involvement too, but I'm only (halfway) sure about > the fact that notes get sent to ICAP. Not about what comes out. Aha, so adapter must do it? > > Amos ___ squid-users > mailing list squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBAgAGBQJU2oVVAAoJENNXIZxhPexG1foH/jqM48Xi8Xl2ZIZ7MCssJL90 4aiM+zrgmkV0RK50G14X4PHUKd0yhGPTZSXKmcKSzSgnI4r9YQXdt+TyHCd3YqNm QsC7c8Z/ZuFP1V9NLT/m6vCaqrQD4/YCuxGt8vqbEvGsBfykEqlro8552wScVxzI 2z+ZZOL5WiqmdqGEuHAo+IN/DIb4Etm8sUgrgqiizpuJcyCpbqA0wzWkC1ScgtBR 47OoFG6ytWA7tUXOArpw+843lR2NRhZyhRnc52gymJsDWh/8d0RIQ4xvUzDGHRTx 3zyhaT+SPofznejRDED8klA8QkEUowhO4wzTPkrfEWa3IUTkS97lsiSLIZT+58k= =a+yK -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Marking outgoing packets
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/02/2015 10:54 a.m., Yuri Voinov wrote: > I think, the answer is 'no' without Squid code customization. > > I'm right, Amos? No your not ;-) We have this other really, REALLY cool feature of transaction annotations. Where the squid helpers add little tags/notes to the transaction and a "notes" type ACL can be used in any access control list to decide things based on them. There is ICAP involvement too, but I'm only (halfway) sure about the fact that notes get sent to ICAP. Not about what comes out. Amos -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJU2oRVAAoJELJo5wb/XPRj2QsH/A+In1a7ljaop/GhP1t1abTz 33xPQwWfYtKiLEspX1/uDTGWJyklRkmV45c+31y5zIa2OUIU23B8xPABr8bqHQaZ MtwB1FliT4CO/2lpNBwKgkCnl3C2LzbwIvI8ZC0NRukqL1drgDFSVUwoKuLmUs4n 9+6I8o/rBYfy7aBsewCdkZoQzB5tD/oicgDT9r6WftutqVPdFA5E9tZtUgGoG9OX J/6scu8rWU+2iTCrNZNM/0md6QMsnBVTIT3DYMznusnNrf+0sqSSR5PP2jyVbFdW XQB8K7nfC1vNDxbicnPTEjLHnDqruMHjgLMr4u6Uy0JufuesJlnjPdpV4L0CN80= =yyCw -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Marking outgoing packets
Anyway to work around that? (e.g. based on the output of the c-ical call, make the request land on a certain ACL?) On Tue, Feb 10, 2015 at 2:54 PM, Yuri Voinov wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > I think, the answer is 'no' without Squid code customization. > > I'm right, Amos? > > 11.02.15 3:52, Luis Miguel Silva пишет: > > Dear all, > > > > I just found this REALLY cool feature that allows you to mark > > packets for Netfilter to then intercept and handle: > > http://www.squid-cache.org/Doc/config/tcp_outgoing_mark/ > > > > What I was wondering was, is there a way for us to mark based on a > > ICAP filter or redirect_program output? > > > > The objective would be to, depending on a decision made by the ICAP > > filter, mark a packet so we could apply different firewall rules to > > it. > > > > Thank you, Luis > > > > > > > > ___ squid-users mailing > > list squid-users@lists.squid-cache.org > > http://lists.squid-cache.org/listinfo/squid-users > > > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBAgAGBQJU2n4oAAoJENNXIZxhPexGOJAH/A6pXiGW+m019m+MQ9tfzJb3 > PBCsOwzsjfk+6nteaSH0/jX2Fg+sruHfrGDz51v2rR0IjAISEDSDIQcfE70Fq8RS > C/Hqi/oa9xgy+e3Wv3sylSALi6Mrs9CFqxj+1RQJszA/D6YP1c6SZm9WMspurSrf > 2srmVVb3u0gifESQyWBN2d/IYDknG/7wpdSfXFRkLJLuZUUh+g+V0Pu6aZVhvska > 8QaZDhDGiJ9aUuBY1YxfMj4sNigusKmwNTy8tm4pd+TWB37oBHudSzECrKk1AUjF > 06K2lbMXUF67QrFA8PiyFLHI7wdNltSd8zOWfh7mQXjg6Hjqg1IFj45Eyns7lQY= > =cMOr > -END PGP SIGNATURE- > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Marking outgoing packets
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I think, the answer is 'no' without Squid code customization. I'm right, Amos? 11.02.15 3:52, Luis Miguel Silva пишет: > Dear all, > > I just found this REALLY cool feature that allows you to mark > packets for Netfilter to then intercept and handle: > http://www.squid-cache.org/Doc/config/tcp_outgoing_mark/ > > What I was wondering was, is there a way for us to mark based on a > ICAP filter or redirect_program output? > > The objective would be to, depending on a decision made by the ICAP > filter, mark a packet so we could apply different firewall rules to > it. > > Thank you, Luis > > > > ___ squid-users mailing > list squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBAgAGBQJU2n4oAAoJENNXIZxhPexGOJAH/A6pXiGW+m019m+MQ9tfzJb3 PBCsOwzsjfk+6nteaSH0/jX2Fg+sruHfrGDz51v2rR0IjAISEDSDIQcfE70Fq8RS C/Hqi/oa9xgy+e3Wv3sylSALi6Mrs9CFqxj+1RQJszA/D6YP1c6SZm9WMspurSrf 2srmVVb3u0gifESQyWBN2d/IYDknG/7wpdSfXFRkLJLuZUUh+g+V0Pu6aZVhvska 8QaZDhDGiJ9aUuBY1YxfMj4sNigusKmwNTy8tm4pd+TWB37oBHudSzECrKk1AUjF 06K2lbMXUF67QrFA8PiyFLHI7wdNltSd8zOWfh7mQXjg6Hjqg1IFj45Eyns7lQY= =cMOr -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
