On 03/14/2012 01:08 PM, Henrik Nordström wrote: > ons 2012-03-14 klockan 09:35 -0300 skrev Marcus Kool: > >>> non-HTTP traffic do not fit URLs or ICAP either. How would you map an >>> SSH session? >> >> Sorry, I know virtually nothing about the internals of Squid so how >> to map it... I don't know. > > I am talking at the protocol level, ignoring Squid internals. I have > absolutely no idea how to map an SSH CONNECT tunnel to ICAP in a > meaningful manner.
Oh, come on! It is trivial to map a stream of bytes to ICAP and it will be both ICAP-compliant and meaningful to an ICAP service that knows about the mapping. As an extreme but simplest example, consider an ICAP client sending every single byte as a single ICAP request message, with the ICAP Encapsulated header set to req/resp-body=0. One tunnel byte. No embedded HTTP headers at all. Some ICAP header may contain a tunnel ID so that the service can stitch bytes together as needed. Unfortunately, most such mappings will be inefficient (and pointless unless the ICAP service knows what to do with them). Cheers, Alex.