On 05/28/2013 10:43 AM, Chris Ross wrote: > On May 22, 2013, at 12:55 , Alex Rousskov wrote: >> If your external ACL can make a decision earlier (e.g., during >> http_access checks), then you can use helper annotations API to record >> that external ACL decision as annotations and then use a "note" ACL to >> pick the right outgoing address depending on the previously recorded >> annotations. The "note" ACL is fast.
> The outstanding question is how to have an external_acl helper, assumedly > called by an http_access line, return the annotation to then later be matched > with a "note" acl ? This was the mechanism you were suggesting, correct? Correct. The external ACL would need to add a key=value pair to its result line. Squid interprets kv-pairs it does not understand as annotations. For example, the following external ACL helper response contains a note1_ annotation with a value of value1: OK note1_=value1 > If you have a quick pointer to the mechanism needed to return a note > from the external_acl helper, that would be appreciated. This would be > the "helper annotations API" you referred to, I presume. Thank you. http://wiki.squid-cache.org/Features/AddonHelpers#Access_Control_.28ACL.29 I am not sure the above explicitly documents how custom annotations are supported though. The usual disclaimers about running trunk code apply. For example, annotation values involving non-alphanumeric characters may be logged (or perhaps even processed) in a funny way right now. HTH, Alex.
