Adam wrote:
> Hello
> I have simple external perl helper program
>
> #!/usr/bin/perl
> $| = 1;
> open(LOG, ">/tmp/squid.log");
> print LOG "RUNNING\n";
> close(LOG);
> while(defined($line = <STDIN>)){
> print "OK\n";
> open(LOG, ">>/tmp/squid.log");
> print LOG "Got: $line\n";
> close(LOG);
> }
>
> It should always returns OK
> -------
> In squid.conf there is external_acl_type definition
>
> external_acl_type testacl ttl=0 children=1 %SRC /usr/bin/test.pl
> acl testacl_ext external testacl
>
> It works fine with http_acces
>
> http_access allow testacl_ext
> -------
> 2009/05/10 15:17:36.382| ACLChecklist::preCheck: 0xa295d50 checking
> 'http_access allow testacl_ext'
> 2009/05/10 15:17:36.382| ACLList::matches: checking testacl_ext
> 2009/05/10 15:17:36.383| ACL::checklistMatches: checking 'testacl_ext'
> 2009/05/10 15:17:36.383| aclMatchExternal: acl="testacl"
> 2009/05/10 15:17:36.383| cbdWhataReferenceValid: 0xa2a1f98
> 2009/05/10 15:17:36.383| cbdataUnlock: 0xa2a1f98=0
> 2009/05/10 15:17:36.383| aclMatchExternal: testacl = 1
> 2009/05/10 15:17:36.383| ACL::ChecklistMatches: result for 'testacl_ext'
> is 1
> 2009/05/10 15:17:36.383| ACLList::matches: result is true
> -------
> BUT when this acl is invoked from tcp_outgoing_address
>
> tcp_outgoing_address 10.10.12.12 testacl_ext
> -------
> 2009/05/10 15:19:48.406| ACLList::matches: checking testacl_ext
> 2009/05/10 15:19:48.406| ACL::checklistMatches: checking 'testacl_ext'
> 2009/05/10 15:19:48.406| aclMatchExternal: acl="testacl"
> 2009/05/10 15:19:48.407| aclMatchExternal: testacl("127.0.0.1") = lookup
> needed
> 2009/05/10 15:19:48.407| aclMatchExternal: "127.0.0.1": entry=@0, age=0
> 2009/05/10 15:19:48.407| aclMatchExternal: "127.0.0.1": queueing a call.
> 2009/05/10 15:19:48.407| aclMatchExternal: "127.0.0.1": return -1.
> 2009/05/10 15:19:48.407| ACL::ChecklistMatches: result for 'testacl_ext'
> is -1
> 2009/05/10 15:19:48.407| ACLList::matches: result is false
> --------
>
> it just like not executing helper and returns false everytime
>
> So please anybody ! Help me :D
The *_access lines are broken down into two groups:
- Slow - are able to spend some time waiting for a result. These can
do external lookups, auth etc.
- Fast - must return a result immediately. No delays are acceptable.
Only connection-related or pre-cached data are usable.
Selection of the outgoing IP is a 'fast' type.
You will need to cache the helper lookup for some time (ttl= ,
negative_ttl=) and perform its test in a slow Access control , such as
http_access before it can be used in tcp_outgoing_address.
Amos
-- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE15 Current Beta Squid 3.1.0.7Received on Sun May 10 2009 - 13:36:55 MDT
This archive was generated by hypermail 2.2.0 : Mon May 11 2009 - 12:00:01 MDT