Re: [squid-users] websocket with sslbump
On 10/03/21 8:41 pm, Niels Hofmans wrote: Hi Alex, Thank you for your response. I’ll be opening up a Bugzilla ticket for opaque messages through ICAP if it doesn’t exist already. Related to the squid 5.x, I’ve reached out to the debian package maintainer last week for a binary install in the repos but no response as of yet. I did not see it on the team tracker. If you tried to contact Luigi directly he is fairly busy with other software's issues these days. It's usually me who is preparing the packages for Squid beta series and adding them to the Debian 'experimental' repository. I just have not had time this summer to do so. Not sure when I will be able to provide an ETA either, sorry. Debian itself is going through its usual preparations for the next Debian major version. So there will likely only be small changes to the Debian squid (and now squid-openssl !!) packages for the next months. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] websocket with sslbump
Hey Niels, I can help you with this if you need. I have a pre-compiled version and while it’s not a Debian packaged ie .deb file it’s a matter of unpacking the files into the FS. Also take a peek at the docker build: https://github.com/elico/squid-docker-build-nodes Let me know if you need this binaries, I can put them at: https://ngtech.co.il/repo/bin/debian/10.4/amd64/ Eliezer Eliezer Croitoru Tech Support Mobile: +972-5-28704261 Email: ngtech1...@gmail.com <mailto:ngtech1...@gmail.com> Zoom: Coming soon From: squid-users On Behalf Of Niels Hofmans Sent: Wednesday, March 10, 2021 9:42 AM To: Alex Rousskov Cc: Squid Users Subject: Re: [squid-users] websocket with sslbump Hi Alex, Thank you for your response. I’ll be opening up a Bugzilla ticket for opaque messages through ICAP if it doesn’t exist already. Related to the squid 5.x, I’ve reached out to the debian package maintainer last week for a binary install in the repos but no response as of yet. Best regards, Niels Hofmans SITE https://ironpeak.be BTW BE0694785660 BANK BE76068909740795 On 9 Mar 2021, at 16:58, Alex Rousskov mailto:rouss...@measurement-factory.com> > wrote: On 3/8/21 10:10 AM, Niels Hofmans wrote: During testing sslbump + icap I noticed that websockets (ws + was) are not supported by squid. (Even if using on_unsupported_protocol) Are there any plans for supporting this with sslbump? Your question can be misinterpreted in many different ways. I will answer the following related question instead: Q: Are there any plans for Squid to send tunneled traffic through adaptation services? The ICAP and eCAP protocols cannot support opaque/messageless traffic natively. Squid can be enhanced to wrap tunneled traffic into something resembling HTTP messages so that it can be analyzed using adaptation services (e.g., Squid applies similar wrapping to FTP traffic already). I recall occasional requests for such a feature. I am not aware of anybody working on that right now. https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F HTH, Alex. P.S. Latest Squids support forwarding websocket tunnels that use HTTP Upgrade mechanism (see http_upgrade_request_protocols in v5 squid.conf.documented). ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] websocket with sslbump
Hi Alex, Thank you for your response. I’ll be opening up a Bugzilla ticket for opaque messages through ICAP if it doesn’t exist already. Related to the squid 5.x, I’ve reached out to the debian package maintainer last week for a binary install in the repos but no response as of yet. Best regards, Niels Hofmans SITE https://ironpeak.be BTW BE0694785660 BANK BE76068909740795 On 9 Mar 2021, at 16:58, Alex Rousskov wrote: On 3/8/21 10:10 AM, Niels Hofmans wrote: > During testing sslbump + icap I noticed that websockets (ws + was) are > not supported by squid. (Even if using on_unsupported_protocol) > Are there any plans for supporting this with sslbump? Your question can be misinterpreted in many different ways. I will answer the following related question instead: Q: Are there any plans for Squid to send tunneled traffic through adaptation services? The ICAP and eCAP protocols cannot support opaque/messageless traffic natively. Squid can be enhanced to wrap tunneled traffic into something resembling HTTP messages so that it can be analyzed using adaptation services (e.g., Squid applies similar wrapping to FTP traffic already). I recall occasional requests for such a feature. I am not aware of anybody working on that right now. https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F HTH, Alex. P.S. Latest Squids support forwarding websocket tunnels that use HTTP Upgrade mechanism (see http_upgrade_request_protocols in v5 squid.conf.documented). ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] websocket with sslbump
On 3/8/21 10:10 AM, Niels Hofmans wrote: > During testing sslbump + icap I noticed that websockets (ws + was) are > not supported by squid. (Even if using on_unsupported_protocol) > Are there any plans for supporting this with sslbump? Your question can be misinterpreted in many different ways. I will answer the following related question instead: Q: Are there any plans for Squid to send tunneled traffic through adaptation services? The ICAP and eCAP protocols cannot support opaque/messageless traffic natively. Squid can be enhanced to wrap tunneled traffic into something resembling HTTP messages so that it can be analyzed using adaptation services (e.g., Squid applies similar wrapping to FTP traffic already). I recall occasional requests for such a feature. I am not aware of anybody working on that right now. https://wiki.squid-cache.org/SquidFaq/AboutSquid#How_to_add_a_new_Squid_feature.2C_enhance.2C_of_fix_something.3F HTH, Alex. P.S. Latest Squids support forwarding websocket tunnels that use HTTP Upgrade mechanism (see http_upgrade_request_protocols in v5 squid.conf.documented). ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
