On 27/03/2017 3:15 p.m., 钱国正 wrote: >>> I want to know what's the >>> pinning.serverConnection mean? and what it is used for? > >> Before we dive into low-level details, please allow me to ask an >> important high-level question. Your answer may render those low-level >> detail irrelevant: > >>> I want to rewrite the on_unsupported_protocol to support tcp connection >>> (non-http protocol, called httpdns not readable, no http header) and >>> relay it the server. [...] I need assign the server's address and port > >> Where will your code get the server address and port from? If the answer >> is "from the received httpdns message header", then please do not abuse >> on_unsupported_protocol to support "httpdns". Instead, add proper >> support for httpdns (which may be limited to forwarding httpdns queries >> to the right server if such blind forwarding makes sense). > > No, I got it from `clientConnection->local`, the httpdns is just a tcp > connection to server with > specified protocol, not known to me, it is designed by its user, use 80 port > to transfer dns request. >
If you want port 80 to just be relayed through - dont send it to Squid. You will probably be able to identify the DNS packets with your firewall rules easier than Squid can tell it apart from a mangled HTTP message. >> BTW, can you post a link to the "httpdns" protocol specification (not >> API)? And what do you mean by "not readable"? > > > > It is not a standard protocol in RFC or some standard specification, just > some company use > 80 (default for http protocol) port to transfer dns request, they do this > because in China many > ISP would use they own dns server in different places which makes it slow > or unreachable to the some company's service. > Then please stop calling it "httpdns". It is "DNS". Calling it "httpdns" implies some relationship to HTTP other than just stealing the port number. There is actually a protocol called HTTPDNS being designed (<https://tools.ietf.org/html/draft-ietf-dnsop-dns-wireformat-http-00>). Squid supports relaying that already because it uses real HTTP messages on port 80. Amos _______________________________________________ squid-dev mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-dev
