I'm writing an external_acl helper for a project where we want to make
decisions about choosing an outgoing address based on the destination of the
connection. I've written a program that will take in an argument (from the
acl) and has a %DST format.
However, in my testing, it's never used. It starts up, because I set
children-startup=1, but looking at the log I'm never seeing any of the
debugging printf's I put in it that I do see if I run it by hand and feed it
data.
I noticed inside of forward.cc, in getOutgoingAddress, the ACL checking it's
doing calls cf->fastCheck(). Does that mean that it will avoid calling "slow"
acl mechanisms for some reason? Or am I inferring too much?
Either way, I wanted to ask, because I can tell that I'm seeing connections
and it's trying to choose an outgoing address, but seems to never choose the
ones attached to the external_acl helper, and seems to never inquire of it.
Thanks.
- Chris
--
external_acl_type region children-startup=1 %DST /home/cross/ext_dest_acl -d
acl ca_acl external region California
acl in_acl external region Indiana
tcp_outgoing_address 10.1.2.2 ca_acl
tcp_outgoing_address 10.1.2.3 ca_acl
tcp_outgoing_address 10.1.2.4 in_acl
tcp_outgoing_address 10.1.2.48
