Re: [RFC] Peek and Splice

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Sun, 03 Feb 2013 13:44:32 -0700

On 02/03/2013 01:19 PM, Marcus Kool wrote:
> On 02/01/2013 03:00 PM, Alex Rousskov wrote:
>> I agree with the general "everything we proxy should be available for
>> analysis" principle. Getting to that point would be difficult because
>> protocols and APIs such as ICAP, eCAP, external ACL helper, and
>> url_rewriter were not designed to deal with "everything". They need to
>> be tweaked or extended to work with non-HTTP traffic. We already do that
>> in some cases (e.g., FTP) but more is needed to handle "everything".
>
> And that is exactly why I try to encourage you to implement about it now
> since doing this together with the planned change is less work than
> moving it to a future project.

The overlap between "peek and splice" and "analyze everything" projects
is tiny. The "analyze everything" project is very big on its own, with
serious coordination overheads to get ICAP and eCAP folks participating
if you want to do it right. I would not recommend merging the two
projects together (and my team would certainly not be able to do that).

> As a bonus it will make Squid one of the very few proxies which
> takes virus scanning and content filtering really seriously.

If the demand is there, I am sure somebody will eventually make
"analyze everything" happen, possibly in multiple small steps. And if
several virus scanning and content filtering players come together for
that project, we may even pull something comprehensive and compatible
with most popular analysis software in that area.

Cheers,

Alex.
Received on Sun Feb 03 2013 - 20:44:40 MST

This archive was generated by hypermail 2.2.0 : Mon Feb 04 2013 - 12:00:15 MST