I'm writing an external_acl helper for a project where we want to make decisions about choosing an outgoing address based on the destination of the connection. I've written a program that will take in an argument (from the acl) and has a %DST format.
However, in my testing, it's never used. It starts up, because I set children-startup=1, but looking at the log I'm never seeing any of the debugging printf's I put in it that I do see if I run it by hand and feed it data.
I noticed inside of forward.cc, in getOutgoingAddress, the ACL checking it's doing calls cf->fastCheck(). Does that mean that it will avoid calling "slow" acl mechanisms for some reason? Or am I inferring too much?
Either way, I wanted to ask, because I can tell that I'm seeing connections and it's trying to choose an outgoing address, but seems to never choose the ones attached to the external_acl helper, and seems to never inquire of it.
Thanks.
- Chris
-- external_acl_type region children-startup=1 %DST /home/cross/ext_dest_acl -d acl ca_acl external region California acl in_acl external region Indiana tcp_outgoing_address 10.1.2.2 ca_acl tcp_outgoing_address 10.1.2.3 ca_acl tcp_outgoing_address 10.1.2.4 in_acl tcp_outgoing_address 10.1.2.48Received on Wed May 22 2013 - 15:48:22 MDT
This archive was generated by hypermail 2.2.0 : Thu May 23 2013 - 12:01:10 MDT