Example for a working(but not really perfect) ECAP module.

Eliezer Croitoru eliezer at ngtech.co.il
Wed Sep 16 19:19:56 UTC 2015 

Hey,

With Alex help I was able to track my way and write an ECAP module that 
is based on the sample adapters.
The code is at:
http://paste.ngtech.co.il/p0nsaq6lb

I will describe the functionality:
I have an ACL server which works per url.
So each request that is being tested by the module is being tested using 
HTTP based on curl library against the ACL server.
The module then defaults to allow the request unless the ACL server 
response with an "ERR" at the beginning of the response.
I must admit that on my tests the ECAP module based on the libcurl is 
performing slower then an external_acl I wrote in golang.
The reasons for the slow operations are unknown and needs better testing.

Settings that are being used with the helper in squid:
##ECAP TESTS SETTINGS
loadable_modules /usr/local/lib/ecap_adapter_minimal.so
ecap_enable on
ecap_service ecapModifier reqmod_precache 
uri=ecap://e-cap.org/ecap/services/sample/minimal
adaptation_access ecapModifier allow all
##END

 From unknown reason I was unable to use the squid debugging and have 
used syslog for that.
TODO:
  - add a debug variable
  - add reconfiguring methods
  - test what is slowing down the service
  - Test and try with memcached
  - Test and try with TokyoCabinet
  - Test and try with Mysql
  - Test and try to work with Redis
  - Test and try work with LDAP

This module is an equivalent of external_acl helper which uses only the 
url to test couple things.
I am missing the understanding of how to get the request IP or any other 
details which are out of the scope of the request itself.
This module structure might be good for something like:
- Session helper
- url filtering
- ACL module
- Authorization helpers(radius, mysql, ldap etc)

The code comes from me which is not a c++ expert and there for I missed 
lots of things.

To build the module you need to put the code in the examples 
src/adapter_minimal.cc file
and then compile it with a special lib for curl which means that the 
steps to build are:
$ LIBS="-lcurl" ./configure
$ make
$ make install

Notice that an ecap module unlike external_acl helper, doesn't 
implements cache by default and there for works slower in some cases.
In some cases is not recommended unless some caching is implemented 
inside the module.

Eliezer

More information about the Users mailing list