Scanning plugin help

[Chris Reynolds <sh...@gmail.com>]

Hi,

I am trying to write a Traffic Server plugin that will allow the
scanning of the request and response data and either let the data
through or block it.

Initially I read the headers in the INK_EVENT_HTTP_READ_REQUEST_HDR
and the INK_EVENT_HTTP_READ_RESPONSE_HDR hooks and then added
transform hooks so the data could be scanned. In the transform hooks I
buffered up the data and then scanned it. Once scanned the data was
either sent as it was or I created a new response that contained a
block page that was sent to the client instead.

This worked apart from the fact that I could not block requests. So I
then returned INK_EVENT_HTTP_ERROR from the
INK_EVENT_HTTP_READ_REQUEST_HDR if the URL or headers should be
blocked – and then returned a block page. This was OK but then I
realised that I could not block request data.

The only way it seems you can scan request data (i.e. POSTs) without
Traffic Server making a connection to the origin server is to use
InkHttpTxnIntercept. The problem with this approach is that you then
have to handle INK_EVENT_NET_ACCEPT and reading and writing of data to
the client by use INKVConnRead and INKVConnWrite and handling
INK_EVENT_VCONN_READ_READY, INK_EVENT_VCONN_WRITE_READY. This seems
quite low level and you do not have a transaction reference anymore.
The problem with this is that if the POST data should be let through
then there does not seem to be a way of continuing the original
transaction anymore. It seems that you have to open the connection
yourself to the origin server and send the request.

I have now created a much simpler plugin that always uses
InkHttpTxnIntercept  - looks up the host IP address (INKHostLookup),
connects to the origin server (INKNetConnect), buffers up all the
request and response data, and sends and receives this data from the
client and server by using the standard INKVConnRead and INKVConnWrite
methods. I already have classes that can buffer up and interpret HTTP
request and responses so I do not need to use the provided HTTP header
functions. This seems to be much simpler with no need for
transformation hooks (which seem to be designed to transform data –
not block it).

So my questions are:
1.	Is there any way of continuing the main HTTP transaction after
using InkHttpTxnIntercept if you do not want to block the request –
i.e. getting back to INK_EVENT_HTTP_SEND_REQUEST_HEADER? I did try and
keep the INK_EVENT_HTTP_SEND_REQUEST_HEADER active while reading
request data after calling InkHttpTxnIntercept but it was called as
soon as I called INKVConnRead.
2.	Is there any way of once data has been read in a transform hook to
not write the data but block the request at that point by writing data
back to the client?
3.	Is it better to just use the simpler solution with no
transformations?  The problem with this solution is that it will
probably lose some of the benefits of Traffic Server like server
connection pooling which I guess Traffic Server provides because I
will be manually opening the connections to the origin servers.
4.	Will the plugin be faster if I am not using transformation hooks
and using the more low level simpler solution?

Thank you for reading this rather long email and I hope someone can
provide some advice.