Squid-Based Traffic Control and Management System

When Web traffic became a major use of the organization's network, this university put in a control system to track and limit access, using the open-source Squid caching system.

Thus, the mechanism is quite simple. Figure 2 shows the simple client request processing diagram from the point of view of our system. Each client request contains the user authentication information, including the user name. The function clientdbUpdate_sb() searches for the ClientInfo_sb record, which corresponds to the user name obtained from the request. In the case of the absence of such a record, it adds the new ClientInfo_sb record using the information from the authority files. If users exceed their limit, they are disconnected immediately with the function comm_close(). The call of the function clientdbEstablished_sb() is also used to control the number of client requests and to save current user information into the authority files every SB_MAX_COUNT requests. The authority files are called passwd and group analogously to the UNIX files. The passwd file contains the user information, and the group file contains the user group information. Here are the descriptive samples:

#<name>:<full name>:<group id>:
#<current limit value>:<last limit update time>

tagir:Tagir Bakirov:1:6567561:12346237467

#<name>:<full name>:<group id>:
#<group limit value>:<group limit type>

users:BSPU users:1:10000000:D

Figure 2. Simple Client Request Processing Diagram

There are three types of limit: D (daily), W (weekly) and M (monthly). The passwd and group filenames and paths can be set in the Squid configuration file squid.conf. This was implemented by modifying the structure of the squid.conf template file and the structure of the Squid configuration structure.

Here are the other slight changes in the Squid source code:

  • Global functions definition in the file src/protos.h.

  • ClientInfo_sb structure type definition in the file src/typedefs.h.

  • ClientInfo_sb structure identifier declaration in the structure list in the file src/enums.h.

  • ClientInfo_sb structure initialization in the memory allocation procedure memInit() in the file src/mem.c.

All of these changes are made analogously to the code, maintaining the original client per-IP database. We hope everything was done right.

Looking through our modifications, you may have noticed that all the code is put into the conditional compilation blocks (#ifdef SB_INCLUDE ... #endif). The variable SB_INCLUDE is declared when the parameter --enable-sbclientdb is included into the command line of the Squid configure script. This was made by recompiling the configure.in script with autoconf after putting in some slight modifications.