[squid-dev] RFC: tls_key_log: report TLS pre-master secrets, other key material

Hello, I propose to add a new tls_key_log directive to record TLS pre-master secret (and related encryption details) for to- and from-Squid TLS connections. This very useful triage feature is common for browsers and some networking tools. Wireshark supports it[1]. You might know it as

Re: [squid-dev] External ACL Feed, helper?

the official Squid repository. Cheers, Alex. > -----Original Message- > From: Alex Rousskov [mailto:rouss...@measurement-factory.com] > Sent: Tuesday, July 7, 2020 4:54 PM > To: Eliezer Croitor; squid-dev@lists.squid-cache.org > Subject: Re: [squid-dev] External ACL Feed, helper?

Re: [squid-dev] External ACL Feed, helper?

On 7/7/20 1:08 AM, Eliezer Croitor wrote: > I think that many proxy admins would like to have a script that will > help them to update their ACLs from a feed. > > Ie they have a DB or a GIT repository that contains their ACLs data like > IP addresses, domain names, sni patterns etc. * External

Re: [squid-dev] RFC: making TrieNode less memory-hungry

On 6/19/20 5:13 PM, Francesco Chemolli wrote: >   I'm looking at the TrieNode code, and while it's super fast, it's > quite memory-hungry: each node uses 2kb of RAM for the children index > and any moderately-sized Trie has plenty of nodes. On the upside, it's > blazing fast. In Squid, TrieNode

Re: [squid-dev] Proposed focus for Squid-6

On 6/30/20 6:59 PM, Amos Jeffries wrote: > I have been asked a few weeks ago about what the "goal for Squid-6" is > going to be. What does it mean to claim that "Squid v6 goal is X"? Does "reaching X" become a precondition for the v6 release? Something else? Our RoadMap page talks of _features_

Re: [squid-dev] RFC: Modernizing sources using clang-tidy

On 5/30/20 3:22 PM, Amos Jeffries wrote: > On 20/04/20 2:02 pm, Alex Rousskov wrote: >> Squid sources contain a lot of poorly written, obsolete, and >> inconsistent code that (objectively) complicates development and >> (unfortunately) increases tensions among dev

Re: [squid-dev] cppunit -> googletest / gmock?

On 5/31/20 3:05 PM, Francesco Chemolli wrote: > - https://stackoverflow.com/questions/7922289/googletest-vs-cppun > it-the-facts > - trivial but it builds up: not generally necessary to have .h and .cc > for simple cases > - comparison > table: 

Re: [squid-dev] cppunit -> googletest / gmock?

On 5/30/20 2:36 PM, Amos Jeffries wrote: > On 31/05/20 5:27 am, Francesco Chemolli wrote: >> starting from a PR in a conversation with Alex about our current >> approach to unit testing being painful, I've checked what alternatives >> would we have and how practical would they be. FWIW, I would

Re: [squid-dev] squid master build with alternate openssl fails

On 5/8/20 5:11 PM, Francesco Chemolli wrote: > I rebuild our docker > images once a month to ensure they're fresh with what's in the wild. FWIW, I think montly update frequency is excessive when there is no adequate update validation. I speculate that we are spending more time on faulty build

Re: [squid-dev] squid master build with alternate openssl fails

On 5/8/20 10:12 AM, Christos Tsantilas wrote: > Squid master 699ade2d fails to build with an alternate OpenSsl, when the > "--with-openssl=/path/to/openssl" is used. Francesco, builds with custom OpenSSL paths are not that uncommon, especially among SslBump admins. Would you be able to test that

[squid-dev] RFC: Modernizing sources using clang-tidy

Hello, Squid sources contain a lot of poorly written, obsolete, and inconsistent code that (objectively) complicates development and (unfortunately) increases tensions among developers during review. Some of those problems can be solved using tools that modify sources. Clang-tidy is one such

Re: [squid-dev] RFC: clang-format

On 4/11/20 6:26 PM, Francesco Chemolli wrote: > I have made an attempt at running clang-format on the squid sources, > after applying a configuration which follows as closely as possible > the project's coding guidelines. > > You can find the output of the exercise at >

Re: [squid-dev] removing cache_diff?

On 4/6/20 5:00 PM, Francesco Chemolli wrote: > has anybody used the cache_diff program in the last 10 years? Not me. If you are going to remove it, I recommend asking on squid-users as well and giving folks a week to respond. Thank you, Alex. ___

Re: [squid-dev] RFC: use clang-format?

On 4/4/20 4:54 AM, Francesco Chemolli wrote: >    astyle is a bit of PITA, maybe we can replace it with clang-format? > It seems to me it has more power and flexibility, and its config could > be stored in the source tree itself. I would expect clang-format to be overall better than astyle, but

Re: [squid-dev] RFC: cacheMatchAcl

On 4/04/20 3:34 am, Alex Rousskov wrote: > > On 4/3/20 7:25 AM, Francesco Chemolli wrote: > > > >>   I'm looking at places where to improve things a bit, and I stumbled > >> across cacheMatchAcl . It tries hard to be generic, but it is > only

Re: [squid-dev] RFC: cacheMatchAcl

On 4/3/20 7:25 AM, Francesco Chemolli wrote: >   I'm looking at places where to improve things a bit, and I stumbled > across cacheMatchAcl . It tries hard to be generic, but it is only ever > used in ACLProxyAuth::matchProxyAuth . Would it make sense to just have > a specialised cache for

Re: [squid-dev] squid.conf future

ike Github Pages do it for you automatically. I am not (yet) saying that we should use such a service, but I think we should at least _consider_ it because such services have some serious advantages over the current web site integration approach. Cheers, Alex. > On Wed, Feb 26, 2020 at 8:43

Re: [squid-dev] squid.conf future

On 2/25/20 1:31 AM, Amos Jeffries wrote: > Any suggestions of formats I should look at then? I believe cf.data.pre should use two primary formats, each optimized specifically for the content it is applied to. The secondary details of each format will evolve, but here is where I would start

Re: [squid-dev] squid.conf future

On 2/25/20 1:31 AM, Amos Jeffries wrote: > On 25/02/20 6:11 am, Alex Rousskov wrote: >> On 2/24/20 3:11 AM, Amos Jeffries wrote: >>> For the future I am considering a switch of cf.data.pre to a format like >>> SGML or XML which we can better generate the website cont

Re: [squid-dev] squid.conf future

On 2/24/20 3:11 AM, Amos Jeffries wrote: > While doing some polish to cf_gen tool (PR #558) I am faced with some > large code edits to get that tool any more compliant with our current > guidelines. With that comes the question of whether that more detailed > work is worth doing at all ...

Re: [squid-dev] handling spaces in path to sources

On 2/18/20 4:46 AM, Francesco Chemolli wrote: > TL;DR: it's pointless. Spaces in paths are not safe and do not work. A single failure on MacOS does not prove much, but, AFAICT, we should indeed avoid spending time on supporting spaces in bootstrap.sh because autoconf explicitly prohibits file

Re: [squid-dev] Interested in helping with Squid development

On 1/27/20 2:11 PM, Mike Rumph wrote: > I am interested in helping with Squid development. > I've participated as committer on the Apache HTTP Server project since 2012. > And I have over 20 years experience with C/C++. Hello Mike, Welcome to the Squid Project! Squid does need good C++

Re: [squid-dev] Want to integrate squid github to Jenkins CI

On 1/21/20 11:30 PM, Justin Michael Schwartzbeck wrote: > > So I guess maybe I need to narrow this down a little bit more. Is there > some programmatic way that I can get the *latest stable release* > *version* and *source download link*? If you want GitHub integration, then you should get all

Re: [squid-dev] Efficient FD annotations

On 1/10/20 2:37 AM, Amos Jeffries wrote: > On 8/01/20 3:39 am, Alex Rousskov wrote: >> On 1/7/20 1:39 AM, Amos Jeffries wrote: >>> On 7/01/20 4:28 am, Alex Rousskov wrote: >>>> For the record: The ideas below are superseded by the concept of the >>>>

Re: [squid-dev] Timeouts for abandoned negative reviews

On 1/10/20 1:59 AM, Amos Jeffries wrote: > On 9/01/20 11:20 am, Alex Rousskov wrote: >> Squid GitHub pull requests have the following problem: A core >> developer can stall PR progress by submitting a negative review and then >> ignoring the PR (despite others reminding t

[squid-dev] Timeouts for abandoned negative reviews

Hello, Squid GitHub pull requests have the following problem: A core developer can stall PR progress by submitting a negative review and then ignoring the PR (despite others reminding them that the reviewer action is required). Such stalled PRs cannot be merged because our policies strictly

Re: [squid-dev] Efficient FD annotations

On 1/7/20 1:39 AM, Amos Jeffries wrote: > On 7/01/20 4:28 am, Alex Rousskov wrote: >> For the record: The ideas below are superseded by the concept of the >> code context introduced in commit ccfbe8f, including the >> fde::codeContext field. --Alex > If you want to go th

Re: [squid-dev] Efficient FD annotations

For the record: The ideas below are superseded by the concept of the code context introduced in commit ccfbe8f, including the fde::codeContext field. --Alex On 2/22/19 12:08 PM, Alex Rousskov wrote: > In https://github.com/squid-cache/squid/pull/270#discussion_r259316609 > > >>

Re: [squid-dev] Squid-5 status update and RFI

On 12/30/19 11:22 AM, Amos Jeffries wrote: > On 31/12/19 3:01 am, Alex Rousskov wrote: >> On 12/30/19 4:46 AM, Amos Jeffries wrote: >>> >>> The v5 branch will be bumped to master HEAD >>> commit in a few hours then the documentation update PRs for stage 2

Re: [squid-dev] Squid-5 status update and RFI

they >> complete that review and be merged during the v5 beta series. >> >> >> To get a late-PR exemption from the "no new features" or "no UI changes" >> policy please reply to this message with a brief (one-liner) description >> of the

[squid-dev] PRs ready for merge

Hi Amos, I believe the following two PRs are ready to go in. I added the corresponding comments and labels to these PRs. I did not hear from you since then, and I do not know whether you are OK with these PRs going in or just unaware of my plans to merge them. The latter possibility is the

[squid-dev] Fix handling of tiny invalid responses in v4

Hi Amos, Do you plan to commit the following v5/master fix to v4? If that is your plan, then what is the current ETA and do you need help with porting or testing these changes to/in v4? Thank you, Alex. >

[squid-dev] Efficient FD annotations

In https://github.com/squid-cache/squid/pull/270#discussion_r259316609 > In src/comm.cc: > >> @@ -424,7 +424,7 @@ comm_init_opened(const Comm::ConnectionPointer , > debugs(5, 5, HERE << conn << " is a new socket"); > > assert(!isOpen(conn->fd)); > -fd_open(conn->fd, FD_SOCKET,

Re: [squid-dev] Securtiy_file_gen in a server format development

eeds a little? Perhaps give a couple of specific usage examples that are poorly addressed by current access.log information _and_ should not be addressed by adding more access.log fields. Thank you, Alex. > -Original Message- > From: squid-dev On Behalf Of Alex > Rousskov >

Re: [squid-dev] PVS Studio

On 1/15/19 5:03 AM, Francesco Chemolli wrote: >> On Jan 14, 2019, at 19:11, Alex Rousskov wrote: >> On 1/14/19 3:20 PM, Francesco Chemolli wrote: >>> the team behind PVS studio (static code analysis tool) has decided >>> to support FOSS projects for free (beer). >

Re: [squid-dev] PVS Studio

On 1/14/19 3:20 PM, Francesco Chemolli wrote: > Hi all, > the team behind PVS studio (static code analysis tool) has decided > to support FOSS projects for free (beer). > > https://hownot2code.com/2019/01/14/free-pvs-studio-for-those-who-develops-open-source-projects/ > Unless there are any

Re: [squid-dev] [RFC] Do we want paranoid_hit_validation?

On 1/8/19 1:50 AM, Amos Jeffries wrote: > On 8/01/19 4:58 pm, Alex Rousskov wrote: >> This particular validation does not require checksums or other expensive >> computations. It does not require disk I/O. The code simply traverses >> the chain of disk slot metadata for t

[squid-dev] [RFC] Do we want paranoid_hit_validation?

Hello, Squid has a few bugs that may result in rock cache corruption. Factory is working on fixing those bugs. During that work, we have added support for validating rock disk cache entry metadata at the time of a cache hit. This particular validation does not require checksums or other

Re: [squid-dev] Securtiy_file_gen in a server format development

On 12/29/18 11:45 PM, Eliezer Croitoru wrote: > From what I understood until now it seems that the current ssl_db > directory structure is simple enough that it might be possible to share > it across a NFS store. I would expect NFS store to work in environments that support file locking over

Re: [squid-dev] SSL: https_port cert option

On 12/24/18 5:38 AM, Meridoff wrote: > Hello, I need to use my company's certificate as signing certificate in > 'cert' argument of http_port/https_port options. Since you have mentioned http_port (above) and "generated certificates" (lower), I assume you are using SslBump. Is your signing

Re: [squid-dev] Incremental parsing of chunked quoted extensions

On 10/04/2018 12:30 PM, Eduard Bagdasaryan wrote: > Hello all, > > There is a bug in Squid during incremental parsing of quoted chunked > extensions, resulting in unexpected throwing in > One::Parser::skipLineTerminator(). The underlying problem comes from > the fact that

Re: [squid-dev] modify source code and change the name from "squid" to other name

different criteria and/or more free time. > isn’t it an open source code ? Yes, it is. There is virtually no connection between Squid license and others' desire to help you though. Being open source does not imply free help with every problem! Alex. >> On 1 Oct 2018, at 23:16, A

Re: [squid-dev] modify source code and change the name from "squid" to other name

On 10/01/2018 12:28 PM, --Ahmad-- wrote: > i want to change everything in squid config files and rename it to ahmad. > > so i want change eveverythingeytng in folders , files  from squid  to —> > stinger  and have stinger conf files and run instance as stinger instead > of squid . What are you

Re: [squid-dev] Anubis documentation

uid-dev/2018-April/009387.html Alex. > On Tue, 25 Sep 2018 at 17:46, Alex Rousskov wrote: > > On 09/25/2018 09:46 AM, Francesco Chemolli wrote: > > >   recent discussions on github led me to understand that information > > on Anubis' interfaces is in peop

Re: [squid-dev] Anubis documentation

On 09/25/2018 09:46 AM, Francesco Chemolli wrote: > recent discussions on github led me to understand that information > on Anubis' interfaces is in peoples' heads and not on a bit of paper. > Would it be possible to write a brief wiki page with some info about > what is the FSM driving it and

Re: [squid-dev] 206 Partial Content Caching

On 09/14/2018 02:07 AM, Benson Kwok wrote: > I agree adding additional functionality to merge smaller range objects > into larger ones is a better approach. Please note that I have not requested that (or any other) optional functionality. There is nothing wrong per se with providing partial

Re: [squid-dev] 206 Partial Content Caching

On 09/13/2018 05:23 AM, Benson Kwok wrote: > I have successfully implemented caching of 206 Partial Content as a > project at my job and want to know if you guys are interested in pulling > it into main branch. Yes, of course! If you are willing to make the changes necessary for the official

Re: [squid-dev] TLS proxy-server connection optimization

On 07/31/2018 05:00 PM, Vishali Somaskanthan wrote: > If I peek @step1 and splice@ step2 -> The connections are **not** pinned > as such. However, Client-squid SSL+TCP termination results in > squid-server SSL+TCP termination. Why does Squid close the (not pinned) Squid-to-server connection in

Re: [squid-dev] StoeiD and ICAP services callouts, when it happens?

> store_id_extras "%adapt:: "... -" Sounds like a Squid bug to me. Alex. > -----Original Message- > From: Alex Rousskov [mailto:rouss...@measurement-factory.com] > Sent: Thursday, July 12, 2018 11:10 PM > To: squid-dev@lists.squid-cache.org > Cc: El

Re: [squid-dev] StoeiD and ICAP services callouts, when it happens?

equest header field to the adapted HTTP request. You can check what headers Squid has for %>ha by specifying %>ha without any parameters. > I have now tried to understand what and how I should use the: > %adapt:: -Original Message- > From: Alex Rousskov [mailto:rouss...@me

Re: [squid-dev] StoeiD and ICAP services callouts, when it happens?

On 07/12/2018 03:16 AM, Eliezer Croitoru wrote: > is it possible to pass an ICAP response header into the store_id_extras? Yes, %adapt::https://wiki.squid-cache.org/SquidFaq/OrderIsImportant#Callout_Sequence Alex. ___ squid-dev mailing list

Re: [squid-dev] Terminating ICAP requests for aborted HTTP requests

On 07/11/2018 10:16 AM, Amos Jeffries wrote: > On 12/07/18 03:46, Alex Rousskov wrote: >> Using last-chunk for aborted body termination is a bug. If Squid >> terminates the body, it should not use the standard last-chunk. Like you >> suggested below, Squid should either (half-

Re: [squid-dev] Terminating ICAP requests for aborted HTTP requests

On 07/11/2018 07:54 AM, Steve Hill wrote: > the HTTP client had made a request which has been forwarded onto > the web server, the web server has started responding, Squid is sending > the response body to the RESPMOD ICAP service and is forwarding the > modified body to the client.  Part way

Re: [squid-dev] Use MAX_URL for first line limitation

On 06/07/2018 04:13 PM, Eduard Bagdasaryan wrote: > in %>ru Squid logs large and small URLs differently. For example, > Squid strips whitespaces from small URLs, while keeping them for > large ones. Is %ru logging consistent with regard to small and large URLs? * If it is, should we use the

Re: [squid-dev] Block users dynamically

On 05/28/2018 12:10 PM, dean wrote: > What I'm doing is > writing to an external file that is used in the configuration, like > Squish does. But it does not block the user, The lack of Squid reaction is expected -- Squid does not monitor configuration files for changes. > When I change the

Re: [squid-dev] [PATCH] ext_edirectory_userip_acl refactoring

On 05/09/2018 05:05 AM, Amos Jeffries wrote: > Proposed changes to this helper to fix strcat / strncat buffer overread > / overflow issues. I have no objections overall. * I am not excited about duplicating Ip::Address pieces, but such duplication cannot be prohibited while we do not allow

[squid-dev] Merge bot: Disabling GitHub voting enforcement

Hello, The merge bot has successfully completed several pull request merges. You can see them in a master: $ git log --committer=squid-anubis upstream/master All of those merges were done while watching Anubis log for signs of problems. We are now comfortable with allowing Anubis to merge

Re: [squid-dev] [squid-users] tcp_outgoing_address and HTTPS

On 03/20/2018 07:55 AM, Amos Jeffries wrote: > 2) It is technically possible to make Squid open a CONNECT tunnel > through an HTTP peer proxy to the origin instead of going there > directly. The only thing preventing this is nobody writing the necessary > code. > > It has been on my (and many

Re: [squid-dev] Introduction

On 02/05/2018 01:19 PM, Danilo V wrote: > Hello, I'm a networking and security analyst who works for the > government in Brazil. > I work especially with free software. I am currently allocated to a > content filter customization project using docker, puppet, squid, > squidguard and sarg. > > I

Re: [squid-dev] Bug 4710 resolution

On 02/28/2018 09:48 PM, Amos Jeffries wrote: > Regarding . > > Is anyone working on a proper fix for this bug yet? FWIW, I am not aware of anybody working on addressing that unconfirmed bug. I only did the initial (and incomplete) triage. >

[squid-dev] Merge bot in final testing stages

Hello, To reduce development overheads while testing every master commit, we are moving towards automated merging of eligible GitHub pull requests. Anubis, a new bot implementing this automation, is going through the final testing stages. You may have already seen a few purple M-... labels

Re: [squid-dev] How ACLs are handled

On 02/22/2018 10:09 PM, Vineet Awasthi wrote: > Can anyone please help me to get the knowledge about squid request > parsing and handling. I mean in which files (.c) ACL settings are parsed > and handled when request http recieved in squid. It may be impossible to briefly answer such a general

Re: [squid-dev] SSL-BUMP distinguish between mobile devices such as IOS or ANDROID vs PC request

On 02/22/2018 11:56 AM, Eliezer Croitoru wrote: > I was wondering about the options to distinguish mobile devices TLS\SSL > requests compared to PC one's. You need ACLs that can match various TLS Client Hello fields (mostly message version, protocol version, and ciphers) and a knowledgebase of

Re: [squid-dev] Squid 3.5 with nonblocking ecap adapter

p -> squid), I wonder why Squid behaves like that and > how I can change or influence that? I would start by validating the working theory that the polling timeout affects available virgin data sizes. Do larger adapter-set resume() timeouts increase available virgin data sizes? Alex. >

Re: [squid-dev] Stuck jenkins jobs

On 11/30/2017 03:12 AM, Kinkie wrote: > I've added the build-timeout plugin to jenkins; it'll abort > pull-request validation jobs that take "several times their usual > completion times". Let's see if it helps unstick the queue. Thank you. Will these automated aborts be logged with the right

Re: [squid-dev] New patches and squid-v4

On 11/17/2017 11:09 AM, Christos Tsantilas wrote: > However in many cases the patches can just merged without any > modification. A new PR in these cases may cause more load. Yes, but, except for really trivial changes (which are fairly rare), the regression tests should still be executed. Our

Re: [squid-dev] New patches and squid-v4

On 11/17/2017 10:06 AM, Christos Tsantilas wrote: > For any mew patch, we are building a git-PR for merging it to > squid-5/master. Should we make a git-PR for squid-4 too (and squid-3.5)? > Or the squid-4 maintainer is responsible to extract the patch from > squid-5 and merge it to squid-4?

Re: [squid-dev] Squid 3.5 with nonblocking ecap adapter

hat design pattern. The overall host-adapter interaction would be very similar to what you find in the sample and ClamAV adapters. Disclaimer: I have not seen anybody using event loops with eCAP. I think it is possible to implement that model, but there may be important caveats that I am not awa

Re: [squid-dev] Perl script help needed

On 11/02/2017 03:01 AM, Amos Jeffries wrote: > I am running into a tricky issue with the maintainer scripts that I'm > not sure how to solve. > > Anyone able to assist? I can try. Alex. ___ squid-dev mailing list squid-dev@lists.squid-cache.org

Re: [squid-dev] how does Squid 3.5 parse https responce

On 02/11/17 15:14, G~D~Lunatic wrote: > I want to know how the squid parse the body of certificate > The operation of this part is in which class or function. If you are asking about modern Squid code doing SslBump, then Security::HandshakeParser::ParseCertificate() calls OpenSSL d2i_X509() to

Re: [squid-dev] Online Translator interface for Squid

On 09/14/2017 12:20 AM, Jeffrey Merkey wrote: >>> I have reviewed the ssl-bump feature >>> -- perfect just what I needed the proxy to do. >> https://wiki.squid-cache.org/Features/DynamicSslCert > Can I just use one certificate, or do I need to enable this dynamic > capability. In most

Re: [squid-dev] High memory usage associated with ssl_bump and broken clients

On 09/11/2017 05:05 AM, Steve Hill wrote: > Connections should have a reasonably short timeout during the TLS > handshake - if a client hasn't completed the handshake and made an HTTP > request over the encrypted connection within a few seconds, something is > broken and Squid should tear down

Re: [squid-dev] OpenSSL 1.1.0f build issues

On 08/28/2017 08:44 AM, Alex Rousskov wrote: > On 08/27/2017 08:50 PM, Amos Jeffries wrote: >> There also seems to be a regression in the last branch merge with the >> 'bio' variable. >> >> ../../../../src/ssl/support.cc:1481:10: error: ‘bio’ was not declared in >&

Re: [squid-dev] OpenSSL 1.1.0f build issues

On 08/27/2017 08:50 PM, Amos Jeffries wrote: > I have a patch in my TLS config branch, if it looks okay with you I will > make a PR to add it separately. > https://github.com/yadij/squid/commit/192c5b931a5b0484246e21fd02310974131d32a6 > + AC_DEFINE_UNQUOTED(const_ASN1_BIT_STRING,

Re: [squid-dev] OpenSSL 1.1.0f build issues

On 08/28/2017 08:44 AM, Alex Rousskov wrote: > On 08/27/2017 08:50 PM, Amos Jeffries wrote: > >> I have a patch in my TLS config branch, if it looks okay with you I will >> make a PR to add it separately. >> https://github.com/yadij/squid/commit/192c5b931a5b0484

[squid-dev] Added states to pull requests

Hello, I noticed that GitHub cannot express several important pull request states. For example, GitHub's "changes requested" PR status means that * the PR author is expected to make changes based on prior reviewer(s) feedback; or * the PR reviewer(s) are expected to verify that all

Re: [squid-dev] [RFC] http(s)_port TLS/SSL config redesign

On 07/19/2017 07:27 PM, Amos Jeffries wrote: > Hi all, Christos and Alex particularly, > > I have been mulling over several ideas for how to improve the config > parameters on the http(s)_port to make them a bit easier for newbies to > get right, and pros to do powerfully cool stuff. > > > So,

[squid-dev] [RFC] Happy Eyeballs: Parallel TCP connection attempts

Hello, Since r15240, Squid forwarding code gets a concurrently growing list of destinations to forward the request to, but it only tries to establish a connection to one destination at a time, going to the next one only if the previous connection attempt has failed. Many admins disable IPv6

Re: [squid-dev] [PATCH] Reuse reserved Negotiate and NTLM helpers after an idle timeout.

On 08/08/2017 09:18 AM, Christos Tsantilas wrote: > Στις 05/08/2017 09:52 πμ, ο Amos Jeffries έγραψε: >> With the proposed changes all an attacker needs to do is peek at the >> KK token from the client then race it to be the first one to deliver >> any token to the originating helper (which can

Re: [squid-dev] [PATCH] Purge cache entries in SMP-aware caches

o match the newly developed understanding of the true/desirable RELEASE_REQUEST flag meaning as the "making private keys permanent" marker. I can suggest specific changes if you prefer, but you should probably be the one driving this. To reduce noise, I suggest keeping RELE

Re: [squid-dev] Git-related wiki updates

quot;your edit was successful" delays and internal server errors that have been reported to NOC before. I have not lost any commits yet so this is just an annoyance. Thank you, Alex. >> On 2 Aug 2017, at 07:49, Alex Rousskov <rouss...@measurement-factory.com> >> wrote: >

[squid-dev] Git-related wiki updates

Hello, FYI, I have started updating developer wiki pages to reflect recent git/GitHub-related changes: * http://wiki.squid-cache.org/MergeProcedure * http://wiki.squid-cache.org/GitHints * http://wiki.squid-cache.org/DeveloperResources We should not compete with many wonderful git

Re: [squid-dev] [RFC] Disable Github issue tracker

@lists.squid-cache.org] On Behalf Of > Kinkie > Sent: Saturday, July 22, 2017 18:16 > To: Alex Rousskov <rouss...@measurement-factory.com> > Cc: Squid Developers <squid-dev@lists.squid-cache.org> > Subject: Re: [squid-dev] [RFC] Disable Github issue tracker > > I

Re: [squid-dev] [RFC] Migrate explicit syslog calls to debugs

On 07/31/2017 03:04 AM, Amos Jeffries wrote: > On 28/07/17 11:12, Alex Rousskov wrote: >> AFAICT[1], "too long" here means "more than 400 characters" in extreme >> cases and "more than 2000 characters" in most environments, so any >> reason

Re: [squid-dev] [PATCH] Reuse reserved Negotiate and NTLM helpers after an idle timeout.

On 07/31/2017 09:24 AM, Amos Jeffries wrote: >>> To do so otherwise would randomly >>> allow replay attacks to succeed Please give a specific example where the proposed changes would allow a new kind of replay attacks to succeed, given a correctly functioning Squid and a correctly functioning

Re: [squid-dev] [RFC] Migrate explicit syslog calls to debugs

On 07/26/2017 11:04 PM, Amos Jeffries wrote: > On 27/07/17 16:06, Alex Rousskov wrote: >> Squid master process uses many explicit syslog() calls like these: >> >>> syslog(LOG_ALERT, "fork failed: %s", xstrerr(xerrno)); >>> syslog(LOG_ALERT, "

[squid-dev] [RFC] Migrate explicit syslog calls to debugs

Hello, Squid master process uses many explicit syslog() calls like these: > syslog(LOG_ALERT, "fork failed: %s", xstrerr(xerrno)); > syslog(LOG_ALERT, "Suspiciously high workers value: %d", > syslog(LOG_NOTICE, "Squid Parent: will start %d kids", (int)TheKids.count()); > syslog(LOG_ALERT,

Re: [squid-dev] Build farm updaes?

On 07/23/2017 10:21 AM, Kinkie wrote: > is it worth investing time in freshening up the current build farm > setup or is preferable to abandon it altogether in favor of a newly > built one? I would be surprised if we should abandon the current build farm as a whole, but perhaps you have some

Re: [squid-dev] [PATCH] Purge cache entries in SMP-aware caches

On 07/13/2017 07:26 AM, Eduard Bagdasaryan wrote: > Hello, > > I am attaching an improved version of the patch posted before. > It is based on v4 r15081. What was fixed: I do not see any high-level problems with this code, and it does not look like others are going to comment on the v4 patch

Re: [squid-dev] [RFC] Disable Github issue tracker

On 07/21/2017 10:15 AM, Amos Jeffries wrote: > Alex would you like to draw up a formal announcement email to go out to > people not on squid-dev about the change having been done? > I'm thinking squid-announce/squid-users and the blog. I can, but I do not recommend announcing anything and

Re: [squid-dev] [RFC] Disable Github issue tracker

s to) critically important Squid-specific information IMO. Cheers, Alex. > -Original Message- > From: Alex Rousskov [mailto:rouss...@measurement-factory.com] > Sent: Friday, July 21, 2017 07:57 > To: Eliezer Croitoru <elie...@ngtech.co.il>; squid-dev@lists.squid-cach

Re: [squid-dev] Bzr to git migration schedule

gt; Mobile: +972-5-28704261 > Email: mailto:elie...@ngtech.co.il > > > > -Original Message- > From: squid-dev [mailto:mailto:squid-dev-boun...@lists.squid-cache.org] On > Behalf Of Amos Jeffries > Sent: Tuesday, July 18, 2017 11:59 > To: mailto:squid-dev@li

Re: [squid-dev] [RFC] Disable Github issue tracker

ch audience? IMHO, we are. Cheers, Alex. > -Original Message- > From: Alex Rousskov [mailto:rouss...@measurement-factory.com] > Sent: Thursday, July 20, 2017 20:35 > To: Eliezer Croitoru <elie...@ngtech.co.il>; squid-dev@lists.squid-cache.org > Subject: Re: [squid-

Re: [squid-dev] Bzr to git migration schedule

On 07/20/2017 01:58 AM, Kinkie wrote: > I believe we are talking about updating the pages that reference bzr > with pages that reference the current repositories and best practices Yes, Kinkie's interpretation is correct. We are not moving the wiki or any wiki pages. We should update a few pages

Re: [squid-dev] [RFC] Disable Github issue tracker

On 07/20/2017 01:25 AM, Eliezer Croitoru wrote: > Can we allow issues access to specific users? AFAIK no. We can restrict certain issue updates (e.g., comment editing) but not issue reading and issue creation. > I believe that the right place to have a "TODO" or similar notes as a github >

Re: [squid-dev] [RFC] Disable Github issue tracker

On 07/19/2017 06:31 AM, Amos Jeffries wrote: > On 19/07/17 16:41, Alex Rousskov wrote: >> On 07/18/2017 09:26 PM, Amos Jeffries wrote: >>> There are maintainer workflow scripts still todo, but before going to >>> the trouble I'm considering whether that wor

Re: [squid-dev] [RFC] Disable Github issue tracker

On 07/18/2017 09:26 PM, Amos Jeffries wrote: > On 19/07/17 09:22, Alex Rousskov wrote: >> With Squid official repository now at Github, a lot more folks will >> be tempted to report bugs and file feature requests there. I propose to >> remove that functionality from

[squid-dev] [RFC] Disable Github issue tracker

Hello, With Squid official repository now at Github, a lot more folks will be tempted to report bugs and file feature requests there. I propose to remove that functionality from the Github interface (for now). Any objections or better ideas? FWIW, I have considered and rejected the idea of

Re: [squid-dev] Bzr to git migration schedule

On 07/18/2017 02:59 AM, Amos Jeffries wrote: > We also need someone to lead the wiki re-writing, most of the > DeveloperResources mentioning the repository and how-to for certain > development activities. Agreed. BTW, I trust it is OK to delete bzr/launchpad-specific instructions when they are

Re: [squid-dev] Bzr to git migration schedule

On 07/15/2017 10:43 PM, Alex Rousskov wrote: > On 07/11/2017 10:20 PM, Alex Rousskov wrote: > >> 2017-07-11: No more new tags in the official bzr repo. >> 2017-07-13: No more new commits(*) in the official bzr repo. >> 2017-07-14: Migration starts. >> 2017

<    1   2   3   4   5   6   7   8   >