Re: [squid-dev] [PATCH] pconn_lifetime

On 10/03/2014 11:57 AM, Amos Jeffries wrote: On 4/10/2014 3:52 a.m., Alex Rousskov wrote: On 10/01/2014 11:24 PM, Amos Jeffries wrote: We already have client_lifetime directive which is documented as doing exactly what this new directive does. (http://www.squid-cache.org/Doc/config

Re: [squid-dev] [PATCH] url_rewrite_timeout directive

On 11/16/2014 04:05 AM, Amos Jeffries wrote: For the record I am still extremely skeptical about the use-case behind this feature. This is a real use case (or we would not be proposing this feature): admins want to control what happens when their helper transactions timeout. Some of us may

Re: [squid-dev] [PATCH] Non-HTTP bypass

On 10/21/2014 11:29 AM, Tsantilas Christos wrote: - Adds on_first_request_error, a new ACL-driven squid.conf directive that can be used to establish a blind TCP tunnel which relays all bytes from/to the intercepted connection to/from the intended destination address. See the sketch above.

Re: [squid-dev] [PATCH] Non-HTTP bypass

On 12/30/2014 06:19 PM, Amos Jeffries wrote: On 31/12/2014 7:30 a.m., Alex Rousskov wrote: On 10/21/2014 11:29 AM, Tsantilas Christos wrote: - Adds on_first_request_error, a new ACL-driven squid.conf directive that can be used to establish a blind TCP tunnel which relays all bytes from

Re: [squid-dev] unsupported protocol classification

[ I am changing the Subject line for this sub-thread because this new discussion is not really relevant to the unsupported protocol bypass feature, even though that bypass feature will be used by those who need to classify unsupported protocols. ] On 12/31/2014 03:33 AM, Marcus Kool wrote: The

Re: [squid-dev] [PATCH] Non-HTTP bypass

On 12/31/2014 03:33 AM, Marcus Kool wrote: On 12/31/2014 05:54 AM, Alex Rousskov wrote: What would help is to decide whether we want to focus on A) multiple conditions for establishing a TCP tunnel; B) multiple ways to handle an unrecognized protocol error; OR C) multiple ways

Re: [squid-dev] unsupported protocol classification

On 12/31/2014 10:39 AM, Marcus Kool wrote: On 12/31/2014 02:23 PM, Alex Rousskov wrote: 2. Writing adaptation hooks to pass tunnel information (using TUNMOD design above) to adaptation services. The primary difficulty here is handling incremental give me more and give them more decisions while

Re: [squid-dev] [PATCH] Non-HTTP bypass

On 01/02/2015 09:16 AM, Marcus Kool wrote: On 12/31/2014 02:31 PM, Alex Rousskov wrote: On 12/31/2014 03:33 AM, Marcus Kool wrote: On 12/31/2014 05:54 AM, Alex Rousskov wrote: What would help is to decide whether we want to focus on A) multiple conditions for establishing a TCP tunnel

Re: [squid-dev] [PATCH] HTTP Response Parser upgrade

On 01/20/2015 06:58 AM, Amos Jeffries wrote: Updated patch attached resolving the issues found by coadvisor in the original. +// HTTP Response status-line parse + +// magic contains major version, still need to find minor +SBuf verMinor; +// NP: we limit to

Re: [squid-dev] Moved PID file management from Coordinator to Master

On 01/14/2015 03:09 AM, Amos Jeffries wrote: On 01/14/2015 11:25 AM, Amos Jeffries wrote: Does the master process get exit status of *all* worker processes and the sub-childs down N levels? It was my understanding that in SMP each worker disker etc is a fork() and the child becomes new

Re: [squid-dev] [PATCH] HTTP Response Parser upgrade

On 01/20/2015 06:58 AM, Amos Jeffries wrote: Updated patch attached resolving the issues found by coadvisor in the original. +size_t +Client::needBufferSpace(const SBuf readBuf, const size_t minSpace) const +{ +size_t space = readBuf.spaceSize(); // available space w/o heroic

Re: [squid-dev] [RFC] Secure ICAP

as we do not have to wait for it. AFAICT, if we use PeerConnector for Secure ICAP, and your NG changes go inside PeerConnector, then we will not be stepping on each other toes too much. Thank you, Alex. On 4/02/2015 9:52 a.m., Alex Rousskov wrote: Hello, We would like to add support

Re: [squid-dev] [PATCH] CompactTrie

On 03/20/2015 09:36 AM, Kinkie wrote: the attached bundle is a patch proposal for CompactTrie, a generic library implementing efficient prefix matching. It is meant to be a more feature-complete replacement for lib/libTrie, and has the machinery to effectively replace splay when doing

Re: [squid-dev] [PATCH] splicing resumed sessions

On 03/20/2015 12:11 PM, Amos Jeffries wrote: On 21/03/2015 4:35 a.m., Alex Rousskov wrote: On 03/20/2015 02:06 AM, Amos Jeffries wrote: On 18/03/2015 6:21 a.m., Tsantilas Christos wrote: This patch adds the ssl_bump_resuming_sessions directive that controls SslBump behavior when dealing

Re: [squid-dev] [RFC] Squid 4.0 ideas

On 03/07/2015 10:04 PM, Amos Jeffries wrote: Proposal 2) We are developing Squid with an incremental development process. The initial major version number is effectively meaningless in that process. We should move from the major.minor.patch to just a release.patch numbering system. This

Re: [squid-dev] Moved PID file management from Coordinator to Master

On 01/21/2015 05:03 AM, Amos Jeffries wrote: On 22/01/2015 12:57 a.m., Tsantilas Christos wrote: I am posting a new patch. This patch include fixes to follow Squid Coding Style but also have a fix for a small bug: In the previous patches I posted the pid creation done by master process

Re: [squid-dev] [RFC] Squid 4.0 ideas

On 03/10/2015 04:58 AM, Amos Jeffries wrote: On 10/03/2015 5:41 a.m., Alex Rousskov wrote: On 03/07/2015 10:04 PM, Amos Jeffries wrote: Proposal 2) We are developing Squid with an incremental development process. The initial major version number is effectively meaningless in that process

Re: [squid-dev] Death of SSLv3

On 05/07/2015 04:03 AM, Amos Jeffries wrote: Its done. SSLv3 is now a MUST NOT use protocol from RFC 7525 It's time for us to start ripping out from trunk all features and hacks supporting its use. No, it is not time yet. Too many folks still use SSL and cannot switch to TLS just because a

Re: [squid-dev] [RFC] removal of SSL version options

On 04/15/2015 06:17 AM, Amos Jeffries wrote: Squid currently has several version options to set the SSL/TLS protocol version. http(s)_port ... version= cache_peer ... sslversion sslproxy_version ... However, 1) the option configures version X-only. Which does not follow with

Re: [squid-dev] [RFC] removal of SSL version options

On 04/16/2015 12:45 AM, Amos Jeffries wrote: On 16/04/2015 5:35 p.m., Alex Rousskov wrote: On 04/15/2015 06:17 AM, Amos Jeffries wrote: Squid currently has several version options to set the SSL/TLS protocol version. http(s)_port ... version= cache_peer ... sslversion

Re: [squid-dev] [PATCH] splicing resumed sessions

On 04/08/2015 07:13 PM, Amos Jeffries wrote: On 4/04/2015 9:17 a.m., Alex Rousskov wrote: On 03/27/2015 05:58 AM, Amos Jeffries wrote: Indeed. Its the hostname vs SNI case we can check and SHOULD do so. The raw-IP ones we can skip the check. Some nasties will still get passed, but less than

Re: [squid-dev] [PATCH] splicing resumed sessions

On 04/09/2015 07:13 AM, Amos Jeffries wrote: So for now this patch is okay, but we/you should already be thinking about how to auto-translate NPN from clients into ALPN to servers. Please keep in mind that it is not possible to translate something and still splice a new SSL session (the

Re: [squid-dev] [PATCH] Do not blindly forward cache peer CONNECT responses

On 06/19/2015 06:46 PM, Amos Jeffries wrote: On 20/06/2015 4:54 a.m., Alex Rousskov wrote: Hello, The attached trunk patch fixes a rare but nasty problem by removing a very old hack which shielded Squid from parsing most CONNECT responses. Currently, Squid blindly forwards cache peer

Re: [squid-dev] [PATCH] Temporary fix to restore compatibility with Amazon

On 06/25/2015 08:13 AM, Amos Jeffries wrote: Which is why I want to go the route of HTTP/0.9 handling. Its clear when products encounter it and cause themselves problems. Sigh. You are repeating essentially the same argument as before. Any let's create problems for something that appears to

Re: [squid-dev] [PATCH] Temporary fix to restore compatibility with Amazon

if (and only if) relaxed_header_parser is on, and also to warn about those characters when relaxed_header_parser is warn. HTH, Alex. On Wed, Jun 24, 2015 at 10:12 PM, Alex Rousskov rouss...@measurement-factory.com wrote: On 06/24/2015 05:26 AM, Amos Jeffries wrote: On 24/06/2015 5:55 p.m

Re: [squid-dev] Injecting custom JavaScript

On 06/18/2015 06:11 AM, Amos Jeffries wrote: On 18/06/2015 11:42 p.m., James Hunter wrote: I've been looking to inject special JavaScript code into every HTML page my squid proxy receives via HTTPS connections, this is for an application where the users will be fully aware of the injection.

[squid-dev] [PATCH] Do not blindly forward cache peer CONNECT responses

Hello, The attached trunk patch fixes a rare but nasty problem by removing a very old hack which shielded Squid from parsing most CONNECT responses. Currently, Squid blindly forwards cache peer CONNECT responses to clients when possible. This may break things if the peer responds with

Re: [squid-dev] [PATCH] Segfault when freeing https_port clientca on reconfigure or exit

On 06/18/2015 07:25 PM, Amos Jeffries wrote: On 12/06/2015 4:56 p.m., Alex Rousskov wrote: Fixed segmentation fault when freeing https_port clientca on reconfigure or exit. AnyP::PortCfg::clientCA list was double-freed, because the SSL context takes ownership of the STACK_OF(X509_NAME

Re: [squid-dev] Injecting custom JavaScript

On 06/18/2015 06:41 AM, James Hunter wrote: I will investigate the ICAP and eCAP facilities if I can't get direct access to the data from within the code. If you are creating a temporary hack, look for places where Squid passes data to the adaptation layer, such as calls to

Re: [squid-dev] [PATCH] Temporary fix to restore compatibility with Amazon

On 06/26/2015 06:44 AM, Amos Jeffries wrote: On 26/06/2015 7:55 a.m., Alex Rousskov wrote: Tokenizer cannot handle URIs with whitespaces directly, like your patch attempts to do: Tokenizer alone cannot handle ambiguous grammars. To handle such URIs well, you have two options IMO: A. The old

Re: [squid-dev] [PATCH] Temporary fix to restore compatibility with Amazon

On 06/24/2015 05:26 AM, Amos Jeffries wrote: On 24/06/2015 5:55 p.m., Alex Rousskov wrote: This temporary trunk fix adds support for request URIs containing '|' characters. Such URIs are used by popular Amazon product (and probably other) sites: /images/I/ID1._RC|ID2.js,ID3.js,ID4.js_.js

Re: [squid-dev] [RFC] TLS peek by default

On 06/05/2015 04:47 PM, Amos Jeffries wrote: Along these lines, I am wondering why we need to have ssl_bump peek checked for in relation to client peeking. Can we make Squid simply do that first 'peek' step always for all potential HTTPS connections ? IIRC, the reasons we did not want to

Re: [squid-dev] [PATCH] Bug3329

On 05/25/2015 05:37 AM, Amos Jeffries wrote: On 25/05/2015 10:13 p.m., Tsantilas Christos wrote: I am attaching new squid patches for bug3329. +1 on the conversion of comm_close() to X-close() However please name the noteClsure() as noteClosureXXX() to highlight that this function is

Re: [squid-dev] [PATCH] Crypto-NG: Use Security::PeerOptions for listening port TLS settings

On 06/30/2015 10:12 PM, Amos Jeffries wrote: On 1/07/2015 10:11 a.m., Alex Rousskov wrote: On 06/30/2015 09:27 AM, Amos Jeffries wrote: * Change the tls_outgoing_options default value from disable which did not parse previously (now does). To setting TLS/1.0 minimum version with SSLv3

Re: [squid-dev] [PATCH] Reject responses with conflicting Content-Length

On 08/11/2015 11:49 PM, Amos Jeffries wrote: Which one of these malformations is not malign ? * non-numeric Content-Length * negative value Content-Length * Content-Length with also Transfer-Encoding header * multiple different-value Content-Length * Content-Length on 204 response

Re: [squid-dev] [PATCH] suffix parsing and skipping

On 08/07/2015 11:08 PM, Amos Jeffries wrote: +1. Looks great. Thank you. Committed to trunk (r14222). Alex. ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev

Re: [squid-dev] [PATCH] PayloadFormatter (was PackableStream)

On 08/12/2015 06:28 AM, Amos Jeffries wrote: On 12/08/2015 5:07 a.m., Alex Rousskov wrote: On 08/10/2015 08:20 AM, Amos Jeffries wrote: Here is mk2 of the Formatter class for doing display things to CacheMgr report payloads. Please post the patch (your post had no attachments), preferably

[squid-dev] [PATCH] Mark aborted RESPMOD bodies as truncated

Hello, When an adaptation service aborts a transaction (for whatever reason), the attached patch marks the body produced by that service as truncated. Without these changes, the recipient of the truncated body (e.g., HTTP client) often cannot tell that the body was actually truncated. This

Re: [squid-dev] [PATCH] PayloadFormatter (was PackableStream)

On 08/15/2015 12:20 AM, Amos Jeffries wrote: I dont like payload particularly either in this case. But page is wrong. Page is what the remote end display tool will be generating. *IF* a page exists at all. There are many kinds of payloads. There are many kinds of pages. There are many kinds

Re: [squid-dev] More woes with ubuntu-precise

On 08/18/2015 02:11 AM, Amos Jeffries wrote: The admin need that keeps being put forward is stability. With the meaning of non-changing.. As in; nobody touches the Squid code from now until 2020 or so. Personally, I have not heard anything like that from any admin. The requirements I have

Re: [squid-dev] [PATCH] PayloadFormatter (was PackableStream)

On 08/19/2015 09:47 AM, Amos Jeffries wrote: On 19/08/2015 4:50 p.m., Alex Rousskov wrote: On 08/15/2015 12:20 AM, Amos Jeffries wrote: For now this class is specifically and intentionally dumping out the (old) format for cachemgr.cgi. Other third-party tools are considered only so far

Re: [squid-dev] [RFC] Wiki sections redesign

On 08/20/2015 10:52 PM, Amos Jeffries wrote: One thing that is standing out is that placing wishlist designs under Features/ was a bad idea. It makes it very hard to identify those wishlist entries from actually available, in-use or has-been features. Each Feature has a Status attribute that

Re: [squid-dev] [PATCH] Coverity(-inspired) fixes part four, HttpHeader refactor

On 08/21/2015 04:37 AM, Kinkie wrote: the attached patch does: ... a long list of mostly unrelated changes ... Sigh. Some of the patch changes are not necessary at all. Some are useful. Some should be redone to minimize conflicts. Some are performance optimizations that should be considered

Re: [squid-dev] [PATCH] renaming StoreEntryStream to PackableStream

On 08/21/2015 04:38 AM, Amos Jeffries wrote: So PackableStream is really just a rename of StoreEntryStream BUT with some implicit new properties from the underlying type change: * lack of Store.h dependency * ability to stream into a MemBuf if its creator desires that This patch

Re: [squid-dev] [PATCH] Coverity(-inspired) fixes part four, HttpHeader refactor

-aborted-resp-bodies-t6-1.patch: red flags: 0 coverity-fixes-4-v2.patch: red flags: 6 HTH, Alex. On Fri, Aug 21, 2015 at 6:46 PM, Alex Rousskov rouss...@measurement-factory.com mailto:rouss...@measurement-factory.com wrote: On 08/21/2015 04:37 AM, Kinkie wrote: I changed that only

Re: [squid-dev] find-bad-changes.pl

On 08/22/2015 02:03 AM, Amos Jeffries wrote: I still believe we need to do these as flag-day in trunk just before branching a new version. Just keep in mind that doing so in just one recent branch (no matter what you call it or when you do it) maximizes the overhead. Doing it in all recent

Re: [squid-dev] [PATCH] Non-zeroing mempools

On 08/19/2015 11:11 PM, Amos Jeffries wrote: * when adding a new constructor ensure the big-5 operators (ctor, dtor, assign, emplace, emplace-assign) are all present. Even if they use = default IMO, the above rule is wrong because it forces developers to add absolutely unnecessary code in

Re: [squid-dev] [PATCH] Coverity(-inspired) fixes part four, HttpHeader refactor

On 08/21/2015 11:31 AM, Kinkie wrote: On Fri, Aug 21, 2015 at 6:39 PM, Alex Rousskov wrote: On 08/21/2015 04:37 AM, Kinkie wrote: the attached patch does: ... a long list of mostly unrelated changes ... Sigh. Some of the patch changes are not necessary at all. Some

Re: [squid-dev] [PATCH] Non-zeroing mempools

On 08/23/2015 04:22 PM, Kinkie wrote: Omitting emplace and implementing the others as protected for completeness' sake. Why protected? * Making default constructor protected is the same as keeping it public because the class is abstract (nobody can create a StoreMeta object).

Re: [squid-dev] Script to remove HERE

On 08/23/2015 04:16 PM, Kinkie wrote: the attached script seems to do the job just fine. Try running bzr grep HERE after applying the script. I think you will see why it does not remove some HERE. Alex. ___ squid-dev mailing list

Re: [squid-dev] [PATCH] mempools-nozero part 3: wordlist

On 08/24/2015 09:30 AM, Kinkie wrote: the one case in the whole codebase where a wordlist element was legitimately deleted. This is not true. wordlistDestroy() deletes a wordlist object/element as well. You could (should?) have reimplemented wordlistDestroy() using the newly added

Re: [squid-dev] [PATCH] Coverity-fixes, part 1: EnumIterator

On 08/24/2015 12:08 PM, Amos Jeffries wrote: On 25/08/2015 4:49 a.m., Kinkie wrote: + * behavior is undefined if the iterator + * is incremented (or decremented) outside the range representing valid + * enum symbols I hope that behavior is well defined: For many enums/iterators, iterators

Re: [squid-dev] [PATCH] coverity-fixes, part 2: SBuf hasher

On 08/24/2015 11:13 AM, Kinkie wrote: this is part 2 of the coverity-fixes merge: SBuf hash. This code allows to have std::unordered_maps where the key is a SBuf, in case-sensitive and case-insensitive variants. The hashing is the same as used in the current Squid hash implementation (from

Re: [squid-dev] [PATCH] Coverity-fixes, part 1: EnumIterator

On 08/24/2015 01:09 PM, Kinkie wrote: I can try to look for one but it'd be completely unrelated to the main objective of the patch. It is related to being able to review whether the patch objective is worth changing Squid for, and whether the patch achieves its objective. We can post dozens

Re: [squid-dev] [PATCH] PayloadFormatter (was PackableStream)

On 08/20/2015 07:13 AM, Amos Jeffries wrote: This part of the email thread was discussing whether the existence of admin scripts (rather than various imprecise syntax rules or cachemgr.cgi code) should be the primary factor in our decision making. How is the above information relevant to that

Re: [squid-dev] Developing customized Cache Selection algorithm from Round Robin, Least Load

On 08/19/2015 05:03 AM, Du, Hongfei wrote: We are in an attempt to extend Squid Cache selection algorithm to develop a solution for controlled storage of subscriber’s content in Squid Caches, and thereafter apply access rule on these contents, a few questions to start with: ·As we

Re: [squid-dev] [PATCH] remove old GnuRegex third-party code

On 07/28/2015 06:51 AM, Amos Jeffries wrote: The attached patch replaces all Squid code uses of regex.h C API with std::regex C++ API and drops the libregex related detections from ./configure * In the present day all systems using C++11 provide a std::regex API from the STL. This means

Re: [squid-dev] [RFC] Refactor HttpHeader

On 07/30/2015 01:44 AM, Kinkie wrote: headerDescription: a std::vector keyed by header ID containing header type HeaderDescriptions (plural) then. template typename EnumType typedef struct LookupTableRecord { const char *name; EnumType id; } Please avoid struct whenever possible.

Re: [squid-dev] [WTF] HttpHeader strangenesses

On 08/10/2015 08:47 PM, Amos Jeffries wrote: On 11/08/2015 11:10 a.m., Alex Rousskov wrote: On 08/10/2015 02:13 PM, Kinkie wrote: I'm going over HttpHeader to see if there's any possible improvements to be obtained by dragging it (kicking and screaming, from the look of it) into the 10's

Re: [squid-dev] [PATCH] Ignore impossible SSL bumping actions, as intended and documented / bug 4237 fix

On 08/11/2015 10:40 AM, Amos Jeffries wrote: On 11/08/2015 11:24 p.m., Tsantilas Christos wrote: On 08/11/2015 07:30 AM, Amos Jeffries wrote: What about the other documented actions: * reconnect at step 1 2 The reconnect is not yet implemented. Gah. So for the last year-ish it has been

Re: [squid-dev] [PATCH] PayloadFormatter (was PackableStream)

On 08/10/2015 08:20 AM, Amos Jeffries wrote: Here is mk2 of the Formatter class for doing display things to CacheMgr report payloads. Please post the patch (your post had no attachments), preferably reflecting the discussion that happened since then. Thank you, Alex.

Re: [squid-dev] [RFC][CODE] RAII profiler

On 08/10/2015 04:52 PM, Kinkie wrote: Hi, the attached patch implements a profiler API fashioned after the RAII pattern. It does nothing to attack the c API or the implementation, just adds on top of it a Profiler class to save the caller the hassle of having to track all exit paths from a

Re: [squid-dev] [PATCH] Reject responses with conflicting Content-Length

On 08/10/2015 11:30 PM, Amos Jeffries wrote: There is exactly 2 cases of benign malformation: ... All other malformations are *malign*. This is your opinion, not a fact. IMO, being benign cannot be defined by an RFC because that classification depends on real-world circumstances, not just

[squid-dev] [PATCH] Reject responses with conflicting Content-Length

Hello, Squid trusts and forwards the largest Content-Length header. This behavior violates an RFC 7230 MUST in Section 3.3.3 item #4. It also confuses some ICAP services and probably some HTTP clients. With the proposed changes, Squid refuses to forward the message to the ICAP service and

Re: [squid-dev] [CODE] iterating over enums

On 08/13/2015 03:20 AM, Kinkie wrote: On Wed, Aug 12, 2015 at 9:11 PM, Alex Rousskov wrote: template typename Enum EnumRangeTEnum EnumRange(Enum begin, Enum end) { return EnumRangeTEnum(begin, end); } Done. * Typical use: * for ( auto enumvalue

Re: [squid-dev] [CODE] iterating over enums

On 08/13/2015 03:20 AM, Kinkie wrote: On Wed, Aug 12, 2015 at 9:11 PM, Alex Rousskov wrote: I would encourage you to show actual Squid usage examples (besides artificial test cases), either in the patch itself or in the patch cover email. ./src/HttpHdrCc.cc:HttpHdrCcType

Re: [squid-dev] More woes with ubuntu-precise

On 08/13/2015 10:52 PM, Amos Jeffries wrote: On 14/08/2015 10:18 a.m., Alex Rousskov wrote: On 08/13/2015 09:29 AM, Kinkie wrote: EnumIterator has brought out one more issue with ubuntu-precise: since it carries gcc-4.6, it doesn't support std::underlying_typeenum. The options

Re: [squid-dev] [PATCH] PackableStream for cachemgr reports

On 08/09/2015 01:47 AM, Amos Jeffries wrote: However the char(int_type) type constructor is necessary because this is the fundamental int_type being passed in. All the available *_castchar() operators are built to convert a 32-bit int_type value into an array of 4 bytes before dealing with the

Re: [squid-dev] [PATCH] PackableStream for cachemgr reports

On 08/09/2015 09:39 PM, Amos Jeffries wrote: Primarily that we can do the formatting cleanup without adding a circular dependency between libbase and libmem in the current code situation. This answer to my Why do the same change twice? question does not compute/correlate for me. I do not

Re: [squid-dev] [PATCH] PackableStream for cachemgr reports

On 08/09/2015 01:47 AM, Amos Jeffries wrote: On 9/08/2015 1:14 p.m., Alex Rousskov wrote: On 08/08/2015 02:03 AM, Amos Jeffries wrote: * convert old Action classes to new API * refactor old C-code report generators to be Action classes - fixing display output syntax to minimal YAML as we go

Re: [squid-dev] [PATCH] Ignore impossible SSL bumping actions, as intended and documented / bug 4237 fix

On 08/11/2015 10:40 AM, Amos Jeffries wrote: On 11/08/2015 11:24 p.m., Tsantilas Christos wrote: The reconnect is not yet implemented. Gah. So for the last year-ish it has been published in wiki SslPeekAndSplice page as an available config option. But is actually nothing more than an

Re: [squid-dev] [CODE] iterating over enums

On 08/12/2015 09:36 AM, Kinkie wrote: So I went ahead and just implemented it, starting from your observations. It's a bit more complex that your proposal, as I took the chance to implement bidirectional forward and reverse iterators. The attached patch is in changeset 14235 of

Re: [squid-dev] [PATCH] PackableStream for cachemgr reports

On 08/08/2015 02:03 AM, Amos Jeffries wrote: On 8/08/2015 5:04 p.m., Alex Rousskov wrote: On 08/05/2015 10:24 AM, Amos Jeffries wrote: +virtual int_type overflow(int_type aChar = traits_type::eof()) { +virtual int sync() { +virtual std::streamsize xsputn(const char * chars, std

Re: [squid-dev] [CODE] iterating over enums

On 08/05/2015 09:33 AM, Kinkie wrote: I crossed the topic of enumerating over iterations. You mean iterating enum[eration]s :-) We kind-of follow (C-ish)best practices on that, but that got me wondering if we can do better. I came up with a trinket which on its face looks quite elegant to

Re: [squid-dev] [PATCH] suffix parsing and skipping

On 07/23/2015 11:11 AM, Amos Jeffries wrote: Particular since the full fix is a one-liner in consumeTrailing() in place of that comment, and currently affecting no other code that would need auditing. That one-liner being identical to the matching code in consume(): parsed_ +=

Re: [squid-dev] [PATCH] received_encrypted ACL

On 07/23/2015 01:41 PM, Tsantilas Christos wrote: On 07/23/2015 07:21 PM, Alex Rousskov wrote: Furthermore, the values of unsafe srcX enum constants should be increased to actually match the srcUnsafe mask (16 is still smaller than 0x). This is should be OK. The safe flags are from

Re: [squid-dev] [PATCH] Fix ICAP transactions that read a lot of data

On 07/24/2015 07:46 PM, Amos Jeffries wrote: On 25/07/2015 10:51 a.m., Alex Rousskov wrote: Affected transactions fail with mayReadMore() exceptions because their readBuf.spaceSize() is zero while they need to read more data. Any append,parse,consume;append,parse,consume;... user of SBuf

Re: [squid-dev] [PATCH] chop() should always clear empty buffers

On 07/24/2015 05:15 PM, Amos Jeffries wrote: On 25/07/2015 10:35 a.m., Alex Rousskov wrote: The old chop() code was trying to make the clearance decision ASAP, without normalizing parameters first and missed most clearance cases as the result. +1. Please apply ASAP. Committed to trunk

Re: [squid-dev] [PATCH] received_encrypted ACL

On 07/24/2015 05:26 AM, Amos Jeffries wrote: I think you still misunderstand the OppSec RFC meanings. Ditto. Since SSL support first went into Squid back in 1998 we have allowed cache_peer to connect to a remote https_port and sent http:// traffic over it. Using the above as a sub-case of

Re: [squid-dev] [PATCH] suffix parsing and skipping

On 07/23/2015 09:08 AM, Amos Jeffries wrote: On 24/07/2015 1:55 a.m., Alex Rousskov wrote: On 07/23/2015 01:46 AM, Kinkie wrote: the only thing I don't understand is the XXX in parsedSize(); it's not clear why the comment, ... as soon as that's improved, +1. Why?! This is not something

Re: [squid-dev] [PATCH] received_encrypted ACL

On 07/23/2015 07:41 AM, Amos Jeffries wrote: On 23/07/2015 3:32 a.m., Alex Rousskov wrote: On 07/21/2015 04:25 AM, Amos Jeffries wrote: On 21/07/2015 9:42 a.m., Alex Rousskov wrote: adaptation_access icapS aclIcap adaptation_access icapN !aclIcap aclIcap can be a received_encrypted ACL

Re: [squid-dev] [PATCH] Temporary fix to restore compatibility with Amazon

+LfDelim.add(' '); // IIS +LfDelim.add('\'); // Bing +LfDelim.add('\\'); // MSIE, Firefox +LfDelim.add('|'); // Amazon On 06/26/2015 09:40 AM, Alex Rousskov wrote: In your patch, please add support for all URI characters that we can support

[squid-dev] checklist-conn assertion in DestinationIp.cc

Hello, Intercepting Squids sometimes fail with the following assertion in ACLDestinationIP::match(): // Bug 3243: CVE 2009-0801 // Bypass of browser same-origin access control in intercepted communication // To resolve this we will force DIRECT and only to the original

Re: [squid-dev] checklist-conn assertion in DestinationIp.cc

On 07/17/2015 11:31 PM, Amos Jeffries wrote: On 18/07/2015 6:09 a.m., Alex Rousskov wrote: Intercepting Squids sometimes fail with the following assertion in ACLDestinationIP::match(): if (Config.onoff.client_dst_passthru ... intercepted ...) { assert(checklist-conn

Re: [squid-dev] [PATCH] received_encrypted ACL

On 07/19/2015 05:35 AM, Amos Jeffries wrote: On 18/07/2015 7:08 a.m., Alex Rousskov wrote: On 07/17/2015 11:48 AM, Amos Jeffries wrote: On 18/07/2015 3:13 a.m., Tsantilas Christos wrote: This patch adds received_encrypted ACL The new received_encrypted ACL matches transactions where all HTTP

Re: [squid-dev] [PATCH] %

On 10/21/2015 03:14 AM, Amos Jeffries wrote: > On 21/10/2015 4:42 p.m., Alex Rousskov wrote: >> Hello, >> >> Connection stats, including %<lp, were missing for persistent >> connections. >> >> The code reusing a pconn was missing a hier.no

Re: [squid-dev] Peek and splice

On 10/27/2015 04:05 AM, manojmaybe wrote: > I use squid 3.5.10 as transparent proxy mode . I used peek and splice mode, i > try to peek at step1 (SslBump1) and server name is available in SNI go for > further, also peeked at step2 (SslBump2) for whether we doesn't get server > name , if server

[squid-dev] [PATCH] No reconfiguration during shutdown

Hello, To avoid crashes, prohibit pointless reconfiguration during shutdown. Also consolidated and polished signal action handling code: 1. For any executed action X, clear do_X at the beginning of action X code because once we start X, we should accept/queue more X requests (or

Re: [squid-dev] [PATCH] Parser-NG conversion of ICAP pt2

On 08/23/2015 02:40 PM, Amos Jeffries wrote: > It turns out that ICAP implements has three distinct protocol parsers. > > I begin the ICAP parser conversion to the Parser-NG model with > ModXact::parseHeaders() - which was conflating both ICAP and HTTP, and > the HTTP directional parsers. > > >

Re: [squid-dev] is this really an ICAP 206 response "protocol error", if so what?

On 11/12/2015 05:27 PM, Eliezer Croitoru wrote: > What I have found is an exception in the logs which results in > "ICAP_ERR_OTHER" but I am unable to understand what the issue is. > > The lines from the log are: > 2015/11/13 01:47:22.072 kid1| 0,3| TextException.cc(87) Throw: > ModXact.cc:918:

[squid-dev] [PATCH] ignore build-generated files

Hello, The attached patch tells bzr to ignore most build-generated files. This is very helpful when reorganizing Squid sources and not using out-of-source builds. Most of the new entries were produced by appending "bzr status" output on an otherwise clean tree after a build. I am surprised

Re: [squid-dev] [PATCH] SourceFormat: rename cache_manager.cc to CacheManager.cc

On 11/09/2015 09:41 AM, Kinkie wrote: > One step at a time.. :) Two steps at a time may be better in this case because the first renaming-only step buys us pretty much nothing but porting pain AFAICT. Alex. > On Mon, Nov 9, 2015 at 5:28 PM, Amos Jeffries wrote: >> On

Re: [squid-dev] [PATCH] Polished cache_peer_access docs

On 11/04/2015 08:07 PM, Amos Jeffries wrote: > On 5/11/2015 12:36 p.m., Alex Rousskov wrote: >> Hello, >> >> The attached patch polishes cache_peer_access and related documentation. >> >> It was inspired by an admin complaint that the existing documenta

Re: [squid-dev] [PATCH] No reconfiguration during shutdown

On 10/26/2015 11:24 AM, Amos Jeffries wrote: > On 27/10/2015 5:00 a.m., Alex Rousskov wrote: >> Hello, >> >> To avoid crashes, prohibit pointless reconfiguration during shutdown. >> >> Also consolidated and polished signal action handling code: >> >

Re: [squid-dev] [PATCH] Simpler and more robust request line parser

On 11/03/2015 02:12 AM, Amos Jeffries wrote: >> On 24/07/2015 11:13 a.m., Alex Rousskov wrote: >>> "I am happy to restrict URIs to what older Squids accepted or more. >>> Recent parser changes broke Squid. There is no need to go beyond what we >>> were doi

Re: [squid-dev] [PATCH] squid-3.5: fix for errors when receiving a non-existent file via ftp

On 10/07/2015 12:16 PM, Vitaly Lavrov wrote: > Bug 4279: No response from proxy for FTP-download of non-existing file > > There is no code to handle errors ftp-protocol functions ftpFail(). > The patch forms a response to the client an error similar to loginFailed(). > To handle specific errors,

[squid-dev] [PATCH] %

Hello, Connection stats, including %

Re: [squid-dev] [PATCH] external_acl_type logformat tokens

On 10/03/2015 02:35 AM, Amos Jeffries wrote: > Update the external_acl_type helper interface to use libformat and thus > make any logformat token valid in its format parameter field. > > As a result much of the logic surrounding format code parsing, display > and helper query generation has been

Re: [squid-dev] [PATCH] Simpler and more robust request line parser

On 11/18/2015 02:07 AM, Amos Jeffries wrote: > Since this is getting kind of urgent now I have taken the liberty of > making the CharacterSet changes myself. > > If there are no objections I would like to apply this tomorrow. It is at > least a vast improvement over current trunk as-is. We can

Re: [squid-dev] [PATCH] Coverity-fixes, part 1: EnumIterator

On 08/26/2015 11:04 AM, Kinkie wrote: v2 patch attached. FYI: If you have missed my last email on this thread, it is archived at http://lists.squid-cache.org/pipermail/squid-dev/2015-August/003173.html Alex. ___ squid-dev mailing list

  1   2   3   4   5   6   7   8   >