On 10/03/2014 11:57 AM, Amos Jeffries wrote:
On 4/10/2014 3:52 a.m., Alex Rousskov wrote:
On 10/01/2014 11:24 PM, Amos Jeffries wrote:
We already have client_lifetime directive which is documented
as doing exactly what this new directive does.
(http://www.squid-cache.org/Doc/config
On 11/16/2014 04:05 AM, Amos Jeffries wrote:
For the record I am still extremely skeptical about the use-case
behind this feature.
This is a real use case (or we would not be proposing this feature):
admins want to control what happens when their helper transactions
timeout.
Some of us may
On 10/21/2014 11:29 AM, Tsantilas Christos wrote:
- Adds on_first_request_error, a new ACL-driven squid.conf
directive
that can be used to establish a blind TCP tunnel which relays all bytes
from/to the intercepted connection to/from the intended destination
address. See the sketch above.
On 12/30/2014 06:19 PM, Amos Jeffries wrote:
On 31/12/2014 7:30 a.m., Alex Rousskov wrote:
On 10/21/2014 11:29 AM, Tsantilas Christos wrote:
- Adds on_first_request_error, a new ACL-driven squid.conf
directive that can be used to establish a blind TCP tunnel
which relays all bytes from
[ I am changing the Subject line for this sub-thread because this new
discussion is not really relevant to the unsupported protocol bypass
feature, even though that bypass feature will be used by those who need
to classify unsupported protocols. ]
On 12/31/2014 03:33 AM, Marcus Kool wrote:
The
On 12/31/2014 03:33 AM, Marcus Kool wrote:
On 12/31/2014 05:54 AM, Alex Rousskov wrote:
What would help is to decide whether we want to focus on
A) multiple conditions for establishing a TCP tunnel;
B) multiple ways to handle an unrecognized protocol error; OR
C) multiple ways
On 12/31/2014 10:39 AM, Marcus Kool wrote:
On 12/31/2014 02:23 PM, Alex Rousskov wrote:
2. Writing adaptation hooks to pass tunnel information (using TUNMOD
design above) to adaptation services. The primary difficulty here is
handling incremental give me more and give them more decisions while
On 01/02/2015 09:16 AM, Marcus Kool wrote:
On 12/31/2014 02:31 PM, Alex Rousskov wrote:
On 12/31/2014 03:33 AM, Marcus Kool wrote:
On 12/31/2014 05:54 AM, Alex Rousskov wrote:
What would help is to decide whether we want to focus on
A) multiple conditions for establishing a TCP tunnel
On 01/20/2015 06:58 AM, Amos Jeffries wrote:
Updated patch attached resolving the issues found by coadvisor in the
original.
+// HTTP Response status-line parse
+
+// magic contains major version, still need to find minor
+SBuf verMinor;
+// NP: we limit to
On 01/14/2015 03:09 AM, Amos Jeffries wrote:
On 01/14/2015 11:25 AM, Amos Jeffries wrote:
Does the master process get exit status of *all* worker processes
and the sub-childs down N levels? It was my understanding that in
SMP each worker disker etc is a fork() and the child becomes new
On 01/20/2015 06:58 AM, Amos Jeffries wrote:
Updated patch attached resolving the issues found by coadvisor in the
original.
+size_t
+Client::needBufferSpace(const SBuf readBuf, const size_t minSpace) const
+{
+size_t space = readBuf.spaceSize(); // available space w/o heroic
as we do not have
to wait for it. AFAICT, if we use PeerConnector for Secure ICAP, and
your NG changes go inside PeerConnector, then we will not be stepping on
each other toes too much.
Thank you,
Alex.
On 4/02/2015 9:52 a.m., Alex Rousskov wrote:
Hello,
We would like to add support
On 03/20/2015 09:36 AM, Kinkie wrote:
the attached bundle is a patch proposal for CompactTrie, a generic
library implementing efficient prefix matching.
It is meant to be a more feature-complete replacement for
lib/libTrie, and has the machinery to effectively replace splay when
doing
On 03/20/2015 12:11 PM, Amos Jeffries wrote:
On 21/03/2015 4:35 a.m., Alex Rousskov wrote:
On 03/20/2015 02:06 AM, Amos Jeffries wrote:
On 18/03/2015 6:21 a.m., Tsantilas Christos wrote:
This patch adds the ssl_bump_resuming_sessions directive that controls
SslBump behavior when dealing
On 03/07/2015 10:04 PM, Amos Jeffries wrote:
Proposal 2)
We are developing Squid with an incremental development process. The
initial major version number is effectively meaningless in that process.
We should move from the major.minor.patch to just a release.patch
numbering system.
This
On 01/21/2015 05:03 AM, Amos Jeffries wrote:
On 22/01/2015 12:57 a.m., Tsantilas Christos wrote:
I am posting a new patch.
This patch include fixes to follow Squid Coding Style but also have
a fix for a small bug: In the previous patches I posted the pid
creation done by master process
On 03/10/2015 04:58 AM, Amos Jeffries wrote:
On 10/03/2015 5:41 a.m., Alex Rousskov wrote:
On 03/07/2015 10:04 PM, Amos Jeffries wrote:
Proposal 2)
We are developing Squid with an incremental development process. The
initial major version number is effectively meaningless in that process
On 05/07/2015 04:03 AM, Amos Jeffries wrote:
Its done. SSLv3 is now a MUST NOT use protocol from RFC 7525
It's time for us to start ripping out from trunk all features and hacks
supporting its use.
No, it is not time yet. Too many folks still use SSL and cannot switch
to TLS just because a
On 04/15/2015 06:17 AM, Amos Jeffries wrote:
Squid currently has several version options to set the SSL/TLS
protocol version.
http(s)_port ... version=
cache_peer ... sslversion
sslproxy_version ...
However,
1) the option configures version X-only. Which does not follow with
On 04/16/2015 12:45 AM, Amos Jeffries wrote:
On 16/04/2015 5:35 p.m., Alex Rousskov wrote:
On 04/15/2015 06:17 AM, Amos Jeffries wrote:
Squid currently has several version options to set the SSL/TLS
protocol version.
http(s)_port ... version=
cache_peer ... sslversion
On 04/08/2015 07:13 PM, Amos Jeffries wrote:
On 4/04/2015 9:17 a.m., Alex Rousskov wrote:
On 03/27/2015 05:58 AM, Amos Jeffries wrote:
Indeed. Its the hostname vs SNI case we can check and SHOULD do so. The
raw-IP ones we can skip the check. Some nasties will still get passed,
but less than
On 04/09/2015 07:13 AM, Amos Jeffries wrote:
So for now this patch is okay, but we/you should already be thinking
about how to auto-translate NPN from clients into ALPN to servers.
Please keep in mind that it is not possible to translate something and
still splice a new SSL session (the
On 06/19/2015 06:46 PM, Amos Jeffries wrote:
On 20/06/2015 4:54 a.m., Alex Rousskov wrote:
Hello,
The attached trunk patch fixes a rare but nasty problem by removing
a very old hack which shielded Squid from parsing most CONNECT responses.
Currently, Squid blindly forwards cache peer
On 06/25/2015 08:13 AM, Amos Jeffries wrote:
Which is why I want to go the route of HTTP/0.9 handling. Its
clear when products encounter it and cause themselves problems.
Sigh. You are repeating essentially the same argument as before. Any
let's create problems for something that appears to
if (and only if) relaxed_header_parser is on, and also to warn about
those characters when relaxed_header_parser is warn.
HTH,
Alex.
On Wed, Jun 24, 2015 at 10:12 PM, Alex Rousskov
rouss...@measurement-factory.com wrote:
On 06/24/2015 05:26 AM, Amos Jeffries wrote:
On 24/06/2015 5:55 p.m
On 06/18/2015 06:11 AM, Amos Jeffries wrote:
On 18/06/2015 11:42 p.m., James Hunter wrote:
I've been looking to inject special JavaScript code into every HTML page
my squid proxy receives via HTTPS connections, this is for an
application where the users will be fully aware of the injection.
Hello,
The attached trunk patch fixes a rare but nasty problem by removing
a very old hack which shielded Squid from parsing most CONNECT responses.
Currently, Squid blindly forwards cache peer CONNECT responses to
clients when possible. This may break things if the peer responds with
On 06/18/2015 07:25 PM, Amos Jeffries wrote:
On 12/06/2015 4:56 p.m., Alex Rousskov wrote:
Fixed segmentation fault when freeing https_port clientca on reconfigure
or exit.
AnyP::PortCfg::clientCA list was double-freed, because the SSL context
takes ownership of the STACK_OF(X509_NAME
On 06/18/2015 06:41 AM, James Hunter wrote:
I will investigate the ICAP and eCAP facilities if I can't get direct
access to the data from within the code.
If you are creating a temporary hack, look for places where Squid passes
data to the adaptation layer, such as calls to
On 06/26/2015 06:44 AM, Amos Jeffries wrote:
On 26/06/2015 7:55 a.m., Alex Rousskov wrote:
Tokenizer cannot handle URIs with whitespaces directly, like your patch
attempts to do: Tokenizer alone cannot handle ambiguous grammars. To
handle such URIs well, you have two options IMO:
A. The old
On 06/24/2015 05:26 AM, Amos Jeffries wrote:
On 24/06/2015 5:55 p.m., Alex Rousskov wrote:
This temporary trunk fix adds support for request URIs containing
'|' characters. Such URIs are used by popular Amazon product (and
probably other) sites: /images/I/ID1._RC|ID2.js,ID3.js,ID4.js_.js
On 06/05/2015 04:47 PM, Amos Jeffries wrote:
Along these lines, I am wondering why we need to have ssl_bump peek
checked for in relation to client peeking. Can we make Squid simply do
that first 'peek' step always for all potential HTTPS connections ?
IIRC, the reasons we did not want to
On 05/25/2015 05:37 AM, Amos Jeffries wrote:
On 25/05/2015 10:13 p.m., Tsantilas Christos wrote:
I am attaching new squid patches for bug3329.
+1 on the conversion of comm_close() to X-close()
However please name the noteClsure() as noteClosureXXX() to highlight
that this function is
On 06/30/2015 10:12 PM, Amos Jeffries wrote:
On 1/07/2015 10:11 a.m., Alex Rousskov wrote:
On 06/30/2015 09:27 AM, Amos Jeffries wrote:
* Change the tls_outgoing_options default value from disable which did
not parse previously (now does). To setting TLS/1.0 minimum version with
SSLv3
On 08/11/2015 11:49 PM, Amos Jeffries wrote:
Which one of these malformations is not malign ?
* non-numeric Content-Length
* negative value Content-Length
* Content-Length with also Transfer-Encoding header
* multiple different-value Content-Length
* Content-Length on 204 response
On 08/07/2015 11:08 PM, Amos Jeffries wrote:
+1. Looks great. Thank you.
Committed to trunk (r14222).
Alex.
___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
On 08/12/2015 06:28 AM, Amos Jeffries wrote:
On 12/08/2015 5:07 a.m., Alex Rousskov wrote:
On 08/10/2015 08:20 AM, Amos Jeffries wrote:
Here is mk2 of the Formatter class for doing display things to CacheMgr
report payloads.
Please post the patch (your post had no attachments), preferably
Hello,
When an adaptation service aborts a transaction (for whatever
reason), the attached patch marks the body produced by that service as
truncated.
Without these changes, the recipient of the truncated body (e.g., HTTP
client) often cannot tell that the body was actually truncated. This
On 08/15/2015 12:20 AM, Amos Jeffries wrote:
I dont like payload particularly either in this case. But page is wrong.
Page is what the remote end display tool will be generating. *IF* a
page exists at all.
There are many kinds of payloads. There are many kinds of pages. There
are many kinds
On 08/18/2015 02:11 AM, Amos Jeffries wrote:
The admin need that keeps being put forward is stability. With the
meaning of non-changing.. As in; nobody touches the Squid code from
now until 2020 or so.
Personally, I have not heard anything like that from any admin. The
requirements I have
On 08/19/2015 09:47 AM, Amos Jeffries wrote:
On 19/08/2015 4:50 p.m., Alex Rousskov wrote:
On 08/15/2015 12:20 AM, Amos Jeffries wrote:
For now this class is specifically and intentionally dumping out the
(old) format for cachemgr.cgi. Other third-party tools are considered
only so far
On 08/20/2015 10:52 PM, Amos Jeffries wrote:
One thing that is standing out is that placing wishlist designs under
Features/ was a bad idea. It makes it very hard to identify those
wishlist entries from actually available, in-use or has-been features.
Each Feature has a Status attribute that
On 08/21/2015 04:37 AM, Kinkie wrote:
the attached patch does:
... a long list of mostly unrelated changes ...
Sigh. Some of the patch changes are not necessary at all. Some are
useful. Some should be redone to minimize conflicts. Some are
performance optimizations that should be considered
On 08/21/2015 04:38 AM, Amos Jeffries wrote:
So PackableStream is really just a rename of StoreEntryStream BUT with
some implicit new properties from the underlying type change:
* lack of Store.h dependency
* ability to stream into a MemBuf if its creator desires that
This patch
-aborted-resp-bodies-t6-1.patch: red flags: 0
coverity-fixes-4-v2.patch: red flags: 6
HTH,
Alex.
On Fri, Aug 21, 2015 at 6:46 PM, Alex Rousskov
rouss...@measurement-factory.com
mailto:rouss...@measurement-factory.com wrote:
On 08/21/2015 04:37 AM, Kinkie wrote:
I changed that only
On 08/22/2015 02:03 AM, Amos Jeffries wrote:
I still believe we need to do these as flag-day in trunk just before
branching a new version.
Just keep in mind that doing so in just one recent branch (no matter
what you call it or when you do it) maximizes the overhead. Doing it in
all recent
On 08/19/2015 11:11 PM, Amos Jeffries wrote:
* when adding a new constructor ensure the big-5 operators (ctor, dtor,
assign, emplace, emplace-assign) are all present. Even if they use =
default
IMO, the above rule is wrong because it forces developers to add
absolutely unnecessary code in
On 08/21/2015 11:31 AM, Kinkie wrote:
On Fri, Aug 21, 2015 at 6:39 PM, Alex Rousskov wrote:
On 08/21/2015 04:37 AM, Kinkie wrote:
the attached patch does:
... a long list of mostly unrelated changes ...
Sigh. Some of the patch changes are not necessary at all. Some
On 08/23/2015 04:22 PM, Kinkie wrote:
Omitting emplace and implementing the others as protected for
completeness' sake.
Why protected?
* Making default constructor protected is the same as keeping it public
because the class is abstract (nobody can create a StoreMeta object).
On 08/23/2015 04:16 PM, Kinkie wrote:
the attached script seems to do the job just fine.
Try running bzr grep HERE after applying the script. I think you will
see why it does not remove some HERE.
Alex.
___
squid-dev mailing list
On 08/24/2015 09:30 AM, Kinkie wrote:
the one case in the whole codebase where a wordlist element was
legitimately deleted.
This is not true. wordlistDestroy() deletes a wordlist object/element as
well. You could (should?) have reimplemented wordlistDestroy() using the
newly added
On 08/24/2015 12:08 PM, Amos Jeffries wrote:
On 25/08/2015 4:49 a.m., Kinkie wrote:
+ * behavior is undefined if the iterator
+ * is incremented (or decremented) outside the range representing valid
+ * enum symbols
I hope that behavior is well defined: For many enums/iterators,
iterators
On 08/24/2015 11:13 AM, Kinkie wrote:
this is part 2 of the coverity-fixes merge: SBuf hash.
This code allows to have std::unordered_maps where the key is a SBuf, in
case-sensitive and case-insensitive variants. The hashing is the same as
used in the current Squid hash implementation (from
On 08/24/2015 01:09 PM, Kinkie wrote:
I can try to look for one but it'd be completely unrelated to the main
objective of the patch.
It is related to being able to review whether the patch objective is
worth changing Squid for, and whether the patch achieves its objective.
We can post dozens
On 08/20/2015 07:13 AM, Amos Jeffries wrote:
This part of the email thread was discussing whether the existence of
admin scripts (rather than various imprecise syntax rules or
cachemgr.cgi code) should be the primary factor in our decision making.
How is the above information relevant to that
On 08/19/2015 05:03 AM, Du, Hongfei wrote:
We are in an attempt to extend Squid Cache selection algorithm to
develop a solution for controlled storage of subscriber’s content in
Squid Caches, and thereafter apply access rule on these contents, a few
questions to start with:
·As we
On 07/28/2015 06:51 AM, Amos Jeffries wrote:
The attached patch replaces all Squid code uses of regex.h C API with
std::regex C++ API and drops the libregex related detections from
./configure
* In the present day all systems using C++11 provide a std::regex API
from the STL. This means
On 07/30/2015 01:44 AM, Kinkie wrote:
headerDescription: a std::vector keyed by header ID containing header type
HeaderDescriptions (plural) then.
template typename EnumType
typedef struct LookupTableRecord
{
const char *name;
EnumType id;
}
Please avoid struct whenever possible.
On 08/10/2015 08:47 PM, Amos Jeffries wrote:
On 11/08/2015 11:10 a.m., Alex Rousskov wrote:
On 08/10/2015 02:13 PM, Kinkie wrote:
I'm going over HttpHeader to see if there's any possible improvements to
be obtained by dragging it (kicking and screaming, from the look of it)
into the 10's
On 08/11/2015 10:40 AM, Amos Jeffries wrote:
On 11/08/2015 11:24 p.m., Tsantilas Christos wrote:
On 08/11/2015 07:30 AM, Amos Jeffries wrote:
What about the other documented actions:
* reconnect at step 1 2
The reconnect is not yet implemented.
Gah. So for the last year-ish it has been
On 08/10/2015 08:20 AM, Amos Jeffries wrote:
Here is mk2 of the Formatter class for doing display things to CacheMgr
report payloads.
Please post the patch (your post had no attachments), preferably
reflecting the discussion that happened since then.
Thank you,
Alex.
On 08/10/2015 04:52 PM, Kinkie wrote:
Hi,
the attached patch implements a profiler API fashioned after the RAII
pattern.
It does nothing to attack the c API or the implementation, just adds on
top of it a Profiler class to save the caller the hassle of having to
track all exit paths from a
On 08/10/2015 11:30 PM, Amos Jeffries wrote:
There is exactly 2 cases of benign malformation:
...
All other malformations are *malign*.
This is your opinion, not a fact.
IMO, being benign cannot be defined by an RFC because that
classification depends on real-world circumstances, not just
Hello,
Squid trusts and forwards the largest Content-Length header. This
behavior violates an RFC 7230 MUST in Section 3.3.3 item #4. It also
confuses some ICAP services and probably some HTTP clients. With the
proposed changes, Squid refuses to forward the message to the ICAP
service and
On 08/13/2015 03:20 AM, Kinkie wrote:
On Wed, Aug 12, 2015 at 9:11 PM, Alex Rousskov wrote:
template typename Enum
EnumRangeTEnum EnumRange(Enum begin, Enum end) {
return EnumRangeTEnum(begin, end);
}
Done.
* Typical use:
* for ( auto enumvalue
On 08/13/2015 03:20 AM, Kinkie wrote:
On Wed, Aug 12, 2015 at 9:11 PM, Alex Rousskov wrote:
I would encourage you to show actual Squid usage examples (besides
artificial test cases), either in the patch itself or in the patch cover
email.
./src/HttpHdrCc.cc:HttpHdrCcType
On 08/13/2015 10:52 PM, Amos Jeffries wrote:
On 14/08/2015 10:18 a.m., Alex Rousskov wrote:
On 08/13/2015 09:29 AM, Kinkie wrote:
EnumIterator has brought out one more issue with ubuntu-precise:
since it carries gcc-4.6, it doesn't support std::underlying_typeenum.
The options
On 08/09/2015 01:47 AM, Amos Jeffries wrote:
However the char(int_type) type constructor is necessary because this is
the fundamental int_type being passed in. All the available
*_castchar() operators are built to convert a 32-bit int_type value
into an array of 4 bytes before dealing with the
On 08/09/2015 09:39 PM, Amos Jeffries wrote:
Primarily that we can do the formatting cleanup without adding a
circular dependency between libbase and libmem in the current code
situation.
This answer to my Why do the same change twice? question does not
compute/correlate for me. I do not
On 08/09/2015 01:47 AM, Amos Jeffries wrote:
On 9/08/2015 1:14 p.m., Alex Rousskov wrote:
On 08/08/2015 02:03 AM, Amos Jeffries wrote:
* convert old Action classes to new API
* refactor old C-code report generators to be Action classes
- fixing display output syntax to minimal YAML as we go
On 08/11/2015 10:40 AM, Amos Jeffries wrote:
On 11/08/2015 11:24 p.m., Tsantilas Christos wrote:
The reconnect is not yet implemented.
Gah. So for the last year-ish it has been published in wiki
SslPeekAndSplice page as an available config option. But is actually
nothing more than an
On 08/12/2015 09:36 AM, Kinkie wrote:
So I went ahead and just implemented it, starting from your observations.
It's a bit more complex that your proposal, as I took the chance to
implement bidirectional forward and reverse iterators.
The attached patch is in changeset 14235 of
On 08/08/2015 02:03 AM, Amos Jeffries wrote:
On 8/08/2015 5:04 p.m., Alex Rousskov wrote:
On 08/05/2015 10:24 AM, Amos Jeffries wrote:
+virtual int_type overflow(int_type aChar = traits_type::eof()) {
+virtual int sync() {
+virtual std::streamsize xsputn(const char * chars, std
On 08/05/2015 09:33 AM, Kinkie wrote:
I crossed the topic of enumerating over iterations.
You mean iterating enum[eration]s :-)
We kind-of follow (C-ish)best
practices on that, but that got me wondering if we can do better.
I came up with a trinket which on its face looks quite elegant to
On 07/23/2015 11:11 AM, Amos Jeffries wrote:
Particular since the full fix is a one-liner in consumeTrailing() in
place of that comment, and currently affecting no other code that would
need auditing.
That one-liner being identical to the matching code in consume():
parsed_ +=
On 07/23/2015 01:41 PM, Tsantilas Christos wrote:
On 07/23/2015 07:21 PM, Alex Rousskov wrote:
Furthermore, the values of unsafe srcX enum constants should be
increased to actually match the srcUnsafe mask (16 is still smaller than
0x).
This is should be OK.
The safe flags are from
On 07/24/2015 07:46 PM, Amos Jeffries wrote:
On 25/07/2015 10:51 a.m., Alex Rousskov wrote:
Affected transactions fail with mayReadMore() exceptions because their
readBuf.spaceSize() is zero while they need to read more data.
Any append,parse,consume;append,parse,consume;... user of SBuf
On 07/24/2015 05:15 PM, Amos Jeffries wrote:
On 25/07/2015 10:35 a.m., Alex Rousskov wrote:
The old chop() code was trying to make the clearance decision ASAP,
without normalizing parameters first and missed most clearance cases as
the result.
+1. Please apply ASAP.
Committed to trunk
On 07/24/2015 05:26 AM, Amos Jeffries wrote:
I think you still misunderstand the OppSec RFC meanings.
Ditto.
Since SSL support first went into Squid back in 1998 we have allowed
cache_peer to connect to a remote https_port and sent http:// traffic
over it.
Using the above as a sub-case of
On 07/23/2015 09:08 AM, Amos Jeffries wrote:
On 24/07/2015 1:55 a.m., Alex Rousskov wrote:
On 07/23/2015 01:46 AM, Kinkie wrote:
the only thing I don't understand is the XXX in
parsedSize(); it's not clear why the comment,
...
as soon as that's improved, +1.
Why?! This is not something
On 07/23/2015 07:41 AM, Amos Jeffries wrote:
On 23/07/2015 3:32 a.m., Alex Rousskov wrote:
On 07/21/2015 04:25 AM, Amos Jeffries wrote:
On 21/07/2015 9:42 a.m., Alex Rousskov wrote:
adaptation_access icapS aclIcap
adaptation_access icapN !aclIcap
aclIcap can be a received_encrypted ACL
+LfDelim.add(' '); // IIS
+LfDelim.add('\'); // Bing
+LfDelim.add('\\'); // MSIE, Firefox
+LfDelim.add('|'); // Amazon
On 06/26/2015 09:40 AM, Alex Rousskov wrote:
In your patch, please add support for all URI characters that we can
support
Hello,
Intercepting Squids sometimes fail with the following assertion in
ACLDestinationIP::match():
// Bug 3243: CVE 2009-0801
// Bypass of browser same-origin access control in intercepted
communication
// To resolve this we will force DIRECT and only to the original
On 07/17/2015 11:31 PM, Amos Jeffries wrote:
On 18/07/2015 6:09 a.m., Alex Rousskov wrote:
Intercepting Squids sometimes fail with the following assertion in
ACLDestinationIP::match():
if (Config.onoff.client_dst_passthru ... intercepted ...) {
assert(checklist-conn
On 07/19/2015 05:35 AM, Amos Jeffries wrote:
On 18/07/2015 7:08 a.m., Alex Rousskov wrote:
On 07/17/2015 11:48 AM, Amos Jeffries wrote:
On 18/07/2015 3:13 a.m., Tsantilas Christos wrote:
This patch adds received_encrypted ACL
The new received_encrypted ACL matches transactions where all HTTP
On 10/21/2015 03:14 AM, Amos Jeffries wrote:
> On 21/10/2015 4:42 p.m., Alex Rousskov wrote:
>> Hello,
>>
>> Connection stats, including %<lp, were missing for persistent
>> connections.
>>
>> The code reusing a pconn was missing a hier.no
On 10/27/2015 04:05 AM, manojmaybe wrote:
> I use squid 3.5.10 as transparent proxy mode . I used peek and splice mode, i
> try to peek at step1 (SslBump1) and server name is available in SNI go for
> further, also peeked at step2 (SslBump2) for whether we doesn't get server
> name , if server
Hello,
To avoid crashes, prohibit pointless reconfiguration during shutdown.
Also consolidated and polished signal action handling code:
1. For any executed action X, clear do_X at the beginning of action X
code because once we start X, we should accept/queue more X
requests (or
On 08/23/2015 02:40 PM, Amos Jeffries wrote:
> It turns out that ICAP implements has three distinct protocol parsers.
>
> I begin the ICAP parser conversion to the Parser-NG model with
> ModXact::parseHeaders() - which was conflating both ICAP and HTTP, and
> the HTTP directional parsers.
>
>
>
On 11/12/2015 05:27 PM, Eliezer Croitoru wrote:
> What I have found is an exception in the logs which results in
> "ICAP_ERR_OTHER" but I am unable to understand what the issue is.
>
> The lines from the log are:
> 2015/11/13 01:47:22.072 kid1| 0,3| TextException.cc(87) Throw:
> ModXact.cc:918:
Hello,
The attached patch tells bzr to ignore most build-generated files.
This is very helpful when reorganizing Squid sources and not using
out-of-source builds.
Most of the new entries were produced by appending "bzr status" output
on an otherwise clean tree after a build. I am surprised
On 11/09/2015 09:41 AM, Kinkie wrote:
> One step at a time.. :)
Two steps at a time may be better in this case because the first
renaming-only step buys us pretty much nothing but porting pain AFAICT.
Alex.
> On Mon, Nov 9, 2015 at 5:28 PM, Amos Jeffries wrote:
>> On
On 11/04/2015 08:07 PM, Amos Jeffries wrote:
> On 5/11/2015 12:36 p.m., Alex Rousskov wrote:
>> Hello,
>>
>> The attached patch polishes cache_peer_access and related documentation.
>>
>> It was inspired by an admin complaint that the existing documenta
On 10/26/2015 11:24 AM, Amos Jeffries wrote:
> On 27/10/2015 5:00 a.m., Alex Rousskov wrote:
>> Hello,
>>
>> To avoid crashes, prohibit pointless reconfiguration during shutdown.
>>
>> Also consolidated and polished signal action handling code:
>>
>
On 11/03/2015 02:12 AM, Amos Jeffries wrote:
>> On 24/07/2015 11:13 a.m., Alex Rousskov wrote:
>>> "I am happy to restrict URIs to what older Squids accepted or more.
>>> Recent parser changes broke Squid. There is no need to go beyond what we
>>> were doi
On 10/07/2015 12:16 PM, Vitaly Lavrov wrote:
> Bug 4279: No response from proxy for FTP-download of non-existing file
>
> There is no code to handle errors ftp-protocol functions ftpFail().
> The patch forms a response to the client an error similar to loginFailed().
> To handle specific errors,
Hello,
Connection stats, including %
On 10/03/2015 02:35 AM, Amos Jeffries wrote:
> Update the external_acl_type helper interface to use libformat and thus
> make any logformat token valid in its format parameter field.
>
> As a result much of the logic surrounding format code parsing, display
> and helper query generation has been
On 11/18/2015 02:07 AM, Amos Jeffries wrote:
> Since this is getting kind of urgent now I have taken the liberty of
> making the CharacterSet changes myself.
>
> If there are no objections I would like to apply this tomorrow. It is at
> least a vast improvement over current trunk as-is. We can
On 08/26/2015 11:04 AM, Kinkie wrote:
v2 patch attached.
FYI: If you have missed my last email on this thread, it is archived at
http://lists.squid-cache.org/pipermail/squid-dev/2015-August/003173.html
Alex.
___
squid-dev mailing list
1 - 100 of 787 matches
Mail list logo