Re: [squid-dev] [PATCH] Fix broken build for ufsdump

On 03/05/2017 12:28 PM, Eduard Bagdasaryan wrote: > ufsdump build is broken now [...] > This patch fixes this, however I am not sure that > does it in a best possible way. For example, someone may argue that > inlining storeKeyText() is wrong. Yeah, I would argue that such inlining is "wrong".

Re: [squid-dev] [PATCH] Case-insensitive URI schemes

move AnyP::UriScheme::Init() as >> you suggested. Re-attached the patch (v5 r15037). >> >> >> Eduard. >> >> On 02.02.2017 22:12, Alex Rousskov wrote: >> >> > We should avoid this code duplication [...] >> > However, please check whether we can

Re: [squid-dev] Valid document was not found in the cache and only-if-cached directive was specified. what does it mean?

On 02/28/2017 06:10 PM, Eliezer Croitoru wrote: > I am receiving this error page when a cache_peer is defined as a sibling on > each of the 2 proxies: > The requested URL could not be retrieved > Valid document was not found in the cache and only-if-cached directive was > specified. > When I am

Re: [squid-dev] Dereferencing null headClone

On 02/16/2017 06:13 PM, Amos Jeffries wrote: > On 17/02/2017 6:53 a.m., Alex Rousskov wrote: >> On 02/16/2017 10:34 AM, scan-ad...@coverity.com wrote: >> >>> 1607 Must(headClone != NULL); >>>>>> CID 1400650: Null pointer dereferences (FOR

Re: [squid-dev] How Squid parse the configuration file?

evious email shows how to find the maximum_object_size_in_memory parsing function (called parse_b_size_t). Examining that function will lead you to parseBytesLine() and the functions/methods it calls, including syntax checking code. HTH, Alex. > 2017-02-22 0:52 GMT+08:00 Alex Rousskov: >

Re: [squid-dev] How Squid parse the configuration file?

On 02/21/2017 01:15 AM, 周书林 wrote: > I found the src/cf.data.pre file, and read the content. But I still want > to know how squid use this file to build the connection between the > config file and the source code. As you already know, the parser is generated. The generated code either places

Re: [squid-dev] [PATCH] Compilation error after r15057

On 02/21/2017 02:33 AM, Eduard Bagdasaryan wrote: > There are also 'make check' problems reported by clang, > fix attached. Committed to v5 (r15063) after removing unused BandwidthBucket::reduceBucket() parameter name. Alex. > On 21.02.2017 01:24, Alex Rousskov wrote: >> On 02/2

Re: [squid-dev] [PATCH] Compilation error after r15057

On 02/20/2017 02:37 PM, Eduard Bagdasaryan wrote: > That applied fix missed one case, attaching patch for it. Committed to v5 (r15062). Alex. > On 20.02.2017 21:06, Alex Rousskov wrote: >>> Attaching compilation fix for r15057. >> Co

Re: [squid-dev] [PATCH] Compilation error after r15057

On 02/20/2017 07:58 AM, Eduard Bagdasaryan wrote: > Attaching compilation fix for r15057. Committed to v5 (r15061). > src/client_db.cc:443:21: error: 'reinterpret_cast' to class 'ClientInfo *' > from its base at non-zero offset 'hash_link *' behaves differently from > 'static_cast'

Re: [squid-dev] [PATCH] Native FTP relay for active FTP

On 02/16/2017 02:48 AM, Amos Jeffries wrote: > +1. The latest patch looks like correct code to me. If you are happy > with it too Alex please apply. Please consider using the above text in > the new if-else comments. I am still OK with this patch going in, but you should be the one committing it

Re: [squid-dev] [PATCH] Response delay pools

On 01/22/2017 12:52 PM, Amos Jeffries wrote: > - a config line should have roughly this generic structure: >1) directive (first label, which determines the syntax) >2) parameters (mandatory values, fixed positions for each one) >3) options (values that may be absent, using key[=value]

Re: [squid-dev] [PATCH] Response delay pools

On 02/16/2017 04:35 AM, Amos Jeffries wrote: > Strictly speaking anything on the line - including the directive name is > a parameter. To minimize bickering, I will do my best to just focus on [what I perceive as] important disagreements and ignore everything else, including [what I perceive as]

Re: [squid-dev] Dereferencing null headClone

On 02/16/2017 10:34 AM, scan-ad...@coverity.com wrote: > 1607 Must(headClone != NULL); CID 1400650: Null pointer dereferences (FORWARD_NULL) Passing null pointer "headClone" to "inheritProperties", which dereferences it. > 1608

Re: [squid-dev] [PATCH] Native FTP relay for active FTP

On 02/14/2017 02:39 PM, Alex wrote: > Should be a bit better now. Thank you for covering all three cases and overcoming your conviction that one of them does not exist and that r12742.1.41 is bogus/useless. The IPv4 part still looks bad to me, but I do not think that _you_ have to be responsible

Re: [squid-dev] [PATCH] Native FTP relay for active FTP

On 02/14/2017 12:25 PM, Alex wrote: > It seems that the patch doesn't make things worse (if I understood you > correctly). AFAICT, you are not testing the use case that prompted [trunk] revision 12742.1.41 changes. There are three possibilities: 1. r12742.1.41 changes were bogus/useless. 2.

Re: [squid-dev] [PATCH] Native FTP relay for active FTP

On 02/14/2017 10:38 AM, Alex wrote: >>> + if (clientConnection->flags & COMM_TRANSPARENT) { >>> + conn->setAddrs(clientConnection->local, cltAddr); >>> + conn->flags |= COMM_TRANSPARENT; >>> + } else { >>> + // In case of NAT interception ... >> Are there really just two cases here (tproxy

Re: [squid-dev] [PATCH] Native FTP relay for active FTP

On 02/14/2017 03:44 AM, Alex wrote: > The attached patch allows FTP relay to work in NAT interception mode > and also fixes IP address binding in TPROXY mode. Thank you for working on this bug. NAT/TPROXY address manipulation is not my area of expertise, but I have one higher level concern and a

Re: [squid-dev] [PATCH] VIA creation code duplication

On 02/10/2017 04:17 PM, Amos Jeffries wrote: > This patch is "polishing a turd" as the saying goes and a bit premature. > There are some obvious and easy to fix bugs that should be attended > first, then polishing afterwards. I agree that there are many problems related to Via adding code and

Re: [squid-dev] [PATCH] VIA creation code duplication

On 02/09/2017 10:19 AM, Amos Jeffries wrote: > On 3/02/2017 4:02 a.m., Eduard Bagdasaryan wrote: >> This patch fixes VIA appending code duplication, moving common >> code into a separate method. > Since Via is a list header we should be able to just append a new Via > header to the header list

Re: [squid-dev] [PATCH] Response delay pools

On 01/30/2017 04:43 PM, Eduard Bagdasaryan wrote: > Thanks for the detailed review. I tried to address all other remarks, > renamed parameters according to the suggested terminology, > merged with latest v5 r15027 and re-attached the patch. Amos, did Eduard address your concerns? Any other

Re: [squid-dev] [PATCH] initial GnuTLS support for encrypted server connections

On 02/04/2017 12:31 PM, Amos Jeffries wrote: > On 3/02/2017 4:05 a.m., Alex Rousskov wrote: >> On 02/01/2017 11:51 PM, Amos Jeffries wrote: >> >>> Can we agree on this being a fundamental design in Squid: >>> >>> * all connections have an associated soc

Re: [squid-dev] [PATCH] convert Delay Pools classes to use MEMPROXY_CLASS

On 01/22/2017 02:23 PM, Amos Jeffries wrote: > On 22/01/2017 4:51 p.m., Alex Rousskov wrote: >> On 01/21/2017 06:42 PM, Amos Jeffries wrote: >>> -long DelayPools::MemoryUsed = 0; >> The total provided by this global was probably quite handy/useful. If we >&g

Re: [squid-dev] [PATCH] Case-insensitive URI schemes

On 02/02/2017 05:53 AM, Eduard Bagdasaryan wrote: > I applied your polishing suggestions to my latest patch > re-attached it. > +std::vector AnyP::UriScheme::LowercaseSchemeNames; > +static std::vector LowercaseSchemeNames; We should avoid this code duplication: typedef std::vector

Re: [squid-dev] [PATCH] initial GnuTLS support for encrypted server connections

On 02/01/2017 11:51 PM, Amos Jeffries wrote: > Can we agree on this being a fundamental design in Squid: > > * all connections have an associated socket ID. That assumption would be too limiting (and, AFAICT, unnecessary). For example, SSL connections inside SSL connections (HTTPS proxy) do

Re: [squid-dev] [PATCH] initial GnuTLS support for encrypted server connections

On 01/19/2017 12:11 PM, Alex Rousskov wrote: > On 01/19/2017 12:16 AM, Amos Jeffries wrote: >> Well, there is no such thing as a "SSL connection" - it is security >> added onto some *other* Transport Protocol's layer. > There is. The "security added onto some o

Re: [squid-dev] [PATCH] initial GnuTLS support for encrypted server connections

On 02/01/2017 01:42 PM, Christos Tsantilas wrote: > must take in account that some openSSL calls > returns locket objects, and some other unlocked objects. Does the patch start using shared pointers for any objects in the second, "returned unlocked" category? AFAICT, only the SSL connection

Re: [squid-dev] [PATCH] Bug 4662 adding --with-libressl build option

On 02/01/2017 08:20 AM, Marcus Kool wrote: >> Do you think we can compromise and call it USE_OPENSSL_OR_LIBRESSL ? > or call it USE_OPENSSL_API > > and then the code will eventually have none or few occurrences of > USE_OPENSSL and USE_LIBRESSL to deal with OpenSSL and LibreSSL specifics. Yes,

Re: [squid-dev] [PATCH] Bug 4662 adding --with-libressl build option

Executive summary: * Still no agreement on whether or how to rename the primary SSL guard. * Possibly an agreement to continue using a single primary SSL guard?? * Clarification that --with-libressl itself is a relatively minor issue. * A firm veto on adding support for the 3rd SSL API. Whether

Re: [squid-dev] [PATCH] Bug 4662 adding --with-libressl build option

On 02/01/2017 05:00 AM, Eliezer Croitoru wrote: > I do believe that for the latest hardware with beefy CPU, code > repetition in C++ might not be much of a regression but not everybody > can replace their systems hardware every year. (If my assumption > about code repetition affecting older

[squid-dev] QA Pilots

Hello, The Squid Software Foundation plans to hire a part-time remote QA engineer to help us address systemic quality problems with Squid releases and development snapshots. This position will be funded by your donations to the Foundation. Thank you! Before a regular QA Engineer position is

Re: [squid-dev] [PATCH] Bug 4662 adding --with-libressl build option

On 01/31/2017 08:20 AM, Amos Jeffries wrote: > On 31/01/2017 7:04 a.m., Alex Rousskov wrote: >> On 01/29/2017 04:26 AM, Amos Jeffries wrote: >>> This is I think all we need to do code-wise to resolve the Bug 4662 >>> issues with LibreSSL being incompatible with Open

Re: [squid-dev] [PATCH] Bug 4662 adding --with-libressl build option

On 01/29/2017 04:26 AM, Amos Jeffries wrote: > This is I think all we need to do code-wise to resolve the Bug 4662 > issues with LibreSSL being incompatible with OpenSSL 1.1. > > The libraries cannot both be linked either way. If both --with-* options > are provided LibreSSL currently overrides

Re: [squid-dev] [PATCH] Case-insensitive URI schemes

On 01/29/2017 07:10 AM, Amos Jeffries wrote: > I'm thinking the quick-and-dirty way is to just lowercase the 'proto' > variable in url.cc urlParse() function. Doing that in the for-loop where > it is copied from 'src' would be easiest. > - it breaks the case preservation on unknown schemes a

Re: [squid-dev] [PATCH] annotate_transaction ACL

On 01/27/2017 10:39 AM, Christos Tsantilas wrote: > Which is the status of this patch? Based on squid-dev archives, this patch has been posted 27 days ago and received no reviews, comments, or votes (but you already know that). > Can be applied to squid-5? Yes it can be. MergeProcedure says

Re: [squid-dev] Porting Squid Debug Log Functionality

On 01/27/2017 08:05 AM, Christopher Nighswonger wrote: > How difficult would it be to abstract Squid's debug log code and port it > to another application? It would be relatively easy, but you should not do that IMO because 1. Truly abstracting debugging functionality is actually pretty

Re: [squid-dev] [PATCH] Drop deprecated MSIE Cache-Control pre-check/post-check

On 01/26/2017 02:08 AM, Amos Jeffries wrote: > These two options have been a bit of annoyance for a long time. > Primarily because they are custom controls and almost all uses of them > is the garbage '0' values that even MSIE ignores completely. Validating > correctness would add processing which

Re: [squid-dev] [PATCH] SSLv2 records force SslBump bumping despite a matching step2 peek rule.

On 01/25/2017 12:12 PM, Christos Tsantilas wrote: >> On 25/01/2017 08:24 μμ, Alex Rousskov wrote: >> * A client-sent ClientHello is required for peeking. The calling code >> must ensure that we never get here without it. Throw if our calling code >> is buggy. > This is

Re: [squid-dev] [PATCH] SSLv2 records force SslBump bumping despite a matching step2 peek rule.

On 01/16/2017 04:38 AM, Christos Tsantilas wrote: > On 13/01/2017 07:04 μμ, Alex Rousskov wrote: >> The dependency here is that clientHelloMessage comes from our parser. We >> can substitute OpenSSL-generated ClientHello with client-sent >> ClientHello because/if we successfu

Re: [squid-dev] [PATCH] convert Delay Pools classes to use MEMPROXY_CLASS

On 01/21/2017 06:42 PM, Amos Jeffries wrote: > This patch converts all the delay pools classes which were providing the > new/delete operators to using MEMPROXY_CLASS instead. So each class in > separately accounted for and we get a better view of allocation stats > and behaviours from the

Re: [squid-dev] [PATCH] Digest Auth support for LDAP HA1 attribute without realm

On 01/20/2017 06:05 AM, FUSTE Emmanuel wrote: > We have to support many historic digest auth implementation for which > the realm is not included in the digest password attribute: > The password is effectively stored as "HA1" instead of "REALM:HA1". > I would like to kill our own homegrown

Re: [squid-dev] [PATCH] initial GnuTLS support for encrypted server connections

On 01/19/2017 12:16 AM, Amos Jeffries wrote: > On 15/01/2017 8:09 p.m., Alex Rousskov wrote: >> I am trying to understand how a standard std::shared_ptr can co-exist >> with OpenSSL locking. > whenever the shared_ptr has a non-nil value the library lock count is >= 1.

Re: [squid-dev] [PATCH] initial GnuTLS support for encrypted server connections

On 01/14/2017 10:16 AM, Amos Jeffries wrote: > The Security::SessionPointer is converted to std::shared_ptr. This is > required because GnuTLS does not expose the locking like OpenSSL. Since > we store the SessionPointer to fd_table[].ssl we can always access it > from there one way or another

Re: [squid-dev] [PATCH] SSLv2 records force SslBump bumping despite a matching step2 peek rule.

On 01/12/2017 02:28 PM, Christos Tsantilas wrote: > On 12/01/2017 06:48 μμ, Alex Rousskov wrote: >> On 01/12/2017 08:35 AM, Christos Tsantilas wrote: >>> The patch fixes Squid to peeks (or stares) at the origin server as >>> configured, even if it does not recognize th

Re: [squid-dev] [PATCH] SSLv2 records force SslBump bumping despite a matching step2 peek rule.

On 01/12/2017 08:35 AM, Christos Tsantilas wrote: > The patch fixes Squid to peeks (or stares) at the origin server as > configured, even if it does not recognize the client TLS > record/message. s/to peeks (or stares)/to peek (or stare)/ I agree that this is the right thing to do, but I have

Re: [squid-dev] [PATCH] remove USE_CHUNKEDMEMPOOLS

On 01/11/2017 08:29 AM, Amos Jeffries wrote: > On 1/01/2017 6:37 p.m., Amos Jeffries wrote: >> The USE_CHUNKEDMEMPOOLS build-time setting is not very useful and adds >> extra complexity to the build system. Even when set it does not always >> enable chunked pools. The environment variable MEMPOOLS

Re: [squid-dev] RFC Sourcelayout for clientStreams

On 01/09/2017 12:21 AM, Amos Jeffries wrote: > I've been looking at the clientStreams objects and moving them to a > library for the SourceLayout project. > > What I would like feedback on before I go and make a namespace and > library up is whether we want to retain the term "Client Streams" as

Re: [squid-dev] [PATCH] remove --disable-inline and related macros

On 01/07/2017 07:33 PM, Amos Jeffries wrote: > This now just depends on the client_side_request_cci_remove_mk1.patch > submitted earlier. > > With the .cci files gone there is no longer any use of the SQUID_INLINE > macro. Which in turn removes the need for _USE_INLINE_ macro and then > the

Re: [squid-dev] [PATCH] remove ip/Qos.cci

On 01/07/2017 04:46 AM, Amos Jeffries wrote: > This patch removes ip/Qos.cci file moving its content to ip/QosConfig.cc. > > Also, move the stub file to src/tests/stub_libip.cc and update to use > tests/STUB.h interface. > +bool > +Ip::Qos::Config::isHitTosActive() const > +{ > +return

Re: [squid-dev] [PATCH] remove HttpHdrCc.cci

On 01/05/2017 09:36 PM, Amos Jeffries wrote: > On 2017-01-06 04:34, Alex Rousskov wrote: >> On 01/05/2017 06:22 AM, Amos Jeffries wrote: >>> This patch removes HttpHdrCc.cci file, moving the simple methods inline >>> to the HttpHdrCc.h and more complicated setter to Http

Re: [squid-dev] [PATCH] remove String.cci

On 01/04/2017 07:42 PM, Amos Jeffries wrote: > This patch removes String.cci file, moving the simple methods inline to > the SquidString.h and more complicated others to String.cc. Thank you for doing this long-overdue cleanup. > +/// throws when size() > INT_MAX > +int psize() const {

Re: [squid-dev] [PATCH] refactor Auth::Config

On 12/20/2016 11:05 AM, Amos Jeffries wrote: > +class Config > +{ > +public: > +/// set of auth_params directives > +Auth::ConfigVector schemes; > + > +/// set of auth_schemes directives > +std::vector schemeLists; > + > +/// the ACL list for auth_schemes directives > +

Re: [squid-dev] [PATCH] auth_schemes directive

On 12/08/2016 09:38 PM, Amos Jeffries wrote: >> Custom actions patch applied as squid-5-14971. > PS, also applied for 4.0.17 Which v4 revision? I do not see it after bzr update of that branch and and it does not seem to be present at https://code.launchpad.net/~squid/squid/4 Thank you, Alex.

Re: [squid-dev] [PATCH] auth_schemes directive

On 12/08/2016 09:37 PM, Amos Jeffries wrote: > On 9/12/2016 5:03 p.m., Alex Rousskov wrote: >> On 12/08/2016 06:39 PM, Amos Jeffries wrote: >>> On 6/12/2016 10:57 a.m., Eduard Bagdasaryan wrote: >>>> Attached two patches for v5 after splitting. >>> Thank you

Re: [squid-dev] [PATCH] auth_schemes directive

On 12/08/2016 06:39 PM, Amos Jeffries wrote: > On 6/12/2016 10:57 a.m., Eduard Bagdasaryan wrote: >> >> Attached two patches for v5 after splitting. Please apply >> SQUID-242-refactor-custom-acl-actions-cfg-t1.patch first. >> > > Thank you. Custom actions patch applied as squid-5-14971. If there

Re: [squid-dev] Broken SSL build

d. Thank you. I will ignore these build failures until bug 4599 is closed. Alex. > On 08/12/2016 08:07 μμ, Alex Rousskov wrote: >> Hello, >> >> Jenkins has been complaining for a while about SSL-related >> compilation problems such as >> >>> http://build

[squid-dev] Broken SSL build

Hello, Jenkins has been complaining for a while about SSL-related compilation problems such as > http://build.squid-cache.org/job/5-matrix/compiler=gcc,label=d-debian-unstable/ > ../../../../src/ssl/support.cc:473:96: error: invalid conversion from 'int > (*)(CRYPTO_EX_DATA*,

Re: [squid-dev] Fix If-None-Match processing and related bug 4169

On 12/04/2016 08:57 PM, Amos Jeffries wrote: > On 5/12/2016 4:05 p.m., Alex Rousskov wrote: >> All these >> conditional headers have the same overall logic: If the answer to the >> "If" question asked by the header field name is "yes", then the header &g

Re: [squid-dev] Fix If-None-Match processing and related bug 4169

On 11/30/2016 08:12 AM, Garri Djavadyan wrote: > I've attached fixed version. > +// If-None-Match did not match; treat as an unconditional hit > +return false; Actually, in this case, If-None-Match matched (i.e., "no one matched" is true). And this is exactly why we can ignore

[squid-dev] Automake bug workaround

Hello, Squid build produces lots of warnings in modern build environments such as Ubuntu 16.04: > make > /dev/null > /usr/bin/ar: `u' modifier ignored since `D' is the default (see `U') > /usr/bin/ar: `u' modifier ignored since `D' is the default (see `U') ... > /usr/bin/ar: `u' modifier

Re: [squid-dev] [PATCH] auth_schemes directive

On 12/01/2016 11:53 PM, Amos Jeffries wrote: > Not sure if you intended to but you have just done a good CHI test. I do not know what you mean by "CHI test". Googling did not help. > Your wording/layout of that directive has clearly collided with some > other config grammar that user is more

Re: [squid-dev] [PATCH] auth_schemes directive

On 11/30/2016 12:06 AM, Alex Rousskov wrote: > Perhaps there is a way to keep the per-scheme access list advantage > without opening the 403 Pandora box and preserving the whole-list > visualization provided by auth_schemes? > > For example, we could support

Re: [squid-dev] g++ 4.8.x and std::regex problems

On 11/29/2016 12:46 PM, Amos Jeffries wrote: > It was not just to delay to v5 To avoid similar disasters in the future, please note that any "decision" to "delay until vX" is essentially invalid when there is no consensus regarding vX branching: A promise to delay something until the moment

Re: [squid-dev] [PATCH] ServerBump class cleanup

On 11/30/2016 06:34 AM, Amos Jeffries wrote: > This patch is a general cleanup of coding styles and current code > requirements for the ServerBump class. > -void attachServerSSL(SSL *); ///< Sets the server SSL object > +void attachServerSession(const Security::SessionPointer &); ///<

Re: [squid-dev] Fix If-None-Match processing and related bug 4169

On 11/30/2016 04:44 AM, Garri Djavadyan wrote: > * If-Modified-Since header is ignored if If-None-Match header exists > (RFC7232 compliance) > if (r.header.has(Http::HdrType::IF_NONE_MATCH)) { > +if (e->hasIfNoneMatchEtag(r)) { > +// RFC 7232: If-None-Match recipient

Re: [squid-dev] [PATCH] auth_schemes directive

On 11/29/2016 03:50 PM, Amos Jeffries wrote: > On 28/11/2016 3:34 p.m., Alex Rousskov wrote: >> Or being able to control the order of schemes presented to the user. > Any HTTP client implementation which was coded to be properly compliant > with RFC 2616 and 2617 *will not* ob

Re: [squid-dev] Fix If-None-Match processing and related bug 4169

On 11/29/2016 02:23 PM, Amos Jeffries wrote: > On 30/11/2016 1:47 a.m., Garri Djavadyan wrote: >> On Tue, 2016-11-29 at 14:51 +0500, Garri Djavadyan wrote: >>> Hello, >>> >>> Please review the attached patch prepared for r14958, it fixes the >>> If- >>> None-Match processing (incorrect logging

Re: [squid-dev] g++ 4.8.x and std::regex problems

On 11/29/2016 11:22 AM, Amos Jeffries wrote: > On 29/11/2016 4:40 p.m., Alex Rousskov wrote: >> On 11/28/2016 07:29 PM, Amos Jeffries wrote: >>> GCC 4.8 is not capable of building correctly operating Squid-4 >> >> You have said that before, but in all such cases t

Re: [squid-dev] [RFC] simplifying ssl_bump complexity

On 11/28/2016 03:26 PM, Marcus Kool wrote: > The comment was about the fact that determination if data from a client > is a syntactically valid ClientHello message should be quick Unfortunately, it is not a fact. In simple cases, you are right (which is why Squid v4 already uses a two-stage

Re: [squid-dev] g++ 4.8.x and std::regex problems

On 11/28/2016 07:29 PM, Amos Jeffries wrote: > GCC 4.8 is not capable of building correctly operating Squid-4 You have said that before, but in all such cases that I remember, the reality was actually different. I do not know if something has changed in v4 within the past month or so [but any

Re: [squid-dev] g++ 4.8.x and std::regex problems

On 11/25/2016 06:39 AM, Amos Jeffries wrote: > On 25/11/2016 11:50 p.m., Christos Tsantilas wrote: >> I have problems to run latest squid-5. The reason looks that it is the >> r14954, which removes old GnuRegex and uses the std::regex API. >> >> The std::regex supported from gcc-4.9 and latest

Re: [squid-dev] [RFC] simplifying ssl_bump complexity

On 11/28/2016 06:30 AM, Marcus Kool wrote: > On 11/27/2016 11:20 PM, Alex Rousskov wrote: >> It would be nice to prohibit truly impossible actions at the syntax >> level, but I suspect that the only way to make that possible is to focus >> on final actions [instead of steps]

Re: [squid-dev] [PATCH] auth_schemes directive

On 11/19/2016 02:15 AM, Amos Jeffries wrote: > On 19/11/2016 12:56 p.m., Eduard Bagdasaryan wrote: >> This patch introduces a new 'auth_schemes' squid.conf directive. >> >> This directive may be used to customize authentication >> schemes presence and order in Squid's HTTP 401 (Unauthorized) and

Re: [squid-dev] [RFC] simplifying ssl_bump complexity

On 11/19/2016 07:06 PM, Amos Jeffries wrote: > On 20/11/2016 12:08 p.m., Marcus Kool wrote: >> The current ssl bump steps allow problematic configs where Squid >> bumps or stares in one step and to splice in an other step, >> which can be resolved (made impossible) in a new configuration syntax.

Re: [squid-dev] [RFC] simplifying ssl_bump complexity

On 11/19/2016 03:07 AM, Amos Jeffries wrote: > I propose going back to the older config style where each step has its > own directive name which self-documents what it does. IIRC, SslBump has never used step-specific directives: First implementations applied all ssl_bump actions during step1 and

Re: [squid-dev] [PATCH] Rework acl/RegexData optimization to use SBufList

On 11/13/2016 11:02 PM, Amos Jeffries wrote: > On 14/11/2016 6:36 p.m., Alex Rousskov wrote: >> On 11/13/2016 10:15 PM, Amos Jeffries wrote: >> >>> I think we should accumulate into two SBufList instead, one for -i and >>> one for +i instead of switching bac

Re: [squid-dev] [PATCH] Rework acl/RegexData optimization to use SBufList

On 11/13/2016 10:15 PM, Amos Jeffries wrote: > I think we should accumulate into two SBufList instead, one for -i and > one for +i instead of switching back and forth with potentially lots of > little patterns. Would not forcing regexes into two different groups change the regex evaluation order

Re: [squid-dev] [PATCH] Rework acl/RegexData optimization to use SBufList

On 11/13/2016 05:11 PM, Kinkie wrote: > the attached patch moves away from hand-rolling a c-string onto > joining a SBufList for optimizing regexes in RegexData.cc. > You can find attached as a test case the output of squidclient > mgr:config taken on trunk and on the submitted code. It is

Re: [squid-dev] [PATCH] Extend SBufContainerJoin to have prefix and suffix arguments

On 11/11/2016 01:30 AM, Kinkie wrote: > On Fri, Nov 11, 2016 at 5:02 AM, Amos Jeffries wrote: >> On 11/11/2016 9:28 a.m., Kinkie wrote: >>> >>> v4 attached. >>> >> >> Does it have to take begin() and end() iterators explicitly? >> can we not have it take the container

Re: [squid-dev] [PATCH] ICAP trailer support

On 11/09/2016 08:16 AM, Amos Jeffries wrote: > On 9/11/2016 3:05 a.m., Eduard Bagdasaryan wrote: >> Also simplified and fixed headers isolating code while dealing with >> empty (i.e. zero header fields) headers. Old httpMsgIsolateHeaders() >> tried to re-implement header end detection/processing

Re: [squid-dev] [PATCH] ssl::server_name ACL badly broken since inception (trunk r14008).

On 10/28/2016 02:39 AM, Christos Tsantilas wrote: > I am attaching the squid-3.5 version of the patch. Amos, will you commit this fix to the v3.5 branch? Thank you, Alex. > On 10/27/2016 12:46 AM, Amos Jeffries wrote: >> On 21/10/2016 5:18 a.m., Christos Tsantilas wrote: >>> >>> The

Re: [squid-dev] [PATCH] Extend SBufContainerJoin to have prefix and suffix arguments

On 11/06/2016 01:15 AM, Kinkie wrote: >>> +dest.reserveSpace(prefix.length() + totalContainerSize + >>> suffix.length()); >> >> Please note that v4 still allocates memory according to my last >> experiment. See JoinContainerIntoSBuf3() which mimics your patch v4. You >> may claim that the

Re: [squid-dev] [PATCH] Faster SBuf::append

On 11/04/2016 08:22 AM, Amos Jeffries wrote: > On 7/10/2016 6:20 a.m., Alex Rousskov wrote: >> On 10/06/2016 10:57 AM, Amos Jeffries wrote: >> >>> Please add a check to the unit test testSBuf::testAppendSBuf() >>> to guarantee that the (*this = S) assig

Re: [squid-dev] [PATCH] Extend SBufContainerJoin to have prefix and suffix arguments

On 11/04/2016 01:12 AM, Kinkie wrote: > On Thu, Nov 3, 2016 at 10:55 PM, Alex Rousskov > <rouss...@measurement-factory.com> wrote: >> On 11/03/2016 03:19 PM, Kinkie wrote: >>> On Tue, Nov 1, 2016 at 8:47 PM, Alex Rousskov wrote: >>>> On 11/01/2016 02:02 PM, K

Re: [squid-dev] [PATCH] Extend SBufContainerJoin to have prefix and suffix arguments

On 11/03/2016 03:19 PM, Kinkie wrote: > On Tue, Nov 1, 2016 at 8:47 PM, Alex Rousskov wrote: >> On 11/01/2016 02:02 PM, Kinkie wrote: >>> the attached patch extends SBufContainerJoin to have prefix and >>> suffix arguments. >> I recommend reworking this by

Re: [squid-dev] [PATCH] Extend SBufContainerJoin to have prefix and suffix arguments

On 11/01/2016 02:02 PM, Kinkie wrote: > the attached patch extends SBufContainerJoin to have prefix and > suffix arguments. This can support a use-case which I found in the > current ACLRegexData work I'm following, where we need to transform > {"foo", "bar", "gazonk"} > into >

Re: [squid-dev] [PATCH] Support tunneling of bumped non-HTTP traffic. Other SslBump fixes.

On 10/28/2016 07:54 AM, Christos Tsantilas wrote: > On 10/28/2016 01:11 PM, Amos Jeffries wrote: >> On 21/10/2016 3:55 a.m., Christos Tsantilas wrote: >>> Support tunneling of bumped non-HTTP traffic. Other SslBump fixes. >> Are any of these additional fixes able to be easily broken out into >>

Re: [squid-dev] [RFC] support Cache-Control:immutable

On 10/26/2016 05:45 PM, Amos Jeffries wrote: > This new cache control extension being proposed by Mozilla looks like it > will be quite useful to us as well as browsers. > > > > I would like to jump in this early and make Squid-4 be one of

Re: [squid-dev] [PATCH] Refactor wordlist to SBufList in acl/RegexData

On 10/26/2016 05:18 PM, Kinkie wrote: >>> the attached patch refactors the use of wordlist to SBufList in >>> acl/RegexData.cc > -while (wl != NULL) { > +for (SBuf i : sl) { If possible, please avoid creating new SBufs by declaring "i" to be a constant reference to SBuf. It is probably

Re: [squid-dev] Squid 3.5.23: crash in Comm::DoSelect

values to 1024, hope it helps to > fix bug in squid. Yes, keeping all limits in sync may work around the bug. Alex. > 2016-10-18 17:48 GMT+03:00 Alex Rousskov: > > On 10/18/2016 03:44 AM, oleg gv wrote: > > > nfds=284, so loop ends on 283 and pfds[283] is buggy > &

Re: [squid-dev] [PATCH] Support tunneling of bumped non-HTTP traffic. Other SslBump fixes.

On 10/19/2016 08:49 AM, Christos Tsantilas wrote: > I am attaching a new patch. I would like to discuss two issues: * Logging of scheme-less URLs > This is defines a new proto the PROTO_TCP, and for this prints the url > in the form host:port. The PROTO_TCP name sounds bad because we may want

Re: [squid-dev] Template methods inside normal classes

On 10/18/2016 09:52 AM, Christos Tsantilas wrote: > Is it valid to use template methods inside normal classes for squid? Yes (until we learn that some compilers choke on them). IIRC, I even had some patches that use them but perhaps they have not been posted or committed yet. Needless to say,

Re: [squid-dev] Squid 3.5.23: crash in Comm::DoSelect

On 10/18/2016 03:44 AM, oleg gv wrote: > nfds=284, so loop ends on 283 and pfds[283] is buggy > I/o module is src/comm/ModPoll.cc, method Comm::DoSelect(int msec) > On stack we see that pfds[SQUID_MAXFD=256], so is less than nfds in loop. > May be malloc nfds? If your maxfd is bigger than

Re: [squid-dev] [PATCH] Support tunneling of bumped non-HTTP traffic. Other SslBump fixes.

On 10/17/2016 10:56 PM, Amos Jeffries wrote: > On 18/10/2016 7:54 a.m., Christos Tsantilas wrote: >> On 10/17/2016 05:42 PM, Alex Rousskov wrote: >>> On 10/17/2016 01:57 AM, Christos Tsantilas wrote: >>>> On 10/14/2016 02:30 PM, Marcus Kool wrote: >>>>&

Re: [squid-dev] bzr -> git?

On 10/16/2016 06:36 PM, Kinkie wrote: > I'm currently trying to use recent advancements in Jenkins to > improve our QA via gated commits to trunk. > This raises (again) the issue of bazaar versus git. Remaining on > bazaar is getting more and more painful, as tools such as jenkins > focus on

[squid-dev] [PATCH] Fixed v3.5 bare eCAP build

Hi Amos, The attached patch is for v3.5. Trunk has the same fix in r14884. TODO: Adjust automated build tests to test bare eCAP configuration (i.e., eCAP without ICAP). HTH, Alex. Fixed v3.5 r14082 build with eCAP but without ICAP support. That is, when ./configured with --enable-ecap

Re: [squid-dev] [PATCH] Faster SBuf::append

On 10/06/2016 10:57 AM, Amos Jeffries wrote: > Please add a check to the unit test testSBuf::testAppendSBuf() > to guarantee that the (*this = S) assignment code path updates the store > reference count rather than doing a bit-wise copy of the SBuf. I support that addition but do not have the

[squid-dev] [PATCH] Faster SBuf::append

Hello, The attached optimization patch was inspired be reviewing the following code: > Parser::parse(const SBuf ) ... > if (preservedData_.isEmpty()) > preservedData_ = aBuf; // avoid needless memory allocation > else > preservedData_.append(aBuf); Supporting this kind of

[squid-dev] Bug 4527: Missing MemObject::storeId value

On 10/05/2016 11:17 AM, Amos Jeffries wrote: > ideally also a fix for the missing storeId() bug that has shown up in > 3.5 - if there is anything like a solution in the works for that. I > expect it was the Last-Modified backports. Do you expect it was v3.5 r14090 (the Last-Modified backport)?

Re: [squid-dev] [RFC] Support concurrent SBuf::c_str() calls

On 10/02/2016 11:51 PM, Amos Jeffries wrote: > On 3/10/2016 1:03 p.m., Alex Rousskov wrote: >> On 10/02/2016 03:25 PM, Kinkie wrote: >>> On Fri, Sep 30, 2016 at 6:03 PM, Alex Rousskov >>>> Overall, I know of three primary ways to implement c_str(): >>>> &g

Re: [squid-dev] [RFC] Support concurrent SBuf::c_str() calls

On 10/02/2016 03:25 PM, Kinkie wrote: > On Fri, Sep 30, 2016 at 6:03 PM, Alex Rousskov > <rouss...@measurement-factory.com> wrote: >> On 09/29/2016 09:19 PM, Amos Jeffries wrote: >>> On 30/09/2016 5:03 a.m., Alex Rousskov wrote: >>>> Should we remove the inc

<    1   2   3   4   5   6   7   8   >