Re: [squid-dev] [PATCH] Some failed transactions are not logged

On 07/19/2016 10:36 PM, Amos Jeffries wrote: > On 20/07/2016 5:01 a.m., Alex Rousskov wrote: >> On 07/19/2016 08:10 AM, Amos Jeffries wrote: >>> On 20/07/2016 1:44 a.m., Eduard Bagdasaryan wrote: >>>> 2016-07-19 16:17 GMT+03:00 Amos Jeffries: >>>>>

Re: [squid-dev] [PATCH] Collapse internal revalidation requests (SMP-unaware caches)

On 07/20/2016 07:21 AM, Amos Jeffries wrote: > Probably more a question for Alex; > whats the point of UsingSmp() in determining transients > initialization? I would expect collapsing to be doable in both SMP and > non-SMP modes. You are correct: Basic collapsed forwarding works in both SMP and

Re: [squid-dev] [RFC] [PREVIEW] LockingPointer round 3.

On 07/19/2016 10:45 PM, Amos Jeffries wrote: > On 19/07/2016 7:14 p.m., Amos Jeffries wrote: >> On 19/07/2016 6:58 a.m., Christos Tsantilas wrote: >>> On 07/18/2016 08:32 PM, Alex Rousskov wrote: >>>> I can only repeat my earlier suggestions to hide that dan

Re: [squid-dev] [PATCH] Collapse internal revalidation requests (SMP-unaware caches)

On 07/20/2016 09:48 AM, Alex Rousskov wrote: > * Transients are needed for SMP caching to work. Correction for the first line, splitting it into two lines: - Caching is needed for collapsed forwarding to work. - Transients are needed for SMP collapsed forwarding to work. Adjusted summ

Re: [squid-dev] [PATCH] Collapse internal revalidation requests (SMP-unaware caches)

On 07/17/2016 08:05 AM, Eduard Bagdasaryan wrote: > +/// whether this storage is capable of serving multiple workers > +virtual bool smpAware() const = 0; The description is correct, but let's also document that smpAware()ness does not say anything about non-SMP support, in case somebody

Re: [squid-dev] [PATCH] Fetch missing certificates

On 07/15/2016 02:14 AM, Amos Jeffries wrote: > On 15/07/2016 3:07 a.m., Alex Rousskov wrote: >> On 07/14/2016 05:16 AM, Amos Jeffries wrote: >>> * since certsDownloads is apparently constrained to values up to >>> MaxCertsDownloads. Can we please use a small integer ty

[squid-dev] Broken trunk after r14735, r14726

Hello, There are two more recent changes that broke trunk: * After r14735 (Replaced TidyPointer with std::unique_ptr), Squid cannot start due to an "std::bad_function_call" exception. * After r14726 (GnuTLS: support for TLS session resume): Squid segfaults when attempting to connect to a

Re: [squid-dev] [PATCH] Fetch missing certificates

On 07/13/2016 10:48 AM, Christos Tsantilas wrote: > On 07/11/2016 10:13 PM, Alex Rousskov wrote: >> On 07/11/2016 10:18 AM, Christos Tsantilas wrote: >>> +SBuf object; >>> +Http::StatusCode status; >>> +}; >> >> If you can make

Re: [squid-dev] [PATCH] Fetch missing certificates

On 07/11/2016 10:18 AM, Christos Tsantilas wrote: > +/// The maximum allowed object size. > +static const size_t MaxObjectSize = 1*1024*1024; > +bool existingContent = reply ? reply->content_length : 0; > +bool exceedSize = (existingContent > -1 && (size_t)existingContent > >

Re: [squid-dev] HTTP meetup in Stockholm

On 07/10/2016 04:33 AM, Kinkie wrote: > at the end of the month I will attend the HTTP meetup in Stockholm. > Besides having a chance to see Henrik, I'd like to collect your feedback > and opinions on the topic that are likely to be touched. > > Currently there is rather hot discussion on the

Re: [squid-dev] [RFC] annotate_transaction ACL

On 07/12/2016 12:59 AM, Amos Jeffries wrote: > On 11/07/2016 5:27 p.m., Alex Rousskov wrote: >>>> * acl aclname annotate_client key value [fast] >> One [documented] problem is that !foo will still annotate, which is a >> little counter-intuitive, but I cannot think of

Re: [squid-dev] [RFC] reduce MISS on transients collision

On 07/17/2016 12:59 PM, Alex Rousskov wrote: > On 07/17/2016 05:01 AM, Amos Jeffries wrote: >> I've just been looking at the Store::Controller::find() implementation >> and it struck me that if the transients lookup has an error the object >> will fail to HIT on any e

Re: [squid-dev] Broken trunk after r14735, r14726

On 07/16/2016 06:56 AM, Amos Jeffries wrote: > On 16/07/2016 7:02 a.m., Alex Rousskov wrote: >> * After r14726 (GnuTLS: support for TLS session resume): Squid segfaults >> when attempting to connect to a Secure ICAP service. Official Squid >> v4.0.12 suffers from this bug

Re: [squid-dev] [PATCH] TidyPointer removal

On 06/28/2016 08:52 AM, Amos Jeffries wrote: > On 28/06/2016 7:36 a.m., Alex Rousskov wrote: >> On 06/27/2016 04:35 AM, Amos Jeffries wrote: >>> This splits TidyPointer and LockingPointer by removing the inheritence >>> and copying the needed TidyPointer c

Re: [squid-dev] Care and feeding of ConnStateData

On 07/06/2016 10:52 PM, Amos Jeffries wrote: > On 7/07/2016 10:24 a.m., Alex Rousskov wrote: >> Q1. What is ConnStateData (and related client_side.* code)? >> >> C1. ConnStateData is the code shared among all Servers (BB1). >> C2. ConnStateData ends where reques

Re: [squid-dev] Care and feeding of ConnStateData

On 07/07/2016 04:16 PM, Amos Jeffries wrote: > On 8/07/2016 7:22 a.m., Alex Rousskov wrote: >> On 07/06/2016 10:52 PM, Amos Jeffries wrote: >>> On 7/07/2016 10:24 a.m., Alex Rousskov wrote: >>>> Q4. What to do with the existing src/servers/Server.h? >>>>

[squid-dev] Care and feeding of ConnStateData

Hello, Several committed, pending, and upcoming trunk changes revolve around ConnStateData-related classes. Audit disagreements, unaudited commits, and blocked changes in that area make progress painfully slow. This email proposes answers to the following blocking questions: Q1. What is

Re: [squid-dev] [PATCH] TidyPointer removal

On 07/08/2016 04:11 AM, Amos Jeffries wrote: > On 8/07/2016 6:44 p.m., Amos Jeffries wrote: >> On 8/07/2016 11:24 a.m., Alex Rousskov wrote: >>> >>>> typedef void* SessionPtr; >>>> +CtoCpp1(xfree, SessionPtr); >>> >>> xfree()

Re: [squid-dev] [PATCH] TidyPointer removal

On 07/08/2016 12:44 AM, Amos Jeffries wrote: > On 8/07/2016 11:24 a.m., Alex Rousskov wrote: >> We may also want to hide the constructor behind two static methods for >> similar reasons -- whether X is properly destructed in the following >> example depends on createX() d

[squid-dev] [RFC] annotate_transaction ACL

Hello, I propose adding two new ACLs: annotate_transaction and annotate_client[_connection]. Their draft documentation and usage examples are provided at the end of the email. The motivation for adding these ACLs is a persistent stream of requests from admins that want to know whether Squid

Re: [squid-dev] Care and feeding of ConnStateData

On 07/08/2016 08:20 PM, Amos Jeffries wrote: > On 9/07/2016 6:19 a.m., Alex Rousskov wrote: >> On 07/07/2016 04:16 PM, Amos Jeffries wrote: >>> Whichever way we go what the ::Server needs is: >> ... Snipped to avoid discussing complex design issues irrelevant for

Re: [squid-dev] [PATCH] TidyPointer removal

On 07/09/2016 07:10 AM, Amos Jeffries wrote: > On 9/07/2016 11:18 a.m., Alex Rousskov wrote: >> On 07/08/2016 12:44 AM, Amos Jeffries wrote: >>> On 8/07/2016 11:24 a.m., Alex Rousskov wrote: >>>>> >>>>> +void resetWithoutLocking(T *t) {

Re: [squid-dev] [PATCH] TidyPointer removal

On 07/10/2016 02:02 AM, Amos Jeffries wrote: > On 10/07/2016 2:38 p.m., Alex Rousskov wrote: >> On 07/09/2016 07:10 AM, Amos Jeffries wrote: >>> On 9/07/2016 11:18 a.m., Alex Rousskov wrote: >>>> On 07/08/2016 12:44 AM, Amos Jeffries wrote: >>>>>

Re: [squid-dev] [RFC] annotate_transaction ACL

On 07/09/2016 05:47 PM, Amos Jeffries wrote: > On 10/07/2016 7:14 a.m., Alex Rousskov wrote: >> >> B. Add general ACL options to be able to force any existing ACL to add >> an annotation: >> >> acl myOldAcl dst --annotate foo=bar 127.0.0.1/32 >> &g

Re: [squid-dev] [PATCH Bug 4534 and N-bit fixes for CacheDigest

On 07/10/2016 04:08 AM, Amos Jeffries wrote: > we are going to have > to decide if it is reasonable to have extremely large Cache Digest masks > (several tens of GB or memory). IMO it is very reasonable if the admin wants/needs large Cache Digests. In some setups, occasionally transferring a few

Re: [squid-dev] [PATCH] TidyPointer removal

On 07/07/2016 01:40 PM, Amos Jeffries wrote: > On 4/07/2016 5:39 a.m., Alex Rousskov wrote: >>> +/// Reset raw pointer - delete last one and save new one. >>> +void reset(T *t) { >>> +deletePointer(); >>> +raw = t; >>> }

Re: [squid-dev] [PATCH] Fetch missing certificates

On 07/11/2016 10:18 AM, Christos Tsantilas wrote: > This patch includes a Downloader class which implemented as independent > AsyncJob class (in the initial patch was a ConnStateData kid). > > Currently runs an other related discussion under the mail thread "Care > and feeding of ConnStateData",

[squid-dev] [PREVIEW] Fixed reporting of NULL header characters

Hello, Our Level-1 "WARNING: HTTP header contains NULL characters" messages were broken as was the level-7 reporting of the headers being parsed. Level-2 reporting of "HTTP Server RESPONSE" headers (and probably raw data in other contexts) was and still is broken. These lying-debugging

Re: [squid-dev] [PATCH] GnuTLS session redo

On 08/03/2016 11:57 PM, Amos Jeffries wrote: > +Security::SetSessionResumeData(const Security::SessionPointer , const > Security::SessionStatePointer ) > +{ > +if (data) { > +#if USE_OPENSSL > +(void)SSL_set_session(s.get(), data.get()); > +#elif USE_GNUTLS > +

Re: [squid-dev] [PATCH] GnuTLS session redo

On 08/05/2016 02:13 PM, Amos Jeffries wrote: > On 6/08/2016 6:37 a.m., Alex Rousskov wrote: >> On 08/03/2016 11:57 PM, Amos Jeffries wrote: >>> +Security::SetSessionResumeData(const Security::SessionPointer , const >>> Security::SessionStatePointer

Re: [squid-dev] [PATCH] GnuTLS session redo

On 08/04/2016 03:40 AM, Amos Jeffries wrote: > On 4/08/2016 5:57 p.m., Amos Jeffries wrote: > I'm also wondering if it would be useful to add debugs() in the Get/Set > functions for debugging session resume usage. If we do not have that already, I think it would be very useful to add debugging

Re: [squid-dev] [PATCH] Broken trunk rev14778

On 08/08/2016 04:43 AM, Amos Jeffries wrote: > r14778: Move static member Last into change() method to avoid > initialization order > errors when a caller uses a global InstanceId object before the library > instantiating its template is initialized. Have you seen these Last errors?

Re: [squid-dev] [RFC] eCAP auto-enable

On 08/08/2016 08:06 AM, Amos Jeffries wrote: > IMO, eCAP has pretty much stabilized. We will need a new major eCAP version/release to accommodate backwards-incompatible C++11 builds as discussed at http://bugs.squid-cache.org/show_bug.cgi?id=4376#c19

Re: [squid-dev] [PATCH] Broken trunk rev14778

On 08/08/2016 01:19 PM, Amos Jeffries wrote: > On 9/08/2016 6:01 a.m., Alex Rousskov wrote: >> On 08/08/2016 04:43 AM, Amos Jeffries wrote: >> >>> r14778: Move static member Last into change() method to avoid >>> initialization order >>> errors whe

Re: [squid-dev] [PATCH] Ipc::MemMap::ttl removal

On 08/08/2016 08:12 AM, Amos Jeffries wrote: > Coverity Scan latest checks are reporting that the ttl member of > Ipc::MemMap is being left uninitialized. > > It sounds like something which would lead to major bugs. Except that it > turns out, AFAICS, that this ttl member is never actually being

Re: [squid-dev] [PATCH] Deletors for std::unique_ptr WAS: Re: Broken trunk after r14735

On 07/29/2016 09:27 AM, Amos Jeffries wrote: >>> typedef std::unique_ptr> BIO_Pointer; > I got this config parsing crash replicated here and tried a dozen or so > combinations. It does seem to keep coming back to my earlier approach of > using per-type

Re: [squid-dev] [PATCH] Make Squid death due to overloaded helpers optional

On 08/09/2016 05:38 AM, Eduard Bagdasaryan wrote: > On 08/08/2016 02:17 PM, Amos Jeffries wrote: >> * helper::SubmissionFailure is also changing what was previously > Helper::Unknown result codes to Helper::Error. > - Helper::Error is one of the helper output codes, it means success. > Obviousy

Re: [squid-dev] [PATCH] TidyPointer removal

On 06/29/2016 05:45 AM, Amos Jeffries wrote: > On 29/06/2016 1:03 p.m., Alex Rousskov wrote: >> To make progress, I will rephrase the question: What unique_ptr >> properties prevent you from using it for LockingPointer::raw? > The ability to copy-assign Aha, this does

Re: [squid-dev] [PATCH] TidyPointer removal

On 06/29/2016 05:45 AM, Amos Jeffries wrote: > /** > + * A pointer that deletes the object it points to when the pointer's owner or > + * context is gone. [...] > */ ... > +explicit LockingPointer(const SelfType ) : raw(nullptr) { > resetAndLock(o.get()); } Something went wrong here: If

Re: [squid-dev] [PATCH] Case-insensitive URI schemes

On 02/02/2017 05:53 AM, Eduard Bagdasaryan wrote: > I applied your polishing suggestions to my latest patch > re-attached it. > +std::vector AnyP::UriScheme::LowercaseSchemeNames; > +static std::vector LowercaseSchemeNames; We should avoid this code duplication: typedef std::vector

Re: [squid-dev] [PATCH] convert Delay Pools classes to use MEMPROXY_CLASS

On 01/22/2017 02:23 PM, Amos Jeffries wrote: > On 22/01/2017 4:51 p.m., Alex Rousskov wrote: >> On 01/21/2017 06:42 PM, Amos Jeffries wrote: >>> -long DelayPools::MemoryUsed = 0; >> The total provided by this global was probably quite handy/useful. If we >&g

Re: [squid-dev] [PATCH] initial GnuTLS support for encrypted server connections

On 01/19/2017 12:11 PM, Alex Rousskov wrote: > On 01/19/2017 12:16 AM, Amos Jeffries wrote: >> Well, there is no such thing as a "SSL connection" - it is security >> added onto some *other* Transport Protocol's layer. > There is. The "security added onto some o

Re: [squid-dev] [PATCH] initial GnuTLS support for encrypted server connections

On 02/01/2017 01:42 PM, Christos Tsantilas wrote: > must take in account that some openSSL calls > returns locket objects, and some other unlocked objects. Does the patch start using shared pointers for any objects in the second, "returned unlocked" category? AFAICT, only the SSL connection

Re: [squid-dev] [PATCH] Bug 4662 adding --with-libressl build option

On 01/31/2017 08:20 AM, Amos Jeffries wrote: > On 31/01/2017 7:04 a.m., Alex Rousskov wrote: >> On 01/29/2017 04:26 AM, Amos Jeffries wrote: >>> This is I think all we need to do code-wise to resolve the Bug 4662 >>> issues with LibreSSL being incompatible with Open

Re: [squid-dev] [PATCH] Bug 4662 adding --with-libressl build option

On 02/01/2017 05:00 AM, Eliezer Croitoru wrote: > I do believe that for the latest hardware with beefy CPU, code > repetition in C++ might not be much of a regression but not everybody > can replace their systems hardware every year. (If my assumption > about code repetition affecting older

Re: [squid-dev] [PATCH] initial GnuTLS support for encrypted server connections

On 02/04/2017 12:31 PM, Amos Jeffries wrote: > On 3/02/2017 4:05 a.m., Alex Rousskov wrote: >> On 02/01/2017 11:51 PM, Amos Jeffries wrote: >> >>> Can we agree on this being a fundamental design in Squid: >>> >>> * all connections have an associated soc

Re: [squid-dev] [PATCH] initial GnuTLS support for encrypted server connections

On 02/01/2017 11:51 PM, Amos Jeffries wrote: > Can we agree on this being a fundamental design in Squid: > > * all connections have an associated socket ID. That assumption would be too limiting (and, AFAICT, unnecessary). For example, SSL connections inside SSL connections (HTTPS proxy) do

Re: [squid-dev] [PATCH] Bug 4662 adding --with-libressl build option

On 02/01/2017 08:20 AM, Marcus Kool wrote: >> Do you think we can compromise and call it USE_OPENSSL_OR_LIBRESSL ? > or call it USE_OPENSSL_API > > and then the code will eventually have none or few occurrences of > USE_OPENSSL and USE_LIBRESSL to deal with OpenSSL and LibreSSL specifics. Yes,

Re: [squid-dev] [PATCH] Bug 4662 adding --with-libressl build option

Executive summary: * Still no agreement on whether or how to rename the primary SSL guard. * Possibly an agreement to continue using a single primary SSL guard?? * Clarification that --with-libressl itself is a relatively minor issue. * A firm veto on adding support for the 3rd SSL API. Whether

[squid-dev] QA Pilots

Hello, The Squid Software Foundation plans to hire a part-time remote QA engineer to help us address systemic quality problems with Squid releases and development snapshots. This position will be funded by your donations to the Foundation. Thank you! Before a regular QA Engineer position is

Re: [squid-dev] [PATCH] Drop deprecated MSIE Cache-Control pre-check/post-check

On 01/26/2017 02:08 AM, Amos Jeffries wrote: > These two options have been a bit of annoyance for a long time. > Primarily because they are custom controls and almost all uses of them > is the garbage '0' values that even MSIE ignores completely. Validating > correctness would add processing which

Re: [squid-dev] Porting Squid Debug Log Functionality

On 01/27/2017 08:05 AM, Christopher Nighswonger wrote: > How difficult would it be to abstract Squid's debug log code and port it > to another application? It would be relatively easy, but you should not do that IMO because 1. Truly abstracting debugging functionality is actually pretty

Re: [squid-dev] [PATCH] annotate_transaction ACL

On 01/27/2017 10:39 AM, Christos Tsantilas wrote: > Which is the status of this patch? Based on squid-dev archives, this patch has been posted 27 days ago and received no reviews, comments, or votes (but you already know that). > Can be applied to squid-5? Yes it can be. MergeProcedure says

Re: [squid-dev] [PATCH] Case-insensitive URI schemes

On 01/29/2017 07:10 AM, Amos Jeffries wrote: > I'm thinking the quick-and-dirty way is to just lowercase the 'proto' > variable in url.cc urlParse() function. Doing that in the for-loop where > it is copied from 'src' would be easiest. > - it breaks the case preservation on unknown schemes a

Re: [squid-dev] [PATCH] Bug 4662 adding --with-libressl build option

On 01/29/2017 04:26 AM, Amos Jeffries wrote: > This is I think all we need to do code-wise to resolve the Bug 4662 > issues with LibreSSL being incompatible with OpenSSL 1.1. > > The libraries cannot both be linked either way. If both --with-* options > are provided LibreSSL currently overrides

Re: [squid-dev] [PATCH] SSLv2 records force SslBump bumping despite a matching step2 peek rule.

On 01/16/2017 04:38 AM, Christos Tsantilas wrote: > On 13/01/2017 07:04 μμ, Alex Rousskov wrote: >> The dependency here is that clientHelloMessage comes from our parser. We >> can substitute OpenSSL-generated ClientHello with client-sent >> ClientHello because/if we successfu

Re: [squid-dev] [PATCH] convert Delay Pools classes to use MEMPROXY_CLASS

On 01/21/2017 06:42 PM, Amos Jeffries wrote: > This patch converts all the delay pools classes which were providing the > new/delete operators to using MEMPROXY_CLASS instead. So each class in > separately accounted for and we get a better view of allocation stats > and behaviours from the

Re: [squid-dev] [PATCH] SSLv2 records force SslBump bumping despite a matching step2 peek rule.

On 01/25/2017 12:12 PM, Christos Tsantilas wrote: >> On 25/01/2017 08:24 μμ, Alex Rousskov wrote: >> * A client-sent ClientHello is required for peeking. The calling code >> must ensure that we never get here without it. Throw if our calling code >> is buggy. > This is

Re: [squid-dev] How Squid parse the configuration file?

evious email shows how to find the maximum_object_size_in_memory parsing function (called parse_b_size_t). Examining that function will lead you to parseBytesLine() and the functions/methods it calls, including syntax checking code. HTH, Alex. > 2017-02-22 0:52 GMT+08:00 Alex Rousskov: >

Re: [squid-dev] [PATCH] Compilation error after r15057

On 02/21/2017 02:33 AM, Eduard Bagdasaryan wrote: > There are also 'make check' problems reported by clang, > fix attached. Committed to v5 (r15063) after removing unused BandwidthBucket::reduceBucket() parameter name. Alex. > On 21.02.2017 01:24, Alex Rousskov wrote: >> On 02/2

Re: [squid-dev] Dereferencing null headClone

On 02/16/2017 06:13 PM, Amos Jeffries wrote: > On 17/02/2017 6:53 a.m., Alex Rousskov wrote: >> On 02/16/2017 10:34 AM, scan-ad...@coverity.com wrote: >> >>> 1607 Must(headClone != NULL); >>>>>> CID 1400650: Null pointer dereferences (FOR

Re: [squid-dev] [PATCH] Compilation error after r15057

On 02/20/2017 07:58 AM, Eduard Bagdasaryan wrote: > Attaching compilation fix for r15057. Committed to v5 (r15061). > src/client_db.cc:443:21: error: 'reinterpret_cast' to class 'ClientInfo *' > from its base at non-zero offset 'hash_link *' behaves differently from > 'static_cast'

Re: [squid-dev] [PATCH] Compilation error after r15057

On 02/20/2017 02:37 PM, Eduard Bagdasaryan wrote: > That applied fix missed one case, attaching patch for it. Committed to v5 (r15062). Alex. > On 20.02.2017 21:06, Alex Rousskov wrote: >>> Attaching compilation fix for r15057. >> Co

Re: [squid-dev] [PATCH] Response delay pools

On 01/22/2017 12:52 PM, Amos Jeffries wrote: > - a config line should have roughly this generic structure: >1) directive (first label, which determines the syntax) >2) parameters (mandatory values, fixed positions for each one) >3) options (values that may be absent, using key[=value]

Re: [squid-dev] [PATCH] Response delay pools

On 02/16/2017 04:35 AM, Amos Jeffries wrote: > Strictly speaking anything on the line - including the directive name is > a parameter. To minimize bickering, I will do my best to just focus on [what I perceive as] important disagreements and ignore everything else, including [what I perceive as]

Re: [squid-dev] How Squid parse the configuration file?

On 02/21/2017 01:15 AM, 周书林 wrote: > I found the src/cf.data.pre file, and read the content. But I still want > to know how squid use this file to build the connection between the > config file and the source code. As you already know, the parser is generated. The generated code either places

Re: [squid-dev] [PATCH] Native FTP relay for active FTP

On 02/14/2017 10:38 AM, Alex wrote: >>> + if (clientConnection->flags & COMM_TRANSPARENT) { >>> + conn->setAddrs(clientConnection->local, cltAddr); >>> + conn->flags |= COMM_TRANSPARENT; >>> + } else { >>> + // In case of NAT interception ... >> Are there really just two cases here (tproxy

Re: [squid-dev] [PATCH] Response delay pools

On 01/30/2017 04:43 PM, Eduard Bagdasaryan wrote: > Thanks for the detailed review. I tried to address all other remarks, > renamed parameters according to the suggested terminology, > merged with latest v5 r15027 and re-attached the patch. Amos, did Eduard address your concerns? Any other

Re: [squid-dev] [PATCH] VIA creation code duplication

On 02/10/2017 04:17 PM, Amos Jeffries wrote: > This patch is "polishing a turd" as the saying goes and a bit premature. > There are some obvious and easy to fix bugs that should be attended > first, then polishing afterwards. I agree that there are many problems related to Via adding code and

Re: [squid-dev] [PATCH] VIA creation code duplication

On 02/09/2017 10:19 AM, Amos Jeffries wrote: > On 3/02/2017 4:02 a.m., Eduard Bagdasaryan wrote: >> This patch fixes VIA appending code duplication, moving common >> code into a separate method. > Since Via is a list header we should be able to just append a new Via > header to the header list

Re: [squid-dev] [PATCH] Native FTP relay for active FTP

On 02/14/2017 03:44 AM, Alex wrote: > The attached patch allows FTP relay to work in NAT interception mode > and also fixes IP address binding in TPROXY mode. Thank you for working on this bug. NAT/TPROXY address manipulation is not my area of expertise, but I have one higher level concern and a

Re: [squid-dev] [PATCH] Native FTP relay for active FTP

On 02/14/2017 12:25 PM, Alex wrote: > It seems that the patch doesn't make things worse (if I understood you > correctly). AFAICT, you are not testing the use case that prompted [trunk] revision 12742.1.41 changes. There are three possibilities: 1. r12742.1.41 changes were bogus/useless. 2.

Re: [squid-dev] [PATCH] Native FTP relay for active FTP

On 02/14/2017 02:39 PM, Alex wrote: > Should be a bit better now. Thank you for covering all three cases and overcoming your conviction that one of them does not exist and that r12742.1.41 is bogus/useless. The IPv4 part still looks bad to me, but I do not think that _you_ have to be responsible

Re: [squid-dev] Dereferencing null headClone

On 02/16/2017 10:34 AM, scan-ad...@coverity.com wrote: > 1607 Must(headClone != NULL); CID 1400650: Null pointer dereferences (FORWARD_NULL) Passing null pointer "headClone" to "inheritProperties", which dereferences it. > 1608

Re: [squid-dev] [PATCH] Native FTP relay for active FTP

On 02/16/2017 02:48 AM, Amos Jeffries wrote: > +1. The latest patch looks like correct code to me. If you are happy > with it too Alex please apply. Please consider using the above text in > the new if-else comments. I am still OK with this patch going in, but you should be the one committing it

Re: [squid-dev] [PATCH] initial GnuTLS support for encrypted server connections

On 01/19/2017 12:16 AM, Amos Jeffries wrote: > On 15/01/2017 8:09 p.m., Alex Rousskov wrote: >> I am trying to understand how a standard std::shared_ptr can co-exist >> with OpenSSL locking. > whenever the shared_ptr has a non-nil value the library lock count is >= 1.

Re: [squid-dev] [PATCH] Digest Auth support for LDAP HA1 attribute without realm

On 01/20/2017 06:05 AM, FUSTE Emmanuel wrote: > We have to support many historic digest auth implementation for which > the realm is not included in the digest password attribute: > The password is effectively stored as "HA1" instead of "REALM:HA1". > I would like to kill our own homegrown

Re: [squid-dev] Valid document was not found in the cache and only-if-cached directive was specified. what does it mean?

On 02/28/2017 06:10 PM, Eliezer Croitoru wrote: > I am receiving this error page when a cache_peer is defined as a sibling on > each of the 2 proxies: > The requested URL could not be retrieved > Valid document was not found in the cache and only-if-cached directive was > specified. > When I am

Re: [squid-dev] Coding standards

On 08/23/2016 05:48 AM, Adam Majer wrote: > What are the coding standards for Squid? Just to add to Kinkie's correct response: We do not have a comprehensive standard, unfortunately, but you can find a few requirements at http://wiki.squid-cache.org/SquidCodingGuidelines (which should be

Re: [squid-dev] [PATCH] Revalidate without Last-Modified

On 08/23/2016 09:17 AM, Amos Jeffries wrote: > On 24/08/2016 12:07 a.m., Eduard Bagdasaryan wrote: >> 2016-08-21 15:58 GMT+03:00 Amos Jeffries : >>> To change anything between those markers we have to do a full cache >>> versioning and up/down-grade compatibility dance. >>

Re: [squid-dev] [PATCH] Incorrect processing of long URIs

On 08/23/2016 08:08 AM, Amos Jeffries wrote: > A followup patch can be done to give skipDelimiter a 'const char* which' > parameter that takes a description/name for the delimiter to improve > that debug output. > > so: > skipDelimiter(blah, "method") > > produces: > invalid request-line:

Re: [squid-dev] [PATCH] Incorrect processing of long URIs

On 08/22/2016 04:24 PM, Eduard Bagdasaryan wrote: > -// Limit to 32 characters to prevent overly long sequences of non-HTTP > -// being sucked in before mismatch is detected. 32 is itself annoyingly > -// big but there are methods registered by IANA that reach 17 bytes: > -//

Re: [squid-dev] [PATCH] Reject or sanitize more problematic Content-Length values

On 09/02/2016 09:05 AM, Amos Jeffries wrote: > On 2/09/2016 11:21 a.m., Alex Rousskov wrote: >> This change handles multiple Content-Length values inside >> one header field, negative values, and trailing garbage. Handling the >> former required a change in the o

Re: [squid-dev] [PATCH] Reject or sanitize more problematic Content-Length values

On 09/02/2016 09:11 PM, Amos Jeffries wrote: > I would realy like it to be under Http:: and in http/ the rest is okay > to skip. Sounds good. I have no problems with moving that code into http/ and Http::. It is certainly appropriate, especially if you expect HTTP/2 code to benefit from this

Re: [squid-dev] Sad performance trend

On 09/06/2016 08:27 AM, Amos Jeffries wrote: > On 27/08/2016 12:32 p.m., Alex Rousskov wrote: >> W1 W2 W3 W4 W5 W6 >> v3.1 32% 38% 16% 48% 16+ 9% >> v3.3 23% 31% 14% 42% 15% 8% >> v3.5 11% 16% 12% 36% 7% 6% >> v4.0 11% 15% 9% 30% 14%

Re: [squid-dev] [PATCH] Reject or sanitize more problematic Content-Length values

On 09/05/2016 09:31 PM, Amos Jeffries wrote: > On 6/09/2016 8:52 a.m., Amos Jeffries wrote: >> On 3/09/2016 5:48 p.m., Alex Rousskov wrote: >>> On 09/02/2016 09:11 PM, Amos Jeffries wrote: >>> >>>> I would realy like it to be under Http:: and in http/ the re

[squid-dev] [PATCH] Reject or sanitize more problematic Content-Length values

Hello, Squid is violating HTTP MUSTs by forwarding messages with problematic Content-Length values. Some of those bugs were fixed in trunk r14215. This change handles multiple Content-Length values inside one header field, negative values, and trailing garbage. Handling the former required a

Re: [squid-dev] [PATCH] Revalidate without Last-Modified

On 08/30/2016 04:35 AM, Eduard Bagdasaryan wrote: > 2016-08-28 1:12 GMT+03:00 Alex Rousskov <rouss...@measurement-factory.com>: >> Not all HTCP clients are Squids, but how does Squid code treat such an >> HTCP TST response? > It seems that Squid does not care whether HT

Re: [squid-dev] New Defects reported by Coverity Scan for Squid after IndependentRunner

On 09/09/2016 07:34 AM, Christos Tsantilas wrote: > On 09/09/2016 02:21 PM, Amos Jeffries wrote: >> These issues are caused by the new RegisterRunner() design using >> GetRidOfRunner(rr) if shutdown has already begun. That can potentially >> result in the constructor of a class inheriting from

Re: [squid-dev] Squid-4 release checklist

On 09/13/2016 12:02 AM, Amos Jeffries wrote: > On 13/09/2016 6:22 a.m., Alex Rousskov wrote: >> On 09/12/2016 09:54 AM, Amos Jeffries wrote: >> >>> * <http://bugs.squid-cache.org/show_bug.cgi?id=4514> >>> Windows Update works via interception ptoxy on 3

Re: [squid-dev] [PATCH] Incorrect logging of request size

On 09/12/2016 10:06 PM, Amos Jeffries wrote: > Just the new cf.data.pre docs for icap_log contradicting itself: > > " > http::>h... > HTTP response headers in RESPMOD) ... > currently does not support logging of HTTP response headers in > RESPMOD ... > " > > I think that should

Re: [squid-dev] [PATCH] Incorrect logging of request size

On 09/13/2016 10:02 AM, Amos Jeffries wrote: > On 14/09/2016 2:52 a.m., Alex Rousskov wrote: >>> http::>h >>> To-be-adapted HTTP message headers sent by Squid to >>> the ICAP service (HTTP request headers in REQMOD; HTTP >>> response headers in RESPMOD).

[squid-dev] [RFC] dns_wait_for_all

Hello, Currently, when connecting to an origin server, Squid sends concurrent DNS A and queries and waits for both answers before proceeding with the HTTP transaction. If the authoritative DNS server (or something on its path) breaks or significantly delays IPv6 () transactions, then

Re: [squid-dev] New Defects reported by Coverity Scan for Squid after IndependentRunner

On 09/10/2016 06:54 AM, Amos Jeffries wrote: > On 10/09/2016 7:26 a.m., Alex Rousskov wrote: >> On 09/09/2016 11:21 AM, Christos Tsantilas wrote: >>> On 09/09/2016 07:00 PM, Alex Rousskov wrote: >>>> On 09/09/2016 07:34 AM, Christos Tsantilas wrote: >>>&

Re: [squid-dev] Sad performance trend

On 09/12/2016 09:38 AM, Amos Jeffries wrote: > On 7/09/2016 5:43 a.m., Alex Rousskov wrote: >> On 09/06/2016 08:27 AM, Amos Jeffries wrote: >>> On 27/08/2016 12:32 p.m., Alex Rousskov wrote: >>>> W1 W2 W3 W4 W5 W6 >>>> v3.1 32% 38% 16% 48%

Re: [squid-dev] Squid-4 release checklist

On 09/12/2016 09:54 AM, Amos Jeffries wrote: > * > Windows Update works via interception ptoxy on 3.5.17, and no works > via transparent proxy on Squid 4.x. > > - FWIW; others have been mentioning various issues with various Squid > versions

Re: [squid-dev] [RFC] dns_wait_for_all

On 09/15/2016 03:50 AM, Amos Jeffries wrote: > On 15/09/2016 5:11 p.m., Alex Rousskov wrote: >> On 09/14/2016 07:26 PM, Amos Jeffries wrote: >>> On 15/09/2016 8:15 a.m., Alex Rousskov wrote: >>>> Any better ideas or objections to adding dns_wait_for_all? >>

Re: [squid-dev] Sad performance trend

On 09/12/2016 07:25 AM, Kinkie wrote: > > On 27/08/2016 12:32 p.m., Alex Rousskov wrote: > >> W1 W2 W3 W4 W5 W6 > >> v3.1 32% 38% 16% 48% 16+ 9% > >> v3.3 23% 31% 14% 42% 15% 8% > >> v3.5 11% 16% 12% 36% 7%

Re: [squid-dev] [PATCH] OSX transparent-proxy using pfctl

On 09/26/2016 12:59 PM, Shively, Gregory wrote: > The patch calls /sbin/pfctl to get the > redirect state information For every intercepted connection, this patch forks Squid to start a shell (which then starts pfctl and awk) and then blocks Squid on that shell output, right? That feels very

[squid-dev] [RFC] Support concurrent SBuf::c_str() calls

Hello, The current trunk code contains at least two serious bugs caused by SBuf::c_str() misuse. Both known bugs looks similar: > storeCreateEntry(storeUri.c_str(), storeUri.c_str(), ...); and > storeCreateEntry(uri.c_str(), uri.c_str(), ...); Both use cases violate safe c_str() use

<    1   2   3   4   5   6   7   8   >