Re: [squid-dev] [PATCH] adaptation_rep_header ACL

On 18/05/2016 2:24 a.m., Steve Hill wrote: > > This patch adds an adaptation_rep_header ACL type. This works in the > same way as the existing rep_header ACL, except rather than matching > HTTP response headers, it matches ICAP response headers. This allows > ICAP servers to pass data in the

Re: [squid-dev] [PATCH] External ACL %>eui

On 18/05/2016 2:19 a.m., Steve Hill wrote: > > Squid supports %>eui as a logformat specifier, which produces an EUI-48 > for IPv4 clients and an EUI-64 for IPv6 clients. However, This is not > allowed as a format specifier for the external ACLs, and you have to use > %SRCEUI48 and %SRCEUI64

Re: [squid-dev] [PATCH] Fast SNI peek

On 17/05/2016 6:52 a.m., Alex Rousskov wrote: > On 05/15/2016 07:49 AM, Amos Jeffries wrote: > >> in src/parser/BinaryTokenizer.cc: >> >> >> * delegating constructors is a C++11 feature that will definitely fail >> on GCC 4.8. > > > When I wrote and

Re: [squid-dev] [PATCH] Fast SNI peek

On 14/05/2016 5:07 a.m., Christos Tsantilas wrote: > Currently, bumping peek mode at step2 and splice at step2, after the SNI > is received is very slow. > > The most of the performance overhead comes from openSSL. However Squid > does not need openSSL to peek at SNI. It needs only to get client

Re: [squid-dev] [PATCH] Fix maybeMakeSpaceAvailable() logic

On 14/05/2016 9:00 a.m., Alex Rousskov wrote: > Hello, > > This change fixes logic bugs that mostly affect performance: In > micro-tests, this change gives 10% performance improvement for > intercepted "fast peek at SNI and splice" SslBump configurations. > Similar improvement is expected for

Re: [squid-dev] [PATCH] mime unfolding

Attached patch implements three slightly differing parsers for mime unfold. Their property differences are described in the documentation for the unfoldMime() member. On 13/05/2016 3:16 a.m., Alex Rousskov wrote: > On 05/12/2016 05:55 AM, Amos Jeffries wrote: >> On 12/05/2016 5:34 a

Re: [squid-dev] [PATCH] mime unfolding

On 12/05/2016 5:34 a.m., Alex Rousskov wrote: > On 05/11/2016 05:32 AM, Amos Jeffries wrote: > >> +if (mimeHeaderBlock_.length() < 2) { >> +if (mimeHeaderBlock_[0] == '\n') >> +mimeHeaderBlock_ = Http1::CrLf(); >> +else >> +

[squid-dev] [PATCH] mime unfolding

[taking this out of squid-bugs now that we are no longer focusing on the security changes.] To summarize for those not in the loop already. Squid does not yet do obs-fold removal as required by RFC 7230. There are three options that are compliant: 1) reject requests containing obs-fold with a

Re: [squid-dev] Handshake Error: ccs received early (part2)

On 3/05/2016 9:32 p.m., Christos Tsantilas wrote: > Squid currently does not handle SSL server responses that start with an > SSL Alert Record. Squid fails to parse the Server Hello message and also > fails to detect and handle resuming sessions. > > This is a patch only for squid-3.5. > For the

Re: [squid-dev] [PATCH] Don't force -b 2048 into sslcrtd_program arguments

On 29/04/2016 4:21 p.m., Amos Jeffries wrote: > On 29/04/2016 4:03 p.m., Nathan Hoad wrote: >> Hello, >> >> Attached is a patch that moves the filesystem block size retrieval for the >> default certificate generation helper out of Ssl::Helper::Init() and into >

Re: [squid-dev] [PATCH] Accumulate less

On 28/04/2016 5:14 a.m., Alex Rousskov wrote: > Hello, > > The attached patch changes Squid to accumulate fewer unknown-size > responses to avoid overwhelming disks. > Yay. Thanks very much for this. +1. I just have some polish to consider doing on merge. in src/MemStore.cc: * extraneous

Re: [squid-dev] [PATCH] helpers queue update

On 24/04/2016 4:26 a.m., Alex Rousskov wrote: > On 04/23/2016 06:30 AM, Amos Jeffries wrote: >> This is a hopefully minor update to the helper lookup queueing. >> >> It removes the only use of MEM_DLINK_NODE for custom link-list >> implementation and replaces it all wi

[squid-dev] [PATCH] helpers queue update

This is a hopefully minor update to the helper lookup queueing. It removes the only use of MEM_DLINK_NODE for custom link-list implementation and replaces it all with a std::queue. Also, de-duplicates the *Dequeue() functions by merging them into helper class as a single nextRequest() getter

Re: [squid-dev] [PATCH] Remove SquidList / link_list

On 15/04/2016 12:31 a.m., Amos Jeffries wrote: > This patch replaces the remaining use of Squid custom link_list type > with STL std::queue or std::list templates. Removing the now unneeded > custom type completely. > > It builds on the previous libmem old_api cleanup pa

Re: [squid-dev] [PATCH] PeerConnector shuffling to libsecurity

On 15/04/2016 5:27 a.m., Alex Rousskov wrote: > On 04/14/2016 06:23 AM, Amos Jeffries wrote: >> This patch shuffles the Ssl::PeerConnector to Security::TlsPeerEncryptor >> and Ssl::BlindPeerConnector to Security::BlindTlsPeerEncryptor. > > I have already given up on fightin

Re: [squid-dev] [PATCH] libmem API cleanup pt2

On 21/04/2016 1:19 a.m., Kinkie wrote: > Looks reasonable to me, except that new class names do not comply with > naming conventions > Applied as trunk rev.14651 with the above modification to class naming. Amos ___ squid-dev mailing list

Re: [squid-dev] [PATCH] libmem API cleanup pt2

On 12/04/2016 11:31 p.m., Amos Jeffries wrote: > This is the first of the followup patches I promised when applying the > un-polished bug 4438 patch to 4.0.8. > > > Convert all the objects using the libmem "old API" for as-needed pools > to using the MEMPROXY_CLASS()

Re: [squid-dev] [PATCH] Add chained certificates and signing certificate to bumpAndSpliced connections

On 19/04/2016 9:16 p.m., Christos Tsantilas wrote: > Hi Amos, > I am seeing that there are requests for this patch to be on squid-3.5. > The patch should be safe for squid-3.5 too if you believe that it should > applied. > > The patch from trunk should apply to squid-3.5, but I am attach a patch

Re: [squid-dev] [PATCH] Http::Stream ID numbering

On 4/02/2016 4:40 a.m., Alex Rousskov wrote: > On 02/03/2016 04:29 AM, Amos Jeffries wrote: > >>>>> Pipeline class is updated to use the ID number to manage its contents >>>>> rather than Pointer value matching. It is also updated to drop the >>>>&

[squid-dev] [PATCH] Remove SquidList / link_list

This patch replaces the remaining use of Squid custom link_list type with STL std::queue or std::list templates. Removing the now unneeded custom type completely. It builds on the previous libmem old_api cleanup patch and has yet to be run tested, though the unit tests we have for the types all

[squid-dev] [PATCH] PeerConnector shuffling to libsecurity

I have used the term Encryptor rather than Connector because these Job classes require an pre-opened connection over some other transport and just initiate encryption for it (be it raw TCP, PROXY, HTTP CONNECT or other). Not starting from a closed connection. This patch shuffles the

Re: [squid-dev] [PATCH] Increase request buffer size to 64kb

Alex, have you had time to review this updated patch? For my part I am wondering if the class StoreIOBuffer needs to have move constructor/assignment added now that getClientStreamBuffer() is returning a temporary variable by-value. I suspect it would be beneficial to ensure it does, even if the

[squid-dev] [PATCH] libmem API cleanup pt2

This is the first of the followup patches I promised when applying the un-polished bug 4438 patch to 4.0.8. Convert all the objects using the libmem "old API" for as-needed pools to using the MEMPROXY_CLASS() API which is better designed for late initialization. The GetPool(type) function is

Re: [squid-dev] [PATCH] Remove ServerOptions "partial copy" copy constructor

On 8/04/2016 2:57 a.m., Alex Rousskov wrote: > On 04/07/2016 03:22 AM, Amos Jeffries wrote: >> On 7/04/2016 6:10 p.m., Alex Rousskov wrote: >>> The attached patch removes broken and, AFAICT, unused "partial copy" >>> ServerOptions copy constructor. > &

Re: [squid-dev] [PATCH] Replace new/delete operators using modern C++ rules

On 7/04/2016 7:05 p.m., Alex Rousskov wrote: > Hello, > > This change was motivated by "Mismatched free()/delete/delete[]" > errors reported by valgrind and mused about in Squid source code. > > I speculate that the old new/delete replacement code was the result of > slow accumulation of

Re: [squid-dev] [PATCH] Do not hide important/critical messages

On 29/03/2016 12:44 p.m., Alex Rousskov wrote: > Hello, > > While working on Squid bug 4465 (Header forgery detection leads to > crash), I noticed that Squid may hide important/critical debugs() > messages from the admin if those messages are assembled using code that > also uses debugs().

Re: [squid-dev] [PATCH] New error page token for unescaped external ACL output

On 6/04/2016 11:32 a.m., Nathan Hoad wrote: > Hello, > > Attached is a patch that allows using unquoted external ACL output in > error pages. This is useful for external ACLs that return HTML and > thus shouldn't be escaped. > Applied as trunk rev.14635. Amos

Re: [squid-dev] [PATCH] Avoid startup/shutdown crashes

On 7/04/2016 6:04 p.m., Alex Rousskov wrote: > Hello, > > We spent the last few days chasing down trunk startup crashes. > Backtraces pointed to the OpenSSL context management bugs, but the > actual problem was related to the global destruction disorder in the > SBuf statistics code. The

Re: [squid-dev] [PATCH] Remove ServerOptions "partial copy" copy constructor

On 7/04/2016 6:10 p.m., Alex Rousskov wrote: > Hello, > > The attached patch removes broken and, AFAICT, unused "partial copy" > ServerOptions copy constructor. > > I am not intimate with the affected code, so more work may be needed > around this change: If the partial copy constructor was

Re: [squid-dev] [PATCH] Increase request buffer size to 64kb

On 1/04/2016 6:22 p.m., Nathan Hoad wrote: > I've attached two patches - they're functionally identical, one uses > SBuf and the other using MemBuf. The patch achieves the following: > > - Moves all of Http::Stream's uses of StoreIOBuffer objects into a > method, as done previously. > - Adjusts

Re: [squid-dev] [PATCH] SBuf conversion of vary_headers

On 21/03/2016 8:47 p.m., Amos Jeffries wrote: > This is the major part of the planned long-term fix for the Vary header > issues with String that have been bugging us recently. > > It converts the makeVaryMark() function to generate its output in an > SBuf instead of String, and

Re: [squid-dev] [PATCH] Add reply_header_add

On 29/03/2016 11:02 a.m., Nathan Hoad wrote: > Hello, > > Attached is a patch with the changes recommended by Amos. > Applied to trunk as rev.14620. Amos ___ squid-dev mailing list squid-dev@lists.squid-cache.org

Re: [squid-dev] [PATCH] Increase request buffer size to 64kb

ree to suggest somewhere else this is done and I can > try to learn from that). I can't definitively say that increasing this > constant has no impact on smaller objects, however using Apache bench > indicated no impact in performance, maintaining ~6k requests a second > pre- and post-p

Re: [squid-dev] [PATCH][pinger][linux] drop capabilities

On 22/02/2016 3:11 a.m., Yuriy M. Kaminskiy wrote: > On linux, it is possible to install pinger helper with only CAP_NET_RAW > raised instead of full setuid-root: > > (setcap cap_net_raw+ep /path/to/pinger && chmod u-s /path/to/pinger) || : > > However, pinger only drops setuid/setgid, and

[squid-dev] [PATCH] BUg 4466: removal of -k kill command

The Squid "-k kill" command line option is equivalent to "kill -9" on whatever process has its PID in the .pid file. Since Squid gained multi-process SMP support it has been declining in usefulness, and with recent changes to make thee master process be the one operating the .pid file this

Re: [squid-dev] [PATCH] Bug 4438 - string pool refactoring

On 26/03/2016 3:28 a.m., Alex Rousskov wrote: > On 03/25/2016 07:08 AM, Amos Jeffries wrote: >> This was audited off-list, and a slightly more polished version applied >> to trunk as rev.14604 > > I have not seen the off-list audit, but the committed version is

Re: [squid-dev] [PATCH][pinger] fix select(2) to actually use max_fd

On 22/02/2016 3:22 a.m., Yuriy M. Kaminskiy wrote: > In pinger, select() uses 10 instead of max_fd+1 (as squid seems closes > everything-but-stdin/out/err, it should mostly work in practice, but still > dirty and fragile). > Trivial patch attached. > Applied as trunk rev.14610 Amos

Re: [squid-dev] [PATCH] Bug 4438 - string pool refactoring

This was audited off-list, and a slightly more polished version applied to trunk as rev.14604 Amos ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev

Re: [squid-dev] [PREVIEW] Free AccessLogEntry::url when needed

Applied to trunk as rev.14605 Amos ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev

Re: [squid-dev] [PATCH] Add reply_header_add

On 17/03/2016 5:25 p.m., Nathan Hoad wrote: > On 17 March 2016 at 13:33, Alex Rousskov > wrote: >> On 03/16/2016 05:40 PM, Nathan Hoad wrote: >> >>> I've opted to remove Config2.onoff.mangle_request_headers completely. >> >> Even better! I did not realize it is

[squid-dev] [PATCH] Bug 4438 - string pool refactoring

I believe the bug in question is an instance of the "static initialization order fiasco" (). Francesco has done some detailed testing which proved at least some of the globals used for MemPool initialization are initialized twice before main()

Re: [squid-dev] [PATCH] NotePairs, SSL and Cert Validation memory leaks

On 23/02/2016 7:05 a.m., Christos Tsantilas wrote: > I applied this patch to trunk as r14557 > It should be applied to squid-3.5. > > On 02/05/2016 04:38 PM, William Lima wrote: >> Hi all, >> >> This patch fixes the last leak I mentioned. It happens when the cache >> of sslcrtvalidator_program

[squid-dev] [PATCH] SBuf conversion of vary_headers

This is the major part of the planned long-term fix for the Vary header issues with String that have been bugging us recently. It converts the makeVaryMark() function to generate its output in an SBuf instead of String, and removes one use of strListAdd. It also converts the MemObject and

Re: [squid-dev] [PREVIEW] Free AccessLogEntry::url when needed

On 15/03/2016 12:33 p.m., Nathan Hoad wrote: > Hello, > > Attached is a first attempt at converting the AccessLogEntry::url > member to an SBuf. It's definitely resulted in more data copies - just > about all sources are still char *. > > I'm not sure how I can actually avoid those, aside from

[squid-dev] [PATCH] Better support for unknown URL schemes

Squid already contains AnyP::PROTO_UNKNOWN support for unknown protocols but currently does not preserve the actual string value received for them. This adds a textual representation ('image') to the UriScheme object to fill that gap and ensure that all URL representatinos (ie cache keys, logs

Re: [squid-dev] [PATCH] assertion failed: Write.cc:41: "!ccb->active()"

On 15/03/2016 10:41 a.m., Alex Rousskov wrote: > On 03/10/2016 02:35 PM, Alex Rousskov wrote: >> Amos, do you want us to port take2 to v3.5? The take1 patch for v3.5 is >> enough to fix the known assertion. Take2 fixes that assertion as well, >> but it is bigger because it also fixes design

Re: [squid-dev] [PATCH] assertion failed: Write.cc:41: "!ccb->active()"

On 14/03/2016 8:57 a.m., Christos Tsantilas wrote: > Hi all, > > I made all of the fixes requested by Alex. > Please see below for my comments. > > On 03/10/2016 11:35 PM, Alex Rousskov wrote: >> On 03/10/2016 12:14 PM, Christos Tsantilas wrote: >> >>> if (master->serverState ==

Re: [squid-dev] [PATCH] g++ -Woverloaded-virtual

On 12/03/2016 7:41 p.m., Alex Rousskov wrote: > Hello, > > I accidentally discovered that Squid does not use > -Woverloaded-virtual when compiled with GCC. I found that warning useful > in other projects. Enabling it for Squid exposes one bug-in-the-making: > It looks like an 3rd

Re: [squid-dev] [PATCH] Ensure any previous value in lastAclData is free'd

On 11/03/2016 5:33 p.m., Nathan Hoad wrote: > Sure, that seems straightforward enough. Attached is a patch that > migrates lastAclData to an SBuf. > Thank you. I have added an isEmpty() check before calling c_str(), and applied as trunk rev.14579. Amos

Re: [squid-dev] [PATCH] Bug 7: Headers are not updated on disk after 304s

On 11/03/2016 2:59 p.m., Alex Rousskov wrote: > Hello, > > The attached compressed patch fixes a 15+ years old Bug #7 [1] for > the shared memory cache and rock cache_dirs. I am not aware of anybody > working on ufs-based cache_dirs, but this patch provides a Store API and > a cache_dir

Re: [squid-dev] [PREVIEW] Free AccessLogEntry::url when needed

On 11/03/2016 12:53 p.m., Nathan Hoad wrote: > Hello, > > The attached patch is a demonstration of a memory leak on > AccessLogentry::url, created by ACLFilledChecklist::syncAle(). The > patch itself is not good enough quality to warrant acceptance, and no > doubt introduces bugs. > >

Re: [squid-dev] [PATCH] Ensure any previous value in lastAclData is free'd

On 11/03/2016 11:56 a.m., Nathan Hoad wrote: > Hello, > > Attached is a patch that ensures lastAclData doesn't leak any data, > exactly the same as lastAclName. > > In my testing, this wasn't leaking very much memory, but a leak regardless. > +1. Since the 'sb' variable it's being set from is

Re: [squid-dev] [PATCH] shared_memory_locking

On 11/03/2016 4:01 a.m., Alex Rousskov wrote: > On 03/10/2016 01:33 AM, Amos Jeffries wrote: >> On 10/03/2016 11:14 a.m., Alex Rousskov wrote: >>> Hello, >>> >>> The attached patch adds a "shared_memory_locking" configuration >>> direc

Re: [squid-dev] [PATCH] shared_memory_locking

On 10/03/2016 11:14 a.m., Alex Rousskov wrote: > Hello, > > The attached patch adds a "shared_memory_locking" configuration > directive to control mlock(2). > > Locking shared memory at startup avoids SIGBUS crashes when kernel runs > out of RAM during runtime. This has been discussed during

Re: [squid-dev] [PATCH] Fix HttpRequest object leaks in Squid 4.0.x

On 10/03/2016 5:41 p.m., Nathan Hoad wrote: > Hello, > > The attached patch fixes a rather profuse memory leak in the Squid > 4.0.x series where under certain conditions, HttpRequest objects would > get lost. I can provide more information here if requested, > specifically a Valgrind trace and

Re: [squid-dev] [PATCH] risky_server_pconn_reuse option

On 9/03/2016 1:30 a.m., Eduard Bagdasaryan wrote: > Followed your suggestions in [t4] patch. > > Eduard. > +1. Amos ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev

Re: [squid-dev] [PATCH] risky_server_pconn_reuse option

On 8/03/2016 12:26 a.m., Eduard Bagdasaryan wrote: > Hello, > > This patch introduces a new ACL-driven " risky_server_pconn_reuse" option. > This option provides fine-grained control over persistent connection > reuse when forwarding HTTP requests that Squid cannot retry. It is useful > in

[squid-dev] Fwd: I-D ACTION:draft-ietf-httpbis-rfc5987bis-01.txt

This document is one we should participate or a least keep an eye on. It will definitely result and require some alterations to our HttpHeader parsing logics. Amos Forwarded Message Subject: I-D ACTION:draft-ietf-httpbis-rfc5987bis-01.txt Resent-Date: Fri, 04 Mar 2016 18:04:05

Re: [squid-dev] [PATCH] Bug 4430 Squid crashes on shutdown while cleaning up idle ICAP connections.

On 3/03/2016 4:06 a.m., Alex Rousskov wrote: > On 03/02/2016 02:15 AM, Christos Tsantilas wrote: >> On 03/01/2016 04:36 AM, Amos Jeffries wrote: >>> Okay. +1 on that 3.5 patch going in. > >> I applied the patch to squid-3.5 branch as r14000. > >> Prob

[squid-dev] Fwd: RFC 7725 on An HTTP Status Code to Report Legal Obstacles

It is finally offcial. Forwarded Message Subject: RFC 7725 on An HTTP Status Code to Report Legal Obstacles Resent-Date: Mon, 29 Feb 2016 23:34:36 + A new Request for Comments is now available in online RFC libraries. RFC 7725 Title: An HTTP Status

Re: [squid-dev] [PATCH] Bug 4430 Squid crashes on shutdown while cleaning up idle ICAP connections.

On 1/03/2016 9:31 a.m., Christos Tsantilas wrote: > Hi all, > > Squid crashes on shutdown with the following backtrace: > (gdb) bt > #0 0x007138d8 in commSetConnTimeout(RefCount > const&, int, RefCount&) () > #1 0x00510ddf in > commUnsetConnTimeout(RefCount const&) () > #2

[squid-dev] Fwd: Fwd: New Version Notification for draft-nottingham-proxy-explanation-00.txt

NOTE: tihs mails reply-to is set to the HTTP WG. I think some of you might be interested in this. If you wish to participate in discussion please followup with the WG. As currently spec'd its highly restricted to a MITM or explicit/forward proxy responding to a CONNECT request. So only AFAIK

Re: [squid-dev] [PATCH] Remove most Makefile.am DEPENDENCIES

On 27/02/2016 12:01 a.m., Kinkie wrote: > Hi all, > as part of the "makefile.am DEPENDENCIES considered harmful" push, > please find attached a patch removing most DEPENDENCIES in > src/Makefile.am . > Build-tested. +!. Amos ___ squid-dev mailing

Re: [squid-dev] [PATCH] libsbuf

On 26/02/2016 6:01 a.m., Kinkie wrote: > Hi all, > please find attached a the bundle implementing libsbuf (merge > proposal from lp:~squid/squid/sbuflab). > > It: > - shuffles SBuf core files into src/sbuf and implements sbuf/libsbuf.la > - refactors SBuf <-> String adaption functions into a

Re: [squid-dev] Patches proposal

On 18/02/2016 6:43 a.m., Alex Rousskov wrote: > On 02/17/2016 10:29 AM, Amos Jeffries wrote: >> On 18/02/2016 5:59 a.m., William Lima wrote: >>>> the other uses Redis for certificate caches. > >>> A polished version of this would be a very welcomed addition

Re: [squid-dev] Patches proposal

On 18/02/2016 5:59 a.m., William Lima wrote: > Alex, > > I'll implement according to your instructions. > > William > > - Original Message - > From: "Alex Rousskov" > To: squid-dev@lists.squid-cache.org > Cc: "William Lima"

[squid-dev] [PATCH] Bug 4111 fix

This bug had unfortunately gotten lost in the flood. The bug reporters proposed patch seems to be correct in terms of its intention. This version of the patch adds the missing {} and uses fatalf() instead of exit(). It also goes a little further and corrects the outstanding errno handling issues

Re: [squid-dev] [PATCH] Cert Validation memory leaks

On 13/02/2016 8:53 p.m., Christos Tsantilas wrote: > On 02/13/2016 07:26 AM, Amos Jeffries wrote: >> On 12/02/2016 5:06 a.m., Christos Tsantilas wrote: >>> >>> This patch fixes one problem discussed under the >>> "[squid-dev] NotePairs, SSL and Cert

Re: [squid-dev] [PATCH] implement RFC3986

On 11/02/2016 5:27 a.m., Alex Rousskov wrote: > On 02/10/2016 08:59 AM, Amos Jeffries wrote: >> This is the updated patch implementing RFC 3986 URI coding ('URL-escaping'). >> >> So far all the audit suggestions except Tokenizer usage have been >> implemented. Tokenizer

Re: [squid-dev] [PATCH] Cert Validation memory leaks

On 12/02/2016 5:06 a.m., Christos Tsantilas wrote: > > This patch fixes one problem discussed under the > "[squid-dev] NotePairs, SSL and Cert Validation memory leaks" > mail thread > > I am reposting here because there was many changes on latest trunk code > so the initial patch did not worked.

Re: [squid-dev] [PATCH] shuffle SessionCacheRunner to libsecurity

On 12/02/2016 7:21 a.m., Alex Rousskov wrote: > On 02/11/2016 10:20 AM, Amos Jeffries wrote: > >> One issue was uncovered during this: >> >> * While ssl/support.h was defining a destruct_session_cache() function >> that appeared to release the cache memory, it

Re: [squid-dev] [PATCH] implement RFC3986

This is the updated patch implementing RFC 3986 URI coding ('URL-escaping'). So far all the audit suggestions except Tokenizer usage have been implemented. Tokenizer is omitted because we still want helpers to be able to instantiate these templates functions with std::string. Amos === modified

Re: [squid-dev] [PATCH] SBuf const iterator fixes

Since I'm not seeing any outright objections I have applied this as trunk rev.14533. Amos ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev

Re: [squid-dev] [PATCH] snprintf result used without validating its range

On 10/02/2016 6:25 a.m., Yuriy M. Kaminskiy wrote: > In several cases, snprintf result was used without validating its range. > > When formatted string would overflow buffer or error happens, snprintf > will return either value larger than buffer size, or -1. In both cases, > if you add this

Re: [squid-dev] [PATCH] convenience library renaming

On 9/02/2016 10:08 a.m., Alex Rousskov wrote: > On 02/08/2016 01:41 PM, Amos Jeffries wrote: >> I have been trying to automate graphing of the Squid internal >> dependencies. One of the major issues that has encountered is that some >> of our convenience libraries use the

Re: [squid-dev] Security::SessionPointer and Security::LockingPointer

On 10/02/2016 9:04 a.m., Christos Tsantilas wrote: > On 02/09/2016 07:31 PM, Amos Jeffries wrote: >> On 10/02/2016 5:53 a.m., Christos Tsantilas wrote: >>> Hi all, >>> >>> The short question: >>> The Security::SessionPointer is a TidyPointer. Is it acc

[squid-dev] [PATCH] SBuf const iterator fixes

The SBufIterator is mostly actually a const iterator. But not quite. The point of difference from const_iterator is the operator*() API which is also different from the normal itertor API in that is returns a char instead of a char& or const char &. The attached patch fixes that API making the

Re: [squid-dev] [PATCH] convenience library renaming

On 9/02/2016 9:41 a.m., Amos Jeffries wrote: > I have been trying to automate graphing of the Squid internal > dependencies. One of the major issues that has encountered is that some > of our convenience libraries use the '-' hyphen character which is a > reserved character in DOT

[squid-dev] [PATCH] convenience library renaming

I have been trying to automate graphing of the Squid internal dependencies. One of the major issues that has encountered is that some of our convenience libraries use the '-' hyphen character which is a reserved character in DOT graph format. To make the scripts much simpler and the visual output

[squid-dev] [PATCH] Http::Stream ID numbering

On 24/01/2016 2:17 a.m., Amos Jeffries wrote: > On 23/01/2016 7:59 a.m., Alex Rousskov wrote: >> On 01/14/2016 05:53 AM, Amos Jeffries wrote: >> >> The renaming/moving part of the patch scope changes lots of code. It is >> very unfortunate that you have d

Re: [squid-dev] [PATCH] Fix external_acl problems

On 2/02/2016 4:09 a.m., Christos Tsantilas wrote: > > Still I am not able to compile trunk. > I will merge to trunk after the problems is fixed. > Sorry about that. I think its all fixed now. Amos ___ squid-dev mailing list

Re: [squid-dev] [PATCH] Fix external_acl problems

On 2/02/2016 2:32 a.m., Dave Lewthwaite wrote: > Hi Christos, > > Sorry my apologies - I had my build env a bit mixed up. Anyway I’ve cleared > that down and re-applied the patch - it’s all working now which is excellent > news (http_port / CONNECT and https_port / transparent/intercept). >

Re: [squid-dev] [PATCH] Invalid FTP connection handling on blocked content

On 26/01/2016 7:34 a.m., Christos Tsantilas wrote: > The patch for squid-3.5, it should be applied to squid-3.5 branch. Applied to 3.5 as rev.13976 Amos ___ squid-dev mailing list squid-dev@lists.squid-cache.org

Re: [squid-dev] [PATCH] Fix external_acl problems

On 29/01/2016 8:10 a.m., Christos Tsantilas wrote: > Hi all, > > After the patch r14351 created the following problems: > - external_acl requires AccessLogEntry but ALE is not available >in many cases such as ssl_bump ACLs. > - The %external_acl code and not by logformat code. > > This

Re: [squid-dev] [PATCH] securiy_fake_certverify ; aka helpers/ shuffling exemplar

Applied as trunk rev.14515. Amos ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev

Re: [squid-dev] [PATCH] securiy_fake_certv ; aka helpers/ shuffling exemplar

On 29/01/2016 4:54 a.m., Alex Rousskov wrote: > On 01/28/2016 06:55 AM, Amos Jeffries wrote: >> This patch demonstrates my proposed helpers/ shuffling by updating the >> demo certificate validator. >> >> * creates src/security/certv/ for certificate validation helpe

Re: [squid-dev] Planning for experiments with Digest, Link and metalink files.

On 28/01/2016 9:18 p.m., Eliezer Croitoru wrote: > I have been working for some time on experimenting things related to > metalinks files and I have couple things in my mind about it. > Now I am running for more then 4 month my local proxy service with > SHA256 live digesting of all traffic using

Re: [squid-dev] [PATCH] %

On 15/01/2016 2:09 a.m., Amos Jeffries wrote: > On 12/01/2016 12:49 a.m., Eduard Bagdasaryan wrote: >> Hello, >> >> This patch fills access log entry with server connection >> details as soon as possible. This makes %> available to [eCAP] RESPMOD services via adapt

Re: [squid-dev] [PATCH] Http::StreamContext refactoring

On 23/01/2016 7:59 a.m., Alex Rousskov wrote: > On 01/14/2016 05:53 AM, Amos Jeffries wrote: > >> The ClientSocketContext is renamed and shuffled to Http::StreamContext. > > This class does not belong to the Http namespace. It represents the user > side of

Re: [squid-dev] ftruncate() failures on OS X (Darwin)

On 24/01/2016 6:35 a.m., Alex Rousskov wrote: > > If there are no objections, I will commit your patch (with the above > polishing touches). Please do. It seems to have 3 votes already. Amos ___ squid-dev mailing list squid-dev@lists.squid-cache.org

Re: [squid-dev] [PATCH] YesNoNone class updates

On 16/01/2016 5:07 a.m., Alex Rousskov wrote: > > P.S. I trust you have seen the seemingly related linking problems in > Jenkins. > yes, working on that already. Amos ___ squid-dev mailing list squid-dev@lists.squid-cache.org

Re: [squid-dev] [PATCH] %

On 12/01/2016 12:49 a.m., Eduard Bagdasaryan wrote: > Hello, > > This patch fills access log entry with server connection > details as soon as possible. This makes % available to [eCAP] RESPMOD services via adaptation_meta. > Previously, ALE was updated only in prepareLogWithRequestDetails() >

Re: [squid-dev] [PATCH] YesNoNone class updates

On 15/01/2016 6:26 a.m., Alex Rousskov wrote: > On 01/13/2016 03:56 PM, Amos Jeffries wrote: >> On 13/01/2016 5:11 a.m., Alex Rousskov wrote: >>> On 01/11/2016 06:36 PM, Amos Jeffries wrote: >>>> Distinction is made between implicit and explicit configuration. >>

Re: [squid-dev] [PATCH] YesNoNone class updates

On 15/01/2016 11:38 a.m., Alex Rousskov wrote: > On 01/14/2016 12:31 PM, Amos Jeffries wrote: >> On 15/01/2016 6:26 a.m., Alex Rousskov wrote: >>> On 01/13/2016 03:56 PM, Amos Jeffries wrote: >>>> On 13/01/2016 5:11 a.m., Alex Rousskov wrote: >>>>>

Re: [squid-dev] checklist->conn assertion in DestinationIp.cc

On 13/01/2016 10:53 p.m., Eduard Bagdasaryan wrote: > Addressed your comments in [t2] patch. > Also polished ACLFilledChecklist::fd(int) similarly. > > Eduard. > Thank you. Applied as trunk rev.14491. Amos ___ squid-dev mailing list

Re: [squid-dev] [RFC] The situation with helpers/

On 14/01/2016 4:43 a.m., Alex Rousskov wrote: > On 01/13/2016 06:12 AM, Kinkie wrote: >> On Tue, Jan 5, 2016 at 6:01 PM, Alex Rousskov >> <rouss...@measurement-factory.com> wrote: >>> On 01/04/2016 08:58 PM, Amos Jeffries wrote: >>>> The SBuf and

Re: [squid-dev] [RFC] The situation with helpers/

On 14/01/2016 2:12 a.m., Kinkie wrote: > > About build dependencies from src/ : while refactoring some helpers I > came across a recipe which seems reasonably clean and maintainable, > and I submit it for consideration until a more structured approach > (such as lifting helpers/ into src/) can be

Re: [squid-dev] [RFC] The situation with helpers/

On 14/01/2016 11:07 a.m., Kinkie wrote: > On Wed, Jan 13, 2016 at 10:13 PM, Amos Jeffries <squ...@treenet.co.nz> wrote: >> On 14/01/2016 2:12 a.m., Kinkie wrote: ... > >> When DEPENDENCIES is *absent*, automake will take the SOURCES list and >> add dependency for ea

Re: [squid-dev] [PATCH] YesNoNone class updates

On 13/01/2016 5:11 a.m., Alex Rousskov wrote: > On 01/11/2016 06:36 PM, Amos Jeffries wrote: >> Update class YesNoNone to use C++11 features which allow better boolean >> conversion, assignment, copy, and move ctors. > > The safer boolean operator is welcomed, of course. &g

Re: [squid-dev] checklist->conn assertion in DestinationIp.cc

On 12/01/2016 6:54 a.m., Eduard Bagdasaryan wrote: > Hello, > > Attaching patch with suggested fix. The fix is > related to bug 4378. > in src/acl/DestinationIp.cc * please use a "const auto" local variable to store checklist->conn(). - that way you can avoid three de-references and method

<    1   2   3   4   5   6   7   8   9   10   >