Re: [squid-dev] Idea: what if SBuf was a Packable?

On 2024-03-13 05:25, Francesco Chemolli wrote:   I spent some time wondering whether we could reduce code duplication by making SBuf implement the Packable interface, and replacing SBufStream with PackableStream. This idea was studied two years ago, including spending many hours on

Re: [squid-dev] RFC: ACL clashes with Windows system entity

On 2023-12-06 16:47, Francesco Chemolli wrote: Hi all,   I'm looking at improving windows portability, and we have a name clash with a Windows system header (https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-acl) So.. how to deal with it? I can see two options: either we

Re: [squid-dev] RFC: Squid documentation upgrade

On 2023-11-15 11:28, Amos Jeffries wrote: On 12/10/23 03:32, Alex Rousskov wrote: On 2023-10-11 02:25, Amos Jeffries wrote: Hi all, As those familiar with Squid sources will know the documentation of Squid is currently spread across various formats. Some custom ones, and some very outdated

Re: [squid-dev] mirrors with missing files

On 2023-11-02 07:59, Stuart Henderson wrote: On 2023-11-01, Amos Jeffries wrote: On 1/11/23 09:59, Alex Rousskov wrote: On 2023-10-31 15:39, Francesco Chemolli wrote: Before we can migrate ..., we need to deprecate, cleanup and simplify a lot. Do you really, really _need_ to "depr

Re: [squid-dev] mirrors with missing files

On 2023-11-01 12:05, Amos Jeffries wrote: On 1/11/23 09:59, Alex Rousskov wrote: On 2023-10-31 15:39, Francesco Chemolli wrote: Before we can migrate ..., we need to deprecate, cleanup and simplify a lot. Do you really, really _need_ to "deprecate, cleanup, and simplify a lot"

Re: [squid-dev] mirrors with missing files

; change sets. Before we can migrate to anything different, we need to > deprecate, cleanup and simplify a lot. > Any help would be greatly appreciated > > @mobile > On Tue, 31 Oct 2023 at 19:32, Alex Rousskov wrote: On 2023-10-31 06:08, Adam Majer wrote: > I've lo

Re: [squid-dev] mirrors with missing files

On 2023-10-31 06:08, Adam Majer wrote: I've looked at the mirrors posted,   http://www.squid-cache.org/Download/mirrors.html and these seem all obsolete. Thank you for doing this analysis! I have been begging the Project to drop all mirrors for a long time now. I failed to convince others

[squid-dev] RFC: Irreplaceable squidclient features

Hello, Francesco and I would like to remove squidclient tool from Squid so that we can divert resources to more important areas[1]. As far as we can tell, all essential squidclient functionality can be obtained via well-known command-line clients like curl, wget, nc, s_client, etc. For

Re: [squid-dev] RFC: make FOLLOW_X_FORWARDED_FOR unconditional

On 2023-10-11 03:15, Amos Jeffries wrote: On 11/10/23 08:19, Alex Rousskov wrote: On 2023-10-10 12:17, Francesco Chemolli wrote: what if we removed the configure option for FOLLOW_X_FORWARDED_FOR, and made it unconditionally part of Squid? Some Squid deployments will silently break AFAICT

Re: [squid-dev] RFC: Squid documentation upgrade

On 2023-10-11 02:25, Amos Jeffries wrote: Hi all, As those familiar with Squid sources will know the documentation of Squid is currently spread across various formats. Some custom ones, and some very outdated. So far we have a casual agreement amongst the core dev team to use Markdown when

Re: [squid-dev] RFC: make FOLLOW_X_FORWARDED_FOR unconditional

On 2023-10-10 12:17, Francesco Chemolli wrote: what if we removed the configure option for FOLLOW_X_FORWARDED_FOR, and made it unconditionally part of Squid? Some Squid deployments will silently break AFAICT. It is on by default, Here, "it" should be viewed as a combination of

Re: [squid-dev] RFC: Transitioning ipcache and fqdncache to ClpMap

On 7/11/23 03:35, Francesco Chemolli wrote: I'd like to start working on transitioning ipcache and fqdncache to ClpMap. Thank you. Please _plan_ to convert them both (as you are already doing here!), but then convert them one at a time (to avoid duplicating review/modification efforts). I

Re: [squid-dev] Squid 5.6 leaking memory when peeking for an origin with an invalid certificate

tor::sslCrtvdHandleReply() and friends. Best. On Wed, Jan 18, 2023 at 11:11 AM Alex Rousskov mailto:rouss...@measurement-factory.com>> wrote: On 1/18/23 13:46, Hamilton Coutinho wrote: > Hi all, > > We are observing what seems to be sever

Re: [squid-dev] RFC: GitHub Projects and Issues

On 5/5/23 09:39, Amos Jeffries wrote: You may (or not) have noticed that recently I have been experimenting with GitHub Projects. Creating a few for the major long-term efforts and assigned a number of the open PRs to them. IMO this looks like it could be a better way to track progress on

Re: [squid-dev] CI: trunk is stable again

On 4/11/23 15:52, Francesco Chemolli wrote: trunk build tests can now be relied upon again for correctness checks. We can set them up again as required for merging PRs Done. PRs based on earlier/broken master snapshots will need to be updated to pass these now-required checks, of course.

Re: [squid-dev] Latest Clang build errors

On 4/2/23 03:30, Francesco Chemolli wrote: BTW, since GCC v13 has other bugs and has not been officially "released" yet, I suggest removing that compiler from the set of required tests until it matures enough for us to support it efficiently. That's what Fedora Rawhide ships

Re: [squid-dev] Latest Clang build errors

On 3/28/23 09:27, Amos Jeffries wrote: Alex, since the whole IPC and SHM system is your design are you able to work on fixing the FlexibleArray build errors we are now getting with clang v15. [1] Log excerpt from Jenkins: ... 01:00:06 ../../../../src/ipc/mem/FlexibleArray.h:34:52: error:

Re: [squid-dev] Latest Clang build errors

On 3/28/23 09:27, Amos Jeffries wrote: Alex, since the whole IPC and SHM system is your design are you able to work on fixing the FlexibleArray build errors we are now getting with clang v15. Sure, I will work on this. I doubt I will be able to post a fix in the next few days due to travel,

Re: [squid-dev] RFC: policy change for header #includes

On 3/8/23 09:12, Amos Jeffries wrote: On 7/03/2023 10:14 pm, Francesco Chemolli wrote: I would also complement it with the directive to use header instead of whenever possible That we already have. PRs doing the updates welcome. Agreed on both counts, especially if an updating PR

Re: [squid-dev] RFC: policy change for header #includes

On 3/7/23 00:38, Amos Jeffries wrote: Current Policy https://wiki.squid-cache.org/DeveloperResources/SquidCodingGuidelines#file-include-guidelines:  4. system C headers (with a .h suffix):     * mandatory HAVE_FOO_H wrapper I propose using the C++17 "__has_include()" instead of

Re: [squid-dev] Drop cache_object protocol support

On 1/26/23 04:12, Amos Jeffries wrote: On 26/01/2023 3:30 am, Alex Rousskov wrote: On 1/25/23 07:29, Amos Jeffries wrote: On 25/01/2023 5:34 pm, Alex Rousskov wrote: IMO, we should not keep any code that is only needed for Squid v3.1 and earlier. Squid v3.2 and later should http-based cache

Re: [squid-dev] Drop cache_object protocol support

On 1/25/23 07:29, Amos Jeffries wrote: On 25/01/2023 5:34 pm, Alex Rousskov wrote: On 1/24/23 20:57, Amos Jeffries wrote: Blocker #2: The squidclient tool still sends cache_object: scheme when given "mgr:" on the CLI. We need to upgrade that first Looks like we are in

Re: [squid-dev] Drop cache_object protocol support

On 1/24/23 20:57, Amos Jeffries wrote: Blocker #1:  The cachemgr_passwd directly still needs to be cleanly removed, eg replaced by a manager_access ACL based mechanism. I do not see a relationship: I have not tested it, but the existing CacheManager::ParseHeaders() code already extracts

Re: [squid-dev] Drop cache_object protocol support

On 1/24/23 12:22, Eduard Bagdasaryan wrote: Today we can query cache manager in two ways: 1. with cache_object:// URL scheme 2. with an HTTP request having the 'squid-internal-mgr' path prefix. I guess that when (2) was initially added at e37bd29, its implementation was somewhat incomplete

Re: [squid-dev] Squid 5.6 leaking memory when peeking for an origin with an invalid certificate

On 1/18/23 13:46, Hamilton Coutinho wrote: Hi all, We are observing what seems to be several objects leaking in the output mgr:mem, to the tune of 10s of 1000s of HttpRequest, HttpHeaderEntry, Comm::Connection, Security::ErrorDetail, cbdata PeekingPeerConnector (31), etc. We dumped a core

Re: [squid-dev] Possible bug with file-descriptor parameter in configure of squid-6.0.0-20221210-r71f62e86e

On 12/23/22 16:29, infant vinay wrote: I am trying to compile squid release squid-6.0.0-20221210-r71f62e86e I am using the same configure option I have used for at least 2+ years now which includes the  --with-filedescriptors=4096 option in it. The options are further down below. Until the

Re: [squid-dev] RFC: Reject repeated same-name annotations

this clarifies, Alex. -Original Message----- From: squid-dev On Behalf Of Alex Rousskov Sent: Thursday, 15 December 2022 23:30 To: Squid Developers Subject: [squid-dev] RFC: Reject repeated same-name annotations Hello, I propose to adjust Squid code to reject repeated same-nam

[squid-dev] RFC: Reject repeated same-name annotations

Hello, I propose to adjust Squid code to reject repeated same-name annotations from each and every source that supplies annotations: * "note" directive * adaptation_meta directive * annotate_transaction ACL [1] * annotate_client ACL [1] * adaptation services responses (eCAP and ICAP) *

Re: [squid-dev] RFC: Switch to C++17

On 12/5/22 06:18, Amos Jeffries wrote: I support the switch. Great, I will start working on a PR. If anybody reading this will be seriously inconvenienced by future Squid v6 requiring C++17, please speak up! Caveat details below... On Sun, 4 Dec 2022 at 16:18, Alex Rousskov wrote

[squid-dev] RFC: Switch to C++17

Hello, I propose that we switch master/v6 from C++11 to C++17: Modern environments support C++17 well. We are wasting significant amounts of time on emulating such basic C++17 features as std::optional. We are writing worse code than we can because we lack access to such basic C++14 and

Re: [squid-dev] RFC: Semaphore CI to GitHub Actions migration

On 10/22/22 04:17, Amos Jeffries wrote: On 20/10/22 03:25, Alex Rousskov wrote: >> 3. Build tests: Semaphore CI uses Ubuntu 14.04. GitHub Actions uses Ubuntu 22.04. Semaphore CI has fewer build dependencies installed. GitHub Actions do not provide Ubuntu 14.04 runners[1]. Plan: I wil

[squid-dev] RFC: Semaphore CI to GitHub Actions migration

Hello, I plan to gradually turn Semaphore CI testing off and make GitHub Actions required. We should not babysit the same tests in two setups. Here is the current status of CI tests with regard to Semaphore and GitHub Actions together with the corresponding planned actions: 1.

Re: [squid-dev] security_file_certgen protocol

On 9/22/22 10:03, ngtech1...@gmail.com wrote: I am trying to write a service like security_file_certgen as a daemon that will be communicated via a TCP or UNIX Socket. However, it’s a bit hard for me now to grasp the STDIN/STDOUT protocol of security_file_certgen. I remember vaguely that it

Re: [squid-dev] Proposal: switch to always-build for some currently optional features

On 9/20/22 02:34, Francesco Chemolli wrote: I agree that modules that can always be built, should be. Such modules should have no guarding #ifdefs. I think this is the set of modules that your proposal is targeting, but please correct me if I am wrong. FWIW, this design

Re: [squid-dev] Proposal: switch to always-build for some currently optional features

On 9/19/22 09:28, Francesco Chemolli wrote: there is a bunch of features that are currently gated at compile time: among others, I see: - adaptation (icap, ecap) - authentication - ident - delay pools - cache digests - htcp - cache digests - wccp - unlinkd I'd like to propose that we switch

Re: [squid-dev] RFC submodule repositories

On 8/1/22 22:32, Amos Jeffries wrote: On 1/08/22 03:09, Alex Rousskov wrote: On 7/31/22 00:29, Amos Jeffries wrote: When PR #937 merges we will have the ability to shuffle old helpers into a separate repository that users can import as a submodule to build with their Squid as-needed. What

Re: [squid-dev] RFC submodule repositories

On 7/31/22 00:29, Amos Jeffries wrote: When PR #937 merges we will have the ability to shuffle old helpers into a separate repository that users can import as a submodule to build with their Squid as-needed. In my experience, git submodules are a powerful feature that is rather difficult to

[squid-dev] RFC: Class section/member _order_

Hello, Amos and I disagreed[1] regarding the existing guidelines for section/member order in C++ class declarations. To resolve that disagreement, this email proposes the order for future use. - 1. Class "sections" order (by member access specifiers): public, protected, private.

[squid-dev] RFC: Class section/member order

Spam detection software, running on the system "master.squid-cache.org", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for

Re: [squid-dev] PR backlog

nt some of the required changes! Again, if you think I should be doing something else instead, please discuss! Thank you, Alex. On Mon, Jun 6, 2022 at 6:20 PM Alex Rousskov wrote: On 6/6/22 03:34, Francesco Chemolli wrote: >     we have quite a big backlog of open PRs

Re: [squid-dev] PR backlog

On 6/6/22 03:34, Francesco Chemolli wrote:    we have quite a big backlog of open PRs (https://github.com/squid-cache/squid/pulls?page=1=is%3Apr+is%3Aopen). How about doing a 15-days sprint and clearing it or at least trimming it significantly? I am happy to participate in any way you find

Re: [squid-dev] [squid-users] squid-6.0.0-20220412-rb706999c1 cannot be built

On 5/1/22 18:27, Eliezer Croitoru wrote: From my tests this issue with the latest daily autogenerated sources package is the same: http://master.squid-cache.org/Versions/v6/squid-6.0.0-20220501-re899e0c27.ta r.bz2 AclRegs.cc:165:50: error: unused parameter 'name' [-Werror=unused-parameter]

Re: [squid-dev] Can't build on Ubuntu Jammy

On 4/23/22 10:38, Francesco Chemolli wrote: Hi all,   I did a trial build run on Jammy (https://build.squid-cache.org/job/anybranch-anyarch-matrix/COMPILER=gcc,OS=ubuntu-jammy,label=amd64-linux/5/console

Re: [squid-dev] Squid-Cache statistics reporting project

On 4/20/22 18:34, Eliezer Croitoru wrote: In the past I wrote about a project that will include Squid statistics reporting. The main goal is to gather from the project users using a script a set of cache-mgr pages in specific intervals. The simplest way to do so is to run a script that

Re: [squid-dev] ERR_CONFLICT_HOST for HTTP CONNECT request on port 80

On 3/4/22 03:25, YFone Ling wrote: I am here just try to understand how the squid determines host conflicts for a simple http connect proxy request? The complete answer to your question is large/complicated and Squid-version dependent, but, AFAICT, there are no conflicts in the simple

Re: [squid-dev] RFC: protocols in Squid

On 1/30/22 6:56 AM, Amos Jeffries wrote: > Attached is first draft of a map for the transactions possible by > protocols supported (and "should be") by Squid. > > > In this diagram transactions are split into three types: > >  1) switching - Protocol A ending initiates Protocol B. > >  2)

Re: [squid-dev] v5.4 backports

On 1/24/22 3:26 PM, Amos Jeffries wrote: > On 21/01/22 08:20, Alex Rousskov wrote: >> On 1/18/22 5:31 AM, Amos Jeffries wrote: >>> The following changes accepted into v6 are also eligible for v5 but have >>> issues preventing me scheduling them. >>> &g

Re: [squid-dev] RFC: Adding a new line to a regex

:59 PM, Amos Jeffries wrote: > On 22/01/22 08:36, Alex Rousskov wrote: >> TLDR: I am adding solution #6 into the mix based on Amos email (#5 was >> taken by Eduard). Amos needs to clarify why he thinks that Squid master >> branch cannot accept STL-based regexes "now&q

Re: [squid-dev] RFC: Adding a new line to a regex

2 PM, Amos Jeffries wrote: > On 20/01/22 10:32, Alex Rousskov wrote: >> We have a use case where a regex in squid.conf should contain/match >> a new line [...] This email discusses the problem and proposes how >> to add a new line (and other special characters) to

Re: [squid-dev] RFC: Adding a new line to a regex

On 1/21/22 12:16 PM, Amos Jeffries wrote: > On 21/01/22 07:27, Eduard Bagdasaryan wrote: >> I would concur with Alex that (4) is preferable: It does not break old >> configurations, re-uses existing mechanisms and allows to apply it >> only when/where required. I have one more option for your >>

Re: [squid-dev] v5.4 backports

On 1/18/22 5:31 AM, Amos Jeffries wrote: > The following changes accepted into v6 are also eligible for v5 but have > issues preventing me scheduling them. > > > This has conflicts I need some assistance resolving. So will not being > doing the backport myself. If you are interested please open

[squid-dev] RFC: Adding a new line to a regex

Hello, We have a use case where a regex in squid.conf should contain/match a new line (i.e. ASCII LF). I do not know whether there are similar use cases with the existing squid.conf regex directives, but that is not important because we are adding a _new_ directive that will need such

Re: [squid-dev] squid 5.3 crash

On 12/28/21 1:17 AM, Dmitry Melekhov wrote: > Testing squid 5.3 on Ubuntu 20.04. > 2021/12/28 09:58:01 kid1| assertion failed: Read.cc:61: > "Comm::IsConnOpen(conn)" > Is this assertion fail known problem? Impossible to say for sure without a stack trace, unfortunately -- many different code

Re: [squid-dev] What os/cpu platforms do we want to target as a project?

On 12/26/21 8:36 PM, Amos Jeffries wrote: > On 27/12/21 10:11, Alex Rousskov wrote: >> On 12/26/21 10:30 AM, Francesco Chemolli wrote: >>> On Sun, Dec 5, 2021 at 10:05 PM Alex Rousskov wrote: >>>> If we manage to and agree on what platforms to "support&q

Re: [squid-dev] What os/cpu platforms do we want to target as a project?

On 12/27/21 4:41 AM, Francesco Chemolli wrote: > On Sun, Dec 26, 2021 at 10:58 PM Alex Rousskov wrote: >> >> On 12/26/21 10:30 AM, Francesco Chemolli wrote: >>> On Sun, Dec 5, 2021 at 10:05 PM Alex Rousskov wrote: >>>> On 12/5/21 4:44 AM, Francesco Chemolli wr

Re: [squid-dev] What os/cpu platforms do we want to target as a project?

On 12/26/21 10:30 AM, Francesco Chemolli wrote: > On Sun, Dec 5, 2021 at 10:05 PM Alex Rousskov wrote: >> On 12/5/21 4:44 AM, Francesco Chemolli wrote: >>> I would recommend that we support as main targets: >>> - Linux on x64, arm64, arm32 and, if we can, MIPS &g

Re: [squid-dev] What os/cpu platforms do we want to target as a project?

On 12/26/21 10:30 AM, Francesco Chemolli wrote: > On Sun, Dec 5, 2021 at 10:05 PM Alex Rousskov wrote: >> If we manage to and agree on what platforms to "support" and on removing >> code dedicated to unsupported platforms, great! If we fail, I would like >> t

Re: [squid-dev] Squid does not accept WCCP of Cisco router since CVE 2021-28116

On 12/5/21 6:11 PM, Andrej Mikus wrote: > I would like to find some information about wccp servers (routers, > firewalls, etc) that are officially supported and therefore tested for > compatibility. IIRC, there are no such servers/etc. WCCP code quality is low, the code has been neglected for a

Re: [squid-dev] What os/cpu platforms do we want to target as a project?

On 12/5/21 4:44 AM, Francesco Chemolli wrote: > I would recommend that we support as main targets: > - Linux on x64, arm64, arm32 and, if we can, MIPS > - FreeBSD, OpenBSD on x64 > As best-effort: > - Windows on x64, with the aim of eventually promoting to primary target > - Darwin on x64 and

Re: [squid-dev] What os/cpu platforms do we want to target as a project?

On 12/5/21 7:00 AM, Amos Jeffries wrote: > On 5/12/21 22:44, Francesco Chemolli wrote: >> The rationale is that we should focus our attention as a project where >> the majority of our userbase is, where users mean "people who build >> and run squid". > I do not accept that a few hacks for old OS

Re: [squid-dev] RFC: Categorize level-0/1 messages

On 12/5/21 8:06 AM, Amos Jeffries wrote: > On 21/10/21 16:16, Alex Rousskov wrote: >> On 10/20/21 3:14 PM, Amos Jeffries wrote: >>> On 21/10/21 4:22 am, Alex Rousskov wrote: >>>> To facilitate automatic monitoring of Squid cache.logs, I suggest to >>>>

Re: [squid-dev] request for change handling hostStrictVerify

On 11/2/21 4:25 AM, k...@sudo-i.net wrote: > > On Monday, November 01, 2021 14:58 GMT, Alex Rousskov > wrote: >   >> On 11/1/21 3:59 AM, k...@sudo-i.net wrote: >> > On Saturday, October 30, 2021 01:14 GMT, Alex Rousskov wrote: >> >> >> AFAICT, in the

Re: [squid-dev] request for change handling hostStrictVerify

On 11/1/21 3:59 AM, k...@sudo-i.net wrote: > On Saturday, October 30, 2021 01:14 GMT, Alex Rousskov wrote: >> >> AFAICT, in the majority of deployments, the mismatch between the >> >> intended IP address and the SNI/Host header can be correctly handled >> >

Re: [squid-dev] request for change handling hostStrictVerify

On 10/29/21 8:37 PM, Amos Jeffries wrote: > On 30/10/21 11:09, Alex Rousskov wrote: >> On 10/26/21 5:46 PM, k...@sudo-i.net wrote: >> >>> - Squid enforces the Client to use SNI >>> - Squid lookup IP for SNI (DNS resolution). >>> - Squid forces the cl

Re: [squid-dev] request for change handling hostStrictVerify

On 10/26/21 5:46 PM, k...@sudo-i.net wrote: > - Squid enforces the Client to use SNI > - Squid lookup IP for SNI (DNS resolution). > - Squid forces the client to go to the resolved IP AFAICT, the above strategy is in conflict with the "SECURITY NOTE" paragraph in host_verify_strict

Re: [squid-dev] Alternate origin server selection

On 10/29/21 9:57 AM, Steve Hill wrote: > Ok, I've gone back and looked over my old debug logs.  It appears what > was actually happening was: > > - Client sends "CONNECT www.google.com:443". > - Connection with TLS made to forcesafesearch.google.com. > - Client sends "GET / HTTP/1.1\r\nHost:

Re: [squid-dev] Alternate origin server selection

On 10/28/21 12:39 PM, Steve Hill wrote: > On 28/10/2021 16:41, Alex Rousskov wrote: >> AFAICT, the primary obstacle here is that Squid pins the connection >> while obtaining the origin server certificate. > Well, I can't see why Squid needs the origin certificate - it should

Re: [squid-dev] Alternate origin server selection

On 10/28/21 9:24 AM, Steve Hill wrote: > For transparently proxied traffic, the client makes a connection to > www.google.com's IP address, which Squid intercepts.  Squid must then > SSL-peek the request to figure out that it is connecting to > www.google.com.  The onward connection can then be

Re: [squid-dev] RFC: Categorize level-0/1 messages

On 10/20/21 3:14 PM, Amos Jeffries wrote: > On 21/10/21 4:22 am, Alex Rousskov wrote: >> To facilitate automatic monitoring of Squid cache.logs, I suggest to >> adjust Squid code to divide all level-0/1 messages into two major >> categories -- "problem messages" a

[squid-dev] RFC: Categorize level-0/1 messages

Hello, Nobody likes to be awaken at night by an urgent call from NOC about some boring Squid cache.log message the NOC folks have not seen before (or miss a critical message that was ignored by the monitoring system). To facilitate automatic monitoring of Squid cache.logs, I suggest to adjust

Re: [squid-dev] bizarre build behaviour from PoolingAllocator on OpenBSD/clang

On 8/16/21 10:44 AM, Alex Rousskov wrote: > On 8/16/21 7:29 AM, Stuart Henderson wrote: > >> -c .../src/log/access_log.cc -fPIC -DPIC -o .libs/access_log.o >> In file included from .../src/log/access_log.cc:12: >> In file included from .../src/AccessLogEntry.h:19: >>

Re: [squid-dev] bizarre build behaviour from PoolingAllocator on OpenBSD/clang

On 8/16/21 7:29 AM, Stuart Henderson wrote: > -c .../src/log/access_log.cc -fPIC -DPIC -o .libs/access_log.o > In file included from .../src/log/access_log.cc:12: > In file included from .../src/AccessLogEntry.h:19: > In file included from .../src/HttpHeader.h:13: > In file included from

Re: [squid-dev] Coding Style updates

On 8/15/21 9:07 PM, Amos Jeffries wrote: > The existence of such a style requirement on Factory developers, and > thus need for Squid code to match it for ease of future bug fixing, was > given to me as a reason for ICAP and eCAP feature code staying in the > Factory supplied one-line format

Re: [squid-dev] bizarre build behaviour from PoolingAllocator on OpenBSD/clang

On 8/15/21 2:51 PM, Francesco Chemolli wrote: > Hi all, > I'm looking into OpenBSD compatibility for trunk, and there's a > strange behaviour at build time on OpenBSD (6.9) / clang (10.0.1) > > When building src/log/access.log.cc, build fails with these errors: > > -- begin

Re: [squid-dev] Coding Style updates

On 8/12/21 8:31 PM, Amos Jeffries wrote: > I am aware that Factory ... prefers the one-line style. Factory does not prefer the one-line style. > If we don't have agreement on a change I will > implement enforcement of the existing style policy. I cannot find any existing/official rules

Re: [squid-dev] Coding Style updates

On 8/12/21 12:42 AM, Amos Jeffries wrote: > 1) return type on separate line from function definition. > > Current style requirement: > >   template<...> >   void >   foo(...) >   { >     ... >   } > > AFAIK, this based on GNU project style preferences from the far past > when Squid had a tight

Re: [squid-dev] Page render issue at whitelisting

On 7/20/21 2:03 PM, Bisma usman wrote: > Hi , my name is BISMA i have issue related to squid whitelisting. > > I have configured the whitelisting in conf file , e.g i whitelisted > facebook.com , when i open facebook in browser it > opens facebook but page dosent load css or CDN domains some

Re: [squid-dev] Squid Features

On 7/20/21 9:09 AM, mitesh.pa...@amul.coop wrote: > I am Squid proxy user… Need to know more on its security part. Hi Mitesh, Security is a vast topic. You may get better responses from this Squid development mailing list if you rephrase your email so that it becomes a specific question

Re: [squid-dev] [squid-users] Squid modification to only read client SNI without bumping.

On 6/8/21 7:36 AM, squ...@treenet.co.nz wrote: > The way I think to approach it though is to start with the > configuration parser. That starting point does not compute for me. We do need to agree on how to configure this feature, but parsing any resulting Squid configuration ought to be very

Re: [squid-dev] Compilling squid

On 5/29/21 2:58 PM, phenom252...@yandex.ru wrote: > Hello, please help with building squid with ssl support for filtering > https in transparent mode. I am assembling from sources on ubuntu server > 18.20 version. The problem is that reading on your site, I do not > understand what dependencies

Re: [squid-dev] Strategy about build farm nodes

On 5/17/21 3:32 PM, Francesco Chemolli wrote: > On Mon, May 17, 2021 at 8:32 PM Alex Rousskov wrote: > > On 5/17/21 2:17 AM, Francesco Chemolli wrote: > > $ make all push > > Does that "make push" command automatically switch Jenkins CI to using

Re: [squid-dev] Strategy about build farm nodes

On 5/17/21 2:17 AM, Francesco Chemolli wrote: > Our Linux environments are docker containers on amd64, armv7l and arm64. > On a roughly monthly cadence, I pull from our dockerfiles repo > (https://github.com/kinkie/dockerfiles) and > $ make all push Does that "make push" command automatically

Re: [squid-dev] Strategy about build farm nodes

On 5/16/21 10:19 PM, squ...@treenet.co.nz wrote: > On 2021-05-17 11:56, Alex Rousskov wrote: >> On 5/16/21 3:31 AM, Amos Jeffries wrote: >>> On 4/05/21 2:29 am, Alex Rousskov wrote: >>>> The principles I have proposed allow upgrades that do not violate ke

Re: [squid-dev] Strategy about build farm nodes

On 5/16/21 3:31 AM, Amos Jeffries wrote: > On 4/05/21 2:29 am, Alex Rousskov wrote: >> On 5/3/21 12:41 AM, Francesco Chemolli wrote: >>> - we want our QA environment to match what users will use. For this >>> reason, it is not sensible that we just stop upgrading our

Re: [squid-dev] Strategy about build farm nodes

On 5/3/21 12:41 AM, Francesco Chemolli wrote: > - we want our QA environment to match what users will use. For this > reason, it is not sensible that we just stop upgrading our QA nodes, I see flaws in reasoning, but I do agree with the conclusion -- yes, we should upgrade QA nodes. Nobody has

Re: [squid-dev] Strategy about build farm nodes

On 4/28/21 5:12 PM, Amos Jeffries wrote: > I'm not sure why this is so controversial still. We have already been > over these and have a policy from last time: Apparently, the recollections of what was agreed upon, if anything, during that "last time" differ. If you can provide a pointer to that

Re: [squid-dev] Strategy about build farm nodes

On 4/28/21 1:45 AM, Francesco Chemolli wrote: >   I'm moving here the discussion from PR #806 about what strategy to > have for CI tests, looking for an agreement. > We have 3 classes of tests ni our CI farm > (https://build.squid-cache.org/) > - PR staging tests, triggered by commit hooks on

Re: [squid-dev] Forcing interception(transparent) mode, disabling NS lookups, and 'secretly' forwarding connections

On 4/4/21 7:06 PM, Joshua Rogers wrote: > I ended up finding a solution. > > http->uri in the ConnStateData::parseHttpRequest function can simply be > rewritten to be http://localhost:80/ . You can > also manually set COMM_INTERCEPTION a little bit before that. You may also

Re: [squid-dev] Squid 5.0.5 - compilation errors

On 2/10/21 5:32 PM, Lubos Uhliarik wrote: > cp: cannot create regular file 'tests/stub_debug.cc': No such file or > directory If you are using parallel make, then this is probably bug #5060: https://bugs.squid-cache.org/show_bug.cgi?id=5060 Alex. ___

Re: [squid-dev] effective acl for tcp_outgoing_address

ng is denied here. HTH, Alex. > > -Original Message- > From: Alex Rousskov > Sent: Thursday, January 14, 2021 11:25 PM > To: squid-dev@lists.squid-cache.org > Cc: Hideyuki Kawai（川井秀行） > Subject: Re: [squid-dev] effective acl for tcp_outgoing_address > &

Re: [squid-dev] effective acl for tcp_outgoing_address

On 1/13/21 7:47 PM, Hideyuki Kawai wrote: > 1. "external_acl" can not use on tcp_outgoing_address. Because the > external_acl type is slow. My understanding is correct? Yes, your understanding is correct. There are cases where a slow ACL "usually works" with a tcp_outgoing_address directive due

Re: [squid-dev] [squid-users] Host header forgery detected on domain: mobile.pipe.aria.microsoft.com

Squid-dev? IMO, if you are going to discuss the problem and possible functionality-level solutions, then squid-users may be the best place for that. If you are going to discuss code changes and similar developer-level issues, use squid-dev. Alex. > -Original Message- > From: A

Re: [squid-dev] File descriptor leak at ICAP reqmod rewrites of CONNECT requests

On 12/10/20 3:33 PM, Alexey Sergin wrote: > - Squid writes to cache.log a message like "kick abandoning <>"; These messages indicate a Squid bug, most likely in REQMOD request satisfaction implementation specific to CONNECT use cases. The messages are not prefixed with a "BUG" label, but

Re: [squid-dev] forwarded_for based on acls

On 11/3/20 5:58 AM, Eliezer Croitor wrote: > I believe that the `forwarded_for` and the `via` config should be > converted to an ACL style one. Sure, (optional) ACL support in forwarded_for and via directives is an improvement worth accepting. It should be straightforward to implement as long as

Re: [squid-dev] rfc1738.c

On 10/29/20 7:41 AM, Amos Jeffries wrote: > The latest Squid have AnyP::Uri::Encode() whic uses a caller provided > buffer. Just to avoid misunderstanding: AnyP::Uri::Encode() uses a caller-provided buffer as _input_. So does rfc1738*_escape(), of course. That kind of input is unavoidable and is

Re: [squid-dev] rfc1738.c

On 10/29/20 7:17 AM, Damian Wojslaw wrote: > It was mentioned that rfc1738_do_escape could use changing so it doesn't > return static buffer. Yes. Most likely, rfc1738 family of functions should return an SBuf, but refactoring that may require a serious effort, on several layers. This is not the

Re: [squid-dev] Jenkins situation

On 8/4/20 9:26 PM, Amos Jeffries wrote: > With the recent Jenkins randomly failing builds due to git pull / fetch > failures I am having to selectively disable the PR Jenkins block on PR > merging for some hrs. > > Please do not mark any PRs with "M-cleared-for-merge" until further > notice. I

Re: [squid-dev] RFC: tls_key_log: report TLS pre-master secrets, other key material

On 7/30/20 6:28 AM, Amos Jeffries wrote: >> On 7/15/20 3:14 PM, Alex Rousskov wrote: >>> I propose to add a new tls_key_log directive to record TLS >>> pre-master secret (and related encryption details) for to- and >>> from-Squid TLS connections. This ver

Re: [squid-dev] RFC: tls_key_log: report TLS pre-master secrets, other key material

On 7/15/20 3:14 PM, Alex Rousskov wrote: > I propose to add a new tls_key_log directive to record TLS > pre-master secret (and related encryption details) for to- and > from-Squid TLS connections. This very useful triage feature is common > for browsers and some networking tool

[squid-dev] RFC: tls_key_log: report TLS pre-master secrets, other key material

Hello, I propose to add a new tls_key_log directive to record TLS pre-master secret (and related encryption details) for to- and from-Squid TLS connections. This very useful triage feature is common for browsers and some networking tools. Wireshark supports it[1]. You might know it as

  1   2   3   4   5   6   7   8   9   10   >