Squid closes the SSL client connection with "Failed to start fake
CONNECT request for ssl spliced connection". This happens especially
often when the pipeline_prefetch configuration parameter is set to "0"
(i.e., default).
When a transparent SSL connection is peeked and then spliced in step2,
we are generating a fake CONNECT request. The fake CONNECT request is
counted as a new pipelined request and may exceed the configured limit.
This patch solves this problem by raising the limit for that request.
Needs more work to better identify the requests that need a different limit.
This is a Measurement Factory project.
Fake CONNECT exceeds concurrent requests limit.
Squid closes the SSL client connection with "Failed to start fake CONNECT
request for ssl spliced connection". This happens especially often when
the pipeline_prefetch configuration parameter is set to "0" (i.e., default).
When a transparent SSL connection is peeked and then spliced in step2, we are
generating a fake CONNECT request. The fake CONNECT request is counted as a
new pipelined request and may exceed the configured limit. This patch solves
this problem by raising the limit for that request.
Needs more work to better identify the requests that need a different limit.
This is a Measurement Factory project.
=== modified file 'src/client_side.cc'
--- src/client_side.cc 2015-02-06 19:45:02 +0000
+++ src/client_side.cc 2015-02-24 20:58:25 +0000
@@ -2724,41 +2724,42 @@
}
int
ConnStateData::pipelinePrefetchMax() const
{
return Config.pipeline_max_prefetch;
}
/**
* Limit the number of concurrent requests.
* \return true when there are available position(s) in the pipeline queue for another request.
* \return false when the pipeline queue is full or disabled.
*/
bool
ConnStateData::concurrentRequestQueueFilled() const
{
const int existingRequestCount = getConcurrentRequestCount();
// default to the configured pipeline size.
// add 1 because the head of pipeline is counted in concurrent requests and not prefetch queue
- const int concurrentRequestLimit = pipelinePrefetchMax() + 1;
+ const int internalRequest = (transparent() && sslBumpMode == Ssl::bumpSplice) ? 1 : 0;
+ const int concurrentRequestLimit = pipelinePrefetchMax() + 1 + internalRequest;
// when queue filled already we cant add more.
if (existingRequestCount >= concurrentRequestLimit) {
debugs(33, 3, clientConnection << " max concurrent requests reached (" << concurrentRequestLimit << ")");
debugs(33, 5, clientConnection << " deferring new request until one is done");
return true;
}
return false;
}
/**
* Perform proxy_protocol_access ACL tests on the client which
* connected to PROXY protocol port to see if we trust the
* sender enough to accept their PROXY header claim.
*/
bool
ConnStateData::proxyProtocolValidateClient()
{
if (!Config.accessList.proxyProtocol)
_______________________________________________
squid-dev mailing list
[email protected]
http://lists.squid-cache.org/listinfo/squid-dev
