On Sun, 18 Sep 2011 21:05:35 +0100, Andrew Beverley wrote:
Hi,
I have run into a problem using the session helper (ext_session_acl).
In
its current format, the session helper expects 2 parameters as a
minimum. However, using the example at
http://wiki.squid-cache.org/ConfigExamples/Portal/Splash only one is
passed (the IP address).
The second parameter expected is referred to as the user_key in the
source code, which is then returned as a prefix in the reply. When
user_key is missing, ext_session_acl segfaults. When it *is* there,
its
presence in the reply message breaks the protocol (according to
http://www.squid-cache.org/Doc/config/external_acl_type/ the reply
should begin with "OK" or "ERR").
The attached patch completely removes the user_key variable. It Works
For Me (TM), but I do not know the original intention for user_key.
Is
it needed?
I would also like to see any STDERR messages from the helper logged
to
cache.log (for example, if the database cannot be created). What is
the
best way to achieve this? I couldn't work out a way to do it - they
appear to be "lost" at the moment.
Thanks,
Andy
The session helper in Squid-3 is concurrent. The user_key is the opaque
channel-ID. (Probably should be renamed to match the protocol
documentation).
http://wiki.squid-cache.org/Features/AddonHelpers#Access_Control_.28ACL.29
The correct way to fix this is to detect the segfault case add a stderr
ERROR: message that the helper is concurrent and requires a config
update.
stderr should appear in cache.log whenever sent. Most of the lines so
far appear to be debug messages, which depend on the -d option to
display.
Also....the .8 manual needs to mention the concurrency rather than just
implying it in the example config. The helper version should get a bump
to 1.1 as well.
Amos
