Re: cvs commit: squid/lib rfc1738.c
ons 2007-05-23 klockan 19:35 -0600 skrev Adrian Chadd: Ta for doing this; the only reason I didn't touch it when I saw the discrepancy between the code and RFC (3986 though) is what it might break. I was going to talk to you about it today. I'm not very worried about breakage here. The only questionmark is on helpers, but I think all uses case-neutral parsers.. (queries to helpers is uri-escaped). Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Interested in getting involved
tis 2007-05-22 klockan 17:42 +0200 skrev Emilio Casbas: 1. Synchronize cf.data.pre formatting and language between the two releases. Some options is better documented in 2.6, some in 3.. Ok, I'm in the process os synchronizing the files of two releases. Hint: Use the scripts/www/build-cfg-help.pl script to split the file. This rules out any sorting differences, and makes it easier to focus at one option a time. 2. Document the other differences in the Squid-3.0 release notes. How can I know that one option is only available in one release but it's not in the other? If an option is only in cf.data.pre for one of the releases then it's only in that release. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: cvs commit: squid3/src HttpReply.cc
tis 2007-05-22 klockan 10:37 -0600 skrev Alex Rousskov: Bug #1967 fix: avoid new strncmp() that silently converts char* buffers into Strings because String length is limited by 64KB and because it is an expensive conversion. Ugh... C++ magics strikes again. Thanks for finding this. Was a bit worried there for a while. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: /dev/poll support for squid-2
sön 2007-05-20 klockan 17:43 +0800 skrev Adrian Chadd: I've written some initial /dev/poll support for squid-2: http://www.creative.net.au/diffs/2007-05-20-squid2-devpoll.diff The notable change to the rest of the codebase is exposing commOpen() and commClose() functions. commOpen() to initialise the per-fd state, the commClose() to be a bit more explicit about how FD's are being removed. Comments? Looks fine. What's left to make it a full /dev/poll support? Just testing, or is something missing? Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: cvs commit: squid/src tools.c
sön 2007-05-20 klockan 23:53 -0600 skrev Adrian Chadd: use inet_ntoa() for now; my optimised code was getting the octets backward on my PPC; even when I tried using ntohl(). I'll fix this one day.. ntohl is a nop on PPC and other big-endian systems.. You need to parse the address in host order, then use htonl to mangle it into the common network byte order.. Or alternatively parse it raw into network byte order by using a char*. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Interested in getting involved
mån 2007-05-21 klockan 12:09 +0200 skrev Emilio Casbas: Hi all, I have been working with squid for 5 years. We are working with different scenarios and configurations such as cache-proxy with several acls in a multiple caching hierarchy. Reverse proxy and transparent proxy. I would like to get involved with squid in order to know their internal structure and work, by this way having more possibilities to understand more deeply the problems or difficulties we could have. I could start contributing by fixing small bugs, the first patch I have done was http://www.squid-cache.org/Versions/v3/3.0/changesets/10800.patch I could go ahead in this direction. You are most welcome. Another task which we need quite immediate help with is to make a good comparison of the Squid-2.6 and Squid-3 features. Preferably done in two steps 1. Synchronize cf.data.pre formatting and language between the two releases. Some options is better documented in 2.6, some in 3.. 2. Document the other differences in the Squid-3.0 release notes. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: squid3_logdaemon work (round 1) complete
tor 2007-05-17 klockan 08:19 +0800 skrev Adrian Chadd: Hm, which modern platforms are going to have trouble with stdio using FD 256 -and- C++ ? Solaris stdio is one. stdio is C not C++. No difference only because you compile C++ using stdio.. still C linked to a C++ program. C++ ostream reportedly do not have the same problem on Solaris. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] logformat and emulate_httpd_log
Applied to Squid-2 and 3. Regards Henrik tor 2007-05-17 klockan 12:19 +0200 skrev Emilio Casbas: Henrik Nordstrom escribió: tis 2007-05-15 klockan 17:27 +0200 skrev Emilio Casbas: But we need a %ru parameter like the httpd native log, that is showing; /SI/images/servicios/normasdeuso/normas.swf instead of http://X.X.X.60/SI/images/servicios/normasdeuso/normas.swf This is not implemented yet. Patches adding this format is welcome. Regards Henrik I have done a small patch to have a new rp format code in order to show only the urlpath in the access log. For us it's working correctly, but I'm not sure about the patch construction, due it's the first patch I have made. Thanks Emilio C. vanligt textdokument-bilaga (new-rpfc-log-patch) --- squid-2.6.STABLE13/src/access_log.c 2007-02-03 21:59:24.0 + +++ squid-2.6.STABLE13-MOD/src/access_log.c 2007-05-17 09:23:19.0 + @@ -297,6 +297,7 @@ LFT_REQUEST_METHOD, LFT_REQUEST_URI, +LFT_REQUEST_URLPATH, /*LFT_REQUEST_QUERY, * // * this is not needed. see strip_query_terms */ LFT_REQUEST_VERSION, @@ -400,6 +401,7 @@ {rm, LFT_REQUEST_METHOD}, {ru, LFT_REQUEST_URI}, /* doesn't include the query-string */ +{rp, LFT_REQUEST_URLPATH}, /* doesn't include the host */ /* { rq, LFT_REQUEST_QUERY }, * / / * the query-string, INCLUDING the leading ? */ {v, LFT_REQUEST_VERSION}, {rv, LFT_REQUEST_VERSION}, @@ -632,6 +634,11 @@ out = al-url; break; + case LFT_REQUEST_URLPATH: +out = strBuf(al-request-urlpath); + quote = 1; + break; + case LFT_REQUEST_VERSION: snprintf(tmp, sizeof(tmp), %d.%d, (int) al-http.version.major, (int) al-http.version.minor); out = tmp; --- squid-2.6.STABLE13/src/cf.data.pre2007-04-24 21:30:03.0 + +++ squid-2.6.STABLE13-MOD/src/cf.data.pre2007-05-16 15:51:36.0 + @@ -1270,6 +1270,7 @@ mt MIME content type rm Request method (GET/POST etc) ru Request URL + rp Request URLPATH (like the apache log) rv Request protocol version ea Log string returned by external acl st Reply size including HTTP headers signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Squid 2.6.STABLE12 and ICAP
tis 2007-05-15 klockan 13:06 -0600 skrev Alex Rousskov: Henrik, anything I should do to make the auto-generated patch on devel.squid-cache.org reflect the current state of the ICAP branch? No. It's something with my patch scripts. Currently investigating. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: squid3_logdaemon work (round 1) complete
ons 2007-05-16 klockan 21:59 +0800 skrev Adrian Chadd: I've completed the first round logfile code shifting. * use stdio for logfile writing; isn't going to be worse than how it was done before (still sync) C stdio, or C++ OStream? stdio fails quite badly on some OS:es if using more than 256 filedescriptors.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Squid 2.6.STABLE12 and ICAP
ons 2007-05-16 klockan 09:57 +0200 skrev Henrik Nordstrom: tis 2007-05-15 klockan 13:06 -0600 skrev Alex Rousskov: Henrik, anything I should do to make the auto-generated patch on devel.squid-cache.org reflect the current state of the ICAP branch? No. It's something with my patch scripts. Currently investigating. Fixed, kind of... the patch scripts do a very simplistic text parsing of the projects.html file, and failed to find the squid3-icap branch because it used a slightly different HTML than the other projects.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Squid 2.6.STABLE12 and ICAP
mån 2007-05-14 klockan 12:14 +0200 skrev Jeremy Lardon: I got some interest in Squid/ICAP architecture. So I tried to patch the nightly snapshot but a large amount of code is already in the Squid-3 source. Sounds like Alex has forgot to run cvsmerge after his last batch of icap patches, or that something has gone wrong somewhere.. Looking at the CVS trees I see that Alex ran cvsmerge a couple of days ago, so I can only assume something has gone wrong somewhere. Hmm.. looks like the downloadable patches isn't getting updated properly. I'll look into why.. Consequently, I wonder what may be the best : - try to see if all rejections by the patch command are due to the existence of the code in the source else add the differences, - look for the version with which the ICAP patch has be created and apply the patch on it. Or check out the squid3-icap CVS branch from devel.squid-cache.org. http://devel.squid-cache.org/CVS.html that way you get a complete tree, ready for you to run bootstrap.sh and then compile.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Squid 3 download page stuck
mån 2007-05-14 klockan 13:53 -0600 skrev Duane Wessels: /path/to/squid-3/mkrelease.sh 3.0.PRE6 /path/to/www.squid-cache.org/Versions/v3/3.0/ I was going to see about updating release notes and such. You need to do that before you set the CVS tag... I updated the web page and copied it to the FTP area. Any good reason that Squid-3 packages are in /pub/squid-2 instead of /pub/squid-3? I created the squid-3 directory and cross linked the old files. Sounds fine. Mirrors? Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Squid 3 download page stuck
sön 2007-05-13 klockan 10:39 +0200 skrev Guido Serassio: The Squid 3 download page is stuck at 9 May, may be related to PRE6 release. Checking... yes. The -CVS part of the version tag should not be removed. It's removed automatically by the mkrelease script. It's there so we know when people use the CVS version.. Fixed. AC_INIT version usage: Released tarballs: Without -CVS Snapshots: version-date CVS: version-CVS (always) Also, it seems the release has been tagged but not released. Duane? it's as simple as /path/to/squid-3/mkrelease.sh 3.0.PRE6 /path/to/www.squid-cache.org/Versions/v3/3.0/ Now done, but I have not updated the web pages, or copied the files to the FTP area. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Question about authenticateNegotiateHandleReply
fre 2007-05-11 klockan 21:13 +0100 skrev Markus Moeller: I use the below on Opensuse 10.2 /usr/sbin/squid -v Squid Cache: Version 2.6.STABLE6 Can you try a more up to date version? It's possible Negotiate is a bit broken in the version you have.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Authentication: Time and Monetary contributions
ons 2007-05-09 klockan 13:43 -0500 skrev Stefan Adams: On 5/9/07, Henrik Nordstrom [EMAIL PROTECTED] wrote: Sure. Been on the devel.squid-cache.org since promised.. http://devel.squid-cache.org/projects.html#ntlm_ip_cache Bah! I did end up finding it -- THANKS!! I had used your direct link also provided in the message (http://devel.squid-cache.org/changesets/squid2/ntlm_ip_cache/) and it was a 404. Sorry about that. My error in typing the URL above. The correct changesets URL is http://devel.squid-cache.org/changesets/squid/ntlm_ip_cache.html Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: 2.6.STABLE13 planned for 8 May, next snapshot release candidate
Released, a few days later than planned (forgot..) Regards Henrik sön 2007-05-06 klockan 00:36 +0200 skrev Henrik Nordstrom: Squid-2.6.STABLE13 is now planned for release this Tuesday (8 May). The next snapshot released in a couple of hours is considered a release candidate. Please test. Release notes: 18. Key changes squid-2.6.STABLE12 to 2.6.STABLE13 * Make sure reply headers gets sent even if there is no body available yet, fixing RealMedia streaming over HTTP issues. * Bug #1814: SSL memory leak on persistent SSL connections * Ukrainan error messages ChangeLog: - Make sure reply headers gets sent even if there is no body available yet, fixing RealMedia streaming over HTTP issues. - Undo an accidental name change of storeUnregisterAbort. - Kill an ancient malplaced storeUnregisterAbort call from ftp.c - Bug #1814: SSL memory leak on persistent SSL connections - Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log - Cosmetic fix: added missing newline in WCCPv2 configuration dump. - Ukrainan error messages - Convert various error pages from DOS to UNIX text format - Bug #1820: COSS assertion failure t-length == MD5_DIGEST_CHARS - Clarify the max-conn=n cache_peer option syntax slightly - Bug #1892: COSS segfault on shutdown - Windows port: fix undefined ECONNABORTED - Make refreshIsCachable handle ETag as a cache validator, not only last-modified - in_port_t is not portable, use unsigned short instead - Fix fs / auth / snmp dependencies Changesets: http://www.squid-cache.org/Versions/v2/2.6/changesets/ 2007/05/05 22:18:47 hno +63 -12Documentation update, preparing for 2.6.STABLE13 2007/05/05 22:06:55 hno +14 -3 Fix fs / auth / snmp dependencies 2007/05/05 22:03:47 serassio+2 -2 Fix compile warning about uninitialized variable in store_dir_coss.c 2007/04/26 23:11:51 hno +2 -2 in_port_t is not portable, use unsigned short instead 2007/04/26 23:10:54 hno +11 -12Make refreshIsCachable handle ETag as a cache validator, not only last-modified 2007/04/26 23:09:46 serassio+2 -1 Windows port: fix undefined ECONNABORTED 2007/04/26 23:08:19 Tor Ake Fransson+3 -3 Bug #1892: COSS segfault on shutdown 2007/04/24 21:30:03 hno +3 -3 Clarify the max-conn=n cache_peer option syntax slightly 2007/04/24 21:28:50 Mark Bergsma+17 -6 Bug #1820: COSS assertion failure t-length == MD5_DIGEST_CHARS 2007/04/17 09:48:31 serassio+760 -760 Convert various error pages from DOS to UNIX text format 2007/04/17 09:45:36 [EMAIL PROTECTED] +2271 -0 Ukrainan error messages 2007/04/17 09:40:59 serassio+2 -1 Cosmetic fix: added missing newline in WCCPv2 configuration dump. 2007/04/17 09:39:56 hno +2 -2 Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log 2007/04/17 09:35:17 hno +8 -6 Bug #1814: SSL memory leak on persistent SSL connections 2007/03/26 23:41:43 hno +1 -2 Kill an ancient malplaced storeUnregisterAbort call from ftp.c 2007/03/26 23:14:09 hno +6 -6 Undo an accidental name change of storeUnregisterAbort. 2007/03/26 23:08:00 hno +17 -1 Make sure reply headers gets sent even if there is no body available yet Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Question about authenticateNegotiateHandleReply
ons 2007-05-09 klockan 00:07 +0100 skrev Markus Moeller: I have written a helper program for the negotiate protocol (only the Kerberos part of it). I can get it to determine the correct userid but somehow the reply doesn't get back to squid. I don't get any debug from authenticateNegotiateHandleReply. What triggers authenticateNegotiateHandleReply to read the output of the helper program ? Just the fact that the helper returned some output. Squid is continously monitoring the helper connection and as soon as the helper outputs something authenticateNegotiateHandleReply gets called. As Duane said the most likely cause to helper output not being seen by Squid is stdio buffering. libc by default buffers output not sent to terminals by the assumtion that everything not a terminal is a batch operation to a file which will only be read after the program has exited (or closed the file), which is not quite what you want here.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Authentication: Time and Monetary contributions
ons 2007-05-09 klockan 13:29 -0500 skrev Stefan Adams: Henrik, thanks for your great response! I have a question below... On 4/2/07, Henrik Nordstrom [EMAIL PROTECTED] wrote: off frequently. When the cache is expired or empty, authentication would be turned on and the browser would be asked for credentials. While there is data in the cache, authentication would be turned off and the browser would not be asked for credentials. Hmm.. hasn't I published my small project doing this for NTLM? Looking, apparently not. Fixing that.. Will be available on devel.squid-cache.org tomorrow after the next web site update. Until then you can browse the branch at http://devel.squid-cache.org/changesets/squid2/ntlm_ip_cache/ Has this been made available yet? I'd really enjoy taking a look at it! Sure. Been on the devel.squid-cache.org since promised.. http://devel.squid-cache.org/projects.html#ntlm_ip_cache Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Question about authenticateNegotiateHandleReply
mån 2007-05-07 klockan 22:38 +0100 skrev Markus Moeller: Is there anywhere a guide for creating helper programs ? Not really. For the simpler helpers such as url rewriter, basic auth helpers, acl's etc there hasn't really been a need for a guide beyond what is said in the squid.conf comments and the existing helpers as examples. The NTLM and Negotiate schemes is a bit more complex with their statefullness, but it's also not something very many people are going to implement helpers for so it's easier to deal with on a case by case basis there. Just fire whatever questions you have to [EMAIL PROTECTED] The NTLM helper protocol was defined by Squid some years ago. The Negotiate helper protocol was defined by Samba, based on the Squid NTLM helper protocol. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
2.6.STABLE13 planned for 8 May, next snapshot release candidate
Squid-2.6.STABLE13 is now planned for release this Tuesday (8 May). The next snapshot released in a couple of hours is considered a release candidate. Please test. Release notes: 18. Key changes squid-2.6.STABLE12 to 2.6.STABLE13 * Make sure reply headers gets sent even if there is no body available yet, fixing RealMedia streaming over HTTP issues. * Bug #1814: SSL memory leak on persistent SSL connections * Ukrainan error messages ChangeLog: - Make sure reply headers gets sent even if there is no body available yet, fixing RealMedia streaming over HTTP issues. - Undo an accidental name change of storeUnregisterAbort. - Kill an ancient malplaced storeUnregisterAbort call from ftp.c - Bug #1814: SSL memory leak on persistent SSL connections - Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log - Cosmetic fix: added missing newline in WCCPv2 configuration dump. - Ukrainan error messages - Convert various error pages from DOS to UNIX text format - Bug #1820: COSS assertion failure t-length == MD5_DIGEST_CHARS - Clarify the max-conn=n cache_peer option syntax slightly - Bug #1892: COSS segfault on shutdown - Windows port: fix undefined ECONNABORTED - Make refreshIsCachable handle ETag as a cache validator, not only last-modified - in_port_t is not portable, use unsigned short instead - Fix fs / auth / snmp dependencies Changesets: http://www.squid-cache.org/Versions/v2/2.6/changesets/ 2007/05/05 22:18:47 hno +63 -12Documentation update, preparing for 2.6.STABLE13 2007/05/05 22:06:55 hno +14 -3 Fix fs / auth / snmp dependencies 2007/05/05 22:03:47 serassio+2 -2 Fix compile warning about uninitialized variable in store_dir_coss.c 2007/04/26 23:11:51 hno +2 -2 in_port_t is not portable, use unsigned short instead 2007/04/26 23:10:54 hno +11 -12Make refreshIsCachable handle ETag as a cache validator, not only last-modified 2007/04/26 23:09:46 serassio+2 -1 Windows port: fix undefined ECONNABORTED 2007/04/26 23:08:19 Tor Ake Fransson+3 -3 Bug #1892: COSS segfault on shutdown 2007/04/24 21:30:03 hno +3 -3 Clarify the max-conn=n cache_peer option syntax slightly 2007/04/24 21:28:50 Mark Bergsma+17 -6 Bug #1820: COSS assertion failure t-length == MD5_DIGEST_CHARS 2007/04/17 09:48:31 serassio+760 -760 Convert various error pages from DOS to UNIX text format 2007/04/17 09:45:36 [EMAIL PROTECTED] +2271 -0 Ukrainan error messages 2007/04/17 09:40:59 serassio+2 -1 Cosmetic fix: added missing newline in WCCPv2 configuration dump. 2007/04/17 09:39:56 hno +2 -2 Don't log ECONNREFUSED/ECONNABORTED accept failures in cache.log 2007/04/17 09:35:17 hno +8 -6 Bug #1814: SSL memory leak on persistent SSL connections 2007/03/26 23:41:43 hno +1 -2 Kill an ancient malplaced storeUnregisterAbort call from ftp.c 2007/03/26 23:14:09 hno +6 -6 Undo an accidental name change of storeUnregisterAbort. 2007/03/26 23:08:00 hno +17 -1 Make sure reply headers gets sent even if there is no body available yet Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Squid 3.0 and logformat
fre 2007-05-04 klockan 11:30 +0200 skrev Ghislain: Re Hi Yesterday I've forgotten to talk about logformat in squid 3.0, I have a problem with the key %{X-Provider}h in the tag logformat. With a squid 2.6, there is no problem. If there is a difference compared to 2.6 file a bug report, with a more detailed description of the problem. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: OS builds
ons 2007-05-02 klockan 17:53 +1200 skrev Amos Jeffries: 'Name thy OS' would be those seen in squid-users where people are stuck with old 2.6 or 2.5 etc. The culprits seemed to be RedHat and CentOS. RedHat already provides up to date builds for RHEL. Not officially supported, but at least provided.. Also, the Fedora SRPMS rebuilds just fine on RHEL. The culpit with most RHEL users is that their management does not allow them upgrades outside RHEL, so they are stuck with whatever RedHat provides in their support channel. And for some reason most Centos users seems to reason the same, but without being bound to a support channel.. What I think we should do is to provide a repository of vendor distributions. There is many, and supricingly many users don't know where to find the latest version from their vendor. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Dependency problem building Squid 2.6
sön 2007-04-29 klockan 11:03 +0200 skrev Guido Serassio: After changing a COSS file, running make correctly rebuilds libcoss.a, but squid executable is not linked against the new library. May be that the same could be happen also for the other store types. Does it work in Squid-3? Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: auth_ntlm broken?
lör 2007-04-28 klockan 22:00 -0600 skrev Alex Rousskov: Thank you for reporting the problem! It sounds like the changes you are talking about came from the Squid HEAD branch. Perhaps they created a conflict and the conflict was not resolved correctly. I will investigate and try to fix. That probablly the fixes for Bug #1792 and #1873. http://www.squid-cache.org/Versions/v3/3.0/changesets/10626.patch #1873 http://www.squid-cache.org/Versions/v3/3.0/changesets/10632.patch #1792 Probably some other NTLM fix from Squid-2 is missing, or there was some error introduced forwardporting these changes. The Squid-2 versions look like http://www.squid-cache.org/Versions/v2/2.6/changesets/11170.patch #1873 http://www.squid-cache.org/Versions/v2/2.6/changesets/11147.patch #1792 take 2 http://www.squid-cache.org/Versions/v2/2.6/changesets/11145.patch #1792 take 1 Hmm.. Squid-2 has one more change not yet in Squid-3. Might be relevant even if that only showed it's ugly head while using Negotiate in Squid-2. http://www.squid-cache.org/Versions/v2/2.6/changesets/11280.patch Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Dependency problem building Squid 2.6
sön 2007-04-29 klockan 19:24 +0200 skrev Guido Serassio: tools.cc: In function `void sigusr2_handle(int)': tools.cc:428: warning: the address of `void sigusr2_handle(int)', will always evaluate as `true' Don't quite get the error, but it's easy to fix. Done. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Dependency problem building Squid 2.6
sön 2007-04-29 klockan 19:24 +0200 skrev Guido Serassio: forward.cc: In member function `void FwdState::connectStart()': forward.cc:875: error: `hex' undeclared (first use this function) forward.cc:875: error: (Each undeclared Should be std::hex identifier is reported only once for each function it appears in.) forward.cc:875: error: `dec' undeclared (first use this function) Same.. Should be fixed now. Regards Henri signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: debug statements to debugs statements
lör 2007-04-28 klockan 00:14 +0300 skrev Tsantilas Christos: Here is the patch which converts the debug statements to debugs statements: http://www.chtsanti.net/others/CONVER_DEBUGS.diff It is not excellent but it is not so bad... Applied with a bit of whitespace cleanup - Less aggressive folding of lines - Indent fixes little here and there. Maninly after if, or in switch statemetnts. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: nocpp remainders not yet in HEAD
ons 2007-04-25 klockan 21:00 +1200 skrev Amos Jeffries: The quick method of dropping files in the cppunit* directory missed a few. I just picked up on it now. Fixed. Thanks! The remainders was files only in the cvs.devel.squid-cache.org (aka SF) repository, not the main repository. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: cvs commit: squid3/lib xusleep.c Makefile.am
tis 2007-04-24 klockan 00:30 -0600 skrev Duane Wessels: Fix for compiling src/unlinkd.cc with kqueue and epoll. When Squid is compiled with --enable-kqueue or --enable-epoll, we're not supposed to use any fd_set structures. unlinkd.cc uses select() to pause and wait for for feedback from the external unlinkd helper. But when using kqueue or epoll, unlinkd.cc will have to use usleep emulation rather than select. Hmm.. it's fine (and probably preferred) for the external daemon to use select and fd_set. This restriction is just on code linked into the squid binary. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: cvs commit: squid3/lib xusleep.c Makefile.am
tis 2007-04-24 klockan 11:14 -0600 skrev Duane Wessels: Hmm.. it's fine (and probably preferred) for the external daemon to use select and fd_set. This restriction is just on code linked into the squid binary. external daemon does not use select. it is a very simple loop: I know. Only realized the code in question was in Squid after sending the message. See bugzilla comment. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Rate Limiting using SQUID
tis 2007-04-17 klockan 21:32 -0700 skrev Anand Lakshminath: Hi All, Is there a way to configure SQUID to rate limit requests to origin webservers. Basically, we don't want to hit any given website too hard and would like to throttle say 1 request per second. The closest we have is the max-conn=N cache_peer option. Limits the number of concurrent connections (==requests) to a given peer. Plus the collapsed_forwarding feature which also helps a lot in reducing storms on the backend servers.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: squid patch request
tis 2007-04-17 klockan 11:28 +0700 skrev áÎÄÒÅÊ áÔÁÎÇÕÌÏ×/çÏÒáÄÍ/ôÏÍÓË: Greetings. Yesterday i recieved an email with notification of patch request of feature i've already coded for myself. here's request: http://www.squid-cache.org/bugs/show_bug.cgi?id=491 here's my diffs for squid-2.5.STABLE5: http://hyper.admin.tomsk.ru/squid/tcp_outgoing_address_logging_patch.txt As i understand it is need to do this feature MUST be optional (maybe option in squid.conf or configure --option), cause it changes format of squid logs people using for stats. Can anyone put to rights this small addition so code can be accepted into the squid tree? looks reasonable. Please update for a more recent Squid version 2.6 or later (see below) and attach the results to the bug report and it's very likely to get accepted. Note that there has been fairly substantial changes to access_log.c, adding support for custom log formats, and this kind of extension fits very well as another format tag, with no need of changing the default squid access.log format. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Style of commit messages
Please follow the following style in your commit messages First if the primary author of the patch isn't you then have a line indicating the autor of the change Author: Name email Next a short summary of the change. Approximately one line. Then a blank line Followed by a full description of the change. The first two lines (Author:, and the summary) is picked up by the changeset tools. This applies to both CVS repositories, both the devel.squid-cache.org aka SourceForge, and the main repository. http://www.squid-cache.org/Versions/v2/HEAD/changesets/ http://www.squid-cache.org/Versions/v3/3.0/changesets/ http://devel.squid-cache.org/changesets/ Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Style of commit messages
mån 2007-04-16 klockan 15:24 +0800 skrev Adrian Chadd: On Mon, Apr 16, 2007, Henrik Nordstrom wrote: Please follow the following style in your commit messages First if the primary author of the patch isn't you then have a line indicating the autor of the change Author: Name email Next a short summary of the change. Approximately one line. Then a blank line Followed by a full description of the change. The first two lines (Author:, and the summary) is picked up by the changeset tools. Could you put this into the default CVS commit templates? Done. But will only be available on fresh checkouts. (CVS stupidity). Stored as CVS/Template in your local working directory. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Style of commit messages
mån 2007-04-16 klockan 10:34 +0200 skrev Henrik Nordstrom: Done. But will only be available on fresh checkouts. (CVS stupidity). Stored as CVS/Template in your local working directory. Hmm.. only works if you run cvs commit from a directory where the CVS/Template file exists, not if run from a sub-directory such as src.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Style of commit messages
tis 2007-04-17 klockan 00:09 +1200 skrev Amos Jeffries: While you are adjusting cvs is there a good reason for the squid-cvs email being in default diff format? Outside our control. I think we would all find it a little more useful reading and using updates if that email could be a unified diff. Fully agreed. And is what you have in the changesets viewer.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: cppunit removal
Applied, with some small changes. http://www.squid-cache.org/Versions/v3/3.0/changesets/10701.patch Regards Henrik tis 2007-04-17 klockan 01:06 +1200 skrev Amos Jeffries: AUTHOR: Ams Jeffries [EMAIL PROTECTED] The squid 3.0 will not be packaged with cppunit 1.10.0. The developers have decided that the packaging of cppunit within the squid sources has caused more trouble than was solved. Ease of install independently of squid combined with the apparently widespread use of cppunit as a standard tool we feel there is no need for it to be included. For the initial release to date there will be no replacement testing package and no automatic install for cppunit unless one is added by OS distribution maintainers. Squid releases already makes an attempt to detect external installs of cppunit and use those by preference over the packaged version. This existing detection has been left in place and will enable testing on any system with cppunit. Maintainers and source testers will need to have cppunit installed on their systems or not use make check. signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] find current ip address in code
mån 2007-04-16 klockan 01:12 +0530 skrev Siddhesh PaiRaikar: wat is the way to get the ip address of the machine whose request i am currently processing... in the code that is request-client_addr i am making the changes in store.c file where there are no implicit references to the clients ip address so that i may get it directly ..unlike other files like client_side.c If you need information about the client then store.c is probably not the correct place to be making changes.. What is it you are doing? Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Removing cppunit
tor 2007-04-12 klockan 23:05 -0600 skrev Alex Rousskov: I think that cppunit should be removed from the source tree (especially if it is so easy to install and is not for end-users anyway). This step should not depend on the make check discussion outcome. We all agree I think. I think others should decide whether make check should fail if there is no cppunit installed. My vote is that make check should depend on cppunit, at least for the next years.. make check is a tool for both users and developers, but with different purpose for the two user groups. For developers it's verifying the code, mainly to catch silly errors when making changes beyond what the compiler can do. To users it's a tool to verify that the compiler compiles the code in the manner the developer intended. With the big variety in C++ compilers out there and number of times it's already bitten Squid-3 it should not be taken lightly. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Squid-3 release cycle
tor 2007-04-12 klockan 20:31 +0200 skrev Guido Serassio: Here I think that a methodical comparison between 2.6 and 3.0 is needed. Not so sure. Find it much more important Squid-3 is stable than feature complete wrt 2.6. Probably there are a lot of not so big changes missing in 3.0. Very likely. But except for bug fixes I do not consider this very important at the moment. If it's missing and the fact that it's missing itches someone then it will probably get done. If not maybe something else more useful gets done. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Squid 3.0 bugs that need you.
tor 2007-04-12 klockan 11:42 -0600 skrev Alex Rousskov: http://www.squid-cache.org/bugs/show_bug.cgi?id=1475 Bug 1475 - File descriptor limit does work. I am not sure what the final resolution for this bug is. Henrik? Adrian? Closing.. ESI bugs targeted for 3.0 http://www.squid-cache.org/bugs/show_bug.cgi?id=951 http://www.squid-cache.org/bugs/show_bug.cgi?id=1088 If nobody is willing to work on ESI now, I would like to bump any 3.0 target milestone for ESI to 3.1 because ESI is an optional feature. Any objections? Fine by me, assuming it's documented as such.. And hopefully these will itch someone sufficiently badly to get them fixed and everyone wins. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Squid-3 release cycle
tor 2007-04-12 klockan 13:19 -0600 skrev Alex Rousskov: IMO, if we can support enough directives to accommodate 51% of current Squid2 users, that is enough. More importantly, thanks to the new major features of Squid-3 such as a good ICAP client we might attract new users again, not only existing users. For those the fact that there is some other small things in Squid-2 not yet seen in Squid-3 is not so important if what they need is provided by Squid-3. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Squid-3 release cycle
tis 2007-04-10 klockan 21:38 -0600 skrev Alex Rousskov: Squid 3.1 is whatever comes after a stable 3.0 release. Open to experimentation. Not currently branched (but could be if needed). I think it might be wise to branch Squid-3.0 after PRE6, and that the model currently used for Squid-2 is then applied to Squid-3 as well. - HEAD always kept open for new reasonably stable stuff, allowing development to progress natuarlly without having completed stuff bitrotting in some seldom looked at development branch. - If problems is seen in HEAD they get fixed, or the changes causing the problems is thrown out back to their development branch until fixed. - Stuff which seem to have settled gets merged to the stable branch by the release manager (in person or delegated to patch owner whatever suits the release manager). This works very well at least as long as HEAD and the stable branch hasn't diverged too much. And if they have diverged too much it's probably time to plan a new stable version before long.. With the unordered development process we have it's very hard to build firm plans on what features will be in a certain release before it's there. It very much depends on what the active developers at the time is working on. What is important for the project survival is that HEAD is kept reasonably stable and always suitable as development reference, and that developments is merged incrementally when possible to catch problems early without sacrificing the stability criteria too much. Question then becomes, where is the existing list of agreed features for 3.0-STABLE1 ?? Whatever features have been committed already minus unstable optional features. This is just my understanding, of course. Not claiming to express the elusive consensus here... Shared here. But I'd probably not minus the unstable optional features, just not having then enabled by default and marked as experimental. Squid-3.0 was originally supposed to match Squid-2.5 except being C++. It's already far beyond that. Sadly over time Squid-2 and Squid-3 has diverged a bit from each other and for the foreseeable future there will be some features missing in Squid-3 only to be found in Squid-2. But assuming Squid-3 gets stable it should quickly gain ground and the gap from Squid-2 will shorten as people gets interested in what Squid-3 can provide and there gets some motivation to get the important missing things to Squid-3 as well. Some of the missing things probably isn't very important, and can be left to rot in Squid-2 when focus gets moved to Squid-3. The probably biggest yell from users will be the lack of support for passthru connection oriented authentication (NTLM/Negotiate/Kerberos), aka connection pinning. The rest of the feature gaps is pretty minor I think. Internally the gaps is a bit bigger, especially at the comm layer where the comm loops of Squid-2 is much lighter.. but both is definitely hitting the wall when it comes to SSL and how to integrate it into the comm loops in a sane manner and there is need for some serious thought on how the comm layer should look like, which if done in Squid-3 will most likely bring it far ahead of Squid-2 in that area. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: squid3.0.PRE6 and bugzilla
lör 2007-04-07 klockan 21:17 +0200 skrev Guido Serassio: I know personally Henrik :-) The question is if the patch really fixes the problem. Probably, there is a reason because Herink don't close it. Looks like I simply forgot to select the resolve button. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: isspace etc and (int) typecast
fre 2007-04-06 klockan 14:16 +0200 skrev Guido Serassio: Also applied to Squid3. Excellent! Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: squid translation
fre 2007-03-30 klockan 21:19 +0300 skrev Петро Нек: Hello my name is Petro Nek I'm from Ukraine and I'm interesting that squid could speak with users in ukrainian so I translate squid error messages in ukrainian using 2 typical codepages cp-1251, koi8-u and also unicode utf-8. So I send to You these files in archive and I'll be happy if You include it in next squid release. Many thanks. Your translations have been imported, and is scheduled to appear in the next Squid-2.6.STABLE release. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: isspace etc and (int) typecast
sön 2007-04-01 klockan 16:42 +0200 skrev Guido Serassio: Now fixed. I have also found and fixed some other similar errors. Thanks! Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Authentication: Time and Monetary contributions
lör 2007-03-31 klockan 12:27 -0500 skrev Stefan Adams: 1) I understand that a browser asks a user for authentication because the proxy server instructs the browser that it needs credentials. My idea is to provide a server-side caching option within squid that would only ask the browser for credentials periodically. This would be similiar to having server-side authentication options turned on and off frequently. When the cache is expired or empty, authentication would be turned on and the browser would be asked for credentials. While there is data in the cache, authentication would be turned off and the browser would not be asked for credentials. Hmm.. hasn't I published my small project doing this for NTLM? Looking, apparently not. Fixing that.. Will be available on devel.squid-cache.org tomorrow after the next web site update. Until then you can browse the branch at http://devel.squid-cache.org/changesets/squid2/ntlm_ip_cache/ independent. IP addresses are of course easily spoofed, but perhaps some counter-tricks could be devised. As a last resort, simply providing this as a feature and noting its weaknesses would be highly valuable, I think. IP is thankfully not easily spoofed, but may be shared by multiple users in some situations (child proxy or multi-user station/server). 2) I am interesed in the IDENT mechanism for authentication. However, there are very few good ident applications in existence and worse, these applications need to be installed on every client PC. Worst, of course, is the ease of spoofability. I would like to propose a twist on the ident method. A new feature could be that instead of squid asking the client machine who that individual is (which is unreliable at best), squid should ask a server. What server would know who is using the machine? This is supported via the external acl mechanism. The last question, What server to ask? is left open as there is no standard such server. Such servers exists in a number of environments, but each being a bit different.. In the case of a windows PC, a domain controller (Samba or ADS). Surely a method could be devised that squid could ask a Samba server who is logged in on a particular IP address. A windows DC doesn't keep that close track of it's clients. At most it can keep track of the users who authenticated using this DC, not any other DC in the domain. But usually it doesn't even keep track of that.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: isspace etc and (int) typecast
tis 2007-03-27 klockan 13:16 +0200 skrev Guido Serassio: What was the warnings you fixed with these casts? I suspect you only silenced a valid warning here without fixing the cause.. Exactly these: http://www.squid-cache.org/mail-archive/squid-dev/200702/0128.html Ok, what I thought.. the warning says that isspace(x) is implemented as a macro translating into something like isspace_array[x] with x being a char the compiler warns on array references as the standard does not define if a char is signed or unsigned and thus the results may differ from platform to platform. What the warning really should have said is watch out here, there is a unqualified char type passed to a ctype function, you most likely want to change or cast this into unsigned char. if you cast into int the compiler doesn't warn on this as int is the correct type and it's always valid to cast char into int, but the code is still just as broken as before. If x is 0x80 the code becomes isspace_array[-128] which is far outside the allowed range for isspace. (assuming char signed by default, which is very common). isspace is only valid on unsigned char values, and as a special case EOF (usually -1). Any other use of ctype functions is outside specifications. Luckily many implementations handle this correctly by allowing ctype queries in the range -128 - +255 accounting both for signed and unsigned char, but it can not be guaranteed. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: isspace etc and (int) typecast
tis 2007-03-27 klockan 22:09 +0200 skrev Guido Serassio: It's almost clear, but I'm just a little confused on the logical side of the things: use an int argument to check for an unsigned char. Really a confusing prototype . The acceptable range is an unsigned char or EOF. EOF is a value outside the range of unsigned char, usually -1 and therefore the int prototype. Same kind of value range as you may get from getchar/getch/fgetc. This whole char / signed char / unsigned char mess is a quite problematic spot of the C language. Nearly impossible to get signedness correctly without a lot of headache.. Henrik, now I don't have a CVS access, if it's not a problem I will fix this in few days. It's not a problem. The related code (the HTTP parser optimizations) is not planned to be merged into 2.6 at the moment. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Download time issue: Squid 2.6
mån 2007-03-26 klockan 22:35 +0200 skrev Thomas-Martin Seck: OK, my plan is to start tracking Squid 3 with PRE6. Are you OK if I keep it up to date by pulling in all changesets up to a certain date/changeset number (this would be roughly similar to what the FreeBSD vim port does) if needed? Needed would mean as indicated by developers on squid-users or -dev because critical issues had been fixed. Probably good to apply a bit of wisdom on what changesets you pull in, but generally yes it's fine. If you do please update the version number in configure.in as well to reflect the date you are at. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: how i can close tcp session with client?
mån 2007-03-26 klockan 08:27 +0900 skrev [EMAIL PROTECTED]: hello! sorry for my english :) I want close tcp session from access_log.c. How? Why from access_log.c of all places? I try do this use comm_reset_close(fd), but i get error assert filed on commc.c:740. Yes, you can't do that there. It would be pulling the rug under the feets of the caller (client_side.c). Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
isspace etc and (int) typecast
Reviewing Squid-2.HEAD changes and sorting/grouping them a bit I stumbled over your change to add casts in various isspace() calls which looks a bit odd. http://www.squid-cache.org/Versions/v2/HEAD/changesets/11290.patch -for (; i hmsg-req_end (isspace(hmsg-buf[i])); i++); +for (; i hmsg-req_end (isspace((int) hmsg-buf[i])); i++); Generally this is not a safe cast. The ctype family of functions want the same kind of C character as returned by getchar etc. That's an integer carrying an unsigned char or -1. As it's a very common coding error most C libraries accept char input to these functions and might even produce correct results on high octets, but not all (some may even segfault). What was the warnings you fixed with these casts? I suspect you only silenced a valid warning here without fixing the cause.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: website download links
sön 2007-03-25 klockan 15:48 +0800 skrev Adrian Chadd: I've cheated and copied all of the Versions/* stuff from the current website to 'static/Dist' on the new website so they're not included in the magic PHP page building. Converting the current downloads to the PHP templating should be trivial. The only dynamic input to the download page is the current snapshot version. Henrik, what cronjobs need shifting/duplicating? make.sh for the nightly builds and the changelog generation? what else? make.sh updates the version download index.html. Could be replaced by a line in PHP bringing in the current snapshot version somehow (i.e. by including a small fragment providing the version as a PHP variable or similar). The other dynamic generation is changesets/.index.pl. Perhaps best kept as they are for now. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: AD (LDAP) authentication helper
fre 2007-03-23 klockan 17:13 -0400 skrev Edmundo Carmona: If you are interested in the helper, let me know, so I can send it (once I make it during the next days) for your consideration so it becomes a part of squid by deault. Sure. You are most welcome to submit alternative authentication helpers for inclusion. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Download time issue: Squid 2.6
tis 2007-03-20 klockan 19:40 +0100 skrev Thomas-Martin Seck: I'd love to but I cannot easily distribute development snapshots via FreeBSD ports; Understood, so PRE releases is what you can use. I considered to chase Squid-3-PRE but since the interval between PRE releases is a bit long for a software in development, users would be permanently stuck with way outdated software and consistently be told to update when they report errors. The Squid-3 PRE release cycle matches the Squid-3 development quite well I would say.. If known good PRE-snapshots were released on a more regular time frame -- say once a month -- and be kept on the FTP/HTTP mirrors for some time I'd love to make them available for FreeBSD ports. The PRE releases is meant to serve this purpose. Just that we don't make new PRE releases unless there has been significant improvements since the last and that there is no known major blockers.. Squid-3 was known majorly broken for years, so no PRE releases was made.. and currently there is at least one blocker for PRE4 but with a patch pending. I don't think packaging PRE4 in ports when released is such a bad idea. But clearly labeled as a pre-release and not a stable supported release. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Download time issue: Squid 2.6
tis 2007-03-20 klockan 19:40 +0100 skrev Thomas-Martin Seck: Ack! Please address this, either by fixing the bugs or if this is not possible for whatever reason by telling users about them. I'll stick a big red warning sign to the port, too if needed. The main problem in fixing these is that there is no developers actively working on the Squid-2 ICAP patch, just barely enough to maintain it. Additionally the approach taken by the patch in how to hook in the data flows is considered a bit of a dead end not encouraging it to be actively developed much further.. We would all love to see a stable and fully ICAP capable Squid. And at the moment Squid-3 is the most promising for this I think. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Download time issue: Squid 2.6
tis 2007-03-20 klockan 21:19 +0100 skrev Henrik Nordstrom: I don't think packaging PRE4 in ports when released is such a bad idea. But clearly labeled as a pre-release and not a stable supported release. PRE6 I meant.. (got confused by another discussion recently..) Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Download time issue: Squid 2.6
sön 2007-03-18 klockan 15:51 +0200 skrev Tsantilas Christos: Hi Henrik, I forgot that the squid-26 moved to a branch. The problem with icap patch is that it is HEAD based. In sourceforge I can not find any squid-2.6 branch, to create a squid26 based icap branch. Yes, it's intentional that there is no Squid-2.6 base branch at sourceforge, only Squid-2.HEAD. This was discussed on squid-dev when Squid-2.6.STABLE forked. The main reason is that Squid-2.HEAD acts as an incubator for changes targeted for Squid-2 STABLE, and having development efforts not tracking Squid-2.HEAD makes it harder to finish the work over time. Now, this policy of not having a Squid-2.6.STABLE branch at SourceForge is not set in stone, but I have not seen much good reasons why it should be changed. The only objection to the above raised was Guido who historically have maintained SquidNT.STABLE at SourceForge, but after a short discussion it was agreed that maintaining the SquidNT.STABLE branch is better done in the main repository as an official STABLE Squid version. With the Squid-2 ICAP client still being somewhat experimental I do not consider it a good idea to use in combination with Squid-2.6.STABLE. I would very much prefer if people uses Squid-2.HEAD + icap if they need that functionality, and knowing that their Squid version is experimental and not a STABLE version. The recent bug reports is further evidence that this position is reasonable. Several people coming yelling about Squid-2.6.STABLE insability, not mentioning (or maybe not even realizing) that they have applied significant experimental patches to their Squid version. This said, Squid-2.HEAD is quite fit for production use most of the time. I don't even have a significant problem with snapshot releases of Squid-2.HEAD being packaged if someone likes, but we are not going to make any formal releases from that source tree. What is in Squid-2.HEAD either trickles into Squid-2.6.STABLE or forms the basis for a eventual future Squid-2.7 when not compatible with 2.6. Does make sense to create the icap-patch as a file and upload it to web site? I think it is not bad idea to allow people to use it with squid26 if they want it. Which is your advice? Sure. Always makes sense to publish stable versions, but only if there is a will to support them. If you do I would recommend changing the Squid version number in configure.in to reflect the ICAP patch release version to reduce confusion. At this time I do not want to continue development on squid2x-icap client but I want to keep icap patch synchronized with squid2x developments. Ok. Fully fair position. So the remaining question is if you agree with what I say above, or if you think squid2-icap should be maintained relative to Squid-2.6 as well. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: HEAD website projects.html,1.307,1.308
Hmm... I assume this was not intentional. What happened? Regards Henrik sön 2007-03-18 klockan 09:51 + skrev Amos Jeffries: Log Message: merge updates from HEAD lost in earlier update. Index: projects.html === RCS file: /cvsroot/squid/website/projects.html,v retrieving revision 1.307 retrieving revision 1.308 diff -C2 -d -r1.307 -r1.308 *** projects.html 18 Mar 2007 09:42:25 - 1.307 --- projects.html 18 Mar 2007 09:51:32 - 1.308 *** *** 26,32 /TD TRTH ALIGN=RIGHTCVS tag:/THTD ! A HREF=changesets/squid/nt-2_5.htmlnt-2_5/ABR ! A HREF=changesets/squid/nt.htmlnt/A (2.6 based)BR ! A HREF=changesets/squid3/nt.htmlnt/A (3.0) /TD TRTH ALIGN=RIGHTBased on:/THTDs2_5, Squid-2, HEAD/TD/TR --- 26,32 /TD TRTH ALIGN=RIGHTCVS tag:/THTD ! A HREF=http://squid.cvs.sourceforge.net/squid/squid/?pathrev=nt-2_5;nt-2_5/ABR ! A HREF=http://squid.cvs.sourceforge.net/squid/squid/?pathrev=nt;nt/A (2.6 based)BR ! A HREF=http://squid.cvs.sourceforge.net/squid/squid3/?pathrev=nt;nt/A (3.0) /TD signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: request-my_addr change from 2.6.STABLE3 to 2.6.STABLE10
mån 2007-03-19 klockan 08:46 +0900 skrev Steven Wilton: Can anyone confirm whether request-my_addr should contain the IP address that the customer has connected to, or the IP address that the OS has redirected the packet to for requests that have been semnt to squid using NAT. The two should really be split in different fields.. doesn't really make sense to overload my_addr in this manner these days. It did sense in 2.5 as it didn't have a concept of transparent IP interception and it all was running as piggyback on the IP based virtual host for accelerator mode, but in 2.6 it's all separate. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: stuff in the Squid3 pipeline
mån 2007-03-19 klockan 06:56 -0700 skrev Alex Rousskov: I believe BodyPipe changes on squid3-icap branch fix all Squid3 PUT/POST-related errors in the bugzilla. So a new PRE not too long after it has gone in might be a reasonable thing then. Any other blockers which should be fixed in this round? Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: stuff in the Squid3 pipeline
tis 2007-03-20 klockan 00:04 +0100 skrev Henrik Nordstrom: mån 2007-03-19 klockan 06:56 -0700 skrev Alex Rousskov: I believe BodyPipe changes on squid3-icap branch fix all Squid3 PUT/POST-related errors in the bugzilla. So a new PRE not too long after it has gone in might be a reasonable thing then. Any other blockers which should be fixed in this round? To answer myself.. there is some patches sitting in bugzilla which deserves to get merged as well.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: HEAD website projects.html,1.307,1.308
tis 2007-03-20 klockan 11:57 +1200 skrev [EMAIL PROTECTED]: I went: cvs -q update cvs commit without noticing that the update had created a merge-clash patch for the changes you had made. Did it? If there is conflicts then cvs update says so, and they get clearly marked in the file with oneversion anotherversion and cvs commit even usually refuses to commit the result.. When I found the .# patch file with your updates I checked and merged my update into that and replace the bad one temporarily committed. The .# files is backups your old working copy.. gets saved each time cvs edits files in your working directory. Why there was a merge-clash on every 'changesets' alteration in the first place I still don't know. The only real clash was both of us altering the squid3-ipv6 'view patch' line. Hmm.. couldn't see any change there apart from a space character added where it doesn't belong. Please verify that it's correct, and fix it otherwise. But please fix it by editing the file in place and not by reverting to an old backup.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: squid 3 + content encode
tor 2007-03-15 klockan 13:26 +0700 skrev Wahyu: I want to try the gzip content encode with squid 3 but i got problem with that, patch and make are success, but when i'm running the squid i got this error: Starting proxy server: 2007/03/15 12:57:53| parseConfigFile: 'squid.conf' line 294 unrecognized: 'negotiate_ce_access allow all' 2007/03/15 12:57:53| parseConfigFile: 'squid.conf' line 303 unrecognized: 'encode_gzip_access allow all' 2007/03/15 12:57:53| parseConfigFile: 'squid.conf' line 312 unrecognized: 'encode_deflate_access allow all' anyone know how to solve this? After applying the patch the following is needed to build a content recoding enabled Squid: ./bootstrap.sh ./configure ... --enable-content-encoding Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: A few patches
ons 2007-03-14 klockan 11:27 +0900 skrev Steven: The attached patch should fix the concerns raised. If there are no other concerns do you want me to wait until 2.6.STABLE11 has been released before committing? With the new maintenance model with Squid-2.6 branched from HEAD Squid-2 is always open for commit, and Squid-2.6 always restricted. So you are welcome to commit the patch to Squid-2 at any time (the squid module, no tag, same as 2.6 was before it was branched). Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
RE: A few patches
ons 2007-03-14 klockan 11:45 +0900 skrev Steven: Did you have any concerns with the patch that would allow NTLM auth to work on transparent requests if pipeline prefetching was enabled? Hmm.. don't like it. a) If allowing pipelining then it should be done on the same server connection. Also I am not sure this (prefetching) works well together with the tightly coupled connection pinning being done.. Well, I am even convinced it doesn't as the authentication will be lost pretty much on every new chain of pipelined request causing plenty of renegotiations. b) This isn't related to transparent interception. The exact same situation is seen in normal proxying. If enabled we should pipeline the requests on the same server connection, as they were sent to us by the client. But this requires a bit bigger change in http.c. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: A few patches
tis 2007-03-13 klockan 14:50 +0900 skrev Steven: The second patch (transparent-dns-hint.patch) is designed to use the destination IP that the client was attempting to connect to as the server IP if DNS lookup fail (for a transparent request). Cool. But can be significantly simplified. No need for the new commConnectStart2 call, you could simply pass the numeric address to commConnectStart on error. This also allows moving the flag from the fd array to the request. Related to this I'd like to seea generalized version, to never do DNS lookups in transparent interception. This requires the cache key to be changed to include the IP, but is quite acceptable in most setups. Hmm.. an easy path to achieve this would be to extend the host name, using for example the syntax hostname*ip. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
RE: Download time issue: Squid 2.6 - With Icap patch
ons 2007-03-14 klockan 17:03 + skrev Suman Mukherjee: I have used the following icap patch: http://devel.squid-cache.org/cgi-bin/diff2/icap-2_6 The patch has removed that line. Would you please let me know whether this patch is safe enough or not WITH the line in client_side.c? I don't know the icap patch well enough to say why the timeout was changed, but adding a lifetime timeout is always safe. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Download time issue: Squid 2.6
ons 2007-02-21 klockan 16:00 + skrev Suman Mukherjee: In Squid 2.6.STABLE9 I have faced a problem. While downloading a big file, squid is getting timeout. I cannot reproduce this.. Reason: There are two socket connections. 1. Accepted request from client side. 2. Read data from file descriptor. Yes.. However after 5 minutes time frame connection 1 is getting timed out and that forced connection 2 to quit. Not here.. the client connection gets the Lifetime timeout assigned. This got solved when I add the following line in clientReadRequest function within client_side.c before line if (parser_return_code 0) commSetTimeout(fd, Config.Timeout.lifetime, clientLifetimeTimeout, http); Now you are making me confused. That exact line is already there since ages. 1.511(wessels 09-Nov-00): commSetTimeout(fd, Config.Timeout.lifetime, clientLifetimeTimeout, http); 1.170(wessels 03-Dec-97): if (parser_return_code 0) { Do you have any patches applied on your Squid source tree? The other user said he installed Squid from FreeBSD ports. Investigating. Hmm.. the FreeBSD ports collection seem to include the still experimental ICAP client, which for some reason changes the timeout management removing this line.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
RE: A few patches
tis 2007-03-13 klockan 15:46 +0900 skrev Steven Wilton: Good point. The only problem is that (under Linux at least) we can't find out the original destination port (ie if traffic destined for port 80 is redirected to port 3128). conn-me has the original IP and port in transparently intercepted connections. Would you suggest this as a configuration option on a per-port basis? (ie squid can listen to multiple ports, and the port that the connection arrives on is used to determine the destination port). Thats how most things are done.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: A few patches
tis 2007-03-13 klockan 14:50 +0900 skrev Steven: The third patch (transparent-pipeline.patch) is designed to allow squid to handle non-http traffic. If a request can not be decoded by squid, and it was a transparently intercepted requets, it will be transformed to a CONNECT request to the server that the client was trying to contact, and all data will be passed to/from the server untouched by squid. (I have a second copy of this patch that has been tested, and I can confirm that it works when patched against squid 2.6.10. The attached patch was created against the CVS tree of 2.6, and does need testing). Cool. Incidentally in principle this is also what's needed for transparent interception of non-HTTP ports (i.e. 443), even if those is best done with a new tunnel_port directive.. This must be configurable. It's not acceptable to have Squid tunnel junk unless the administrator allowed it, not even in transparent interception mode. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Squid-2.6.STABLE11 in the pipeline
Ok, one rather critical bug crept into the 2.6.STABLE10 release (Bug #1915), so 2.6.STABLE11 is now in the pipeline for release. Patch queue has been processed and next nightly (or current CVS) is to be considered a release candidate. Please test it where you can. If there is additional issues please speak up now. You have 36 hours to bring up additional issues (wed 14:30 GMT) which you think deserves to be fixed in 2.6.STABLE11, and 76 hours to report any regression errors from earlier Squid releases (fri 06:30 GMT). Current Changes from 2.6.STABLE10: http://www.squid-cache.org/Versions/v2/2.6/changesets/ What needs extra testing: - kqueue under load - building on different platforms Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Something strange in client_side.c /Re: Squid code questions from IRC/
sön 2007-03-11 klockan 15:49 +0300 skrev Igor: from line #3512: while (t conn-in.buf xisspace(*t)) t--; while (t conn-in.buf !xisspace(*t)) t--; As far as xisspace() doesn't seem to have side-effects this code makes me guess what's going on here :) It scans the string backwards one word (t-- steps one character back). Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Squid bootstrapping
ons 2007-03-07 klockan 14:12 +1300 skrev [EMAIL PROTECTED]: I have in my branch /src/ the two IPAddress.* files that I have created for the manager class. My main question is what is the next step to get them compiling into squid? sub-question of how do the bootstrap and Makefiles' work exactly? Edit src/Makefile.am and add the new source files to squid_SOURCES then run bootstrap.sh to have the Makefile.in files rebuilt. bootstrap.sh runs the autotool programs (automake, autoconf, libtool etc) to build the configure and Makefile.in:s from the autotool inputs (configure.in, acinclude.m4 and Makefile.am) and finally ./configure.. to configure the source tree or alternatively ./config.status to only have the Makefile:s rebuilt. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: saving http body (content) :: SQUID:2.6STABLE10
tis 2007-03-06 klockan 18:06 -0800 skrev ccmail111: Assumption: 'entry-fd' is uniquely created in store.c: storeCreateEntry(..) You'd better move that to the HttpStateData.. The above does not seem to work. For example www.yahoo.com page has 10 gifs, I donot see the gif files (content). What do you see then? Any suggestions on how to save the content in ver 2.6 ? What you did seems to be on track to me.. just not clear where/how you create the output files.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Dynamic ACL Regex's associated with authenticated user
sön 2007-03-04 klockan 19:22 -0500 skrev louis gonzales: My question for the Development group: Q: If I want to use external_acl_type eXhelper %LOGIN %{Header} /path/to/MY/eXhelper.pl How can my PERL program read the contents of %{Header}? Header in the above is the HTTP header name you want to have sent to the helper. It's sent as an input field in the query to the helper just as % LOGIN or the other tags.. I.e. if you specify %LOGIN %{User-Agent} then the helper will be sent request lines with two fields, the first field having the authenticated login name, the second field the contents of the User-Agent HTTP header. Sind sie Deutscher? Nej, jag är svensk. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Dynamic ACL Regex's associated with authenticated user
mån 2007-03-05 klockan 18:17 -0500 skrev louis gonzales: Hello all, There is one %{Header}'s that I want to read in my external helper program. %{Host} external_acl_type eXhelper %LOGIN %{Host} /path/to/my/eXhelper.pl I read in STDIN and get the username password as supplied by the user, who is prompted by basic authentication. password is never sent to an external_acl helper, only the basic auth helpers (auth_param basic program ...). /path/to/my/eXhelper.pl will be sent the authenticated login name plus the Host: header value per the specifications above. I.e. if user louis requests www.squid-cache.org the helper will be sent louis www.squid-cache.org this is regardless of which authentication scheme was used. authentication is separate from authorization, and only the basic auth scheme has passwords... (the others all use one-time hashes). Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: redirect handle reply
sön 2007-03-04 klockan 20:32 +0530 skrev Siddhesh PaiRaikar: in an attempt to modify the code of squid when i modified the code of the function redirectHandleReply() in redirect.c .. i see that any change made to that function reflects in squid and any printf statement also works fine.. i only failed to find a location in the code of squid where that function is being called which is sumthing i would like to know. If anyone can please tell me how the function redirectHandlereply() works it would be of great help. redirectHandleReply is a callback, called when the response from the url_rewrite helper is available. The callback is registered in the redirectStart call, as part of the arguments to helperSubmit(). Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: default Methods?
lör 2007-03-03 klockan 15:57 +0100 skrev Pawel Worach: Here are patches for squid2 and squid3 that add three missing methods according to the list in the Subversion FAQ. Thanks. Applied to Squid-3, 2 and 2.6. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Squid code questions from IRC
What follows is a sorted recapture of the IRC discussions and some additional answers. (14.48.55) poige: well, code inside httpAccept() (14.49.07) poige: int *N = incoming_sockets_accepted; (14.49.08) poige: ... (14.49.21) poige: (*N)++; (14.49.27) poige: -- why that? :) (14.53.23) hno: poige: Which Squid version are you looking at? (14.54.03) poige: hno: squid-2.5.STABLE10-20050830 (14.54.35) hno: Please grab a more current version.. no one working on 2.5 any more. Looks like incoming_sockets_accepted is currently unused, only ever increased. I don't remember exactly what it may have been used for. (14.51.16) poige: it was the first q-n. the second one is: why not using typedef struct {} Typename and using lots of typedef inside typedefs.h? It's rather not too convenient with go-to-definition tools (14.54.03) hno: The typedefs split is to allow the typedefs to be used within the struct definitions. (14.56.04) poige: typedefs split is to allow the typedefs to be used within the struct definitions. (14.56.45) poige: hno: do you mean the case when a structure has fields inside of the same type? or what? (14.58.02) hno: Yes. Might also be other types declared further down. With the split of the struct and the typedef ordering gets irrelevant as all types is declared early, defined later.. (14.58.16) hno: defined further down I meant.. (15.05.02) poige: hno: well. but what about go-to-def tools like Ctags? (15.05.37) poige: hno: I'm sure there are not too many structs inside Squid which are really self-referenced Sure, ctags would navigate the source a bit better if the typedefs were in place. But it has not been considered worth the effort to try to unwind all the struct relations in Squid-2 to get the definitions well structured. That's targeted for Squid-3, part or refactoring and cleaning up the code base. (14.55.54) poige: BTW, could i grab the diff between 2.6 and squid-2.5.STABLE10-20050830? You can grab a diff between 2.5.STABLE10 and 2.6 using cvs. But not sure it's worth the effort. Why? (14.58.25) poige: the 3rd question is about Squid-3: I know that it's a C++ project and I deem it's rather good decision to start using C++ for Squid, but haven't you considered starting to use C++ things inside Squid-2? (14.58.58) hno: Today Squid-2 is C only, and Squid-3 is the C++ version. (14.59.12) poige: hno: I know that, of course (14.59.20) poige: hno: but why it's so? (14.59.24) hno: Squid-3 is a migration of Squid-2 into C++. (14.59.44) poige: hno: what is the reason not to start using C++ inside Squid-2? (15.00.05) poige: I don't mean complete re-write into C++, but using both C and C++ (15.00.15) poige: and doing new things in C++ when possible (15.00.32) hno: Because there is Squid-3 for that. It started out as the same code, and gradually things have been refactored into more C++ fashion. (15.00.46) poige: hno: but Squid-3 is completely in C++ (15.01.08) poige: hno: and nobody would bet it will work just okay in production as squid-2 would do... (15.01.24) poige: hno: because it is a _re-write_ It's not really a re-write. It's a migration from C to C++. Large parts of the code is still pretty much the same even if slightly restructured or wrapped up as C++, some have been rewritten to hopefully make better use of C++. (15.20.38) poige: + another question: (15.20.42) poige: for e.g. (15.20.48) poige: commSetSelect(fd, COMM_SELECT_READ, clientReadRequest, connState, 0); (15.21.20) poige: and inside clientReadRequest: (15.22.32) poige: commSetSelect(fd, COMM_SELECT_READ, clientReadRequest, conn, 0); (15.24.45) poige: why doing that twice? clientReadRequest need to reinstall the event to get called again when more data is available. [CVS vs SVN discussion skipped] Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: cvs commit: squid/doc/release-notes release-2.6.html release-2.6.sgml
lör 2007-03-03 klockan 20:30 +0100 skrev Guido Serassio: Please note that the document title is still: titleSquid 2.6.STABLE8 release notes/title Thanks! Fixed. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Dynamic ACL Regex's associated with authenticated user
tis 2007-02-06 klockan 00:14 -0500 skrev louis gonzales: Is the process to tap into a database for regex's(which are stored in a database) as easy as using the external_acl to call, for instance a PERL program which can search the database via DBI, which can check if the %LOGIN id is permitted or prohibited to get this web content, and send back the response(OK or ERR), at which point Squid will either permit/prohibit based on the associated (acl, http_access) pair? Yes. Maybe in the months coming down the road, my friend and I can contribute to PERL development of some additional 'helper' functions, which can be shipped/bundled with Squid to allow for database access OOTB? Interesting. What kind of commitment does your group look for? Whatever you can provide. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
RE: squid3 comments
fre 2007-03-02 klockan 10:02 +0900 skrev Steven Wilton: I know this is a minor problem, but I had problems getting the squid3 bootstrap.sh script to run, so I couldn't test the patch. I'm pretty sure it's got something to do with the version of automake and autoconf on my system, but I couldn't find a reference to which versions I needed for squid3. Anything reasonably recent (released in the last 3 years) should work.. automake autoconf libtool However, many multiversion installations of the tools is a bit confused and aclocal does not find the libtool files.. I don't know how it's supposed to work, but there is a very simple workaround making everything work sanely add the path /usr/local/share/aclocal to the dirlist of the version specific directory /usr/local/share/aclocalversion/dirlist There is a open bug report on this to have it fixed in the aclocal, but who knows when the autotool authors will figure out how this is supposed to work... If you find versions in the bootstrap.sh script not working, please post the version and error seen. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
RE: squid3 comments
lör 2007-03-03 klockan 03:29 +1300 skrev [EMAIL PROTECTED]: configure.in:34: error: possibly undefined macro: AC_LTDL_DLLIB If this token and others are legitimate, please use m4_pattern_allow. See the Autoconf documentation. Looks like aclocal not finding the libtool macros (LTDL is the libtool macro signature..).. see previous message... Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: thank you for squid3 work
fre 2007-03-02 klockan 08:58 -0700 skrev Alex Rousskov: Thank you very much for all your Squid3 efforts! Without your work Squid3 would not happen. I hope you feel the increased interest in and work on Squid3 these days. Thanks, but probably overrated. FWIW, I am very interested in fixing core bugs. For example, I rewrote request body handling to fix several core bugs (changes are currently in squid3-icap). With the exception of ICAP, I cannot spend time polishing optional features like TPROXY, but I am sure there are enough core bugs for me :-). Getting the core stable is the prime criteria for getting Squid-3 to start walking. Also, with the ICAP code becoming stable, I should be able to spend more time on core fixes. Hopefully. As for C++, if a willing person cannot understand some C++ concept in Squid, it should probably be removed or at least well documented. removing is a bit hard as that would leave gaping holes in the code.. leaving the choices of fixing up the code to make sense and/or documenting it.. Personally, I am against hairy C++ code that only gurus can grok. For me, most of the C++ complexity in Squid3 comes from an unfortunate blend of C features like cbdata and C++ features like refcounting. Hopefully, we will fix that in Squid 3.1. One good start would be to unify the code.. today there is too many generations of coding style.. * Old C code, just wrapped up with a .cc extension * First generation C++ translation adding some classes trying to divide the code in well more defined units. * Second generation C++ refactoring, adding some OO properties. * Third generation C++ refactoring of the refactoring, using different style. * Fourth generation of C++ refactoring, where things is mostly done right and understandable. * And some parts which looks more like exploring fancy features of C++ rather than trying to make the code more readable or maintainable. * And some very old C code still left around.. (also plagued Squid-2) The many different ways cbdata types is defined and implemented is a good example of this.. - Old C style CBDATA_TYPE - First C++ translation CBDATA_CLASS, with significant coding overhead - Refatored version CBDATA_CLASS2. Refcounting also has a bit of similar heritage. All fixable, just a matter of developer time and interest.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
RE: squid3 comments
lör 2007-03-03 klockan 08:39 +0800 skrev [EMAIL PROTECTED]: helpers/basic_auth/Makefile.am:6: required directory helpers/basic_auth/POP3 does not exist cvs update -d -P Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: default Methods?
tor 2007-03-01 klockan 09:48 +0800 skrev Adrian Chadd: I've again been bitten by the by default Squid doesn't support methods for application X where X is almost always Subversion. Heh.. What do people think about: * adding in the Subversion methods in by default? Yes. Do it now and I'll get it shipped in 2.6.STABLE10. * as a more long-term goal, adding in an option that allows Squid to handle any method but only those it knows about will be considered for caching. Yes. This is one more of those items should be done, but never get to do it... Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: squid3 comments
ons 2007-02-28 klockan 09:19 -0500 skrev Jeremy Hall: Is squid3 faster or slower than squid2? From my incomplete tests and experience: Squid-3 is noticeably slower than Squid-2.6, but not by a huge amount. Squid-3 is faster than Squid-2.5 in some workloads involving many concurrent connections, but this only thanks to the epoll/kqueue support which makes the kernel waste less time looking for ready filedescriptors. Same for Squid-2.6 compared to 2.5. Neigher Squid-3 or Squid-2.6 has received any code optimizations compared to 2.5. Squid-3 source code size is about 30% larger than 2.6 (number of lines of actual code, after eleminating blanks and {} lines but keeping comments, ingoring helpers and cppunit). In raw processing power of the code the ranking is (high request response rate, but very few concurrent connections) 1. Squid-2.5 2. Squid-2.6 3. Squid-3 In amount of requests/s in larger scale with many concurrent connections 1. Squid-2.6 2. Squid-3 3. Squid-2.5 (if it survives at all) Squid-2 with the small optimizations done by Adrian ranks top in both.. In terms of known bugs we have Squid-2.6 (a handful) Squid-2(about the same as 2.6) Squid-2.5 (a little more than 2.6, no longer maintained) [big gap] Squid-3(quite many...) Unknown bugs quite likely looks about the same. Active developers is a bit too few in both code bases. Personally I find the Squid-3 code base a bit alien in many areas, not at all easier to follow than Squid-2 and yet sufficient different in many areas to get quite lost.. Suffering a bit from converting to C++ without first getting a clear view of the underlying code data structure.. Some parts is much better structured than Squid-2 however. The biggest negative on Squid-3 is time.. it's been in slow development for very long, and almost constantly (at least for the last 3+ years) with core issues preventing serious testing. I am quite scared of how many bugs will pop up their ugly heads once the code is sufficiently stable to allow some serious testing. But hopefully the forward porting of bug fixes from Squid-2 has helped. At least it won't have most of the bugs fixed in Squid-2 since the two code bases forked 4.5 years ago.. Many many thanks to Guido which has done a great job in helping with the forward porting of squid-2 patches. Without this Squid-3 would surely be a dead end dragging not only it's own bugs but also many of the Squid-2 bugs from the last 4 years or so.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: SQUID.devel: information help request
tor 2007-03-01 klockan 09:51 -0800 skrev ccmail111: Thanks for your email. Looking at your posting (below), can you please let me know in SQUIQ-3.x how do I modify SQUID to save web page body to a file ? I have posted to devel.list and also searched archives, but unable to find right pointers so far. Well, you didn't respond to Alex answer on the squid-dev mailing list so I assumed you were satisfied or looking elsewhere.. keeping the discussion silent does not help you. I would recommend you to implement what you are doing using the client streams API or ICAP to hook into the data stream. See the programmers guide for pointers regarding client streams. In any event, remember that you only see a fragment of the HTTP transaction at a time, never the complete response (unless it's very small). Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Dynamic ACL Regex's associated with authenticated user
mån 2007-02-05 klockan 13:13 -0500 skrev louis gonzales: Hello Dev team, I'm curious, but have found limited information through different FAQ's and archives about Squid functionality, which provides dynamic new regex's to be checked against specific authenticated users? Yes. Two functionalities I'm wondering about specifically: 1) Can Squid use a database server such as Postgres/MySQL to store the ACL regex's or in genearl all ACL's, so that Squid can query on the fly? Yes, but it requires an external helper talking to the database and matching the regex or whatever pattern type you use.. 2) Is it possible to associate 'authenticated users' to these ACL's? Yes. See the external_acl_type directive for how to plug in your own acl helper. Once active it works pretty much like any other kind of acl such as src/dst/dstdomain/url_regex etc. There is an internal cache of the helper queries so it's most effective if you don't need the URL-path sent to the helper. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Dynamic ACL Regex's associated with authenticated user
mån 2007-02-05 klockan 15:09 -0500 skrev louis gonzales: Thank you for quick response. Would you all recommend, for fastest results, to review the source code/API for external helper, or is there a document out there(in the big world) that gives technical details on this? The external acl interface to Squid is documented in the comments to the external_acl_type directive in squid.conf(.default). It's a simple text line based interface on stdin/stdout. There is several acl helpers for different purposes shipped with Squid in the helpers/external_acl directory if you want to look at an existing helper for inspiration. There is also a few other acl helpers around on the net. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: locked out by partial cvsmerge
tis 2007-02-27 klockan 21:40 -0700 skrev Alex Rousskov: Thanks for the explanation and snipped details. Unfortunately, it looks like the problem is back and has even become worse as I see more locks (from other developers) getting stuck now: cvs rtag: [21:28:08] waiting for rousskov's lock in /cvsroot/squid/squid3/lib/cppunit-1.10.0/doc cvs rtag: [21:28:38] waiting for serassio's lock in /cvsroot/squid/squid3/lib/cppunit-1.10.0/doc cvs rtag: [21:29:08] waiting for amosjeffries's lock in /cvsroot/squid/squid3/lib/cppunit-1.10.0/doc All seem to be gone now... Do you know whether there is something going on with SourceForge that increases the probability of these locks getting stuck? Anything we can do about it in the short term? It might actually be the cvsmerge script.. the following line isn't exactly kind to CVS.. o Check if there is any pending changes in the repository diffl=`eecvs -q rdiff -kk -r ${mergetag} -r ${mergefrom} ${module} | head | wc -l` probably should remove the head from there, letting the rdiff run to completion. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: locked out by partial cvsmerge
ons 2007-02-28 klockan 13:01 +0800 skrev Adrian Chadd: I'm not sure to be honest; but do you think it'd be a good idea just to shift this development tree stuff back to a seperate repository or server over at TMF? It sounds like it'll be less of a headache now. The main reason why SF is used for this repository is security. The developer CVS repository is a scratchpad, and anyone who likes is given write access there if they want. - Separate server from the main repository. - Server not our maintenance problem. - Fully automated developer registration. - CVS is used because of legacy reasons only (i.e. the merge scripts written for CVS many years ago) But nothing says we must use the SF services, or even CVS. It would be quite nice if we would set up a public Bzr repository for example, or why not subversion as well. Account maintenance greatly simplified in both as no system account is needed. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: locked out by partial cvsmerge
tor 2007-03-01 klockan 01:25 +1300 skrev Amos Jeffries: It might actually be the cvsmerge script.. the following line isn't exactly kind to CVS.. o Check if there is any pending changes in the repository diffl=`eecvs -q rdiff -kk -r ${mergetag} -r ${mergefrom} ${module} | head | wc -l` probably should remove the head from there, letting the rdiff run to completion. Is that a hint for us all to edit our copies of cvsmerge? Remove the head part of the pipe.. (`| head`, or `head |`) but I still have it in my copy.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Squid-2.6.STABLE10 in the pipeline
tis 2007-02-27 klockan 21:40 +0100 skrev Guido Serassio: 2007/02/27 21:28:47| helperStatefulHandleRead: 1 bytes from negotiateauthenticator #1. 2007/02/27 21:28:47| helperStatefulHandleRead: 41 bytes from negotiateauthenticator #1. 2007/02/27 21:28:47| helperStatefulHandleRead: 41 bytes from negotiateauthenticator #1. 2007/02/27 21:28:47| helperStatefulHandleRead: 41 bytes from negotiateauthenticator #1. 2007/02/27 21:28:47| helperStatefulHandleRead: 41 bytes from negotiateauthenticator #1. 2007/02/27 21:28:47| helperStatefulHandleRead: 41 bytes from negotiateauthenticator #1. 2007/02/27 21:28:47| helperStatefulHandleRead: 41 bytes from negotiateauthenticator #1. 2007/02/27 21:28:47| helperStatefulHandleRead: 41 bytes from negotiateauthenticator #1. 2007/02/27 21:28:47| helperStatefulHandleRead: 41 bytes from negotiateauthenticator #1. 2007/02/27 21:28:47| helperStatefulHandleRead: 41 bytes from negotiateauthenticator #1. 2007/02/27 21:28:47| helperStatefulHandleRead: 41 bytes from negotiateauthenticator #1. negotiate-auth[1828]: sending 'AF' acmeconsulting\guido.serassio to squid with data: Hmm.. this strikes me a bit odd.. Squid receiving data from the helper before it sends the response.. Are you sure the helper responds correctly? Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Squid-2.6.STABLE10 in the pipeline
tis 2007-02-27 klockan 21:55 +0100 skrev Henrik Nordstrom: Hmm.. this strikes me a bit odd.. Squid receiving data from the helper before it sends the response.. Are you sure the helper responds correctly? But regardless of this I can confirm that Negotiate seems to be broken.. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: Squid-2.6 Negotiate broken
tis 2007-02-27 klockan 23:15 +0100 skrev Henrik Nordstrom: Looking. Ah, it's due to Negotiate returning a final response to the client, and this confuses the twisted logics here even further.. cleaning up to untwist the FINISHED/DONE states into one. Ok. Should work better now. Please give it some testing in both Negotiate and NTLM. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Squid-2.6.STABLE10 in the pipeline
Squid-2.6.STABLE10 is now in the pipeline. Current CVS (or next nightly, 20070228 or later) is a release candidate in terms of code, save for release notes etc.. Please test the best you can. There is quite significant changes this time, the most significant being - chunked decoding to work around those broken servers sending us chunked encoding. - significant changes in refresh logics (Bug #1787, 1420, 1875) Changes to squid-2.6.STABLE10 (not yet released) - Upgrade HTTP/0.9 responses to our HTTP version (HTTP/1.0) - various diskd bugfixes - In the access.log hierarchy field log the unique peer name instead of the host name - unlinkdClose() should be called after (not before) storeDirSync() - CLEAN_BUF_SZ was defined, but never used anywhere - logging HTTP-request size - Fix icmp pinger communication on FreeBSD and other not supporing large dgram AF_UNIX sockets - Release objects on swapin failure - Bug #1787: Objects stuck in cache if origin server clock in future - Bug #1420: 302 responses with an Expires header is always cached - Primitive support for HTTP/1.1 chunked encoding, working around broken servers - Clean up relations between TCP probing and DNS checks of peers with no known addresses. - Fix a minor HTML coding error in ftp directory listings with // in the path - Bug #1875, #1420. Cleanup of refresh logics when dealing with non-refreshable content Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel