ons 2006-07-12 klockan 12:44 +0800 skrev Steven Wilton: > I've just been looking at installing squid2.6 on our proxy servers, but came > across a couple of problems. The attached patch fixes these. The first > part of the patch enables NTLM auth even when pipeline_prefetch is enabled. > I've just had a quick check, and it looks like this is not a problem (at > least when the request is transparent). There may be something I've not > considered, and I can understand if this part of the patch is not applied, > but I would be interested to hear why.
Connection pinning and pipeline_prefetch is mutually exclusive because prefetching will run multiple requests in parallell on different server connections. I had hoped to make this condition per connection, but the parser is a bit too hungry to do this reliable. For similar reasons local NTLM auth is also considered mutually exclusive with prefetching, as the state machine has not been audited for what happens if a client tries to pipeline requests halfway thru a NTLM handshake. Note: pipeline prefetching is very very experimental and often causes problems, and have many times seriously considered ripping it out. The current design is quite broken, in part due to trying to comply with slightly conflicting sections in the RFCs. Not applied. > The second part stops squid from sending bad headers for NTLM authenticated > requests on transparent connections (due to the addition of the transparent > flag in squid 2.6). OK. Applied. > The third part of the patch allows squid to increase the number of fd's > beyond 1024 when tproxy is enabled. It looks like a different set of logic > has been applied to tools.c to include <sys/capability.h> and <sys/prctl.h>. > I don't know if this will work in main.c. Applying the same include logic > to main.c may be considered a better solution. Hmm.. who is redefining __FD_SETSIZE under our feets? It's already defined by including squid.h. Ah, linux/posix_types.h has obsolete kernel definitions.. (the kernel no longer uses fd_set). It's __kernel_fd_set definition also gets wrong, but this type is not used by anyone so... Redefining it like this isn't entirely safe as there may have been type declarations dependent on in in the included headers. But hopefully those where included by squid.h before it got redefined... Ah, there it is. We should be including sys/capability.h, not linux/capability.h. The sys header already have the needed glue to not collide with glibc. Fixed. Regards Henrik
signature.asc
Description: Detta är en digitalt signerad meddelandedel