Re: [PATCH] Plain Surrogate/1.0 support

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 10 Feb 2010 20:35:26 +1300

Robert Collins wrote:
> On Sun, 2010-02-07 at 00:52 +1300, Amos Jeffries wrote:
>> According to the W3C documentation the Surrogate/1.0 capabilities and
>> the Surrogate-Control: header are distinct from the ESI capabilities.
>>
>> This patch makes Squid always advertise and perform the Surrogate/1.0
>> capabilities for reverse-proxy requests.
>>
>> Full ESI support is no longer required to use the bare-bones
>> Surrogate-Control: capabilities.
>
> A quick check though - is it still only enabled for accel ports? (It
> shouldn't be enabled for forward proxying).
>
> -Rob

Yes. That restriction is still in effect.

  The substantial changes are removing the #if ESI from around the
relevant bits of code, and altering the Surrogate-Capability text not to
mention ESI unless ESI is also present.

  The new code is for stripping off Surrogate-Control as a scoped
hop-by-hop header unless Surrogate-Capability has itself been explicitly
received from upstream surrogates. This is done regardless of mode to
cope with cases like client->surrogate->forward->server and
client->forward->surrogate->forward->server and
client->surrogate->surrogate->server

The remaining two issues that will need fixing one day are:

  requests arriving in a forward-proxy port and being redirected out to
reverse-proxy peers due to their actual destination. These will not have
surrogate advertised. The resulting object may or may not interfere with
objects being stored by the surrogate-control.

  stripping out only the current instances surrogate-id bits from the
control header and passing on just the remaining bits to upstream
surrogates. This is not done, so there is some information leakage when
upstream send surrogate-capability.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23
   Current Beta Squid 3.1.0.16
Received on Wed Feb 10 2010 - 07:35:33 MST

This archive was generated by hypermail 2.2.0 : Wed Feb 10 2010 - 12:00:11 MST