stale client blocking other downloads

From: Stephane Chazelas <stephane.chazelas_at_gmail.com>
Date: Mon, 17 Sep 2012 14:49:05 +0100

Hello,

I've got a situation where two quasi-simultaneaous incoming
client HTTP requests for the same URL (for ~2 MB large
file) seem to be merged as one upstream request.

One of the clients isn't reading the answer from squid, so its
receive window fills up. Then the send buffer on squid for that
connection fills up as well. Fine except that it seems to block
the other connection (which has an empty receive buffer on the
client and empty send buffer on the squid machine).

We see the upstream connection receive buffer filling up until
it all deadlocks. To get out of that, all we can do is close the
bogus connection for the other one and the upstream one to start
flowing again.

In my case, it's on the same machine (some bogus software that
does two identical requests, only reads the headers from the
first one, and reads everything (but hangs because of that squid
bug/limitation) on the second. I don't know if the same may
happen with different clients. That would be a DOS vulnerability
as one client may cause a connection from another client to hang
by doing the same request at the same time.

It is a 3.1.20 (debian wheezy amd64) in a transparent proxy
configuration (TPROXY).

I can come up with some perl code to reproduce the issue if that
may help.

Is that some known issue? Would there be a workaround (like
disabling the merging of requests)?

Thanks,
Stephane
Received on Mon Sep 17 2012 - 14:00:12 MDT

This archive was generated by hypermail 2.2.0 : Wed Sep 19 2012 - 12:00:07 MDT