Hello,
Squid is sending POST requests on reused pinned connections, and
some of those requests fail due to a pconn race, with no possibility for
a retry.
When using SslBump, the HTTP request is always forwarded using a server
connection "pinned" to the HTTP client connection. Squid does not reuse
a persistent connection from the idle pconn pool for bumped client
requests. Squid uses the dedicated pinned server connection instead.
This bypasses pconn race controls even though Squid may be essentially
reusing an idle HTTP connection and, hence, may experience the same kind
of race conditions.
However, connections that were just pinned, without sending any
requests, are not "essentially reused idle pconns" so we must be careful
to allow unretriable requests on freshly pinned connections.
The same logic applies to pinned connection outside SslBump.
The code assumes that the connection is always pinned before any HTTP
requests are sent on it. This is true for SslBump, but I do not know
whether it is true for other transactions.
The patch is based on Squid v3.3. If approved, I will adjust it
(including removal of HERE) for trunk.
The patch fixes the bug in my tests. Please review
Thank you,
Alex.
This archive was generated by hypermail 2.2.0 : Sat Dec 01 2012 - 12:00:32 MST