On 06/07/2013 10:45 AM, Alex Rousskov wrote:
> On 05/24/2013 05:58 PM, Alex Rousskov wrote:
>> When talking to a cache_peer (i.e., sending a CONNECT request before
>> tunneling the transaction), tunnel code is using a clever hack: Squid
>> does not parse the CONNECT response from peer but blindly forwards it to
>> the client. This works great and simplifies code a lot, except when the
>> client connection was intercepted and, hence, the client did not send a
>> CONNECT request and is not expecting a CONNECT response.
>>
>> In those situations, the patch accumulates, parses, and strips the peer
>> CONNECT response (or closes connection on errors).
>>
>> The existing tunnel I/O code is too simple to accommodate that task --
>> it cannot accumulate read data (its I/O buffers work in lockstep
>> fashion, writing everything it reads before reading again). Instead of
>> rewriting the entire tunnel code to use more complex buffers, I added a
>> temporary accumulation buffer for the CONNECT response. That buffer is
>> not allocated unless it is needed and does not grow beyond
>> SQUID_TCP_SO_RCVBUF size, just like the simple buffers.
>
> I will commit this fix shortly unless there are last-minute objections.
Committed as trunk r12905.
Alex.
Received on Mon Jun 10 2013 - 20:47:41 MDT
This archive was generated by hypermail 2.2.0 : Tue Jun 11 2013 - 12:00:37 MDT