Jeff Foster wrote:
>>> There appears to be a problem with the connection pinning in both
>>> versions squid-2.7.stable7 and
>>> squid-3.1.0.7. I have some network captures that show the client
>>> (IE6) creating multiple TCP
>>> connections to the squid proxy and the proxy creating multiple TCP
>>> connections to an IIS server.
> ....
>>> I have tcpdump traces for both versions available.
>>>
>>> In the 3.1 dump summary, note that the client packet 207 is the server
>>> packet 210.
>>> The server should be on port 37159 and it is on port 37161.
>>>
>>> Can a developer look at this?
>> There are quite a few pinning issues resolved since 3.1.0.7 (beta) was
>> released.
>> Try 3.1.0.16 beta.
>>
>> Amos
>>
>
> Sorry I mis-typed, I am running version 3.1.0.16.
>
> Not sure how connection pinning works. Does it tie a client TCP socket
> to an upstream TCP socket? Or does it tie a client URL to an upstream
> socket?
>
> Jeff F>
'tis complicated.
The simplest view is that it ties a client TCP link, to a destination
domain name.
Warning, technical details ahead. As I understand it...
It ties each input triplet (client TCP link, client IP, destination
domain name) which has been NTLM or Kerberos auth "signed" by an auth
request/challenge passing through them to a particular output pair
(server TCP link, destination domain) where the auth challenge was
answered correctly.
It stays tied as long as both links are open.
Requires persistent connections to be ON for both servers and clients.
Requires http_port connection-auth=on or =auto
Requires any cache_peer involved to also have connection-auth=on or =auto
These last two requirements are met by default in Squid-3.1.
Amos
-- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE23 Current Beta Squid 3.1.0.16Received on Fri Feb 12 2010 - 00:09:29 MST
This archive was generated by hypermail 2.2.0 : Fri Feb 12 2010 - 12:00:04 MST