Tags: yadij/squid
Tags
Use AnyP::Uri to generate ASN request URI (squid-cache#258) Removes the fixed size asres c-string buffer the URL was using by replacing with an SBuf and dynamic xstrdup(). Also, make AS_REQBUF_SZ configurable at build time with -DAS_REQBUF_SZ=nn. TODO: convert the store API to accept AnyP::Uri instead of c-string will remove 1-2 memory reallocations.
Restored support for the https_port clientca option (squid-cache#252) Probably missing since commit 621f429.
TrivialDB support (squid-cache#223) Allow use of Samba TrivialDB instead of outdated BerkleyDB in the session helper. Require TrivialDB support for use of the time_quota helper.
The %>handshake logformat code (squid-cache#243) Logging client "handshake" bytes is useful in at least two contexts: * Runtime traffic bypass and bumping/splicing decisions. Identifying popular clients like Skype for Business (that uses a TLS handshake but then may not speak TLS) is critical for handling their traffic correctly. Squid does not have enough ACLs to interrogate most TLS handshake aspects. Adding more ACLs may still be a good idea, but initial sketches for SfB handshakes showed rather complex ACLs/configurations, _and_ no reasonable ACLs would be able to handle non-TLS handshakes. An external ACL receiving the handshake is in a much better position to analyze/fingerprint it according to custom admin needs. * A logged handshake can be used to analyze new/unusual traffic or even trigger security-related alarms. The current support is limited to cases where Squid was saving handshake for other reasons. With enough demand, this initial support can be extended to all protocols and port configurations. This is a Measurement Factory project.
Bug 4865: Unexpected exception on startup in TypedMsgHdr::sync() (squ… …id-cache#242) Commit b56b37c broke Ipc::TypedMsgHdr copying by incorrectly assuming that sync() sets name and ios members. The sync() method sets _other_ (low level) members based on name and ios.
Bug 4861: HTTPMSGLOCK missing pointer safety (squid-cache#228) Check that HttpMsg pointers are not nullptr before attempting to lock.
Optimization: Do not create/configure ACLFilledChecklist in vain (squ… …id-cache#232) While client_db is required for client-side pools to work, it may be enabled for other reasons, without any client-side pools configured. We should not create and configure useless ACLFilledChecklist objects because those operations are already not trivial today and have a a tendency of becoming more expensive with time.
Optimization: Reuse CharacterSets when parsing HTTP responses (squid-… …cache#231) Expensive CharacterSet objects creation and manipulation was happening for virtually every HTTP miss since 6fe0370. Also removed code duplication.
Bug 4791: Build failure on MacOS (squid-cache#220) The src/URL.h and src/acl/Url.h files clash on MacOS case- insensitive filesystem. Resolve this and incorrect naming issue by moving class URL into the AnyP namespace as AnyP::Uri.
PreviousNext