[squid-dev] [PATCH] Invalid FTP connection handling on blocked content

Christos Tsantilas christos at chtsanti.net
Mon Jan 25 17:57:29 UTC 2016 

On 01/24/2016 11:37 AM, Kinkie wrote:
> Please go ahead. If you have a feature-branch it'd be maybe useful to
> give a build-test prior to merging via the anybranch-wholefarm
> parametric job http://build.squid-cache.org/job/anybranch-wholefarm-matrix/

Applied to trunk as r14506.

Unfortunately I had only local branch for this.
I run the tests (make check/distcheck), I am waiting the build farm for 
more.




>
> On Thu, Jan 21, 2016 at 6:39 PM, Christos Tsantilas
> <christos at chtsanti.net> wrote:
>> Hi all,
>>   this patch waits for long time in queue.
>> If no objection I will apply this patch to trunk.
>>
>>
>>
>> On 12/29/2015 06:31 PM, Christos Tsantilas wrote:
>>>
>>>
>>> Problem description
>>> --------------------
>>>
>>> FTP client gets stuck after the following chain of events:
>>>
>>>    * Client requests a file that will be blocked by ICAP.
>>>
>>>    * Squid starts downloading the file from the FTP server and sends "150
>>> Opening..." to the FTP client.
>>>
>>>    * Squid aborts the data connection with the FTP server as soon as the
>>> ICAP service blocks it.
>>>
>>>    * Squid sends "451 Forbidden" to the FTP client.
>>>
>>>    * The FTP server sends "500 OOPS: setsockopt: linger" to Squid.
>>>
>>>    * Squid terminates the control connection to the FTP server.
>>>
>>>    * Squid establishes a new control connection to the FTP server but
>>> does not authenticate itself.
>>>
>>>    * Further commands from the FTP client do not work any more.
>>>
>>> The above and many similar problems exist because Squid handles FTP
>>> client-to-squid and squid-to-FTP server data connections independently
>>> from each other. In many cases, one connection does not get notified
>>> about the problems with the other connection.
>>>
>>> Tech details
>>> ------------
>>>
>>> This patch:
>>>     - Add Ftp::MasterState::userDataDone to record received the FTP
>>> client final response status code to sent (or to be send) to the client.
>>>
>>>     - The Ftp::MasterState::waitForOriginData flag to hold status of the
>>> squid-to-server side. If the squid-to-server side is not finishes yet
>>> this is true.
>>>
>>>     - Send a control reply to the FTP client only after the data
>>> transferred on both server and client sides.
>>>
>>>     - Split Client::abortTransaction to Client::abortOnData and to
>>> Client::abortAll()
>>>
>>>     - Implement the Ftp::Relay::abortOnData() and Ftp::Relay::Abort()
>>> (i.e., StoreEntry abort handler) to avoid closing the control connection
>>> when the data connection is closed unexpectedly.
>>>
>>> This is a Measurement Factory project.
>>
>>
>>
>> _______________________________________________
>> squid-dev mailing list
>> squid-dev at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-dev
>
>

More information about the squid-dev mailing list