[squid-dev] [PATCH] Reuse reserved Negotiate and NTLM helpers after an idle timeout.

Christos Tsantilas christos at chtsanti.net
Thu Jul 27 06:52:17 UTC 2017


The patch.

Στις 26/07/2017 12:37 μμ, ο Christos Tsantilas έγραψε:
> Squid can be killed or maimed by enough clients that start multi-step 
> connection authentication but never follow up with the second HTTP 
> request while keeping their HTTP connection open. Affected helpers 
> remain in the "reserved" state and cannot be reused for other clients. 
> Observed helper exhaustion has happened without any malicious intent.
> 
> To address the problem, we add a helper reservation timeout. Timed out 
> reserved helpers may be reused by new clients/connections. To minimize 
> problems with slow-to-resume-authentication clients, timed out reserved 
> helpers are not reused until there are no unreserved running helpers 
> left. The reservations are tracked using unique integer IDs.
> 
> Also fixed Squid crashes caused by unexpected helper termination -- the 
> raw UserRequest::authserver pointer could point to a deleted helper.
> 
> This is a Measurement Factory project.
> _______________________________________________
> squid-dev mailing list
> squid-dev at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-dev

-------------- next part --------------
A non-text attachment was scrubbed...
Name: SQUID-90-Negotiateauthenticator-Problems-t4.patch
Type: text/x-patch
Size: 87141 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20170727/2bd1151c/attachment-0001.bin>


More information about the squid-dev mailing list