[squid-dev] [PATCH] Reuse reserved Negotiate and NTLM helpers after an idle timeout.

Christos Tsantilas christos at chtsanti.net
Mon Sep 4 10:47:57 UTC 2017


I made the PR #59 for this patch.
We can do any discussion here.

Regards,
    Christos

Στις 27/07/2017 09:52 πμ, ο Christos Tsantilas έγραψε:
> The patch.
> 
> Στις 26/07/2017 12:37 μμ, ο Christos Tsantilas έγραψε:
>> Squid can be killed or maimed by enough clients that start multi-step 
>> connection authentication but never follow up with the second HTTP 
>> request while keeping their HTTP connection open. Affected helpers 
>> remain in the "reserved" state and cannot be reused for other clients. 
>> Observed helper exhaustion has happened without any malicious intent.
>>
>> To address the problem, we add a helper reservation timeout. Timed out 
>> reserved helpers may be reused by new clients/connections. To minimize 
>> problems with slow-to-resume-authentication clients, timed out 
>> reserved helpers are not reused until there are no unreserved running 
>> helpers left. The reservations are tracked using unique integer IDs.
>>
>> Also fixed Squid crashes caused by unexpected helper termination -- 
>> the raw UserRequest::authserver pointer could point to a deleted helper.
>>
>> This is a Measurement Factory project.
>> _______________________________________________
>> squid-dev mailing list
>> squid-dev at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-dev
> 
> 
> 
> _______________________________________________
> squid-dev mailing list
> squid-dev at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-dev
> 


More information about the squid-dev mailing list