<html><head></head><body><div class="ydp401fb5dfyahoo-style-wrap" style="font-family:Helvetica Neue, Helvetica, Arial, sans-serif;font-size:13px;"><div></div>
<div dir="ltr" data-setdir="false">i) Retry seems to fetch one chunk of the response and not the complete.</div><div dir="ltr" data-setdir="false">ii) Enabling sslbump and turning ICAP off, not helping. </div><div dir="ltr" data-setdir="false">iii) gcc version is 7.3.1 (Red Hat 7.3.1-17)</div><div dir="ltr" data-setdir="false"><br></div><div dir="ltr" data-setdir="false">Also want to point out that, squid connects to another non-squid proxy to reach internet.</div><div dir="ltr" data-setdir="false"><i>cache_peer <proxy_url> parent <port> 0 no-query default</i></div><div><br></div>
</div><div id="ydpb65a62ceyahoo_quoted_5009384446" class="ydpb65a62ceyahoo_quoted">
<div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
<div>
On Tuesday, January 9, 2024 at 02:18:14 PM EST, Alex Rousskov <rousskov@measurement-factory.com> wrote:
</div>
<div><br></div>
<div><br></div>
<div><div dir="ltr">On 2024-01-09 11:51, Zhang, Jinshu wrote:<br></div><div dir="ltr"><br></div><div dir="ltr">> Client got below response headers and body. Masked few details.<br></div><div dir="ltr"><br></div><div dir="ltr">Thank you.<br></div><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr">> Retry seems to fetch data remaining.<br></div><div dir="ltr"><br></div><div dir="ltr">I would expect a successful retry to fetch the entire response, not just <br></div><div dir="ltr">the remaining bytes, but perhaps that is what you meant. Thank you for <br></div><div dir="ltr">sharing this info.<br></div><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr">> Want to point out that removing sslbump everything is working fine,<br></div><div dir="ltr">> but we wanted to keep it for ICAP scanning.<br></div><div dir="ltr"><br></div><div dir="ltr">What if you keep SslBump enabled but disable any ICAP analysis <br></div><div dir="ltr">("icap_enable off")? This test may tell us if the problem is between <br></div><div dir="ltr">Squid and the origin server or Squid and the ICAP service...<br></div><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr">> We tried compiling 6.x in Amazon linux, using latest gcc, but facing similar error - <a href="https://lists.squid-cache.org/pipermail/squid-users/2023-July/026016.html" rel="nofollow" target="_blank">https://lists.squid-cache.org/pipermail/squid-users/2023-July/026016.html</a><br></div><div dir="ltr"><br></div><div dir="ltr">What is the "latest gcc" version in your environment? I suspect it is <br></div><div dir="ltr">not the latest GCC version available to folks running Amazon Linux, but <br></div><div dir="ltr">you may need to install some packages to get a more recent GCC version. <br></div><div dir="ltr">Unfortunately, I cannot give specific instructions for Amazon Linux <br></div><div dir="ltr">right now.<br></div><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr">HTH,<br></div><div dir="ltr"><br></div><div dir="ltr">Alex.<br></div><div dir="ltr"><br></div><div dir="ltr"><br></div><div dir="ltr">> HTTP/1.1 200 OK<br></div><div dir="ltr">> Date: Tue, 09 Jan 2024 15:41:33 GMT<br></div><div dir="ltr">> Server: Apache/mod_perl/2.0.10 Perl<br></div><div dir="ltr">> Content-Type: application/download<br></div><div dir="ltr">> X-Cache: MISS from ip-x-y-z<br></div><div dir="ltr">> Transfer-Encoding: chunked<br></div><div dir="ltr">> Via: xxx (ICAP)<br></div><div dir="ltr">> Connection: keep-alive<br></div><div dir="ltr">> <br></div><div dir="ltr">> 1000<br></div><div dir="ltr">> File-Id: xyz.zip<br></div><div dir="ltr">> Local-Path: x/y/z.txt<br></div><div dir="ltr">> Content-Size: 2967<br></div><div dir="ltr">> < binary content ><br></div><div dir="ltr">> <br></div><div dir="ltr">> <br></div><div dir="ltr">> Access log(1st attempt):<br></div><div dir="ltr">> 1704814893.695 138 x.y.0.2 NONE_NONE/200 0 CONNECT a.b.com:443 - FIRSTUP_PARENT/10.x.y.z -<br></div><div dir="ltr">> 1704814900.491 6779 172.17.0.2 TCP_MISS/200 138996535 POST <a href="https://a.b.com/xyz" rel="nofollow" target="_blank">https://a.b.com/xyz</a> - FIRSTUP_PARENT/10.x.y.z application/download<br></div><div dir="ltr">> <br></div><div dir="ltr">> Retry after 5 mins:<br></div><div dir="ltr">> 1704815201.530 189 x.y.0.2 NONE_NONE/200 0 CONNECT a.b.com:443 - FIRSTUP_PARENT/10.x.y.z -<br></div><div dir="ltr">> 1704815208.438 6896 x.y.0.2 TCP_MISS/200 138967930 POST <a href="https://a.b.com/xyz" rel="nofollow" target="_blank">https://a.b.com/xyz</a> - FIRSTUP_PARENT/10.x.y.z application/download<br></div><div dir="ltr">> <br></div><div dir="ltr">> Jinshu Zhang<br></div><div dir="ltr">> <br></div><div dir="ltr">> <br></div><div dir="ltr">> Fannie Mae Confidential<br></div><div dir="ltr">> -----Original Message-----<br></div><div dir="ltr">> From: squid-users <<a href="mailto:squid-users-bounces@lists.squid-cache.org" rel="nofollow" target="_blank">squid-users-bounces@lists.squid-cache.org</a>> On Behalf Of Alex Rousskov<br></div><div dir="ltr">> Sent: Tuesday, January 9, 2024 9:53 AM<br></div><div dir="ltr">> To: <a href="mailto:squid-users@lists.squid-cache.org" rel="nofollow" target="_blank">squid-users@lists.squid-cache.org</a><br></div><div dir="ltr">> Subject: [EXTERNAL] Re: [squid-users] chunked transfer over sslbump<br></div><div dir="ltr">> <br></div><div dir="ltr">> <br></div><div dir="ltr">> On 2024-01-09 09:13, Arun Kumar wrote:<br></div><div dir="ltr">> <br></div><div dir="ltr">>> I have compiled/installed squid v5.8 in Amazon Linux and configured it<br></div><div dir="ltr">>> with sslbump option. Squid is used as proxy to get response from https<br></div><div dir="ltr">>> site. When the https site sends chunked response, it appears that the<br></div><div dir="ltr">>> first response comes but it get stuck and doesn't receive the full<br></div><div dir="ltr">>> response. Appreciate any help.<br></div><div dir="ltr">> There were some recent chunking-related changes in Squid, but none of them is likely to be responsible for the problems you are describing unless the origin server response is very special/unusual.<br></div><div dir="ltr">> <br></div><div dir="ltr">> Does the client in this test get the HTTP response header? Some HTTP response body bytes?<br></div><div dir="ltr">> <br></div><div dir="ltr">> To triage the problem, I recommend sharing the corresponding access.log records (at least). Seeing debugging of the problematic transaction may be very useful (but avoid using production security keys and other sensitive information in such tests):<br></div><div dir="ltr">> <a href="https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction" rel="nofollow" target="_blank">https://wiki.squid-cache.org/SquidFaq/BugReporting#debugging-a-single-transaction</a><br></div><div dir="ltr">> <br></div><div dir="ltr">> Please note that Squid v5 is not officially supported and has more known security vulnerabilities than Squid v6. You should be using Squid v6.<br></div><div dir="ltr">> <br></div><div dir="ltr">> <br></div><div dir="ltr">> HTH,<br></div><div dir="ltr">> <br></div><div dir="ltr">> Alex.<br></div><div dir="ltr">> <br></div><div dir="ltr">> _______________________________________________<br></div><div dir="ltr">> squid-users mailing list<br></div><div dir="ltr">> <a href="mailto:squid-users@lists.squid-cache.org" rel="nofollow" target="_blank">squid-users@lists.squid-cache.org</a><br></div><div dir="ltr">> <a href="https://lists.squid-cache.org/listinfo/squid-users" rel="nofollow" target="_blank">https://lists.squid-cache.org/listinfo/squid-users</a><br></div><div dir="ltr">> <br></div><div dir="ltr">> _______________________________________________<br></div><div dir="ltr">> squid-users mailing list<br></div><div dir="ltr">> <a href="mailto:squid-users@lists.squid-cache.org" rel="nofollow" target="_blank">squid-users@lists.squid-cache.org</a><br></div><div dir="ltr">> <a href="https://lists.squid-cache.org/listinfo/squid-users" rel="nofollow" target="_blank">https://lists.squid-cache.org/listinfo/squid-users</a><br></div><div dir="ltr"><br></div><div dir="ltr">_______________________________________________<br></div><div dir="ltr">squid-users mailing list<br></div><div dir="ltr"><a href="mailto:squid-users@lists.squid-cache.org" rel="nofollow" target="_blank">squid-users@lists.squid-cache.org</a><br></div><div dir="ltr"><a href="https://lists.squid-cache.org/listinfo/squid-users" rel="nofollow" target="_blank">https://lists.squid-cache.org/listinfo/squid-users</a><br></div></div>
</div>
</div></body></html>