[squid-dev] [PATCH] Reuse reserved Negotiate and NTLM helpers after an idle timeout.
Christos Tsantilas
christos at chtsanti.net
Thu Jul 27 06:52:17 UTC 2017
The patch.
Στις 26/07/2017 12:37 μμ, ο Christos Tsantilas έγραψε:
> Squid can be killed or maimed by enough clients that start multi-step
> connection authentication but never follow up with the second HTTP
> request while keeping their HTTP connection open. Affected helpers
> remain in the "reserved" state and cannot be reused for other clients.
> Observed helper exhaustion has happened without any malicious intent.
>
> To address the problem, we add a helper reservation timeout. Timed out
> reserved helpers may be reused by new clients/connections. To minimize
> problems with slow-to-resume-authentication clients, timed out reserved
> helpers are not reused until there are no unreserved running helpers
> left. The reservations are tracked using unique integer IDs.
>
> Also fixed Squid crashes caused by unexpected helper termination -- the
> raw UserRequest::authserver pointer could point to a deleted helper.
>
> This is a Measurement Factory project.
> _______________________________________________
> squid-dev mailing list
> squid-dev at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-dev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SQUID-90-Negotiateauthenticator-Problems-t4.patch
Type: text/x-patch
Size: 87141 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20170727/2bd1151c/attachment-0001.bin>
More information about the squid-dev
mailing list