[squid-dev] [PATCH] Fix reopened bug 2833

Eduard Bagdasaryan eduard.bagdasaryan at measurement-factory.com
Mon May 8 14:03:50 UTC 2017


Hello,

This patch fixes [reopened] bug 2833.

A security fix made in r14979 had a negative effect on collapsed
forwarding. All "private" entries were considered automatically
non-shareable among collapsed clients. However this is not true: there
are many situations when collapsed forwarding should work despite of
"private" entry status: 304/5xx responses are good examples of that.
This patch fixes that by means of a new StoreEntry::shareableWhenPrivate
flag.

The suggested fix is not complete: to cover all possible situations we
need to decide whether StoreEntry::shareableWhenPrivate is true or not
for all contexts where StoreEntry::setPrivateKey() is used. This patch
fixes only few important cases inside http.cc, making CF (as well
collapsed revalidation) work for some [non-cacheable] response status
codes, including 3xx, 5xx and some others.

Also: avoid sending 304 responses for non-conditional requests.
Before this change, the original 'non-conditional' HttpRequest was still
marked (and processed) as 'conditional' after revalidation completion.
That happened because 'Last-Modified' and 'ETag' values were not
saved/restored while performing internal revalidation request.


Regards,

Eduard.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: SQUID-252-collapsed-slaves-non-sharable-responses-t2.patch
Type: text/x-patch
Size: 82646 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20170508/0da0639e/attachment-0001.bin>


More information about the squid-dev mailing list