[squid-dev] [PATCH] Reuse reserved Negotiate and NTLM helpers after an idle timeout.
Christos Tsantilas
christos at chtsanti.net
Mon Sep 4 10:47:57 UTC 2017
I made the PR #59 for this patch.
We can do any discussion here.
Regards,
Christos
Στις 27/07/2017 09:52 πμ, ο Christos Tsantilas έγραψε:
> The patch.
>
> Στις 26/07/2017 12:37 μμ, ο Christos Tsantilas έγραψε:
>> Squid can be killed or maimed by enough clients that start multi-step
>> connection authentication but never follow up with the second HTTP
>> request while keeping their HTTP connection open. Affected helpers
>> remain in the "reserved" state and cannot be reused for other clients.
>> Observed helper exhaustion has happened without any malicious intent.
>>
>> To address the problem, we add a helper reservation timeout. Timed out
>> reserved helpers may be reused by new clients/connections. To minimize
>> problems with slow-to-resume-authentication clients, timed out
>> reserved helpers are not reused until there are no unreserved running
>> helpers left. The reservations are tracked using unique integer IDs.
>>
>> Also fixed Squid crashes caused by unexpected helper termination --
>> the raw UserRequest::authserver pointer could point to a deleted helper.
>>
>> This is a Measurement Factory project.
>> _______________________________________________
>> squid-dev mailing list
>> squid-dev at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-dev
>
>
>
> _______________________________________________
> squid-dev mailing list
> squid-dev at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-dev
>
More information about the squid-dev
mailing list