[squid-users] bug 4906 issue
Alex Rousskov
rousskov at measurement-factory.com
Tue Sep 26 14:09:15 UTC 2023
On 2023-09-26 07:39, Matus UHLAR - fantomas wrote:
> I have just encountered bug 4906 with squid-4.13 (Debian 11)
>
> I could upgrade system fo Debian 12 with squid-5.7 but this issue
> doesn't seem to be resolved in it, at least:
> http://www.squid-cache.org/Versions/v5/changesets/
>
> does not mention that.
We have not (knowingly) fixed bug 4906 yet. Moreover, there are many
other places in Squid code that would result in problems similar to
those reported in bug 4906. A comprehensive unofficial fix that
addresses the root cause got stuck in my unofficial review queue since
December 2019.
> I could try to test patch provided in that bugreport:
> https://patch-diff.githubusercontent.com/raw/measurement-factory/squid/pull/20.patch
> ...but I find trying such complicated patch too risky.
You can also try a small old unofficial v4.3 workaround patch attached
to this email. I do not know whether it will apply to and work with
4.13. If you are lucky, this workaround will address the immediate
problem in your environment.
HTH,
Alex.
-------------- next part --------------
Fix src ACL when access logging TCP probes
TCP probe transactions lack HttpRequest object, which is used when
checking ACLs before logging. For this reason, src ACL did not work. To
fix this, we need to supply ACLFilledChecklist with available address
information.
diff --git a/src/client_side.cc b/src/client_side.cc
index d61e278..368c607 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -407,91 +407,98 @@ ClientHttpRequest::logRequest()
tvSub(al->cache.trTime, al->cache.start_time, current_time);
if (request)
prepareLogWithRequestDetails(request, al);
#if USE_OPENSSL && 0
/* This is broken. Fails if the connection has been closed. Needs
* to snarf the ssl details some place earlier..
*/
if (getConn() != NULL)
al->cache.ssluser = sslGetUserEmail(fd_table[getConn()->fd].ssl);
#endif
/* Add notes (if we have a request to annotate) */
if (request) {
// The al->notes and request->notes must point to the same object.
(void)SyncNotes(*al, *request);
for (auto i = Config.notes.begin(); i != Config.notes.end(); ++i) {
if (const char *value = (*i)->match(request, al->reply, NULL)) {
NotePairs ¬es = SyncNotes(*al, *request);
notes.add((*i)->key.termedBuf(), value);
debugs(33, 3, (*i)->key.termedBuf() << " " << value);
}
}
}
ACLFilledChecklist checklist(NULL, request, NULL);
+ const auto clientConn = getConn() ? getConn()->clientConnection : nullptr;
+ if (!request && clientConn) {
+ // because could not obtain them from request
+ checklist.src_addr = clientConn->remote;
+ checklist.my_addr = clientConn->local;
+ }
+
if (al->reply) {
checklist.reply = al->reply;
HTTPMSGLOCK(checklist.reply);
}
if (request) {
HTTPMSGUNLOCK(al->adapted_request);
al->adapted_request = request;
HTTPMSGLOCK(al->adapted_request);
}
// no need checklist.syncAle(): already synced
checklist.al = al;
accessLogLog(al, &checklist);
bool updatePerformanceCounters = true;
if (Config.accessList.stats_collection) {
ACLFilledChecklist statsCheck(Config.accessList.stats_collection, request, NULL);
statsCheck.al = al;
if (al->reply) {
statsCheck.reply = al->reply;
HTTPMSGLOCK(statsCheck.reply);
}
updatePerformanceCounters = statsCheck.fastCheck().allowed();
}
if (updatePerformanceCounters) {
if (request)
updateCounters();
- if (getConn() != NULL && getConn()->clientConnection != NULL)
- clientdbUpdate(getConn()->clientConnection->remote, logType, AnyP::PROTO_HTTP, out.size);
+ if (clientConn)
+ clientdbUpdate(clientConn->remote, logType, AnyP::PROTO_HTTP, out.size);
}
}
void
ClientHttpRequest::freeResources()
{
safe_free(uri);
safe_free(redirect.location);
range_iter.boundary.clean();
clearRequest();
if (client_stream.tail)
clientStreamAbort((clientStreamNode *)client_stream.tail->data, this);
}
void
httpRequestFree(void *data)
{
ClientHttpRequest *http = (ClientHttpRequest *)data;
assert(http != NULL);
delete http;
}
/* This is a handler normally called by comm_close() */
void ConnStateData::connStateClosed(const CommCloseCbParams &)
{
deleteThis("ConnStateData::connStateClosed");
}
#if USE_AUTH
More information about the squid-users
mailing list