I've attached 3 patches to this message for comment.
The first patch (transparent-pipeline.patch) is simple - I'd like to allow
NTLM auth to work even when pipelined requests are enabled, but only for
transparent requests. I think that this is a safe option, as the web
browser thinks it's talking directly to the web server for transparent
requests.
The second patch (transparent-dns-hint.patch) is designed to use the
destination IP that the client was attempting to connect to as the server
IP if DNS lookup fail (for a transparent request). storeRelease is called
as soon as possible in forward.c to stop the object from being cached.
This allows customers to use unofficial DNS servers, or even entries in
/etc/hosts to visit web sites through squid, while still maintaining the
integrity of cached objects (by not caching the objects).
The third patch (transparent-pipeline.patch) is designed to allow squid to
handle non-http traffic. If a request can not be decoded by squid, and it
was a transparently intercepted requets, it will be transformed to a
CONNECT request to the server that the client was trying to contact, and
all data will be passed to/from the server untouched by squid. (I have a
second copy of this patch that has been tested, and I can confirm that it
works when patched against squid 2.6.10. The attached patch was created
against the CVS tree of 2.6, and does need testing).
The idea behind all of the above patches is to try and make squid as
transparent as possible when in transparent mode (ie performance and
behaviour on port 80 should be the same as it would be with no proxy).
Regards
Steven
This archive was generated by hypermail pre-2.1.9 : Sun Apr 01 2007 - 12:00:01 MDT