I've attached 3 patches to this message for comment.
The first patch (transparent-pipeline.patch) is simple - I'd like to allow NTLM auth to work even when pipelined requests are enabled, but only for transparent requests. I think that this is a safe option, as the web browser thinks it's talking directly to the web server for transparent requests.
The second patch (transparent-dns-hint.patch) is designed to use the destination IP that the client was attempting to connect to as the server IP if DNS lookup fail (for a transparent request). storeRelease is called as soon as possible in forward.c to stop the object from being cached. This allows customers to use unofficial DNS servers, or even entries in /etc/hosts to visit web sites through squid, while still maintaining the integrity of cached objects (by not caching the objects).
The third patch (transparent-pipeline.patch) is designed to allow squid to handle non-http traffic. If a request can not be decoded by squid, and it was a transparently intercepted requets, it will be transformed to a CONNECT request to the server that the client was trying to contact, and all data will be passed to/from the server untouched by squid. (I have a second copy of this patch that has been tested, and I can confirm that it works when patched against squid 2.6.10. The attached patch was created against the CVS tree of 2.6, and does need testing).
The idea behind all of the above patches is to try and make squid as transparent as possible when in transparent mode (ie performance and behaviour on port 80 should be the same as it would be with no proxy).
Regards
Steven
-- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.446 / Virus Database: 268.18.10/720 - Release Date: 12/03/2007 7:19 PM
This archive was generated by hypermail pre-2.1.9 : Sun Apr 01 2007 - 12:00:01 MDT