[PATCH] Consumption of POST body from Steve Hill on 2013-01-18 (squid-dev)

From: Steve Hill <steve_at_opendium.com>
Date: Fri, 18 Jan 2013 15:14:49 +0000

As I posted on the squid-users list yesterday, it seems that when a
client makes a forbidden request (tested with 403 Denied and 407 Auth
Required), Squid reads the entire request body into the BodyPipe with no
consumer. If the request body is too large (e.g. a large file being
POSTed), the BodyPipe and the receive buffer fill up and Squid logs:

2013/01/17 17:50:50.780 kid1| client_side.cc(2322)
maybeMakeSpaceAvailable: request buffer full:
client_request_buffer_max_size=524288

Squid stops reading from the client and since the client is still
sending, the socket's rx queue grows. Eventually the rx queue is full
and the TCP stack shrinks the TCP window to 0. The client and Squid
both sit there doing nothing with an open socket until the client drops
the connection (which may be some time).

This is reproducible by setting an ACL:
http_access deny all
Then make a large post request via the proxy:
curl --proxy http://yourproxy:3128 -v -F foo=@somefile -H "Expect:"
http://someurl
Where "somefile" is a file of a few megabytes in size.

The attached patch enables autoconsumption of the BodyPipe if access
isn't allowed in order to discard the request body rather than letting
it fill the buffers.

I'm not entirely sure this is the best fix - calling
expectNoForwarding() would seem to be neater, but this also causes the
client-side socket to close, which would break authentication mechanisms
that require the connection to be kept alive. Hopefully someone with a
better understanding of the Squid internals can review the patch and
tell me if it is the right approach?

-- 
  - Steve Hill
    Technical Director
    Opendium Limited     http://www.opendium.com
Direct contacts:
    Instant messager: xmpp:steve_at_opendium.com
    Email:            steve_at_opendium.com
    Phone:            sip:steve_at_opendium.com
Sales / enquiries contacts:
    Email:            sales_at_opendium.com
    Phone:            +44-844-9791439 / sip:sales_at_opendium.com
Support contacts:
    Email:            support_at_opendium.com
    Phone:            +44-844-4844916 / sip:support_at_opendium.com

text/x-patch attachment: squid-3.2.6-consume-post-body.patch

Received on Fri Jan 18 2013 - 15:14:58 MST

This archive was generated by hypermail 2.2.0 : Fri Jan 18 2013 - 12:00:07 MST