Re: APT do not work with Squid as a proxy because of pipelining default

To: phil@philkern.de
Cc: debian-devel@lists.debian.org
Subject: Re: APT do not work with Squid as a proxy because of pipelining default
From: Goswin von Brederlow <goswin-v-b@web.de>
Date: Thu, 20 May 2010 06:21:25 +0200
Message-id: <[🔎] 87d3wrnqyi.fsf@frosties.localdomain>
In-reply-to: <[🔎] slrnhv842i.j97.trash@kelgar.0x539.de> (Philipp Kern's message of "Wed, 19 May 2010 16:22:42 +0000 (UTC)")
References: <eL13Q-1VN-1@gated-at.bofh.it> <eL2CC-4ij-15@gated-at.bofh.it> <eLgmf-7BR-11@gated-at.bofh.it> <eLiR4-2Tj-5@gated-at.bofh.it> <eLkpQ-5eC-7@gated-at.bofh.it> <[🔎] 4BF31D2E.7020209@rilynn.me.uk> <[🔎] AANLkTikdEp4HoGhNs30kc-jRYXqBa9Fmudd9-dvjFMU0@mail.gmail.com> <[🔎] 8739xnvpj2.fsf@frosties.localdomain> <[🔎] slrnhv842i.j97.trash@kelgar.0x539.de>

Philipp Kern <trash@philkern.de> writes:

> On 2010-05-19, Goswin von Brederlow <goswin-v-b@web.de> wrote:
>> Reading that I don't think that is really a pipelining issue. You do not
>> need pipelineing for it to work. The real problem is keep-alive. The
>> connection isn't destroyed after each request so you can put multiple
>> requests into the stream and exploit different brokenness in different
>> parsers along the way.
>
> Those are bugs in the servers that allow that output, though.
>
>> I think you have failed to show that pipelining is broken. What seems
>> "broken" is Keep-Alive. Do you suggest we stop using Keep-Alive to
>> prevent broken parsers from being exploited? Make a full 3-way handshake
>> for every request?
>
> I think we would want keep-alive with a pipeline depth of 1 (i.e. send the

Obviously I did not mean to disable Keep-Alive. :)

> new request after the old one was processed).  I'd rather think that
> TCP slow start is a problem if you avoid keepalive than the full 3-way
> handshake (which is annoying too).  Concurrent requests put an unreasonable
> load onto the mirrors, so we should avoid that.
>
> Kind regards,
> Philipp Kern

How about useing pipelining and if it breaks retry without pipelining
and inform the user of it? If it occurs frequently the user will
eventually notice the message and configure a depth of 1.

So 2 changes: 1) cope with the error graciously and 2) explain what is
probably happening.

That way most people would get the speed benefit and installations would
still not break when broken software is encountered.

MfG
        Goswin

PS: That doesn't mean squid shouldn't be fixed too.

Reply to:

References:
- Re: APT do not work with Squid as a proxy because of pipelining default
  - From: Roger Lynn <Roger@rilynn.me.uk>
- Re: APT do not work with Squid as a proxy because of pipelining default
  - From: Robert Collins <robertc@robertcollins.net>
- Re: APT do not work with Squid as a proxy because of pipelining default
  - From: Goswin von Brederlow <goswin-v-b@web.de>
- Re: APT do not work with Squid as a proxy because of pipelining default
  - From: Philipp Kern <trash@philkern.de>

Prev by Date: Re: APT do not work with Squid as a proxy because of pipelining default
Next by Date: Bug#582345: ITP: libhash-fieldhash-perl -- Perl module implementing a lightweight field hash
Previous by thread: Re: APT do not work with Squid as a proxy because of pipelining default
Next by thread: Re: APT do not work with Squid as a proxy because of pipelining default
Index(es):
- Date
- Thread