2026-04-17

Author: squidadm

squid-dev/2026-April.txt

@@ -1066,3 +1066,105 @@ Best regards,
 Anthony
 
 
+From rousskov at measurement-factory.com  Thu Apr 16 19:53:45 2026
+From: rousskov at measurement-factory.com (Alex Rousskov)
+Date: Thu, 16 Apr 2026 15:53:45 -0400
+Subject: [squid-dev] form PROXY header for cache_peer requests
+In-Reply-To: <1187431767.20260416172356@yahoo.com>
+References: <17170699.20260416145102.ref@yahoo.com>
+ <17170699.20260416145102@yahoo.com>
+ <06a06168-f7ac-43c5-8793-ad295886cefc@measurement-factory.com>
+ <1187431767.20260416172356@yahoo.com>
+Message-ID: <6faa2430-b837-4b8b-9341-c25e4e20ede9@measurement-factory.com>
+
+On 2026-04-16 10:23, Anthony Pankov wrote:
+> Thursday, April 16, 2026, 4:45:40 PM, you wrote: 
+>> On 2026-04-16 07:51, Anthony Pankov wrote:
+> 
+>>> I didn't find how to instruct Squid to form PROXY header for request
+>>> going to parent cache_peer.
+
+>> Official Squid code does not support PROXY protocol on cache_peer
+>> connections. Factory has implemented the required changes, but the
+>> corresponding proxy_protocol_outgoing feature is currently stuck in
+>> Squid Project backlog. Squid core developers cannot find a way to
+>> collaborate on clearing that growing backlog, so there is no ETA.
+
+
+> Is it somewhere in pull requests?
+
+Not yet: Dozens of backlogged changes, including several large ones, 
+need to be officially posted, reviewed, and merged first, but core 
+developers actions (and inaction) all but froze that process. There is 
+currently no consensus on how to solve this problem. We cannot even 
+agree to meet to discuss it. :-(
+
+Alex.
+
+
+From rousskov at measurement-factory.com  Thu Apr 16 20:05:40 2026
+From: rousskov at measurement-factory.com (Alex Rousskov)
+Date: Thu, 16 Apr 2026 16:05:40 -0400
+Subject: [squid-dev] forward bumped traffic to parent in plain form
+In-Reply-To: <190674630.20260416173629@yahoo.com>
+References: <1985119311.20260304190328.ref@yahoo.com>
+ <1736177688.20260308131738@yahoo.com>
+ <878e2ea7-2dda-410a-8bdf-1fabd429315e@measurement-factory.com>
+ <991408460.20260310135102@yahoo.com>
+ <f867539b-0550-43c6-9aa0-d74e8758cea6@measurement-factory.com>
+ <1493984953.20260310175054@yahoo.com>
+ <a728e3a6-ccc6-401d-bef4-355526f16f9a@measurement-factory.com>
+ <803480691.20260326151406@yahoo.com>
+ <50390f1b-105f-4384-ba35-b6a9e37a7684@measurement-factory.com>
+ <1332811842.20260331193229@yahoo.com>
+ <63b3703d-c87a-47ef-9e26-98b0ed4e4d18@measurement-factory.com>
+ <1832116129.20260403142017@yahoo.com>
+ <7785cda9-25eb-4eb7-bac7-0d5d6b82a4ad@measurement-factory.com>
+ <532105899.20260407175513@yahoo.com>
+ <06d7a5ac-f453-42c1-9031-8b7fb1110deb@measurement-factory.com>
+ <197778323.20260414142308@yahoo.com>
+ <335dc223-7353-4d06-8033-382ccfc8eb57@measurement-factory.com>
+ <735280386.20260416144121@yahoo.com>
+ <5d1dc7a9-141b-40c8-a401-74efef34488c@measurement-factory.com>
+ <190674630.20260416173629@yahoo.com>
+Message-ID: <2d0015d3-7385-40dc-b6a4-c3f0385d8bed@measurement-factory.com>
+
+On 2026-04-16 10:36, Anthony Pankov wrote:
+> Thursday, April 16, 2026, 4:15:12 PM, you wrote:
+>> On 2026-04-16 07:41, Anthony Pankov wrote:
+> 
+>>>> Alex: AFAICT, according to SslPeekAndSplice, after step1, Squid interprets "bump" as
+>>>> * "talk to the server and then respond to the client" rather than
+>>>> * "respond to the client and then talk to the server".
+> 
+> 
+>>> If a bump after step1 defined as "talk to the server and then respond
+>>> to the client" consequently Squid should not allow any "client-first"
+>>> modes.
+> 
+>> Today, Squid probably does not support "respond to the client and then talk to the server" behavior after step1. Assuming that is true:
+> 
+>> * That current code state does not imply that Squid "should not" support such behavior in the future.
+> 
+>> * It implies that if Squid gains such support in the future, then that support is likely to require changes in how Squid configuration is interpreted, probably either by adding new actions (to preserve behavior of existing deployments) or allowing the existing "client-first" action beyond step1 (with a risk of breaking a few existing deployments that still use that currently deprecated action).
+
+> Why I was asking was to know is there any roadmap for introducing new
+> actions or modifying configuration interpretation to do my changes
+> accordingly.
+
+There is not. My earlier suggestions is the best I can offer as far as 
+"roadmap" for new ssl_bump actions (or reinterpreting the existing but 
+deprecated client-first action) is concerned (in this email thread 
+context), but those suggestions are not official and (obviously) not 
+comprehensive/polished/tested/etc.
+
+If eventual official acceptance of your changes is critical, then it may 
+be best to start with a proposal that details what you want to change. 
+So far, I assumed that you mostly care about "working code" for your 
+specific use case, allowing you to avoid the high burden of creating and 
+passing official proposal review in this messy and poorly understood 
+SslBump context.
+
+Alex.
+
+

squid-dev/2026-April/010010.html

@@ -12,7 +12,7 @@
            }
    </style>
    <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
-   <LINK REL="Previous"  HREF="010014.html">
+   <LINK REL="Previous"  HREF="010016.html">
    <LINK REL="Next"  HREF="010012.html">
  </HEAD>
  <BODY BGCOLOR="#ffffff">
@@ -23,7 +23,7 @@ <H1>[squid-dev] form PROXY header for cache_peer requests</H1>
        </A><BR>
     <I>Thu Apr 16 11:51:02 UTC 2026</I>
     <P><UL>
-        <LI>Previous message (by thread): <A HREF="010014.html">[squid-dev] forward bumped traffic to parent in plain form
+        <LI>Previous message (by thread): <A HREF="010016.html">[squid-dev] forward bumped traffic to parent in plain form
 </A></li>
         <LI>Next message (by thread): <A HREF="010012.html">[squid-dev] form PROXY header for cache_peer requests
 </A></li>
@@ -58,11 +58,12 @@ <H1>[squid-dev] form PROXY header for cache_peer requests</H1>
 
 
 
+
 <!--endarticle-->
     <HR>
     <P><UL>
         <!--threads-->
-	<LI>Previous message (by thread): <A HREF="010014.html">[squid-dev] forward bumped traffic to parent in plain form
+	<LI>Previous message (by thread): <A HREF="010016.html">[squid-dev] forward bumped traffic to parent in plain form
 </A></li>
 	<LI>Next message (by thread): <A HREF="010012.html">[squid-dev] form PROXY header for cache_peer requests
 </A></li>

squid-dev/2026-April/010012.html

@@ -154,6 +154,7 @@ <H1>[squid-dev] form PROXY header for cache_peer requests</H1>
 
 
 
+
 <!--endarticle-->
     <HR>
     <P><UL>

squid-dev/2026-April/010013.html

@@ -13,7 +13,7 @@
    </style>
    <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
    <LINK REL="Previous"  HREF="010012.html">
-   
+   <LINK REL="Next"  HREF="010015.html">
  </HEAD>
  <BODY BGCOLOR="#ffffff">
    <H1>[squid-dev] form PROXY header for cache_peer requests</H1>
@@ -25,7 +25,8 @@ <H1>[squid-dev] form PROXY header for cache_peer requests</H1>
     <P><UL>
         <LI>Previous message (by thread): <A HREF="010012.html">[squid-dev] form PROXY header for cache_peer requests
 </A></li>
-        
+        <LI>Next message (by thread): <A HREF="010015.html">[squid-dev] form PROXY header for cache_peer requests
+</A></li>
          <LI> <B>Messages sorted by:</B> 
               <a href="date.html#10013">[ date ]</a>
               <a href="thread.html#10013">[ thread ]</a>
@@ -56,13 +57,16 @@ <H1>[squid-dev] form PROXY header for cache_peer requests</H1>
 </PRE>
 
 
+
+
 <!--endarticle-->
     <HR>
     <P><UL>
         <!--threads-->
 	<LI>Previous message (by thread): <A HREF="010012.html">[squid-dev] form PROXY header for cache_peer requests
 </A></li>
-	
+	<LI>Next message (by thread): <A HREF="010015.html">[squid-dev] form PROXY header for cache_peer requests
+</A></li>
          <LI> <B>Messages sorted by:</B> 
               <a href="date.html#10013">[ date ]</a>
               <a href="thread.html#10013">[ thread ]</a>

squid-dev/2026-April/010014.html

@@ -13,7 +13,7 @@
    </style>
    <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
    <LINK REL="Previous"  HREF="010011.html">
-   <LINK REL="Next"  HREF="010010.html">
+   <LINK REL="Next"  HREF="010016.html">
  </HEAD>
  <BODY BGCOLOR="#ffffff">
    <H1>[squid-dev] forward bumped traffic to parent in plain form</H1>
@@ -25,7 +25,7 @@ <H1>[squid-dev] forward bumped traffic to parent in plain form</H1>
     <P><UL>
         <LI>Previous message (by thread): <A HREF="010011.html">[squid-dev] forward bumped traffic to parent in plain form
 </A></li>
-        <LI>Next message (by thread): <A HREF="010010.html">[squid-dev] form PROXY header for cache_peer requests
+        <LI>Next message (by thread): <A HREF="010016.html">[squid-dev] forward bumped traffic to parent in plain form
 </A></li>
          <LI> <B>Messages sorted by:</B> 
               <a href="date.html#10014">[ date ]</a>
@@ -67,13 +67,14 @@ <H1>[squid-dev] forward bumped traffic to parent in plain form</H1>
 
 </PRE>
 
+
 <!--endarticle-->
     <HR>
     <P><UL>
         <!--threads-->
 	<LI>Previous message (by thread): <A HREF="010011.html">[squid-dev] forward bumped traffic to parent in plain form
 </A></li>
-	<LI>Next message (by thread): <A HREF="010010.html">[squid-dev] form PROXY header for cache_peer requests
+	<LI>Next message (by thread): <A HREF="010016.html">[squid-dev] forward bumped traffic to parent in plain form
 </A></li>
          <LI> <B>Messages sorted by:</B> 
               <a href="date.html#10014">[ date ]</a>

squid-dev/2026-April/010015.html

@@ -0,0 +1,83 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML>
+ <HEAD>
+   <TITLE> [squid-dev] form PROXY header for cache_peer requests
+   </TITLE>
+   <LINK REL="Index" HREF="index.html" >
+   <LINK REL="made" HREF="mailto:squid-dev%40lists.squid-cache.org?Subject=Re%3A%20%5Bsquid-dev%5D%20form%20PROXY%20header%20for%20cache_peer%20requests&In-Reply-To=%3C6faa2430-b837-4b8b-9341-c25e4e20ede9%40measurement-factory.com%3E">
+   <META NAME="robots" CONTENT="index,nofollow">
+   <style type="text/css">
+       pre {
+           white-space: pre-wrap;       /* css-2.1, curent FF, Opera, Safari */
+           }
+   </style>
+   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
+   <LINK REL="Previous"  HREF="010013.html">
+   
+ </HEAD>
+ <BODY BGCOLOR="#ffffff">
+   <H1>[squid-dev] form PROXY header for cache_peer requests</H1>
+    <B>Alex Rousskov</B> 
+    <A HREF="mailto:squid-dev%40lists.squid-cache.org?Subject=Re%3A%20%5Bsquid-dev%5D%20form%20PROXY%20header%20for%20cache_peer%20requests&In-Reply-To=%3C6faa2430-b837-4b8b-9341-c25e4e20ede9%40measurement-factory.com%3E"
+       TITLE="[squid-dev] form PROXY header for cache_peer requests">rousskov at measurement-factory.com
+       </A><BR>
+    <I>Thu Apr 16 19:53:45 UTC 2026</I>
+    <P><UL>
+        <LI>Previous message (by thread): <A HREF="010013.html">[squid-dev] form PROXY header for cache_peer requests
+</A></li>
+        
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#10015">[ date ]</a>
+              <a href="thread.html#10015">[ thread ]</a>
+              <a href="subject.html#10015">[ subject ]</a>
+              <a href="author.html#10015">[ author ]</a>
+         </LI>
+       </UL>
+    <HR>  
+<!--beginarticle-->
+<PRE>On 2026-04-16 10:23, Anthony Pankov wrote:
+&gt;<i> Thursday, April 16, 2026, 4:45:40 PM, you wrote: 
+</I>&gt;&gt;<i> On 2026-04-16 07:51, Anthony Pankov wrote:
+</I>&gt;<i> 
+</I>&gt;&gt;&gt;<i> I didn't find how to instruct Squid to form PROXY header for request
+</I>&gt;&gt;&gt;<i> going to parent cache_peer.
+</I>
+&gt;&gt;<i> Official Squid code does not support PROXY protocol on cache_peer
+</I>&gt;&gt;<i> connections. Factory has implemented the required changes, but the
+</I>&gt;&gt;<i> corresponding proxy_protocol_outgoing feature is currently stuck in
+</I>&gt;&gt;<i> Squid Project backlog. Squid core developers cannot find a way to
+</I>&gt;&gt;<i> collaborate on clearing that growing backlog, so there is no ETA.
+</I>
+
+&gt;<i> Is it somewhere in pull requests?
+</I>
+Not yet: Dozens of backlogged changes, including several large ones, 
+need to be officially posted, reviewed, and merged first, but core 
+developers actions (and inaction) all but froze that process. There is 
+currently no consensus on how to solve this problem. We cannot even 
+agree to meet to discuss it. :-(
+
+Alex.
+
+</PRE>
+
+
+<!--endarticle-->
+    <HR>
+    <P><UL>
+        <!--threads-->
+	<LI>Previous message (by thread): <A HREF="010013.html">[squid-dev] form PROXY header for cache_peer requests
+</A></li>
+	
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#10015">[ date ]</a>
+              <a href="thread.html#10015">[ thread ]</a>
+              <a href="subject.html#10015">[ subject ]</a>
+              <a href="author.html#10015">[ author ]</a>
+         </LI>
+       </UL>
+
+<hr>
+<a href="https://lists.squid-cache.org/listinfo/squid-dev">More information about the squid-dev
+mailing list</a><br>
+</body></html>

squid-dev/2026-April/010016.html

@@ -0,0 +1,98 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<HTML>
+ <HEAD>
+   <TITLE> [squid-dev] forward bumped traffic to parent in plain form
+   </TITLE>
+   <LINK REL="Index" HREF="index.html" >
+   <LINK REL="made" HREF="mailto:squid-dev%40lists.squid-cache.org?Subject=Re%3A%20%5Bsquid-dev%5D%20forward%20bumped%20traffic%20to%20parent%20in%20plain%20form&In-Reply-To=%3C2d0015d3-7385-40dc-b6a4-c3f0385d8bed%40measurement-factory.com%3E">
+   <META NAME="robots" CONTENT="index,nofollow">
+   <style type="text/css">
+       pre {
+           white-space: pre-wrap;       /* css-2.1, curent FF, Opera, Safari */
+           }
+   </style>
+   <META http-equiv="Content-Type" content="text/html; charset=us-ascii">
+   <LINK REL="Previous"  HREF="010014.html">
+   <LINK REL="Next"  HREF="010010.html">
+ </HEAD>
+ <BODY BGCOLOR="#ffffff">
+   <H1>[squid-dev] forward bumped traffic to parent in plain form</H1>
+    <B>Alex Rousskov</B> 
+    <A HREF="mailto:squid-dev%40lists.squid-cache.org?Subject=Re%3A%20%5Bsquid-dev%5D%20forward%20bumped%20traffic%20to%20parent%20in%20plain%20form&In-Reply-To=%3C2d0015d3-7385-40dc-b6a4-c3f0385d8bed%40measurement-factory.com%3E"
+       TITLE="[squid-dev] forward bumped traffic to parent in plain form">rousskov at measurement-factory.com
+       </A><BR>
+    <I>Thu Apr 16 20:05:40 UTC 2026</I>
+    <P><UL>
+        <LI>Previous message (by thread): <A HREF="010014.html">[squid-dev] forward bumped traffic to parent in plain form
+</A></li>
+        <LI>Next message (by thread): <A HREF="010010.html">[squid-dev] form PROXY header for cache_peer requests
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#10016">[ date ]</a>
+              <a href="thread.html#10016">[ thread ]</a>
+              <a href="subject.html#10016">[ subject ]</a>
+              <a href="author.html#10016">[ author ]</a>
+         </LI>
+       </UL>
+    <HR>  
+<!--beginarticle-->
+<PRE>On 2026-04-16 10:36, Anthony Pankov wrote:
+&gt;<i> Thursday, April 16, 2026, 4:15:12 PM, you wrote:
+</I>&gt;&gt;<i> On 2026-04-16 07:41, Anthony Pankov wrote:
+</I>&gt;<i> 
+</I>&gt;&gt;&gt;&gt;<i> Alex: AFAICT, according to SslPeekAndSplice, after step1, Squid interprets &quot;bump&quot; as
+</I>&gt;&gt;&gt;&gt;<i> * &quot;talk to the server and then respond to the client&quot; rather than
+</I>&gt;&gt;&gt;&gt;<i> * &quot;respond to the client and then talk to the server&quot;.
+</I>&gt;<i> 
+</I>&gt;<i> 
+</I>&gt;&gt;&gt;<i> If a bump after step1 defined as &quot;talk to the server and then respond
+</I>&gt;&gt;&gt;<i> to the client&quot; consequently Squid should not allow any &quot;client-first&quot;
+</I>&gt;&gt;&gt;<i> modes.
+</I>&gt;<i> 
+</I>&gt;&gt;<i> Today, Squid probably does not support &quot;respond to the client and then talk to the server&quot; behavior after step1. Assuming that is true:
+</I>&gt;<i> 
+</I>&gt;&gt;<i> * That current code state does not imply that Squid &quot;should not&quot; support such behavior in the future.
+</I>&gt;<i> 
+</I>&gt;&gt;<i> * It implies that if Squid gains such support in the future, then that support is likely to require changes in how Squid configuration is interpreted, probably either by adding new actions (to preserve behavior of existing deployments) or allowing the existing &quot;client-first&quot; action beyond step1 (with a risk of breaking a few existing deployments that still use that currently deprecated action).
+</I>
+&gt;<i> Why I was asking was to know is there any roadmap for introducing new
+</I>&gt;<i> actions or modifying configuration interpretation to do my changes
+</I>&gt;<i> accordingly.
+</I>
+There is not. My earlier suggestions is the best I can offer as far as 
+&quot;roadmap&quot; for new ssl_bump actions (or reinterpreting the existing but 
+deprecated client-first action) is concerned (in this email thread 
+context), but those suggestions are not official and (obviously) not 
+comprehensive/polished/tested/etc.
+
+If eventual official acceptance of your changes is critical, then it may 
+be best to start with a proposal that details what you want to change. 
+So far, I assumed that you mostly care about &quot;working code&quot; for your 
+specific use case, allowing you to avoid the high burden of creating and 
+passing official proposal review in this messy and poorly understood 
+SslBump context.
+
+Alex.
+
+</PRE>
+
+<!--endarticle-->
+    <HR>
+    <P><UL>
+        <!--threads-->
+	<LI>Previous message (by thread): <A HREF="010014.html">[squid-dev] forward bumped traffic to parent in plain form
+</A></li>
+	<LI>Next message (by thread): <A HREF="010010.html">[squid-dev] form PROXY header for cache_peer requests
+</A></li>
+         <LI> <B>Messages sorted by:</B> 
+              <a href="date.html#10016">[ date ]</a>
+              <a href="thread.html#10016">[ thread ]</a>
+              <a href="subject.html#10016">[ subject ]</a>
+              <a href="author.html#10016">[ author ]</a>
+         </LI>
+       </UL>
+
+<hr>
+<a href="https://lists.squid-cache.org/listinfo/squid-dev">More information about the squid-dev
+mailing list</a><br>
+</body></html>