Why doesn't GateSentry use peek-n-splice?

[leeand00]

I was reading in the documentation about Squid and I found the following:

"This section is outdated. The below limitations were resolved in Squid-3.5 by peek-n-splice"

• Squid Documentation

Why doesn't GateSentry use peek-n-splice?

[fifthsegment]

Nice! This is awesome, i'll work on adding it to GS.

Why no peak-and-splice? I simply updated the Squid version without modifying the config file from 2015.

[leeand00]

Ah okay. Well glad you know about it now. I just noticed it when I looked at the documentation. What PHP framework do you use here anyway?

[vince2bir]

squid is version 3.3.8 on the image. For what it's worth, I was unable to compile version 3.5 with ssl... (I end up with a "undefined reference to `HttpsPortList' ")

This is what I used to configure:

./configure --build=arm-linux-gnueabihf \
--prefix=/usr \
--includedir=${prefix}/include \
--mandir=${prefix}/share/man \
--infodir=${prefix}/share/info \
--sysconfdir=/etc \
--localstatedir=/var \
--libexecdir=${prefix}/lib/squid3 \
--srcdir=. \
--disable-maintainer-mode \
--disable-dependency-tracking \
--disable-silent-rules \
--datadir=/usr/share/squid3 \
--sysconfdir=/etc/squid3 \
--mandir=/usr/share/man \
--enable-inline \
--disable-arch-native \
--enable-async-io=8 \
--enable-storeio=ufs,aufs,diskd,rock \
--enable-removal-policies=lru,heap \
--enable-delay-pools \
--enable-cache-digests \
--enable-icap-client \
--enable-follow-x-forwarded-for \
--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB \
--enable-auth-digest=file,LDAP \
--enable-auth-negotiate=kerberos,wrapper \
--enable-auth-ntlm=fake,smb_lm \
--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group \
--enable-url-rewrite-helpers=fake \
--enable-eui \
--enable-esi \
--enable-icmp \
--enable-zph-qos \
--enable-ecap \
--disable-translation \
--with-swapdir=/var/spool/squid3 \
--with-logdir=/var/log/squid3 \
--with-pidfile=/var/run/squid3.pid \
--with-filedescriptors=65536 \
--with-large-files \
--with-default-user=proxy \
--with-openssl \
--enable-ssl-crtd \
--enable-linux-netfilter \
'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall' \
'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' \
'CPPFLAGS=-D_FORTIFY_SOURCE=2' \
'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security'

[sanzatou]

I am using your GateSentry based on the image you put available for download, THX a lot btw :-) I am facing issues with the ssl_bump functionality, since more and more websites are using https ... even a simple google search returns an error :-( I will try to upgrade to latest squid 3.5 in order to use peek and splice functionalities ... @fifthsegment >have you had time to go ahead on this issue ?

[fifthsegment]

Thanks for posting up here. What exactly is the issue you're facing with ssl-bump and google searches, have you checked the logs? I did pursue it and was able to install squid 3.5 fine, it remained compatible with GateSentry (after a few minor modifications to the squid config file). Currently i'm working on a faster implementation of GateSentry powered by Golang.

[github-actions[bot]]

This issue is stale because it has been open for 30 days with no activity.

[github-actions[bot]]

This issue was closed because it has been inactive for 14 days since being marked as stale.