New in version 4.2.2 RC9.3

May 21st, 2009
  • SafeSquid now allows complete tcp tuning.
  • The performance of SafeSquid like any server-side web-application can be impacted by TCP parameters like Keepalive, Receive Buffers & Send Buffers.
  • The life of CLOSE_WAIT sockets depends upon the Keepalive parameters, whereas the Send / Receive Buffers can greatly impact the throughput and speed.
  • The prior releases of SafeSquid required these parameters to be very carefully set (for the performance conscious), via sysctl, and obviously required a system-wide impact.
  • With 4.2.2.RC9.3, these parameters can be set for SafeSquid uniquely, and particularly for it only.
  • These parameters can be specified as command-line parameters when invoking SafeSquid service.
  • For convenience, these parameters may be set like other parameters via the init script + startup.conf
  • Full explanation of using these enhancements has been incorporated in the startup.conf, and should be easily accessible via:
  • "/etc/init.d/safesquid adjust"
  • Of course, these shall be encountered by you when you perform the upgrade, too.
  • SafeSquid's content caching now takes preventive action when the caching parameters are ill configured.
  • The prior releases required the caching section to be very carefully configured, and were very intolerant to under-dimensioned configurations.
  • SafeSquid could suddenly become sluggish in throughput, or exhbit similar such random behavior, if caching was ill-configured.
  • With 4.2.2.RC9.3, SafeSquid should be much more tolerant to ill-configured caching sections, and should mostly be able to take automatic corrective actions.
  • Optimisations have been introduced to allow use of libhoard. The SafeSquid core now responds still better when libhoard is used. The init script has been modified to facilitate easy use of libhoard. Standard Installation creates Install directory as /opt/safesquid, and places the safesquid's executable binary in /opt/safesquid/bin/ Simply create a sub-folder "libs" in your SafeSquid Install directory i.e. create /opt/safesquid/bin/libs and copy libhoard.so so that /opt/safesquid/bin/libs/libhoard.so is accessible. The init script will detect libhoard's presence, and automatically preload it when invoking the SafeSquid executable.
  • The init script has also been optimised for invoking libkeepalive. It has been found that in a few legacy libraries like pam_ldap, the fuctionality of keepalive is missing and could cause problems. libkeepalive could solve stability problems in such environments.
  • BugFixes:
  • The prior releases of SafeSquid did not record the data transferred in CONNECT requests, in the log files.
  • This has been fixed, data transferred in the CONNECT requests is now recorded in both Access & Extended Logs
  • Some of the libraries used by SafeSquid, could cause Stack Smashing and other random errors.
  • Some of the very observant SafeSquid users, collaborated to fix the issue for one of the libraries - libgmp.
  • The linking mechanism to this library has been modified. This may require the users to ensure that the libgmp is properly installed on the host system.
  • It is expected that a few more such problems could manifest, and will be soon discovered, with ever growing population of such sharp users.
  • Some users complained about SafeSquid not able to randomly serve the requests, over a period of time.
  • SafeSquid seemed to magically start serving requests, after a few minutes of silence.
  • This was recurringly observed at large sites where SOCKET_TIMEOUT was set to a value higher than 6.
  • SafeSquid's DDoS protection system was identified to be the cause for this.
  • The algorithm for detecting the DDoS attacks was found to be flawed.
  • A sudden burst of large number of fresh connections, were misinterpreted as DDoS attacks.
  • The algorithm seemed to be "too sensitive" and could cause suspension of services from getting rendered, until the rate of incoming requests dropped significantly.
  • This has now been fixed, and prevents complete suspension of services, and instead reduces the timeouts to counter a DDoS attack.
  • The OVERLOAD_FACTOR is now treated as the expected probability of touching MAXTHREADS.
  • Some users had also experienced problems when downloading large files. This has also been corrected.
  • It was found that SafeSquid could "disobey", the connection timeout directives in the General Section, specially when the number of incoming connections was large.
  • This caused SafeSquid to incorrectly interpret a slow data transfer speed as a broken connection.
  • This has been corrected, and SafeSquid should follow the timeout directives in the General Section, more precisely.
  • The init script has been further improved, and now provides better control over the creation of monit directives.
  • The install script has been fixed to ensure upgrades do not overwrite without approval.

New in version 4.2.2 RC9.1B (February 13th, 2009)

  • Improved mechanisms for addressing CLOSE_WAIT related problems.
  • This release can reclaim both half-open and half-closed sockets (CLOSE_WAIT state connections) and reuse them for both inbound and outbound connections.
  • A logical flaw that caused a memory leak on application of profiles under certain conditions is fixed.
  • The cProfiles feature has been enhanced for speed.
  • Depending upon user configuration, resolution speed will be about 30 to 70% faster.
  • The init script has been improved, and a few more parameters have been made tunable via startup.conf.

New in version 4.2.2 RC9.0 (December 30th, 2008)

  • This release has moved to the higher GLIBC that allows optimal use of CPU.
  • It has improved the THREAD_TIMEOUT and SOCKET_TIMEOUT parameters to allow reduction of CLOSE_WAIT and give better response to Piplining enabled clients and load-balancers.
  • Many minor improvements that increase throughput and speed.
  • The application of prefetching rules is now logged in the native log.
  • A bug that broke the QoS control feature of User Limits has been traced and fixed.

New in version 4.2.2 RC8.14B (November 20th, 2008)

  • A new parameter, OVERLOAD_FACTOR, has been introduced.
  • A logical flaw in cache cleaning operation has been traced and fixed.
  • A logical flaw in logged cache object size has been traced and fixed.
  • The design of cProfiles has been modified to allow it to query for an almost unlimited number of Web sites simultaneously.
  • Failure of the MD5 integrity check for cached objects has been corrected.
  • A logical bug while updating or modifying the entries in cache has been corrected.
  • Dynamically generated objects are not cached now.
  • Memory requirements have been tremendously slimmed down.