SafeSquid for Linux SWG safesquid-2018.0206.2141.3-swg-concept released
From Secure Web Gateway
Revision as of 12:41, 7 February 2018 by Santosh.thorat (Created page with " '''Improvements''' # SafeSquid uses SSL_Pending to determine presence of residual data after reading from an SSL socket, to eliminate wait before a subsequent read call...")
- SafeSquid uses SSL_Pending to determine presence of residual data after reading from an SSL socket, to eliminate wait before a subsequent read call.
The logic of this checking of SSL_Pending has been further optimized for reducing CPU utilization.
- SafeSquid displays streaming of Native Logs on dashboard.
The streaming automatically pauses, when user hovers mouse over the display.
Users reported inconvenience in event of accidental mouse hover, requiring the user has to click on Resume button to restart streaming.
The WebUI now offers an option to the user to prevent this automatic pause.
- SafeSquid can listen on multiple sockets and accept new connections.
SafeSquid's legacy design used a single thread to listen and accept connections on multiple sockets.
This design under-utilised the TCP option SO_REUSEPORT.
A new design has now been implemented that creates a dedicated thread for listening and accepting connection on each socket.
Each of these dedicated threads is confined to a single CPU core.
Currently you may have to create multiple entries in the Network Section to get maximum benefits from this new design.
SafeSquid will use a round-robin distribution of these dedicated threads to load-balance across all the available CPU cores.
You can expect 50% improvement in handling connections with increase in throughput.
- SafeSquid loads in-memory configuration from user generated config.xml or default config.xml to reduce the disk I/O.
Abnormal behaviour was discovered in SafeSquid process when in-memory configuration not loaded due to absence of these config.xml.
SafeSquid now creates an empty in-memory configuration, to safeguard against such abnormal behaviour.
- The performance of SafeSquid can be impacted by TCP parameters like sysctl, Keepalive, etc.
SafeSquid uses TCP tuning script to derive some of these TCP parameters.
A semantic error was found in this script due to which derived sysctl values was not been loaded.
Correction was done in the tcp tuning script, to ensure loading of the derived sysctl values.
- SafeSquid closes all sockets which are not required and have no data present to transmit.
Flaw was detected in some of these sockets' closure, where peer closes before recieving pending data.
These sockets were running in endless loops result in high CPU usage.
Correction was done to ensure closure and release of such sockets.
- SafeSquid was sending only the Host details while sending request headers to remote web-servers.
Some web-sites that serve on non-standard ports may require HOST to be specified as Host:Port format in the request headers.
Failure was discovered when accessing https web-sites served on ports other than the standard 443.
SafeSquid now ensures port is included in the Host directive, when sending request headers to a server listening on non-standard port.
New Users? Getting_Started
Download SafeSquid ISO to create your appliance.
Download safesquid-2018.0206.2141.3-swg-concept.tar.gz tarball for up-gradation or If you already have Linux 14.04 machine.