-
Notifications
You must be signed in to change notification settings - Fork 176
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
enhancement: enable icap preview mode and fix client according to the spec #8062
Conversation
Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes. |
0a32e6f
to
f46edf3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 LGTM
Just some remark for future improvement...
i updated the client lib, can be found here: fschade/icap-client#1 |
…ich fixes tcp socket keepalive
1521070
to
27048e7
Compare
@mmattel, please see the message from jfd regarding the deprecation. |
the client lib is in a good shape now, still, we could (and should) invest more time integrating a protocol layer or similar. Can be done later! we have to decide if we backport it or not, my personal opinion, 4.0, master and 5.0 should contain the change. i tested (locally) every known case, works for me! cc.: @wkloucek. please confirm if it solves your icap problems. |
Adding @ScharfViktor as this is testing relevant |
thanks martin for taking care :) |
@fschade we need a changelog! |
196e0a6
to
66554c4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM from a docs pov 👍
Co-authored-by: Martin <[email protected]>
1c4d779
to
0ad7beb
Compare
Quality Gate passedKudos, no new issues were introduced! 0 New issues |
@@ -34,5 +36,10 @@ func ParseConfig(cfg *config.Config) error { | |||
|
|||
// Validate validates our little config | |||
func Validate(cfg *config.Config) error { | |||
if cfg.Scanner.ICAP.DeprecatedTimeout != 0 { | |||
cfg.Scanner.ICAP.Timeout = time.Duration(cfg.Scanner.ICAP.DeprecatedTimeout) * time.Second | |||
fmt.Println("ANTIVIRUS_ICAP_TIMEOUT is deprecated, use ANTIVIRUS_ICAP_SCAN_TIMEOUT instead") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see what you did there ❤️
… spec (#8062) * enhancement: enable icap preview mode and use a forked icap client which fixes tcp socket keepalive * enhancement: make use of human time for the icap timout config option * enhancement: update icap-client * enhancement: bump icap client library and deprecate ANTIVIRUS_ICAP_TIMEOUT env * chore: vendor icap library * enhancement: set preview size only if greater than 0 * Update services/antivirus/pkg/config/config.go Co-authored-by: Martin <[email protected]> * enhancement: add changelog --------- Co-authored-by: Martin <[email protected]>
… spec (owncloud#8062) * enhancement: enable icap preview mode and use a forked icap client which fixes tcp socket keepalive * enhancement: make use of human time for the icap timout config option * enhancement: update icap-client * enhancement: bump icap client library and deprecate ANTIVIRUS_ICAP_TIMEOUT env * chore: vendor icap library * enhancement: set preview size only if greater than 0 * Update services/antivirus/pkg/config/config.go Co-authored-by: Martin <[email protected]> * enhancement: add changelog --------- Co-authored-by: Martin <[email protected]>
Description
the used icap lib is not active maintained and we've spotted some bugs:
both of the above topics are handled in my fork but needs confirmation and polishing before sending the changes upstream.
The implementation for preview requests follows the rfc 3507 (0 DoubleCRLF) and works (at least in my test-cases) now as expected.
Making use of the preview mechanism could drastically speed up virus detection and therefore improves the end user experience and by reducing the waiting time and on also reduces the network traffic (if a virus is detected within the firs N bytes).
The implementation still needs some more options later on, for now i just wanna wait for confirmation that the bug reported via #6764 is fixed, Once that is done, i start polishing.
The preview requests are enabled by default in this PR, no change needed.
To see the benefit of TCP connection keepalive, changes in the c-icap are needed, e.g.:
KeepAliveTimeout 600
Related Issue
Motivation and Context
speedup virus scanning and improve end user experience
How Has This Been Tested?
Screenshots (if appropriate):
Types of changes
Checklist: