Polygraph v3.1.5 available
rousskov at measurement-factory.com
Thu Mar 13 17:44:02 UTC 2008
Polygraph version 3.1.5 is now available at
This major public release includes NTLM authentication support. NTLMSPP
authentication is working in our tests. GSSAPI (a.k.a., SPNEGO)
algorithm is implemented but untested (we are waiting for a proxy with
GSSAPI support). Authentication documentation is available at
This release also includes foreign content handling improvements,
portability improvements and bug fixes. The code has been in use by
Factory customers for a while and appears to be stable. The change log
for the entire 3.1 branch is quoted below.
----------- change log -----------------
- Initial and mostly untested support for NTLM/GSSAPI proxy
authentication. We need to find a proxy that supports
NTLM/GSSAPI to test this feature.
- Added support for recycling or sharing of SSL certificates that
have identical generation parameters. The support is enabled
by setting PGL SslWrap::sharing_group to a non-empty string.
The certificates within the same group will be shared if their
openssl generation commands are the same.
Sharing provides significant speedup in Polygraph start times
when hundreds of servers require certificate generation.
- Some Linux kernels have gettimeofday bugs that cause time
jumps of approximately 72 minutes, especially on SMP systems.
We saw it on an 8-CPU box running 2.6.18-8.el5. For 2002
discussion, start at
We now try to ignore individual jumps exceeding 60 minutes. If
the time did change, the change will be honored during the
second gettimeofday() call.
- Make NTLM code compile when SSL is disabled. Polygraph will
assert if NTLM is used without SSL support because it needs
SSL code for NTLM.
- Removed extra terminating CRLF after CONNECT headers.
- Use the first (top) supported Proxy-Authenticate method
instead of the last one.
- Use the last '@' in NTLM credentials to separate the host name
from the user name because the user name itself may contain '@'.
- Robots were not parsing some CONNECT responses correctly.
- Send full Request URL only if we are talking directly to a
proxy. Sending an HTTP request inside the CONNECT transaction
is not talking directly to a proxy.
- Do not try to parse content as markup if we are not going to
request embedded objects due to non-positive embed_recur.
- Tolerate binary log "level" statistics with negative mean level
data, which may be caused by level sum overflow.
- Fixed --log and --sample_log command-line option descriptions.
- Removed no longer used or maintained nmake-specific Makefiles.
- Fixed the 'theInOff <= theCapacity' assertion.
- Support client-side NTLM authentication with proxies.
- Fixed a bug resulting in a stuck client transaction when the
HTTP request did not fit into a single I/O.
- Make GCC4 on Ubuntu6 happier (Mikhail Fedotov).
More information about the Users