Closed Bug 84798 Opened 23 years ago Closed 21 years ago

PAC: Failover (multiple return values for FindProxyforURL)


(Core :: Networking, enhancement, P2)






(Reporter: benc, Assigned: darin.moz)



(Keywords: embed, helpwanted, Whiteboard: [adt2 rtm], pac)


(1 file, 13 obsolete files)

54.82 KB, patch
: review+
Details | Diff | Splinter Review

Console shows that PAC resolves to two servers, one available, one not, but 
then it doesn't work.
Attached patch failvoer pac (obsolete) — Splinter Review
The first returned proxy server is not available, so presumably it should 

I need to check the javascript syntax, because it looks weird, but someone told 
me that was correct.
The proxy APIs only allow for one server, and so the pac stuff just picks the
first, as I understand it.
Assignee: neeti → jpm
Failover is specified in the PAC definition, and worked in Comm4.
+ lots of keywords.
Priority: -- → P1
There also is no UI for complete failure, which should ask if you go to direct
If all proxies are down, and there was no DIRECT option specified, the Navigator
will ask if proxies should be temporarily ignored, and direct connections
attempted. The Navigator will
ask if proxies should be retried after 20 minutes has passed (then the next time
40 minutes from the previous question, always adding 20 minutes).
Severity: normal → critical
Keywords: nsenterprise
*** Bug 85680 has been marked as a duplicate of this bug. ***
*** Bug 86874 has been marked as a duplicate of this bug. ***
Blocks: 85656, 86856
Blocks: 79893
The failover return which works in other browsers but not in mozilla/netscape

        return "PROXY; PROXY";
Blocks: 87272
No longer blocks: 87272
QA Contact: benc → pacqa
Serge, can you take a look at these PAC issues? Thanks - Jussi-Pekka
Assignee: jpm → serge
Attached patch patch (obsolete) — Splinter Review
The patch was co-authored with

Parse the LocalFindProxyForURL output and check dns resolvability of each in
turn.  If nothing satisfiable is found, treat as a direct connection.
Keywords: patch, review
Umm, hold the phone on that one.  It appears I may be able to make a very minor
change and get the fix for bug 79057 much easier than I had expected to.
Keywords: patch, review
Attached patch patch v2, with fix for 79057 (obsolete) — Splinter Review
Take 2.  A week ago I could have sworn getting a wrapper around dns.resolve() to
work inside the PAC sandbox was very tough, but apparently I was wrong.  A one
line addition allows a fix for bug 79057 as well.

While I was at it I tweaked isInNet so it doesn't behave badly if dnsResolve
can't get an ip address for the hostname.

cc'ing gagan because he seems to have created the pac code, and mstoltz because
we were talking about security issues.
As usual, co-authored by basic.
Keywords: patch, review
Blocks: 79057
What about if the DNS resolves fine, but the proxy elected by PAC is down?
You're right -- this is only a partial solution.  Getting it to fall back
properly when it can't connect to its first-choice proxy would require chasing
this all over the netwerk code, and the scope of it seems beyond my present
knowledge.  As bbaetz said: "The proxy APIs only allow for one server, and so
the pac stuff just picks the first, as I understand it."  This is still the
case, but now the PAC stuff picks the first that is not obviously bogus.

Changing Platform/OS

the patch tingley attach is more of a workaround than a fix, but it is much
better than the current behavior. A real fix would involve rewriting the proxy
api, which I doubt will happen before bug 89928 is fixed.
OS: Windows NT → All
Hardware: PC → All
Still hoping for an r/sr for this.  The odds of making it before the 0.9.3
freeze are zero and dropping, but since I'll be away from July 30 - August 10,
if possible I'd like to get some sort of feedback on this this week.  In truth,
I'm more eager to get bug 79057 fixed than this one (as it's more broken, is a
more complete fix, and has more votes to boot); I'd be happy to split this patch
in two if it will speed things up any.
You realise that this isn't actually fallover - full fallover means that you
need to try the second proxy if the connection is refused, not just if the host
is not existing. (And, arguably, for some proxy errors, I guess) That would
require api changes, though.

A dnsresolve call on each call is expensive, but we cache it, so it really isn't
that important. I just don't think that it solves the problem.

r=bbaetz on the 79057 part. Is FindProxyForURL reentrant? if so, won't the
dnsresolve call serialise everything? If not, r=bbaetz on that part too.
As I've said before, this is completely right -- I didn't fully realize that
this bug was *not* filed simply against the particular shortcoming of the PAC
code until the patch was already posted.

I'd love to fix the real failover problem, and maybe I'll try, but it's a more
ambitious effort and I need to spend more time with the code and probably
inspire a bit more trust with the network crew first.  I have half a mind at
this point to postpone the non-79057 bit but whatever, it does a little bit of
good at least.

I'll look into the reentrancy issue.

Upon further consideration and discussion I'm icing this patch until I or
someone else produces something monstrous to fix the underlying issue.  In the
short term it adds little (as it is much for likely for the proxy to be
unreachable rather than unresolvable), and in the long run it is of dubious
value and would quite possibly just be rewritten.

I'm splitting off the bug 79057 stuff and posting it there.  Sorry for all the
Keywords: patch, review
No longer blocks: 79057
working on this
Blocks: 91630
Attached patch the first patch proposal (obsolete) — Splinter Review
Woah.  This appears to also fix bug 91630 and a number bugs on feedback in error
cases.  It also includes the alert() code from bug 86846.

I don't know enough about the thread architecture yet to comment on the event
stuff just by looking at it.  I'll try the patch out to get more feedback.  In
the mean time, a couple things:

* Is there something better than an array for keeping track of the servers
(gNodeArray)?  This code is begging for some sort of hashing.

* What's up with this:

+            if (pac == '' ||"<TITLE>Not Found</TITLE>") != -1) {
+                //httpd can return <TITLE>Not Found</TITLE><H1>Not Found</H1>

Are the status/errorMsg params not enough?

* Rather than doing this to catch the error,

+            if ("FindProxyForURL") == -1) {

why not put a try block around the assignment

iirc, this will currently throw an exception if FindProxyForURL does not exist
or is not well-formed.)

and nits (not counting obvious debugging code, etc)...
- the regexp pattern "/\s* \s*/" should be "/\s+/"
- the if(!canDoFailover) block contains the typo "rerurn"
- the PACF_TYPE_SOCKS{,4,5} constants should be "socks{,4,5}" rather than
  "sock{,4,5}" (iirc -- nsProtocolProxyService.cpp appears to return "socks" in
  a similar situation)
- s/Cer/Cr/("CereateAndPostMainThreadEvent")
- var PACF_* should be const PACF_*

cool.  i'm very eager to try this out.
This feature is pretty important, so lets ask any heavy hitters we need for
help, like brendan.

Also, is there any reason why this patch is addressing several bugs?
tingley, thanks for the comments,
I would like to notice the patch is *FIRST DRAFT PROPOSAL I posted mostly for
backup reason.

>* What's up with this:
>+            if (pac == '' ||"<TITLE>Not Found</TITLE>") != -1) {
>+                //httpd can return <TITLE>Not Found</TITLE><H1>Not Found</H1>
as I said in comment client can get valid content, for example 
"the requested object does not exist on this server." from httpd and no
status/errorMsg is set. 
>why not put a try block around the assignment
> LocalFindProxyForURL=ProxySandBox.FindProxyForURL;
what is the reason to create new sandbox object from invalid source? 

No longer blocks: 86856
fix for spring release.  marking nsenterprise-.
Attached patch the patch #2 (obsolete) — Splinter Review
the patch#2 is actually workable patch, could you try to take a look on this, please?
some comments:

1- please add descriptive comments to each IDL method.

2- please put the nsHttpChannel code in a member function.
about the design:

is there any chance that the code for PAC failover can be handled at the socket
transport level completely instead of at the protocol level?  you may be able to
modify nsIProxyInfo to convey any necessary info down to the socket transport. 
why wouldn't such an approach be viable?
1&2 will be done.
I like the idea to handle  pac failover at socket transport level, but I'm not 
sure if it's possible to handle all JS dialogs on non ui thread? Any examples?
PSM launches dialogs from the socket thread... it probably involves
synchronously proxying the dialog invocation over the ui thread.
*** Bug 105419 has been marked as a duplicate of this bug. ***
>is there any chance that the code for PAC failover can be handled at the socket
>transport level completely instead of at the protocol level?
intuitively it feels like the socket transport level is an appropriate place to 
do so, and this is true for statically build pac failover list, but pac spec 
allows to change that list dynamically.
Here is one example how: 
function FindProxyForURL(url, host) {
 if (timerange(0, 0, 0, 0, 0, 30)) {//between midnight and 30 sec past midnight.
   return "PROXY proxy_0; PROXY proxy_1";
 else if (timerange(0, 0, 0, 0, 1,0)) {//between midnight and 1 min past
   return "PROXY proxy_2; PROXY proxy_3";
 else if (timerange(0, 0, 0, 0, 2,0)) { //between midnight and 2 min past
   return "PROXY proxy_4; PROXY proxy_5";
for the same arguments FindProxyForURL() returns different proxies depends on 
the current time, it means from socket transport level we should be able to make 
js call FindProxyForURL(url, host) to get new proxy info, but we know nothing 
about what url we are processing at this point.
So it looks to me the protocol level is the right palace to handle pac failover. 
Darin, what do you think, am I wrong?
right, plus you don't want to have to deal with the fact that the socket
transport is running on a background thread... sync proxying to the UI thread in
order to call JS code should be avoided.
darin, serge: The proxyinfo object passed down to the socket transport stuff was
designed to be extensible. All you have to do is add a next attribute to it, and
extend the internal PAC interfaces to return a list of values, and then you have
all the data you need in a linked list - no calls to js needed. I don't know how
to do an out array param in idl, though.
bbaetz: but serge was saying that he wanted to query the PAC file each time...
am i missing something?
AIUI, serge was saying that he needs to query PAC each time.we make a
connection. I'm claiming that whilst pac needs to be queried, it doesn't have to
be the socket transport thread which does the querying.

Note that the http proxy code would need to be tweaked, especially the "should
we reuse this connection" logic.

Then theres also the SOCKS fallback to http logic (or the other way arround),
where we run into the same problems wrt people QIing for an http channel if
we're doing ftp.
bbaetz: timerange() function from pac spec allows to build proxy list 
dynamically (se my example above),
so we have to call  FindProxyForURL() to get the current proxy list...
PAC is called (when enabled) every time a proxyinfo object is created. This
happens in NewChannelFromURI (usually). The proxy info is passed into the
sockettransport service. These proxyinfo structures are not cached by anyone.

Or are you saying that if we start connection at 29 seconds past midnight, and
fail at 31 seconds past midnight, we need call pac again to see if anything has
That is exactly what I'm trying to say,
well, of course in real life this is very rare situation,
but why we cannot assume that same ISP wouldn't do some sort of balance loading 
or shuts down their set of proxy servers and configure user's pac to handle 
failover depends on particular time?
Then tough. We get a list at the time we call PAC, and we need to try every
entry in that line. Thats why there are multiple entries - we should not call
PAC again; its just too confusing. I doubt ns4 did that, and I really don't see
the point. Its a _lot_ of additional complexity for 0 gain.

Think about it - if all proxy servers are down, would you just keep calling pac

I do agree that it will need code in at least the http protocol. Doing socks<->
http is going to be impossible though, w/o a wrapper channel which we've all
agreed (in other bugs) won't work.
I don't think the time-based features was ever intended to create this type of
tight control...

If someone tried to connect right before midnight, then failed over, and talked
to an offline proxy, it would not be a big deal. They would fail to connect.
They would say some choice words, hit reload, and then re-PAC, and get the new
(post-midnight) directives and connect.

A possilbe feature to correct this would be possible in PAC2, which would be
allow a reload() function that could be time based.
Attached patch serge's patch v2 (obsolete) — Splinter Review
Attachment #50336 - Attachment is obsolete: true
darin, bbaetz: could you take a look on attachment id 56789, thanks.
+        } else if (pac == '' ||"<TITLE>Not Found</TITLE>") != -1) {

Trying to sniff failure codes out of raw HTML is a bad idea.  Letting the js
parser validate the integrity/correctness of the PAC file (by calling
evalInSandbox()) is more heavyweight, but who cares?  It's an operation we only
have to do once (and if the PAC is valid, one we would have to do anyway), and
it will catch all sorts of things that string searches won't.
just try comment out
        }/* else if (pac == '' ||"<TITLE>Not Found</TITLE>") != -1) 
        } else  if ("FindProxyForURL") == -1) { //check if there is 
function FindProxyForURL()
and for unknown pac, but valid http://host after evalInSandbox() you will get 
something like:
"Error: syntax error
Source File: .....
Line: 211 Source Code:
<TITLE>Not Found</TITLE><H1>Not Found</H1> The requested object does not exist 
on this server. The link you followed is either outdated, inaccurate, or the 
server has been instructed not to let you have it."
Do you think this is an apropriate message for the end user, rather than 
So you need to check if its http and the http response code starts with a 2.
(Yes, doing it that wasy sucks). For other protocols, just assume success if you
get data back.

You should print a useful error message if the js engine fails to parse the
script, as well.

Don't do - let the js engine parse the file, and then check if
(FindProxyForURL in ProxySandBox). I tihnk that that will work.

I haven't had time to look at this patch in detail.
You are right, the new patch is following.
Attachment #56789 - Attachment is obsolete: true
Attached patch patch v3 (obsolete) — Splinter Review
Attachment #37708 - Attachment is obsolete: true
Attachment #41779 - Attachment is obsolete: true
Attachment #42177 - Attachment is obsolete: true
Attachment #46697 - Attachment is obsolete: true
Attachment #50182 - Attachment is obsolete: true
Attachment #50186 - Attachment is obsolete: true
No longer blocks: 91630
*** Bug 121732 has been marked as a duplicate of this bug. ***
Is there anything holding up the commit of the patch?  Is there anything that
I can do to speed up the commit?
This is a very nice to have feature. We need to get this fixed ASAP.
+helpwanted, mozilla1.0, nsbeta1.
serge, is there a reason you didn't nominate this for any of the post 6.2
milestones? Like mozilla 0.9.8, mozilla 0.9.9?
lack of review, and some internal reorg is keeping this bug untouched fro a long 
reassign this to gagan for properly assignment in necko team.
Assignee: serge → gagan
I believe the new owner for this code is in trudelle's team. Letting him make
the call on that. 
Assignee: gagan → trudelle
Assignee: trudelle → morse
nsbeta1- per Nav triage team.
Keywords: nsbeta1nsbeta1-
Target Milestone: --- → mozilla1.1alpha
+nsbeta again.

If you minus, please provide reason for nsbeta-. 

This is probably the most serious PAC bug.

This is a specified feature, and there is no workaround. If we don't support
this, we have to still test for handling multiple directives correctly, and a
couple other special conditions.

Historically, really large enterprise customers have selected PAC over manual
configs because it offers more reliable connectivity.
Keywords: nsbeta1-nsbeta1
QA Contact: pacqa → benc
This is only a problem if the primary server is not present, it works in the
overwhelmingly typical case.  Also, it is only an issue among enterprise
customers who use PAC, and we are not aware of any that consider this a
high-priority problem for MachV (if you know any, please cite them here).  It is
getting very late in the release cycle to be considering changes that have low
impact (severity X number of users), and a correct fix for this seems risky too.
 Finally, we have shipped a few times with this defect already.  Do you have
strong reasons why fixing this is critical for MachV?
This is a "chicken and egg" bug (some people think ALL bugs are this way, but
this one really is...)

The really big IT shops really like this feature. Even if PAC failover is needed
rarely, and is very slow (our Communicator failover was kind of sluggish), it
works. Every call from a down server costs money, esp. if your help desk is

Most really big IT shops will not consider using Netscape 6 unless it has
features like this, so they have not been complaining because they have not be
using it.

If the marketing is to sell to these big shops, I'm telling you now you want
this to work. When I supported PAC and Proxy server, I talked to NationsBank,
CSFB, Citicorp, Chase, JP Morgan, etc. (the names have changed, but you know
what I mean).

I don't see a lot of contributors that work for these organizations, so I've
either proven my point or completely missed the boat.

If we ship without this, expect this to be on the short list of things big
customers demand.

nsbeta1-, per Nav triage team. If they were demanding it, we'd plus.  cc
jhooker, will consider plus if he has strong demand from enterprise.
Keywords: nsbeta1nsbeta1-
I agree that this is a valuable bug to fix. Perhaps all that is needed is
someone verifying that Serge's patch is still valid and does work. Any volunteers?
Blocks: 142498
*** Bug 85656 has been marked as a duplicate of this bug. ***
cc'ing jhooker on this.  Jeff, please let us know whether or not this is 
considered essential for the enterprise folks.
PM chime in - this is considered essential for the enterprise deployments using PAC.
The patch v3 has bit-rotted -- specifically the "-80,52 +140,111" part of the 
patch for nsProxyAutoConfig.js.  Attaching a revised patch for just that one 
file.  Serge, can you check and see if the revised patch is still doing what 
your original patch did?

Also renominating for nsbeta1 based on jhooker's input (comment 69).
The patch v3 does not compile.  Specifically, mReloadPACURLCount is undefined.

Serge, can you post a new patch?
OK, reviving serge's patch is going to take much more work than I originally 
thought.  By his estimates, it would take about a week of work.  Therefore I 
don't see any way that this one can make it for Netscape 7.0.

That's unfortuante since the enterprise group has now indicated that this is 
I just talked with Jeff, and we agreed that this doesn't look like a good bet
for 7.0 at this point.  This will be important for enterprise customers who try
to deploy, but currently there are none, and it is doubtful that a large patch
with little/no immediate benefit will be allowed onto the branch the last week
before zarro boogs anyway.  We do expect this to be on the short list of fixes
that big enterprise customers will demand, and that will no doubt be a major
focus of the point release.  If anyone discovers how this can be fixed with less
work/risk, or finds a large customer who would deploy 7.0 except for this bug,
please renominate.
Target Milestone: mozilla1.1alpha → mozilla1.2alpha
Attaching much shorter and much safter patch.  It doesn't do everything that 
serge's patch did, such as putting up dialogs.  But it does do the failover, and 
that's what this bug report is all about.  And this patch has a better chance of 
being approved at this late date.

A significant difference between this patch and serge's is that the way I keep 
track of which retry I am up to is by adding a ProxyRetryCount field to the 
ProxyInformation.  Also I've added an mProxyRetryCount member to nsHttpChannel 
for the same reason.  This way I don't have to keep a node structure in 
nsProxyAutoconfig.js to maintain this state.  That was a substantial 

Most of the changes in this patch are simply to account for this extra 
ProxyRetryCount member.  The actual changes to handle the failover itself are 
relatively small.

Renominating for nsbeta1 in the hopes that we can still get this in for Mach V.
Keywords: nsbeta1-nsbeta1
Attachment #57049 - Attachment is obsolete: true
Attachment #87136 - Attachment is obsolete: true
Comment on attachment 87761 [details] [diff] [review]
simpler patch that does just failover and nothing more

r=caillon (from morse's computer) with a few changes that I had him make. 
darin or someone in necko should probably sr= this.
Attachment #87761 - Flags: review+
Attachment #87761 - Attachment is obsolete: true
Comment on attachment 87765 [details] [diff] [review]
same patch but with minor changes per caillon's review

r=caillon, carried forward from previous patch
Attachment #87765 - Flags: review+
Comment on attachment 87765 [details] [diff] [review]
same patch but with minor changes per caillon's review

This code hooks into http. What about fallover involving socks proxies or even
DIRECT, which is often the last thing on the list? How will/can that be

Fallover from http->direct/socks with an ftp url, using this code, will end up
really confusing things, because the http protocol handler can't deal with
those, unless there is an http proxy involved.

Also, you can't have ProxyForURL requery the PAC js file, because the PAC file
could switch over based on the time of the day, or teh destination IP (think
roundrobin DNS) The entire string needs to be stored in the proxy info as an
array, then your requery code can just iterate through that.

I realise that we want a quick fix, and that those issues won't affect the vast
majority of installations, so long as you file a new bug, the only thing which
needs to be fixed is not doing fallback from an HTTP proxy to SOCKS or none if
the url type is not http/https AND you test fallback from http to none with,
say, and ftp url.

Do file a bug on the rest, though.
Attachment #87765 - Flags: needs-work+
Yes, you are correct that we are looking for a quick fix here.  Can you modify 
the existing patch (or post a new one) that also does the HTTP SOCKS failover 
and tests for non http/https.  Without someone posting a better patch quickly, 
we either go with this one now or we get nothing.

jhooker, what are your feelings about the functionality in the existing patch?  
Would this be better than nothing for the existing enterprise customers?
> This code hooks into http. What about fallover involving socks proxies or
> even DIRECT, which is often the last thing on the list? How will/can that
> be handled?

DIRECT is handled by the current patch.
I'm not really set up to do this ATM, or even to test (uni exams/assignments)

Does the patch handle an ftp url, where the pac file returnes:

PROXY some-unknown-host:1234, DIRECT

? If it does, then thats ok, but I see nsHttpChannel::ProxyPACFailover
explicitly calling NewProxiedChannel on nsHttpHandler::get(), and that won't
work for ftp. You should either a) be calling nsIIOService::getProtocolHandler,
(special casing http), then trying to QI to nsIProxiedProtocolHandler, or b) add
a newChannelWithProxyInfo method to the io service, and call that (factoring the
current NewChannelFromURI stuff out)

b) is cleanest and simplest, it already handles the special cases for you. You'd
change the nsIIOService code like this (uncompiled/untested):

nsIOService::NewChannelFromURI(nsIURI *aURI, nsIChannel **result)
    nsresult rv;
    NS_TIMELINE_MARK_URI("nsIOService::NewChannelFromURI(%s)", aURI);

    nsCOMPtr<nsIProxyInfo> pi;
    rv = mProxyService->ExamineForProxy(aURI, getter_AddRefs(pi));
    if (NS_FAILED(rv)) return rv;

    return NewProxiedChannelFromURI(aURI,pi,result);

nsIOService::NewProxiedChannelFromURI(nsIURI* aURI, nsIProxyInfo* pi, nsIChannel
**result) {
    nsCAutoString scheme;
    rv = aURI->GetScheme(scheme);
    if (NS_FAILED(rv)) return rv;

    nsCOMPtr<nsIProtocolHandler> handler;

    if (pi && !strcmp(pi->Type(),"http")) {
        // we are going to proxy this channel using an http proxy
        rv = GetProtocolHandler("http", getter_AddRefs(handler));
        if (NS_FAILED(rv)) return rv;
    } else {
        rv = GetProtocolHandler(scheme.get(), getter_AddRefs(handler));
        if (NS_FAILED(rv)) return rv;

    nsCOMPtr<nsIProxiedProtocolHandler> pph = do_QueryInterface(handler);

    if (pph)
        rv = pph->NewProxiedChannel(aURI, pi, result);
        rv = handler->NewChannel(aURI, result);

    return rv;

Which, apart from getting the scheme after the proxy info, rather than before,
is literally just adding a closing brace and a method declaration.

However, I know darin wanted to move this stuff out of the ioservice a bit, into
the protocolproxyservice, and even had a patch to do so. Not sure if this would
meet with his approval - he may want NewProxiedChannelFromURI there, but thast
just cut and paste in any event.

Comment on attachment 87765 [details] [diff] [review]
same patch but with minor changes per caillon's review

>Index: netwerk/protocol/http/src/nsHttpChannel.cpp

>+    // PAC failover stuff (mProxyRetryCount of -1 means no more proxies to try)
>+    if ((status == NS_ERROR_UNKNOWN_HOST || status == NS_ERROR_CONNECTION_REFUSED ||
>+            status == NS_ERROR_NET_TIMEOUT || status == NS_ERROR_NET_RESET) &&
>+            (mProxyRetryCount != -1) && mConnectionInfo->UsingHttpProxy()) {
>+        if (NS_SUCCEEDED(ProxyPACFailover(++mProxyRetryCount))) {
>+            // pac created new channel so don't propogate error status
>+            // to current channel's listener
>+            status = NS_OK;
>+        }
>+    }

code like this actually needs to live in nsHttpChannel::OnStartRequest.  you
to check the status of the transaction in OnStartRequest and suppress sending
mListener->OnStartRequest until you have made a successful proxy connection. 
is your patch results in multiple OnStart/OnStop request notifications, and
will cause all sorts of chaos in docshell land.

i have some ideas about how to solve this bug, and i think we need to have a
design meeting to come up with the best solution.  hacking HTTP like this will
work for HTTP proxies, but it doesn't help other proxy consumers.  i think we
should spend some time and explore other solutions.  we still have time...
not rush in a partial solution, ok?

morse: can we meet this monday to discuss this bug?
PM chime in - per steve's comment (Attaching much shorter and much safter patch.
 It doesn't do everything that serge's patch did, such as putting up dialogs. 
But it does do the failover, and that's what this bug report is all about.  And
this patch has a better chance of being approved at this late date.) it sounds
as if this patch would be of value to the customer base. If a particular feature
does not work as expected it makes it difficult to get past the evaluation stage
to be even considered for deployment. Again, the summary (does do the failover)
sounds like a valuable resolution.
Adding nsbeta1+ and [adt2 rtm] per nav triage team.
Keywords: nsbeta1nsbeta1+
Whiteboard: [adt2 rtm]
Blocks: 152663
reassigning to darin who said he might have time to do some work on it.
Assignee: morse → darin
actually, i'm going on vacation tomorrow and won't be able to look at this until
mid-july.  how critical for RTM is this?
*** Bug 154575 has been marked as a duplicate of this bug. ***
->morse (per darin's comments)
Assignee: darin → morse
reassigning to darin at his suggestion.
Assignee: morse → darin
Whiteboard: [adt2 rtm] → [adt2 rtm], pac
future (until we find a real PAC owner or until i find time)
Target Milestone: mozilla1.2alpha → Future
*** Bug 167491 has been marked as a duplicate of this bug. ***
batch: adding topembed per Gecko2 document
Keywords: topembed
*** Bug 169128 has been marked as a duplicate of this bug. ***
removed jhooker from cc: list
Changing from topembed, to embed, as this is not currently blocking a major
embedding customer.
Keywords: topembedembed
Keywords: mozilla1.0
Target Milestone: Future → ---
Blocks: 125875
-> moz 1.3 beta
Severity: critical → major
Priority: P1 → P3
Target Milestone: --- → mozilla1.3beta
Coming here from bug #79893 :

In a related incident to comment #13:

Our proxy.pac file is loaded as:
http://internal.server/path/proxy.pac (pretty generic)

function FindProxyForURL(url, host)
    if (dnsDomainIs(host,"internal")) {
        return "DIRECT";
    } else

     if (isInNet(myIpAddress(),"","")) {
        return "PROXY proxy1.internal:3128; PROXY proxy2.internal:3128; DIRECT";
     } else
       return "DIRECT";

In this file I respect the specs with host:port.

Mozilla 1.2b behaviour:
always uses DIRECT.

*** Bug 190068 has been marked as a duplicate of this bug. ***
*** Bug 190053 has been marked as a duplicate of this bug. ***
flagged for 1.3b.
Need to know if this is planned for 1.3b so I can start working on testcases.

Deferral to 1.3f is fine from a testing and feature perspective, but waiting for
1.4 is probably too much, because it would miss a lot of 1.3 branch based products.
Flags: blocking1.3b?
Summary: PAC: Failover does not work. → PAC: Failover does not work
no plan to work on this for mozilla 1.3.  maybe during the 1.4 cycle.
Target Milestone: mozilla1.3beta → mozilla1.4alpha
Flags: blocking1.3b? → blocking1.3b-
I agree strongly with Comment #102: "Deferral to 1.3f is fine from a testing and
feature perspective, but waiting for 1.4 is probably too much, because it would
miss a lot of 1.3 branch based products."

Please maintain the 1.3f target.

*** Bug 192604 has been marked as a duplicate of this bug. ***
*** Bug 190086 has been marked as a duplicate of this bug. ***
might still happen for 1.4 ...
Target Milestone: mozilla1.4alpha → mozilla1.4beta
Same here.

I can't speak for the enterprise corporation I work for, other than I'm a
Unix/Network sysadmin for about 3000 hosts (500 users) in a division of said

Corporate (central) IT has asked us to use/implement the official proxy.pac
autoconfiguration script since they use it seamlessly on all of their windows/IE
boxes to handle failover between our different sites - and this is their method
  to handle seamless proxy/firewall upgrades for end customers.

Example autoconfiguration script:

function FindProxyForURL(url, host)

// blah blah blah - filtered out but here's the sticker

return proxyPath;

So when upgrades to MIDWESTPROXY happen all windows/IE users bounce
automatically to WESTCOASTPROXY; all unix/mozilla users that I support have to
reset their proxy to MANUAL and choose WESTCOASTPROXY.

I'd really like to see this happen...

Blocks: 200456
Severity: major → enhancement
Priority: P3 → P2
Thanks for the great work! The flurry of 1.4 related activity over the past few
weeks is impressive. 

I see 80918 (Proxy: "No Proxy for:" does not support ip address wildcards) was
checked in yesterday. Can this bug (PAC failover) also be prioritized for 1.4b? 

Either way, given the number of other Mozilla 1.4 fixes and enhancements, we
will likely deploy it (or a Mozilla 1.4 based Netscape release) corporately.
Attached patch v2 patch (obsolete) — Splinter Review
this patch is a work in progress.  i've taken a simpler route i think.	instead
of querying the PAC component multiple times, i query it once and build up a
list of nsIProxyInfo objects.  each has an owning reference to the next.  this
meant moving the PAC string parsing into nsProtocolProxyService.

the HTTP code picks up errors in OnStartRequest and tries to failover to the
next nsIProxyInfo.  if there isn't a next nsIProxyInfo, then i try a direct
connection (note: this will happen even in the case of manual proxy
configuration, which is i think a nice feature).  the HTTP code creates a new
channel and does a "load replace" ... this patch just copies code from the 3xx
redirect code.	the two code paths should overlap to avoid duplicate code.

finally, it might be good to remember failures somewhere... probably
nsProtocolProxyService, but that'll require a method call from the HTTP code. 
i might add a "MarkFailed" method on nsIProxyInfo.  the implementation of that
interface could then add something to a global hash table to remember the
failure.  we could expire these remembered failures after some interval (maybe
10 seconds or 1 minute or something progressive).

anyhow, with a little bit of cleanup, this patch should be good for 1.4 beta.
Attachment #87765 - Attachment is obsolete: true
Attached patch v2.1 patchSplinter Review
revised patch.	this one is ready for reviews.	changes include:

1- no longer automatically failover to direct connections.  only do this if
explicitly given in the PAC file.  a number of reasons why this is good: a)
compatible with expectations, b) DIRECT could appear between PROXY decls, c)
failover to DIRECT may not be desirable, d) messes up proxy error reporting..
we end up reporting the last error, which would be errors to directly connect. 
enough reasons to not go there right now IMO.  later on we could add a pref to
always failover to DIRECT.

2- don't bother remembering failures.  i think it would be best to get the
basic functionality in place first, and then go back and add this part later.

3- merged ProcessRedirection and ProxyFailover code.  created new helper method
on nsHttpChannel called SetupReplacementChannel.
Attachment #120339 - Attachment is obsolete: true
Comment on attachment 120546 [details] [diff] [review]
v2.1 patch

bbaetz: can you please review this patch.  i think you'll find it fairly
straightforward.. just please check out my previous comments outlining the
changes.  thx!
Attachment #120546 - Flags: review?(bbaetz)
Comment on attachment 120546 [details] [diff] [review]
v2.1 patch

Yeah, don't fall back to DIRECT. Lots of organisations block direct access, and
those which don't will list it at the end.

This looks fine, but I'm really not in a position to test now, and won't be for
the next couple of weeks at least.
bbaetz: hrm.. i have tested this fairly well.. if you have suggested tests for
this bug, could you please list them here.  i can then run your tests =)
Attachment #120546 - Flags: superreview?(alecf)
Attachment #120546 - Flags: review?(dougt)
Attachment #120546 - Flags: review?(bbaetz)
Comment on attachment 120546 [details] [diff] [review]
v2.1 patch

this all looks fine to me. I don't know if I'm really much of an expert here
but it looks like the meat of this is SetupReplacementChannel and 
ProxyFailover, both of which seem fine. My only question would be if  we
already had some kind of code for replacing a channel that we could leverage

oh, one nit:

+    if (httpChannel) {
+	 if (preserveMethod) {
+	     if (mUploadStream) {

+		 }
+	     }
+	     // must happen after setting upload stream since SetUploadStream
+	     // may change the request method.
+	 }

can we combine some of that if() logic, to reduce indentation here?

sr=alecf with that.
Attachment #120546 - Flags: superreview?(alecf) → superreview+
alecf: yeah, i think actually i can get rid of maybe two levels of indentation.
Comment on attachment 120546 [details] [diff] [review]
v2.1 patch

nit: f you going to add your name AND gagan's name to the
nsIProxyAutoConfig.idl file, you should also add the rest of the contributors.

nit: indent your case's:
+    switch (len) {
+    case 5:

looks fine to me.
Attachment #120546 - Flags: superreview?(alecf)
Attachment #120546 - Flags: superreview+
Attachment #120546 - Flags: review?(dougt)
Attachment #120546 - Flags: review+
fixed-on-trunk :-)
Closed: 21 years ago
Resolution: --- → FIXED
FYI: to resolve this bug, I'm going to do a two-PROXY run.

I'll eventually add tests for greater than two, as well as multiple directive
Attachment #120546 - Flags: superreview?(alecf) → superreview+
This check-in have added a warning on Brad TBox:

+ `const char*hostEnd' might be used uninitialized in this function
Aleksey: thanks!  (fortunately, not a real bug.)
*** Bug 204598 has been marked as a duplicate of this bug. ***
*** Bug 205798 has been marked as a duplicate of this bug. ***
Bug does not seem to be fixed. My Mozilla 1.4b refuses to load proxy.pac file 
from remote http server. Reload button does not do it either. Actually it seems 
that Reload button does nothing. Not to say that if I enter incorrect URL and 
click Reload button it just does not warn me about. When I downgrade to Mozilla 
1.3 everything works fine excluding the failover. 

Anybody else with similar problem ? Could it be that I upgraded from 1.3 to 
1.4b ? May be clean install is needed ?
Hristo: yes, a fresh install is required.  bug 205514 tracks the problem you're
VERIFIED: all plats, Mozilla 1.4b

I'm updating the testcases and working through the releated bugs as well.

I've filed bug 207633 for the remaining issues about failover behavior (failover
is not stateful, it doesn't remember that a server was unavailable, so it has to
have a connection error and then failover every time PAC is called).

This bug has gone through two or three design cycles, and has enough drift about
the expected behavior to confuse most people.

If you have a problem post 1.4b, please look for duplicates and file a new bug
if needed.
QA Contact: benc → pacqa
Summary: PAC: Failover does not work → PAC: Failover (multiple return values for FindProxyforURL)
You need to log in before you can comment on or make changes to this bug.