http-bastard:			-*- indented-text -*-


We can expect people to play all kinds of stupid tricks against rproxy
when it's running on public or semi-public servers.  Therefore:

 * we need to audit and clean up the code
 
 * it needs to protect against mistaeks: setuid/chroot operation

 * we need to thoroughly test it

In particular, we need to test that it copes with perverse requests,
whether they comply with the HTTP RFC or not.  Are there already tools
to do this?  Perhaps.

What kind of things can we do?  All these can occur in either requests
or responses

 * misshapen requests of various types

   * long URLs or other input

   * illegal characters 

   * zero-length parts

   * strange whitespace

   * unterminating requests (trying to fill up disk?)

 * connection bastardry

   * holding connections open for a long time at various stages

   * dropping connections at unexpected times

   * strange fragmentation

   * OOB / urgent data and sockopt type stuff (will this bother us?)

 * races between processes

The observables are:

 * whether the server crashes/hangs

 * whether invalid requests are detected

 * whether the complete resulting page is returned

 * performance

This could be a pretty useful testing tool even outside of rproxy: we
can run it against NT, Apache, Apache 2.0 and so on.