Amos Jeffries [Fri, 1 Mar 2013 10:58:07 +0000 (03:58 -0700)]
Bug 3753: Removes the domain from the cache_peer server pconn key
Under the squid-3.2 pconn model the IP:port specifying the destination
are part of the key and can be used to strictly filter selection when
locating pconn. This means the domain is no longer a necessary part
of the key.
Squid using cache_peer can see a large number of wasted idle connections
to their peers due to the key domain value if the peer hostname is not
substituted properly. There is also a similar affect when contacting
servers with virtual hosted domains.
Also bug 3753 was located with peer host and name= values being used
inconsistently as the domain marker. Resulting in failed pop()
operations and extra FD usage.
This has been tested for several months now with only socket usage
benefits seen in several production networks.
NOTE: previous experience some years back with pconn has demonstrated
several broken web servers which assume all requests on a persistent
connection are for the same virtual host. For now this change avoids
altering the behaviour on DIRECT traffic for this reason.
Amos Jeffries [Sat, 16 Feb 2013 02:26:31 +0000 (19:26 -0700)]
Bug 3686: cache_dir max-size default fails
If some cache_dir are configured with max-size and some not the default
maximum_object_size limit fails.
This refactors the max-size management code such that each SwapDir always
has a value maxObjectSize(). This value is calculated from the SwapDir
local setting or global limit as appropriate.
The global maximum_object_size directive is migrated to simply be a default
for cache_dir max-size= option.
The global store_maxobjsize variable is altered to be the overall global
limit on how big an object may be cache by this proxy. It now takes into
account the max-size for all cache_dir and cache_mem limitation.
NP: The slow accumulation of these and earlier changes means Squid no
longer immediately caches unknown-length objects. The unit-tests are
therefore changed to test using explicit 0-length objects to ensure the
test is on a cached object not bypassing the apparently ested logic.
They are also provided with a large global store_maxobjsize limit in order
to do a weak test of the SwapDir types max-size in the presence of other
larger cache_dir or maximum_object_size settings.
Alex Rousskov [Fri, 15 Feb 2013 09:36:03 +0000 (02:36 -0700)]
Bug 3752: objects that cannot be cached in memory are not cached on disk if cache_dir max-size is used.
This fix contains four related changes:
1) When fixing "trimMemory for unswappable objects" (trunk r11969), we
replaced swapoutPossible() with swappingOut()||mayStartSwapOut() but missed
the fact that swapoutPossible() had "possible now" semantics while
mayStartSwapOut() has "may start now or in the future" semantics. When all
cache_dirs had max-size set, mayStartSwapOut() returned false for objects of
unknown size and even for smaller-than-maximum but not-yet-received objects,
despite the fact that those objects could be swapped out later.
That false mayStartSwapOut() result allowed maybeTrimMemory() to trim those
objects memory and mark the objects for release, preventing their subsequent
disk caching.
2) To fix (1) above, mayStartSwapOut() had to return true for not-yet-received
objects of unknown size. However, returning true is correct only if no
subsequent check can return false. Thus, we had to move all lower/later checks
that could return false up, placing them before the maximum-of-all-max-sizes
check.
3) Once (2) was done, the end of mayStartSwapOut() had (a) a loop that could
return true while setting decision to MemObject::SwapOut::swPossible and (b)
an unconditional code that did ... the same thing. Thus, the loop could no
longer change the method outcome. The loop also had a lot of doubts and XXXs
attached to it. We removed it. If that loop is needed, it is needed and must
be resurrected elsewhere.
4) Since mayStartSwapOut() returns true if swapout is possible in the future
(but not necessarily now), we cannot rely on its return value to initiate
swapout code. We need to test whether swapout.decision is swPossible instead.
Alex Rousskov [Sat, 9 Feb 2013 06:44:36 +0000 (23:44 -0700)]
Make squid -z for cache_dir rock work like UFS instead of like COSS.
Also, Polish -z documentation and cache.log reporting.
When a startup script runs squid -z by mistake against a cache_dir that is
already initialized and full of cached entries, some admins prefer that
nothing happens. Rock store now skips reinitialization if both the cache_dir
directory and the db file in that directory exist. If one or both are missing,
the missing pieces are created.
UFS does something similar because it creates missing L1 and L2 directories
but does not erase any entries already present in the cache_dir path. COSS,
OTOH, re-initializes the existing db. Rock behavior will now be closer to UFS.
To clean a corrupted cache_dir, the admin must remove its top-level directory
before running squid -z.
Squid now logs "Creating missing swap directories" instead of "Creating Swap
Directories", and our documentation now reflects the "if missing" part of the
-z algorithm.
Also documented that recent Squid versions run -z in daemon mode (so that SMP
configuration macros continue to work).
Amos Jeffries [Sat, 9 Feb 2013 06:38:09 +0000 (23:38 -0700)]
Bug 3515: crash in FtpStateData::ftpTimeout
Since revision squid-3.2-11174 restructured teh TCO connection handling
in FTP the data connection has had separate 'opener' connection.
Meaning the conn->fd state is always NULL when the setup times out.
This cleans up the data connection opener state and allows the error
message generation to take place.
Alex Rousskov [Sat, 9 Feb 2013 06:36:36 +0000 (23:36 -0700)]
Fixed several ConnOpener problems
... by relying on AsyncJob protections and comm_close(), while maintaining a
tighter grip on various I/O and sleep states.
Problems addressed:
* Connection descriptor was not closed when attempting to reconnect after
failures. We now properly close on failures, sleep with descriptor closed,
and then reopen.
* Timeout handler was not cleaned up properly in some cases, causing memory
leaks (for the handler Pointer) and possibly timeouts that were fired (for
then-active handler) after the connection was passed to the initiator.
* Comm close handler was not cleaned up properly.
* statCounter.syscalls.sock.closes counter was not updated on FD closure.
* Waiting pending accepts were not kicked on FD closure.
* Connection timeout was enforced for each connection attempt instead of
applying to all attempts taken together.
and possibly other problems. The full extent of all side-effects of mishandled
race conditions and state conflicts is probably unknown.
Alex Rousskov [Fri, 1 Feb 2013 04:56:07 +0000 (21:56 -0700)]
Bug 3111: Mid-term fix for the forward.cc "err" assertion.
The assert is triggered when a close handler for the server connection
destroys FwdState before we have received anything from the origin
server.
Instead of asserting, we now respond with a 502 (Bad Gateway)
ERR_READ_ERROR.
That error seems the most appropriate single choice among available
ones, but
it may be misleading (in access.log) when the close handler was called
due to
client problems. Hopefully, another error will be logged in most of
those
cases.
Amos Jeffries [Mon, 28 Jan 2013 11:45:07 +0000 (04:45 -0700)]
Bug 3732: Fix ConnOpener IPv6 awareness
When updating IPv6 support for split-stack one USE_IPV6 wrapper was
omitted conversion to the EnabledIpv6 stack auto-detect mechanism.
This resulted in IPv6 addresses being mis-converted on split-stack
systems or with IPv6 disabled in the kernel and --enable-ipv6 built.
The visible symptom is "assert(FALSE)" in Ip::Address::GetAddrInfo().
Amos Jeffries [Mon, 28 Jan 2013 11:41:04 +0000 (04:41 -0700)]
Initialize mem_node fully
Experience in squid-2.7 shows that with MemPools use of malloc instead
of calloc mem_node requires full initialization in order to get accurate
memory accounting.
Alex Rousskov [Mon, 28 Jan 2013 11:29:16 +0000 (04:29 -0700)]
Fix "address.GetPort() != 0" assertion for helpers on FreeBSD (at least).
The order (or set of?) #include files used by src/ssl/helper.cc (and
probably by other helper source files) has changed recently, exposing a
defines.h dependency on sys/socket.h where that system header is
required to define AF_UNIX. With AF_UNIX incorrectly undefined,
IPC_STREAM was set to IPC_TCP_SOCKET instead of IPC_UNIX_STREAM, and
helpers that do not have a notion of a listening port, were trying to
create communication sockets using TCP streams, triggering a "must have
a port" assertion in comm_connect_addr() called from ipcCreate().
TODO: Moving IPC_* defines into an IPC-specific header file may be a
better solution then exposing all defines.h users to sys/socket.h.
Amos Jeffries [Mon, 28 Jan 2013 11:25:34 +0000 (04:25 -0700)]
WCCP: Fix memory leak in mask assignment, improve debuggsing.
* Release temporary weight array allocated on each HERE_I_AM packet sent
by Squid. For mask assignment these were not released properly and may
build up to a significant size of memory over time.
* Add debug traces to send() events to report failures sending packets
* Also, on HERE_I_AM event send() failure, reduce the timeout to 2sec
for the retry in a crude attempt to prevent router state flapping.
* Silence compiler warnings on use of connect() to disconnect a socket.
Inconsistent OS behaviour makes the result useless in this case.
Amos Jeffries [Mon, 28 Jan 2013 09:59:18 +0000 (02:59 -0700)]
Fix memory leaks in ICMP
InitAddrInfo() and GetAddrInfo() both allocate addrinfo structs which
must be freed by FreeAddrInfo(). Several places in ICMP were not doing
that free step.
Detected by Coverity Scan. Issues 740434, 740435, 740436, 740437.
Amos Jeffries [Wed, 9 Jan 2013 00:14:43 +0000 (17:14 -0700)]
Bug 3731: TOS setsockopt() requires int value
FreeBSD is confirmed errors on 8-bit variable size. Other BSD are
documented in a way that implies they do as well, although not at this
stage confirmed to be failing.
Linux seems to be the only confirmed system working with 8-bit size sent
to setsockopt(). So we revert this to 'int' (32-bit or 64-bit) as was
working in Squid 3.1.
Amos Jeffries [Sun, 2 Dec 2012 21:25:28 +0000 (14:25 -0700)]
Bug 3698: Add missing include to xstrerror.h
later versions were fixed as poart of trunk rev.12290 which added a lot
of errno.h includes. However all that is needed is this one to pull it
in through libcompat headers which cover all .cc.
xstrerror.h is the right place to add the include because it is the place
presenting a macro inlining the dependency.
Amos Jeffries [Fri, 30 Nov 2012 13:38:38 +0000 (06:38 -0700)]
Treat no-cache as must-revalidate in Authentication
Wrapped as a violation because this operation is off-spec.
CC:no-cache was omitted from the HTTP spec apparently on grounds that
changing its caching effects on authentication would come as a surprise.
The actual operation is safe enough to use when parameterless no-cache
is treated strictly as an alias for must-revalidate (as done by Squid now).
Amos Jeffries [Fri, 30 Nov 2012 13:34:49 +0000 (06:34 -0700)]
Fix several buffer termination bugs
* strcpy() replaced in several places with strncpy() to ensure destination
buffers are not overflowed.
* strncpy() does not nul-terminate the destination when the string being
copied in exactly fills the buffer. Ensure we have terminated strings
where it may matter.
Detected by Coverity Scan. Issues 740309, 740310, 740311, 740481, 740483
Amos Jeffries [Fri, 30 Nov 2012 13:31:52 +0000 (06:31 -0700)]
Remove MemPoolChunked::memPID
This member variable appears to have been missed when MemPool was split
into generic framework and specific Chunked implementation.
(rev:10513.1.1 aka trunk rev:10517)
The memPID and its maintenance code was moved into MemImplementingAllocator
but this definition left here un-initialized and shadowing the framework
member.
Amos Jeffries [Fri, 30 Nov 2012 13:31:18 +0000 (06:31 -0700)]
negotiate_kerberos_auth: better bounds checking
* sysconf() may return -N values on some platforms or values larger than
the hard-coded 1024 buffer size for hostname. Use sizeof() instead
since the buffer is hardcoded anyway.
* also, use return instead of exit() on the test binary to reduce
warnings from static analysis compilers.
Amos Jeffries [Fri, 30 Nov 2012 13:18:30 +0000 (06:18 -0700)]
ntlm_fake_auth: Fix nesting error
Broken macro wrapping leads to the fake authenticator sending bad
responses to Squid. This can ead to users being rejected by the fake
helper whose purpose is to accept everything.
Amos Jeffries [Thu, 29 Nov 2012 11:20:18 +0000 (04:20 -0700)]
Various memory leaks in configuration parsing
This lot are all small issues derived from allocating new memory and
assigning to a pointer already pointing at previous allocation, or
passing xstrdup() output to a caller which does not directly hold the
passed memory.
Both cases will disappear once we clean up the string handling in Squid
but for now these still need fixing to avoid leaking memory.
Detected by Coverity Scan. Issues 740430, 740432, 740439.
Amos Jeffries [Thu, 29 Nov 2012 11:17:11 +0000 (04:17 -0700)]
Fix various assertion with side effects
When compiled with high optimization and assert disabled these operations
would have disappeared. The side effects being:
* Disk I/O failure protection disabled. Allowing loops in diskd write.
* squidpurge error handling on command line parse gone. Causing segfault.
* squidpurge 'I am Alive' ticker feature cease working.
Detected by Coverity Scan. Issues 740299, 740300, 740301, 740302, 740303
Amos Jeffries [Mon, 26 Nov 2012 08:35:13 +0000 (01:35 -0700)]
digest_edirectory_auth: improved error handling
Malicious response from LDAP server can cause squid helper to crash.
Missing realm value returned from LDAP without error/missing value being
indicated in the response can lead to strcmp() using a NULL pointer.
Extremely unlikely to happen in practice, but worth fixing.
Bug 3405: ssl_crtd crashes failing to remove certificate
- Try to update the index file in all cases the database modified
rows. Currently we are using the new operator.
- The find operator in database should not modify the database. Currently
if an entry is expired, ssl_crtd removes the cert file but does not
update the index file.
- Fix a small memory leak when remove entries from database: A row object
removed from TXT_DB indexes but never released.
This patch:
* Use OPENSSL_malloc and OPENSSL_free to allocate/release memory for
TXT_DB rows. OpenSSL SDK assumes that always allocated using these
functions.
* Add code in Ssl::CertificateDb::Row destructor to correctly release
a TXT_DB row.
* Add the sq_TXT_DB_delete and sq_TXT_DB_delete_row functions which
removes a row from TXT_DB indexes.
Amos Jeffries [Tue, 6 Nov 2012 12:45:17 +0000 (05:45 -0700)]
Bug 3677: Port un-pinning logic changes from 3.3
Several design changes have been made to pinning in 3.3. One of them
added a safety check to proect close handler removal in the event that
the server connection was already closed.
This ports that protection from 3.3 and fixes at least one code path
leading to bug 3677 assertions.
Amos Jeffries [Sun, 28 Oct 2012 09:54:40 +0000 (03:54 -0600)]
Remove 'Bungled' warning on missing component directives
* Make Squid display a ERROR notice and ignore squid.conf directives
which belong to components disabled at build time instead of throwing
up 'FATAL: Bungled' message and aborting.
* Polish the 'requires X' message text for better display of cases like
'requires MS Windows' and 'requires Linux'
* Add 'requires X' message for --enable-auth, --enable-eui, and
--enable-ssl-crtd which were missing.
* Add debug 'filename' for if-none and postscriptum logging
Amos Jeffries [Sat, 20 Oct 2012 12:32:21 +0000 (06:32 -0600)]
Remove the refresh_pattern ignore-no-cache option
With the HTTP/1.1 Cache-Control:no-cache compliance upgrade this option became
obsolete. Its main use-case was to force caching of responses which contained this
control. Revalidation is now happening and no-cache objects are cached by default.
The one remaining effect of ignoring no-cache is to prevent no-cache from allowing
authenticated responses being cached. Which is the opposite of its usually expected
result and allowing that change of behaviour would be counter productive.
Amos Jeffries [Sat, 20 Oct 2012 10:07:11 +0000 (04:07 -0600)]
HTTP/1.1: Cache-Control compliance upgrade
trunk rev 11361 converted Cache-Control header from using a single mask
bitmap (shared by request and response) to separate CC header objects in
the request response. This conversion contained several regressions like
the one bug 3670 reports.
This patch:
* documents HttpStateData::cacheableReply() clarifying the overall
method action and what each individual check it doing.
* resolves several visible regressions, including bug 3670.
* extends the caching to handle the "no-cache" controls as per HTTP/1.1
(MAY store, but MUST revalidate before use).
* extends the caching for several lesser known cases of "MAY store"
exemptions handling authenticated transactions.
* removes an old hack handling Pragme:no-cache (undefined in HTTP/1.1)
One side effect of now caching transactions utilizing "no-cache" is that
hacks around Pragma:no-cache are reduced to only having any effect when
Cache-Control is absent. Reducing their performance cost. And now require
--enable-http-violations is built in since HTTP/1.1 states that
response Pragma are not defined and thus SHOULD be ignored.