This uses the include ordering sort script to enforce blocks of include
statements being in alphasymbolic order with squid.h at teh top if it is
present.
Amos Jeffries [Sun, 13 Oct 2013 17:55:11 +0000 (10:55 -0700)]
Add cache_miss_revalidate
Port of 2.7 ignore_ims_on_miss directive.
This on/off switch enables Squid to convert conditional requests from
clients to non-conditional fetches that can fill the cache faster under
cold-start conditions.
Alex Rousskov [Mon, 14 Oct 2013 20:11:13 +0000 (14:11 -0600)]
Bug 3480: StoreEntry::kickProducer() segfaults in store_client::copy() context
Short-term fix: Lock StoreEntry object so that it is not freed by
storeClientCopy2() callbacks. Also lock StoreEntry in storeUnregister()
context because an aborting entry may be deleted there unless it is
double-locked.
See bug 3480 comment #27 for detailed call stack analysis. Additional cases
include rejected copied HIT due to Var mismatch and hits blocked by
reply_from_cache directive (under development; see bug 3937).
Long-term, we need to make store copying asynchronous and revise StoreEntry
locking approach.
Amos Jeffries [Wed, 9 Oct 2013 14:04:57 +0000 (08:04 -0600)]
Fix CBDATA_CLASS2 macro definition
CBDATA_UNKNOWN was being used in place of a void no-op statement.
This was incorrect and useless. Now that the value definition is fixed
it is being picked up by the stricter compilers.
Replace the trinary conditional with an if-statement.
Amos Jeffries [Wed, 9 Oct 2013 14:02:57 +0000 (08:02 -0600)]
Fix PosToString duplicate definiton
Since SBuf::size_type and std::string::size_type are now both unsigned
and npos is the same value in both this function is a duplicate and
the stricter compilers complain.
Removed copyright statements from SBuf code, pending project policy
Made SBuf::size_type unsigned and adjusted tests accordingly
Add documentation for SBuf::spaceSize
Amos Jeffries [Wed, 2 Oct 2013 12:21:20 +0000 (06:21 -0600)]
Add --disable-arch-native build option
The -march-native option is required by Clang 3.2 on some CPU
and produces better optimization in binaries by GCC.
But building inside a virtual machine environment has been found to
cause random Illegal Instruction errors due to mis-detection of CPU.
This option is added to permit selective disabling of teh preferred
default (which is to use the compiler flag when available).
Amos Jeffries [Wed, 2 Oct 2013 03:41:06 +0000 (21:41 -0600)]
Fix build errors in rev.13012
static functions defined in headers (.h) must be used in all .cc which
include them. Functions which are not always used must be defined as
inline instead.
This resolves warning: 'const char* LogTime()' defined but not used
Amos Jeffries [Tue, 1 Oct 2013 23:21:17 +0000 (17:21 -0600)]
Remove dnsserver and external DNS helper API
The external DNS helper API places limits on Squid DNS lookups per second
low enough to noticably affect the HTTP requests per second which can be
served.
Request for comments about proposed removal 2 years ago produced feedback
stating that the helper was needed for local name resolution. This is
now available since 3.4 mDNS extensions.
A more recent request for reasons for keeping the helper API have
produced only two responses over the period of several months. Both
indicating that the API is no longer necessary for the business cases of
a year or so ago.
As such and because the helper fails to operate sufficiently on several
major operating systems and the API is difficult to maintain it is being
removed as of Squid-3.5.
Highlighted when the #include sorting was applied to lib/rfcnb/ files
several of the headers were using order-dependent definitions and were
not wrapped with sfety macros.
Perform the long overdue renaming of zh-cn.po an zh-tw.po to Hans and
Hant alphabet files. Add aliases for the 2 and 3 code dialect tags which
are appearing in Asian traffic.
Portability: cleanup includes for sys/time.h and sys/resource.h
These two include files are order-dependent on several operating systems
and as such are provided by Squid libcompat headers. There is no need for
code to include them specially and several HAVE_SYS_TIME_H macros were
missing which breaks the build on systems where the file is missing.
Markus Moeller [Fri, 27 Sep 2013 15:21:54 +0000 (09:21 -0600)]
negotiate_kerberos_auth: upgrade to present group= keys
Use the new kv-pair protocol extensions for emitting group details
directly at the time of authentication. group=X key-value pair is
used to emit the Kerberos SIDS values presented by MS Active
Directory environments.
Also, update the Hiemdal library support for recent library versions.
Also, polish the Kerberos and LDAP Group related code to avoid memory
leaks and improve C++ coding style.
Use IPv6 localhost nameserver on DNS configuration errors
When DNS configuration fails to locate a set of nameservers "localhost"
is used as the default but has previously only been setting 127.0.0.1
IPv4 address for localhost. This enables the failover to work as designed
on IPv6-only networks.
Fixed documentation, tentative alternate dump implementation with Raw api
Improve SBuf::find readability
Improved readability and error reporting in SBuf
Fixed nonfatal bug in snprintf behavior detection
Windows: locate CMSG definitions in Winsock2.h when present
Windows defines the CMSG macros in Winsock2.h sometimes. This allows the
definitions there to be used when present and avoids compiler errors
about double definitions.
Bug 3849: Duplicate certificate sent when using https_port
The certificate file given with the "cert=" option it may contain a list of
certificates to be chained to the SSL client, for example intermediate
certificates.
The bug caused because in the certificates chain we are storing also the
certificate of the port. This is works well for SSL-bump because squid
generates a certificate which uses the port certificate as CA certificate.
But in the case of https_port without bumping the port certificate is sent
twice, one as SSL server certificate and one as chained certificate.
This patch try to chain port certificate only when the sslbump is used.
The port name from http_port/https_port was not being propigated to
adapted reqeusts after ICAP/eCAP. Which makes the myportname ACL and
logging of portname not work on adapted requests.
Windows: fix collision between POSIX wrappers and DiskIO class methods
The POSIX function shutdown() is #define'd on Windows. This causes
compiler issues with the DiskIO method of same name. Rename the method
to gracefulShutdown() instead.
Also, Bug 3189 was incomplete and missed a change to DiskThreads
Windows initialization method.
Fix configuration file parsing bugs, related to quoted strings
This is patch try to fix problems discussed under the "[PATCH] Unknown cfg function"
mail thread on squid-dev mailing list
Fixes/changes:
- The quoted tokens mode (configuration_includes_quoted_values parameter)
is set to off by default
- If configuration_includes_quoted_values is off the quoted tokens
parsed using the ConfigParser::NextToken include the quotes, to keep
compatibility with older releases.
- The methods ConfigParser::RegexPattern() and ConfigParser::RegexStrtokFile()
added to parse regex tokens. The regex tokens can not be quoted values but
have their own syntax.
- For the cases where quoted strings are required (wordlists, Notes
parsing, Headers with acl), the new ConfigParser::NextQuotedToken method
added.
The old wordlists parser allowed escaping any character, this patch
will return an error if you try to escape alphanumeric characters. The
\r \n and \t have the C semantics.
- Removes the ConfigParser::TokenUndo method. The new method
ConfigParser::NextTokenPreview() which can be used to preview the next
token is added. This method if the next token is invalid (eg unquoted
with special characters) instead of calling self_destruct it will return
the "[invalid token]" as token.
- A set of new flags defined under ConfigParser class to define the type of
parsing: ParseRegex_ (next token is regex) ParseQuotedOrToEOL_
(next token is quoted or to-EOL), PreviewMode_ (just do preview do not
pop next token)
- Currently parser read a line, and the tokens stored on this line
and the line modified while parsed.
This patch extracts the tokens from line and store them to
ConfigParser::CfgLineTokens_ member. This method selected because
1) We may need to parse again the line so we do not want to modify it.
For example call the ConfigParser::PeekAtToken method to check if it
is a flag token ( eg "-i"), and if not call the
ConfigParser::RegexPattern() method to read next regex expression.
2) The current line tokens must stored somewhere to support the following:
char *name = ConfigParser::NextToken();
char *value = ConfigParser::NextToken();
The ConfigParser::CfgLineTokens_ reset when a new config line is read.
TODO:
- The ConfigParser::TokenPutBack method probably should removed in the future
together with the ConfigParser::Undo_ and ConfigParser::Undo().
This method is currently used only in one place (acl regex).
Amos Jeffries [Sun, 25 Aug 2013 04:44:20 +0000 (22:44 -0600)]
Doce: make doc/Programming-Guide/doxygen.footer.dyn non-empty
Experiment to see if the .dyn file footer output by doxygen is still
placed if this file contains whitespace. Just having it empty no longer
seems to work with the newer doxygen version.
Amos Jeffries [Sat, 24 Aug 2013 13:12:26 +0000 (01:12 +1200)]
Docs: define use of footer for output DYN files.
doc/Programming-Guide/doxygen.footer.dyn is an empty file because we do
not need anythign as a footer. But we do need to use it because doing so
will suppress teh default "</body></html>" string being appended to the
output file, which breaks out static site generation since .dyn files
have our own squid-cache.org footers automatically appended.
Alex Rousskov [Thu, 22 Aug 2013 18:39:41 +0000 (12:39 -0600)]
Close idle client connections associated with closed idle pinned connections.
Squid was not monitoring idle persistent connections pinned to servers. Squid
would discover that the pinned server connection is closed only after
receiving a new request on the idle client connection and trying to write that
request to the server. In such cases, Squid propagates the pinned connection
closure to the client (as it should).
Chrome and, to a lesser extent, Firefox handle such races by opening a new
connection and resending the failed [idempotent] request transparently to the
user. However, IE usually displays an error page to the user.
While some pconn races cannot be avoided, without monitoring idle pconns,
Squid virtually guaranteed such a race in environments where origin server
idle connection timeout is smaller than client/Squid timeouts and users
are revisiting pages in the window between those two timeouts.
Squid now monitors idle pinned connections similar to idle connections in the
pconn pool and closes the corresponding idle client connection to keep the two
sides in sync (to the extent possible).
It is theoretically possible that this change will break servers that send
whitespace on an idle persistent connection or perhaps send some SSL keepalive
traffic. No such cases are known to exist though.
Amos Jeffries [Wed, 21 Aug 2013 08:43:27 +0000 (02:43 -0600)]
Update forward_max_tries to permit 25 server paths
With cloud sites becoming more popular more CDN servers are producing
long lists of IPv6 and IPv4 addresses. If there are not enough paths
selected the IPv4 ones may never be reached.
Jan Sievers [Thu, 15 Aug 2013 21:28:14 +0000 (15:28 -0600)]
Regression Bug 3077: off-by-one error in Digest header decoding
This is a regression in the 3.2 and later version of the original bug
fix patch.
The effect is that all attributes are treated as quoted-string values
with unescaping performed. This ends with credentials wrongly being
rejected as invalid.
Amos Jeffries [Sat, 3 Aug 2013 07:57:44 +0000 (19:57 +1200)]
Fix configure parsing IP/domain directives
Squid would semi-silently accept invalid IP address or hostname in some
directives which required them (eg wccp_router) and use the magic
IP_ANYADDR value. This change makes configure halt with a FATAL error
instead.
Amos Jeffries [Thu, 1 Aug 2013 20:45:56 +0000 (08:45 +1200)]
Add dns_multicast_local to control mDNS operation
Enable admin control over whether mDNS operates or not. Set the default
to OFF due to .arpa reverse-DNS requests causing a rise in traffic from
this feature even on networks without mDNS responders setup.
Also, polish cachemgr idns report to show for queued queries which
resolver type and query the entry is involving. mDNS can cause a queue
to exist as some lookups timeout on the mDNS resolvers.
Specialize SBuf::reserveSpace and reserveCapacity functions to provide guarantee of single store ownership.
Tune SBuf::rawSpace() to take over from reserve* for the optimization role preveiously played by reserve*.
Adjust documentation and callers.