Amos Jeffries [Mon, 9 Feb 2009 05:33:18 +0000 (18:33 +1300)]
Bug 419: Hop by Hop headers MUST NOT be forwarded (attempt 2)
This attempt builds on Henriks re-work of the client-request to
server-request cloning done since the last attempt was made at closing
this bug.
Adds all RFC 2616 listed Hop-by-hop headers to the clone selection test
as 'ignore' cases unless otherwise handled already.
The test for whether they exist in Connection: is moved to the default
case as an inline. Which reduces the code a fair bit and prevents the
side case where a specially handled header gets ignored because the
client explicitly added it to Connection: when it did not have to.
This method sets up a background default of not passing the hop-by-hop
headers while allowing any code which explicitly sets or copies the
headers across to operate as before without interference.
Amos Jeffries [Sun, 8 Feb 2009 03:26:04 +0000 (16:26 +1300)]
TestBed: add slave tester script
This is draft #2 of the multi-machine script. I have it running locally.
As an intermediary step to kick wider testing until we get something
better going. This script can be run by cron and sends an email to
noc@squid-cache.org detailing the local system OS, CPU, and build results.
Requires:
sendmail or mailer providing sendmail API
bzr with checkout of (trunk, SQUID_3_1, or SQUID_3_0)
Amos Jeffries [Sun, 8 Feb 2009 00:02:47 +0000 (13:02 +1300)]
Author: Francesco Chemolli <kinkie@squid-cache.org>
Cleanups: Remove code handling K&R-style varargs.
It should be a safe enough bet that any C++ compiler can handle STDC-style varargs.
This patch removes all the (mostly spaghetti) code which used to handle K&R-style varargs calls.
Amos Jeffries [Fri, 6 Feb 2009 07:54:05 +0000 (20:54 +1300)]
Author: Francesco Chemolli <kinkie@squid-cache.org>
String NG : fixes initial merge, take 2
Compared to the retired first attempt it:
- fixes the issues Tsantilas Christos found out about
- implements String::find
- some more users analyzed and fixed.
external_acl_type %<{ and %USER_CERT_ / %CA_CERT_ parsing brokenness
The parsing of external_acl_type formats was sligtly broken, destroying
%<{ (request header) if SSL was enabled and never able to parse %USER_CERT_
or %CA_CERT_..
Also clarified request/reply header syntax slightly
Amos Jeffries [Wed, 4 Feb 2009 09:52:20 +0000 (22:52 +1300)]
Bug 2526: pt 2: default ALLOW when no list specified.
Fallout from audit of access control checks.
- Some got sensible defaults added
- many got slightly more optimized defaults
- documented the ACLChecklist interface and some API cleanups
Converted more String.unsafeBuf users
String.operator[] now returns a copy of a char rather than a reference.
Implemented StringNg-alike String.find() method. Eventual aim is to get rid of users of String.pos()
Inside the Adaptation::Initiator::announceInitiatorAbort method the check
x==NULL is not enough. We must also check if the x variable (of type Initiate)
is valid.
Refactoring: renamed String::buf() to unsafeBuf().
Introduced aliases for it named String::rawBuf() and String::termedBuf().
Introduced String::defined() and String::undefined().
The idnsSentQueryVC function called as AsyncCall. There is the possibility
when this function called the fd has start closing but not realy closed yet.
In this case this function will try to do a comm_write (idnsDoSendQueryVC
function) on sockect which closing and an assertion will triggered.
An extra test needed here to test if the socket closing and if yes just return.
This patch fixes the bug reported in comment #12 of bug 2505.
In the DeferredReadManager::kickARead method it is possible that the socket in
which refers a DeferredRead object has been closed, but the DeferredReadManager
is not informed yet because the related comm_close handler has not been
executed yet.
This patch checks the socket state and if it is closing just ignore the object.
Do not assert that the close handler being removed must be in
the list because comm_close removes all close handlers before any FD handlers
are fired.
There also seems to be an unrelated(?) problem: comm_remove_close_handler
does not really remove the callback. It only cancels the call. It should
probably remove the callback as well to prevent an unlikely situation where
the close handler list grows "too much".
Bug 2524: Connection close failed on Partial Content
The method ClientSocketContext::socketState in the case of partial content
request when all the expected bytes received and the proxy_keepalive flag is
not set must return STREAM_UNPLANNED_COMPLETE to inform the caller that the
socket should closed.
Henrik Nordstrom [Fri, 23 Jan 2009 23:04:56 +0000 (00:04 +0100)]
Move -DDFAULT_SQUID_DATA_DIR & CONFIG_DIR from CFLAGS to DEFS
For some reason gcc on OpenBSD does not like having these in CFLAGS
when running configure. However works fine having them expanded in
src/Makefile DEFS variable just like -DDEFAULT_SQUID_CONFIG_FILE
Amos Jeffries [Fri, 23 Jan 2009 02:07:48 +0000 (15:07 +1300)]
Author: Adrian Chadd <adrian@creative.net.au>
Bug 2558: pt 1: Connect forwarding setting error too early
This does not appear to be all of the cause of 2558, but its part of the
problem anyway. Request forwarding should not be setting a connection
failed error page until all attempts at making a connection have failed.
This patch does not correct the place its being set, but clears err before
re-trying a connection.
From IRC:
(13:09:03) adri: no idea about v4-only hostnames
but the bug is still valid; you're creating errors on
the connect fail, but not clearing them before the next connect
Amos Jeffries [Fri, 23 Jan 2009 01:59:29 +0000 (14:59 +1300)]
Regression Fix: rollback bug 2395 fix.
Fixing bug 2395 uncovered a much more serious bug 2558.
It was not found earlier due to bug 2558 being a slow incremental affect
hidden by already-cached objects.
This rollback is intended as a temporary measure until a good fix can be
found for both bugs.
Amos Jeffries [Tue, 20 Jan 2009 08:51:04 +0000 (21:51 +1300)]
Bug 419: Hop by Hop headers MUST NOT be forwarded (attempt 2)
This attempt builds on Henriks re-work of the client-request to
server-request cloning done since the last attempt was made at closing
this bug.
Adds all RFC 2616 listed Hop-by-hop headers to the clone selection test
as 'ignore' cases unless otherwise handled already.
The test for whether they exist in Connection: is moved to the default
case as an inline. Which reduces the code a fair bit and prevents the
side case where a specially handled header gets ignored because the
client explicitly added it to Connection: when it did not have to.
This method sets up a background default of not passing the hop-by-hop
headers while allowing any code which explicitly sets or copies the
headers across to operate as before without interference.
Amos Jeffries [Tue, 20 Jan 2009 08:36:00 +0000 (21:36 +1300)]
Only set Keep-alive once
Enact the TODO of same.
Some re-arrangement has been done to move setting cases which need
functions to be evaluated a lower priority than those which can be set
purely from flags.
Amos Jeffries [Wed, 14 Jan 2009 01:55:03 +0000 (14:55 +1300)]
Author: Regardt van de Vyver <squid@vdvyver.net>
Bug 2555: Fixes to SNMP-MIB
* Modified imports as Integer32 and TEXTUAL-CONVENTION are external defines to
this MIB, it's a compliance issue for validation
* Updated the order of Revisions as the MIB spec requires them to be in reverse
choronological order
* moved the nlanr define to a valid location as it may not be the first defined
item in a module (the MODULE IDENTITY must be)
* Modified various "ACCESS" statements to "MAX-ACCESS" due to changes in the
MIB spec requiring the change of defines.
* Modified various interative table entries to "not-accessible". This is due to
the fact that the root element should not be directly accessed, rather the
generated table entries matching these values. This is not strictly neccesary
but does make the file validate on severity 3 instead of severity 2.
* Modified cacheMedianTime to have a valid range. Ranges are REQUIRED for any
object used as an INDEX
* Modified cachePeerPortHTTP and cachePeerPortIcp to use a new type
"ValidPort". This is to meet a requirement that we cannot define valid port
ranges in a sequence defenition.
* Created a new define ValidPort so that we can specify a range of valid values
for ports
* In some object defines STATUS was set to mandatory, this is however not a
valid MIB STATUS value and has thus been fixed to current. These items
specifically caused the MIBs to fail compile completely.
* cacheClientEntry had a duplicate oid and after checking the source code I
updated its oid to the correct value.
SIDE NOTE:
Squid-2 and 3.0 have a different structure for cachePeerEnty enum. This may
cause some confusion if the squid3 mib is used with older squid releases.
Amos Jeffries [Tue, 13 Jan 2009 06:17:33 +0000 (19:17 +1300)]
Bug 2556: HTCP fails without icp_port
Removes requirement for ICP port to be open for peer UDP queries to take
place.
TODO: Some work still needs to be done to separate the timeout from
icp_timeout and break ICP specific query logics out into icp code files.
But that is just cleanup for later.