Added StatHist unit tests, and moved algorithm consistency checks there.
Expanded storage for histograms to 64bit unsigned.
Inlined StatHist constructor, destructor and assignment operator.
Implemented stubs for StatHist.cc and mem.cc
Henrik Nordstrom [Mon, 16 Jan 2012 17:30:16 +0000 (18:30 +0100)]
Send DNS A and AAAA queries in parallel
This implements sending DNS A & AAAA queries in parallel by
creating "slave" idns_query requests. Current implementation
uses the A lookup as "master" and AAAA as "slave" query.
Long term this should probably be restructured to separate "lookup
state" and "query", or even better yet to defer the DNS lookups
until connect time and perform A respective AAAA as needed only and
not look up both before attemting to connect.
This also drops the dns_v4_fallback directive as it have no effect with
parallel DNS lookups. This directive should be reinstanciated in future
to enable pure IPv6 usage.
Inside StoreEntry::swapOut() the StoreEntry::trimMemory() method called to
release unused MemObjects memory. The trimMemory method must called for all
store entries, but current code blocks that call for not-swappable objects,
at least.
This patch trying to fix this bug implementing the following simple logic:
{
bool weAreOrMayBeSwappingOut =
swappingOut() || mayStartSwapout();
trimMemory(weAreOrMayBeSwappingOut);
if (!weAreOrMayBeSwappingOut)
return; // nothing else to do
}
Amos Jeffries [Sat, 7 Jan 2012 10:15:40 +0000 (03:15 -0700)]
Cleanup: update most of the existing stub files to use the STUB.h framework
There are still several sections to be done. Including adding library API
stubs. However these are the ones which can be done immediately without
breaking or re-writing existing unit tests.
This implements sending DNS A & AAAA queries in parallel by
creating "slave" idns_query requests. Current implementation
uses the A lookup as "master" and AAAA as "slave" query.
Long term this should probably be restructured to separate "lookup
state" and "query", or even better yet to defer the DNS lookups
until connect time and perform A respective AAAA as needed only and
not look up both before attemting to connect.
Amos Jeffries [Sun, 1 Jan 2012 04:48:49 +0000 (17:48 +1300)]
Cleanup: unlinkd is self-contained
This helper is very minimal. It does not use IP:: or Ipc:: symbols.
If we get linkage issues against it for them those need to be resolved
without pulling in dependencies from squid internal libraries.
Amos Jeffries [Fri, 30 Dec 2011 16:01:37 +0000 (05:01 +1300)]
Cache Manager migration support
* Add a little bit of XHR script to the CGI cachemgr front page which
probes each of the managed proxies for http:// and https:// capabilities
and produces web links to their internal managers.
* Reserve the template name MGR_INDEX for use by cachemgr scripts.
But do not distribute any preset template. This allows manager apps to
provide their own static template with linked scripts and objects.
* The error page system is updated to create a blanket message
indicating missing template instead of aborting Squid if a template is
not even installed.
Amos Jeffries [Fri, 30 Dec 2011 03:42:50 +0000 (16:42 +1300)]
Support Cross-Origin Requests for the cache manager API
Now that tools are being implemented to access the cache manager via
http:// scheme we need to accomodate the browser XSS protection
mechanisms which limit XHR based scripts abilities.
This adds CORS headers to manager responses. Permitting XHR to view the
Server header (to detect squid version for known capabilities) and to
flag that the XHR request may need access to credentials for
authenticating with the manager.
This also closes the feature bug 3407 requesting we support the
non-standard "Origin:" header, which is used by the CORS mechanisms.
Future work:
Support the OPTIONS request used by CORS to detect requirements before
POSTing. We do not yet use POST in the Squid code so that is left until
needed.
Amos Jeffries [Fri, 30 Dec 2011 01:24:57 +0000 (18:24 -0700)]
SourceLayout: shuffel UserRequest into Auth:: namespace
No logic changes, symbols and debug only.
* shuffle AuthUserRequest to Auth::UserRequest
* shuffle AuthBasicUserRequest to Auth::Basic::UserRequest
* shuffle AuthDigestUserRequest to Auth::Digest::UserRequest
* shuffle AuthNegotiateUserRequest to Auth::Negotiate::UserRequest
* shuffle AuthNTLMUserRequest to Auth::NTLM::UserRequest
* polish and add documentation for several parts of the hierarchy
Amos Jeffries [Thu, 22 Dec 2011 04:49:24 +0000 (17:49 +1300)]
Bug 3370: external ACL sometimes skipping
Emit tag/user/log/message/pass details to the request in the case where
the external ACL entry has expired but within graceful revalidate period.
The result of this bug appears as incorrect matches later down the ACL
processing in any config relying on the external ACL output values.
Example; for bypassing auth login, or for filtering tagged traffic.
Moved some more typedefs to StatHist.h
Improved documentation
Removed squid.h include
Changed StatHist::operator= to almost be an actual assignment operator
Fixed findBin corner-case
When the ssl_bump and authentication iare both enabled for an ssl-bumped port
all SSL enabled websites prompt the user for authentication information once
per FQDN.
Tis patch inherits the authentication info from the CONNECT request to the
sslbumped requests.
Bug 3448: 204 response problem in adaptation chains
When the first ICAP service in a chain respond with 204 the next service
is aborted on Must(old_request->canonical) expression inside Adaptation::Icap::ModXact::encapsulateHead method.
Squid ICAP try to set the request::canonical member of the adapted request
inside Adaptation::Icap::ModXact::prepEchoing when the 204 response received.
The adapted.header->parse(..) call some lines after will set canonical member
to NULL.
This patch call the urlCanonical() function after parse() method
to build canonical member for the adapted request, instead of trying to copy
this member from the original request.
Author: Alex Rousskov <rousskov@measurement-factory.com>
Bug 3420: Request body consumption races and !theConsumer exception.
Also fixes endless waiting for HTTP client to send req body we no longer need.
Before these changes, the client side used a single "closing" state to
handle two different error conditions:
1. We stopped receiving request body because of some error.
2. We stopped sending response because of some error.
When a "directional" error occurred, we try to keep the transaction going in
the other direction (e.g., to give ICAP the entire request or to give HTTP
client the entire response). However, because there was just one "closing"
state, the code failed to correctly detect or process many corner cases,
resulting in stuck transactions and !theConsumer assertions/exceptions due to
races between enableAutoConsumption() and expectNoConsumption() calls.
This patch replaces the "closing" state with two direction-specific "we
stopped sending/receiving" flags.
Now, when the response sending code is done, it now checks whether the
receiving code stopped and closes the connection as needed. This is done both
when we encounter a sending error (ClientSocketContext::initiateClose) and
when we successfully sent the entire response to the client
(ClientSocketContext::keepaliveNextRequest).
Similarly, when the request body reading code is done, it now checks whether
the receiving code stopped and closes the connection as needed. This is done
both when we encounter a receiving error
(ConnStateData::noteBodyConsumerAborted) and when we successfully receive the
entire request body from the client (ClientSocketContext::writeComplete).
TODO: This patch focuses on various error cases. We might still have problems
when there is an early HTTP response and no errors of any kind. I marked the
corresponding old code with an XXX.
External ACL sometimes cannot find the credentials in ACL Checklist even
if they are attached to the HTTPRequest object.
This seems to happen when the checklist is created and the line match
started before the credentials are known. The credentials validation
updates the HTTP request state but is not aware of ACL checklists needing
to be updated so it never happens.
This patch:
* locate the %LOGIN value from either place where credentials can be found,
* updates the checklist if it was unset,
* passes '-' to the helper if no credentials at all were given.
Although the earlier logics forcing a lookup means this '-' case should
not happen it might if the external ACL were processed in 'fast' check.
Amos Jeffries [Sun, 4 Dec 2011 05:43:42 +0000 (22:43 -0700)]
Add FdeCbParams parameter object to CommCalls API.
The problem:
CommCalls API functionality is conflated with comm operational calls
created to do general FD handling (FD as pipe handle, FD as disk handle,
FD as pointer into the fd_table structure). Sometimes because they do
operations mirroring comm handlers and also use FD. None of this actually
requires the CommCalls layer to be involved though. The Comm::Connection
objects which CommCall TCP handlers pass around is also very inappropriate
for these FD types.
This adds FdeCbParams to CommCalls infrastructure, for use internally and
"lower" than comm API to pass around raw FD values. This should be avoided
on TCP socket FD, but may be used by callers needing FD where
Comm::Connection is inappropriate.
Amos Jeffries [Sun, 4 Dec 2011 05:39:39 +0000 (22:39 -0700)]
CBDATA call Dialer template
This adds a template for dialing Unary CBDATA wrapper functions with
type safety. Avoiding the casting that currently occurs in wrappers and
allowing the AsyncCall APIs to be used for these callbacks.