From: Amos Jeffries Date: Wed, 3 Mar 2010 09:38:49 +0000 (+1300) Subject: Full Surrogate/1.0 support X-Git-Tag: SQUID_3_2_0_1~393 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=45cca89d8f2dffe898a30487c2f7f1838c769525;p=thirdparty%2Fsquid.git Full Surrogate/1.0 support This enables the Surrogate-Control header fields for HTTP reverse proxies in general. Not only those with ESI capability. Limited to use by reverse-proxies only, and some added security to strip Surrogate headers better at the border. --- diff --git a/src/cf.data.pre b/src/cf.data.pre index 2eb07fefab..837f147d02 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -4326,7 +4326,6 @@ COMMENT_START COMMENT_END NAME: httpd_accel_surrogate_id -IFDEF: USE_SQUID_ESI TYPE: string LOC: Config.Accel.surrogate_id DEFAULT: unset-id @@ -4338,7 +4337,6 @@ DOC_START DOC_END NAME: http_accel_surrogate_remote -IFDEF: USE_SQUID_ESI COMMENT: on|off TYPE: onoff DEFAULT: off diff --git a/src/client_side_reply.cc b/src/client_side_reply.cc index 4e7243ae7d..a6580eb29e 100644 --- a/src/client_side_reply.cc +++ b/src/client_side_reply.cc @@ -1421,6 +1421,14 @@ clientReplyContext::buildReplyHeader() #endif + /* Surrogate-Control requires Surrogate-Capability from upstream to pass on */ + if ( hdr->has(HDR_SURROGATE_CONTROL) ) { + if (!request->header.has(HDR_SURROGATE_CAPABILITY)) { + hdr->delById(HDR_SURROGATE_CONTROL); + } + /* TODO: else case: drop any controls intended specifically for our surrogate ID */ + } + httpHdrMangleList(hdr, request, ROR_REPLY); } diff --git a/src/http.cc b/src/http.cc index 5e6335c81c..39a0d5cc02 100644 --- a/src/http.cc +++ b/src/http.cc @@ -310,12 +310,8 @@ httpMaybeRemovePublic(StoreEntry * e, http_status status) void HttpStateData::processSurrogateControl(HttpReply *reply) { -#if USE_SQUID_ESI - if (request->flags.accelerated && reply->surrogate_control) { - HttpHdrScTarget *sctusable = - httpHdrScGetMergedTarget(reply->surrogate_control, - Config.Accel.surrogate_id); + HttpHdrScTarget *sctusable = httpHdrScGetMergedTarget(reply->surrogate_control, Config.Accel.surrogate_id); if (sctusable) { if (EBIT_TEST(sctusable->mask, SC_NO_STORE) || @@ -327,7 +323,7 @@ HttpStateData::processSurrogateControl(HttpReply *reply) /* The HttpHeader logic cannot tell if the header it's parsing is a reply to an * accelerated request or not... - * Still, this is an abtraction breach. - RC + * Still, this is an abstraction breach. - RC */ if (sctusable->max_age != -1) { if (sctusable->max_age < sctusable->max_stale) @@ -345,8 +341,6 @@ HttpStateData::processSurrogateControl(HttpReply *reply) httpHdrScTargetDestroy(sctusable); } } - -#endif } int @@ -1597,16 +1591,17 @@ HttpStateData::httpBuildRequestHeader(HttpRequest * request, strVia.clean(); } -#if USE_SQUID_ESI if (orig_request->flags.accelerated) { /* Append Surrogate-Capabilities */ - String strSurrogate (hdr_in->getList(HDR_SURROGATE_CAPABILITY)); - snprintf(bbuf, BBUF_SZ, "%s=\"Surrogate/1.0 ESI/1.0\"", - Config.Accel.surrogate_id); + String strSurrogate(hdr_in->getList(HDR_SURROGATE_CAPABILITY)); +#if USE_SQUID_ESI + snprintf(bbuf, BBUF_SZ, "%s=\"Surrogate/1.0 ESI/1.0\"", Config.Accel.surrogate_id); +#else + snprintf(bbuf, BBUF_SZ, "%s=\"Surrogate/1.0\"", Config.Accel.surrogate_id); +#endif strListAdd(&strSurrogate, bbuf, ','); hdr_out->putStr(HDR_SURROGATE_CAPABILITY, strSurrogate.termedBuf()); } -#endif /** \pre Handle X-Forwarded-For */ if (strcmp(opt_forwarded_for, "delete") != 0) { diff --git a/src/structs.h b/src/structs.h index 10005ccbad..3cd5c5fef4 100644 --- a/src/structs.h +++ b/src/structs.h @@ -315,10 +315,7 @@ struct SquidConfig { time_t authenticateIpTTL; struct { -#if USE_SQUID_ESI char *surrogate_id; -#endif - } Accel; char *appendDomain; size_t appendDomainLen; @@ -427,11 +424,7 @@ struct SquidConfig { int ie_refresh; int vary_ignore_expire; int pipeline_prefetch; - -#if USE_SQUID_ESI int surrogate_is_remote; -#endif - int request_entities; int detect_broken_server_pconns; int balance_on_multiple_ip;