From: Amos Jeffries Date: Sat, 18 Jul 2009 07:51:33 +0000 (+1200) Subject: Split-stack: Correct DNS port family, clone http_port X-Git-Tag: SQUID_3_2_0_1~866 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7e07ced1dba28c81bdf0527bc4c05cffb0874ec4;p=thirdparty%2Fsquid.git Split-stack: Correct DNS port family, clone http_port --- diff --git a/src/cache_cf.cc b/src/cache_cf.cc index 15718c28cd..51b01dce3e 100644 --- a/src/cache_cf.cc +++ b/src/cache_cf.cc @@ -2954,7 +2954,7 @@ parse_http_port_specification(http_port_list * s, char *token) if (NULL == host) { s->s.SetAnyAddr(); s->s.SetPort(port); - debugs(3, 3, "http(s)_port: found Listen on wildcard address: " << s->s); + debugs(3, 3, "http(s)_port: found Listen on wildcard address: *:" << s->s.GetPort() ); } else if ( s->s = host ) { /* check/parse numeric IPA */ s->s.SetPort(port); debugs(3, 3, "http(s)_port: Listen on Host/IP: " << host << " --> " << s->s); @@ -3136,10 +3136,64 @@ void add_http_port(char *portspec) { http_port_list *s = create_http_port(portspec); + // we may need to merge better of the above returns a list with clones + assert(s->next == NULL); s->next = Config.Sockaddr.http; Config.Sockaddr.http = s; } +#if IPV6_SPECIAL_SPLITSTACK +http_port_list * +clone_http_port_list(http_port_list *a) +{ + http_port_list *b = new http_port_list(a->protocol); + + b->s = a->s; + if (a->name) + b->name = xstrdup(a->name); + if (a->defaultsite) + b->defaultsite = xstrdup(a->defaultsite); + + b->intercepted = a->intercepted; + b->spoof_client_ip = a->spoof_client_ip; + b->accel = a->accel; + b->allow_direct = a->allow_direct; + b->vhost = a->vhost; + b->sslBump = a->sslBump; + b->vport = a->vport; + b->connection_auth_disabled = a->connection_auth_disabled; + b->disable_pmtu_discovery = a->disable_pmtu_discovery; + + memcpy( &(b->tcp_keepalive), &(a->tcp_keepalive), sizeof(a->tcp_keepalive)); + +#if 0 + // AYJ: 2009-07-18: for now SSL does not clone. Configure separate ports with IPs and SSL settings + +#if USE_SSL + // XXX: temporary hack to ease move of SSL options to http_port + http_port_list &http; + + char *cert; + char *key; + int version; + char *cipher; + char *options; + char *clientca; + char *cafile; + char *capath; + char *crlfile; + char *dhfile; + char *sslflags; + char *sslcontext; + SSL_CTX *sslContext; +#endif + +#endif /*0*/ + + return b; +} +#endif + static void parse_http_port_list(http_port_list ** head) { @@ -3157,6 +3211,15 @@ parse_http_port_list(http_port_list ** head) parse_http_port_option(s, token); } +#if IPV6_SPECIAL_SPLITSTACK + if (s->s.IsAnyAddr()) { + // clone the port options from *s to *(s->next) + s->next = clone_http_port_list(s); + s->next->s.SetIPv4(); + debugs(3, 3, "http(s)_port: clone wildcard address for split-stack: " << s->s << " and " << s->next->s); + } +#endif + while (*head) head = &(*head)->next; diff --git a/src/comm.cc b/src/comm.cc index 0f54519e69..23fcd04fa6 100644 --- a/src/comm.cc +++ b/src/comm.cc @@ -662,7 +662,7 @@ comm_set_v6only(int fd, int tos) { #ifdef IPV6_V6ONLY if (setsockopt(fd, IPPROTO_IPV6, IPV6_V6ONLY, (char *) &tos, sizeof(int)) < 0) { - debugs(50, 1, "comm_open: setsockopt(IPV6_V6ONLY) on FD " << fd << ": " << xstrerror()); + debugs(50, 1, "comm_open: setsockopt(IPV6_V6ONLY) " << (tos?"ON":"OFF") << " for FD " << fd << ": " << xstrerror()); } #else debugs(50, 0, "WARNING: comm_open: setsockopt(IPV6_V6ONLY) not supported on this platform"); @@ -744,7 +744,7 @@ comm_openex(int sock_type, #if IPV6_SPECIAL_SPLITSTACK if ( addr.IsIPv6() ) - comm_set_v6only(new_socket, tos); + comm_set_v6only(new_socket, 1); #endif @@ -1037,10 +1037,8 @@ ConnectStateData::commResetFD() comm_set_tos(fd, F->tos); #if IPV6_SPECIAL_SPLITSTACK - if ( F->local_addr.IsIPv6() ) - comm_set_v6only(fd, F->tos); - + comm_set_v6only(fd, 1); #endif copyFDFlags(fd, F); diff --git a/src/dns_internal.cc b/src/dns_internal.cc index 3d37e651ce..c5fb5a8dca 100644 --- a/src/dns_internal.cc +++ b/src/dns_internal.cc @@ -1366,22 +1366,29 @@ idnsInit(void) else addr = Config.Addrs.udp_incoming; - debugs(78, 2, "idnsInit: attempt open DNS socket to: " << addr); #if IPV6_SPECIAL_SPLITSTACK - if ( addr.IsAnyAddr() || addr.IsIPv6() ) + IpAddress addr4 = addr; + + if ( addr.IsAnyAddr() || addr.IsIPv6() ) { + debugs(78, 2, "idnsInit: attempt open DNS socket to: " << addr); DnsSocketB = comm_open_listener(SOCK_DGRAM, IPPROTO_UDP, addr, COMM_NONBLOCKING, "DNS Socket v6"); + } - if ( addr.IsAnyAddr() || addr.IsIPv4() ) + if ( addr.IsAnyAddr() || addr.IsIPv4() ) { + addr4.SetIPv4(); + debugs(78, 2, "idnsInit: attempt open DNS socket to: " << addr4); DnsSocketA = comm_open_listener(SOCK_DGRAM, IPPROTO_UDP, - addr, + addr4, COMM_NONBLOCKING, "DNS Socket v4"); + } #else + debugs(78, 2, "idnsInit: attempt open DNS socket to: " << addr); DnsSocketA = comm_open_listener(SOCK_DGRAM, IPPROTO_UDP, addr, @@ -1403,7 +1410,7 @@ idnsInit(void) #endif if (DnsSocketA >= 0) { port = comm_local_port(DnsSocketA); - debugs(78, 1, "DNS Socket created at " << addr << ", FD " << DnsSocketA); + debugs(78, 1, "DNS Socket created at " << addr4 << ", FD " << DnsSocketA); } }