amosjeffries [Sat, 19 Jan 2008 14:15:28 +0000 (14:15 +0000)]
EPSV support for FTP and other fixes.
- Adds full EPSV method support for FTP server connections
- Fixes debugging in FTP state machine into specific levels:
* 0: critical problems
* 1: non-critical problems
* 2: FTP protocol chatter
* 3: FTP logic flow debugging
* 5: FTP data parsing flows
- Adds code documentation to some FTP functions.
amosjeffries [Sat, 19 Jan 2008 14:11:34 +0000 (14:11 +0000)]
Miscenllaneous fixes for CNAME, include, and comm.
- Add more wrapping of CNAME code no longer needed.
- Fixes typo in include directive ported code.
- Fixes incorrect socket family setting on some accepted connections.
hno [Mon, 14 Jan 2008 19:13:49 +0000 (19:13 +0000)]
Bug #2153: Use the cache_peer name in CARP hashing to support multiple peers on the same host
The cache_peer name= option was introduced some years ago to allow
peers to be named and to suppot multiple peers on the same host/address.
However, carp still used the hostname/address and not the name making
it fail slightly when forwarding to multiple peers on the same address.
amosjeffries [Fri, 11 Jan 2008 12:04:02 +0000 (12:04 +0000)]
Formal Debug Levels part 1 - Define names for some debug levels.
This allows the use of DBG_CRITICAL and DBG_IMPORTANT instead of magic
numbers 0 and 1 in the debugs() calls. Making code a little more readable
and easier to use. The code itself is not modified to use them yet.
DBG_DATA is added for level 9, though that may change.
TODO: the other levels (2-8) still need deciding. No consensus was reached
amongst the developers for those levels when discussed.
amosjeffries [Fri, 11 Jan 2008 10:49:18 +0000 (10:49 +0000)]
AAAA/A failover fix and CNAME recursion deprecation
A bug in the final version of squid internal DNS resolver logics
caused any failover A results to overwrite the paired previous AAAA.
This patch adds state to store the DNS results between failover queries
and to merge the final sets before passing them out to the requestor.
Lookups should now be seemlessly handled within the DNS resolver stub.
CNAME recursion at the ipcache level should now be obsolete and has been
wrapped in a new ./configure --with-dns-cname option which defaults off.
That code has proven to be problematic anyway and will be no great loss.
Additional counters have been added to the squid statistics to track the
amount of queries of each type have been encountered.
hno [Mon, 7 Jan 2008 22:47:08 +0000 (22:47 +0000)]
Bug #2175: Update valgrind support for valgrind-3.3.0
Valgrind memcheck rearranged the names of it's support macros in
version 3.2.0 to better represent the actual function, and now the
old names has been removed starting with version 3.3.0 causing
build a failure if --with-valgrind-debug is used.
this patch updates Squid to use the new valgrind macro names, and
adds a little glue to be compatible with older valgrind versions
hno [Sun, 30 Dec 2007 11:06:30 +0000 (11:06 +0000)]
Random authenticaiton failures when using Digest authentication
The stale= propery of the Digest responses sent by Squid indicated far
too often that the nonce was not stale. Contrary to what the RFC recommends
we should only say that the nonce is not stale when it is a valid nonce but
the response did not compute (invalid user or password). In all other
situations we should say that the nonce is stale even if we haven't
validated the response.
hno [Thu, 27 Dec 2007 22:48:53 +0000 (22:48 +0000)]
Remove the default cache_dir location and the null store type
Many people gets confused by the builtin cache_dir location, thinking
that if there is no cache_dir in squid.conf then there is no on-disk cache.
This removes the builtin default.
By removing the builtin default we can also remove the "null" cache_dir
type whos purpose is only to override the builtin default.
hno [Thu, 27 Dec 2007 21:55:47 +0000 (21:55 +0000)]
netdb_filename directive to specify location of netdb state file
was hardcoded to use the first cache_dir. This moves the default location
to the logs directory and may be overridden at compile time by setting
DEFAULT_NETDB_FILE
hno [Thu, 27 Dec 2007 08:58:19 +0000 (08:58 +0000)]
Bug #2114: cache memory accounting not working well
Use the page allocator statistics to report cache_mem usage
This patch removes the weak attempt in keeping an byte-exact cache_mem usage
counter, instead using the actual allocated size (but excluding overhead).
This is the same accounting method as used in Squid-2 btw..
hno [Sat, 22 Dec 2007 06:50:24 +0000 (06:50 +0000)]
The reply_header_max_size check should not depend on having the whole header read in memory
the point of this check is to avoid a DoS on squid, not really access control,
so it needs to be while verified while reading the request header, not after reading it..
amosjeffries [Thu, 20 Dec 2007 18:19:48 +0000 (18:19 +0000)]
Code cleanup. OO the ASN ACL radix tree data format.
- Drops two macros
- Adds type-safe compile checking on the data format
- Abstracts the size-management away
- Abstracts the data conversion away
- Abstracts memcpy away from the radix management
amosjeffries [Tue, 18 Dec 2007 19:15:34 +0000 (19:15 +0000)]
Update documentation after IPv6
- Adds changelog entries for 3-HEAD
- Updates TODO list for done item
- Updated CREDITS with copyright of Treehouse Networks Ltd code additions
- suggested config update in Quickstart
amosjeffries [Sat, 15 Dec 2007 06:11:41 +0000 (06:11 +0000)]
Import IPv6 support from squid3-ipv6 branch to 3-HEAD.
This patch fully enables squid to handle IPv6 on internally supported
protocols which have IPv6 capability.
see 3.1 Release Notes for full details on the IPv6 changes.
also see squid.conf generated from this point for configuration changes.
TODO: Release-Notes fro 3.1 have yet to be created. The mentioned details
documentation will come in a later patch.
hno [Sat, 15 Dec 2007 02:47:54 +0000 (02:47 +0000)]
Accept some unknown store meta entries without throwing away the rest.
The store meta parser stopped when encountering the first "unknown" entry.
This is bad for extensibility. Should continue parsing what we do know
how to handle.
amosjeffries [Fri, 14 Dec 2007 12:03:25 +0000 (12:03 +0000)]
Import alternate RFC 3495 library functions from squid3-ipv6 branch.
Some OS do not provide RFC 3495 libraries (socket extensions for IPv6).
While these OS are expected to be built with --disable-ipv6 they still need
squid to provide the library methods for IP-neutral code use of IPv4.
TODO: This patch does not contain the autotools configure options to cause
these functions to be built. That will come in the later IPv6-enabling patch