- Rename to basic_ldap_auth
- C++ build with link to libcompat
- Add OPTIONS section to man(8) page
- Tweak libldap and liblber configure naming convention.
TODO: check that removal of miscellaneous libraries (XTRA_LIBS) has
not removed anything important to this helper. If so add back
the individual library needed, not the whole lot.
Amos Jeffries [Thu, 1 Oct 2009 07:59:00 +0000 (19:59 +1200)]
ESI: protect build from missing libraries correctly
- detect the libexpat and libxml2 headers.
- wraps the code includes according to Squid guidelines
- wraps the library API modules for build only when library is present
Also;
- disconnect the libraries from linking to binaries they dont need to.
- enable automatic build testing of ESI code since missing libraries are
no longer fatal.
Author: Adrian Chadd <adrian@squid-cache.org>
A tproxy cache cluster (eg behind WCCPv2) can't peer.
The issue stems from the forwarding logic creating source address spoofed
sockets to destinations that are inside the cluster. Since the WCCPv2
router won't redirect packets with an origin of the proxy MAC (at least for
L2 peering), source spoofed packets go out and are routed normally. The
packets back from the destination peer have a remote end of the spoofed IP,
and are instead sent to teh original client rather than the proxy.
The forwarding logic needs to be taught to optionally enable tproxy source
spoofing on connections based on a peer flag.
Just for completeness - tproxy'ed connections to a upstream or peer proxy
which is -outside- of the WCCPv2 tproxy cluster work fine.
- Remove 'odd' netmask support from ACL.
- Fully deprecate netmask support for ACL.
Earlier fix caused inconsistent handling between IPv4 and IPv6 builds of
Squid. Which has turned out to be a bad idea.
This fixes that by 'breaking' both build alternatives.
Many of the occasions Squid was calling bind() are not required. This
reduces the bind() calls to only those which are actually needed.
Further optimization can be done in a future version to drop the paranoid
and slightly performance degrading safety checks for instances of Squid
binding ANYADDR without listener status, and attempting to bind NOADDR.
Henrik Nordstrom [Wed, 16 Sep 2009 00:13:28 +0000 (02:13 +0200)]
Split some asserts with side-effects
assert expressions should not have any noticeable sideffects or otherwise
be important for the program flow operation. If not unexpected results is
seen from compiling with -DNODEBUG
Auto-detect the amount of TPROXY support available.
Uses the configured port address type to determine the level of testing
done. Systems with IPv4-only TPROXY (kernel 2.6.28 to 2.6.3*) will have
their ports reduced to IPv4-only, and those with IPv6 support will see
the port open as IPv6. This is done a run-time to cater for patched kernels
and kernel upgrades underneath Squid.
Balabit are now providing patches to do TPROXY with IPv6.
This retains the v4-only behaviour of the wildcard and IPv4 adresses
until full kernel support is available but enables people who have
patched their kernels to set an IPv6 in the http_port.
Bug 2570: wccp2 "Here I Am" announcements not sent
There is a bit of re-work in configuration needed before this can go into
the storage config scope where it belongs. Temporary fix for 3.1.
see bug report for details.
Author: Alex Rousskov <rousskov@measurement-factory.com>
Fixed entry size calculation for the max-size cache_dir selection algorithms.
There were two sides of this bug:
In src/store_swapout.cc, we must create metadata earlier because
storeCreate() needs swap_hdr_sz. With swap_hdr_sz unknown at the time of
storeCreate(), the SwapDir selection algorithms may select SwapDirs that
should not really take the entry as the real storage size (with the
metadata swap_hdr_sz) would exceed the store slot size.
In src/store_dir.cc, we must add the metadata size before looking for
cache_dirs that accept objsize. Only the "new"
storeDirSelectSwapDirRoundRobin selection scheme was affected.
This makes the starting state explicitly private: instead of assuming its
going to be defined in a private state and dependign on the definer class.
We can cope with not setting the state to private at the end of the macro
as well. It just means the use of this macro must be last, or have an
explicit private/public definition after its use.
Amos Jeffries [Mon, 31 Aug 2009 10:02:23 +0000 (22:02 +1200)]
Author: Tim Starling <unknown>
Port 2.7: Unique sequence number per log line
Create and enable logging of a unique sequence number per log entry.
Adjusted to 64-bit to handle long Squid up times with very large logged
line counts.
NP: not quite sure about the incrementation. Write appears to be called
once per log entry but this is not tested under enough conditions to be
certain yet. The old lineEnd call from Squid-2 is not present in Squid-3.
Amos Jeffries [Fri, 28 Aug 2009 01:44:26 +0000 (13:44 +1200)]
Cleanup: Remove more traces of old squid debug()() macro
There is now no reason for any of the Squid internal code to contain 'debug()'
TODO: Just the ESI code remaining on the old system.
It's debug seems to be incrementally building a single line to display
objects parsed. But using multiple nested calls to dump it.
VERY nasty. They need to be made writing to a buffer instead.
Henrik Nordstrom [Thu, 27 Aug 2009 09:49:56 +0000 (11:49 +0200)]
Cleanup of auth header special case forwarding logics
The code dealing with our special case auth header forwarding/synthesising
had grown quite hairy and partially duplicated from all additions. This
cleans up the code moving this logics to a new function and unifying
WWW & Proxy auth cases.
projects / thirdparty / squid.git / log
