Alex Rousskov [Thu, 8 May 2008 20:16:36 +0000 (14:16 -0600)]
Added Adaptation::Message that brings together the HttpMsg and the
corresponding body_pipe and handle HttpMsg locking.
TODO: This class should not be needed. HttpMsg already has body_pipe. In the
past, we could not use that pipe "as is" because some other code would steal
it from the message. Once such cases are removed and something like
HttpMsg::Pointer is added to handle locking, there will be no need for
Adaptation::Message.
TODO: ICAPInOut should be replaced with two Adaptation::Messages, one for the
virgin message (that often has a body) and one for the cause, even though the
ICAP cause does not need a body.
Alex Rousskov [Thu, 8 May 2008 20:10:05 +0000 (14:10 -0600)]
Added Adaptation::Message that brings together the HttpMsg and the
corresponding body_pipe and handle HttpMsg locking.
TODO: This class should not be needed. HttpMsg already has body_pipe. In the
past, we could not use that pipe "as is" because some other code would steal
it from the message. Once such cases are removed and something like
HttpMsg::Pointer is added to handle locking, there will be no need for
Adaptation::Message.
TODO: ICAPInOut should be replaced with two Adaptation::Messages, one for the
virgin message (that often has a body) and one for the cause, even though the
ICAP cause does not need a body.
Alex Rousskov [Thu, 8 May 2008 20:03:16 +0000 (14:03 -0600)]
Added HttpRequest::clone(). HttpReply already had that method, but it is
not complete as some fields are not cloned yet.
TODO: This should be done via copy constructors. The constructors can be
made protected to minimize chances of accidental copying of messages.
Import strnstr from FreeBSD sources. Needed for some string-safe operations.
strnstr() is not provided on all OS (Linux with gcc 3.x for one).
And some OS are known to bundle an unsafe version (MacOS X 10.4 has a buffer overrun)
So code should use the function named squid_strnstr() and auto-tools will
test to see if the OS provided version is usable.
This patch merges part 2 of the TPROXY-related updates.
- Makes interception handling flags and options always-present
- Updates squid.conf http_port options for clarity
- Builds structure for sequential lookup of multiple interception methods
- Performs sequential lookups for IPFW and multiple Netfilter targets
if Squid configured to enable those transparency methods.
- Pulls most of the TPROXYv2 related code out of Comm into IPInterception
IPFW changes are still experimental, but Netfilter targets have been tested.
TODO: depending on the anoyance levels a better logging method for NAT
failures may need to be implemented. The existing methods of logging
one-per-N seconds, for all lookup methods may prove annoying.
Alex Rousskov [Thu, 17 Apr 2008 05:50:09 +0000 (23:50 -0600)]
Avoid segfaults when scheduling an async call for a non-existent job.
Scheduling a call for invalidated or non-existent job should be a no-op
because (a) it simplifies the code and (b) the job may disappear while
the call is queued so checking job status at the call time is
pointless from the correctness point of view.
Existing code already relies on this guarantee, but apparently not too much.
The bug was in a JobDialer. I have not yet verified whether other dialers
need a similar fix.
Alex Rousskov [Thu, 17 Apr 2008 05:44:45 +0000 (23:44 -0600)]
Fixed and polished autoconsumption mode.
Fixed: We need to start autoconsuming when new data is appended and we
have not started (but enabled autoconsumpiton) before.
Polished: When notifying a consumer, checking whether mustAutoConsume is
set is pointless as it has no effect on consumer (if any). This check was
probably a leftover from pre-BodySink days.
Henrik Nordstrom [Mon, 14 Apr 2008 21:03:20 +0000 (23:03 +0200)]
Bug #2310: Incorrect default time/date log format
The %tl and %tg logformat tags is meant to use the same date format as
Apache/NCSA, but in Squid-3 there was a space instead of : between the
date and time.
Alex Rousskov [Mon, 14 Apr 2008 16:18:00 +0000 (10:18 -0600)]
Bootstrap lib/libLtld when running top-level bootstrap.sh.
This appears necessary because libtoolize-generated lib/libLtdl/Makefile.in is
probably made with an older automake version and refers to a non-existent
mkinstalldirs script. Yet, bootsrapping libLtdl produces warnings (or
non-fatal errors) so I am not sure it is the right thing to do long-term.
Part 1 adds complete TPROXYv4 capabilities to Squid.
The alterations are rather superficially tacked into the netfilter support.
Polish for this feature involves some rather intrusive alterations to
transparency which are still undergoing testing. That is part 2.
A temporary configure option --enable-linux-tproxy4 is provided as part of
this commit to enable the TPROXY v4 code. Part 2 will remove this option
again in favour of squid.conf transparency controls.
Alex Rousskov [Sat, 12 Apr 2008 04:52:49 +0000 (22:52 -0600)]
eCAP support, part 1: Loadable modules and ICAP-independent Squid core.
The first part of eCAP work includes (a) initial support for loadable
modules and (b) removing ICAP from main Squid sources, replaced with the
adaptation API that does not depend on a specific adaptation mechanism.
The patch does not contain significant changes to main Squid sources.
Generic adaptation API should minimize significant core changes going
forward. Details are below. For a low-level change log, see the eCAP bzr
branch at https://code.launchpad.net/~rousskov/squid/ecap
Configuration and features:
Added adaptation_service_set squid.conf option, deprecating
icap_class. The new option has more accurate documentation and does
not depend on the adaptation protocol so one can group eCAP and ICAP
services.
Added adaptation_service_set squid.conf option, deprecating
icap_access. The new option has more accurate documentation and does
not depend on the adaptation protocol so one can mix-and-match eCAP
and ICAP ACL rules.
Added loadable_modules squid.conf option to specify what shared
libraries to load dynamically. The support is based on libtool's ltdl
convenience library and is enabled by default. It can be disabled
using --disable-loadable-modules. Loadable modules are needed for
eCAP, but loadable_modules code deals with generic module
manipulation, independent from eCAP support. Squid does not yet
communicate with the loaded modules. TODO: support cachemgr
reporting and reconfiguration of modules.
Internals:
Squid core no longer knows about ICAP: General message adaptation code
has been moved from src/ICAP to src/adaptation/. The only connection
between main Squid code and ICAP is squid.conf parser and a few
enabling lines in main.cc. USE_ADAPTATION is enabled if ICAP_CLIENT or
USE_ECAP is enabled. TODO: Make adaptation comments, debug, and error
messages in main Squid code ICAP-neutral. This has not been done yet
to reduce VCS conflicts.
The src/ICAP/ directory now has its own Makefile (so does the new
src/adaptation). TODO: Should ICAP and eCAP directories be moved
inside adaptation/?
The eCAP directory and the --enable-ecap option have been added, but
they should not be used yet.
Added an adaptation service group API to support groups of services.
Current code supports service sets and single-service groups. Sets
provide a way to group interchangeable services together so that one
(the "best" available) service is applied to the message. A
single-service group is an internal feature to allow user to mix
service and group names in squid.conf ACLs. TODO: support service
chains (as a service group) and perhaps group of groups?
Implemented delayed creation of adaptation services. We used to create
ICAPServiceRep objects when parsing the configuration file.
Create-as-you-parse is imperfect for several reasons, especially if
the services are dynamically loaded as is the case with eCAP. We now
remember the service configuration and then create the actual service
object _after_ the configuration has been parsed and loadable modules,
if any, have been loaded.
The bootstrap.sh script has been updated to generate ltdl library
using libtoolize and move it to lib/libLtdl (except for the standard
copyright file). With libtool version 2, the move will be supported by
libtoolize itself. The lib/libLtdl directory and libtool.m4 file are
not in VCS.
Restore old tproxy enabling back to original option name.
version 4 now integrated with --enable-linux-netfilter seamlessly.
The old option --enable-linux-tproxy is now semi-oficcially deprecated,
as the version is obsolete but still supported by squid for legacy systems.
Wrap ESI headers away from .h dependency testing when module disabled.
These mysteriously had passed all dependency tests on machines where
the XML libraries existed, despite ESI disabling. Only showed up when built
on a machine without Expat.
Make IdleConn::removeFd err on the soft site if the fd could not be found
this fixes the assert seen by Tsantilas Christos. It's not really a proper
fix to the underlying problem, but at least makes Squid surive.
The actual problem is race windows introduced by the async call queue. In
this case both "closed by remote server" and "timeout" events may get queued
at the same time, or to be specific the "closed by remote server" read event
stays in the queue and gets called even after pconn has deregistered interest
in the event.
Migrate uses of comm_set_transparent to using comm_openex flag instead.
Cleaner and reduces the overall Comm API.
IPv6 update had incorrectly interpreted comm_open flags as ai_flags.
(same context, different actual name/values)
Bug #2001: Fails to forward responses where headers >4KB
This changes reply processing to clone the already parsed reply header
instead of trying to parse it yet another time. This allows us to seek
over the header contents and that way get away with just having a 4KB
buffer..
In the long run the store client API will be changed to provide a clean
split between headers and body, providing headers in parsed form (including
intermediary 1xx messages) and then the body starting at offset 0. This
change is a first step along that path but without changing the store client
api as such, with the intention of being merged into 3.0.
Fallback on transparent interception mode even if the connection didn't seem
to be transparently intercepted
Needed to deal properly with situations where connections to the local host
is intercepted, or when people NAT outside the Squid server but still compile
Squid with support for the NAT/interception method availabe on the host OS..
Alex Rousskov [Fri, 4 Apr 2008 16:26:01 +0000 (10:26 -0600)]
Moved AccessCheck object creation and check starting to AccessCheck::Start.
We may be able to simplify the callers further by migrating to the AsyncJobCall
interface for callbacks.
projects / thirdparty / squid.git / log
