Amos Jeffries [Mon, 20 Jan 2014 01:11:58 +0000 (14:11 +1300)]
cachemgr: Enable per-report Content-Type header
The default for all reports is plain text in UTF-8.
NOTE: UTF-8 selected because although current reports limit themselves
to ASCII character ranges, some reports may contain text pulled from the
protocol transferred and UTF-8 display covers most unexpected cases.
Amos Jeffries [Fri, 17 Jan 2014 11:44:26 +0000 (03:44 -0800)]
Fix external_acl_type async loop failures
When externa_acl_type uses %LOGIN and is required to trigger async
authentication lookups it returns and hits the async loop prevention
check when starting to trigger its own external helper lookup. This
results in a DUNNO output from the helper as final status instead of
the real helepr lookup result.
Avoid these by allowing async helpers to loop several times before
aborting the lookups.
Also, extend debug message to indicate loop count.
Thanks to Peter Benko for trackign down the issue and testing solutions.
Amos Jeffries [Wed, 15 Jan 2014 02:11:05 +0000 (15:11 +1300)]
Cleanup: Fix StoreIOBuffer initialization cases
When StoreIOBuffer isconstructed with an invalid (negative) size for the
content data mark it as an error immedately and set a valid length of
zero bytes.
Also, remove some unnecessary code in store_client.cc resulting.
This patch investigates the Ipc::MemMap class which is a shared cache with
timeouts for use with squid SMP.
TODO: Ipc::MemMap class has similar interfaces and functionality with the
Ipc::StoreMap class. These two classes should implemented as kid classes of
an Ipc::SharedCache class which encompass features from Ipc::MemMap and
Ipc::StoreMap classes.
Amos Jeffries [Sun, 5 Jan 2014 20:19:06 +0000 (12:19 -0800)]
Disable error page translation by default in builds
There is no need for every build from VCS to have fresh translations.
Enable explicitly for snapshot and release scripts instead so that
translated template files are still available online and pre-translated
in the distributed packages.
Amos Jeffries [Sun, 5 Jan 2014 19:49:23 +0000 (11:49 -0800)]
Cleanup: remove ClientSocketContextNew() wrapper function
This wrapper function for the ClientSocketContext default constructor
is better performed as an explicit parametered constructor which
prevents accidental use of the default constructor leading to invalid
state after creation (a context always requires connectino and parent
pointers).
Amos Jeffries [Wed, 8 Jan 2014 04:29:04 +0000 (21:29 -0700)]
Cleanup: remove useless makesnmplib variable from build
Squid coding guidelines require automake variables to use naming pattern
ENABLE_* and there is already ENABLE_SNMP defined with intended overlap
of usage. We can drop this unusual variable completely.
Alex Rousskov [Mon, 6 Jan 2014 20:55:13 +0000 (13:55 -0700)]
Centrally destroy all explicit and implicit ACLs to avoid destruction segfaults
during reconfiguration.
Group ACLs created later may use other ACLs created earlier and vice versa, a
group ACL created earlier may use other ACLs created later. The latter is
possible when an ACL (e.g., A2 below) is declared when the group already
exists:
acl A1 src 127.0.0.1
acl Group all-of A1
acl A2 src 127.0.0.2
acl Group all-of A2
Thus, the group (i.e., InnerNode) ACL destructor may access already deleted
children regardless of the global ACL deletion order (FIFO or LIFO with
respect to ACL creation). Instead of relying on the deletion order to protect
InnerNode, we remove the InnerNode ACL destructor completely and rely on a
global set of registered ACLs to destroy all ACLs.
The old code was destroying all explicit ACLs in the same centralized fashion.
We now add implicit ACLs (commonly used by InnerNodes) to the centralized
destruction sequence. We added a new destruction-dedicated container to avoid
messing with the by-name ACL search that Config.aclList global is used for.
This new container will become unnecessary once we start refcounting ACLs.
Amos Jeffries [Sun, 5 Jan 2014 02:56:31 +0000 (18:56 -0800)]
Add logformat code %>rd to log client URL domain name
Logging the Host header or the full URL have been the only ways to log
the domain name requested by the client. However full URL may contain
far too many unwanted bytes and Host header many contain a host:port
very different to the URL.
Alex Rousskov [Wed, 1 Jan 2014 20:13:23 +0000 (13:13 -0700)]
Initial Large Rock and Collapsed Forwarding support.
Large Rock: Support disk (and shared memory) caching of responses exceeding
one db slot (or one shared memory page) in size. A single db slot/page size is
still limited to 32KB (smaller values can be configured for disk caches using
the newly added cache_dir slot-size option). Removal of old rock cache dir
(followed by squid-z) is required -- the on-disk db structure has changed.
Collapsed Forwarding: Optionally merge concurrent cachable requests for the
same URI earlier: After the request headers have been parsed (as before), but
now _before_ the response headers have been received. Merging of requests
received by different SMP workers is supported. Controlled by the new
collapsed_forwarding directive in squid.conf. Disabled by default because all
but one of the merged requests have to be delayed (until the response headers
are received) for the merging to work, which may be worse than forwarding all
concurrent requests immediately. The overall feature idea and request
eligibility conditions are based on Collapsed Forwarding in Squid2.
Summary of other important changes (merged branch log contains the details):
* Tightened StoreEntry locking. Split StoreEntry::lock() into "just lock" and
"update entry reference time" interfaces, addressing an old XXX. Improved
entry lock/unlock debugging. Needs more work.
* Adjusted StoreIOState::write() API to allow callers detect write errors.
* Simplified MemObject::write() API to remove an essentially unused callback.
* Mark client streams that sent everything as STREAM_COMPLETE. The old code
used STREAM_UNPLANNED_COMPLETE if the completed stream was associated with a
non-persistent connection, which did not make sense to me and, IIRC, led to
store entry aborts even though the entries were not damaged in any way.
* mem_hdr::hasContigousContentRange() now returns true for empty ranges.
* Support "appending" ReadWriteLock state that can be shared by readers and
the writer. The writer promises not to update key metadata (except growing
object size and next pointers) and readers promise to be careful when
reading growing slices.
* Fixed StoreEntry::mayStartSwapOut() logic to handle terminated swapouts.
* Improved STORE_MEM_CLIENT detection and documented known (and mostly old)
StoreEntry::storeClientType() problems.
* Removed StoreEntry::hidden_mem_obj hack.
* Polished StoreEntry debugging to report more info, less noise. Use e: prefix.
* Added a script to extract store entry(ies) debugging from cache.log.
Alex Rousskov [Fri, 27 Dec 2013 18:37:26 +0000 (11:37 -0700)]
Updated tests/testRock and the store rebuild stubs it needs.
Synced tests/testUfs after updating the store rebuild stubs.
Store uses StoreController::store_dirs_rebuilding to decide whether the entry
release should be delayed. Thus, storeRebuildComplete() must update it. Also
synced the corresponding CPPUNIT_ASSERT_EQUAL() statements to expect a zero
value after the rebuild is completed.
Do not create an entry just to get its key: Creating forces a public key which
necessarily invalidates the previously cached entry with the same key, if any.
Unlock unused entries. This helps with their release later (and adds more
realism to the test case).
Fixed entry #5 test case to account for the fact that creating a second entry
with the same public key invalidates the first entry.
Release instead of just unlinking entries. StoreEntry::release() is the public
interface which updates internal tables as needed. StoreEntry::unlink() is an
internal call for updating the disk cache-related state; it does not update
the the in-transit index.
Alex Rousskov [Mon, 23 Dec 2013 05:26:23 +0000 (22:26 -0700)]
Bug 3806: Caching responses with Vary header
Various fixes making Vary caching work better.
More work is needed to re-enable shared memory caching of Vary responses.
bag5s r12741: Do not start storing the vary marker object until its key becomes public.
bag5s r12742: Log failed (due to "Vary object loop" or "URL mismatch") hits as TCP_MISSes.
bag5s r12743: Refuse to cache Vary-controlled objects in shared memory (for now).
Jakob Bohm [Sat, 21 Dec 2013 17:31:59 +0000 (09:31 -0800)]
Bug 3985: 60s limit introduced by balance_on_multiple_ip breaks bad IP recovery
Alternative fix if necessary would be to calculate a dynamic timeout
value based on number and timeouts for connections and forwarding.
However, as noted in the bug report the address markings are reset every
TTL when the stored RR are replaced. This meets the criteria for periodic
retries of marked-BAD IPs. Also if all IPs are marked BAD they all get
un-marked and retried. So for now just remove the TTL hack.
Amos Jeffries [Sat, 21 Dec 2013 04:54:54 +0000 (20:54 -0800)]
Fix \-unescaping in quoted strings from helpers
strwordtok() was unescaping '\' values in unquoted tokens. This causes
problems with NTLM helper response user\DOMAIN values which are sent as
a un-quoted un-escaped value.
Restrict un-escaping of '\' to only occur when inside "quoted" words.
Amos Jeffries [Fri, 20 Dec 2013 11:34:44 +0000 (03:34 -0800)]
WCCPv2: fix assertion 'Cannot convert non-IPv4 to IPv4' on FreeBSD
FreeBSD does not set the from-address on recv() if there was an error
reading the packet. This can result in Ip::Address assertion if the
error is not checked for before the IP address is mapped into Squid
internal format.
Alex Rousskov [Wed, 18 Dec 2013 17:19:00 +0000 (10:19 -0700)]
Added send_hit and store_miss squid.conf directives
to control caching of responses using response info.
The existing "cache" directive is checked before Squid has access to the
response and, hence, could not use response-based ACLs such as http_status.
Response-based ACLs may be essential when fine-tuning caching. Squid Bug 3937
(StoreID can lead to 302 infinite loop) is a good use case.
Updated old "cache" directive documentation to provide more information, to
help folks distinguish the three related directives, and to polish for
clarity.
TODO: Support lookup_hit and possibly deprecate/remove "cache".
Moved CharacterSet's backing storage to std::vector<uint8_t> to gain speed at the expense of space.
Improved CharacterSet's constructor
Made CharacterSet's name parameter optional with default value.
Amos Jeffries [Thu, 12 Dec 2013 09:41:39 +0000 (01:41 -0800)]
Fix linker errors "relocation R_X86_64_32 against .rodata"
... "can not be used when making a shared object; recompile with -fPIC"
Caused by some libraries built without libtool in certain environments.
NP: there are other libraries in Squid built without libtool but they
appear not to be having these linker issues at this time.
Also, fixes "undefined symbol eui64_aton" uncovered by these changes.
Amos Jeffries [Wed, 11 Dec 2013 11:12:43 +0000 (03:12 -0800)]
Regression in URL helper API
The backward compatibility logics in redirect.cc are not working as
intended on redirection URLs due to the presence of '=' in the URL and
how the key=value name parsing is performed.
A typical redirection URL looks like:
http://example.com/?url=http://www.example.net/
and 3.4 has a parser that splits tokens at '=' unconditionally and then
passes the bits as a key and value to the redirector logics which
complains that it does not understand the answer of the URL redirector.
Or treats is an an unknown key=value with no redirection URL.
Either case is handled as a no-redirection result from the helper.
This limits the key names to alphanumeric, hyphen and underscore
characters. Valid URL responses contain characters outside this set and
should no longer be interpreted as keys regardless of the '=' character.
projects / thirdparty / squid.git / log
