Alex Rousskov [Tue, 30 Sep 2008 17:28:53 +0000 (11:28 -0600)]
Catch most exceptions in main() to report exceptions uncaught by Squid. This
is for last resort reporting only -- the program would exit anyway (usually
with less information) if we did not catch these.
The code re-throws caught exceptions to reduce side effects of catching it,
just in case. May need more work depending on how compilers handle rethrowing.
Alex Rousskov [Tue, 30 Sep 2008 16:59:13 +0000 (10:59 -0600)]
Added HttpRequest::clone, completing HttpMsg::clone API. When ICAP is
converted to use this, it should work faster for a common "no modifications"
case because it would not have to print and parse the headers.
TODO: Consider renaming the method since it does not produce an exact,
true replica. Some connection-related flags and peer settings are not
cloned because the clone is not always "attached" or "coming from"
the same connection (e.g., it is cloned for eCAP to modify). We may also
#ifdef the method if it is not needed outside of adaptation code.
The HttpMsg::body_pipe field is now copied when a message is cloned.
I was not sure what the right thing to do there is. The field itself
may be misplaced (it is not about the message structure or properties,
but about the current body transfer state, but we lack a good place to
store that...). To reduce the number of cloning exceptions, and since
eCAP and probably ICAP code benefit from pipe copying, it is copied
for now. It would not be too hard to change.
Alex Rousskov [Tue, 30 Sep 2008 16:21:43 +0000 (10:21 -0600)]
Made TextException a child of std::exception so that it is easier to catch
more exceptions (standard and custom) with one catch(). The catching code
usually does not care what the exception is anyway.
TextException needs more work to report more information in what() method.
Catch std::exception to catch more printable exceptions. TextException is an
std::exception [child].
These changes were inspired by and required for eCAP.
Strange Install blocker bug found. No solution yet.
(19:04:54) rousskov: 2008/09/30 00:05:20| errorpage.cc(290) errorTryLoadText:
'/usr/local/squid3-ecap/share/errors/templates//usr/local/squid3-ecap/etc/errorpage.css':
(2) No such file or directory
(19:07:52) rousskov: $ make install > /tmp/tm
(19:07:52) rousskov: /bin/bash: -c: line 17: syntax error near unexpected token `then'
(19:07:52) rousskov: /bin/bash: -c: line 17: `@if test -f /usr/local/squid3-ecap/etc/errorpage.css ; then \'
Alex Rousskov [Tue, 30 Sep 2008 06:33:34 +0000 (00:33 -0600)]
To keep swanSong() checks simple, we need to NULL-ify vb body_pipe even if
we never were a consumer (because of useVirgin short circuiting).
For useVirgin() cloning to work when we were a consumer, we need to clone
before we clear the consumer (and body_pipe with it).
The whole thing is icky. This should be improved when Adaptation::Message does
not have to store a copy of body_pipe (there is already a TODO for that,
IIRC).
Adds %l replacement tag to include CSS file data into an error page.
Adds error_stylesheet option to name a file as the CSS content to insert
into each error pages displayed. (default /etc/squid/errorpage.css)
Adds CSS hooks into the templates.
Adds errorpage.css to squid config directory with current CSS settings
pulled from old templates and demo entries for new hooks.
The combined effect of these is allows company sites to stylize the pages
produced to some extent limited only by the CSS capabilities. Without
worrying about translation texts themselves.
Only works for dynamically translated pages based on updated templates.
Default CSS file may need some cleaning.
Alex Rousskov [Mon, 29 Sep 2008 03:50:32 +0000 (21:50 -0600)]
Polished code by introducing two explicit and mostly independent states
(proxying virgin body and proxying adapted body) as well as a flag to
check for virgin body content access after the pipe was invalidated.
Alex Rousskov [Sun, 28 Sep 2008 14:48:27 +0000 (08:48 -0600)]
Fixed comm_close handling in deferred reads. The code was expecting old-style
comm_remove_close_handler call to work if the close handler has not been
dialed yet. We now store a new-style callback so that we can reliably cancel
the close hander call.
Removed all methods from CommRead except for constructors. Apparently,
they were all unused and most were not even defined.
Alex Rousskov [Sun, 28 Sep 2008 01:16:18 +0000 (19:16 -0600)]
Made TextException a child of std::exception so that it is easier to catch
more exceptions (standard and custom) with one catch(). The catching code
usually does not care what the exception is anyway.
TextException needs more work to report more information in what() method.
Alex Rousskov [Sat, 27 Sep 2008 18:17:22 +0000 (12:17 -0600)]
Use message representatives to store virgin and adapted messages.
Migrating to a model where all message changes are done via transaction,
not the message itself. A message cannot handle many changes on its own
because it is not a job, and placing some changes in MessageRep and some
in XactionRep results in messy code.
Alex Rousskov [Sat, 27 Sep 2008 18:12:43 +0000 (12:12 -0600)]
Synced with libecap changes related to FirstLine move to Message.
Migrating to a model where all message changes are done via transaction,
not the message itself. A message cannot handle many changes on its own
because it is not a job, and placing some changes in MessageRep and some
in XactionRep results in messy code.
Alex Rousskov [Thu, 25 Sep 2008 17:27:58 +0000 (11:27 -0600)]
Performance fix: Check half-closed descriptors at most once per second.
A few revisions back, comm checked half-closed descriptors once per second,
but the code was buggy. I replaced it with a simpler code that checked each
half-closed descriptor whenever the OS would mark it as ready for reading.
That was a bad idea: The checks wasted a lot of CPU cycles because half-closed
descriptors are usually ready for reading all the time.
This revision resurrects 1 check/sec limit, but hopefully with fewer bugs. In
my limited tests CPU usage seems to be back to normal.
All half-closed descriptors are now stored in TheHalfClosed set. When it is
time to check the corresponding connections, Comm schedules a read for
each descriptor that is not already reading. Conflicts with regular/user
reads are resolved as before -- we silently cancel the internal half-closed
read.
TODO: It is possible that we do not need to read at all and should call
getsockopt() instead to test the connection.
Alex Rousskov [Thu, 25 Sep 2008 17:22:12 +0000 (11:22 -0600)]
Added a DescriptorSet class to manage an unordered collection of unique
descriptors.
DescriptorSet is used for half-closed descriptor monitoring. It might be
useful for deferred reads as well, but that remains to be seen.
DescriptorSet has O(1) complexity for search, insertion, and deletion. It uses
about 2*sizeof(int)*MaxFD bytes total. Splay tree that used to store
half-closed descriptors previously uses less RAM for small number of
descriptors but has O(log n) complexity. Same for std::set<int>, a potential
DescriptorSet replacement.
- Ability to send HTCP CLR requests when objects are invalidated or purged from
the cache.
- Config logic to allow the following:
- HTCP peers who ONLY receive CLR messages from us.
- HTCP peers who NEVER receive CLR messages from us.
- HTCP peers who NEVER receive CLR messages from us for PURGE requests.
- HTCP peers who are forwarded CLR messages we receive.
- Unterminated blocks in if () statements.
- Use of a struct to refer to an enum declared within the struct.
- Use of incorrect enum values after the originals were renamed.
- References to enum values from within the struct without the struct name.
Note that these changes have not been tested, but they do allow the tree to
build again.
- Unterminated blocks in if () statements.
- Use of a struct to refer to an enum declared within the struct.
- Use of incorrect enum values after the originals were renamed.
- References to enum values from within the struct without the struct name.
Note that these changes have not been tested, but they do allow the tree to
build again.
Alex Rousskov [Tue, 23 Sep 2008 16:16:28 +0000 (10:16 -0600)]
Bug #2459 workaround: When dns_error_message value is lost, use "lost DNS
error" text and log at level 1 to inform the administrator about the internal
error.
This temporary hack does not fix the incorrect DNS error value problem, only
the lost one.
Alex Rousskov [Tue, 23 Sep 2008 15:05:36 +0000 (09:05 -0600)]
Do not call connect handler for closing descriptors because the handler
is unlikely to do something useful and is likely to hit Comm assertions
when working with a closing descriptor.
AFAIK, after adding close handlers to FtpStateData and peerProbe code,
all code that uses commConnectStart has a Comm close or I/O handler that
will be called when the descriptor is closing. This should prevent
connecting jobs from getting stuck waiting for the connection callback
to be called.
Alex Rousskov [Tue, 23 Sep 2008 14:49:50 +0000 (08:49 -0600)]
Added Comm close handler for the data channel of FtpStateData
transaction in preparation for officially dropping connect callbacks for
closing descriptors.
The data channel can be opened and closed a few times and the descriptor
must be kept in sync with the close handler. I factored out the
open/closing code into a simple FtpChannel class. That class is now used
for both FTP control and data channels.
The changes resolve one XXX discussion regarding FTP not having a close
handler for the data channel. On the other hand, adding a second close
handler attached to the same transaction is not a trivial change as the
side-effects of Squid cleanup code are often illusive.
For example, I suspect that FTP cleanup code does not close or even
check the control channel. I added a DBG_IMPORTANT statement to test
whether the control channel remains open. Or should that be an assert()?
I think that only one out of the two callbacks can be dialed because the
close handler executed first will invalidate the transaction object.
Bug 740: allow external acl's to use reply headers in format
Adds a small bit of token syntax to external_acl_type format.
%>{Header} HTTP request header
%>{Hdr:member}
HTTP request header list member
%>{Hdr:;member}
HTTP request header list member using ; as
list separator. ; can be any non-alphanumeric
character.
%<{Header} HTTP reply header
%<{Hdr:member}
HTTP reply header list member
%<{Hdr:;member}
HTTP reply header list member using ; as
list separator. ; can be any non-alphanumeric
character.
Basically the < and > are new following the existing meaning of their
direction in other tokens to match request/reply.
Old format of %{} is left as request header but with WARNING (1) level
noise at configure time indicating the new syntax.
Initial design was based on the false assumption that TPROXYv4 worked
like NAT lookups and returned the IPs on IP_TRANSPARENT.
It in fact returns the correct connection IPs on accept(),
This patch makes TPROXYv4 work correctly and spoof client IP. Port needs
to be randomly assigned by the OS to prevent kernel clashes.
Regular traffic is no longer guaranteed when passed in a tproxy marked
port. It may work as expected but no guarantess yet.
Accelerated traffic and NAT intercepted traffic will certainly fail.
As such their flags are marked as mutually exclusive with the tproxy flag.
Multi-Modes will still operate, but only on seperate ports.
Alex Rousskov [Mon, 22 Sep 2008 05:52:37 +0000 (23:52 -0600)]
Call failed(ERR_FTP_FAILURE, 0) when data channel is closed unexpectidly,
to force control channel closure. Apparently, FtpStateData does not close
that channel when cleaning up.
Alex Rousskov [Mon, 22 Sep 2008 05:14:39 +0000 (23:14 -0600)]
Added Comm close handler for the data channel of FtpStateData transaction in
preparation for officially dropping connect callbacks for closing descriptors.
The data channel can be opened and closed a few times and the descriptor must
be kept in sync with the close handler. I factored out the open/closing code
into a simple FtpChannel class. That class is now used for both FTP control
and data channels.
- Add some comments describing various function purposes.
- Remove some debugging debugs that had crept in.
- Use debugs() in preference to debug()().
- Adjust some debug levels.
Adds "Content-Language" header properly if the error page language was
negotiated. Hard codes the default templates as 'en', and the squid.conf
value for soft default language of error_default_language was used.
Sets "Vary: Accept-Language" if negotiation is configured to take place.
Alex Rousskov [Sun, 21 Sep 2008 05:08:44 +0000 (23:08 -0600)]
Added Comm close handler for peer probe to handle closing of a probe
descriptor while connect is pending. This was done in preparation for
officially dropping connect callbacks for closing descriptors.
I suspect that the old-code probe would get stuck if the descriptor were
closed during connect. One the other hand, nothing but a shutdown could
close that probe descriptor, I guess.
squid.conf cleanup: Modify several squid.conf defaults
Following the cleanup of squid.conf to minimal config modifies the
remaining defaults to make their explicit configuration unnecessary.
icp_port was made a 0 default (for safety?),
but the port config line left uncommented. fixed that.
(most won't need it, those who do need to configure it anyway)
icp_access lines to allow local network now commented out,
background default 'deny all' untouched.
(ditto on above reason)
miss_access default moved from explicit configured, to
background default. Implicit absent default was documented
to be same as explicit config default anyway.
access_log config moved to a background default + documented.
rather than explicit config only.
cache_store_log moved to default none + commented out.
We've been recommending that for a while now anyway.
request_header_max_size boosted to 64KB from 20KB.
HTTP/1.1 needs big headers. I think that should be okay?
reply_header_max_size boosted to 64KB from 20KB.
HTTP/1.1 needs big headers. I think that should be okay?
cache_dir defaults to no disk cache, memory only cache.
maximum_object_size_in_memory - boosted to 512KB.
Update to at least 64KB was needed anyway to match modern web
traffic. Picked 512KB to maximize HIT with new default cache.
cache_mem boosted to 256 MB for caching at least 500 objects.
TODO Options remaining to consider for removal:
hierarchy_stoplist
coredump_dir
TODO all the default values probably still need to be checked.
projects / thirdparty / squid.git / log
