Amos Jeffries [Thu, 22 May 2008 12:05:45 +0000 (00:05 +1200)]
Silence secondary errors on fatal shutdowns.
This patch causes fatal() errors to set the shutdown flag before aborting.
The result of this is that secondary errors not related to the fatal condition
but caused during the shutdown sequence no longer confuse the error traces.
It also cleans up a little broken whitespace formatting in the snmp_core.cc
Guido Serassio [Sat, 17 May 2008 11:27:47 +0000 (13:27 +0200)]
Windows port: Added new mswin_check_ad_group external ACL helper
This helper allow the lookup of users's group membership in a Windows
Active Directory domain.
It overcomes the Lan Manager limits of mswin_check_lm_group, but it can be
used only with native Windows Active Directory domains, so mswin_check_lm_group
will not removed from Squid.
Amos Jeffries [Tue, 13 May 2008 08:56:04 +0000 (20:56 +1200)]
Add cachemgr.conf.default for easier maintenance
cachemgr.conf has for a long while been created conditionally if none
already existed, but no current new default file was added to compare
for new configuration options.
This patch reverts the behaviour to what was reportedy available in 2.5.
Adding a file named cachemgr.conf.default next to the cachemgr.conf
cachemgr.conf.default file is replaces unconditionally so that it remains
current with the most recently installed build.
cachemgr.conf itself is only created if not already present so as not to
loose local configuration changes.
Amos Jeffries [Thu, 8 May 2008 03:47:53 +0000 (15:47 +1200)]
Bug 2222 part 2: ipv4 client trying to view an ipv6 website crashes FreeBSD squid
This one:
- omits the v6-specific socket options on new addrinfo
- correctly counts the failed connection
- Resets the socket when a protocol error is found
- retries without any delay
Amos Jeffries [Wed, 7 May 2008 09:41:50 +0000 (03:41 -0600)]
Bug 2206: Build error caused by incorrect configure include file detection
Adds type-definitions for the *BSD family networking OS header files which
depend on them without including the necessary definition headers themselves.
Amos Jeffries [Wed, 7 May 2008 07:50:28 +0000 (01:50 -0600)]
Bug 2196: configure: net*/*.h present but cannot be compiled
This moves critical net*/*.h file tests from the general location
and use testign to the *BSD special testing which accounts for
system file dependencies.
TODO: some files are still missing dependencies even with the *BSD test
their brokenness will be fixed at a later point.
Make --with-large-files try to build 64-bit if possible
--with-large-files for some reason tried to make a 32-bit build with
large file offsets even if the host supports 64-bit applications, making
--with-large-files degrade Squid capabilities on 64-bit OS:es..
Amos Jeffries [Fri, 2 May 2008 10:37:01 +0000 (22:37 +1200)]
Author: Christos Tsantilas <chtsanti@users.sourceforge.net>
Bug 2308: Segmentation fault in AuthDigestUserRequest::authUser
In this patch:
- In method AuthDigestConfig::decode just do not delete the digest_request on
errors but use it as is in the authDigestLogUsername functions.
- In the method AuthDigestConfig::fixHeader change the line "int stale = 1;"
to "int stale = 0;" to make squid respond with "stale=false" in the first
unauthenticated request of web client.
Guido Serassio [Thu, 1 May 2008 16:19:06 +0000 (18:19 +0200)]
Removed the advertisement clause from BSD license
According to the new revised (3-clause) BSD license:
ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
the advertisement clause (3) of old (4-clause) BSD license can
be deleted.
Also added forgotten reference to lib/strnstr.cc into CREDITS
Adds --enable-zph-qos options to turn on the following:
- Allows you to select a TOS/Diffserv value to mark local hits.
- Allows you to select a TOS/Diffserv value to mark peer hits.
- Allows you to selectively set only sibling or sibling+parent requests
- Allows any HTTP response towards clients will
have the TOS value of the response comming from the remote
server masked with the value of zph_preserve_miss_tos_mask.
For this to work correctly, you will need to patch your linux
kernel with the TOS preserving ZPH patch.
The kernel patch can be downloaded from http://zph.bratcheda.org
- Allows you to mask certain bits in the TOS received from the
remote server, before copying the value to the TOS send towards
clients.
Import strnstr from FreeBSD sources. Needed for some string-safe operations.
strnstr() is not provided on all OS (Linux with gcc 3.x for one).
And some OS are known to bundle an unsafe version (MacOS X 10.4 has a buffer overrun)
So code should use the function named squid_strnstr() and auto-tools will
test to see if the OS provided version is usable.
This patch merges part 2 of the TPROXY-related updates.
- Makes interception handling flags and options always-present
- Updates squid.conf http_port options for clarity
- Builds structure for sequential lookup of multiple interception methods
- Performs sequential lookups for IPFW and multiple Netfilter targets
if Squid configured to enable those transparency methods.
- Pulls most of the TPROXYv2 related code out of Comm into IPInterception
IPFW changes are still experimental, but Netfilter targets have been tested.
TODO: depending on the anoyance levels a better logging method for NAT
failures may need to be implemented. The existing methods of logging
one-per-N seconds, for all lookup methods may prove annoying.
Alex Rousskov [Thu, 17 Apr 2008 05:50:09 +0000 (23:50 -0600)]
Avoid segfaults when scheduling an async call for a non-existent job.
Scheduling a call for invalidated or non-existent job should be a no-op
because (a) it simplifies the code and (b) the job may disappear while
the call is queued so checking job status at the call time is
pointless from the correctness point of view.
Existing code already relies on this guarantee, but apparently not too much.
The bug was in a JobDialer. I have not yet verified whether other dialers
need a similar fix.
Alex Rousskov [Thu, 17 Apr 2008 05:44:45 +0000 (23:44 -0600)]
Fixed and polished autoconsumption mode.
Fixed: We need to start autoconsuming when new data is appended and we
have not started (but enabled autoconsumpiton) before.
Polished: When notifying a consumer, checking whether mustAutoConsume is
set is pointless as it has no effect on consumer (if any). This check was
probably a leftover from pre-BodySink days.
Henrik Nordstrom [Mon, 14 Apr 2008 21:03:20 +0000 (23:03 +0200)]
Bug #2310: Incorrect default time/date log format
The %tl and %tg logformat tags is meant to use the same date format as
Apache/NCSA, but in Squid-3 there was a space instead of : between the
date and time.
Alex Rousskov [Mon, 14 Apr 2008 16:18:00 +0000 (10:18 -0600)]
Bootstrap lib/libLtld when running top-level bootstrap.sh.
This appears necessary because libtoolize-generated lib/libLtdl/Makefile.in is
probably made with an older automake version and refers to a non-existent
mkinstalldirs script. Yet, bootsrapping libLtdl produces warnings (or
non-fatal errors) so I am not sure it is the right thing to do long-term.
Part 1 adds complete TPROXYv4 capabilities to Squid.
The alterations are rather superficially tacked into the netfilter support.
Polish for this feature involves some rather intrusive alterations to
transparency which are still undergoing testing. That is part 2.
A temporary configure option --enable-linux-tproxy4 is provided as part of
this commit to enable the TPROXY v4 code. Part 2 will remove this option
again in favour of squid.conf transparency controls.
Alex Rousskov [Sat, 12 Apr 2008 04:52:49 +0000 (22:52 -0600)]
eCAP support, part 1: Loadable modules and ICAP-independent Squid core.
The first part of eCAP work includes (a) initial support for loadable
modules and (b) removing ICAP from main Squid sources, replaced with the
adaptation API that does not depend on a specific adaptation mechanism.
The patch does not contain significant changes to main Squid sources.
Generic adaptation API should minimize significant core changes going
forward. Details are below. For a low-level change log, see the eCAP bzr
branch at https://code.launchpad.net/~rousskov/squid/ecap
Configuration and features:
Added adaptation_service_set squid.conf option, deprecating
icap_class. The new option has more accurate documentation and does
not depend on the adaptation protocol so one can group eCAP and ICAP
services.
Added adaptation_service_set squid.conf option, deprecating
icap_access. The new option has more accurate documentation and does
not depend on the adaptation protocol so one can mix-and-match eCAP
and ICAP ACL rules.
Added loadable_modules squid.conf option to specify what shared
libraries to load dynamically. The support is based on libtool's ltdl
convenience library and is enabled by default. It can be disabled
using --disable-loadable-modules. Loadable modules are needed for
eCAP, but loadable_modules code deals with generic module
manipulation, independent from eCAP support. Squid does not yet
communicate with the loaded modules. TODO: support cachemgr
reporting and reconfiguration of modules.
Internals:
Squid core no longer knows about ICAP: General message adaptation code
has been moved from src/ICAP to src/adaptation/. The only connection
between main Squid code and ICAP is squid.conf parser and a few
enabling lines in main.cc. USE_ADAPTATION is enabled if ICAP_CLIENT or
USE_ECAP is enabled. TODO: Make adaptation comments, debug, and error
messages in main Squid code ICAP-neutral. This has not been done yet
to reduce VCS conflicts.
The src/ICAP/ directory now has its own Makefile (so does the new
src/adaptation). TODO: Should ICAP and eCAP directories be moved
inside adaptation/?
The eCAP directory and the --enable-ecap option have been added, but
they should not be used yet.
Added an adaptation service group API to support groups of services.
Current code supports service sets and single-service groups. Sets
provide a way to group interchangeable services together so that one
(the "best" available) service is applied to the message. A
single-service group is an internal feature to allow user to mix
service and group names in squid.conf ACLs. TODO: support service
chains (as a service group) and perhaps group of groups?
Implemented delayed creation of adaptation services. We used to create
ICAPServiceRep objects when parsing the configuration file.
Create-as-you-parse is imperfect for several reasons, especially if
the services are dynamically loaded as is the case with eCAP. We now
remember the service configuration and then create the actual service
object _after_ the configuration has been parsed and loadable modules,
if any, have been loaded.
The bootstrap.sh script has been updated to generate ltdl library
using libtoolize and move it to lib/libLtdl (except for the standard
copyright file). With libtool version 2, the move will be supported by
libtoolize itself. The lib/libLtdl directory and libtool.m4 file are
not in VCS.
Restore old tproxy enabling back to original option name.
version 4 now integrated with --enable-linux-netfilter seamlessly.
The old option --enable-linux-tproxy is now semi-oficcially deprecated,
as the version is obsolete but still supported by squid for legacy systems.