Balabit are now providing patches to do TPROXY with IPv6.
This retains the v4-only behaviour of the wildcard and IPv4 adresses
until full kernel support is available but enables people who have
patched their kernels to set an IPv6 in the http_port.
Bug 2570: wccp2 "Here I Am" announcements not sent
There is a bit of re-work in configuration needed before this can go into
the storage config scope where it belongs. Temporary fix for 3.1.
see bug report for details.
Author: Alex Rousskov <rousskov@measurement-factory.com>
Fixed entry size calculation for the max-size cache_dir selection algorithms.
There were two sides of this bug:
In src/store_swapout.cc, we must create metadata earlier because
storeCreate() needs swap_hdr_sz. With swap_hdr_sz unknown at the time of
storeCreate(), the SwapDir selection algorithms may select SwapDirs that
should not really take the entry as the real storage size (with the
metadata swap_hdr_sz) would exceed the store slot size.
In src/store_dir.cc, we must add the metadata size before looking for
cache_dirs that accept objsize. Only the "new"
storeDirSelectSwapDirRoundRobin selection scheme was affected.
This makes the starting state explicitly private: instead of assuming its
going to be defined in a private state and dependign on the definer class.
We can cope with not setting the state to private at the end of the macro
as well. It just means the use of this macro must be last, or have an
explicit private/public definition after its use.
Amos Jeffries [Mon, 31 Aug 2009 10:02:23 +0000 (22:02 +1200)]
Author: Tim Starling <unknown>
Port 2.7: Unique sequence number per log line
Create and enable logging of a unique sequence number per log entry.
Adjusted to 64-bit to handle long Squid up times with very large logged
line counts.
NP: not quite sure about the incrementation. Write appears to be called
once per log entry but this is not tested under enough conditions to be
certain yet. The old lineEnd call from Squid-2 is not present in Squid-3.
Amos Jeffries [Fri, 28 Aug 2009 01:44:26 +0000 (13:44 +1200)]
Cleanup: Remove more traces of old squid debug()() macro
There is now no reason for any of the Squid internal code to contain 'debug()'
TODO: Just the ESI code remaining on the old system.
It's debug seems to be incrementally building a single line to display
objects parsed. But using multiple nested calls to dump it.
VERY nasty. They need to be made writing to a buffer instead.
Henrik Nordstrom [Thu, 27 Aug 2009 09:49:56 +0000 (11:49 +0200)]
Cleanup of auth header special case forwarding logics
The code dealing with our special case auth header forwarding/synthesising
had grown quite hairy and partially duplicated from all additions. This
cleans up the code moving this logics to a new function and unifying
WWW & Proxy auth cases.
Henrik Nordstrom [Wed, 26 Aug 2009 11:43:52 +0000 (13:43 +0200)]
Rework the auth forwarding special cases
The auth forwarding special cases had grown a bit hairy with a lot
of duplicated code between WWW-Auth and Proxy-Auth and far from trivial
to follow code logics.
This change breaks this logic out to a separate function shared
in both modes, selecing mode based on type of peer.
Also moves PROXYPASS back into the land of undocumented features. This
is a feature which most would only get confused by and which can cause
significant security issues if used wrongly.
Amos Jeffries [Tue, 25 Aug 2009 11:31:30 +0000 (23:31 +1200)]
Fully transparent PASSTHRU option for authentication to peers.
It turns out both PASS and PROXYPASS have special behaviour depending
other configuration options. Clarify this in the existing Docs and add a
method for fully transparent relay of credentials from client to upstream.
Henrik Nordstrom [Mon, 24 Aug 2009 13:06:26 +0000 (15:06 +0200)]
Split out client_side_request connection pinning to a separate function
include requests from ESI may be without a client connection. This change
splits out the client_side_request connection pinning logics to a separate
function to ease code flow when there is no client connection. No code
change except making that part conditional on http_conn being present.
Amos Jeffries [Sun, 23 Aug 2009 05:13:09 +0000 (17:13 +1200)]
Cleanup: Split some enums into their own files. auto-generate their text name arrays.
Also updates the enum strings generator to work with any given header file.
The header does however need to be named identical to the enum and not pull
in any other definitions that require .cc content. The generated .cc will
only contain the minimal includes and enum string array global.
Amos Jeffries [Fri, 21 Aug 2009 02:22:45 +0000 (14:22 +1200)]
Always display auto-tools versions on bootstrap.
This will better help us identify from build-farm results if we broke a
particular auto-tool support or if its the specific OS implementation /
environment.
Henrik Nordstrom [Thu, 20 Aug 2009 12:13:35 +0000 (14:13 +0200)]
Bug #2541: Hang in 100% CPU loop while extacting header details using a delimiter other than comma (external_acl_type, access_log_format, external_refresh_check)
strListGetItem() could get stuck in a 100% loop if called with a delimiter
other than ',' and the parsed string contains ','.
This change makes it properly detect ',' as a delimiter even if called
with another delimiter argument like intended. The reason why ',' is always
a delimiter is because this is the delimiter between merged values of a
multi-valued header, and must always be supported as delimiter even if
Cookie uses ';' instead.
Amos Jeffries [Wed, 19 Aug 2009 06:59:28 +0000 (18:59 +1200)]
Fix comm_local_port for split-stack
Calling this function had the unfortunate side-effect of resetting the
port flags to indicate it was an IPv6 port. Badly wrong for a supposedly
read-only operation.
This complete the DNS fixes for split-stack.
TODO: test and fix regular port usage with split-stack.
Amos Jeffries [Sat, 15 Aug 2009 02:14:54 +0000 (14:14 +1200)]
Author: Mark Nottingham <mnot@pobox.com>
Bug 2390: New hier_code ACL type
I needed to log only forward requests; forward_log looked interesting, but
isn't flexible like access_log. The easiest thing to do seemed to be to add a
hier_code ACL type.
Amos Jeffries [Wed, 12 Aug 2009 10:18:34 +0000 (22:18 +1200)]
Author: Amos Jeffries + Alan Nastac <mrness@gentoo.org>
Better const-correctness on FTP login parse
Also reduces amount of copying done by the parse. The old version
was copying the entire URL into user/password then cropping it down.
This one only copies the required bytes and terminates the copy.