external_acl_type %<{ and %USER_CERT_ / %CA_CERT_ parsing brokenness
The parsing of external_acl_type formats was sligtly broken, destroying
%<{ (request header) if SSL was enabled and never able to parse %USER_CERT_
or %CA_CERT_..
Also clarified request/reply header syntax slightly
Amos Jeffries [Wed, 4 Feb 2009 09:52:20 +0000 (22:52 +1300)]
Bug 2526: pt 2: default ALLOW when no list specified.
Fallout from audit of access control checks.
- Some got sensible defaults added
- many got slightly more optimized defaults
- documented the ACLChecklist interface and some API cleanups
Inside the Adaptation::Initiator::announceInitiatorAbort method the check
x==NULL is not enough. We must also check if the x variable (of type Initiate)
is valid.
The idnsSentQueryVC function called as AsyncCall. There is the possibility
when this function called the fd has start closing but not realy closed yet.
In this case this function will try to do a comm_write (idnsDoSendQueryVC
function) on sockect which closing and an assertion will triggered.
An extra test needed here to test if the socket closing and if yes just return.
This patch fixes the bug reported in comment #12 of bug 2505.
In the DeferredReadManager::kickARead method it is possible that the socket in
which refers a DeferredRead object has been closed, but the DeferredReadManager
is not informed yet because the related comm_close handler has not been
executed yet.
This patch checks the socket state and if it is closing just ignore the object.
Do not assert that the close handler being removed must be in
the list because comm_close removes all close handlers before any FD handlers
are fired.
There also seems to be an unrelated(?) problem: comm_remove_close_handler
does not really remove the callback. It only cancels the call. It should
probably remove the callback as well to prevent an unlikely situation where
the close handler list grows "too much".
Bug 2524: Connection close failed on Partial Content
The method ClientSocketContext::socketState in the case of partial content
request when all the expected bytes received and the proxy_keepalive flag is
not set must return STREAM_UNPLANNED_COMPLETE to inform the caller that the
socket should closed.
Henrik Nordstrom [Fri, 23 Jan 2009 23:04:56 +0000 (00:04 +0100)]
Move -DDFAULT_SQUID_DATA_DIR & CONFIG_DIR from CFLAGS to DEFS
For some reason gcc on OpenBSD does not like having these in CFLAGS
when running configure. However works fine having them expanded in
src/Makefile DEFS variable just like -DDEFAULT_SQUID_CONFIG_FILE
Amos Jeffries [Fri, 23 Jan 2009 02:07:48 +0000 (15:07 +1300)]
Author: Adrian Chadd <adrian@creative.net.au>
Bug 2558: pt 1: Connect forwarding setting error too early
This does not appear to be all of the cause of 2558, but its part of the
problem anyway. Request forwarding should not be setting a connection
failed error page until all attempts at making a connection have failed.
This patch does not correct the place its being set, but clears err before
re-trying a connection.
From IRC:
(13:09:03) adri: no idea about v4-only hostnames
but the bug is still valid; you're creating errors on
the connect fail, but not clearing them before the next connect
Amos Jeffries [Fri, 23 Jan 2009 01:59:29 +0000 (14:59 +1300)]
Regression Fix: rollback bug 2395 fix.
Fixing bug 2395 uncovered a much more serious bug 2558.
It was not found earlier due to bug 2558 being a slow incremental affect
hidden by already-cached objects.
This rollback is intended as a temporary measure until a good fix can be
found for both bugs.
Amos Jeffries [Tue, 20 Jan 2009 08:36:00 +0000 (21:36 +1300)]
Only set Keep-alive once
Enact the TODO of same.
Some re-arrangement has been done to move setting cases which need
functions to be evaluated a lower priority than those which can be set
purely from flags.
Amos Jeffries [Wed, 14 Jan 2009 01:55:03 +0000 (14:55 +1300)]
Author: Regardt van de Vyver <squid@vdvyver.net>
Bug 2555: Fixes to SNMP-MIB
* Modified imports as Integer32 and TEXTUAL-CONVENTION are external defines to
this MIB, it's a compliance issue for validation
* Updated the order of Revisions as the MIB spec requires them to be in reverse
choronological order
* moved the nlanr define to a valid location as it may not be the first defined
item in a module (the MODULE IDENTITY must be)
* Modified various "ACCESS" statements to "MAX-ACCESS" due to changes in the
MIB spec requiring the change of defines.
* Modified various interative table entries to "not-accessible". This is due to
the fact that the root element should not be directly accessed, rather the
generated table entries matching these values. This is not strictly neccesary
but does make the file validate on severity 3 instead of severity 2.
* Modified cacheMedianTime to have a valid range. Ranges are REQUIRED for any
object used as an INDEX
* Modified cachePeerPortHTTP and cachePeerPortIcp to use a new type
"ValidPort". This is to meet a requirement that we cannot define valid port
ranges in a sequence defenition.
* Created a new define ValidPort so that we can specify a range of valid values
for ports
* In some object defines STATUS was set to mandatory, this is however not a
valid MIB STATUS value and has thus been fixed to current. These items
specifically caused the MIBs to fail compile completely.
* cacheClientEntry had a duplicate oid and after checking the source code I
updated its oid to the correct value.
SIDE NOTE:
Squid-2 and 3.0 have a different structure for cachePeerEnty enum. This may
cause some confusion if the squid3 mib is used with older squid releases.
Amos Jeffries [Tue, 13 Jan 2009 06:17:33 +0000 (19:17 +1300)]
Bug 2556: HTCP fails without icp_port
Removes requirement for ICP port to be open for peer UDP queries to take
place.
TODO: Some work still needs to be done to separate the timeout from
icp_timeout and break ICP specific query logics out into icp code files.
But that is just cleanup for later.
Amos Jeffries [Thu, 8 Jan 2009 13:45:29 +0000 (02:45 +1300)]
Pconn not being used when they should.
A slight misalignment between the keys generated for push and pop of
connections to the waiting pool caused new connections never to match
any of the existing connections.
This patch makes several alterations to achieve a fix:
- reduces the FwdState push logics down into a simple selection in
pconnPush function which previously was a dumb wrapper.
- adds a dump of current hash keys to the cacheManager pconn report
- adds uch better debugging to the pconn process at level 48,3 and 48,6
- adds some additional documentation of code to the related call tree
Pconn API after this patch :
The Pconn KEY takes several parameters (host, port, domain, client-ip).
For HTTP requests this is normally generated from the request data of
same name with domain being optional since it may be ientical to host.
However for peer-sourced requests this alters slightly and the host:port
fields become the peer NAME and HTTP-PORT.
This means the pconn key in abstract becomes a key to the TCP remote-end of
the link with an optional anchor on the domain being requested.
Amos Jeffries [Tue, 6 Jan 2009 13:13:44 +0000 (02:13 +1300)]
Untangle CacheManager reports from log_fqdn
The fqdnFromAddr() call depends on log_fqdn to generate the FQDN. But
CacheManager needs to always display it whenever available. This removes
the call indirection, dependency and makes Name: field only display when
a name is available.
Amos Jeffries [Sun, 4 Jan 2009 12:49:16 +0000 (01:49 +1300)]
Fix pinger immediate shutdowns
pinger runs okay when started manually, but shuts down after a sucessful
startup when run by Squid. This was due to the last_request timer being
left at zero/epoch.
Amos Jeffries [Wed, 24 Dec 2008 13:59:42 +0000 (02:59 +1300)]
Author: Alexander Lukyanov <lav@yar.ru>
Bug 2330: allow keep-alive+chunked; don't add max-age for no-cache
Attached patch enables keep-alive for chunked transfer-encoding, as such
encoding allows to determine reply body end.
Also the patch disables adding of max-age to requests with no-cache flag. It
saves a few bytes and also makes less difference between the incoming and
outgoing requests. Max-age is obviously not useful for no-cache requests.
NP: amended after bug discussion to also skip adding of no-cache on
internal calculation from local state which may not be correct
down the line in other caches. (nocache includes local config settings).
Amos Jeffries [Wed, 24 Dec 2008 12:29:38 +0000 (01:29 +1300)]
Author: Christos Tsantilas <chtsanti@users.sourceforge.net>
Bug 2542: squid fails to resume dowload (and breaks content) when any ICAP filter is attached
In the case the icap client is enabled, the
ServerStateData::handleMoreAdaptedBodyAvailable called to handle the incoming
data from the ICAP server. Inside this function a StoreIOBuffer created to pass
the data to the related StoreEntry.
The bug is that the offset passed to the StoreIOBuffer did not count the 206
response offsets.
This patch uses the ServerStateData::currentOffset to compute the correct
offset (which also used in the case the icap client is not enabled).