The tcp_outgoing_tos is buggy in trunk:
- The ToS is never set for packets of the first request of a TCP connection.
- The ToS is never set for HTTPS traffic no matter whether requests are bumped
or not.
- The ToS value is not set for ftp data connections
This patch solve the above problems:
- It moves the codes which sets the TOS value for a new connection from the
the comm_openex to a higher-level code, where the connection protocol
(IPv4 or IPv6) is known.
- Add code to set TOS value for ftp data connections.
- Add a check on parsing code to warn users if the configured ToS value has the
ECN bits set, and adjust the value to a correct one.
Notes
Currently squid support only passive ftp data connections. If squid in the
future supports active ftp connections, then some work required to TcpAcceptor
class to allow setting ToS values for connections established on squid listening
sockets.
This allows long-lived connections to retain access to their original
receiving port configuration even after squid has been reconfigured.
Reference counting prevents some leaking of these port configuration
details and associated state by removing locking uncertainties.
Also, fixes all parsing errors resulting from the change. Most of
the issues were due to use of raw-pointers and explicit
cbdataReference*() API.
Support client connection annotation by helpers via clt_conn_tag=TAG.
TCP client connections tagging is useful for faking various forms of
connection-based "authentication" when standard HTTP authentication cannot be
used. A URL rewriter or, external ACL helper may mark the "authenticated"
client connection to avoid going through "authentication" steps during
subsequent requests on the same connection and to share connection
"authentication" information with Squid ACLs, other helpers, and logs.
After this change, Squid accepts optional clt_conn_tag=TAG pair from a
helper and associates the received TAG with the client TCP connection.
Squid treats the received clt_conn_tag=TAG pair as a regular annotation, but
also keeps it across all requests on the same client connection. A helper may
update the client connection TAG value during subsequent requests.
Also after this patch the notes comming from helpers replaces any existing
note values.
FwdState::negotiateSSL() operates on a TCP connection without a timeout. If,
for example, the server never responds to Squid SSL Hello, the connection get
stuck forever. This happens in real world when, for example, a client is trying
to establish an SSL connection through bumping Squid to an HTTP server that
does not speak SSL and does not detect initial request garbage (from HTTP point
of view)
This patch adds support for timeout to SSL negotiation procedure and sets this
timeout so that it does not exceed peer_connect or forward_timeout.
author: Joe Crayne <oh.hellojoe@gmail.com>
Bug 3966:Add KeyEncipherment when ssl-bump substitues RSA for EC.
Libnss3, which is used by Firefox to verify the certificate chain, has
different requirements for RSA keys than it does for EC keys. In particular,
RSA keys with the keyUsage extension, must set the KeyEncipherment flag.
I've attached a patch that will enable KeyEncipherment whenever ssl-bump
attempts to substitute an RSA key for an EC key that had a keyUsage extension.
This fix was brought to you by the Samizdat project.
http://samizdat.childrenofmay.org
Alex Rousskov [Wed, 25 Jun 2014 00:09:35 +0000 (18:09 -0600)]
Support more collapsed forwarding hit cases:
Allow STORE_MEMORY_CLIENTs to open disk files if needed and possible.
STORE_*_CLIENT designation is rather buggy (several known XXXs). Some
collapsed clients are marked as STORE_MEMORY_CLIENTs (for the lack of info at
determination time) but their hit content may actually come from a disk cache.
Do not abandon writing a collapsed cache entry when we cannot cache the entry
in RAM if the entry can be cached on disk instead. Both shared memory cache
and the disk cache have to refuse to cache the entry for it to become
non-collapsible. This dual refusal is difficult to detect because each cache
may make the caching decision at different times. Added StoreEntry methods to
track those decisions and react to them.
Recognize disk cache as a potential source of the collapsed entry when the
memory cache is configured. While collapsed entries would normally be found in
the shared memory cache, caching policies and other factors may prohibit
memory caching but still allow disk caching. Memory cache is still preferred.
Alex Rousskov [Wed, 25 Jun 2014 00:07:41 +0000 (18:07 -0600)]
Do not use unknown entry size in StoreEntry::checkTooSmall() determination.
The size of collapsed entries is often unknown, even when they are STORE_OK
(because swap_hdr_sz is unknown when the other worker has created the cache
entry). The same code has been using this ignore-unknowns logic for the
Content-Length header value, so the rejection of unknown entry size (added as
a part of C++ conversion without a dedicated message in r5766) could have been
a typo.
Alex Rousskov [Tue, 24 Jun 2014 23:48:37 +0000 (17:48 -0600)]
Rock and shared memory caches fixes/improvements.
* Bug fixes:
Avoid "FATAL: Squid has attempted to read data from memory that is not
present" crashes. Improve related code.
Lifted 16777216 slot limit from rock cache_dirs and shared memory caches.
Caches larger than 256GB (assuming default 16KB cache_dir slot-size) require
this fix to use disk space beyond 256GB. Also fixed rock disk space waste
warning.
Restored Squid ability to cache (in memory) when no disk caches are configured
which was lost during r12662 "Bug 3686: cache_dir max-size default fails" but
other bugs hid this problem.
Allow HITs on entries backed by a shared memory cache only.
Make sure Squid dumps core and not just promises one when memory management
goes wrong.
* Significant RAM usage reduction:
Significantly reduced Large Rock (and slightly shared memory) RAM requirements
by not allocating 40 (and 12) bytes of unused RAM per cache slot.
Stop wasting 96 RAM bytes per slot for high-offset slots in large shared
caches with more than 16777216 slots. For example, a StoreMap for a 1TB shared
cache with default 16KB slot sizes (67108864 slots) occupied about 6.5GB of
RAM. After this change, the same information is stored in about 2.0GB because
unused anchors are not stored.
* Other improvements:
Document counter-intuitive round-robin cache_dir selection; decrease its bias.
Report IpcIo file name with errors and warnings to inform admin which
cache_dir needs troubleshooting or tuning.
Alex Rousskov [Tue, 24 Jun 2014 22:21:48 +0000 (16:21 -0600)]
Prep for merge from trunk: undo branch r13313, r13312, and r13311 that were
temporary undoing trunk r13266, r13269, and r13270 (std::vector migration).
Non https connectiona on SSL-bump enabled port may stuck
This is can be seen on skype when try to connect to server using an
SSL-bump enabled squid port. Squid try to bump the connection, waiting for ever
the ssl protocol header, and skype client waits for ever an answer from the
server.
This patch sets the timeout to Config.Timeout.request (request_timeout)
Alex Rousskov [Mon, 16 Jun 2014 22:50:08 +0000 (16:50 -0600)]
Do not leak implicit ACLs during reconfigure.
Many ACLs implicitly created by Squid when grouping multiple ACLs were not
destroyed because those implicit ACLs where not covered by the global ACL
registry used for ACL destruction.
See also: r13210 which did not go far enough because it incorrectly assumed
that all InnerNode() children are aclRegister()ed and, hence, will be
centrally freed.
Also, do not use cbdataFree() on non-POD Acl::Tree objects that have
destructors.
Alex Rousskov [Mon, 16 Jun 2014 22:45:23 +0000 (16:45 -0600)]
Fix build on some 32bit systems with strtoll()
broken by r13429 that duplicated unportable portability code.
GCC exits with errors: integer constant is too large for 'long' type
nnnL constants are "long" and cannot hold 64bit integers on 32bit platforms.
Use LL suffix for 64bit constants for now. It remains to be seen how portable
that LL C++ extension is: https://gcc.gnu.org/onlinedocs/gcc/Long-Long.html
Also fixed INT64_MIN #define (missing parenthesis).
Amos Jeffries [Sat, 14 Jun 2014 01:45:50 +0000 (18:45 -0700)]
POrtability: use 64-bit for X-Cache-Age header
While the value is expected to be well within 32-bit range some OS
(OpenBSD 5.5 at least) use 64-bit time_t. Use the larger type size for
calculations which also removes 32-bit wrap errors, and cast for older
systems.
Amos Jeffries [Mon, 9 Jun 2014 15:04:29 +0000 (08:04 -0700)]
Windows: fix various libip build issues
* Missing include ws2tcpip.h for IPv6 definitions
* Alternative IN6_ARE_ADDR_EQUAL definition required
* 'byte' is a reserved / system defined type on Windows,
resolve variable shadowing by renaming to ipbyte.
Amos Jeffries [Mon, 9 Jun 2014 13:18:48 +0000 (06:18 -0700)]
Revert rename of Comm::Flag ERROR
On MinGW at least ERROR is a #define'd macro resulting in build failure.
Revert to the old name COMM_ERROR until we can find a better one that
does not duplicate 'comm'.
Amos Jeffries [Fri, 6 Jun 2014 09:38:02 +0000 (02:38 -0700)]
Fix regression in client read buffer
SBuf acts like a floating 'window' of space in a MemBlob which acts a
essentially like a ring-buffer. However on requests with body payload
being drop-fed in very small amounts it is possible to exactly fill the
MemBlob and also to shuffle the SBuf window right to the end.
It is also possible if an earlier request (or the headers associated with
the drip-fed body is holding the beginning of the underlying MemBlob.
These events cause haveCapadity==0 so haveCapacity*2 == 0.
If this happens we need to allocate a new MemBlob to get any space for
future I/O. The old MemBlob will be released by whatever other SBuf was
holding it locked.
Amos Jeffries [Thu, 5 Jun 2014 15:57:23 +0000 (08:57 -0700)]
Fix error in rev.13417 "ssl_bump none" mode crashes squid
The fake CONNECT request generated to relay non-bumped traffic needs to
be pre-pended to any existing data in the ConnStateData::In buffer.
Otherwise our new bytes will corrupt any traffic bytes already in there
and our intended CONNECT request will never be recognised as we re-parse
the buffer.
Amos Jeffries [Thu, 5 Jun 2014 14:57:58 +0000 (07:57 -0700)]
SourceLayout: rename comm_err_t to Comm::Flag
Integration testing of rev.13443 revealed that there were two copies of
comm_err_t.h in the source code.
* Remove the unnecessary duplicate file.
* Shuffle the enum into Comm:: scope as 'Flag'.
* Reduce the enum value labels to drop the redundant prefix.
* Rename COMM_EOF to Comm::ENDFILE to avoid colliston with #define EOF
in system headers.
Amos Jeffries [Thu, 5 Jun 2014 08:28:20 +0000 (01:28 -0700)]
Update the Comm:: API for read(2)
... using an algorithm suggested by Alex Rousskov.
The code for Comm:: read operations is shuffled into comm/libcomm.la and
the files comm/Read.{h,cc} in symmetry with the current Comm::Write API.
The new API consists of:
* Comm::Read() which accepts the Comm::Connection pointer for the
socket to read on and an AsyncCall callback to be run when read is
ready. The Job is responsible for separately initiating read(2) or
alternative action when that callback is run.
* Comm::ReadNow() which accepts an SBuf buffer and a CommIoCbParams
initialized to contain the Comm::Connection pointer for the socket to
read on. TheCommIoCbParams will be filled out with result flag, xerrno,
and size.
This synchronously performs read(2) operations to append bytes to the
provided buffer. It returns a comm_err_t flag for use in determining how
to handle the results and signalling one of OK, INPROGRESS, ERROR, EOF
as having happened.
comm_read() API is retained for backward compatibility during the
transitional period. However it is now deprecated and scheduled for
removal ASAP. The SBuf overloaded variant is now removed.
* Comm::ReadCancel() - a renaming of the comm_read_cancel() AsyncCall
API. Other cancel API(s) are now deprecated and will be removed ASAP.
Code using comm_read_cancel() with AsyncCall may immediately switch to
this new API with no logic changes necessary even if they are not using
other new Comm API calls.
* Comm::MonitorsRead() - a renaming of comm_monitors_read() AsyncCall
API. comm_monitors_read() is now removed.
Other changes:
- the unused comm_has_pending_read_callback() API is erased.
- the IoCallback::buf2 mechanism previously used for SBuf read I/O is
erased.
- ConnStateData is converted to this new API for filling its SBuf I/O
buffer and for monitoring pinned connection closures.
- fde::readPending() converted to new Comm::MonitorsRead() API.
- Comm half-closed monitoring feature is also converted to this new API.
NP: one bug in ConnStateData handling of intercepted HTTPS traffic is
noted but not fixed in this patch.
Amos Jeffries [Wed, 4 Jun 2014 15:30:16 +0000 (08:30 -0700)]
Cross-compile: Add BUILDCXX and BUILDCXXFLAGS configure options
We have provided HOSTCXX for some time. However in the official cross
compilation terminology HOST is the output architecture. Renames to
BUILD to align with the official terminology of which machine the tools
it builds are run on.
Also, add a flags variable and document these as important variables in
./configure --help output
Alex Rousskov [Mon, 2 Jun 2014 05:26:17 +0000 (22:26 -0700)]
Do not leak ex_data for SSL state that survived reconfigure.
SSL_get_ex_new_index() allocates a new index on every call, even if its
parameters remain unchanged. It should be called once per process
lifetime.
Besides leaking, this 12 year-old(!) bug could probably make some SSL
code misbehave during reconfigure because reconfigure would change the
supposedly constant ex_data indexes.
Alex Rousskov [Mon, 2 Jun 2014 05:16:35 +0000 (22:16 -0700)]
Do not register the same Cache Manager action more than once
... to avoid wrong mgr:menu output and the impression of a reconfigure
memory leak.
The old code was comparing action object pointers, which could not work,
and was adding the same action on every reconfigure call for modules that
register with Cache Manager during [re]configuration.
We already have a working method for finding registered actions. Use it.
Amos Jeffries [Sat, 31 May 2014 17:00:05 +0000 (10:00 -0700)]
Cleanup: de-duplicate auth_param program parameter code
Moves the "program" parse and dump code into Auth::Config.
Also, changes API to Auth::Config::dump() to not dump any config settings
for schemes which are not configured with a "program". Including scheme
specific settings.
Also, fixes missing Digest "utf8" parameter in config dump.
Move realm parse and config dump logics to Auth::Config base object.
This de-duplicates Basic, Digest (and future schemes ie Bearer) config
processing code. Also makes realm available to NTLM and Negotiate
schemes, although at present it remains unused by those schemes.
Also, convert the realm parameter string to an SBuf. Removing the need
for some memory maintenance code.