Amos Jeffries [Mon, 6 Feb 2012 01:01:23 +0000 (18:01 -0700)]
SourceLayout: shuffle CommIO into DiskThreads library
While investigating the Windows port problems it became clear that the
CommIO object is not actually related to the rest of comm systems. It is
instead a dedicated higher level disk I/O pipe manager for DiskThreads.
Given that it causes build errors in comm.cc on Windows and does not
even need to be there this patch shuffles it into the DiskThreads
library. The build issues on Windows still exist but are now limited to
just that threads library and can be avoided temporarily with simple
./configure options.
This add a bit more leniency to the Host: header validation without
re-opening Squid to the cache poisoning risks involved.Resolving most
issues with websites using geo-based DNS results and/or short DNS TTL for
load balancing.
It alters host_verify_strict directive to allow requests which fail Host:
validation to continue through processing. The default remains OFF.
* blocks caching on the response to protect all other network clients
against one compromised client spreading infections.
* forces the original (untrusted) destination IP to be used instead of
any alternative Squid might find. Preventing Squid or peer DNS lookup
being the point of vulnerability for the same-origin bypass. For any
client to be vulnerable it must be vulnerable inside the browser agent
where the original TCP connection is established.
Also add a new error template ERR_CONFLICT_HOST to replace the confusing
"invalid request" message with a clear explanation of the problem and
some client workarounds.
FUTURE WORK:
* adapt processing to allow these requests to safely be passed to peers.
* adapt caching to permit safe sharing between clients making identical
requests to same sources.
Alex Rousskov [Mon, 30 Jan 2012 17:13:52 +0000 (10:13 -0700)]
Bug 3441: Part 1: Minimize cache size corruption by malformed swap.state.
If swap.state gets corrupted, a single entry with bogus size value will screw
up Squid idea of the current cache size. A newly added StoreSwapLogData sane()
method attempts to minimize the chance of corruption by ignoring log entries
with obviously bogus values.
However, without expensive size checks (-S or "Does the log entry matches the
actual cache file size?"), it is not possible to reliably detect all bogus log
entries.
If Squid gets a wrong idea of the current cache size, it may either cache too
much (and possibly run out of space) OR delete everything.
Properly initialize memory_cache_shared when not explicitly configured and
do not allocate shared memory segments if memory_cache_shared is off.
Prior to this change, shared memory was requested (during rrClaimMemoryNeeds)
before memory_cache_shared was initialized (during rrAfterConfig, unless
explicitly set in squid.conf). Moreover, MemStore::EntryLimit() calculation
ignored memory_cache_shared setting. All that resulted in an attempt to create
shared memory segments where none were needed or possible.
We now have a new Runners Registry (rrFinalizeConfig) that is dedicated to
finalizing complex configuration options, before those configurations options
are used to initialize modules, features, and services. As far as shared
memory is concerned, the initialization order is now:
* rrFinalizeConfig: finalize memory_cache_shared if needed
* rrClaimMemoryNeeds: request shared memory pages for the caches
* rrAfterConfig: create shared memory segments
The same bug 3449 also needed a fix for shared segment paths (trunk r11961).
Alex Rousskov [Thu, 26 Jan 2012 04:51:21 +0000 (21:51 -0700)]
Bug 3268: Squid cannot do anything else during ufs/diskd rebuild
Replaced 50-entries/step UFS rebuild logic with 50msec/step logic,
while also ensuring that other events can be processed between steps.
During a swap.state rebuild, progress reporting will now happen
every 4000 entries instead of every 0xFFF entries because humans do not
think in hex. Still no progress reporting for dirty rebuilds based on the
cache directory scans.
The code is based on Rock Store rebuild code. Eventually, the common rebuild
pacing logic among all stores should be merged to avoid code duplication.
Also removed RebuildState::next methods as unused. A copy-paste error?
Henrik Nordstrom [Sat, 21 Jan 2012 23:04:54 +0000 (00:04 +0100)]
Disable OpenSSL SSL/TLS bug workarounds by default
On a closer inspection the set of "harmless" SSL/TLS bug workarounds
set by SSL_OP_ALL is not all of them harmless and reduces the SSL/TLS
strength to some attacks.
To revert to the older mode the ALL option can be set explicitly, but
it's better to understand which bug is encountered and enable only that
specific workaround if needed.
Alex Rousskov [Fri, 20 Jan 2012 23:28:14 +0000 (16:28 -0700)]
Do not add HTTP 110 and 111 Warnings to TCP_REFRESH_UNMODIFIED responses.
The old "stale if hit" logic did not account for cases where the stored stale
response became fresh due to a successful revalidation with the origin server.
When the stored response was stale at the time of the request, we were adding
110 "Response is stale" and even 111 "Revalidation failed" Warning headers to
responses while logging TCP_REFRESH_UNMODIFIED, which is considered a hit.
Added StatHist unit tests, and moved algorithm consistency checks there.
Expanded storage for histograms to 64bit unsigned.
Inlined StatHist constructor, destructor and assignment operator.
Implemented stubs for StatHist.cc and mem.cc
Henrik Nordstrom [Mon, 16 Jan 2012 17:30:16 +0000 (18:30 +0100)]
Send DNS A and AAAA queries in parallel
This implements sending DNS A & AAAA queries in parallel by
creating "slave" idns_query requests. Current implementation
uses the A lookup as "master" and AAAA as "slave" query.
Long term this should probably be restructured to separate "lookup
state" and "query", or even better yet to defer the DNS lookups
until connect time and perform A respective AAAA as needed only and
not look up both before attemting to connect.
This also drops the dns_v4_fallback directive as it have no effect with
parallel DNS lookups. This directive should be reinstanciated in future
to enable pure IPv6 usage.
Inside StoreEntry::swapOut() the StoreEntry::trimMemory() method called to
release unused MemObjects memory. The trimMemory method must called for all
store entries, but current code blocks that call for not-swappable objects,
at least.
This patch trying to fix this bug implementing the following simple logic:
{
bool weAreOrMayBeSwappingOut =
swappingOut() || mayStartSwapout();
trimMemory(weAreOrMayBeSwappingOut);
if (!weAreOrMayBeSwappingOut)
return; // nothing else to do
}
Amos Jeffries [Sat, 7 Jan 2012 10:15:40 +0000 (03:15 -0700)]
Cleanup: update most of the existing stub files to use the STUB.h framework
There are still several sections to be done. Including adding library API
stubs. However these are the ones which can be done immediately without
breaking or re-writing existing unit tests.
This implements sending DNS A & AAAA queries in parallel by
creating "slave" idns_query requests. Current implementation
uses the A lookup as "master" and AAAA as "slave" query.
Long term this should probably be restructured to separate "lookup
state" and "query", or even better yet to defer the DNS lookups
until connect time and perform A respective AAAA as needed only and
not look up both before attemting to connect.
Amos Jeffries [Sun, 1 Jan 2012 04:48:49 +0000 (17:48 +1300)]
Cleanup: unlinkd is self-contained
This helper is very minimal. It does not use IP:: or Ipc:: symbols.
If we get linkage issues against it for them those need to be resolved
without pulling in dependencies from squid internal libraries.
Amos Jeffries [Fri, 30 Dec 2011 16:01:37 +0000 (05:01 +1300)]
Cache Manager migration support
* Add a little bit of XHR script to the CGI cachemgr front page which
probes each of the managed proxies for http:// and https:// capabilities
and produces web links to their internal managers.
* Reserve the template name MGR_INDEX for use by cachemgr scripts.
But do not distribute any preset template. This allows manager apps to
provide their own static template with linked scripts and objects.
* The error page system is updated to create a blanket message
indicating missing template instead of aborting Squid if a template is
not even installed.
Amos Jeffries [Fri, 30 Dec 2011 03:42:50 +0000 (16:42 +1300)]
Support Cross-Origin Requests for the cache manager API
Now that tools are being implemented to access the cache manager via
http:// scheme we need to accomodate the browser XSS protection
mechanisms which limit XHR based scripts abilities.
This adds CORS headers to manager responses. Permitting XHR to view the
Server header (to detect squid version for known capabilities) and to
flag that the XHR request may need access to credentials for
authenticating with the manager.
This also closes the feature bug 3407 requesting we support the
non-standard "Origin:" header, which is used by the CORS mechanisms.
Future work:
Support the OPTIONS request used by CORS to detect requirements before
POSTing. We do not yet use POST in the Squid code so that is left until
needed.
Amos Jeffries [Fri, 30 Dec 2011 01:24:57 +0000 (18:24 -0700)]
SourceLayout: shuffel UserRequest into Auth:: namespace
No logic changes, symbols and debug only.
* shuffle AuthUserRequest to Auth::UserRequest
* shuffle AuthBasicUserRequest to Auth::Basic::UserRequest
* shuffle AuthDigestUserRequest to Auth::Digest::UserRequest
* shuffle AuthNegotiateUserRequest to Auth::Negotiate::UserRequest
* shuffle AuthNTLMUserRequest to Auth::NTLM::UserRequest
* polish and add documentation for several parts of the hierarchy
Amos Jeffries [Thu, 22 Dec 2011 04:49:24 +0000 (17:49 +1300)]
Bug 3370: external ACL sometimes skipping
Emit tag/user/log/message/pass details to the request in the case where
the external ACL entry has expired but within graceful revalidate period.
The result of this bug appears as incorrect matches later down the ACL
processing in any config relying on the external ACL output values.
Example; for bypassing auth login, or for filtering tagged traffic.
projects / thirdparty / squid.git / log
