wessels [Tue, 27 Nov 2007 05:20:04 +0000 (05:20 +0000)]
Bug 2096: allow pending cache hits when delay pools not compiled in
For some time now, Squid has marked pending cache hits (a cache hit
when e->store_status != STORE_OK) as LOG_TCP_MISS. This was done
so that pending hits do not bypass delay pools. It had the negative
side effect of generating confusing access.log entries because cache
hits get logged as miss.
With this patch, the behavior is reverted when delay pools are not
compiled in. Pending hits will be logged as some kind of TCP_HIT.
Users of delay pools will just have to live with this logging quirk,
although the "forwarded to" field of access.log can always be used
to see if the request was forwarded (a miss) or not (a hit).
wessels [Thu, 15 Nov 2007 23:47:31 +0000 (23:47 +0000)]
More fixes for recent MD5 mixups
- Changing 'xMD5' function name to 'SquidMD5'
- Changing 'MD5_CTX' typedef to 'SquidMD5_CTX'
- Changing 'MD5_DIGEST_CHARS' define to 'SQUID_MD5_DIGEST_LENGTH'
- Changing 'MD5_DIGEST_LENGTH' define to 'SQUID_MD5_DIGEST_LENGTH'
- Removing messy #ifdef logic in include/md5.h that tries to use
the system libraries if available. We'll always use the Squid MD5
routines.
amosjeffries [Thu, 15 Nov 2007 16:18:04 +0000 (16:18 +0000)]
Fix-fix for MD5.
Pre-compiler only tested on Linux and FreeBSD.
This update amends the previous to allow OS which provide a partial MD5
implementation but do not supply correct buffer size (MD5_DIGEST_* macro)
to build using the squid bundled code.
To evade symbol-clashes the squid code is also updated to use xMD5Init,
xMD5Update, xMD5Final and the code sorts out which version is to be used
at compile time from configure options and available sources.
For MacOS X and other broken OS the sys/types.h must also be included on
behalf of the sys/*.h which need it.
rousskov [Wed, 14 Nov 2007 06:09:23 +0000 (06:09 +0000)]
operator != declared outside of the HttpRequestMethod class results in
operator overloading warnings on some platforms. The operator does not appear
to be required.
amosjeffries [Tue, 13 Nov 2007 06:10:37 +0000 (06:10 +0000)]
Author: Pawel Worach <pawel.worach@gmail.com>
Enable squid to lookup /etc/services for named peer ports.
Here is patch so you can use port names from /etc/services in
squid.conf for cache_peers like so:
cache_peer upstream.example.net parent http-cache icpv2
assumng you have something like this in /etc/services
http-cache 8080/tcp
icpv2 3130/udp
This became needed here where we have the same squid.conf's deployed
across a cluster of reverse proxies and we control originserver
addresses via a hosts file and originserver ports via /etc/services
locally on each node.
amosjeffries [Sun, 11 Nov 2007 09:26:58 +0000 (09:26 +0000)]
Solaris 10 appears to provide MD5 natively
* alter the MD5 logics to perform compile-time tests of
whether the squid internal MD5 is needed.
* OpenSSL implementation primary as before with same configure options
* first backup is to use the OS-provided.
* final backup is to use squid internal code.
wessels [Wed, 7 Nov 2007 04:19:30 +0000 (04:19 +0000)]
Extended the Squid -> Rewriter interface with key=value pairs
Our customer wants to use a redirector (rewriter) but needs additional
fields. We think that new fields should be of the form "key=value"
so that, in the future, the user can choose which fields to send
to the rewriter.
amosjeffries [Mon, 5 Nov 2007 06:59:51 +0000 (06:59 +0000)]
Close three possible buffer over/under-runs
Simple fixes imported from earlier string work.
- prevent pointer operations in cut /set operations if the location
given is outside teh currently allocated buffer.
The methods will behave as if the operations were successful but did
not alter the string.
wessels [Sat, 3 Nov 2007 10:49:53 +0000 (10:49 +0000)]
Looks like 'dstdomain' and 'dstdomain_regex' ACLs were broken.
The dst_addr member of ACLChecklist class was never set so
certain reverse lookups for 'dstdomain' and 'dstdomain_regex'
ACLs probably were not working. This patch sets dst_addr
before (potentially) doing the non-blocking lookup.
When Squid is not doing the ranges it may still forward a Range request to the
origin server and receive a range response. The old code was comparing
endOffset of memObject with the last expected offset according to the Range
header value. That comparison did not account for the header size in
endOffset.
I do not know if the header size should not have been there or
should have been accounted for in the comparison. Adding headers size made
the 206 problem more difficult to reproduce (but it was still there).
Instead of trying to figure out when the header should or should not be
counted, I used http->out.offset and reply->content_range->spec.length. That
seems to work. This change, however, is in my Puzzle Area of Squid; I have low
confidence the fix is correct and cannot be improved.
rousskov [Tue, 16 Oct 2007 21:57:28 +0000 (21:57 +0000)]
Bug 2104 fix: handle REQMOD HTTP responses without body
When in request satisfaction mode and no body is expected, mark the store
entry as complete. Otherwise the ClientStreams(?) triggered by the
clientGetMoreData call will get stuck waiting for more data from the store.
There is probably a better way to do this (e.g., completely bypassing store).
The tunnelConnectTimeout function used the tunnelState object (and propably
the tunnelState->request object) after they were freed by the comm_close call.
The fix moves the comm_close call to the end of tunnelConnectTimeout.
amosjeffries [Tue, 16 Oct 2007 18:56:51 +0000 (18:56 +0000)]
Alter policy of ICP and HTCP access to default allow only local networks
Modifies both icp_access and htcp_access from recommended 'allow all'
to a default 'deny !localnet' with a fallback default 'deny all'
if the recommended icp/htcp access are removed or commented out.
Adds localnet acl by default the RFC1918 reserved private space
to support the use of localnet acl in the above.
amosjeffries [Sat, 13 Oct 2007 12:57:40 +0000 (12:57 +0000)]
Add notes about htcp_access effects on HTCP peers to config.
Discovered by Tony Dodd and Chris Robertson.
See Discussion:
Re: [squid-users] Squid marks alive siblings as dead.
http://www.squid-cache.org/mail-archive/squid-users/200710/0254.html
hno [Sat, 13 Oct 2007 06:02:28 +0000 (06:02 +0000)]
Bug #2100: Respect DNS ttl=0
Some DNS servers responds with a ttl=0 asking their results to not be cached
for long, but due to historical reasons from before when Squid had an internal
DNS client such DNS responses got cached for the positive DNS ttl (default 1 hour).
Witch this change such DNS responses gets cached for the minimum allowed TTL
(negative_dns_ttl, default 1 minute).
wessels [Thu, 4 Oct 2007 22:43:54 +0000 (22:43 +0000)]
Likely fix for helper-related SEGV shortly after reconfigure
I'm seeing occasional SEGVs in helperHandleRead() shortly after
a reconfigure. I suspect that the helper structure was kept
around during the reconfigure because of a pending request. If
it gets closed in helperHandleRead() after reading, then we must
return from the function rather than continue in the while loop.
Boost redirector cache.log message to indicate <NULL> also received when
redirector returns an empty URL as destination.
Was just when NULL pointer received.
Do not disable ICAP preview by default. Now, by default, the preview will be
used for ICAP servers that request it. For a discussion, please see
http://www.squid-cache.org/mail-archive/squid-dev/200709/0066.html
Warn users that multiple ICAP services per icap_class are not yet supported.
Despite the warning, we still allow them in the configuration file, but that
may change. This warning may help to make the transition smoother.
Forward port of latest tproxy changes from SQUID 2:
- Automatically disable tproxy if the needed capabilities could not be set
- Keep the permitted set unless root privileges is completely dropped (chroot),
as is normally done when not using capabilities. This fixes file permissions
regarding the pid file.
- Test for sys/capability.h linux include file to avoid failing on systems missing libcap
projects / thirdparty / squid.git / log
