Currently the fs related subsystem is broken in trunk, because of
linking problems. This patch:
- Add the files fs/Module.cc,h which are similar to esi/Module.* files
- Build a new library libfs.a
- The fs/aufs/StoreFSaufs.cc, fs/diskd/StoreFSdiskd.cc and
fs/ufs/StoreFSufs.cc now contain just fake pointers
- The FS::Init() method used to build ufs, aufs and diskd filesystems.
- The FS::Init method called in main.cc before the code which reads the
config files. The FS::clean() currently does not used.
- The coss file system initiated using the old way.
Amos Jeffries [Mon, 30 Mar 2009 02:13:10 +0000 (20:13 -0600)]
Polich Intercept code.
- cleans up some obscurity over data source and sink for me/client IPs.
- cleans up existing debugs
- adds new debugs to show NAT inputs and results at level-5
(non-result is common and left at level-9)
- adds new dbugs to show TPROXY result at level-5 like NAT results
Add to the squid binary dependecies the snmplib, the adaptation lib, the
esi lib and the common libs to force the squid binary rebuild when
one or more of the above libraries are changed
In ACLFilledChecklist::ACLFilledChecklist constructor the HttpRequest
parameter hides the ACLFilledChecklist::request member.
As a result acl's do not work at all and some cases squid crashes
(eg when dstdomain acls used)
Fix the wrong "ifndef" in the beggining of the ExtUser.h file.
The old "SQUID_ACLIDENT_H" refers to the include file "acl/Ident.h"
causing problems when both files included in a source file.
inside the IpAddress::IpAddress(IpAddress *s) constructor, the line
"operator=(s)" causing the constructor to recursively call itself,
causing segmentation fault.
Amos Jeffries [Sat, 21 Mar 2009 00:57:14 +0000 (13:57 +1300)]
Shuffle PF interception into its own function.
With this all of the transparent build options are independent, and may be
used in any combination. Squid is no longer bound to the single-firewall
interception support.
NP: one small note the PF lookup is slightly weird due to its altering
the local client address from the NAT information.
Alex Rousskov [Thu, 19 Mar 2009 19:31:31 +0000 (13:31 -0600)]
SourceLayout: esi/, take 1
Moved src/ESI* files into src/esi/.
Renamed ESI source files from ESIFoo.{cc,cci,h} to Foo.{cc,cci,h}.
Replaced implicit constructor-based Parser registration with an explicit call
to Esi::Init() which knows of all ESI parsers. Added Esi::Clean counterpart.
Made libTrie build conditional on ESI support being enabled.
No true source code changes except for parser initialization.
No functionality changes were intended.
No runtime tests with ESI performed.
TODO: I did not move the tests/ESIExpressions test into src/esi because
we need to fix the entire testing layout before we should start
moving individual tests: They currently depend on individual source
and object files in src/ and in tests/ and that kind of dependency
should not be multiplied but removed.
Alex Rousskov [Tue, 17 Mar 2009 15:24:36 +0000 (09:24 -0600)]
Simplified registration. We will no longer support implicit registration using
static initialization because that not-referenced-by-Squid code gets removed
when building the squid executable from convenience libraries.
Support de-registration as long as it is done in the order opposite of
registration.
Alex Rousskov [Tue, 17 Mar 2009 04:50:20 +0000 (22:50 -0600)]
Support multiple test spec arguments. If at least one test fails, the
script exits with a non-zero code (but possibly not immediately, see
--keep-going).
Each test spec is a test config file name or a well-known config name
(no path or extension!). If no specs are given, all known test specs are
used (as before). The same happens if the only test spec given is 'all'.
The following are now equivalent:
./test-builds.sh
./test-builds.sh all
./test-builds.sh btlayer-00-default btlayer-01-minimal btlayer-02-maximus
./test-builds.sh test-suite/buildtests/layer-*
You can mix file names and spec names, but not the 'all' macro: There is
currently no support for using 'all' together with other test cases.
Tolerate individual test errors if --keep-going is specified. This helps
when one wants to find more errors than just the first one, especially
when tests are long and are running without a human watching.
When detecting test failures, rely on test-suite/buildtest.sh exit
status code rather than on the presence of error-like strings in the log
file.
Added and polished comments. Comments need more work.
Alex Rousskov [Tue, 17 Mar 2009 02:04:14 +0000 (20:04 -0600)]
Fixed the problem with Squid executable missing code to process ACLs.
The solution will probably be replaced by a better one eventually.
Background:
Squid uses a "registry pattern" to register parsing and matching code specific
to most ACL types. The registration happens in acl/libacls convenience
library. The rest of Squid does not know about specific ACL types; it only has
access to a registry of pointers to what looks like generic ACL objects. When
Squid executable is linked, most object files containing specific ACL types
are dropped (i.e., ignored) by the linker because they do not satisfy any
unresolved symbols and, hence, deemed unnecessary.
ACL object files were not missing when Squid executable was built using
explicit ACL object files names because the linker treats those differently
than object files in a convenience library -- it includes them whole.
Attempts to find a fix:
My attempts to link with a static convenience library (libtool's -static
option when defining the library) were not successful: the end result is the
same. The static and regular convenience libraries appear to be different, but
the linker, apparently, troughs out "unnecessary" symbols from both.
My attempts to pass -whole-archive to the linker were not successful: libtool
would reorder the arguments when calling the actual linker, resulting in the
wrong parameter order. I did protect -Wl,-whole-archive and friends with
AC_SUBST() and tried a few different versions of that protection, but was not
successful. It is possible that I just did not find the right trick to make it
work. However, -whole-archive is not portable so it would not be an ideal
solution anyway.
The fix:
I have moved registration code from src/acl/* sources into a src/AclRegs.cc
file, making the latter the source file for Squid executable. With this
change, Squid knows about specific ACL types (because they are needed by the
registration code) and the corresponding ACL classes get linked.
A similar solution is currently used for DiskIO modules, except there the
"pull everything in" source file (DiskIO/DiskIOModules_gen.cc) is generated
and called explicitly. We may end up generating AclRegs.cc as well, but there
does not seem to be a particular advantage of adding that level of complexity.
Future:
A few options are available:
a) Find flaws in the above attempts to convince libtool to do the right thing
and fix the problem using libtool parameters alone.
b) Wait for libtool to support the kind of convenience library that we need
(the one that does -whole-archive when building an executable).
c) Add some kind of Acl::ModuleInit() global that Squid would call to register
known ACL types. AclRegs.cc code can be moved to acl/* sources then.
Alex Rousskov [Fri, 13 Mar 2009 21:47:14 +0000 (15:47 -0600)]
Build libTrie only if ESI is enabled. Nothing else appears to use that library.
Do not include libTrie/src/Trie*.o in libmiscutil. Code needing ESI should
include libTrie (which was previously unused except for libTrie/test?).
TODO: Is it OK to covert libTrie to a convinience library? If yes, we should
LIBADD libTrie to libesi so that we do not have to remember to add libTrie
when we use libesi.
Alex Rousskov [Fri, 13 Mar 2009 21:05:54 +0000 (15:05 -0600)]
SourceLayout: acl/, take 1
Moved src/ACL* and a few related files into src/acl/.
Renamed ACL source files from ACLFoo.{cc,cci,h} to Foo.{cc,cci,h}.
Added acl/ libraries, reorganized auth/ libraries, and split ACLChecklist
class to avoid circular dependencies among libraries.
Many targets in src/Makefile.am depended on selected ACL ACL*cc and related
sources. These targets depend on acl/* libraries now. As a part of this
cleanup, the number of ufsdump sources went from about 160 to about 20.
No functionality changes were intended. Source code changes were kept to the
minimum. All my build tests are successful. However, since I had to move a lot
of files, move some code pieces, and split ACLChecklist, it is possible that
some targets will no longer build in some environments and some authentication
code will break.
Please see individual commit messages for details.
Alex Rousskov [Tue, 10 Mar 2009 20:52:45 +0000 (14:52 -0600)]
SourceLayout: esi/, take 1
Moved src/ESI* files into src/esi/.
Renamed ESI source files from ESIFoo.{cc,cci,h} to Foo.{cc,cci,h}.
No true source code changes.
No functionality changes were intended.
No runtime tests with ESI performed.
TODO: I did not move the tests/ESIExpressions test into src/esi because
we need to fix the entire testing layout before we should start
moving individual tests: They currently depend on individual source
and object files in src/ and in tests/ and that kind of dependency
should not be multiplied but removed.
Amos Jeffries [Tue, 10 Mar 2009 14:29:30 +0000 (03:29 +1300)]
Bug 2559: Problem parsing /0 and /0.0.0.0
netmask strikes again.
Squid was parsing /0 on an IPv4 as mask /0.0.0.0 before v4-mapping the
mask to /96 IPv6. Which is invalid CIDR size for IPv4 and maps back as
0.0.0.0/32 there during ACL matching.
This affects any input of /0 and equivalents but in a fail-closed way.
Force /0 to the magic noaddr mask regardless of the protocol.
Also adds a lot of level-9 debugs for tracing other issues in IP ACL parse
Amos Jeffries [Tue, 10 Mar 2009 12:36:54 +0000 (01:36 +1300)]
Bug 2404: WCCP in mask mode is broken
Also autodoc and cleanup some WCCPv2 structures.
This patch:
- adds a reference to each struct mentioning the exact draft
RFC section where that struct is defined.
- fixes sent mask structure fields to match draft. (bug 2404)
- removes two duplicate useless structs
Alex Rousskov [Mon, 9 Mar 2009 16:20:57 +0000 (10:20 -0600)]
Support multiple test spec arguments. If at least one test fails, the script
exits with a non-zero code (but posibly not immediately, see --keep-going).
Each test spec is a test config file name or a well-known config name (no path
or extension!). If no specs are given, all known test specs are used (as
before). The same happens if the only test spec given is 'all'. The
following are now equivalent:
./test-builds.sh
./test-builds.sh all
./test-builds.sh btlayer-00-default btlayer-01-minimal btlayer-02-maximus
./test-builds.sh test-suite/buildtests/layer-*
You can mix file names and spec names, but not the 'all' macro: There is
currently no support for using 'all' together with other test cases.
Tolerate individual test errors if --keep-going is specified. This helps when
one wants to find more errors than just the first one, especially when tests
are long and are running without a human watching.
When detecting test failures, rely on test-suite/buildtest.sh exit status code
rather than on the presence of error-like strings in the log file.
Alex Rousskov [Sun, 8 Mar 2009 21:57:12 +0000 (15:57 -0600)]
Synced #includes after moving files around.
Use newly added ACLFilledChecklist for fast ACL checks. Its constructor locks
request and accessList, simplifying the caller code.
Use newly added ACLFilledChecklist for state-specific ACL code. Also, the
ACLChecklist::authenticated() method is now an AuthenticateAcl global
function. See ACLFilledChecklist addition log for rationale.
Alex Rousskov [Sun, 8 Mar 2009 21:53:27 +0000 (15:53 -0600)]
Synced #includes after moving files around.
Use newly added ACLFilledChecklist for fast ACL checks. Its constructor locks
request and accessList, simplifying the caller code.
Use newly added ACLFilledChecklist for state-specific ACL code. Also, the
ACLChecklist::authenticated() method is now an AuthenticateAcl global
function. See ACLFilledChecklist addition log for rationale.
Alex Rousskov [Sun, 8 Mar 2009 21:37:32 +0000 (15:37 -0600)]
Removed some 140 SOURCEs of ufsdump, adding a few stubs. The program seems to
work on simple ufs cache files.
urlCanonical is currently an always-asserting stub. I am not sure what pulls
in urlCanonical. I know storeKeyPublicByRequest* require it, but I am not sure
which source requires storeKeyPublicByRequest. If the stub assertion fails on
some cache files, we will need to pull more sources or re-implement
urlCanonical.
The more sources are moved into libraries, the more difficult it may be to
write isolated, compact test cases or tools because test case stubs and
customizations may start to conflict with names defined in the libraries and
because pulling in a whole library might require defining more stubs. It is
not clear yet how real this concern is in general, but a lot of acl/
SourceLayout time was spent on making ufsdump build...
Alex Rousskov [Sun, 8 Mar 2009 21:29:22 +0000 (15:29 -0600)]
Split auth/libauth into two libraries:
- auth/libauth containing core authentication code (used, in part,
by the acl/libstate library) and not using acl/ libraries; and
- auth/libacls containing authentication-related ACL code (used to build
executables) and using acl/libstate.
The split was necessary to prevent circular dependencies among acl/ and auth/
libraries.
Added conditionally built libraries to libauth, eliminating the need for
AUTH_LIBS_TO_ADD. Use libtool to build those libraries.
Alex Rousskov [Sun, 8 Mar 2009 21:19:10 +0000 (15:19 -0600)]
Moved src/ACL* and a few related files into src/acl/.
Renamed ACL source files from ACLFoo.{cc,cci,h} to Foo.{cc,cci,h}.
Many targets in src/Makefile.am depended on selected ACL ACL*cc and related
sources. These targets depend on acl/* libraries now. As a part of this
cleanup and reorganization, the number of ufsdump sources went from about 160
to about 20.
Alex Rousskov [Sun, 8 Mar 2009 19:45:44 +0000 (13:45 -0600)]
Split ACL.{cc,h} and src/acl_noncore.cc into acl/Acl and acl/Gadgets, moving
high-level global functions into Gadgets and leaving basic API types in Acl.
Moved horrific acl_access::containsPURGE into aclPurgeMethodInUse to avoid
exposing basic ACL API to "strategy" templates and HTTP-specific PURGE method.
The aclPurgeMethodInUse global lives in acl/libacls, which is a top-level
library that already contains a lot of data-specific code.
Alex Rousskov [Sun, 8 Mar 2009 19:41:27 +0000 (13:41 -0600)]
Extracted transaction state storage and related checks from ACLChecklist into
ACLFilledChecklist. Context: SourceLayout: acl/, take 1
ACLChecklist contained many data members representing the state of the current
transaction (in a broad sense). These members and related methods depended
on complex types such as HttpRequest and ConnStateData. Any Squid code using
ACLChecklist (and there is a lot of that code) was, hence, dependent on these
types. These dependencies caused, among other things, huge SOURCES lists in
src/Makefile.am, often for trivial targets such as ufsdump and test cases.
ACLChecklist is an abstract class now (to make sure we do not accidentally
create it). ACLChecklist has only one kid: ACLFilledChecklist. The Filled()
global function can be used to cast ACLChecklist* to ACLFilledChecklist*.
Since all ACLChecklist objects have to be ACLFilledChecklist objects, the cast
is fast and safe. The cast allows us to avoid bloating ACLChecklist with
virtual methods that only make sense in ACLFilledChecklist context.
ACLFilledChecklist now contains state-specific members while ACLChecklist
contains basic check list logic. The code that organizes or passes through
ACL checks does not need to be exposed to ACLFilledChecklist and the data
types it depends on.
Furthermore, ACLFilledChecklist should not contain complicated checks either.
It should focus on maintaining the state. The checks should go into specific
ACLs. Otherwise, complex checks cause dependency cycles with higher-level
libraries that provide code for those checks and yet depend on having access
to ACLFilledChecklist to implement specific ACLs. Currently, only the
authenticated() method got moved to auth/Acl.{cc,h} to break the circular
dependency between acl/libs and auth/libs. More work in that direction will
probably be required as we move more src/* code into libraries.
ACLFilledChecklist constructor replaces aclChecklistCreate global. This
simplifies the initiating code of all fast ACL checks: the checks no longer
need to do manual state locking, duplicating aclChecklistCreate code.
Alex Rousskov [Sun, 8 Mar 2009 19:38:12 +0000 (13:38 -0600)]
Removed AUTH_LIBS_TO_ADD as unused. auth/libauth.la now includes conditionally
built auth libraries and src/Makefile.am no longer needs to know about them.
Alex Rousskov [Sun, 8 Mar 2009 19:34:36 +0000 (13:34 -0600)]
Moved src/ACL* and a few related files into src/acl/.
Renamed ACL source files from ACLFoo.{cc,cci,h} to Foo.{cc,cci,h}.
Many targets in src/Makefile.am depended on selected ACL ACL*cc and related
sources. These targets depend on acl/* libraries now. As a part of this
cleanup and reorganization, the number of ufsdump sources went from about 160
to about 20.
Alex Rousskov [Sun, 8 Mar 2009 18:41:06 +0000 (12:41 -0600)]
Fixed subdir handling when USE_LOADABLE_MODULES is false. DIST_SUBDIRS was
defined incorrectly. Moreover, we do not need to define DIST_SUBDIRS because
the default works:
"If `SUBDIRS' is defined conditionally using Automake conditionals,
Automake will define `DIST_SUBDIRS' automatically from the possibles
values of `SUBDIRS' in all conditions."
The bug was exposed by ./test-builds.sh layer-01-minimal with "make distcheck"
test added.