Alex Rousskov [Wed, 25 Jun 2014 00:09:35 +0000 (18:09 -0600)]
Support more collapsed forwarding hit cases:
Allow STORE_MEMORY_CLIENTs to open disk files if needed and possible.
STORE_*_CLIENT designation is rather buggy (several known XXXs). Some
collapsed clients are marked as STORE_MEMORY_CLIENTs (for the lack of info at
determination time) but their hit content may actually come from a disk cache.
Do not abandon writing a collapsed cache entry when we cannot cache the entry
in RAM if the entry can be cached on disk instead. Both shared memory cache
and the disk cache have to refuse to cache the entry for it to become
non-collapsible. This dual refusal is difficult to detect because each cache
may make the caching decision at different times. Added StoreEntry methods to
track those decisions and react to them.
Recognize disk cache as a potential source of the collapsed entry when the
memory cache is configured. While collapsed entries would normally be found in
the shared memory cache, caching policies and other factors may prohibit
memory caching but still allow disk caching. Memory cache is still preferred.
Alex Rousskov [Wed, 25 Jun 2014 00:07:41 +0000 (18:07 -0600)]
Do not use unknown entry size in StoreEntry::checkTooSmall() determination.
The size of collapsed entries is often unknown, even when they are STORE_OK
(because swap_hdr_sz is unknown when the other worker has created the cache
entry). The same code has been using this ignore-unknowns logic for the
Content-Length header value, so the rejection of unknown entry size (added as
a part of C++ conversion without a dedicated message in r5766) could have been
a typo.
Alex Rousskov [Tue, 24 Jun 2014 23:48:37 +0000 (17:48 -0600)]
Rock and shared memory caches fixes/improvements.
* Bug fixes:
Avoid "FATAL: Squid has attempted to read data from memory that is not
present" crashes. Improve related code.
Lifted 16777216 slot limit from rock cache_dirs and shared memory caches.
Caches larger than 256GB (assuming default 16KB cache_dir slot-size) require
this fix to use disk space beyond 256GB. Also fixed rock disk space waste
warning.
Restored Squid ability to cache (in memory) when no disk caches are configured
which was lost during r12662 "Bug 3686: cache_dir max-size default fails" but
other bugs hid this problem.
Allow HITs on entries backed by a shared memory cache only.
Make sure Squid dumps core and not just promises one when memory management
goes wrong.
* Significant RAM usage reduction:
Significantly reduced Large Rock (and slightly shared memory) RAM requirements
by not allocating 40 (and 12) bytes of unused RAM per cache slot.
Stop wasting 96 RAM bytes per slot for high-offset slots in large shared
caches with more than 16777216 slots. For example, a StoreMap for a 1TB shared
cache with default 16KB slot sizes (67108864 slots) occupied about 6.5GB of
RAM. After this change, the same information is stored in about 2.0GB because
unused anchors are not stored.
* Other improvements:
Document counter-intuitive round-robin cache_dir selection; decrease its bias.
Report IpcIo file name with errors and warnings to inform admin which
cache_dir needs troubleshooting or tuning.
Alex Rousskov [Tue, 24 Jun 2014 22:21:48 +0000 (16:21 -0600)]
Prep for merge from trunk: undo branch r13313, r13312, and r13311 that were
temporary undoing trunk r13266, r13269, and r13270 (std::vector migration).
Non https connectiona on SSL-bump enabled port may stuck
This is can be seen on skype when try to connect to server using an
SSL-bump enabled squid port. Squid try to bump the connection, waiting for ever
the ssl protocol header, and skype client waits for ever an answer from the
server.
This patch sets the timeout to Config.Timeout.request (request_timeout)
Alex Rousskov [Mon, 16 Jun 2014 22:50:08 +0000 (16:50 -0600)]
Do not leak implicit ACLs during reconfigure.
Many ACLs implicitly created by Squid when grouping multiple ACLs were not
destroyed because those implicit ACLs where not covered by the global ACL
registry used for ACL destruction.
See also: r13210 which did not go far enough because it incorrectly assumed
that all InnerNode() children are aclRegister()ed and, hence, will be
centrally freed.
Also, do not use cbdataFree() on non-POD Acl::Tree objects that have
destructors.
Alex Rousskov [Mon, 16 Jun 2014 22:45:23 +0000 (16:45 -0600)]
Fix build on some 32bit systems with strtoll()
broken by r13429 that duplicated unportable portability code.
GCC exits with errors: integer constant is too large for 'long' type
nnnL constants are "long" and cannot hold 64bit integers on 32bit platforms.
Use LL suffix for 64bit constants for now. It remains to be seen how portable
that LL C++ extension is: https://gcc.gnu.org/onlinedocs/gcc/Long-Long.html
Also fixed INT64_MIN #define (missing parenthesis).
Amos Jeffries [Sat, 14 Jun 2014 01:45:50 +0000 (18:45 -0700)]
POrtability: use 64-bit for X-Cache-Age header
While the value is expected to be well within 32-bit range some OS
(OpenBSD 5.5 at least) use 64-bit time_t. Use the larger type size for
calculations which also removes 32-bit wrap errors, and cast for older
systems.
Amos Jeffries [Mon, 9 Jun 2014 15:04:29 +0000 (08:04 -0700)]
Windows: fix various libip build issues
* Missing include ws2tcpip.h for IPv6 definitions
* Alternative IN6_ARE_ADDR_EQUAL definition required
* 'byte' is a reserved / system defined type on Windows,
resolve variable shadowing by renaming to ipbyte.
Amos Jeffries [Mon, 9 Jun 2014 13:18:48 +0000 (06:18 -0700)]
Revert rename of Comm::Flag ERROR
On MinGW at least ERROR is a #define'd macro resulting in build failure.
Revert to the old name COMM_ERROR until we can find a better one that
does not duplicate 'comm'.
Amos Jeffries [Fri, 6 Jun 2014 09:38:02 +0000 (02:38 -0700)]
Fix regression in client read buffer
SBuf acts like a floating 'window' of space in a MemBlob which acts a
essentially like a ring-buffer. However on requests with body payload
being drop-fed in very small amounts it is possible to exactly fill the
MemBlob and also to shuffle the SBuf window right to the end.
It is also possible if an earlier request (or the headers associated with
the drip-fed body is holding the beginning of the underlying MemBlob.
These events cause haveCapadity==0 so haveCapacity*2 == 0.
If this happens we need to allocate a new MemBlob to get any space for
future I/O. The old MemBlob will be released by whatever other SBuf was
holding it locked.
Amos Jeffries [Thu, 5 Jun 2014 15:57:23 +0000 (08:57 -0700)]
Fix error in rev.13417 "ssl_bump none" mode crashes squid
The fake CONNECT request generated to relay non-bumped traffic needs to
be pre-pended to any existing data in the ConnStateData::In buffer.
Otherwise our new bytes will corrupt any traffic bytes already in there
and our intended CONNECT request will never be recognised as we re-parse
the buffer.
Amos Jeffries [Thu, 5 Jun 2014 14:57:58 +0000 (07:57 -0700)]
SourceLayout: rename comm_err_t to Comm::Flag
Integration testing of rev.13443 revealed that there were two copies of
comm_err_t.h in the source code.
* Remove the unnecessary duplicate file.
* Shuffle the enum into Comm:: scope as 'Flag'.
* Reduce the enum value labels to drop the redundant prefix.
* Rename COMM_EOF to Comm::ENDFILE to avoid colliston with #define EOF
in system headers.
Amos Jeffries [Thu, 5 Jun 2014 08:28:20 +0000 (01:28 -0700)]
Update the Comm:: API for read(2)
... using an algorithm suggested by Alex Rousskov.
The code for Comm:: read operations is shuffled into comm/libcomm.la and
the files comm/Read.{h,cc} in symmetry with the current Comm::Write API.
The new API consists of:
* Comm::Read() which accepts the Comm::Connection pointer for the
socket to read on and an AsyncCall callback to be run when read is
ready. The Job is responsible for separately initiating read(2) or
alternative action when that callback is run.
* Comm::ReadNow() which accepts an SBuf buffer and a CommIoCbParams
initialized to contain the Comm::Connection pointer for the socket to
read on. TheCommIoCbParams will be filled out with result flag, xerrno,
and size.
This synchronously performs read(2) operations to append bytes to the
provided buffer. It returns a comm_err_t flag for use in determining how
to handle the results and signalling one of OK, INPROGRESS, ERROR, EOF
as having happened.
comm_read() API is retained for backward compatibility during the
transitional period. However it is now deprecated and scheduled for
removal ASAP. The SBuf overloaded variant is now removed.
* Comm::ReadCancel() - a renaming of the comm_read_cancel() AsyncCall
API. Other cancel API(s) are now deprecated and will be removed ASAP.
Code using comm_read_cancel() with AsyncCall may immediately switch to
this new API with no logic changes necessary even if they are not using
other new Comm API calls.
* Comm::MonitorsRead() - a renaming of comm_monitors_read() AsyncCall
API. comm_monitors_read() is now removed.
Other changes:
- the unused comm_has_pending_read_callback() API is erased.
- the IoCallback::buf2 mechanism previously used for SBuf read I/O is
erased.
- ConnStateData is converted to this new API for filling its SBuf I/O
buffer and for monitoring pinned connection closures.
- fde::readPending() converted to new Comm::MonitorsRead() API.
- Comm half-closed monitoring feature is also converted to this new API.
NP: one bug in ConnStateData handling of intercepted HTTPS traffic is
noted but not fixed in this patch.
Amos Jeffries [Wed, 4 Jun 2014 15:30:16 +0000 (08:30 -0700)]
Cross-compile: Add BUILDCXX and BUILDCXXFLAGS configure options
We have provided HOSTCXX for some time. However in the official cross
compilation terminology HOST is the output architecture. Renames to
BUILD to align with the official terminology of which machine the tools
it builds are run on.
Also, add a flags variable and document these as important variables in
./configure --help output
Alex Rousskov [Mon, 2 Jun 2014 05:26:17 +0000 (22:26 -0700)]
Do not leak ex_data for SSL state that survived reconfigure.
SSL_get_ex_new_index() allocates a new index on every call, even if its
parameters remain unchanged. It should be called once per process
lifetime.
Besides leaking, this 12 year-old(!) bug could probably make some SSL
code misbehave during reconfigure because reconfigure would change the
supposedly constant ex_data indexes.
Alex Rousskov [Mon, 2 Jun 2014 05:16:35 +0000 (22:16 -0700)]
Do not register the same Cache Manager action more than once
... to avoid wrong mgr:menu output and the impression of a reconfigure
memory leak.
The old code was comparing action object pointers, which could not work,
and was adding the same action on every reconfigure call for modules that
register with Cache Manager during [re]configuration.
We already have a working method for finding registered actions. Use it.
Amos Jeffries [Sat, 31 May 2014 17:00:05 +0000 (10:00 -0700)]
Cleanup: de-duplicate auth_param program parameter code
Moves the "program" parse and dump code into Auth::Config.
Also, changes API to Auth::Config::dump() to not dump any config settings
for schemes which are not configured with a "program". Including scheme
specific settings.
Also, fixes missing Digest "utf8" parameter in config dump.
Move realm parse and config dump logics to Auth::Config base object.
This de-duplicates Basic, Digest (and future schemes ie Bearer) config
processing code. Also makes realm available to NTLM and Negotiate
schemes, although at present it remains unused by those schemes.
Also, convert the realm parameter string to an SBuf. Removing the need
for some memory maintenance code.
Amos Jeffries [Thu, 22 May 2014 06:04:05 +0000 (23:04 -0700)]
Cleanup: drop Auth::User::proxy_auth_list header cache
This list/cache was originally used to short-circuit auth helper lookups
based on previousy seen [Proxy-]Authorization header strings.
However, that permitted replay attacks in most auth schemes and has been
replaced by scheme-specific mechanisms:
* Basic and Digest credentials are cached in the global user name cache
wih additional nonce/password comparisons to verify located entries.
* NTLM and Negotiate credentials are cached in the ConnStateData with
exact-match comparison done to verify tokens.
After r13324 patch the SBuf argument of the ConnStateData::handleReadData member
is used only to check if ConnStateData::In::buf is correctly filled with read
data. ConnStateData::handleReadData considers that the data already written
in ConnStateData::in.buf and checks if the passed Sbuf argument is the
ConnStateData::in.buf:
The httpsSslBumpAccessCheckDone function needs to write the CONNECT request
generated internally to force tunnel mode, in ConnStateData::In::buf and then
call ConnStateData::handleReadData method.
author: Alex Rousskov <rousskov@measurement-factory.com>
Avoid on-exit crashes when adaptation is enabled.
After trunk r13269 (Vector refactor) destroyed vector objects still have
positive item counts. This exposes use-after-delete bugs. In this particular
case, global adaptation rule/group/service arrays are destructed by global
destruction sequence first and then again by Adaptation::*::TheConfig objects
destructors.
This change avoiding static destruction order dependencies by storing those
global adaptation arrays on heap.
projects / thirdparty / squid.git / log
