Amos Jeffries [Sun, 4 Oct 2009 01:25:10 +0000 (14:25 +1300)]
Author: Alin Nastac <mrness@gentoo.org>
Cleanup: deprecate ugly hack for sys/capability.h
Needed once to prevent build clashes between libc and sys/capabilility.h
headers. As of libcap2 that is no longer the case and from 2.26 in fact
prevents a clean build.
Add detection for libcap to enable the hack only if actually needed.
Add --disable-caps option to disabke libcap and TPROXY2
Amos Jeffries [Fri, 2 Oct 2009 08:31:21 +0000 (21:31 +1300)]
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Split some asserts with side-effects
assert expressions should not have any noticeable sideffects or otherwise
be important for the program flow operation. If not unexpected results is
seen from compiling with -DNODEBUG
Author: Alex Rousskov <rousskov@measurement-factory.com>
Fixed entry size calculation for the max-size cache_dir selection algorithms.
There were two sides of this bug:
In src/store_swapout.cc, we must create metadata earlier because
storeCreate() needs swap_hdr_sz. With swap_hdr_sz unknown at the time of
storeCreate(), the SwapDir selection algorithms may select SwapDirs that
should not really take the entry as the real storage size (with the
metadata swap_hdr_sz) would exceed the store slot size.
In src/store_dir.cc, we must add the metadata size before looking for
cache_dirs that accept objsize. Only the "new"
storeDirSelectSwapDirRoundRobin selection scheme was affected.
This makes the starting state explicitly private: instead of assuming its
going to be defined in a private state and dependign on the definer class.
We can cope with not setting the state to private at the end of the macro
as well. It just means the use of this macro must be last, or have an
explicit private/public definition after its use.
Amos Jeffries [Sun, 23 Aug 2009 04:52:44 +0000 (16:52 +1200)]
Always display auto-tools versions on bootstrap.
This will better help us identify from build-farm results if we broke a
particular auto-tool support or if its the specific OS implementation /
environment.
Amos Jeffries [Sun, 23 Aug 2009 04:49:08 +0000 (16:49 +1200)]
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Bug 2541: Hang in 100% CPU loop while extacting header details using a delimiter other than comma
strListGetItem() could get stuck in a 100% loop if called with a delimiter
other than ',' and the parsed string contains ','.
This change makes it properly detect ',' as a delimiter even if called
with another delimiter argument like intended. The reason why ',' is always
a delimiter is because this is the delimiter between merged values of a
multi-valued header, and must always be supported as delimiter even if
Cookie uses ';' instead.
Amos Jeffries [Fri, 14 Aug 2009 04:50:47 +0000 (16:50 +1200)]
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Remove support for deferred state in stateful helpers
the deferred state were previously used for the challenge reuse mode
in NTLM, but is since long unused as it was both incompatible with
NTLMv2 and also not very stable for authentication.
Amos Jeffries [Sun, 2 Aug 2009 10:29:54 +0000 (22:29 +1200)]
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Bug 2648: Reserved helpers not shut down after reconfigure/rotate
The race happens if the helpers are restarted(rotate/reconfigure) while
reserved. Those reserved are then not shut down when the reservation is
released.
This patch cleans this up and a couple of other related races.
Harden the sanity checks to detect negative status and other syntax issues
before they have a chance to become problems. This applies to replies and
responses both in varying ways.
Also document the sanity check logics. sanityCheck* is supposed to fill
out the error status for what it detects with each fail result.
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Kick any pending *ufs write/close operations alive when the previous write completes
When using uufs only part of the object got written out to the disk,
forgetting to write out the last butes and closing the file.
This should have been seen at least in in diskd as well even if it
for some reason did not seem to show up in simple tests.
Headers may be accumulated over more than one read. It does not make
sense to limit the internal copy of the accumulated read buffer to 64KB.
Reverts the internal read buffer to MemBuf defaults. This may cause
issues where headers are of unbounded size. But those are expected to be
caught by the header parser.
Check buffer limits before parsing and return error on all bad parse cases.
No exceptions.
Author: Alex Rousskov <rousskov@measurement-factory.com>
Break forwarding loops for "transparent" or "intercept" http_ports.
Squid detected forwarding loops in most configurations, but broke
them (using a customizable HTTP_FORBIDDEN response) only when working as
an accelerator. Squid now breaks loops when working as a transparent
proxy as well.
A persistent loop is going to be broken anyway, when the Via and
X-Forwarded-For headers exceed header size limit, but that wastes a lot of
resources and may also crash misconfigured Squids.
TODO: Consider breaking all loops, regardless of the http_port options.
TODO: Consider adding a specific and/or configurable error page for this case
instead of using hard-coded ACCESS_DENIED.
Amos Jeffries [Sun, 7 Jun 2009 11:57:31 +0000 (23:57 +1200)]
Author: Guido Serassio <serassio@squid-cache.org>
Windows port: Fix improper access permissions to registry and DNS parsing from registry
- RegOpenKey() always try to open registry keys in full control mode, even if not needed.
This could make Squid to fail when running as a non privileged user. RegOpenKeyEx() allow to
specify only the needed priviledge and now is used instead.
- When parsing DNS setting into registry, a fixed size loop was used. Now the loop count is
dynamic.
Amos Jeffries [Sat, 6 Jun 2009 10:07:29 +0000 (22:07 +1200)]
Add Translate: and Unless-Modified-Since: headers to known list.
They are custom microsoft headers we may need to use header_access to
crop away. Translate: is needed for WEBDAV so we must leave this up
to individual admin.
Amos Jeffries [Sat, 6 Jun 2009 10:03:04 +0000 (22:03 +1200)]
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Bug 2481: Don't set expires: now in generated error responses
Sending Expires: "now" overrides any negative cache logics which may
be present in downstream caches and is a bad idea. Better to send
the responses without any explicit expiry information.
Amos Jeffries [Sat, 30 May 2009 05:24:48 +0000 (17:24 +1200)]
Make FD_SETSIZE inernally signed.
FreeBSD 7 defines FD_SETSIZE as unsigned but Squid needs
it to be signed to compare it with signed values.
Linux and others including FreeBSD <7, define it as signed.
If this causes any issues please contact squid-dev@squid-cache.org
Amos Jeffries [Sat, 23 May 2009 04:48:46 +0000 (16:48 +1200)]
Remove infinite loop in MSNT auth helper
On one starting error condition the helper enters a read loop
without exit conditions. Made this exit when read was done
and shutdown helper as per behavior comment by the loop.
Amos Jeffries [Sat, 23 May 2009 03:21:41 +0000 (15:21 +1200)]
Author: Adrian Chadd <adrian@squid-cache.org>
Add in some better documentation for override-expire.
Attempt to clearly document exactly what it does - in this instance, it
enforces min age and doesn't allow the admin to enforce max-age -
ie, truncate staleness.