Amos Jeffries [Sun, 31 Jan 2010 23:20:22 +0000 (12:20 +1300)]
Regression Fix: Make Squid abort on parse failures.
The addition of multi-file parsing and catching of thrown errors between
them caused any errors in sub-files to be non-fatal and allow Squid to
run as if everything was normal, even if parts of the config were not
being loaded.
Squid will now propigate the error exception out and exit with a count of
the errors found.
The main() safety wrapper from 3.1 has also been ported to catch some
unwanted crashes.
Amos Jeffries [Sun, 31 Jan 2010 23:02:45 +0000 (12:02 +1300)]
Account for mem_node overhead inside cache_mem
This makes squid include the overhead memory space when determining the
number of data pages available in cache_mem memory space. Forming a much
better limit on memory cache usage.
This does NOT solve any issues created by sizeof(mem_node) being unaligned
with the system malloc implementation page size. That still needs to be
resolved.
Amos Jeffries [Sat, 16 Jan 2010 04:44:46 +0000 (17:44 +1300)]
Add client_ip_max_connections
Given some incentive after deep consideration of the slowloris claims.
While I still do not believe Squid is vulnerable per-se and some people
have tested and found no such failures as claimed for the DoS attack.
We found we could provide better administrative controls. This is one such
that has been asked about many times and still did not exist. It operates
essentially the same as maxconn ACL, but does not require HTTP headers and
other request data to fully exist like ACLs do.
It is tested immediately after accept() and is request type agnostic, right
down to DNS TCP requests. So care is warranted in hierarchy situations or where
clients may be behind NAT.
Utilizes the client DB to monitor accepted TCP links. Operates prior to
everything so as to eliminate resource usage on the blocking case and
close the windows of opportunity for dribble-attacks etc.
Default (-1) is to keep the status-quo of no limits.
Amos Jeffries [Tue, 22 Dec 2009 01:52:19 +0000 (14:52 +1300)]
Bug 2395: FTP errors not displayed
* Fix PUT and other errors hanging
* Fix assertion "entry->store_status == STORE_PENDING" caused by FTP
* Several variable-shadowing cases resolved for the fix.
Amos Jeffries [Tue, 22 Dec 2009 01:17:26 +0000 (14:17 +1300)]
Bug 2830: clarify where NULL byte is in headers.
Debug printing used to naturally stop string output at the null byte.
This should show the first segment of headers up to the NULL and the
segment of headers after it. So that its clear to admin that there are
more headers _after_ the portion that used to be logged.
Amos Jeffries [Sun, 6 Dec 2009 00:30:50 +0000 (13:30 +1300)]
Author: Francesco Chemolli <kinkie@squid-cache.org>
Bug 2778: fix linking issues using SunCC
SunCC doesn't handle inline extern functions, and misses some duplicate
code detection features gcc has; as a result squid-specific operator new and
operator delete get defined multiple times and fail linking.
* Implemented a compiler-specific workaround by de-inlining the code.
* Improved Solaris OS detection logic.
Amos Jeffries [Sun, 4 Oct 2009 01:25:10 +0000 (14:25 +1300)]
Author: Alin Nastac <mrness@gentoo.org>
Cleanup: deprecate ugly hack for sys/capability.h
Needed once to prevent build clashes between libc and sys/capabilility.h
headers. As of libcap2 that is no longer the case and from 2.26 in fact
prevents a clean build.
Add detection for libcap to enable the hack only if actually needed.
Add --disable-caps option to disabke libcap and TPROXY2
Amos Jeffries [Fri, 2 Oct 2009 08:31:21 +0000 (21:31 +1300)]
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Split some asserts with side-effects
assert expressions should not have any noticeable sideffects or otherwise
be important for the program flow operation. If not unexpected results is
seen from compiling with -DNODEBUG
Author: Alex Rousskov <rousskov@measurement-factory.com>
Fixed entry size calculation for the max-size cache_dir selection algorithms.
There were two sides of this bug:
In src/store_swapout.cc, we must create metadata earlier because
storeCreate() needs swap_hdr_sz. With swap_hdr_sz unknown at the time of
storeCreate(), the SwapDir selection algorithms may select SwapDirs that
should not really take the entry as the real storage size (with the
metadata swap_hdr_sz) would exceed the store slot size.
In src/store_dir.cc, we must add the metadata size before looking for
cache_dirs that accept objsize. Only the "new"
storeDirSelectSwapDirRoundRobin selection scheme was affected.
This makes the starting state explicitly private: instead of assuming its
going to be defined in a private state and dependign on the definer class.
We can cope with not setting the state to private at the end of the macro
as well. It just means the use of this macro must be last, or have an
explicit private/public definition after its use.
Amos Jeffries [Sun, 23 Aug 2009 04:52:44 +0000 (16:52 +1200)]
Always display auto-tools versions on bootstrap.
This will better help us identify from build-farm results if we broke a
particular auto-tool support or if its the specific OS implementation /
environment.
Amos Jeffries [Sun, 23 Aug 2009 04:49:08 +0000 (16:49 +1200)]
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Bug 2541: Hang in 100% CPU loop while extacting header details using a delimiter other than comma
strListGetItem() could get stuck in a 100% loop if called with a delimiter
other than ',' and the parsed string contains ','.
This change makes it properly detect ',' as a delimiter even if called
with another delimiter argument like intended. The reason why ',' is always
a delimiter is because this is the delimiter between merged values of a
multi-valued header, and must always be supported as delimiter even if
Cookie uses ';' instead.
Amos Jeffries [Fri, 14 Aug 2009 04:50:47 +0000 (16:50 +1200)]
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Remove support for deferred state in stateful helpers
the deferred state were previously used for the challenge reuse mode
in NTLM, but is since long unused as it was both incompatible with
NTLMv2 and also not very stable for authentication.
Amos Jeffries [Sun, 2 Aug 2009 10:29:54 +0000 (22:29 +1200)]
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Bug 2648: Reserved helpers not shut down after reconfigure/rotate
The race happens if the helpers are restarted(rotate/reconfigure) while
reserved. Those reserved are then not shut down when the reservation is
released.
This patch cleans this up and a couple of other related races.
Harden the sanity checks to detect negative status and other syntax issues
before they have a chance to become problems. This applies to replies and
responses both in varying ways.
Also document the sanity check logics. sanityCheck* is supposed to fill
out the error status for what it detects with each fail result.
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Kick any pending *ufs write/close operations alive when the previous write completes
When using uufs only part of the object got written out to the disk,
forgetting to write out the last butes and closing the file.
This should have been seen at least in in diskd as well even if it
for some reason did not seem to show up in simple tests.
Headers may be accumulated over more than one read. It does not make
sense to limit the internal copy of the accumulated read buffer to 64KB.
Reverts the internal read buffer to MemBuf defaults. This may cause
issues where headers are of unbounded size. But those are expected to be
caught by the header parser.
Check buffer limits before parsing and return error on all bad parse cases.
No exceptions.