Amos Jeffries [Sun, 7 Jun 2009 11:57:31 +0000 (23:57 +1200)]
Author: Guido Serassio <serassio@squid-cache.org>
Windows port: Fix improper access permissions to registry and DNS parsing from registry
- RegOpenKey() always try to open registry keys in full control mode, even if not needed.
This could make Squid to fail when running as a non privileged user. RegOpenKeyEx() allow to
specify only the needed priviledge and now is used instead.
- When parsing DNS setting into registry, a fixed size loop was used. Now the loop count is
dynamic.
Amos Jeffries [Sat, 6 Jun 2009 10:07:29 +0000 (22:07 +1200)]
Add Translate: and Unless-Modified-Since: headers to known list.
They are custom microsoft headers we may need to use header_access to
crop away. Translate: is needed for WEBDAV so we must leave this up
to individual admin.
Amos Jeffries [Sat, 6 Jun 2009 10:03:04 +0000 (22:03 +1200)]
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Bug 2481: Don't set expires: now in generated error responses
Sending Expires: "now" overrides any negative cache logics which may
be present in downstream caches and is a bad idea. Better to send
the responses without any explicit expiry information.
Amos Jeffries [Sat, 30 May 2009 05:24:48 +0000 (17:24 +1200)]
Make FD_SETSIZE inernally signed.
FreeBSD 7 defines FD_SETSIZE as unsigned but Squid needs
it to be signed to compare it with signed values.
Linux and others including FreeBSD <7, define it as signed.
If this causes any issues please contact squid-dev@squid-cache.org
Amos Jeffries [Sat, 23 May 2009 04:48:46 +0000 (16:48 +1200)]
Remove infinite loop in MSNT auth helper
On one starting error condition the helper enters a read loop
without exit conditions. Made this exit when read was done
and shutdown helper as per behavior comment by the loop.
Amos Jeffries [Sat, 23 May 2009 03:21:41 +0000 (15:21 +1200)]
Author: Adrian Chadd <adrian@squid-cache.org>
Add in some better documentation for override-expire.
Attempt to clearly document exactly what it does - in this instance, it
enforces min age and doesn't allow the admin to enforce max-age -
ie, truncate staleness.
Amos Jeffries [Sat, 23 May 2009 03:20:47 +0000 (15:20 +1200)]
Replace assert with NOP action in hash free.
This resolves one small coverity itch.
When nothing to free we don't really need to care, we do need to act
safely and not try to actually action the free though.
Amos Jeffries [Sat, 9 May 2009 07:03:02 +0000 (19:03 +1200)]
Author: Alex Rousskov <rousskov@measurement-factory.com>
Added temporary hack to support chunked HTTP/1.1 requests.
A broken or confused HTTP/1.1 client may send a chunked HTTP request to Squid.
Squid does not have full support for that feature yet. To cope with such
requests, Squid now buffers the entire request and then dechunks request body
to create a plain HTTP/1.0 request with a known content length. The plain
request is then used by the rest of Squid code as usual.
The newly added chunked_request_body_max_size option specifies the maximum
size of the buffer used to hold the chunked request before the conversion. If
the chunked request size exceeds the specified limit, the conversion fails,
and the client receives an "unsupported request" error, as if dechunking was
disabled.
Dechunking is enabled by default. To disable conversion of chunked requests,
set chunked_request_body_max_size to zero.
Squid cannot buffer chunked requests exceeding MEM_BUF_MAX_SIZE, which is
currently 2*1000*1024*1024 bytes. The default chunked_request_body_max_size
value is 64KB.
Request dechunking feature is a temporary hack. When chunking requests and
responses are fully supported, there will be no need to buffer a chunked
request. Client_side code contains a FUTURE_CODE_TO_SUPPORT_CHUNKED_REQUESTS
section that can be used as a starting point for proper support. That code was
working in simple tests.
This dechunking code requires ICAP support in Squid v3.0 because of the
ICAP/ChunkedCodingParser dependency.
-Method TunnelStateData::Connection::error:
The xerrno is the errno values (EAGAIN, EINTR etc) not a COMM_XX error/flag.
- Methods TunnelStateData::writeServerDone,TunnelStateData::writeClientDone:
if the related connection fd closing (flag==COMM_ERR_CLOSING) just return
Bug 2610: Detection and verification of ipfilter header files is incorrect
After much contention reg Solaris and FreeBSD the union between them
seems to be this:
- adding netinet/in.h
- adding netinet/ip_fil_compat.h (alternative to netinet/ip_compat.h)
- testing for netinet/ipl.h before netinet/ip_nat.h
Author: Christos Tsantilas <chtsanti@users.sourceforge.net>
Bug 2578: squid fails to resume dowload from FTP
The ftp code uses the FtpStateData::restart_offset and
FtpStateData::restarted_offset to compute the offset in the case of
partial responses, but it must also set the
ServerStateData::currentOffset member variable.
This patch:
- completely removes the FtpStateData::restarted_offset member and uses
the ServerStateData::currentOffset member variable instead.
- adds the FtpStateData::setCurrentOffset(int64_t) and
FtpStateData::getCurrentOffset() public methods to allow set/get the
ServerStateData::currentOffset value
Author: Mark Nottingham <mnot@pobox.com>
Bug 2599: Idempotent start
As discussed on squid-dev, Squid shouldn't return a shell error when:
- starting squid, if it's already running
- stopping squid, if it isn't running
This is to make writing scripts that control squid easier.
Note that it should still notify the user, and should not affect other
operations (e.g., kill, rotate, parse).
Amos Jeffries [Thu, 19 Feb 2009 02:08:56 +0000 (15:08 +1300)]
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
external_acl_type %<{ and %USER_CERT_ / %CA_CERT_ parsing brokenness
The parsing of external_acl_type formats was sligtly broken, destroying
%<{ (request header) if SSL was enabled and never able to parse %USER_CERT_
or %CA_CERT_..
Also clarified request/reply header syntax slightly
Amos Jeffries [Sun, 8 Feb 2009 09:34:00 +0000 (22:34 +1300)]
Author: Francesco Chemolli + Amos Jeffries
Pconn not being used when they should.
A slight misalignment between the keys generated for push and pop of
connections to the waiting pool caused new connections never to match
any of the existing connections.
This patch makes several alterations to achieve a fix:
- reduces the FwdState push logics down into a simple selection in
pconnPush function which previously was a dumb wrapper.
- adds a dump of current hash keys to the cacheManager pconn report
- adds much better debugging to the pconn process at level 48,3 and 48,6
- adds some additional documentation of code to the related call tree
Pconn API after this patch :
The Pconn KEY takes several parameters (host, port, domain, client-ip).
For HTTP requests this is normally generated from the request data of
same name with domain being optional since it may be identical to host.
However for peer-sourced requests this alters slightly and the host:port
fields become the peer NAME and HTTP-PORT.
This means the pconn key in abstract becomes a key to the TCP remote-end of
the link with an optional anchor on the domain being requested.
Amos Jeffries [Sun, 18 Jan 2009 03:30:40 +0000 (16:30 +1300)]
Import 3.1 TestBed scripts.
I'm sick of fiddling with the old manual testing permutations.
3.1 testbed is now stable enough to port.
This adds the basic build test structure and layers which 3.0 is currently
known to pass. Some 'make check' errors prevent further layers being added
at this time. That is expected to change.
Amos Jeffries [Sat, 17 Jan 2009 03:04:27 +0000 (16:04 +1300)]
Bug 2556: HTCP fails without icp_port
Removes requirement for ICP port to be open for peer UDP queries to take
place.
TODO: Some work still needs to be done to separate the timeout from
icp_timeout and break ICP specific query logics out into icp code files.
But that is just cleanup for later.
projects / thirdparty / squid.git / log
