Amos Jeffries [Wed, 18 Aug 2010 23:43:22 +0000 (17:43 -0600)]
Author: Alex Rousskov <rousskov@measurement-factory.com>
Bug 3016: HTTP/1.1 compliance: default keep-alive for 1.0/1.1 clients.
aka. NTLM Authentication with Java UA + SSL Problem
Moved httpMsgIsPersistent(version, headers) to HttpMsg::persistent(void).
This move makes it clear that the logic applies only to the message being
examined and not some irrelevant information such as HTTP version supported
by Squid.
Side-effects:
- In v3.2, Squid stops using persistent connections with HTTP/1.0 clients
that do not send "Connection: keep-alive".
- In v3.1, Squid starts using persistent connections with HTTP/1.1 clients
that do not send "Connection: close".
- HttpReply now sets HttpMsg::http_ver member. It is not clear whether
that member was ever used for HttpReplies though.
Fixed "ccb->active()" assertion related to the automatic write timeout.
We need to manually cancel writer's interest in select(2) before calling back
so that select() does not try to call the write handler when there is no
active callback anymore. Normally, select() cancels writer's interest when
calling the write handler, but in this case the call back is triggered not
from select() but from checkTimeouts().
Amos Jeffries [Fri, 13 Aug 2010 11:54:31 +0000 (23:54 +1200)]
Permit rotate logs from cachemgr
Given that reconfigure, shutdown and offline already have password-protected
remote actions available it makes sense to permit the less critical rotate
as well.
Amos Jeffries [Fri, 13 Aug 2010 09:37:46 +0000 (03:37 -0600)]
Fix 32-bit wrap in refresh_pattern min/max values.
Attached patch limits the values to 1 year (arbitrary based on rumours
about good caching times). Checking for 32-bit wrap and setting the max
1 year limit instead of cutting them to zero.
The expected outcome of this is correct cache storage time extension
according to refresh_pattern documentation when people desperately set
min/max to > a million minutes. Instead of a silent always-stale verdict.
Amos Jeffries [Fri, 13 Aug 2010 07:53:08 +0000 (01:53 -0600)]
HTTP/1.1 compliance: Stop using Proxy-Connection header
The Proxy-Connection header is not part of any HTTP standard. It was added
by Netscape to differentiate persistent connections to intermediary proxies
but that duty has been formally superceded by the Connection: header.
This compliance update makes Squid stop sending Proxy-Connection on outbound
requests. Starts consistently using Connection: header instead.
The Proxy-Connection header is also ignored on HTTP-strict builds.
For compatibility we must do a small violation and drop it as a hop-by-hop
header despite strct-mode technically being required to pass it through.
For origin server connections the non-strict builds will retain the
status-quo: interpret it, but treat it as an HTTP/0.9 thing to be
upgraded to HTTP/1.1 Connection:.
Amos Jeffries [Thu, 12 Aug 2010 09:37:14 +0000 (21:37 +1200)]
Author: Stephen Thorne <stephen@thorne.id.au>
Bug 2936: NTLM-Authenticate 407 and Proxy-Connection: Close in same response.
Squid default from the days of HTTP/1.0 was to close connections unless
keep-alive was explicitly known. This changes the default to send
keep-alive unless we have a good reason to close.
Main changes and goals:
- definition of a common naming convention for shell variables
- definition of auxiliary macros to deal with common constructs (--enable-* and --with-*)
- definition of auxiliary macros to deal with autoconf defines
- improvements in configure.in readability and portability
Amos Jeffries [Mon, 9 Aug 2010 12:00:18 +0000 (06:00 -0600)]
Author: Chad Naugle <chad.naugle@travimp.com>
Bug 2999: v1.5 of ext_edirectory_userip_acl
* Modified command-line arguments to closer resemble LDAP auth helper's.
* Added much-needed 'Persistent Connections' option, with timeout.
* Cleaned up some of the debugging statements, and to make debug messages
more meaningful.
Amos Jeffries [Mon, 9 Aug 2010 08:23:45 +0000 (20:23 +1200)]
Fix ICAP service sockets for splt-stack systems.
Makes split-stack systems default to IPv4-only connections.
Adds "ipv6=on|off" option to icap_service config to make Squid do
IPv6-only connections for particular service.
There is currently no middle ground with connection failover possible.
Bug fix: In the case of an error while accessing a gopher server, squid will crash
The GopherStateData::req used to retrieve the releated HttpRequest object in
gopherSendComplete function when a server while accessing the server occurs.
The GopherStateData::req is never assigned and it is always NULL (should be
removed?). The gopherState->fwd->request must be used instead.
Author: Tsantilas Christos <chtsanti@users.sourceforge.net> , Alex Rousskov <rousskov@measurement-factory.com>
Added %http::<bs and %icap::<bs logformat codes to HTTP and ICAP body sizes received from the next HTTP hop or the ICAP server.
Logging "received message body" is useful because Squid may receive a lot
more or a lot less than it serves to the client or than the original resource
size, which may happen when handling Range requests and partial responses,
when adapting bodies, and for other reasons.
For HTTP, we define "received message body" as message body bytes that
Squid stores, merges, adapts, and/or forwards. In most cases, they are the
same as body bytes sent by the server to Squid. However, the two bodies may
differ for reasons such as errors (where the start of the body was not found),
HTTP transfer encodings (where Squid strips chunked encoding to find the
message body), and generated FTP directory listings (that were received in
a completely different format on a control connection).
For ICAP, the "received message body" is the Encapsulated sections, after
the encapsulated HTTP body, if any, is dechunked.
Improved handling of --enable-strict-error-checking
Moved unhandled default definition of HTTP and ICP ports to config.h
Improved documentation of --with-logdir
Fixed documentation of --disable-optimizations
Bundled types detection closer to each other
Made resolver library checks depend on --disable-internal-dns
Solaris 9 is not fully RFC 3493 compliant. It does not provide the
IPV6_V6ONLY even as a null-op option.
There are potentially other systems in the same situation. Fix is to
detect the absence of the option and fall back to split-stack on
IPv6-enabled systems without it.
Shuffled system library checks into acinclude/lib-checks.m4
Fixed some indentation.
Fixed issue with loadable modules variable initialization
Refactored loadable modules configuration.
Refactored inlining configuration.
Moved inline keyword definition out of configure and into config.h
Fixed libTrie inlining configuration.
Alex Rousskov [Mon, 2 Aug 2010 16:43:03 +0000 (10:43 -0600)]
Compliance: Improved HTTP Range header field validation.
1) Improved HttpHdrRangeSpec::parseInit() to parse syntactically valid
range specs:
* Suffix ranges with 0 length (i.e. -0) are syntactically valid.
* Check that last-byte-pos is greater than or equal to first-byte-pos.
After the change, HttpHdrRangeSpec::parseInit() successfully parses suffix
ranges with 0 length. They were rejected before. RFC 2616 section 14.35.1 says
such range specs are syntactically valid but unsatisfiable. Thus, we should
ignore the range spec itself, but not the whole range header. These range
specs will be rejected later, during canonization.
2) In HttpHdrRangeSpec::parseInit(), ignore the whole range header if one of
range specs is syntactically invalid (i.e. range spec parsing fails).
Co-Advisor test case: test_clause/rfc2616/invalidRange
Amos Jeffries [Sun, 1 Aug 2010 06:16:06 +0000 (18:16 +1200)]
Basic split-stack functionality
Enable split-stack detection by default.
There is now enough split-stack support to enable accepting IPv6 client
connections on systems with separate IPv4/IPv6 stacks. Also some limited
server connection capabilities (see tcp_outgoing_addr config hacks).
SNMP, ICP, HTCP listeners and outbound connections currently default to
IPv4-only on these systems to retain backward-compatibility.
But may be explicity configured to IPv6-only. There is no support as yet
for dual-protocol behaviour in the sockets of these three protocols.
This hack was removed during the libtool 2.2 upgrade.
The issue shows up as bundle builds failing to link libltdl/libltdlc.la
when they should in fact be linking ../libltdl/libltdlc.la in src/Makefile
It is caused by the macros of libtool 2.2 assuming the presence of
top_build_prefix but since autoconf 2.62 that was replaced with
ac_top_build_prefix and is no longer automatically defined in Makefile's.
Some distros also seem to have back-ported the removal of top_build_prefix
into their old autoconf causing macro version tests to fail.
httpHdrCcParseInit() ignored all unknown Cache-Control directives
except for the first one because the (type != CC_OTHER) check
applied to the debugging statement only.
Co-Advisor test case: test_case/rfc2616/endHdr-fwd-set-Cache-Control-toSrv
Improved shell variables' portability and security via proper quoting.
Fixed some indentation.
Improved some kerberos-related defines.
Reworked some shell test conditions for efficiency.
Actually made use of MSWindows winsock.h
projects / thirdparty / squid.git / log
