Henrik Nordstrom [Mon, 14 Apr 2008 21:03:20 +0000 (23:03 +0200)]
Bug #2310: Incorrect default time/date log format
The %tl and %tg logformat tags is meant to use the same date format as
Apache/NCSA, but in Squid-3 there was a space instead of : between the
date and time.
Alex Rousskov [Mon, 14 Apr 2008 16:18:00 +0000 (10:18 -0600)]
Bootstrap lib/libLtld when running top-level bootstrap.sh.
This appears necessary because libtoolize-generated lib/libLtdl/Makefile.in is
probably made with an older automake version and refers to a non-existent
mkinstalldirs script. Yet, bootsrapping libLtdl produces warnings (or
non-fatal errors) so I am not sure it is the right thing to do long-term.
Part 1 adds complete TPROXYv4 capabilities to Squid.
The alterations are rather superficially tacked into the netfilter support.
Polish for this feature involves some rather intrusive alterations to
transparency which are still undergoing testing. That is part 2.
A temporary configure option --enable-linux-tproxy4 is provided as part of
this commit to enable the TPROXY v4 code. Part 2 will remove this option
again in favour of squid.conf transparency controls.
Alex Rousskov [Sat, 12 Apr 2008 04:52:49 +0000 (22:52 -0600)]
eCAP support, part 1: Loadable modules and ICAP-independent Squid core.
The first part of eCAP work includes (a) initial support for loadable
modules and (b) removing ICAP from main Squid sources, replaced with the
adaptation API that does not depend on a specific adaptation mechanism.
The patch does not contain significant changes to main Squid sources.
Generic adaptation API should minimize significant core changes going
forward. Details are below. For a low-level change log, see the eCAP bzr
branch at https://code.launchpad.net/~rousskov/squid/ecap
Configuration and features:
Added adaptation_service_set squid.conf option, deprecating
icap_class. The new option has more accurate documentation and does
not depend on the adaptation protocol so one can group eCAP and ICAP
services.
Added adaptation_service_set squid.conf option, deprecating
icap_access. The new option has more accurate documentation and does
not depend on the adaptation protocol so one can mix-and-match eCAP
and ICAP ACL rules.
Added loadable_modules squid.conf option to specify what shared
libraries to load dynamically. The support is based on libtool's ltdl
convenience library and is enabled by default. It can be disabled
using --disable-loadable-modules. Loadable modules are needed for
eCAP, but loadable_modules code deals with generic module
manipulation, independent from eCAP support. Squid does not yet
communicate with the loaded modules. TODO: support cachemgr
reporting and reconfiguration of modules.
Internals:
Squid core no longer knows about ICAP: General message adaptation code
has been moved from src/ICAP to src/adaptation/. The only connection
between main Squid code and ICAP is squid.conf parser and a few
enabling lines in main.cc. USE_ADAPTATION is enabled if ICAP_CLIENT or
USE_ECAP is enabled. TODO: Make adaptation comments, debug, and error
messages in main Squid code ICAP-neutral. This has not been done yet
to reduce VCS conflicts.
The src/ICAP/ directory now has its own Makefile (so does the new
src/adaptation). TODO: Should ICAP and eCAP directories be moved
inside adaptation/?
The eCAP directory and the --enable-ecap option have been added, but
they should not be used yet.
Added an adaptation service group API to support groups of services.
Current code supports service sets and single-service groups. Sets
provide a way to group interchangeable services together so that one
(the "best" available) service is applied to the message. A
single-service group is an internal feature to allow user to mix
service and group names in squid.conf ACLs. TODO: support service
chains (as a service group) and perhaps group of groups?
Implemented delayed creation of adaptation services. We used to create
ICAPServiceRep objects when parsing the configuration file.
Create-as-you-parse is imperfect for several reasons, especially if
the services are dynamically loaded as is the case with eCAP. We now
remember the service configuration and then create the actual service
object _after_ the configuration has been parsed and loadable modules,
if any, have been loaded.
The bootstrap.sh script has been updated to generate ltdl library
using libtoolize and move it to lib/libLtdl (except for the standard
copyright file). With libtool version 2, the move will be supported by
libtoolize itself. The lib/libLtdl directory and libtool.m4 file are
not in VCS.
Wrap ESI headers away from .h dependency testing when module disabled.
These mysteriously had passed all dependency tests on machines where
the XML libraries existed, despite ESI disabling. Only showed up when built
on a machine without Expat.
Make IdleConn::removeFd err on the soft site if the fd could not be found
this fixes the assert seen by Tsantilas Christos. It's not really a proper
fix to the underlying problem, but at least makes Squid surive.
The actual problem is race windows introduced by the async call queue. In
this case both "closed by remote server" and "timeout" events may get queued
at the same time, or to be specific the "closed by remote server" read event
stays in the queue and gets called even after pconn has deregistered interest
in the event.
Migrate uses of comm_set_transparent to using comm_openex flag instead.
Cleaner and reduces the overall Comm API.
IPv6 update had incorrectly interpreted comm_open flags as ai_flags.
(same context, different actual name/values)
Bug #2001: Fails to forward responses where headers >4KB
This changes reply processing to clone the already parsed reply header
instead of trying to parse it yet another time. This allows us to seek
over the header contents and that way get away with just having a 4KB
buffer..
In the long run the store client API will be changed to provide a clean
split between headers and body, providing headers in parsed form (including
intermediary 1xx messages) and then the body starting at offset 0. This
change is a first step along that path but without changing the store client
api as such, with the intention of being merged into 3.0.
Fallback on transparent interception mode even if the connection didn't seem
to be transparently intercepted
Needed to deal properly with situations where connections to the local host
is intercepted, or when people NAT outside the Squid server but still compile
Squid with support for the NAT/interception method availabe on the host OS..
Alex Rousskov [Fri, 4 Apr 2008 16:26:01 +0000 (10:26 -0600)]
Moved AccessCheck object creation and check starting to AccessCheck::Start.
We may be able to simplify the callers further by migrating to the AsyncJobCall
interface for callbacks.
Alex Rousskov [Fri, 4 Apr 2008 05:31:40 +0000 (23:31 -0600)]
Added global Enabled flag to Adaptation::Config so that AccessCheck::Start
can check that instead of becoming dependent on each adaptation mechanism
and its config.onoff setting. Could have created a generic Registry of
all adaptation mechanisms instead.
Alex Rousskov [Thu, 3 Apr 2008 21:24:07 +0000 (15:24 -0600)]
Got rid of references to libtool.m4 because libtoolize does not require it
and we want to rely on packager's version anyway (just like with other
autotools-generated or provided files).
Selectively roll comm_connect_addr part of the Linux leak fix out of trunk.
The IPAddress and configure parts are left to simplify future testing of why it
does not work in FreeBSD and what went wrong with the sockaddr_storage.
Attempted fix for FreeBSD run-time socket error "(22) Invalid Object" on connects
- Sets the ss_len / sin_len / sin6_len fields of sockaddr_* objects
when retrieved for connection setup.
- Tests the OS at compile time for each of these fields existence to
cope with some OS (ie Linux) not using or providing them.
Alex Rousskov [Thu, 3 Apr 2008 05:31:29 +0000 (23:31 -0600)]
Added an adaptation service group API to support groups of services. Current
code supports service sets and single-service groups. The former provides a
way to group interchangeable services together so that one (the "best"
available) service is applied to the message. The latter is an internal
feature to allow user to mix service and group names in squid.conf ACLs.
TODO: support service chains (as a service group) and perhaps group of groups.
Moved adaptation access rule state from being shared between ICAPClass and
ICAPAccessCheck classes into a dedicated AccessRule class. This simplifies
both classes and allows for checking access rules in the correct order.
Use group names when linking adaptation access rules to groups. This is less
efficient (especially since we are still using Vector iteration to find a
matching group) but much simpler. TODO: Optimize.
All adaptation services, access rules, and service groups now have a
finalize() method that is called after configuration parsing has been
completed but before the main loop starts. This allows to verify or optimize
name-based links to other services, rules, and groups.
Moved adaptation access check and group classes into their own files.
Added adaptation_service_set squid.conf option, deprecating icap_class. The
new option has more accurate documentation and does not depend on the
adaptation protocol so one can group eCAP and ICAP services.
Added adaptation_service_set squid.conf option, deprecating icap_access. The
new option has more accurate documentation and does not depend on the
adaptation protocol so one can mix-and-match eCAP and ICAP ACL rules.
Alex Rousskov [Thu, 3 Apr 2008 04:41:41 +0000 (22:41 -0600)]
Honor 0x and 0 prefixes as numeric base indication when parsing squid.conf
integer options.
Squid3 parses squid.conf file integers as decimal numbers while Squid2 honors
0 and 0x prefixes (indicating octal and hex numbers). The later functionality
is needed for things like unmask that are traditionally specified using octal
format.
This patch changes Squid3 behavior to match that of Squid2.
Internally, Squid3 uses sscanf and Squid2 uses strtol.
TODO: Squid3::GetInteger should probably use xatol,
and xatol should be fixed to proper verify the result of strtol.
Alex Rousskov [Mon, 31 Mar 2008 04:31:48 +0000 (22:31 -0600)]
Added generic support for loadable Squid modules or plugins.
The "loadable_modules" squid.conf option specifies what shared libraries to
load dynamically. The support is based on libtool's ltdl library, which has
been integrated with Squid prior to this commit, along with the
--enable-loadable-modules ./configure option.
Loaded modules are currently never unloaded, but that may change.
Loadable modules are needed for eCAP, but loadable_modules code deals with
generic module manipulation, independent from eCAP support.
TODO: support cachemgr reporting and reconfiguration.
Alex Rousskov [Sun, 30 Mar 2008 19:48:34 +0000 (13:48 -0600)]
Renamed types and members after moving adaptation-method-agnostic APIs to the
Adaptation namespace and adding support for delayed adaptation service
creation.
Alex Rousskov [Sun, 30 Mar 2008 19:40:57 +0000 (13:40 -0600)]
Renamed types and members after moving adaptation-method-agnostic APIs to the
Adaptation namespace and adding support for delayed adaptation service
creation.
Alex Rousskov [Sun, 30 Mar 2008 19:13:51 +0000 (13:13 -0600)]
Moved configuration options that do not depend on the adaptation method
from ICAP/ICAPConfig to adaptation/Config. ICAP and eCAP will not share
the same base configuration but will share the same base configuration code
(i.e., there will be two independent ICAPConfig and ecap::Config objects,
but they will have a common parent).
Implemented delayed creation of adaptation services. We used to create
ICAPServiceRep objects when parsing the configuration file.
Create-as-you-parse is imperfect for several reasons, especially if the
services are dynamically loaded as is the case with eCAP. We now remember the
service configuration and then create the actual service object _after_ the
configuration has been parsed and loadable modules, if any, have been loaded.
No functional changes are expected from this change.
Alex Rousskov [Sun, 30 Mar 2008 19:06:02 +0000 (13:06 -0600)]
Moved ICAP/ICAPInit* classes to adaptations/Init* classes.
This move helps Squid core code to manage adaptations without referring
to a specific adaptation mechanism. No functional changes are expected,
although InitiateHolder has been polished to prevent dereferencing of
invalidated Initiator.
Alex Rousskov [Sun, 30 Mar 2008 19:00:57 +0000 (13:00 -0600)]
Moved ICAP/ICAPInit* classes to adaptations/Init* classes.
This move helps Squid core code to manage adaptations without referring
to a specific adaptation mechanism. No functional changes are expected,
although InitiateHolder has been polished to prevent dereferencing of
invalidated Initiator.
Alex Rousskov [Sun, 30 Mar 2008 18:20:14 +0000 (12:20 -0600)]
Migrating from ICAP-specific API to generic "adaptation" API.
Core Squid code should not care about the specific adaptation mechanism in
use.
This change should not affect Squid functinality.
The migration is not complete because the on/off switch is still
ICAP-specific and because comments, debug, and error messages may still
refer to ICAP.
projects / thirdparty / squid.git / log
