Alex Rousskov [Wed, 18 Nov 2015 05:46:36 +0000 (22:46 -0700)]
Store API and layout polishing. No functionality changes intended.
This first step towards bug #7 fix focuses on fixing "any Store is a
Root" API that forced us to bloat the base Store class with methods
needed only in Store::Root() Controller.
We resolved about 15 XXXs and 10 TODOs (although these counts are
inflated by many duplicated/repeated problems). We added a few new
XXXs and TODOs as well, but they are just marking already problematic
code, not adding more problems or genuinely new work.
The code movement to files in parenthesis is not tracked by bzr
because bzr cannot track file splits, and most of the moved code had
to be split across multiple files to untangle various messes. When
deciding what to tell "bzr mv", we picked file pairs that would allow
us to track the most complex, most voluminous code but there is
probably no single correct way to do that.
src/disk.* files were renamed to src/fs_io.* to avoid "src/foo
conflicts with src/store/Foo" problems expected on some case-
insensitive platforms.
The Store namespace hierarchy now looks like this:
* Storage: Any storage. Similar to the old Store class, but leaner.
* Controller: Combined memory/disks caches and transients. Root API.
* Controlled: Memory cache, disk(s) cache, or transient Storage.
* Disks: All disk caches combined.
* Disk: A single cache_dir Storage.
* Memory: A memory cache.
* Transients: Entries capable of being collapsed for CF.
The last two are not moved/finalized yet, but it should not be too
difficult to do that later because there are few direct references to
them from the high-level code.
Related polishing touches:
Moved a lot of misplaced code into the right class and/or source file.
Simplified Store::search() interface to match the actual code that
does not support any search parameters. Removed the search API from
all other stores because the code did not really support store-
specific searches. Resisted the temptation to rename parameterless
search() to iterate() or similar because the actual future of this API
is murky. We may add search parameters or even remove the method
completely. This could quickly snowball into a separate project.
Removed Store::get(x,y,z) API as unused and unsupported.
Removed FreeObject() template as unused (and possibly technically
flawed).
Simplified default Store initialization/cleanup sequence. Removed
empty disk_init(). The non-default Store::Init() parameter is used by
the unit testing code only.
Simplified Store::dereference() API by moving the second parameter to
dedicated Controller::dereferenceIdle() method that is the only ones
using that parameter.
Alex Rousskov [Wed, 18 Nov 2015 05:34:33 +0000 (22:34 -0700)]
Fixed STUB_RETREF() implementation to return the right type.
Removed bogus STUB_RETREF() comment about memory leaks in _unreachable_ code.
Deprecated STUB_RETSTATREF() as essentially duplicating STUB_RETREF().
Alex Rousskov [Wed, 18 Nov 2015 05:32:24 +0000 (22:32 -0700)]
Make RefCount pointers behave more like regular pointers.
Allow default (but safe, thanks to C++11) conversion of RefCount
pointers to bool. This helps keep the code succinct, minimizes changes
during conversion of reference counting pointers to/from other pointer
types, and avoids nullptr/NULL differences.
Amos Jeffries [Wed, 18 Nov 2015 03:23:59 +0000 (19:23 -0800)]
Combine the https_port list internal state with http_port state.
These two lists have been near identical for some time now and we can
easily reduce code by simply merging the two and using either the
secure.encryptTransport flag or the transport.protocol type to select
the remaining non-identical code paths.
Amos Jeffries [Tue, 17 Nov 2015 10:14:15 +0000 (02:14 -0800)]
Prevent all TUNNELs being marked as ABORTED
TUNNEL transactions are naturally ended by one of the client or server
closing the connection. This is not an abort. So finish the CONNECT
message context cleanly when the tunnel is closed.
Amos Jeffries [Tue, 17 Nov 2015 03:50:31 +0000 (19:50 -0800)]
Rename ClientSocketContext::connIsFinished() to finished()
Removes some needless mentions of "conn" and clarifies that the method
handles the context object and transaction finishing, not the connection
it belongs to.
Amos Jeffries [Tue, 17 Nov 2015 03:26:01 +0000 (19:26 -0800)]
Use connIsFinished() when a transaction is completed successfully
initiateClose() may sound okay, but it actually is the error handling logic.
It will terminate the ConnStateData with an erro rmessage, leaving the completed
request in the pipeline which in turn will result in *_ABORTED being logged for
all requests with Connection:close headers even if they are cleanly finished.
connIsFinished() is (now) the clean way to finish ClientSocketContext objects
lifetime regardless of whether keep-alive is needed. The ConnStateData::kick()
will now handle that so we do not even need to call keepaliveNextRequest().
Remove the now unused ClientSocketContext::keepaliveNextRequest().
Alex Rousskov [Sun, 15 Nov 2015 17:54:58 +0000 (10:54 -0700)]
Stop using dangling pointers for eCAP-set custom HTTP reason phrases.
Squid still does not support [external] custom reason phrases and,
hence, cannot reliably support eCAP API that sets the reason phrase to
the one supplied by the adapter. This and r14398 changes fix [known]
regression bugs introduced by r12728 ("SourceLayout").
Alex Rousskov [Sun, 15 Nov 2015 16:59:12 +0000 (09:59 -0700)]
Fixed status code-based HTTP reason phrase for eCAP-generated messages.
Calling .reason() on a not-yet-set theMessage.sline object resulted in
"Init" status reason phrase for all from-scratch (i.e., not cloned)
eCAP-made HTTP responses. This fix lets Squid compute the reason phrase
based on the status code, just like Squid does for forwarded responses
(IIRC).
The ERR_SECURE_ACCEPT_FAIL and ERR_REQUEST_START_TIMEOUT errors apears that
have missing templates on squid startup.
Actually these errors does not produce any error page. Move them under the
TCP_RESET error in err_type.h to mark them as optional.
- Squid receives TLS Hello from the client (TCP connection A).
- Squid successfully negotiates an TLS connection with the origin server
(TCP connection B).
- Squid successfully negotiates an TLS connection with the client
(TCP connection A).
- Squid marks connection B as "idle" and waits an HTTP request from
connection A.
- The origin server continues talking to Squid (TCP connection B).
Squid detects a network read on an idle connection and closes TCP
connection B (and then the associated TCP connection A as well).
This patch:
- When squid detects a network read on server idle connection do an
SSL_read to:
a) see if application data received from server and abort in this case
b) detect possible TLS error, or TLS shutdown message from server
c) or ignore if only TLS protocol related packets received.
Amos Jeffries [Sun, 8 Nov 2015 15:09:16 +0000 (07:09 -0800)]
Fix compile erorr on clang undefined reference to '__atomic_load_8'
Later versions of GCC on some architectures push atomic functions
out into a separate atomic library. Older versions of clang do not
handle that automatically and require the library to be linked
explicitly.
Add a check for when this is required and set ATOMICLIB if needed.
Amos Jeffries [Sat, 7 Nov 2015 12:08:33 +0000 (04:08 -0800)]
Split core Server operations from ConnStateData
This improves the servers/libserver.la class hierarchy in
preparation for HTTP/2 and other non-HTTP/1.1 protocol support.
The basic I/O functionality of ConnStateData is moved to Server
class and a set of virtual methods designed to allow for child
class implementation of data processing operations.
No logic is changed in this patch, just symbol renaming and
moving of method logics as-is into libservers.la
The autoconf check for SQUID_SSLGETCERTIFICATE_BUGGY fails on ssl library
builds which don't include SSLv3; as a result of the autoconf decision
this can end up triggering the assert(0) in Ssl::verifySslCertificate()
in ssl/support.cc (line 1712 in 3.5.11).
Allow unlimited LDAP search filter for ext_ldap_group_acl helper.
The LDAP search filter in ext_ldap_group_acl is limited to 256 characters.
In some environments the user DN or group filter can be larger than this
limitation.
This patch uses dynamic allocated buffers for LDAP search filters.
Restrict the number of downloaded certificates and the nested certificates
downloads per SSL connection
- Do not allow more than Ssl::PeerConnector::MaxCertsDownloads downloaded
certificates for each SSL connection. This variable set to 10 for now.
- Restrict the number of nested certificates downloads. For example
when the certificate located in an SSL site which requires to download a
a missing certificate (... from an SSL site which requires to download a
missing certificate )*
On resumed sessions the SSL server will send a "Change Cipher Spec Protocol"
message instead of Certificates message.
After the CCS protocol message received we waiting an Finished SSL handshake
message. However this message may received encrypted and we can not decrypt it
in order to parse it correctly.
This patch after the CCS message received finishes parsing.
However maybe still messages from server must received and appended to
ServerBio::rbuf in order to sent later on SSL client in the case of splice.
This patch get back the ServerBio::record_ mechanism which is enabled/disabled
by the caller Ssl::PeekingPeerConnector class. The ServerBio code writes to
ServerBio::rbuf buffer as long as the ServerBio::record_ flag is set to true
by the Ssl::PeekingPeerConnector.
Internal requests (eg comming from Downloader) must not peek-and-spliced
- Do not use the Ssl::PeekingPeerConnector to connect to remote site for
internal HTTPS requests, peek-and-splice does not make any sense when the
client is missing. Use the Ssl::BlindPeerConnector instead.
- Fix Ssl::BlindPeerConnector to work with requests comming from Downloader:
* Use the default Config.ssl_client.sslContext as SSL_CTX context for
these requests
* Allow Ssl::BlindPeerConnector work with requests does not destined to a
cache peer
Amos Jeffries [Sun, 1 Nov 2015 10:07:41 +0000 (02:07 -0800)]
Fix shutdown aborts after rev.14374
Changes to signal processing introduced by rev.14374 causse Squid to
ignore repeated signals.
However, repeated shutdown signals actually has meaning and need to abort
the shutdown delay timeout. So we need to allow those through to the
shutdown signal handler.
Alex Rousskov [Fri, 30 Oct 2015 20:38:57 +0000 (14:38 -0600)]
Bug 3574: To avoid crashes, prohibit reconfiguration during shutdown.
Also consolidated and polished signal action handling code:
1. For any executed action X, clear do_X at the beginning of action X
code because once we start X, we should accept/queue more X
requests (or inform the admin if we reject them).
2. Delay any action X requested during startup or reconfiguration
because the latter two actions modify global state that X depends
on. Inform the admin that the requested action is being delayed.
3. Cancel any action X requested during shutdown. We cannot run X
during shutdown because shutdown modifies global state that X
depends on, and we never come back from shutdown so there is no
point in delaying X. Inform the admin that the requested action is
canceled.
The child signal handling action is exempt from rules #2 and #3
because its code does not depend on Squid state.
Repeated failed attempts to fix crashes related to various overlapping
actions confirm that this code is a lot trickier than it looks. This
change introduces a more systematic/comprehensive approach to
resolving associated conflicts compared to previous ad hoc attempts.
These changes were not inspired by bug 3574 but they provide a
more comprehensive version of the earlier bug 3574 fix (r14354).
Amos Jeffries [Fri, 30 Oct 2015 12:59:17 +0000 (05:59 -0700)]
Add Locker friend class to SBuf for protection against memory issues
When appending or otherwise modifying an SBuf based on a SBuf& or char*
the parameter used may be pointing at the MemBlob memory buffer
indirectly without holding a separate ref-count lock to it.
If 'this' SBuf then requires reallocation for any reason the char* or
buffer pointer taken from the SBuf&, which is being manipulated may in
fact be left pointing at invalid memory.
Utilize a private Locker class to create relatively cheap ref-count locks
on the store_ MemBlob when this problem MAY occur. This Locker needs to
be used on all non-const SBuf methods accepting char* or SBuf& argument.
Amos Jeffries [Thu, 29 Oct 2015 18:53:48 +0000 (11:53 -0700)]
Add Locker friend class to SBuf for protection against memory issues
When appending or otherwise modifying an SBuf based on a SBuf& or char*
the parameter used may be pointing at the MemBlob memory buffer
indirectly without holding a separate ref-count lock to it.
If 'this' SBuf then requires reallocation for any reason the char* or
buffer pointer taken from the SBuf&, which is being manipulated may in
fact be left pointing at invalid memory.
Utilize a private Locker class to create relatively cheap ref-count locks
on the store_ MemBlob when this problem MAY occur. This Locker needs to
be used on all non-const SBuf methods accepting char* or SBuf& argument.
Alex Rousskov [Thu, 29 Oct 2015 06:00:15 +0000 (00:00 -0600)]
Rewrote ServerHello parsing using a [binary] tokenizer approach.
Added nearly-protocol-agnostic BinaryTokenizer that can extract numbers
(in the commonplace network byte order or big-endian format) and opaque
fixed-size areas. The new tokenizer supports incremental parsing via
commit points and rollbacks. It is meant to be "safe" and provide
helpful debugging of parsed [packet] fields.
Declare a few RFC 5246 structures (that we need to parse) as C++ structs
in a new Rfc5246 namespace. These structures know how to "load"
themselves atomically using a BinaryTokenizer object.
Fixed SSL server parsing by separating record and "higher-level" layers.
Each layer has to be parsed using a dedicated tokenizer because
higher-level messages may be split across multiple record layer frames.
Parse and accumulate server certificates as we receive Certificate
messages.
This code is not fully polished and has several important XXXs and
TODOs. Eventually, all SSL parsing code (at least) should be converted
to use BinaryTokenizer or equivalent.
Alex Rousskov [Tue, 27 Oct 2015 03:45:40 +0000 (21:45 -0600)]
Connection stats, including %<lp, missing for persistent connections.
The code reusing a pconn was missing a hier.note() call, resulting in 0
values logged for %<lp (local port number of the last server or peer
connection) and probably other missing stats.
Also refactored poorly copied statistics collection code to remove
duplication and always update to-server connection stats when the actual
connection becomes available.
Positive side effect: Upon setsockopt(2) failures, the tos and nfmark
fields of a pinned connection were set to the desired (but not actually
applied) values, while persistent connection fields were left intact
(and, hence, stale). Both fields are now reset to zero on failures, for
both types of connections.
Aymeric Vincent [Mon, 26 Oct 2015 02:53:30 +0000 (19:53 -0700)]
Fix incorrect authentication headers on cache digest requests
login=NEGOTIATE can have an additional parameter specified,
like login=NEGOTIATE:xxx
One test added in rev.12714 does not take this case into account and it
will send a garbage "login:password" (== "NEGOTIATE:xxx") to its peer
when requesting a digest.
This is a workaround patch to remove the broken Authentication headers
entirely. Support for Negotiate to the peer on these digest requests is
still needed.
Amos Jeffries [Fri, 23 Oct 2015 05:36:51 +0000 (22:36 -0700)]
Avoid errors when parsing manager ACL in old squid.conf
ACL manager is now a built-in definition and has a different type. That
has been causing FATAL errors when parsing old squid.conf. We can be
nicer and just ignore the obsolete config lines.
Alex Rousskov [Thu, 22 Oct 2015 18:34:42 +0000 (12:34 -0600)]
Fetch missing certificates.
Many web servers do not have complete certificate chains. Many browsers
use certificate extensions of the server certificate and download the
missing intermediate certificates automatically from the Internet.
This patch adds a similar feature to Squid:
- Parse Server Hello messages and extract certificates chain.
- Check whether the issuers of each certificate exist in the chain.
- If not, retrieve the issuer certificate URI from Authority Info
extension of the certificate (if it is provided) and download the
certificate.
- Store downloaded certificates in Squid object cache, just like any
other HTTP object.
Implementation highlights:
- A new Downloader class allows Squid subsystems to download objects
via HTTP. These downloads are not backed by a proxy user.
- Add support for an internal database of intermediate pre-loaded
certificates to be used to complete incomplete chains.
- Ssl::HandshakeParser parses TLS records and TLS Handshake messages.
- Ssl::PeerConnector now uses the Downloader objects to download
missing certificates.
Alex Rousskov [Wed, 21 Oct 2015 11:59:13 +0000 (04:59 -0700)]
Fixed chunked parsing by mimicking psChunkEnd state removed in trunk r14108.
... or, more precisely, in r13994.1.4 (parser-ng-chunked: re-write parse
sequence using ParseState stages instead of Step method pointers). Before
parser-ng-chunked, reaching zero theLeftBodySize would switch the chunk
parser to the psChunkEnd state. It was possible to pause parsing in that
state and resume it when more data becomes available, including the CRLF that
follows the chunk data. After parser-ng-chunked, the state remains
HTTP_PARSE_CHUNK which implies positive theLeftBodySize.
Amos Jeffries [Fri, 16 Oct 2015 14:28:52 +0000 (07:28 -0700)]
Bug 4351: compile errors when authentication modules disabled
Authentication modules can be selectively disabled. This means the module
header files need to be wrapped with disable macros, and also code that
depends on module internal definitions.
Alex Rousskov [Thu, 15 Oct 2015 02:52:58 +0000 (19:52 -0700)]
1xx response terminates Squid-to-server connection, breaking many PUTs.
Since trunk revision 13688.1.6 (Use Http1::ResponseParser to process
HTTP server responses), HttpStateData::processReplyHeader() sets
flags.headers_parsed after successfully parsing a 1xx control message.
The rest of the code interprets that flag as "parsed the final response"
and throws a !flags.headers_parsed exception because we have not parsed
the final (non-1xx) response yet. The exception kills virtually any PUT
or similar transaction that triggers an HTTP 100 (Continue) response
from the origin server.
This fix restores the original position of the flags.headers_parsed
update.
projects / thirdparty / squid.git / log
