Amos Jeffries [Mon, 23 Nov 2009 02:20:24 +0000 (15:20 +1300)]
Polish ACL src/dst magic monikers and push upgrading to 'all'.
* Adds 'ipv4' magic moniker. Slightly safer and friendlier than !ipv6
* Updates the IP range parse to detect several old broken cases of 'all'.
Warn loudly and replace with 'all' during parse.
This is needed for all the people who use the 'all' pattern for special
purposes under another name; auth hiding, deny_info redirects, etc.
Henrik Nordstrom [Sat, 21 Nov 2009 22:20:01 +0000 (23:20 +0100)]
FreeBSD for some reason some times do not like our big cf.data script
Split in multiple expressions specified by -e arguments. Seems to work better.
The large blob had a bit of extra space characters in it from the line folding
which seems to be related to the failure. (each command began with a space)
Amos Jeffries [Sat, 21 Nov 2009 00:56:13 +0000 (13:56 +1300)]
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Style Makefile.am to use variable expansion instead of @ AUTOMAKEVAR
@AUTOMAKEVAR@ is troublesome when used in \ constructs as it may expand
to empty and the last line in a \ construct must not be empty or some
make versions will fail.
thankfully automake adds all variables for us, so using
is preferred.
Also:
* Cleanup our big sed rule to avoid automake collisions
* Odd REPL_POLICIES comment reference in repl/Makefile.am
Amos Jeffries [Sat, 14 Nov 2009 11:28:42 +0000 (00:28 +1300)]
Polish rfc1738 library code. Add cppunit tests.
* Adds API header file for this library.
* Reveals the do_escape API and creates meaningful flags for its API.
* Adds documentation.
* Convert original unit tests by Robert Collins to cppunit code
* Add new tests based on work for Samba by Andrew Bartlett
Amos Jeffries [Thu, 12 Nov 2009 13:46:50 +0000 (02:46 +1300)]
Author: Francesco Chemolli <kinkie@squid-cache.org>
Bug 2778: fix linking issues using SunCC
SunCC doesn't handle inline extern functions, and misses some duplicate
code detection features gcc has; as a result squid-specific operator new and
operator delete get defined multiple times and fail linking.
* Implemented a compiler-specific workaround by de-inlining the code.
* Improved Solaris OS detection logic.
Amos Jeffries [Wed, 4 Nov 2009 04:06:57 +0000 (17:06 +1300)]
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Various TPROXYv2 detection fixes
* Typo in quoting of build option
* Temporary patch forcing LINUX_TPROXY2 disabled if requirements unmet.
will be redone later to properly wind up dependencies and enabling of LINUX_TPROXY2 & friends.
Amos Jeffries [Tue, 27 Oct 2009 05:24:36 +0000 (18:24 +1300)]
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Polished ESI support
* make libxml2 and libexpat parser modules pluggable (Henrik)
* make libexpat and libxml2 tunable at configure time (Amos + Henrik)
* Fix Bug 2794: ESI parsing fails on FreeBSD (Francesco Chemolli)
* Enable ESI by default and auto-test
Author: Adrian Chadd <adrian@squid-cache.org>
A tproxy cache cluster (eg behind WCCPv2) can't peer.
The issue stems from the forwarding logic creating source address spoofed
sockets to destinations that are inside the cluster. Since the WCCPv2
router won't redirect packets with an origin of the proxy MAC (at least for
L2 peering), source spoofed packets go out and are routed normally. The
packets back from the destination peer have a remote end of the spoofed IP,
and are instead sent to teh original client rather than the proxy.
The forwarding logic needs to be taught to optionally enable tproxy source
spoofing on connections based on a peer flag.
Just for completeness - tproxy'ed connections to a upstream or peer proxy
which is -outside- of the WCCPv2 tproxy cluster work fine.
Many of the occasions Squid was calling bind() are not required. This
reduces the bind() calls to only those which are actually needed.
Further optimization can be done in a future version to drop the paranoid
and slightly performance degrading safety checks for instances of Squid
binding ANYADDR without listener status, and attempting to bind NOADDR.
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Split some asserts with side-effects
assert expressions should not have any noticeable sideffects or otherwise
be important for the program flow operation. If not unexpected results is
seen from compiling with -DNODEBUG
Auto-detect the amount of TPROXY support available.
Uses the configured port address type to determine the level of testing
done. Systems with IPv4-only TPROXY (kernel 2.6.28 to 2.6.3*) will have
their ports reduced to IPv4-only, and those with IPv6 support will see
the port open as IPv6. This is done at run-time to cater for patched
kernels and kernel upgrades underneath Squid.
Bug 2570: wccp2 "Here I Am" announcements not sent
There is a bit of re-work in configuration needed before this can go into
the storage config scope where it belongs. Temporary fix for 3.1.
see bug report for details.
Author: Alex Rousskov <rousskov@measurement-factory.com>
Fixed entry size calculation for the max-size cache_dir selection algorithms.
There were two sides of this bug:
In src/store_swapout.cc, we must create metadata earlier because
storeCreate() needs swap_hdr_sz. With swap_hdr_sz unknown at the time of
storeCreate(), the SwapDir selection algorithms may select SwapDirs that
should not really take the entry as the real storage size (with the
metadata swap_hdr_sz) would exceed the store slot size.
In src/store_dir.cc, we must add the metadata size before looking for
cache_dirs that accept objsize. Only the "new"
storeDirSelectSwapDirRoundRobin selection scheme was affected.
projects / thirdparty / squid.git / log
