Henrik Nordstrom [Fri, 14 May 2010 04:13:30 +0000 (06:13 +0200)]
Clean up use of commResetFD when socket incompatible with requested address
This patch backs out part of the patch for Bug #2222 and replaces it by
crudely cycling over the available addresses, trying to skip over
addresses not compatible with the current socket.
This solves issues seen when using tproxy or tcp_outgoing_address and
DNS of the requested host returns AAAA records in addition to A records.
This change is interim, waiting for the larger connection setup
overhaul, but seems to do the trick for now.
One effect of this change is that there will be no fallback to the other
IP generation if the socket is configured to a specific outgoing
address. Priory the code threw away the outgoing address and tried
again when encountering an incompatibility.
Author: Francesco Chemolli <kinkie@squid-cache.org>
Improved helper configlets for wider compatibility.
* Add configlet tests for building the DB basic auth helper
* Improved detection of samba prefix for wbinfo_group and SMB
* Also check for SASL shared libraries in SASL helper
* Distribute the config.test files to enable auto-build properly
Bug 2899: Restore lost rfc1738_unescape() data type
Data type was converted to char from int during recent upgrades.
On unix systems char is unsigned making the safety checks fail on build.
This reverts the type back to a usable signed int, no logic changes.
Amos Jeffries [Tue, 23 Mar 2010 11:31:32 +0000 (00:31 +1300)]
Default pinger OFF
The pinger install is still done without the special permissions needed.
So the pinger will fail to run in most setups. Will turn this on again
in a later release when the pinger is actually installed properly by
default.
Amos Jeffries [Fri, 19 Mar 2010 10:22:14 +0000 (23:22 +1300)]
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Drop ufsdump from default builds.
As reported some weeks ago ufsdump fails to link on the upcoming Fedora
13 release due to linking issues, and as reported by Amos the same
linking issues is now also seen on Debian since somewhere between March
2 - 5.
While investigating this I found the following conclusions
- We are not actually installing ufsdump
- The dependencies between the Squid libraries are very non-obvious,
with libraries depending on plain object files and other strange things.
- The ufsdump linkage issues is somehow triggered by the libraries
including objects needing symbols from objects not included in that link
- Those failing library objects are not actually needed by ufsdump.
Linking succeeds if repeatedly removing each reported failing object
from the squid libraries.
- If the libraries were shared libraries then linking would fail on all
systems
The issue have been identified, or actually two separate issues. What is
yet unclear is what is the proper solution..
- Inline operator overloading causing indeterministic linkage,
resulting in seemingly unneeded sub modules being pulled in "at random".
Most notably this is seen with our custom new operation (which btw is
duplicated in two places: src/SquidNew.cc and include/SquidNew.h)
- The current Squid libraries have very unclear dependencies with no
clean boundaries, resulting in linking failure when the above happens..
Amos Jeffries [Wed, 10 Mar 2010 09:45:55 +0000 (22:45 +1300)]
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Various other Digest parser fixes
* Correct debug message when failing to parse digest attributes
* Correct digest stale=false in POST workaround code
* Fix new digest parser shutdown code when digest auth not configured
* Sanity check of the username.
" cannot be allowed in usernames until the digest helper protocol
has been redone
Amos Jeffries [Sat, 6 Mar 2010 03:42:04 +0000 (16:42 +1300)]
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Bug 2367: Fix stale=true on digest requests with unknown nonce
The nonce staleness check only worked if the stale nonce had not yet
been garbage collected, often resulting in incorrect stale=false
responses and resulting auth popups when using digest auth.
Note: this fix is different from how it's done in squid-2 where fixHeader
is called on all schemes in such conditions but only the active one with
and auth_user_request. Not entirely sure why that is done, but commit
message says something about Negotiate authentication.
Amos Jeffries [Fri, 12 Feb 2010 12:26:49 +0000 (01:26 +1300)]
Author: Jean-Gabriel Dick <jean-gabriel.dick@curie.fr>
Bug 1843: multicast-siblings cache_peer option for optimising multicast ICP relations
'multicast-siblings' : this option is meant to be used only for cache peers of
type "multicast". It instructs Squid that ALL members of this multicast group
have "sibling" relationship with it, not "parent". This is an optimization
that avoids useless multicast queries to a multicast group when the requested
object would be fetched only from a "parent" cache, anyway. It's useful, e.g.,
when configuring a pool of redundant Squid proxies, being members of the same
multicast group.
projects / thirdparty / squid.git / log
