Amos Jeffries [Sat, 30 May 2009 13:40:23 +0000 (01:40 +1200)]
Add Translate: and Unless-Modified-Since: headers to known list.
They are custom microsoft headers we may need to use header_access to
crop away. Translate: is needed for WEBDAV so we must leave this up
to individual admin.
Amos Jeffries [Sat, 30 May 2009 13:33:16 +0000 (01:33 +1200)]
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Bug 2481: Don't set expires: now in generated error responses
Sending Expires: "now" overrides any negative cache logics which may
be present in downstream caches and is a bad idea. Better to send
the responses without any explicit expiry information.
Amos Jeffries [Sat, 23 May 2009 02:59:52 +0000 (14:59 +1200)]
Author: Adrian Chadd <adrian@squid-cache.org>
Add in some better documentation for override-expire.
Attempt to clearly document exactly what it does - in this instance, it
enforces min age and doesn't allow the admin to enforce max-age -
ie, truncate staleness.
Amos Jeffries [Sat, 23 May 2009 02:44:08 +0000 (14:44 +1200)]
Author: Guido Serassio <serassio@squid-cache.org>
Windows port: Fix improper access permissions to registry and DNS parsing from registry
- RegOpenKey() always try to open registry keys in full control mode, even if not needed.
This could make Squid to fail when running as a non privileged user. RegOpenKeyEx() allow to
specify only the needed priviledge and now is used instead.
- When parsing DNS setting into registry, a fixed size loop was used. Now the loop count is
dynamic.
Amos Jeffries [Sat, 23 May 2009 02:09:53 +0000 (14:09 +1200)]
Replace assert with NOP action in hash free.
This resolves one small coverity itch.
When nothing to free we don't really need to care, we do need to act
safely and not try to actually action the free though.
Amos Jeffries [Fri, 15 May 2009 06:30:37 +0000 (18:30 +1200)]
Fix many syntax warnings in smb_lm
Now compiled with the same CFLAGS as the rest of Squid.
This is tested up to gcc 3.4 standards now. Some may still
be raised by later gcc versions.
- fixes const correctness on several functions and globals
- fixes .h wrapping on several files
- adds prototype definitions for all functions
- adds several missing includes
- adds docs for some functions to auto-doc output
- reduces local variable names from UPPER case to lower.
Preventing clashes with previous systm defines. In this case only
DOMAIN and SERVER were actually clashing. But reduced all for safety.
- wraps system includes with HAVE_ macros inline with Squid policy.
TODO:
Not all code audited, only the bits shown broken right now.
This helper contains a large amount of nasty duplicate code
and re-implements several encryption algoritms that should
probably be sourced from secure places.
Amos Jeffries [Sun, 3 May 2009 11:58:33 +0000 (23:58 +1200)]
Author: Peter Pramberger <peter@pramberger.at>
Bug 2656: Pinger dies with general protection fault
tzset() explicitly performs actions previously done implicitly
by localtime() in most case. It appears that some VM do not have
the implicit setting so we need this.
-Method TunnelStateData::Connection::error:
The xerrno is the errno values (EAGAIN, EINTR etc) not a COMM_XX error/flag.
- Methods TunnelStateData::writeServerDone,TunnelStateData::writeClientDone:
if the related connection fd closing (flag==COMM_ERR_CLOSING) just return
Amos Jeffries [Sun, 3 May 2009 11:45:57 +0000 (23:45 +1200)]
Remove infinite loop in MSNT auth helper
On one starting error condition the helper enters a read loop
without exit conditions. Made this exit when read was done
and shutdown helper as per behavior comment by the loop.
Bug 2610: Detection and verification of ipfilter header files is incorrect
After much contention reg Solaris and FreeBSD the union between them
seems to be this:
- adding netinet/in.h
- adding netinet/ip_fil_compat.h (alternative to netinet/ip_compat.h)
- testing for netinet/ipl.h before netinet/ip_nat.h
Bug 2571: Squid with IPv6 fails to start on kernel without IPv6
Adds comm_open_listener() wrapper to perform IPv6/IPv4 failover on sockets
intended for listening only. Uses the wrapper in all places I can be sure of.
Open a port specially bound for listening or sending through a specific port.
This is a wrapper providing IPv4/IPv6 failover around comm_openex().
Please use for all listening sockets and bind() outbound sockets.
It will open a socket bound for:
- IPv4 if IPv6 is disabled or address is IPv4-native.
- IPv6 if address is IPv6-native
- IPv6 dual-stack mode if able to open [::]
When an open performs failover it update the given address to feedback
the new IPv4-only status of the socket. Further displays of the IP
(in debugs or cachemgr) will occur in Native IPv4 format.
A reconfigure is needed to reset the stored IP in most cases and attempt
a port re-open.
Author: Christos Tsantilas <chtsanti@users.sourceforge.net>
Bug 2578: squid fails to resume dowload from FTP
The ftp code uses the FtpStateData::restart_offset and
FtpStateData::restarted_offset to compute the offset in the case of
partial responses, but it must also set the
ServerStateData::currentOffset member variable.
This patch:
- completely removes the FtpStateData::restarted_offset member and uses
the ServerStateData::currentOffset member variable instead.
- adds the FtpStateData::setCurrentOffset(int64_t) and
FtpStateData::getCurrentOffset() public methods to allow set/get the
ServerStateData::currentOffset value
- reference the wiki FAQ URI
- reference the generic configuration manual URI
- add documentation about other config files now visible
- add -S option documentation
- remove -D option documentation
- alter the main text to reference ICP, HTCP, CARP and ICAP protocols
which are now readily available in Squid.
- removed references to obsolete dnsserver and its operations.
- generalized text about helpers
- removed reference to I/O driven (Async events is not true I/O driven)
Bug 2618: fix ipfilter transparent proxy
Thanks to John Wehle <john@feith.com> for providing the code fixes.
Also:
- cleans up some obscurity over data source and sink for me/client IPs.
- cleans up existing debugs
- adds new debugs to show NAT inputs and results at level-5
(non-result is common and left at level-9)
- adds new debugs to show TPROXY result at level-5 like NAT results
- move IPF lookup into it's own function
- move PF interception into its own function
With this all of the transparent build options are independent, and may be
used in any combination. Squid is no longer bound to the single-firewall
interception support.
NP: one small note; the PF lookup is slightly weird due to its altering
the local client address from the NAT information.
Not sure if this is needed, leaving it alone for now.
Squid was parsing /0 on an IPv4 as mask /0.0.0.0 before v4-mapping the
mask to /96 IPv6. Which is invalid CIDR size for IPv4 and maps back as
0.0.0.0/32 there during ACL matching.
This affects any input of /0 and equivalents but in a fail-closed way.
Force /0 to the magic noaddr mask regardless of the protocol.
Also adds a lot of level-9 debugs for tracing other issues in IP ACL parse
This patch:
- adds a reference to each struct mentioning the exact draft
RFC section where that struct is defined.
- fixes sent mask structure fields to match draft. (bug 2404)
- removes two duplicate useless structs
Author: Christos Tsantilas <chtsanti@users.sourceforge.net>
Fix libfs linking after SourceLayout changes
Currently the fs related subsystem is broken in trunk, because of
linking problems. This patch:
- Add the files fs/Module.cc,h which are similar to esi/Module.* files
- Build a new library libfs.a
- The fs/aufs/StoreFSaufs.cc, fs/diskd/StoreFSdiskd.cc and
fs/ufs/StoreFSufs.cc now contain just fake pointers
- The FS::Init() method used to build ufs, aufs and diskd filesystems.
- The FS::Init method called in main.cc before the code which reads the
config files. The FS::clean() currently does not used.
- The coss file system initiated using the old way.
Amos Jeffries [Mon, 30 Mar 2009 11:54:45 +0000 (00:54 +1300)]
Author: Christos Tsantilas <chtsanti@users.sourceforge.net>
In ACLFilledChecklist::ACLFilledChecklist constructor the HttpRequest
request parameter hides the ACLFilledChecklist::request member.
As a result acl's do not work at all and some cases squid crashes
(eg when dstdomain acls used)
Amos Jeffries [Mon, 30 Mar 2009 11:44:37 +0000 (00:44 +1300)]
Author: Alex Rousskov <rousskov@measurement-factory.com>
SourceLayout: esi/, take 1
Moved src/ESI* files into src/esi/.
Renamed ESI source files from ESIFoo.{cc,cci,h} to Foo.{cc,cci,h}.
Replaced implicit constructor-based Parser registration with an explicit call
to Esi::Init() which knows of all ESI parsers. Added Esi::Clean counterpart.
Made libTrie build conditional on ESI support being enabled.
No true source code changes except for parser initialization.
No functionality changes were intended.
No runtime tests with ESI performed.
TODO: I did not move the tests/ESIExpressions test into src/esi because
we need to fix the entire testing layout before we should start
moving individual tests: They currently depend on individual source
and object files in src/ and in tests/ and that kind of dependency
should not be multiplied but removed.
Amos Jeffries [Mon, 23 Mar 2009 10:32:33 +0000 (23:32 +1300)]
Author: Alex Rousskov <rousskov@measurement-factory.com>
TestBed: Support multiple test spec arguments.
If at least one test fails, the script exits with a non-zero code (but
possibly not immediately, see --keep-going).
Each test spec is a test config file name or a well-known config name
(no path or extension!). If no specs are given, all known test specs are
used (as before). The same happens if the only test spec given is 'all'.
The following are now equivalent:
./test-builds.sh
./test-builds.sh all
./test-builds.sh btlayer-00-default btlayer-01-minimal btlayer-02-maximus
./test-builds.sh test-suite/buildtests/layer-*
You can mix file names and spec names, but not the 'all' macro: There is
currently no support for using 'all' together with other test cases.
Tolerate individual test errors if --keep-going is specified. This helps
when one wants to find more errors than just the first one, especially
when tests are long and are running without a human watching.
When detecting test failures, rely on test-suite/buildtest.sh exit
status code rather than on the presence of error-like strings in the log
file.
Amos Jeffries [Thu, 19 Mar 2009 03:45:56 +0000 (15:45 +1200)]
Author: Alex Rousskov <rousskov@measurement-factory.com>
SourceLayout: acl/, take 1
Moved src/ACL* and a few related files into src/acl/.
Renamed ACL source files from ACLFoo.{cc,cci,h} to Foo.{cc,cci,h}.
Added acl/ libraries, reorganized auth/ libraries, and split ACLChecklist
class to avoid circular dependencies among libraries.
Many targets in src/Makefile.am depended on selected ACL ACL*cc and related
sources. These targets depend on acl/* libraries now. As a part of this
cleanup, the number of ufsdump sources went from about 160 to about 20.
No functionality changes were intended. Source code changes were kept to the
minimum. All my build tests are successful. However, since I had to move a lot
of files, move some code pieces, and split ACLChecklist, it is possible that
some targets will no longer build in some environments and some authentication
code will break.
Please see individual commit messages for details.
( Ref: 3.HEAD/3.2 rev 9573)
Amos Jeffries [Thu, 19 Mar 2009 03:13:10 +0000 (15:13 +1200)]
Author: Alex Rousskov <rousskov@measurement-factory.com>
Fixed subdir handling when USE_LOADABLE_MODULES is false.
DIST_SUBDIRS was defined incorrectly. Moreover, we do not need to define
DIST_SUBDIRS because the default works:
"If `SUBDIRS' is defined conditionally using Automake conditionals,
Automake will define `DIST_SUBDIRS' automatically from the possibles
values of `SUBDIRS' in all conditions."
The bug was exposed by ./test-builds.sh layer-01-minimal with "make distcheck"
test added.
Amos Jeffries [Sun, 8 Mar 2009 11:46:19 +0000 (00:46 +1300)]
Author: Alex Rousskov <rousskov@measurement-factory.com>
SourceLayout: src/base, take 0 with tweaks
Added src/base directory for fundamental, commonly-used code pieces that are
not large enough to warrant their own directories. Currently base/ contains
the beginning of AsyncCalls hierarchy, which may eventually get its own
directory.
Removed src/ip from the top-level SUBDIRS list. Made cf_gen compile without
libip.
Started building makefile includes, to be used in subdir makefiles:
src/Common.am and src/TestHeaders.am.
Amos Jeffries [Tue, 3 Mar 2009 02:52:23 +0000 (15:52 +1300)]
SourceLayout: setup libcompat.la for portability primitives
This library forms an underlayer which intends to be seamless for the rest
of Squid and the various OS on which it runs.
For code to be eligible for inclusion at this lowest layer it must be
emulating or wrapping a piece of OS-provided API for use on other OS
where it is not provided.
Shared code which is unique to Squid is not portability.
API mappings which are OS-specific are all defined for their particular
OS in the os/* files.
API mappings which are provided by multiple OS or support libraries
are mapped in compat/*
Emulators are acceptable, though the aim should be to inline or template
most of the code so only .h are really needed.
projects / thirdparty / squid.git / log
