- reference the wiki FAQ URI
- reference the generic configuration manual URI
- add documentation about other config files now visible
- add -S option documentation
- remove -D option documentation
- alter the main text to reference ICP, HTCP, CARP and ICAP protocols
which are now readily available in Squid.
- removed references to obsolete dnsserver and its operations.
- generalized text about helpers
- removed reference to I/O driven (Async events is not true I/O driven)
Bug 2618: fix ipfilter transparent proxy
Thanks to John Wehle <john@feith.com> for providing the code fixes.
Also:
- cleans up some obscurity over data source and sink for me/client IPs.
- cleans up existing debugs
- adds new debugs to show NAT inputs and results at level-5
(non-result is common and left at level-9)
- adds new debugs to show TPROXY result at level-5 like NAT results
- move IPF lookup into it's own function
- move PF interception into its own function
With this all of the transparent build options are independent, and may be
used in any combination. Squid is no longer bound to the single-firewall
interception support.
NP: one small note; the PF lookup is slightly weird due to its altering
the local client address from the NAT information.
Not sure if this is needed, leaving it alone for now.
Squid was parsing /0 on an IPv4 as mask /0.0.0.0 before v4-mapping the
mask to /96 IPv6. Which is invalid CIDR size for IPv4 and maps back as
0.0.0.0/32 there during ACL matching.
This affects any input of /0 and equivalents but in a fail-closed way.
Force /0 to the magic noaddr mask regardless of the protocol.
Also adds a lot of level-9 debugs for tracing other issues in IP ACL parse
This patch:
- adds a reference to each struct mentioning the exact draft
RFC section where that struct is defined.
- fixes sent mask structure fields to match draft. (bug 2404)
- removes two duplicate useless structs
Author: Christos Tsantilas <chtsanti@users.sourceforge.net>
Fix libfs linking after SourceLayout changes
Currently the fs related subsystem is broken in trunk, because of
linking problems. This patch:
- Add the files fs/Module.cc,h which are similar to esi/Module.* files
- Build a new library libfs.a
- The fs/aufs/StoreFSaufs.cc, fs/diskd/StoreFSdiskd.cc and
fs/ufs/StoreFSufs.cc now contain just fake pointers
- The FS::Init() method used to build ufs, aufs and diskd filesystems.
- The FS::Init method called in main.cc before the code which reads the
config files. The FS::clean() currently does not used.
- The coss file system initiated using the old way.
Amos Jeffries [Mon, 30 Mar 2009 11:54:45 +0000 (00:54 +1300)]
Author: Christos Tsantilas <chtsanti@users.sourceforge.net>
In ACLFilledChecklist::ACLFilledChecklist constructor the HttpRequest
request parameter hides the ACLFilledChecklist::request member.
As a result acl's do not work at all and some cases squid crashes
(eg when dstdomain acls used)
Amos Jeffries [Mon, 30 Mar 2009 11:44:37 +0000 (00:44 +1300)]
Author: Alex Rousskov <rousskov@measurement-factory.com>
SourceLayout: esi/, take 1
Moved src/ESI* files into src/esi/.
Renamed ESI source files from ESIFoo.{cc,cci,h} to Foo.{cc,cci,h}.
Replaced implicit constructor-based Parser registration with an explicit call
to Esi::Init() which knows of all ESI parsers. Added Esi::Clean counterpart.
Made libTrie build conditional on ESI support being enabled.
No true source code changes except for parser initialization.
No functionality changes were intended.
No runtime tests with ESI performed.
TODO: I did not move the tests/ESIExpressions test into src/esi because
we need to fix the entire testing layout before we should start
moving individual tests: They currently depend on individual source
and object files in src/ and in tests/ and that kind of dependency
should not be multiplied but removed.
Amos Jeffries [Mon, 23 Mar 2009 10:32:33 +0000 (23:32 +1300)]
Author: Alex Rousskov <rousskov@measurement-factory.com>
TestBed: Support multiple test spec arguments.
If at least one test fails, the script exits with a non-zero code (but
possibly not immediately, see --keep-going).
Each test spec is a test config file name or a well-known config name
(no path or extension!). If no specs are given, all known test specs are
used (as before). The same happens if the only test spec given is 'all'.
The following are now equivalent:
./test-builds.sh
./test-builds.sh all
./test-builds.sh btlayer-00-default btlayer-01-minimal btlayer-02-maximus
./test-builds.sh test-suite/buildtests/layer-*
You can mix file names and spec names, but not the 'all' macro: There is
currently no support for using 'all' together with other test cases.
Tolerate individual test errors if --keep-going is specified. This helps
when one wants to find more errors than just the first one, especially
when tests are long and are running without a human watching.
When detecting test failures, rely on test-suite/buildtest.sh exit
status code rather than on the presence of error-like strings in the log
file.
Amos Jeffries [Thu, 19 Mar 2009 03:45:56 +0000 (15:45 +1200)]
Author: Alex Rousskov <rousskov@measurement-factory.com>
SourceLayout: acl/, take 1
Moved src/ACL* and a few related files into src/acl/.
Renamed ACL source files from ACLFoo.{cc,cci,h} to Foo.{cc,cci,h}.
Added acl/ libraries, reorganized auth/ libraries, and split ACLChecklist
class to avoid circular dependencies among libraries.
Many targets in src/Makefile.am depended on selected ACL ACL*cc and related
sources. These targets depend on acl/* libraries now. As a part of this
cleanup, the number of ufsdump sources went from about 160 to about 20.
No functionality changes were intended. Source code changes were kept to the
minimum. All my build tests are successful. However, since I had to move a lot
of files, move some code pieces, and split ACLChecklist, it is possible that
some targets will no longer build in some environments and some authentication
code will break.
Please see individual commit messages for details.
( Ref: 3.HEAD/3.2 rev 9573)
Amos Jeffries [Thu, 19 Mar 2009 03:13:10 +0000 (15:13 +1200)]
Author: Alex Rousskov <rousskov@measurement-factory.com>
Fixed subdir handling when USE_LOADABLE_MODULES is false.
DIST_SUBDIRS was defined incorrectly. Moreover, we do not need to define
DIST_SUBDIRS because the default works:
"If `SUBDIRS' is defined conditionally using Automake conditionals,
Automake will define `DIST_SUBDIRS' automatically from the possibles
values of `SUBDIRS' in all conditions."
The bug was exposed by ./test-builds.sh layer-01-minimal with "make distcheck"
test added.
Amos Jeffries [Sun, 8 Mar 2009 11:46:19 +0000 (00:46 +1300)]
Author: Alex Rousskov <rousskov@measurement-factory.com>
SourceLayout: src/base, take 0 with tweaks
Added src/base directory for fundamental, commonly-used code pieces that are
not large enough to warrant their own directories. Currently base/ contains
the beginning of AsyncCalls hierarchy, which may eventually get its own
directory.
Removed src/ip from the top-level SUBDIRS list. Made cf_gen compile without
libip.
Started building makefile includes, to be used in subdir makefiles:
src/Common.am and src/TestHeaders.am.
Amos Jeffries [Tue, 3 Mar 2009 02:52:23 +0000 (15:52 +1300)]
SourceLayout: setup libcompat.la for portability primitives
This library forms an underlayer which intends to be seamless for the rest
of Squid and the various OS on which it runs.
For code to be eligible for inclusion at this lowest layer it must be
emulating or wrapping a piece of OS-provided API for use on other OS
where it is not provided.
Shared code which is unique to Squid is not portability.
API mappings which are OS-specific are all defined for their particular
OS in the os/* files.
API mappings which are provided by multiple OS or support libraries
are mapped in compat/*
Emulators are acceptable, though the aim should be to inline or template
most of the code so only .h are really needed.
Amos Jeffries [Sun, 1 Mar 2009 03:25:23 +0000 (16:25 +1300)]
Author: Mark Nottingham <mnot@pobox.com>
Bug 2599: Idempotent start
As discussed on squid-dev, Squid shouldn't return a shell error when:
- starting squid, if it's already running
- stopping squid, if it isn't running
This is to make writing scripts that control squid easier.
Note that it should still notify the user, and should not affect other
operations (e.g., kill, rotate, parse).
Amos Jeffries [Sun, 1 Mar 2009 03:06:42 +0000 (16:06 +1300)]
Author: Christos Tsantilas <chtsanti@users.sourceforge.net>
Bug 2591: adaptation_access does not work
An access checklist required for each service set, so we need only one
AccessRule object for each adaptation service set
This patch:
- When parses an adaptation_access line, checks if an AccessRule object exists
for the service set and if yes append the access checklist to this object else
creates a new AccessRule object for this service set
- The AccessRule constructor takes as argument now the reference service set
name (groupId)
- The new Adaptation::FindRuleByGroupId method created. This method returns
the AccessRule object for a service set using its name (groupId)
- When an AccessRule for a service group exist in AccessRules
list do not add it again in the list.
Amos Jeffries [Sun, 1 Mar 2009 02:57:49 +0000 (15:57 +1300)]
Author: Francesco Chemolli <kinkie@squid-cache.org>
String NG : basic SquidString updates pt 2
- finished the analysis of raw buffer exporting, divided among c-sting
and raw-buf access clients
- general sanitization
- reversal of some wrongly-renamed variables and comments
- implementation of SQUIDSTRINGPRINT and SQUIDSTRINGPH (placeholder) macros and
psize() function for printf-style calls
- implementation of, and migration to, String::size_type and String::npos
- de-inlining of pos(), rpos(), find() and rfind() calls
- implementation and use of a proper substr() call
Amos Jeffries [Wed, 18 Feb 2009 01:30:35 +0000 (14:30 +1300)]
Bug 2287: Send a 505 on requests with unsupported HTTP versions
Squid currenty accepts requests with well-formed 0.9, 1.0, and 1.1 versions
and one special case of missing version (assumed to be 0.9 legacy requests)
All others including well-formed 0.x < 0.9 are now aborted with a
HTTP 1.1 compliant 505 Version Not Supported error.
Amos Jeffries [Wed, 18 Feb 2009 01:19:56 +0000 (14:19 +1300)]
Bug 419: Hop by Hop headers MUST NOT be forwarded
This attempt builds on Henriks re-work of the client-request to
server-request cloning done since the last attempt was made at closing
this bug.
Adds all RFC 2616 listed Hop-by-hop headers to the clone selection test
as 'ignore' cases unless otherwise handled already.
The test for whether they exist in Connection: is moved to the default
case as an inline. Which reduces the code a fair bit and prevents the
side case where a specially handled header gets ignored because the
client explicitly added it to Connection: when it did not have to.
This method sets up a background default of not passing the hop-by-hop
headers while allowing any code which explicitly sets or copies the
headers across to operate as before without interference.
Amos Jeffries [Sun, 15 Feb 2009 13:01:35 +0000 (02:01 +1300)]
Author: Francesco Chemolli <kinkie@squid-cache.org>
Cleanups: Remove code handling K&R-style varargs.
It should be a safe enough bet that any C++ compiler can handle STDC-style varargs.
This patch removes all the (mostly spaghetti) code which used to handle K&R-style varargs calls.
Amos Jeffries [Sun, 8 Feb 2009 10:09:43 +0000 (23:09 +1300)]
Author: Francesco Chemolli <kinkie@squid-cache.org>
String NG : fixes initial merge, take 2
Compared to the retired first attempt it:
- fixes the issues Tsantilas Christos found out about
- implements String::find
- some more users analyzed and fixed.
Amos Jeffries [Sun, 8 Feb 2009 08:06:19 +0000 (21:06 +1300)]
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
external_acl_type %<{ and %USER_CERT_ / %CA_CERT_ parsing brokenness
The parsing of external_acl_type formats was sligtly broken, destroying
%<{ (request header) if SSL was enabled and never able to parse %USER_CERT_
or %CA_CERT_..
Also clarified request/reply header syntax slightly
Amos Jeffries [Sun, 8 Feb 2009 06:32:54 +0000 (19:32 +1300)]
Bug 2526: pt 2: default ALLOW when no list specified.
Fallout from audit of access control checks.
- Some got sensible defaults added
- many got slightly more optimized defaults
- documented the ACLChecklist interface and some API cleanups
Amos Jeffries [Wed, 4 Feb 2009 12:03:01 +0000 (01:03 +1300)]
Author: Henrik Nordstrom <henrik@henriknordstrom.net>
Move -DDFAULT_SQUID_DATA_DIR & CONFIG_DIR from CFLAGS to DEFS
For some reason gcc on OpenBSD does not like having these in CFLAGS
when running configure. However works fine having them expanded in
src/Makefile DEFS variable just like -DDEFAULT_SQUID_CONFIG_FILE
Amos Jeffries [Mon, 2 Feb 2009 11:16:21 +0000 (00:16 +1300)]
Author: Christos Tsantilas <chtsanti@users.sourceforge.net>
Bug 2583: pure virtual method called
Inside the Adaptation::Initiator::announceInitiatorAbort method the check
x==NULL is not enough. We must also check if the x variable (of type Initiate)
is valid.
Amos Jeffries [Mon, 2 Feb 2009 11:00:12 +0000 (00:00 +1300)]
Author: Christos Tsantilas <chtsanti@users.sourceforge.net>
Fix assertion in comm_write from idnsSentQueryVC
The idnsSentQueryVC function called as AsyncCall. There is the possibility
when this function called the fd has start closing but not realy closed yet.
In this case this function will try to do a comm_write (idnsDoSendQueryVC
function) on sockect which closing and an assertion will triggered.
An extra test needed here to test if the socket closing and if yes just return.
projects / thirdparty / squid.git / log
