[squid-dev] test
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sorry for the noise, please ignroe. Just testing to see if my mailer is receiving squid mail again after RBL issues. Amos -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUrQqJAAoJELJo5wb/XPRj1HYIAIP7Ru3FRPDZ4eT4XY59DJCb MhaeBOo1A4TixbQT23KKv7TjzzKZu2bl9We7x3BywPwkxl4ZgLv+gWCUHcYYI/UX D0XT/EEkXa6pNdQJqhnK3jOoxQknMnTtcELuWuNoFkl2jdjaiBlTeir9yhxGSGj6 qcwUyQiAtHa7unNpZUx0/nNHN1Rr2tIwOqFYSqqFbxmB5O0La+EINyPRjl72SfVJ UnZfyXf44253HgLY3MdNA5LhCz89KEQJzyfF65TT82TM122XOVECj4zQLudIYTtN safrogMK6K18LpMP9D035cTk0yc2qKAL1X7GRh3mYEfeQaR9PXXIBXeuNjX95SM= =+2Og -END PGP SIGNATURE- ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
Re: [squid-dev] Fwd: Heads up: cachemgr output in trunk
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 7/01/2015 10:44 p.m., Kinkie wrote:
Hi, something is looking weird with cachemgr output (and has been
for a while, at least before rev 13809.
1. ACLs are not newline-separated
acl CONNECT method CONNECT acl Safe_ports port 80 21 443 70 210
1025-65535 280 488 591 777 acl SSL_ports port 443 acl localnet
src 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 acl arpacl arp
00:26:18:7d:ac:a0 00:26:18:7d:ac:aa 00:26:18:7d:ac:af
01:26:18:7d:ac:af acl to_localhost dst ::1 0.0.0.0 127.0.0.0/8
acl localhost src ::1 127.0.0.1 acl manager url_regex - -i
(^cache_object://) +i (^https?://[^/]+/squid-internal-mgr/) acl
all src ::/0 follow_x_forwarded_for deny all
Incorrect dump() code for acl directive. The child object storing
the list values does not output \n characters as it is usually dumping
content as a child of some other object. The acl dumper needs to
append \n.
2. http_access and http_port lines (oddly, not the first line) have
an extra heading white space http_access allow arpacl http_access
allow manager localhost http_access deny manager http_access deny
!Safe_ports http_access deny CONNECT !SSL_ports http_access allow
localhost http_access allow localnet http_access deny all http_port
[::]:3128 name=3128 connection-auth=on
I think this whitespace is an artifact of some dumper wrongly assuming
line-wrapping. But I've not spotted exactly where.
3. spurious characters before host_verify_strict
`583{FF^?host_verify_strict on
There are also a couple of unexpected newlines in my sample
output, but everything else looks OK.
Does anyone know about where this may be originating from?
Amos
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUrQxBAAoJELJo5wb/XPRjf08H/Alx8bqoCXGLtZ58ZeSjaOuo
fXr2MNVAZj+whywaKlUhfhzY40x7aKCKOmz8JHovQNmjggyJNmiKOMgzp9X6aHDD
8+cVjIwQ9YKD+mJgFzlu0qtUhfU1ntYPx3LhEAlxbnyiTPUcl7BiZXnaMntkHZZu
5Q/VUFnkOdvy3bHHejgq1WLTRoTPWsvdb7+sWD4KdssOVeL6X1Grb5tyJLZUeZGn
IUt+6KWGdaT8EzVbrQDHrE9b6LzrCHM7oovoBcWwwFWfRJMOCxcQbfFTWMTeQ/Yd
qUgieRTdrJ2WpFLLKLW3s5QjXelwBR/hrCUr/13MNSdluipskREgAGWi7MmblvY=
=j8NI
-END PGP SIGNATURE-
___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev
[squid-dev] [RFC] remove-splay branch
Hi all, following the recent discussions on Splay, I've started working on replacing it wherever it makes sense (almost everywhere) with std::set or std::map or std::unordered_map Among the expected benefits are clearer memory management responsibilities, performance, more compact and standard code. So far I've converted src/acl/Arp* and src/acl/Eui64*; before moving on to other users I'd like to get some feedback that I am on the correct path. Feature-branch is at lp;~squid/squid/remove-splay ; I'm attaching the current delta snapshot. Thanks -- Kinkie replace-splay-rfc1.patch Description: Binary data ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
[squid-dev] Build failed in Jenkins: 3.HEAD-amd64-centos-6-clang #419
See http://build.squid-cache.org/job/3.HEAD-amd64-centos-6-clang/419/changes Changes: [Amos Jeffries] Fix assertions inserting duplicate values into a splay ... loading ACLs with duplicate values is quite common. -- [...truncated 3768 lines...] sed -e 's,[@]PERL[@],/usr/bin/perl,g' ../../../../helpers/basic_auth/DB/basic_db_auth.pl.in basic_db_auth || (/bin/rm -f -f basic_db_auth ; exit 1) pod2man basic_db_auth basic_db_auth.8 make[4]: Leaving directory `http://build.squid-cache.org/job/3.HEAD-amd64-centos-6-clang/ws/btlayer-00-default/squid-3.HEAD-BZR/_build/helpers/basic_auth/DB' Making all in LDAP make[4]: Entering directory `http://build.squid-cache.org/job/3.HEAD-amd64-centos-6-clang/ws/btlayer-00-default/squid-3.HEAD-BZR/_build/helpers/basic_auth/LDAP' ccache clang++ -DHAVE_CONFIG_H -I../../../.. -I../../../../include -I../../../../lib -I../../../../src -I../../../include -Werror -Qunused-arguments -Wno-deprecated-register -D_REENTRANT -g -O2 -std=c++11 -MT basic_ldap_auth.o -MD -MP -MF .deps/basic_ldap_auth.Tpo -c -o basic_ldap_auth.o ../../../../helpers/basic_auth/LDAP/basic_ldap_auth.cc mv -f .deps/basic_ldap_auth.Tpo .deps/basic_ldap_auth.Po /bin/sh ../../../libtool --tag=CXX --mode=link ccache clang++ -Werror -Qunused-arguments -Wno-deprecated-register -D_REENTRANT -g -O2 -std=c++11 -g -o basic_ldap_auth basic_ldap_auth.o ../../../lib/libmiscencoding.la ../../../compat/libcompat-squid.la -lldap -llber libtool: link: ccache clang++ -Werror -Qunused-arguments -Wno-deprecated-register -D_REENTRANT -g -O2 -std=c++11 -g -o basic_ldap_auth basic_ldap_auth.o ../../../lib/.libs/libmiscencoding.a ../../../compat/.libs/libcompat-squid.a -lldap -llber make[4]: Leaving directory `http://build.squid-cache.org/job/3.HEAD-amd64-centos-6-clang/ws/btlayer-00-default/squid-3.HEAD-BZR/_build/helpers/basic_auth/LDAP' Making all in NCSA make[4]: Entering directory `http://build.squid-cache.org/job/3.HEAD-amd64-centos-6-clang/ws/btlayer-00-default/squid-3.HEAD-BZR/_build/helpers/basic_auth/NCSA' ccache clang++ -DHAVE_CONFIG_H -I../../../.. -I../../../../include -I../../../../lib -I../../../../src -I../../../include -I../../../../helpers/basic_auth/NCSA -Werror -Qunused-arguments -Wno-deprecated-register -D_REENTRANT -g -O2 -std=c++11 -MT basic_ncsa_auth.o -MD -MP -MF .deps/basic_ncsa_auth.Tpo -c -o basic_ncsa_auth.o ../../../../helpers/basic_auth/NCSA/basic_ncsa_auth.cc ccache clang++ -DHAVE_CONFIG_H -I../../../.. -I../../../../include -I../../../../lib -I../../../../src -I../../../include -I../../../../helpers/basic_auth/NCSA -Werror -Qunused-arguments -Wno-deprecated-register -D_REENTRANT -g -O2 -std=c++11 -MT crypt_md5.o -MD -MP -MF .deps/crypt_md5.Tpo -c -o crypt_md5.o ../../../../helpers/basic_auth/NCSA/crypt_md5.cc mv -f .deps/crypt_md5.Tpo .deps/crypt_md5.Po mv -f .deps/basic_ncsa_auth.Tpo .deps/basic_ncsa_auth.Po /bin/sh ../../../libtool --tag=CXX --mode=link ccache clang++ -Werror -Qunused-arguments -Wno-deprecated-register -D_REENTRANT -g -O2 -std=c++11 -g -o basic_ncsa_auth basic_ncsa_auth.o crypt_md5.o ../../../lib/libmisccontainers.la ../../../lib/libmiscencoding.la ../../../compat/libcompat-squid.la -lnettle -lcrypt -lm -lnsl -lresolv -lcap -lrt -ldl -ldl libtool: link: ccache clang++ -Werror -Qunused-arguments -Wno-deprecated-register -D_REENTRANT -g -O2 -std=c++11 -g -o basic_ncsa_auth basic_ncsa_auth.o crypt_md5.o ../../../lib/.libs/libmisccontainers.a ../../../lib/.libs/libmiscencoding.a ../../../compat/.libs/libcompat-squid.a -lnettle -lcrypt -lm -lnsl -lresolv -lcap -lrt -ldl make[4]: Leaving directory `http://build.squid-cache.org/job/3.HEAD-amd64-centos-6-clang/ws/btlayer-00-default/squid-3.HEAD-BZR/_build/helpers/basic_auth/NCSA' Making all in NIS make[4]: Entering directory `http://build.squid-cache.org/job/3.HEAD-amd64-centos-6-clang/ws/btlayer-00-default/squid-3.HEAD-BZR/_build/helpers/basic_auth/NIS' ccache clang++ -DHAVE_CONFIG_H -I../../../.. -I../../../../include -I../../../../lib -I../../../../src -I../../../include -I../../../../helpers/basic_auth/NIS -Werror -Qunused-arguments -Wno-deprecated-register -D_REENTRANT -g -O2 -std=c++11 -MT basic_nis_auth.o -MD -MP -MF .deps/basic_nis_auth.Tpo -c -o basic_nis_auth.o ../../../../helpers/basic_auth/NIS/basic_nis_auth.cc ccache clang++ -DHAVE_CONFIG_H -I../../../.. -I../../../../include -I../../../../lib -I../../../../src -I../../../include -I../../../../helpers/basic_auth/NIS -Werror -Qunused-arguments -Wno-deprecated-register -D_REENTRANT -g -O2 -std=c++11 -MT nis_support.o -MD -MP -MF .deps/nis_support.Tpo -c -o nis_support.o ../../../../helpers/basic_auth/NIS/nis_support.cc mv -f .deps/basic_nis_auth.Tpo .deps/basic_nis_auth.Po mv -f .deps/nis_support.Tpo .deps/nis_support.Po /bin/sh ../../../libtool --tag=CXX --mode=link ccache clang++ -Werror -Qunused-arguments -Wno-deprecated-register
[squid-dev] Build failed in Jenkins: anybranch-wholefarm-matrix ยป gcc,d-ubuntu-utopic #115
See http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/115/ -- [...truncated 57186 lines...] make[2]: Entering directory 'http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/ws/btlayer-05-nodeps-esi/squid-3.3.13-BZR/_build/src' Making uninstall in base make[3]: Entering directory 'http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/ws/btlayer-05-nodeps-esi/squid-3.3.13-BZR/_build/src/base' make[3]: Nothing to be done for 'uninstall'. make[3]: Leaving directory 'http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/ws/btlayer-05-nodeps-esi/squid-3.3.13-BZR/_build/src/base' Making uninstall in anyp make[3]: Entering directory 'http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/ws/btlayer-05-nodeps-esi/squid-3.3.13-BZR/_build/src/anyp' make[3]: Nothing to be done for 'uninstall'. make[3]: Leaving directory 'http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/ws/btlayer-05-nodeps-esi/squid-3.3.13-BZR/_build/src/anyp' Making uninstall in comm make[3]: Entering directory 'http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/ws/btlayer-05-nodeps-esi/squid-3.3.13-BZR/_build/src/comm' make[3]: Nothing to be done for 'uninstall'. make[3]: Leaving directory 'http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/ws/btlayer-05-nodeps-esi/squid-3.3.13-BZR/_build/src/comm' Making uninstall in eui make[3]: Entering directory 'http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/ws/btlayer-05-nodeps-esi/squid-3.3.13-BZR/_build/src/eui' make[3]: Nothing to be done for 'uninstall'. make[3]: Leaving directory 'http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/ws/btlayer-05-nodeps-esi/squid-3.3.13-BZR/_build/src/eui' Making uninstall in acl make[3]: Entering directory 'http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/ws/btlayer-05-nodeps-esi/squid-3.3.13-BZR/_build/src/acl' make[3]: Nothing to be done for 'uninstall'. make[3]: Leaving directory 'http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/ws/btlayer-05-nodeps-esi/squid-3.3.13-BZR/_build/src/acl' Making uninstall in format make[3]: Entering directory 'http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/ws/btlayer-05-nodeps-esi/squid-3.3.13-BZR/_build/src/format' make[3]: Nothing to be done for 'uninstall'. make[3]: Leaving directory 'http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/ws/btlayer-05-nodeps-esi/squid-3.3.13-BZR/_build/src/format' Making uninstall in fs make[3]: Entering directory 'http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/ws/btlayer-05-nodeps-esi/squid-3.3.13-BZR/_build/src/fs' make[3]: Nothing to be done for 'uninstall'. make[3]: Leaving directory 'http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/ws/btlayer-05-nodeps-esi/squid-3.3.13-BZR/_build/src/fs' Making uninstall in repl make[3]: Entering directory 'http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/ws/btlayer-05-nodeps-esi/squid-3.3.13-BZR/_build/src/repl' make[3]: Nothing to be done for 'uninstall'. make[3]: Leaving directory 'http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/ws/btlayer-05-nodeps-esi/squid-3.3.13-BZR/_build/src/repl' Making uninstall in auth make[3]: Entering directory 'http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/ws/btlayer-05-nodeps-esi/squid-3.3.13-BZR/_build/src/auth' Making uninstall in basic make[4]: Entering directory 'http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/ws/btlayer-05-nodeps-esi/squid-3.3.13-BZR/_build/src/auth/basic' make[4]: Nothing to be done for 'uninstall'. make[4]: Leaving directory 'http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/ws/btlayer-05-nodeps-esi/squid-3.3.13-BZR/_build/src/auth/basic' Making uninstall in ntlm make[4]: Entering directory 'http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/ws/btlayer-05-nodeps-esi/squid-3.3.13-BZR/_build/src/auth/ntlm' make[4]: Nothing to be done for 'uninstall'. make[4]: Leaving directory 'http://build.squid-cache.org/job/anybranch-wholefarm-matrix/compiler=gcc,label=d-ubuntu-utopic/ws/btlayer-05-nodeps-esi/squid-3.3.13-BZR/_build/src/auth/ntlm' Making uninstall in negotiate make[4]:
Re: [squid-dev] [PATCH] adapting 100-Continue / A Bug 4067 fix
On 01/01/2015 01:47 AM, Alex Rousskov wrote:
On 11/09/2014 02:02 PM, Tsantilas Christos wrote:
void
Http::Server::processParsedRequest(ClientSocketContext *context)
{
+if (!buildHttpRequest(context))
+return;
+
+if (Config.accessList.forceRequestBodyContinuation) {
+ClientHttpRequest *http = context-http;
+HttpRequest *request = http-request;
+ACLFilledChecklist
bodyContinuationCheck(Config.accessList.forceRequestBodyContinuation, request,
NULL);
+if (bodyContinuationCheck.fastCheck() == ACCESS_ALLOWED) {
+debugs(33, 5, Body Continuation forced);
+request-forcedBodyContinuation = true;
The HTTP code above sends 100-Continue responses to HTTP GET messages
unless the admin is very careful with the ACLs. This can be reproduced
trivially with
force_request_body_continuation allow all
We should not evaluate force_request_body_continuation if the request
does not have a body IMO. The force_request_body_continuation
documentation makes that option specific to upload requests. If you
agree, please adjust the committed code accordingly.
:-(
I am attaching a patch which fixes this. The patch attached in both
normal form and -b diff option to allow squid developers examine the
proposed changes.
In my patch I am moving the check for Expect: 100-Continue header from
clientProcessRequest() (located in client_side.cc file), which checks
for valid Expect header values, to Http::Server::processParsedRequest
method to minimise the required checks.
I believe this relocation is valid because this check is needed only
for HTTP protocol. For FTP protocol the Expect header is generated by
squid and is not possible to include not supported values.
Alternately we can just check if Expect: 100-continue header exist
inside Http::Server::processParsedRequest.
The similar FTP check seems to be inside the upload-specific code and,
hence, should not need additional do we expect a body? guards.
Yep.
Thank you,
Alex.
=== modified file 'src/client_side.cc'
--- src/client_side.cc 2015-01-01 08:57:18 +
+++ src/client_side.cc 2015-01-07 11:28:41 +
@@ -2605,23 +2605,6 @@
return;
}
-if (request-header.has(HDR_EXPECT)) {
-const String expect = request-header.getList(HDR_EXPECT);
-const bool supportedExpect = (expect.caseCmp(100-continue) == 0);
-if (!supportedExpect) {
-clientStreamNode *node = context-getClientReplyContext();
-clientReplyContext *repContext = dynamic_castclientReplyContext *(node-data.getRaw());
-assert (repContext);
-conn-quitAfterError(request.getRaw());
-repContext-setReplyToError(ERR_INVALID_REQ, Http::scExpectationFailed, request-method, http-uri,
-conn-clientConnection-remote, request.getRaw(), NULL, NULL);
-assert(context-http-out.offset == 0);
-context-pullData();
-clientProcessRequestFinished(conn, request);
-return;
-}
-}
-
clientSetKeepaliveFlag(http);
// Let tunneling code be fully responsible for CONNECT requests
if (http-request-method == Http::METHOD_CONNECT) {
=== modified file 'src/servers/HttpServer.cc'
--- src/servers/HttpServer.cc 2014-12-20 12:12:02 +
+++ src/servers/HttpServer.cc 2015-01-07 11:18:41 +
@@ -248,10 +248,29 @@
if (!buildHttpRequest(context))
return;
-if (Config.accessList.forceRequestBodyContinuation) {
ClientHttpRequest *http = context-http;
-HttpRequest *request = http-request;
-ACLFilledChecklist bodyContinuationCheck(Config.accessList.forceRequestBodyContinuation, request, NULL);
+HttpRequest::Pointer request = http-request;
+
+if (request-header.has(HDR_EXPECT)) {
+const String expect = request-header.getList(HDR_EXPECT);
+const bool supportedExpect = (expect.caseCmp(100-continue) == 0);
+if (!supportedExpect) {
+clientStreamNode *node = context-getClientReplyContext();
+quitAfterError(request.getRaw());
+// setLogUri should called before repContext-setReplyToError
+setLogUri(http, urlCanonicalClean(request.getRaw()));
+clientReplyContext *repContext = dynamic_castclientReplyContext *(node-data.getRaw());
+assert (repContext);
+repContext-setReplyToError(ERR_INVALID_REQ, Http::scExpectationFailed, request-method, http-uri,
+clientConnection-remote, request.getRaw(), NULL, NULL);
+assert(context-http-out.offset == 0);
+context-pullData();
+clientProcessRequestFinished(this, request);
+return;
+}
+
+if (Config.accessList.forceRequestBodyContinuation) {
+ACLFilledChecklist bodyContinuationCheck(Config.accessList.forceRequestBodyContinuation, request.getRaw(),
