Re: /bzr/squid3/trunk/ r9907: Add 0.0.0.0 as an to_localhost address
Henrik Nordstrom wrote: revno: 9907 committer: Henrik Nordstrom hen...@henriknordstrom.net branch nick: trunk timestamp: Sat 2009-08-15 14:56:39 +0200 message: Add 0.0.0.0 as an to_localhost address Many TCP/IP(v4) stacks aliases 0.0.0.0 as 127.0.0.1. modified: src/cf.data.pre Can you clue me in on this one please Henrik? Why/What broken remote external clients are sending the reserved ANY_ADDR as the public global-scope destination? This seems to me akin to connecting a remote servers port 0. Side-note: How can we expect wildcard port bindings to work on those machines when the ANY_ADDR (wildcard) IP is aliased to localhost-only? Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13
Re: /bzr/squid3/trunk/ r9907: Add 0.0.0.0 as an to_localhost address
sön 2009-08-16 klockan 18:20 +1200 skrev Amos Jeffries: Henrik Nordstrom wrote: revno: 9907 committer: Henrik Nordstrom hen...@henriknordstrom.net branch nick: trunk timestamp: Sat 2009-08-15 14:56:39 +0200 message: Add 0.0.0.0 as an to_localhost address Many TCP/IP(v4) stacks aliases 0.0.0.0 as 127.0.0.1. modified: src/cf.data.pre Can you clue me in on this one please Henrik? See the note next to where to_localhost is used: # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on localhost is a local user #http_access deny to_localhost Why/What broken remote external clients are sending the reserved ANY_ADDR as the public global-scope destination? This seems to me akin to connecting a remote servers port 0. Any client requesting a host that resolves to 0.0.0.0 or that IP explicitly. Side-note: How can we expect wildcard port bindings to work on those machines when the ANY_ADDR (wildcard) IP is aliased to localhost-only? Not sure what you see as a problem. connect(0.0.0.0:80) and connect(127.0.0.1:80) is the same thing on many OS:es for stupid historic reasons. and this acl is for blocking clients trying to make the proxy connect to 127.0.0.1. Regards Henrik
Re: memPool unaccounted
On Sat, Aug 15, 2009 at 14:42, Henrik Nordstromhen...@henriknordstrom.net wrote: lör 2009-08-15 klockan 00:42 +0200 skrev Stephen R. van den Berg: Checking the memory usage I see: Memory accounted for: Total accounted: 1850 KB 6% memPool accounted: 1850 KB 6% memPool unaccounted: 28433 KB 94% memPoolAlloc calls: 1447 memPoolFree calls: 386 I seem to recall that back in the days (2000-2003-ish) the unaccounted memPool numbers weren't *that* high. Any idea what is using up all this memory and/or if it can be reduced with some runtime-config options? It's a fairly new statistics item, added with the chunked mempool allocator in 2002. That was while I still did active development (memory optimisation has always been a pet peeve of mine), so I'm comparing apples with apples here. It's the relation of estimated process size minus mempool allocations accounted for. Estimated process size is reported a little above in the mallinfo section. Not at all sure how much or how correct the estimated process size is. mallinfo which it's based on is broken in many ways.. Well, let's put it this way: Linux says (I checked) that the RSS (Resident Set Size) is around 18MB. This seems a bit wasteful for something that is just sitting idle with a minimal memory cache and no disk cache. So maybe mallinfo is exaggerating it slightly, I'm expecting an RSS of around 4MB when I see an accounted mempool usage of 1.85MB. -- Sincerely, Stephen R. van den Berg.
Re: [squid-users] Building squid 3.1.0.13 on MS-Windows (minGW)
CC'ing to squi-dev. This really should be over there.
Maybe Guido can help.
Nevil Thatcher wrote:
I have attempted this on 2 Widows PC's the First (work) Windows XP and at hoem
Windows 7
Using squid -X I get the following output
C:\squid\sbinsquid -X
2009/08/16 20:18:11.683| command-line -X overrides: ALL,7
2009/08/16 20:18:11.683| signal: sig=31 func=sigusr2_handle: (0) No error
2009/08/16 20:18:11.683| CacheManager::registerAction: registering legacy mem
2009/08/16 20:18:11.683| CacheManager::findAction: looking for action mem
2009/08/16 20:18:11.683| Action not found.
2009/08/16 20:18:11.683| CacheManager::registerAction: registered mem
2009/08/16 20:18:11.683| aclDestroyACLs: invoked
2009/08/16 20:18:11.683| ACL::Prototype::Registered: invoked for type src
2009/08/16 20:18:11.683| ACL::Prototype::Registered:yes
2009/08/16 20:18:11.683| ACL::FindByName 'all'
2009/08/16 20:18:11.683| ACL::FindByName found no match
2009/08/16 20:18:11.683| aclParseAclLine: Creating ACL 'all'
2009/08/16 20:18:11.683| ACL::Prototype::Factory: cloning an object for type
'src'
2009/08/16 20:18:11.683| aclIpParseIpData: all
2009/08/16 20:18:11.683| aclIpParseIpData: magic 'all' found.
2009/08/16 20:18:11.683| aclParseAccessLine: looking for ACL name 'all'
2009/08/16 20:18:11.683| ACL::FindByName 'all'
2009/08/16 20:18:11.683| Processing Configuration File:
c:/squid/etc/squid.conf(depth 0)
2009/08/16 20:18:11.683| Processing: 'acl manager proto cache_object'
2009/08/16 20:18:11.683| ACL::Prototype::Registered: invoked for type proto
2009/08/16 20:18:11.683| ACL::Prototype::Registered:yes
2009/08/16 20:18:11.683| ACL::FindByName 'manager'
2009/08/16 20:18:11.683| ACL::FindByName found no match
2009/08/16 20:18:11.698| aclParseAclLine: Creating ACL 'manager'
2009/08/16 20:18:11.698| ACL::Prototype::Factory: cloning an object for type
'proto'
2009/08/16 20:18:11.698| Processing: 'acl localhost src 127.0.0.1/32'
2009/08/16 20:18:11.698| ACL::Prototype::Registered: invoked for type src
2009/08/16 20:18:11.698| ACL::Prototype::Registered:yes
2009/08/16 20:18:11.698| ACL::FindByName 'localhost'
2009/08/16 20:18:11.698| ACL::FindByName found no match
2009/08/16 20:18:11.698| aclParseAclLine: Creating ACL 'localhost'
2009/08/16 20:18:11.698| ACL::Prototype::Factory: cloning an object for type
'src'
2009/08/16 20:18:11.698| aclIpParseIpData: 127.0.0.1/32
2009/08/16 20:18:11.698| aclIpParseIpData: '127.0.0.1/32' matched: SCAN3-v4: %[0123456789.]/%[0123456789.]
2009/08/16 20:18:11.698| aclIpParseIpData: *addr1:1 addr1:127.0.0.1 q-addr1: 0.0.0.0
2009/08/16 20:18:11.698| aclIpParseIpData: unknown first address in
'127.0.0.1/32'
2009/08/16 20:18:11.698| leave_suid: PID 4208 called
FATAL: Bungled squid.conf line 2: acl localhost src 127.0.0.1/32
Squid Cache (Version 3.1.0.13): Terminated abnormally.
CPU Usage: 0.016 seconds = 0.000 user + 0.016 sys
Maximum Resident Size: 5676 KB
Page faults with physical i/o: 1459
Note: I added an extra debug statement above the point it is failing
/* Decode addr1 */
debugs(28, 0, aclIpParseIpData: *addr1: *addr1 addr1: addr1 q-addr1:
q-addr1);
if (!*addr1 || !(q-addr1 = addr1)) {
debugs(28, 0, aclIpParseIpData: unknown first address in ' t
');
delete q;
self_destruct();
return NULL;
Your statement needs to be below as well. Before the failure point the
q-addr1 is empty.
It's also high time the IpAddress.cc code debugs were activated.
If you can add this patch some other things will start to show:
=== modified file 'src/ip/IpAddress.cc'
--- src/ip/IpAddress.cc 2009-04-07 13:51:57 +
+++ src/ip/IpAddress.cc 2009-08-16 12:12:14 +
@@ -36,6 +36,7 @@
#include config.h
#include ip/IpAddress.h
+#include Debug.h
#include util.h
@@ -56,15 +57,6 @@
#error INET6 defined but has been deprecated! Try running bootstrap
and configure again.
#endif
-/* We want to use the debug routines when running as module of squid. */
-/* otherwise fallback to printf if those are not available. */
-#ifndef SQUID_DEBUG
-#define debugs(a,b,c)// drop.
-#else
-#warning IpAddress built with Debugs!!
-#include ../src/Debug.h
-#endif
-
#if !USE_IPV6
// So there are some places where I will drop to using Macros too.
// At least I can restrict them to this file so they don't corrupt
the app with C code.
Amos
-Original Message-
From: Amos Jeffries [mailto:squ...@treenet.co.nz]
Sent: Sunday, 16 August 2009 2:22 PM
To: Nevil Thatcher
Cc: squid-us...@squid-cache.org
Subject: Re: [squid-users] Building squid 3.1.0.13 on MS-Windows (minGW)
Nevil Thatcher wrote:
I have tried downgrading
minGW runtime from 3.15.2 to 3.14
w32api 3.13 to 3.11
and rebuild - no change to result, squid still fails to start with error:
2009/08/16 11:41:30| aclIpParseIpData: unknown first address in '127.0.0.1/32'
FATAL: Bungled squid.conf line 2: acl localhost src 127.0.0.1/32
Squid Cache (Version 3.1.0.13): Terminated abnormally.
Build failed in Hudson: 3.HEAD-amd64-CentOS-5.2 #34
See http://build.squid-cache.org/job/3.HEAD-amd64-CentOS-5.2/34/changes Changes: [Amos Jeffries squ...@treenet.co.nz] Enable IpAddress debugs. remove unused method [Amos Jeffries squ...@treenet.co.nz] Fix release notes dist [Amos Jeffries squ...@treenet.co.nz] Drop obsolete include/squid_mswin.h It has been located at compat/os/mswin.h for some time now. -- [...truncated 3520 lines...] if g++ -DHAVE_CONFIG_H -DDEFAULT_CONFIG_FILE=\http://build.squid-cache.org/job/3.HEAD-amd64-CentOS-5.2/ws/btlayer-00-default/squid-3.HEAD-BZR/_inst/etc/squid.conf\; -DDEFAULT_SQUID_DATA_DIR=\http://build.squid-cache.org/job/3.HEAD-amd64-CentOS-5.2/ws/btlayer-00-default/squid-3.HEAD-BZR/_inst/share\; -DDEFAULT_SQUID_CONFIG_DIR=\http://build.squid-cache.org/job/3.HEAD-amd64-CentOS-5.2/ws/btlayer-00-default/squid-3.HEAD-BZR/_inst/etc\; -I../.. -I../../include -I../../src -I../include -I../../lib -I../src -I/usr/include/libxml2 -Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments -g -O2 -MT DiskIO/DiskIOModules_gen.o -MD -MP -MF $depbase.Tpo -c -o DiskIO/DiskIOModules_gen.o DiskIO/DiskIOModules_gen.cc; \ then mv -f $depbase.Tpo $depbase.Po; else rm -f $depbase.Tpo; exit 1; fi rm -f libBlocking.a /usr/bin/ar cru libBlocking.a DiskIO/Blocking/BlockingFile.o DiskIO/Blocking/BlockingIOStrategy.o DiskIO/Blocking/BlockingDiskIOModule.o ranlib libBlocking.a /bin/sh ../libtool --tag=CXX --mode=link g++ -Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments -g -O2 -g -o unlinkd unlinkd_daemon.o SquidNew.o base/libbase.la libsquid.la auth/libacls.la ident/libident.la acl/libacls.la acl/libstate.la auth/libauth.la acl/libapi.la ip/libip.la fs/libfs.la -L../lib -lmiscutil -lm -lresolv -lbsd -lnsl /bin/sh ../libtool --tag=CXX --mode=link g++ -Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments -g -O2 -g -o ufsdump cbdata.o debug.o int.o mem.o MemBuf.o store_key_md5.o StoreMeta.o StoreMetaMD5.o StoreMetaSTD.o StoreMetaSTDLFS.o StoreMetaUnpacker.o StoreMetaURL.o StoreMetaVary.o String.o time.o ufsdump.o dlink.o HttpRequestMethod.o RemovalPolicy.o tests/stub_fd.o globals.o base/libbase.la libsquid.la auth/libacls.la ident/libident.la acl/libacls.la acl/libstate.la auth/libauth.la acl/libapi.la ip/libip.la fs/libfs.la repl/liblru.a -lcrypt ../snmplib/libsnmp.a -L../lib -lmiscutil -lm -lresolv -lbsd -lnsl g++ -Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments -g -O2 -g -o unlinkd unlinkd_daemon.o SquidNew.o base/.libs/libbase.a ./.libs/libsquid.a auth/.libs/libacls.a ident/.libs/libident.a acl/.libs/libacls.a acl/.libs/libstate.a auth/.libs/libauth.a acl/.libs/libapi.a ip/.libs/libip.a fs/.libs/libfs.a -Lhttp://build.squid-cache.org/job/3.HEAD-amd64-CentOS-5.2/ws/btlayer-00-default/squid-3.HEAD-BZR/_build/lib -lmiscutil -lm -lresolv -lbsd -lnsl /bin/sh ../libtool --tag=CXX --mode=link g++ -Werror -Wall -Wpointer-arith -Wwrite-strings -Wcomments -g -O2 -g -o squid AclRegs.o AuthReg.o access_log.o AsyncEngine.o cache_cf.o ProtoPort.o CacheDigest.o cache_manager.o carp.o cbdata.o ChunkedCodingParser.o client_db.o client_side.o client_side_reply.o client_side_request.o BodyPipe.o clientStream.o CompletionDispatcher.o comm_select.o comm_select_win32.o comm_poll.o comm_epoll.o comm_kqueue.o ConfigOption.o ConfigParser.o debug.o disk.o DiskIO/DiskIOModule.o DiskIO/ReadRequest.o DiskIO/WriteRequest.o dlink.o dns_internal.o DnsLookupDetails.o errorpage.o ETag.o event.o EventLoop.o external_acl.o ExternalACLEntry.o fd.o fde.o filemap.o forward.o fqdncache.o ftp.o gopher.o helper.o hier_code.o htcp.o http.o HttpStatusLine.o HttpHdrCc.o HttpHdrRange.o HttpHdrSc.o HttpHdrScTarget.o HttpHdrContRange.o HttpHeader.o HttpHeaderTools.o HttpBody.o HttpMsg.o HttpReply.o HttpRequest.o HttpRequestMethod.o icp_v2.o icp_v3.o int.o internal.o ipc.o ipcache.o list.o logfile.o main.o mem.o mem_node.o MemBuf.o MemObject.o mime.o mime_header.o multicast.o neighbors.o Packer.o Parsing.o pconn.o peer_digest.o peer_select.o peer_sourcehash.o peer_userhash.o redirect.o referer.o refresh.o RemovalPolicy.o send-announce.o snmp_core.o snmp_agent.o SquidNew.o stat.o StatHist.o String.o stmem.o store.o StoreFileSystem.o store_io.o StoreIOState.o store_client.o store_digest.o store_dir.o store_key_md5.o store_log.o store_rebuild.o store_swapin.o store_swapmeta.o store_swapout.o StoreMeta.o StoreMetaMD5.o StoreMetaSTD.o StoreMetaSTDLFS.o StoreMetaUnpacker.o StoreMetaURL.o StoreMetaVary.o StoreSwapLogData.o Server.o SwapDir.o time.o tools.o tunnel.o unlinkd.o url.o URLScheme.o urn.o useragent.o wccp.o wccp2.o whois.o wordlist.oDiskIO/DiskIOModules_gen.o repl_modules.o globals.o string_arrays.o base/libbase.la libsquid.la auth/libacls.la ident/libident.la acl/libacls.la acl/libstate.la auth/libauth.la acl/libapi.la ip/libip.la fs/libfs.la icmp/libicmp.la icmp/libicmp-core.la ../compat/libcompat.la -L../lib
Re: /bzr/squid3/trunk/ r9907: Add 0.0.0.0 as an to_localhost address
sön 2009-08-16 klockan 19:17 +1200 skrev Amos Jeffries: Aha. Just connect() then? not really bind() or listen()? Correct. Bind to 0.0.0.0 is any address. I'm thinking that aliasing has already been done before Squid gets such packets at the 'other end'. So that we only see the real localhost IP if its intercepted. Right? 0.0.0.0 is not valid for use on the wire. I would expect stacks to discard such packets. Problem might be DNS on forward proxy traffic, but thats validated out of existence to a NXDOMAIN. ? Leaving only hosts file entries. I know 0.0.0.0 is used to boganize domain names at times. Because it doesn't resolve! For the intended use of the ACL as you highlight, yes I agree it's a good change. It may not be good for the reality situation though. Well, it's the same thing so doesn't matter really. What about a bogons ACL for less confusion? dst 0.0.0.0 is not more bogon than dst 127.0.0.1. Regards Henrik
Re: separate these to new list?: Build failed...
sön 2009-08-16 klockan 21:42 +0800 skrev Adrian Chadd: There's more build failure messages on squid-dev then actual development discussion. Yes, as there is a release notes change some revisions back blocking the builds... Perhaps the build failure email should start spamming the person who did the commit, rather than squid-dev. Hard to determine the person sometimes. Regards Henrik
Re: separate these to new list?: Build failed...
I think the suggestion that there be a list that receives the output of the various automation tools in use is not an unreasonable one. Those who need this output could get it every bit as easily as now, by subscribing to that list. - Henrik Nordstrom hen...@henriknordstrom.net wrote: sön 2009-08-16 klockan 21:42 +0800 skrev Adrian Chadd: There's more build failure messages on squid-dev then actual development discussion. Yes, as there is a release notes change some revisions back blocking the builds... Perhaps the build failure email should start spamming the person who did the commit, rather than squid-dev. Hard to determine the person sometimes. Regards Henrik -- Matt Benjamin The Linux Box 206 South Fifth Ave. Suite 150 Ann Arbor, MI 48104 http://linuxbox.com tel. 734-761-4689 fax. 734-769-8938 cel. 734-216-5309
Re: cvs commit: squid/helpers/external_acl/mswin_ad_group Makefile.am mswin_check_ad_group.c mswin_check_ad_group.h readme.txt
sön 2009-08-16 klockan 03:31 -0600 skrev Serassio Guido: Windows port: Update mswin_check_ad_group to version 2.0 Does this mean you are ready for release now? Regards Henrik
Re: separate these to new list?: Build failed...
On Sun, 2009-08-16 at 04:05 +0200, Henrik Nordstrom wrote: sön 2009-08-16 klockan 10:23 +1000 skrev Robert Collins: If the noise is too disturbing to folk we can investigate these... I wouldn't want anyone to leave the list because of these reports. I would expect the number of reports to decline significantly as we learn to check commits better to avoid getting flamed in failed build reports an hour later.. combined with the filtering just applied which already reduced it to 1/6. But seriously, it would be a sad day if these reports becomes so frequent compared to other discussions that developers no longer would like to stay subscribed. We then have far more serious problems.. Discussion on this list can be quite sporadic, and its easy for build message volume to be a significant overhead - at least thats my experience in other projects - lists which have unintentional traffic feel hard to deal with. This includes bug mail, build mail, automated status reports and so on. Secondly, I wager that many folk on this list are not regular committers and are unlikely to hop up and fix a build failure; so its not really the right balance for them to be hearing about failures. I think it makes sense to have a dedicated list (squild-bui...@squid-cache.org) for build status activity. I probably won't be on it, for instance. (I prefer to track such data via rss feeds - they don't grab my attention when I'm in the middle of something else, but the data is there and I can still look at and fix things). -Rob signature.asc Description: This is a digitally signed message part
Re: [squid-users] Building squid 3.1.0.13 on MS-Windows (minGW)
Hi Amos, At 14.25 16/08/2009, Amos Jeffries wrote: CC'ing to squi-dev. This really should be over there. Maybe Guido can help. Probably the solution is not simple. As you know, the development of Squid 3 is stopped since April 2008 after the bazaar migration. This means that ALL subsequent code changes to Squid 3 are fully untested on Windows. Two months ago I was able to fix all the build failures of Squid 3 when building using MinGW, but nothing was done on functionality side. Today, according to Canonical people, bazaar should really work on Windows, but the there are too much outstanding code changes to be checked for a single developer: looking to Squid 3.1 project summary, there are 1022 changesets with 204446 line insertion and 295342 line deletion. For my point of view, currently the Windows port of Squid 3.0 must be considered fully broken because is incomplete and untested. Regards Guido - = Guido Serassio Acme Consulting S.r.l. - Microsoft Gold Certified Partner Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.seras...@acmeconsulting.it WWW: http://www.acmeconsulting.it/
R: cvs commit: squid/helpers/external_acl/mswin_ad_group Makefile.am mswin_check_ad_group.c mswin_check_ad_group.h readme.txt
Hi Henrik, -Messaggio originale- Da: Henrik Nordstrom [mailto:hen...@henriknordstrom.net] Inviato: domenica 16 agosto 2009 22.32 A: Squid Developers Oggetto: Re: cvs commit: squid/helpers/external_acl/mswin_ad_group Makefile.am mswin_check_ad_group.c mswin_check_ad_group.h readme.txt sön 2009-08-16 klockan 03:31 -0600 skrev Serassio Guido: Windows port: Update mswin_check_ad_group to version 2.0 Does this mean you are ready for release now? Regards Henrik I think that the new helper should be stable enough, so you can start with the STABLE 7 release process. Please, add also the PatchSet 12515 to 2.7. Regards Guido Guido Serassio Acme Consulting S.r.l. Microsoft Gold Certified Partner Via Lucia Savarino, 110098 - Rivoli (TO) - ITALY Tel. : +39.011.9530135 Fax. : +39.011.9781115 Email: guido.seras...@acmeconsulting.it WWW: http://www.acmeconsulting.it
Re: R: cvs commit: squid/helpers/external_acl/mswin_ad_group Makefile.am mswin_check_ad_group.c mswin_check_ad_group.h readme.txt
sön 2009-08-16 klockan 23:09 +0200 skrev Guido Serassio: I think that the new helper should be stable enough, so you can start with the STABLE 7 release process. Done. Next nightly is most likely the code for 2.7.STABLE7. But remains to update releasenotes, changelog etc... Regards Henrik
Re: memPool unaccounted
sön 2009-08-16 klockan 11:19 +0200 skrev Stephen R. van den Berg: Well, let's put it this way: Linux says (I checked) that the RSS (Resident Set Size) is around 18MB. This seems a bit wasteful for something that is just sitting idle with a minimal memory cache and no disk cache. For what it's worth I have about 4MB in memPool unaccounted. This with a fairly small config I use for testing and not used at all (just started). Regards Henrik
buildfarm builds for squid-2?
I thought I'd just gauge interest in having 2.HEAD and 2.CURRENT tested in the buildfarm. For all that most development is focused on 3, there are still commits being done to 2.x, and most of the hard work in the buildfarm is setup - which is now done. -Rob signature.asc Description: This is a digitally signed message part
Re: buildfarm builds for squid-2?
mån 2009-08-17 klockan 08:20 +1000 skrev Robert Collins: I thought I'd just gauge interest in having 2.HEAD and 2.CURRENT tested in the buildfarm. For all that most development is focused on 3, there are still commits being done to 2.x, and most of the hard work in the buildfarm is setup - which is now done. Sounds like a good idea. A make distcheck with per host supplied DISTCHECK_CONFIGURE_FLAGS should be quite sufficient. Regards Henrik
Re: /bzr/squid3/trunk/ r9907: Add 0.0.0.0 as an to_localhost address
Henrik Nordstrom wrote: sön 2009-08-16 klockan 19:17 +1200 skrev Amos Jeffries: Aha. Just connect() then? not really bind() or listen()? Correct. Bind to 0.0.0.0 is any address. I'm thinking that aliasing has already been done before Squid gets such packets at the 'other end'. So that we only see the real localhost IP if its intercepted. Right? 0.0.0.0 is not valid for use on the wire. I would expect stacks to discard such packets. Problem might be DNS on forward proxy traffic, but thats validated out of existence to a NXDOMAIN. ? Leaving only hosts file entries. I know 0.0.0.0 is used to boganize domain names at times. Because it doesn't resolve! For the intended use of the ACL as you highlight, yes I agree it's a good change. It may not be good for the reality situation though. Well, it's the same thing so doesn't matter really. What about a bogons ACL for less confusion? dst 0.0.0.0 is not more bogon than dst 127.0.0.1. Yes it is. Consider the virtual host setup with DNS views: foo.example.com - 1.2.3.4 (when the public checks) foo.example.com - 127.0.0.1 (when Squid checks) Squid listening on 1.2.3.4.:80 Apache listening on 127.0.0.1:80 Based on what ACL the admin can see in the config file and what they need to do squid.conf very often gets this: http_access allow to_localhost cache_peer_access apache allow to_localhost For this usage 127.* is not a bogon at all. Yet 0.0.0.0 in it's place would be completely insane despite any trickery the TCP stack might do to cope. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13
Re: R: cvs commit: squid/helpers/external_acl/mswin_ad_group Makefile.am mswin_check_ad_group.c mswin_check_ad_group.h readme.txt
Guido Serassio wrote: Hi Henrik, -Messaggio originale- Da: Henrik Nordstrom [mailto:hen...@henriknordstrom.net] Inviato: domenica 16 agosto 2009 22.32 A: Squid Developers Oggetto: Re: cvs commit: squid/helpers/external_acl/mswin_ad_group Makefile.am mswin_check_ad_group.c mswin_check_ad_group.h readme.txt sön 2009-08-16 klockan 03:31 -0600 skrev Serassio Guido: Windows port: Update mswin_check_ad_group to version 2.0 Does this mean you are ready for release now? Regards Henrik I think that the new helper should be stable enough, so you can start with the STABLE 7 release process. Please, add also the PatchSet 12515 to 2.7. Can we get these dropped into Squid-3 as well then? The helper code is still largely isolated from Squid and should not differ by much if anything between -2 and -3. The timing is good to get this ported before I start any of the helper renaming and remodelling for 3.2. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13
Hudson build is back to normal: 3.HEAD-amd64-CentOS-5.2 #35
See http://build.squid-cache.org/job/3.HEAD-amd64-CentOS-5.2/35/changes
Re: [squid-users] Building squid 3.1.0.13 on MS-Windows (minGW)
Guido Serassio wrote: Hi Amos, At 14.25 16/08/2009, Amos Jeffries wrote: CC'ing to squi-dev. This really should be over there. Maybe Guido can help. Probably the solution is not simple. As you know, the development of Squid 3 is stopped since April 2008 after the bazaar migration. This means that ALL subsequent code changes to Squid 3 are fully untested on Windows. Two months ago I was able to fix all the build failures of Squid 3 when building using MinGW, but nothing was done on functionality side. Today, according to Canonical people, bazaar should really work on Windows, but the there are too much outstanding code changes to be checked for a single developer: looking to Squid 3.1 project summary, there are 1022 changesets with 204446 line insertion and 295342 line deletion. The big part of that (source re-formatting, error page template changes, and AsyncCalls) won't affect windows. The bits that will I think are quite small. The problem is only the time and testing needed to find them. Nevil has been very helpful and found this one, I think it's worthwhile fixing whatever happens. (This is only regarding the 3.0-3.1 diff, any big issues from 3.0 may still be large problems). For my point of view, currently the Windows port of Squid 3.0 must be considered fully broken because is incomplete and untested. Regards Guido We have now limited this particular functionality problem to getaddrinfo(). I'm thinking the socket API wrappings in mswin.h just need to be expanded to include those getaddrinfo/freeaddrinfo/getnameinfo calls. That will cover one of the bigger gaps in the new system API calls 3.1 makes. I was hoping you could help out with some info on how to do the wrapping properly. If Nevil is happy to continue as tester with this I'm happy to keep debugging and fixing windows things by remote. Amos -- Please be using Current Stable Squid 2.7.STABLE6 or 3.0.STABLE18 Current Beta Squid 3.1.0.13
