[squid-dev] Build failed in Jenkins: trunk-x64-centos-6-clang #467

[noc]

See 

Changes:

[Amos Jeffries] Windows: fix build errors after rev.13867

[Source Maintenance] SourceFormat Enforcement

[Christos Tsantilas] SNI information is not set on transparent bumping mode

Forward SNI (obtained from an intercepted client connection) to servers
when SslBump peeks or stares at the server certificate.

SslBump was not forwarding SNI to servers when Squid obtained SNI from an
intercepted client while peeking (or staring) at client Hello.

This is a Measurement Factory project

--
[...truncated 3765 lines...]
sed -e 's,[@]PERL[@],/usr/bin/perl,g' 
<../../../../helpers/basic_auth/DB/basic_db_auth.pl.in >basic_db_auth || 
(/bin/rm -f -f basic_db_auth ; exit 1)
pod2man basic_db_auth basic_db_auth.8
make[4]: Leaving directory 
`
Making all in LDAP
make[4]: Entering directory 
`
ccache clang++ -DHAVE_CONFIG_H   -I../../../.. -I../../../../include 
-I../../../../lib -I../../../../src -I../../../include -Werror 
-Qunused-arguments -Wno-deprecated-register  -D_REENTRANT -g -O2 -std=c++11 -MT 
basic_ldap_auth.o -MD -MP -MF .deps/basic_ldap_auth.Tpo -c -o basic_ldap_auth.o 
../../../../helpers/basic_auth/LDAP/basic_ldap_auth.cc
mv -f .deps/basic_ldap_auth.Tpo .deps/basic_ldap_auth.Po
/bin/sh ../../../libtool --tag=CXX   --mode=link ccache clang++ -Werror 
-Qunused-arguments -Wno-deprecated-register  -D_REENTRANT -g -O2 -std=c++11  -g 
-o basic_ldap_auth basic_ldap_auth.o ../../../lib/libmiscencoding.la 
../../../compat/libcompat-squid.la  -lldap -llber 
libtool: link: ccache clang++ -Werror -Qunused-arguments 
-Wno-deprecated-register -D_REENTRANT -g -O2 -std=c++11 -g -o basic_ldap_auth 
basic_ldap_auth.o  ../../../lib/.libs/libmiscencoding.a 
../../../compat/.libs/libcompat-squid.a -lldap -llber
make[4]: Leaving directory 
`
Making all in NCSA
make[4]: Entering directory 
`
ccache clang++ -DHAVE_CONFIG_H   -I../../../.. -I../../../../include 
-I../../../../lib -I../../../../src -I../../../include
-I../../../../helpers/basic_auth/NCSA  -Werror -Qunused-arguments 
-Wno-deprecated-register  -D_REENTRANT -g -O2 -std=c++11 -MT basic_ncsa_auth.o 
-MD -MP -MF .deps/basic_ncsa_auth.Tpo -c -o basic_ncsa_auth.o 
../../../../helpers/basic_auth/NCSA/basic_ncsa_auth.cc
ccache clang++ -DHAVE_CONFIG_H   -I../../../.. -I../../../../include 
-I../../../../lib -I../../../../src -I../../../include
-I../../../../helpers/basic_auth/NCSA  -Werror -Qunused-arguments 
-Wno-deprecated-register  -D_REENTRANT -g -O2 -std=c++11 -MT crypt_md5.o -MD 
-MP -MF .deps/crypt_md5.Tpo -c -o crypt_md5.o 
../../../../helpers/basic_auth/NCSA/crypt_md5.cc
mv -f .deps/basic_ncsa_auth.Tpo .deps/basic_ncsa_auth.Po
mv -f .deps/crypt_md5.Tpo .deps/crypt_md5.Po
/bin/sh ../../../libtool --tag=CXX   --mode=link ccache clang++ -Werror 
-Qunused-arguments -Wno-deprecated-register  -D_REENTRANT -g -O2 -std=c++11  -g 
-o basic_ncsa_auth basic_ncsa_auth.o crypt_md5.o 
../../../lib/libmisccontainers.la ../../../lib/libmiscencoding.la 
../../../compat/libcompat-squid.la  -lnettle -lcrypt  -lm -lnsl -lresolv -lcap 
-lrt -ldl -ldl 
libtool: link: ccache clang++ -Werror -Qunused-arguments 
-Wno-deprecated-register -D_REENTRANT -g -O2 -std=c++11 -g -o basic_ncsa_auth 
basic_ncsa_auth.o crypt_md5.o  ../../../lib/.libs/libmisccontainers.a 
../../../lib/.libs/libmiscencoding.a ../../../compat/.libs/libcompat-squid.a 
-lnettle -lcrypt -lm -lnsl -lresolv -lcap -lrt -ldl
make[4]: Leaving directory 
`
Making all in NIS
make[4]: Entering directory 
`
ccache clang++ -DHAVE_CONFIG_H   -I../../../.. -I../../../../include 
-I../../../../lib -I../../../../src -I../../../include
-I../../../../helpers/basic_auth/NIS  -Werror -Qunused-arguments 
-Wno-deprecated-register  -D_REENTRANT -g -O2 -std=c++11 -MT basic_nis_auth.o 
-MD -MP -MF .deps/basic_nis_auth.Tpo -c -o basic_nis_auth.o 
../../../../helpers/basic_auth/NIS/basic_nis_auth.cc
ccache clang++ -DHAVE_CONFIG_H   -I../../../.. -I../../../../include 
-I../../../../lib -I../../../../src -I../../../include
-I../../../../helpers/basic_auth/NIS  -Werror -Qunused-arguments 
-Wno-deprecated-register  -D_REENTRANT -g -O2 -std=c++11

Re: [squid-dev] [PATCH] HTTP request-line parser upgrade

[Amos Jeffries]

On 10/02/2015 6:12 a.m., Kinkie wrote:
> Hi,
>   I am not sure whether this is the most uptodate version of the
> patch; I'm auditing lp:~yadi/squid/parser-ng-requestline revno 13879.
> 

Yes thats the latest right now.

> Short story, I can find nothing obviously evil with it - code is well
> documented and intent is clear; as far as I understand Polygraph,
> Coadvisor and my casual testing all agree that it introduces no
> regressions so for me it could go in right away.
> 
> Only suggestion (non-binding):
> 
> in HttpRequestMethod::HttpRequestMethod:
>  // TODO: Optimize this linear search
>  I suspect this code path is rather hot, and I'd recommend to use a
> trie, a hash or a map here ASAP
> 

That code is rather hot. The search list is ordered by decrementing
expected frequency of values so lookup time is not too bad, and already
optimal for the GET case. Though it would still be worth going to the
new trie or customized search you are working on when those are in trunk.

Amos

___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev

[squid-dev] Build failed in Jenkins: trunk-x64-openbsd-54 #295

[noc]

See 

Changes:

[Amos Jeffries] Windows: fix build errors after rev.13867

[Source Maintenance] SourceFormat Enforcement

[Christos Tsantilas] SNI information is not set on transparent bumping mode

Forward SNI (obtained from an intercepted client connection) to servers
when SslBump peeks or stares at the server certificate.

SslBump was not forwarding SNI to servers when Squid obtained SNI from an
intercepted client while peeking (or staring) at client Hello.

This is a Measurement Factory project

--
[...truncated 3179 lines...]
/usr/local/bin/bash ../../libtool  --tag=CXX--mode=compile ccache g++ 
-DHAVE_CONFIG_H-I../../.. -I../../../include  -I../../../lib -I../../../src 
 -I../../include -I/usr/local/include -I/usr/include/kerberosV  
-I/usr/include/kerberosV   -I../../../libltdl   -Wall -Wpointer-arith 
-Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT -g -O2 
-march=native -MT Connection.lo -MD -MP -MF .deps/Connection.Tpo -c -o 
Connection.lo ../../../src/comm/Connection.cc
libtool: compile:  ccache g++ -DHAVE_CONFIG_H -I../../.. -I../../../include 
-I../../../lib -I../../../src -I../../include -I/usr/local/include 
-I/usr/include/kerberosV -I/usr/include/kerberosV -I../../../libltdl -Wall 
-Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT 
-g -O2 -march=native -MT Connection.lo -MD -MP -MF .deps/Connection.Tpo -c 
../../../src/comm/Connection.cc  -fPIC -DPIC -o .libs/Connection.o
libtool: compile:  ccache g++ -DHAVE_CONFIG_H -I../../.. -I../../../include 
-I../../../lib -I../../../src -I../../include -I/usr/local/include 
-I/usr/include/kerberosV -I/usr/include/kerberosV -I../../../libltdl -Wall 
-Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT 
-g -O2 -march=native -MT Connection.lo -MD -MP -MF .deps/Connection.Tpo -c 
../../../src/comm/Connection.cc -o Connection.o >/dev/null 2>&1
mv -f .deps/Connection.Tpo .deps/Connection.Plo
/usr/local/bin/bash ../../libtool  --tag=CXX--mode=compile ccache g++ 
-DHAVE_CONFIG_H-I../../.. -I../../../include  -I../../../lib -I../../../src 
 -I../../include -I/usr/local/include -I/usr/include/kerberosV  
-I/usr/include/kerberosV   -I../../../libltdl   -Wall -Wpointer-arith 
-Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT -g -O2 
-march=native -MT IoCallback.lo -MD -MP -MF .deps/IoCallback.Tpo -c -o 
IoCallback.lo ../../../src/comm/IoCallback.cc
libtool: compile:  ccache g++ -DHAVE_CONFIG_H -I../../.. -I../../../include 
-I../../../lib -I../../../src -I../../include -I/usr/local/include 
-I/usr/include/kerberosV -I/usr/include/kerberosV -I../../../libltdl -Wall 
-Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT 
-g -O2 -march=native -MT IoCallback.lo -MD -MP -MF .deps/IoCallback.Tpo -c 
../../../src/comm/IoCallback.cc  -fPIC -DPIC -o .libs/IoCallback.o
libtool: compile:  ccache g++ -DHAVE_CONFIG_H -I../../.. -I../../../include 
-I../../../lib -I../../../src -I../../include -I/usr/local/include 
-I/usr/include/kerberosV -I/usr/include/kerberosV -I../../../libltdl -Wall 
-Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT 
-g -O2 -march=native -MT IoCallback.lo -MD -MP -MF .deps/IoCallback.Tpo -c 
../../../src/comm/IoCallback.cc -o IoCallback.o >/dev/null 2>&1
mv -f .deps/IoCallback.Tpo .deps/IoCallback.Plo
/usr/local/bin/bash ../../libtool  --tag=CXX--mode=compile ccache g++ 
-DHAVE_CONFIG_H-I../../.. -I../../../include  -I../../../lib -I../../../src 
 -I../../include -I/usr/local/include -I/usr/include/kerberosV  
-I/usr/include/kerberosV   -I../../../libltdl   -Wall -Wpointer-arith 
-Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT -g -O2 
-march=native -MT ModDevPoll.lo -MD -MP -MF .deps/ModDevPoll.Tpo -c -o 
ModDevPoll.lo ../../../src/comm/ModDevPoll.cc
libtool: compile:  ccache g++ -DHAVE_CONFIG_H -I../../.. -I../../../include 
-I../../../lib -I../../../src -I../../include -I/usr/local/include 
-I/usr/include/kerberosV -I/usr/include/kerberosV -I../../../libltdl -Wall 
-Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT 
-g -O2 -march=native -MT ModDevPoll.lo -MD -MP -MF .deps/ModDevPoll.Tpo -c 
../../../src/comm/ModDevPoll.cc  -fPIC -DPIC -o .libs/ModDevPoll.o
libtool: compile:  ccache g++ -DHAVE_CONFIG_H -I../../.. -I../../../include 
-I../../../lib -I../../../src -I../../include -I/usr/local/include 
-I/usr/include/kerberosV -I/usr/include/kerberosV -I../../../libltdl -Wall 
-Wpointer-arith -Wwrite-strings -Wcomments -Wshadow -Werror -pipe -D_REENTRANT 
-g -O2 -march=native -MT ModDevPoll.lo -MD -MP -MF .deps/ModDevPoll.Tpo -c 
../../../src/comm/ModDevPoll.cc -o ModDevPoll.o >/dev/null 2>&1
mv -f .deps/ModDevPoll.Tpo .deps/ModDevPoll.Plo
/usr/local/bin/bash ../../libtool  --tag=CXX--mode=compile ccache g++ 
-DHAVE_CONFIG_H-I../../.. -I../../

Re: [squid-dev] [PATCH] HTTP request-line parser upgrade

[Kinkie]

Hi,
  I am not sure whether this is the most uptodate version of the
patch; I'm auditing lp:~yadi/squid/parser-ng-requestline revno 13879.

Short story, I can find nothing obviously evil with it - code is well
documented and intent is clear; as far as I understand Polygraph,
Coadvisor and my casual testing all agree that it introduces no
regressions so for me it could go in right away.

Only suggestion (non-binding):

in HttpRequestMethod::HttpRequestMethod:
 // TODO: Optimize this linear search
 I suspect this code path is rather hot, and I'd recommend to use a
trie, a hash or a map here ASAP

Good job!


On Fri, Feb 6, 2015 at 4:08 PM, Amos Jeffries  wrote:
> This patch converts the request-line parse method from a char* string
> parser to using ::Parser::Tokenizer based processing.
>
> * the characters for each token are now limited to the RFC 7230
> compliant values. The URI is taken as a whole token and characters which
> are valid in only one sub-token segment are accepted regardless of their
> position. In relaxed parse that is extended beyond the valid URI
> characters to include the whitespace characters.
>
> * whitespace tolerance is extended to include "binary" whitespace VTAB,
> HTAB, CR and FF characters specified in RFC 7230.
>
> * The Squid specific tolerance for whitespace prefix to method is
> removed. RFC 2730 clarifies that tolerance before request-line is
> specfifically and only for whole empty lines (sequences of CRLF or LF).
>
> * The unit tests are extended to check strict and relaxed parse within
> the new characterset limits. Drip-feed incremental test updated to check
> both parser modes explicitly.
>
>
> * ::Parser:Tokenizer is extended with methods to skip or retrieve a
> token at the suffix of the stored buffer. This is used by the whitespace
> tolerant parse to process the URL and HTTP-version tokens from the line
> "backwards" from the LF position.
>
>
> CoAdvisor and Polygraph show no diffrence from trunk. Which is expected
> since coadvisor does not test RFC 7230 edge cases (yet), and polygraph
> is not stressing incremental parse capabilities.
>
> Amos
>
> ___
> squid-dev mailing list
> squid-dev@lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-dev
>



-- 
Francesco
___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev

Re: [squid-dev] [PATCH] SNI information is not set on transparent bumping mode

[Tsantilas Christos]

On 02/09/2015 02:26 PM, Amos Jeffries wrote:

On 9/02/2015 6:07 a.m., Tsantilas Christos wrote:

SNI information is not set on transparent bumping mode

Forward SNI (obtained from an intercepted client connection) to servers
when SslBump peeks or stares at the server certificate.

SslBump was not forwarding SNI to servers when Squid obtained SNI from
an intercepted client while peeking (or staring) at client Hello.

This patch also fixes squid to consider hostname included in SNI
information more reliable than the hostname provided in CONNECT request
for certificates CN verify



+1. ... and please apply ASAP.


Applied to trunk as rev:13919



Amos

___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev



___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev

Re: [squid-dev] [PATCH] SNI information is not set on transparent bumping mode

[Amos Jeffries]

On 9/02/2015 6:07 a.m., Tsantilas Christos wrote:
> SNI information is not set on transparent bumping mode
> 
> Forward SNI (obtained from an intercepted client connection) to servers
> when SslBump peeks or stares at the server certificate.
> 
> SslBump was not forwarding SNI to servers when Squid obtained SNI from
> an intercepted client while peeking (or staring) at client Hello.
> 
> This patch also fixes squid to consider hostname included in SNI
> information more reliable than the hostname provided in CONNECT request
> for certificates CN verify
> 

+1. ... and please apply ASAP.

Amos

___
squid-dev mailing list
squid-dev@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-dev