lp:squid

Created by Amos Jeffries on 2016-11-10 and last modified on 2018-09-11

Squid Project has moved to git VCS. see https://github.com/squid-cache/squid for newer code.

Get this branch:
bzr branch lp:squid

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
squid
Project:
Squid
Status:
Abandoned

Import details

Import Status: Reviewed

This branch is an import of the Bazaar branch at http://bzr.squid-cache.org/bzr/squid3/5.

The next import is scheduled to run in 1 hour.

Last successful import was 4 hours ago.

Import started 4 hours ago on izar and finished 4 hours ago taking 20 seconds — see the log
Import started 10 hours ago on izar and finished 10 hours ago taking 25 seconds — see the log
Import started 16 hours ago on izar and finished 16 hours ago taking 20 seconds — see the log
Import started 22 hours ago on alnitak and finished 22 hours ago taking 20 seconds — see the log
Import started on 2018-10-21 on izar and finished on 2018-10-21 taking 20 seconds — see the log
Import started on 2018-10-21 on alnitak and finished on 2018-10-21 taking 20 seconds — see the log
Import started on 2018-10-21 on izar and finished on 2018-10-21 taking 20 seconds — see the log
Import started on 2018-10-21 on alnitak and finished on 2018-10-21 taking 20 seconds — see the log
Import started on 2018-10-20 on izar and finished on 2018-10-20 taking 20 seconds — see the log
Import started on 2018-10-20 on alnitak and finished on 2018-10-20 taking 20 seconds — see the log

Recent revisions

15243. By Alex Rousskov on 2017-07-12

Made clang happier after r15240: no type named vector in namespace std.

15242. By Alex Rousskov on 2017-07-12

Made GCC happier after r15240 [-Werror=shadow].

15241. By Source Maintenance <email address hidden> on 2017-07-12

SourceFormat Enforcement

15240. By Alex Rousskov on 2017-07-12

Happy Eyeballs: Deliver DNS resolution results to peer selection ASAP.

To make eyeballs happy, DNS code must deliver each lookup result to the
IP cache and, ultimately, to upper layers of ipcache_nbgethostbyname()
callers. This requires changing two interfaces:

1. between the DNS and the IP cache (the IDNSCB callback);
2. between the IP cache and peer selection code (the IPH callback).

The IDNSCB callback is now called after every usable A and AAAA lookup
instead of waiting for both answers. The IPH callback now has a sister
API for incremental delivery: The Dns::IpReceiver class.

To safely handle incremental delivery of IP addresses to the IP cache, I
upgraded ipcache_addrs from an equivalent of a C POD to a C++ CachedIps
container. The encapsulation allowed me to clearly separate the two IP
cache iteration APIs:

* All IPs (used by, e.g., ACL matching and host verification code) and
* just the "good" IPs (used only for peer selection for now).

CachedIps stores IPs together with their good/bad status in a single
std::vector. Eventually, the CachedIp element may be extended to store
TTL. The following implementation alternatives were considered and
rejected (at least for now) while optimizing for the "a few (and usually
just one), usually good IPs" case:

* Using std::list or std::deque storage would consume more RAM[1] for
  the common case of one (or few) IPs per name and slowed down IPs
  iteration code.
  [1] http://info.prelert.com/blog/stl-container-memory-usage
* Separating IP from its status, like the old code did, would make it
  easier to mismatch IP and its status, make it harder to add more
  metadata like per-IP TTL, and only save memory when storing many IPs
  per name.

The drawback of the selected "all IP-related info in one place" approach
is that we need smart iterators (e.g., the added GoodIpsIterator) or a
visitor API.

I added a new interface class for the incremental notification about
newly found IP addresses (Dns::IpReceiver) instead of adding second
IPH-like function pointer because we cannot safely call cbdata-protected
functions multiple times for the same cbdata object -- only
cbdataReferenceValidDone() dereferences the opaque pointer properly, and
that function cannot be called repeatedly. CbcPointer solves that
problem (but requires a class). Class methods also allow for more
precise notifications, with fewer ifs in the recipient code.

The new IpCacheLookupForwarder class hides the differences between the
old C-style IPH callbacks and the new Dns::IpReceiver. Eventually, we
may be able to move all lookup-specific data/methods into
IpCacheLookupForwarder, away from the IP cache entries where that info
is useless at best.

mgr:ipcache no longer reports "IPcache Entries In Use" but that info is
now available as "cbdata ipcache_entry" row in mgr:mem.

Do not cache IPv6 /etc/hosts addresses when IPv6 support is disabled.
This change simplified code, made it more consistent (we did not cache
AAAA records), and fixed ipcacheCycleAddr() and ipcacheMarkAllGood()
that were clearing supposed-to-be-permanent "bad (IPv6 disabled)" marks.

Also fixed two DNS TTL bugs. Squid now uses minimum TTL among all used
DNS records[2]. Old ipcacheParse() was trying to do the same but:
* could overwrite a zero TTL with a positive value
* took into account TTLs from unused record types (e.g., CNAME).
[2] Subject to *_dns_ttl limits in squid.conf, as before.

Also fixed "delete xstrdup" (i.e., malloc()ed) pointer in bracketed IP
parsing code (now moved to Ip::Address::FromHost()).

Also prohibited duplicate addresses from entering the IP cache. Allowing
duplicates may be useful for various hacks, but the IP cache code
assumes that cached IPs are unique and fails to mark bad repeated IPs.

Also fixed sending Squid Announcements to unsupported/disabled IPv6
addresses discovered via /etc/hosts.

Also slightly optimized dstdomain when dealing with IP-based host names:
The code now skips unnecessary Ip::Address to ipcache_addrs conversion.
This simplification may also help remove the ipcacheCheckNumeric() hack.
The bracketed IP parsing code was moved to Ip::Address::fromHost(). It
still needs a lot of love.

15239. By Amos Jeffries on 2017-07-10

TLS: move X509_NAME_STACK_Pointer to Security::ServerOptions

This Pointer is only used by the Server port options.

No GnuTLS support added in this patch, just a straight shuffle
of the OpenSSL code.

15238. By Amos Jeffries on 2017-07-09

Bug 1961 extra: Convert the URL::parse method API to take const URI strings

The input buffer is no longer truncated when overly long. All callers have
been checked that they handle the bool false return value in ways that do
not rely on that truncation.

Callers that were making non-const copies of buffers specifically for the
parsing stage are altered not to do so. This allows a few data copies and
allocations to be removed entirely, or delayed to remove from error handling
paths.

While checking all the callers of Http::FromUrl several places were found to
be using the "raw" URL string before the parsing and validation was done. The
simplest in src/mime.cc is already applied to v5 r15234. A more complicated
redesign in src/store_digest.cc is included here for review. One other marked
with an "XXX: polluting ..." note.

Also, added several TODO's to mark code where class URL needs to be used when
the parser is a bit more efficient.

Also, removed a leftover definition of already removed urlParse() function.

15237. By Amos Jeffries on 2017-07-08

Fix ignored-qualifiers warning in class String

15236. By Amos Jeffries on 2017-07-08

Cleanup: update InstanceId to C++11

... fixing some ignored-qualifiers warnings

15235. By Amos Jeffries on 2017-07-08

Cleanup: remove many unused-parameter warnings from tests and stubs

15234. By Amos Jeffries on 2017-07-08

Validate mime icon URL before allocating store entries

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers

No subscribers.