Changeset 5502
- Timestamp:
- Jul 13, 2017, 9:41:54 AM (4 years ago)
- Location:
- squid-ssl/trunk/fuentes
- Files:
-
- 56 added
- 15 edited
Legend:
- Unmodified
- Added
- Removed
-
squid-ssl/trunk/fuentes/src/LogTags.h
r5499 r5502 28 28 LOG_TCP_CLIENT_REFRESH_MISS, 29 29 LOG_TCP_IMS_HIT, 30 LOG_TCP_INM_HIT, 30 31 LOG_TCP_SWAPFAIL_MISS, 31 32 LOG_TCP_NEGATIVE_HIT, … … 54 55 (code == LOG_TCP_HIT) || 55 56 (code == LOG_TCP_IMS_HIT) || 57 (code == LOG_TCP_INM_HIT) || 56 58 (code == LOG_TCP_REFRESH_FAIL_OLD) || 57 59 (code == LOG_TCP_REFRESH_UNMODIFIED) || -
squid-ssl/trunk/fuentes/src/Makefile.am
r5499 r5502 910 910 DEFAULT_CONFIG_DIR = $(sysconfdir) 911 911 DEFAULT_CONFIG_FILE = $(DEFAULT_CONFIG_DIR)/squid.conf 912 DEFAULT_MIME_TABLE = $( DEFAULT_CONFIG_DIR)/mime.conf912 DEFAULT_MIME_TABLE = $(datadir)/mime.conf 913 913 DEFAULT_SSL_CRTD = $(libexecdir)/`echo ssl_crtd | sed '$(transform);s/$$/$(EXEEXT)/'` 914 914 DEFAULT_LOG_PREFIX = $(DEFAULT_LOG_DIR) -
squid-ssl/trunk/fuentes/src/Makefile.in
r5499 r5502 3258 3258 DEFAULT_CONFIG_DIR = $(sysconfdir) 3259 3259 DEFAULT_CONFIG_FILE = $(DEFAULT_CONFIG_DIR)/squid.conf 3260 DEFAULT_MIME_TABLE = $( DEFAULT_CONFIG_DIR)/mime.conf3260 DEFAULT_MIME_TABLE = $(datadir)/mime.conf 3261 3261 DEFAULT_SSL_CRTD = $(libexecdir)/`echo ssl_crtd | sed '$(transform);s/$$/$(EXEEXT)/'` 3262 3262 DEFAULT_LOG_PREFIX = $(DEFAULT_LOG_DIR) -
squid-ssl/trunk/fuentes/src/cf.data.pre
r5499 r5502 1207 1207 # Adapt to list your (internal) IP networks from where browsing 1208 1208 # should be allowed 1209 acl localnet src 10.0.0.0/8 # RFC1918 possible internal network1210 acl localnet src 172.16.0.0/12 # RFC1918 possible internal network1211 acl localnet src 192.168.0.0/16 # RFC1918 possible internal network1212 acl localnet src fc00::/7 # RFC 4193 local private network range1213 acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines1209 #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network 1210 #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network 1211 #acl localnet src 192.168.0.0/16 # RFC1918 possible internal network 1212 #acl localnet src fc00::/7 # RFC 4193 local private network range 1213 #acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines 1214 1214 1215 1215 acl SSL_ports port 443 … … 1460 1460 # Adapt localnet in the ACL section to list your (internal) IP networks 1461 1461 # from where browsing should be allowed 1462 http_access allow localnet1462 #http_access allow localnet 1463 1463 http_access allow localhost 1464 1464 … … 3211 3211 reference a combined file containing both the 3212 3212 certificate and the key. 3213 3214 Notes: 3215 3216 On Debian/Ubuntu systems a default snakeoil certificate is 3217 available in /etc/ssl and users can set: 3218 3219 cert=/etc/ssl/certs/ssl-cert-snakeoil.pem 3220 3221 and 3222 3223 key=/etc/ssl/private/ssl-cert-snakeoil.key 3224 3225 for testing. 3213 3226 3214 3227 sslversion=1|2|3|4|5|6 … … 4534 4547 NAME: logfile_rotate 4535 4548 TYPE: int 4536 DEFAULT: 104549 DEFAULT: 0 4537 4550 LOC: Config.Log.rotateNumber 4538 4551 DOC_START … … 4553 4566 Note, from Squid-3.1 this option is only a default for cache.log, 4554 4567 that log can be rotated separately by using debug_options. 4568 4569 Note2, for Debian/Linux the default of logfile_rotate is 4570 zero, since it includes external logfile-rotation methods. 4555 4571 DOC_END 4556 4572 … … 5431 5447 refresh_pattern ^gopher: 1440 0% 1440 5432 5448 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 5449 refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 5450 # example lin deb packages 5451 #refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600 5433 5452 refresh_pattern . 0 20% 4320 5434 5453 NOCOMMENT_END … … 8897 8916 WARNING: 8898 8917 This option will restrict the situations under which IPv6 8899 connectivity is used (and tested) . Hiding network problems8900 which would otherwise be detected and warned about.8918 connectivity is used (and tested), potentially hiding network 8919 problems which would otherwise be detected and warned about. 8901 8920 DOC_END 8902 8921 -
squid-ssl/trunk/fuentes/src/client_side.cc
r5499 r5502 416 416 break; 417 417 418 case LOG_TCP_INM_HIT: 418 419 case LOG_TCP_IMS_HIT: 419 420 statCounter.client_http.nearMissSvcTime.count(svc_time); … … 2661 2662 return; 2662 2663 } 2664 2665 // when absolute-URI is provided Host header should be ignored. However 2666 // some code still uses Host directly so normalize it. 2667 // For now preserve the case where Host is completely absent. That matters. 2668 if (request->header.has(HDR_HOST)) { 2669 const char *host = request->header.getStr(HDR_HOST); 2670 SBuf authority(request->GetHost()); 2671 if (request->port != urlDefaultPort(request->url.getScheme())) 2672 authority.appendf(":%d", request->port); 2673 debugs(33, 5, "URL domain " << authority << " overrides header Host: " << host); 2674 // URL authority overrides Host header 2675 request->header.delById(HDR_HOST); 2676 request->header.putStr(HDR_HOST, authority.c_str()); 2677 } 2663 2678 } 2664 2679 -
squid-ssl/trunk/fuentes/src/client_side_reply.h
r5499 r5502 115 115 int checkTransferDone(); 116 116 void processOnlyIfCachedMiss(); 117 voidprocessConditional(StoreIOBuffer &result);117 bool processConditional(StoreIOBuffer &result); 118 118 void cacheHit(StoreIOBuffer result); 119 119 void handleIMSReply(StoreIOBuffer result); -
squid-ssl/trunk/fuentes/src/client_side_request.cc
r5499 r5502 142 142 al = new AccessLogEntry; 143 143 al->cache.start_time = current_time; 144 al->tcpClient = clientConnection = aConn->clientConnection; 145 al->cache.port = aConn->port; 146 al->cache.caddr = aConn->log_addr; 144 if (aConn) { 145 al->tcpClient = clientConnection = aConn->clientConnection; 146 al->cache.port = aConn->port; 147 al->cache.caddr = aConn->log_addr; 147 148 148 149 #if USE_OPENSSL 149 if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) { 150 if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl) 151 al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl)); 152 } 153 #endif 150 if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) { 151 if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl) 152 al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl)); 153 } 154 #endif 155 } 154 156 dlinkAdd(this, &active, &ClientActiveRequests); 155 157 #if USE_ADAPTATION -
squid-ssl/trunk/fuentes/src/esi/Context.h
r5499 r5502 14 14 #include "esi/Element.h" 15 15 #include "esi/Parser.h" 16 #include "HttpReply.h" 16 17 #include "http/StatusCode.h" 17 18 … … 92 93 Http::StatusCode errorstatus; /* if we error, what code to return */ 93 94 char *errormessage; /* error to pass to error page */ 94 HttpReply *rep; /* buffered until we pass data downstream */95 HttpReply::Pointer rep; /* buffered until we pass data downstream */ 95 96 ESISegment::Pointer buffered; /* unprocessed data - for whatever reason */ 96 97 ESISegment::Pointer incoming; -
squid-ssl/trunk/fuentes/src/esi/Esi.cc
r5499 r5502 574 574 #endif 575 575 576 if (!(rep || (outbound.getRaw() &&576 if (!(rep != NULL || (outbound.getRaw() && 577 577 outbound->len && (outbound_offset <= outbound->len)))) { 578 578 debugs(86, 5, "ESIContext::send: Nothing to send."); … … 619 619 debugs(86, 5, "ESIContext::send: this=" << this << " Client no longer wants data "); 620 620 /* Deal with re-entrancy */ 621 HttpReply *temprep = rep;621 HttpReply::Pointer temprep = rep; 622 622 rep = NULL; /* freed downstream */ 623 623 624 if (temprep && varState)625 varState->buildVary (temprep);624 if (temprep != NULL && varState) 625 varState->buildVary(temprep.getRaw()); 626 626 627 627 { … … 630 630 tempBuffer.offset = pos - len; 631 631 tempBuffer.data = next->readBuffer.data; 632 clientStreamCallback (thisNode, http, temprep , tempBuffer);632 clientStreamCallback (thisNode, http, temprep.getRaw(), tempBuffer); 633 633 } 634 634 … … 967 967 int specifiedattcount = attrCount * 2; 968 968 char *position; 969 assert (ellen < sizeof(localbuf)); /* prevent unexpected overruns. */969 Must(ellen < sizeof(localbuf)); /* prevent unexpected overruns. */ 970 970 971 971 debugs(86, 5, "ESIContext::Start: element '" << el << "' with " << specifiedattcount << " tags"); … … 981 981 localbuf[0] = '<'; 982 982 localbuf[1] = '\0'; 983 assert (xstrncpy (&localbuf[1], el, sizeof(localbuf) - 2));983 xstrncpy(&localbuf[1], el, sizeof(localbuf) - 2); 984 984 position = localbuf + strlen (localbuf); 985 985 986 986 for (i = 0; i < specifiedattcount && attr[i]; i += 2) { 987 Must(static_cast<size_t>(position - localbuf) < sizeof(localbuf) - 1); 987 988 *position = ' '; 988 989 ++position; 989 990 /* TODO: handle thisNode gracefully */ 990 assert (xstrncpy (position, attr[i], sizeof(localbuf) + (position - localbuf)));991 xstrncpy(position, attr[i], sizeof(localbuf) - (position - localbuf)); 991 992 position += strlen (position); 993 Must(static_cast<size_t>(position - localbuf) < sizeof(localbuf) - 2); 992 994 *position = '='; 993 995 ++position; … … 998 1000 while ((ch = *chPtr++) != '\0') { 999 1001 if (ch == '\"') { 1000 assert( xstrncpy(position, """, sizeof(localbuf) + (position-localbuf)) ); 1002 Must(static_cast<size_t>(position - localbuf) < sizeof(localbuf) - 6); 1003 xstrncpy(position, """, sizeof(localbuf) - (position-localbuf)); 1001 1004 position += 6; 1002 1005 } else { 1006 Must(static_cast<size_t>(position - localbuf) < sizeof(localbuf) - 1); 1003 1007 *position = ch; 1004 1008 ++position; 1005 1009 } 1006 1010 } 1007 position += strlen (position);1011 Must(static_cast<size_t>(position - localbuf) < sizeof(localbuf) - 1); 1008 1012 *position = '\"'; 1009 1013 ++position; 1010 1014 } 1011 1015 1016 Must(static_cast<size_t>(position - localbuf) < sizeof(localbuf) - 2); 1012 1017 *position = '>'; 1013 1018 ++position; … … 1095 1100 1096 1101 case ESIElement::ESI_ELEMENT_NONE: 1097 assert (ellen < sizeof (localbuf)); /* prevent unexpected overruns. */1102 Must(ellen < sizeof(localbuf) - 3); /* prevent unexpected overruns. */ 1098 1103 /* Add elements we aren't interested in */ 1099 1104 localbuf[0] = '<'; 1100 1105 localbuf[1] = '/'; 1101 assert (xstrncpy (&localbuf[2], el, sizeof(localbuf) - 3));1106 xstrncpy(&localbuf[2], el, sizeof(localbuf) - 3); 1102 1107 position = localbuf + strlen (localbuf); 1103 1108 *position = '>'; … … 1255 1260 } 1256 1261 1257 if (rep && !parserState.inited())1262 if (rep != NULL && !parserState.inited()) 1258 1263 parserState.init(this); 1259 1264 … … 1394 1399 debugs(86, 5, HERE << "Freeing for this=" << this); 1395 1400 1396 HTTPMSGUNLOCK(rep);1401 rep = NULL; // refcounted 1397 1402 1398 1403 finishChildren (); -
squid-ssl/trunk/fuentes/src/icmp/Icmp6.cc
r5499 r5502 257 257 258 258 ip = (struct ip6_hdr *) pkt; 259 pkt +=sizeof(ip6_hdr);259 NP: echo size needs to +sizeof(ip6_hdr); 260 260 261 261 debugs(42, DBG_CRITICAL, HERE << "ip6_nxt=" << ip->ip6_nxt << … … 268 268 269 269 icmp6header = (struct icmp6_hdr *) pkt; 270 pkt += sizeof(icmp6_hdr);271 270 272 271 if (icmp6header->icmp6_type != ICMP6_ECHO_REPLY) { … … 293 292 } 294 293 295 echo = (icmpEchoData *) pkt;294 echo = (icmpEchoData *) (pkt + sizeof(icmp6_hdr)); 296 295 297 296 preply.opcode = echo->opcode; -
squid-ssl/trunk/fuentes/src/mime_header.cc
r5499 r5502 37 37 debugs(25, 5, "mime_get_header: looking for '" << name << "'"); 38 38 39 for (p = mime; *p; p += strcspn(p, "\n \r")) {40 if (strcmp(p, "\ r\n\r\n") == 0 || strcmp(p, "\n\n") == 0)39 for (p = mime; *p; p += strcspn(p, "\n")) { 40 if (strcmp(p, "\n\r\n") == 0 || strcmp(p, "\n\n") == 0) 41 41 return NULL; 42 42 43 while (xisspace(*p))43 if (*p == '\n') 44 44 ++p; 45 45 -
squid-ssl/trunk/fuentes/src/tests/stub_cbdata.cc
r5499 r5502 14 14 15 15 void cbdataRegisterWithCacheManager(void) STUB 16 16 void *cbdataInternalAlloc(cbdata_type type, const char *, int sz) { 17 return xcalloc(1, sz); 18 } 19 void *cbdataInternalFree(void *p, const char *, int) { 20 xfree(p); 21 return NULL; 22 } 17 23 #if USE_CBDATA_DEBUG 18 24 void *cbdataInternalAllocDbg(cbdata_type type, const char *, int) STUB_RETVAL(NULL) -
squid-ssl/trunk/fuentes/src/tests/stub_mem.cc
r5499 r5502 15 15 #define STUB_API "stub_mem.cc" 16 16 #include "Mem.h" 17 #include " STUB.h"17 #include "tests/STUB.h" 18 18 19 19 void -
squid-ssl/trunk/fuentes/tools/Makefile.am
r5499 r5502 35 35 cp $(top_srcdir)/src/tests/stub_debug.cc . 36 36 37 MemBuf.cc: $(top_srcdir)/src/MemBuf.cc 38 cp $(top_srcdir)/src/MemBuf.cc $@ 39 37 40 time.cc: $(top_srcdir)/src/time.cc 38 41 cp $(top_srcdir)/src/time.cc . 42 43 stub_cbdata.cc: $(top_srcdir)/src/tests/stub_cbdata.cc 44 cp $(top_srcdir)/src/tests/stub_cbdata.cc $@ 45 46 stub_mem.cc: $(top_srcdir)/src/tests/stub_mem.cc 47 cp $(top_srcdir)/src/tests/stub_mem.cc $@ 39 48 40 49 # stock tools for unit tests - library independent versions of dlink_list … … 43 52 # Neither of these should be disted from here. 44 53 TESTSOURCES= test_tools.cc 45 CLEANFILES += test_tools.cc stub_debug.cc time.cc54 CLEANFILES += test_tools.cc MemBuf.cc stub_debug.cc time.cc stub_cbdata.cc stub_mem.cc 46 55 47 56 ## ##### helper-mux ##### … … 61 70 62 71 cachemgr__CGIEXT__SOURCES = cachemgr.cc \ 72 MemBuf.cc \ 73 stub_cbdata.cc \ 63 74 stub_debug.cc \ 75 stub_mem.cc \ 64 76 test_tools.cc \ 65 77 time.cc -
squid-ssl/trunk/fuentes/tools/cachemgr.cc
r5499 r5502 12 12 #include "html_quote.h" 13 13 #include "ip/Address.h" 14 #include "MemBuf.h" 14 15 #include "rfc1123.h" 15 16 #include "rfc1738.h" … … 424 425 } 425 426 426 static const char *427 munge_menu_line( const char *buf, cachemgr_request * req)427 static void 428 munge_menu_line(MemBuf &out, const char *buf, cachemgr_request * req) 428 429 { 429 430 char *x; … … 433 434 char *a_url; 434 435 char *buf_copy; 435 static char html[2 * 1024]; 436 437 if (strlen(buf) < 1) 438 return buf; 439 440 if (*buf != ' ') 441 return buf; 442 443 buf_copy = x = xstrdup(buf); 436 437 const char bufLen = strlen(buf); 438 if (bufLen < 1 || *buf != ' ') { 439 out.append(buf, bufLen); 440 return; 441 } 442 443 buf_copy = x = xstrndup(buf, bufLen); 444 444 445 445 a = xstrtok(&x, '\t'); … … 453 453 /* no reason to give a url for a disabled action */ 454 454 if (!strcmp(p, "disabled")) 455 snprintf(html, sizeof(html),"<LI type=\"circle\">%s (disabled)<A HREF=\"%s\">.</A>\n", d, a_url);455 out.Printf("<LI type=\"circle\">%s (disabled)<A HREF=\"%s\">.</A>\n", d, a_url); 456 456 else 457 457 /* disable a hidden action (requires a password, but password is not in squid.conf) */ 458 458 if (!strcmp(p, "hidden")) 459 snprintf(html, sizeof(html),"<LI type=\"circle\">%s (hidden)<A HREF=\"%s\">.</A>\n", d, a_url);459 out.Printf("<LI type=\"circle\">%s (hidden)<A HREF=\"%s\">.</A>\n", d, a_url); 460 460 else 461 461 /* disable link if authentication is required and we have no password */ 462 462 if (!strcmp(p, "protected") && !req->passwd) 463 snprintf(html, sizeof(html),"<LI type=\"circle\">%s (requires <a href=\"%s\">authentication</a>)<A HREF=\"%s\">.</A>\n",464 d, menu_url(req, "authenticate"), a_url);463 out.Printf("<LI type=\"circle\">%s (requires <a href=\"%s\">authentication</a>)<A HREF=\"%s\">.</A>\n", 464 d, menu_url(req, "authenticate"), a_url); 465 465 else 466 466 /* highlight protected but probably available entries */ 467 467 if (!strcmp(p, "protected")) 468 snprintf(html, sizeof(html),"<LI type=\"square\"><A HREF=\"%s\"><font color=\"#FF0000\">%s</font></A>\n",469 a_url, d);468 out.Printf("<LI type=\"square\"><A HREF=\"%s\"><font color=\"#FF0000\">%s</font></A>\n", 469 a_url, d); 470 470 471 471 /* public entry or unknown type of protection */ 472 472 else 473 snprintf(html, sizeof(html),"<LI type=\"disk\"><A HREF=\"%s\">%s</A>\n", a_url, d);473 out.Printf("<LI type=\"disk\"><A HREF=\"%s\">%s</A>\n", a_url, d); 474 474 475 475 xfree(a_url); 476 476 477 477 xfree(buf_copy); 478 479 return html; 480 } 481 482 static const char * 483 munge_other_line(const char *buf, cachemgr_request * req) 478 } 479 480 static void 481 munge_other_line(MemBuf &out, const char *buf, cachemgr_request *) 484 482 { 485 483 static const char *ttags[] = {"td", "th"}; 486 484 487 static char html[4096];488 485 static int table_line_num = 0; 489 486 static int next_is_header = 0; … … 492 489 char *buf_copy; 493 490 char *x, *p; 494 int l = 0;495 491 /* does it look like a table? */ 496 492 497 493 if (!strchr(buf, '\t') || *buf == '\t') { 498 494 /* nope, just text */ 499 snprintf(html, sizeof(html), "%s%s", 500 table_line_num ? "</table>\n<pre>" : "", html_quote(buf)); 495 if (table_line_num) 496 out.append("</table>\n<pre>", 14); 497 out.Printf("%s", html_quote(buf)); 501 498 table_line_num = 0; 502 return html;499 return; 503 500 } 504 501 505 502 /* start html table */ 506 503 if (!table_line_num) { 507 l += snprintf(html + l, sizeof(html) - l, "</pre><table cellpadding=\"2\" cellspacing=\"1\">\n");504 out.append("</pre><table cellpadding=\"2\" cellspacing=\"1\">\n", 46); 508 505 next_is_header = 0; 509 506 } … … 515 512 516 513 /* record starts */ 517 l += snprintf(html + l, sizeof(html) - l, "<tr>");514 out.append("<tr>", 4); 518 515 519 516 /* substitute '\t' */ … … 532 529 } 533 530 534 l += snprintf(html + l, sizeof(html) - l,"<%s colspan=\"%d\" align=\"%s\">%s</%s>",535 536 537 531 out.Printf("<%s colspan=\"%d\" align=\"%s\">%s</%s>", 532 ttag, column_span, 533 is_header ? "center" : is_number(cell) ? "right" : "left", 534 html_quote(cell), ttag); 538 535 } 539 536 540 537 xfree(buf_copy); 541 538 /* record ends */ 542 snprintf(html + l, sizeof(html) - l, "</tr>\n");539 out.append("</tr>\n", 6); 543 540 next_is_header = is_header && strstr(buf, "\t\t"); 544 541 ++table_line_num; 545 return html;546 542 } 547 543 … … 700 696 701 697 case isBody: 698 { 702 699 /* interpret [and reformat] cache response */ 703 700 MemBuf out; 701 out.init(); 704 702 if (parse_menu) 705 fputs(munge_menu_line(buf, req), stdout);703 munge_menu_line(out, buf, req); 706 704 else 707 fputs(munge_other_line(buf, req), stdout); 708 709 break; 705 munge_other_line(out, buf, req); 706 707 fputs(out.buf, stdout); 708 } 709 break; 710 710 711 711 case isForward:
Note: See TracChangeset
for help on using the changeset viewer.