diff -ruN squid-2.6.STABLE7/ChangeLog squid-2.6.STABLE8/ChangeLog --- squid-2.6.STABLE7/ChangeLog Sat Jan 13 09:19:58 2007 +++ squid-2.6.STABLE8/ChangeLog Sun Jan 21 03:26:43 2007 @@ -1,3 +1,22 @@ +Changes to squid-2.6.STABLE8 (Jan 21 2007) + + - Bug #1873: authenticateNTLMFixErrorHeader: state 4. + - Document the https_port vhost option, useful in combination with + a wildcard certificate + - Document the existence of connection pinning / forwarding of NTLM + auth and a few other features overlooked in the release notes. + - Spelling correction of the ssl cache_peer option + - Add back the optional "accel" http_port option. Makes accelerator + mode configurations easier to read. + - Bug #1872: Date parsing error causing objects to get unexpectedly + cached. + - Cleanup to have the access.log tags autogenerated from enums.h + - Bug #1783: STALE: Entry's timestamp greater than check time. Clock + going backwards? + - Don't update object timestamps on a failed revalidation. + - Fix how ftp://user@host URLs is rendered when Squid is built with + leak checking enabled + Changes to squid-2.6.STABLE7 (Jan 13 2007) - Windows port: Fix intermittent build error using Visual Studio diff -ruN squid-2.6.STABLE7/RELEASENOTES.html squid-2.6.STABLE8/RELEASENOTES.html --- squid-2.6.STABLE7/RELEASENOTES.html Sat Jan 13 09:22:42 2007 +++ squid-2.6.STABLE8/RELEASENOTES.html Sun Jan 21 03:30:36 2007 @@ -2,12 +2,12 @@ - Squid 2.6.STABLE7 release notes + Squid 2.6.STABLE8 release notes -

Squid 2.6.STABLE7 release notes

+

Squid 2.6.STABLE8 release notes

-

Squid Developers

$Id: release-2.6.html,v 1.40 2007/01/13 16:19:58 hno Exp $ +

Squid Developers

$Id: release-2.6.html,v 1.44.2.1 2007/01/21 10:26:44 hno Exp $
This document contains the release notes for version 2.6 of Squid. Squid is a WWW Cache application developed by the Web Caching community. @@ -48,6 +48,9 @@

12. Key changes squid-2.6.STABLE6 to 2.6.STABLE7

+

+

13. Key changes squid-2.6.STABLE7 to 2.6.STABLE8

+

1. Key changes from squid 2.5

@@ -108,6 +111,17 @@
  • HTCP significantly cleaned up and added support for the CLR operation to purge contents from the cache
  • Support for parsing X-Forwarded-For headers allowing access controls to be based on the real client IP even if behind secondary proxies
    • +
  • Support for proxying of Microsoft Integrated Login (NTLM & Negotiate) connection oriented authentication schemes, enabling access to servers or proxies using such authentication methods.
    • +
  • Support for the Linux TPROXY patch allowing Squid to masquerade using the clients original IP address
    • +
  • urlgroups, tagging URLs for redirection and access controls, and divides the cache allowing different users to get different results for the same URL.
    • +
  • Optional automatic monotoring of cache peers and configured origin servers
    • +
  • SSL client support, allowing both http->https gatewaying and SSL encrypted peers (both origin servers and proxies).
    • +
  • Full ETag/Vary based caching, allowing efficient caching of server driven content negotiation.
    • +
  • Customizable access log format
    • +
  • Selective access logging, and ability to log to more than access log possibly in different formats
    • +
  • New more efficient helper protocol allowing for multiple concurrent lookups to the same helper
    • +
  • Ability to rewrite Location headers (redirects sent by servers)
    • +

  • @@ -117,6 +131,7 @@
    http_port

    Now takes a list of options in addition to the port address, specifying the purpose of this http_port. Default is plain Internet proxy as usual.

    httpd_accel_* for transparent proxy

    Now implemented by the "transparent" http_port option

    +
    httpd_accel_* for accelerator mode

    Nov implemented by other options. See individual directives below.

    httpd_accel_host

    Replaced by defaultsite http_port option and cache_peer originserver option.

    httpd_accel_port

    No longer needed. Server port defined by the cache_peer port.

    httpd_accel_uses_host_header

    Replaced by vhost http_port option

    @@ -146,7 +161,7 @@
    auth_param negotiate

    New Negotiate authentication scheme, the "next generation" scheme in the family of Microsoft authentication.

    external_acl_type

    Many new format options %SRCPORT, %MYADDR, %MYPORT, %PATH, %USER_CERT, %ACL, %DATA and a few variants. Helper protocol defaults to the simpler "3.0" protocol, and there is support for a highly efficient protocol via the concurrency= option if supported by the helper.

    refresh_pattern

    Several new HTTP override/ignore options

    -
    read_ahead_gap

    New directive to set the response buffer size.

    +
    read_ahead_gap

    New directive to set the response buffer size.

    collapsed_forwarding

    New directive to enable an alternative optimized forwarding path when there is very many concurrent requests for the same URL.

    refresh_stale_hit

    New directive similar to collapsed_forwarding and activates an alternative optimized request processing when there is very many concurrent requests for the same recently expired URL.

    acl urlgroup

    New acl class

    @@ -165,7 +180,8 @@
    minimum_expiry_time

    tune the magic 60 seconds limit of what is considered cachable when the object doesn't have any cache validators. (2.6.STABLE2)

    wccp2_rebuild_wait

    make Squid delay registering with a WCCP router until store rebuild have finished. Default on. (2.6.STABLE2)

    wccp2_weight

    Cache server load weigth in the cluster. (2.6.STABLE4)

    - +
    check_hostnames

    Control if Squid should check the sanity of host names before trying to look them up in DNS

    +
    allow_underscores

    Control if _ is to be considered a valid character in hostnames or not

    @@ -184,7 +200,6 @@

    + +

    13. Key changes squid-2.6.STABLE7 to 2.6.STABLE8

    + +

    +

    +

    + diff -ruN squid-2.6.STABLE7/configure squid-2.6.STABLE8/configure --- squid-2.6.STABLE7/configure Sat Jan 13 09:22:10 2007 +++ squid-2.6.STABLE8/configure Sun Jan 21 03:30:04 2007 @@ -1,7 +1,7 @@ #! /bin/sh -# From configure.in Revision: 1.416 . +# From configure.in Revision: 1.416.2.1 . # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.59 for Squid Web Proxy 2.6.STABLE7. +# Generated by GNU Autoconf 2.59 for Squid Web Proxy 2.6.STABLE8. # # Report bugs to . # @@ -270,8 +270,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='2.6.STABLE7' -PACKAGE_STRING='Squid Web Proxy 2.6.STABLE7' +PACKAGE_VERSION='2.6.STABLE8' +PACKAGE_STRING='Squid Web Proxy 2.6.STABLE8' PACKAGE_BUGREPORT='http://www.squid-cache.org/bugs/' ac_default_prefix=/usr/local/squid @@ -781,7 +781,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 2.6.STABLE7 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 2.6.STABLE8 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -847,7 +847,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 2.6.STABLE7:";; + short | recursive ) echo "Configuration of Squid Web Proxy 2.6.STABLE8:";; esac cat <<\_ACEOF @@ -1158,7 +1158,7 @@ test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 2.6.STABLE7 +Squid Web Proxy configure 2.6.STABLE8 generated by GNU Autoconf 2.59 Copyright (C) 2003 Free Software Foundation, Inc. @@ -1172,7 +1172,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 2.6.STABLE7, which was +It was created by Squid Web Proxy $as_me 2.6.STABLE8, which was generated by GNU Autoconf 2.59. Invocation command line was $ $0 $@ @@ -1818,7 +1818,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='2.6.STABLE7' + VERSION='2.6.STABLE8' cat >>confdefs.h <<_ACEOF @@ -18494,7 +18494,7 @@ } >&5 cat >&5 <<_CSEOF -This file was extended by Squid Web Proxy $as_me 2.6.STABLE7, which was +This file was extended by Squid Web Proxy $as_me 2.6.STABLE8, which was generated by GNU Autoconf 2.59. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -18557,7 +18557,7 @@ cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -Squid Web Proxy config.status 2.6.STABLE7 +Squid Web Proxy config.status 2.6.STABLE8 configured by $0, generated by GNU Autoconf 2.59, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" diff -ruN squid-2.6.STABLE7/configure.in squid-2.6.STABLE8/configure.in --- squid-2.6.STABLE7/configure.in Sat Jan 13 09:22:10 2007 +++ squid-2.6.STABLE8/configure.in Sun Jan 21 03:30:04 2007 @@ -1,16 +1,16 @@ dnl dnl Configuration input file for Squid dnl -dnl $Id: configure.in,v 1.416 2007/01/13 16:11:40 hno Exp $ +dnl $Id: configure.in,v 1.416.2.1 2007/01/21 04:43:22 hno Exp $ dnl dnl dnl -AC_INIT(Squid Web Proxy, 2.6.STABLE7, http://www.squid-cache.org/bugs/, squid) +AC_INIT(Squid Web Proxy, 2.6.STABLE8, http://www.squid-cache.org/bugs/, squid) AC_PREREQ(2.52) AM_CONFIG_HEADER(include/autoconf.h) AC_CONFIG_AUX_DIR(cfgaux) AM_INIT_AUTOMAKE -AC_REVISION($Revision: 1.416 $)dnl +AC_REVISION($Revision: 1.416.2.1 $)dnl AC_PREFIX_DEFAULT(/usr/local/squid) AM_MAINTAINER_MODE diff -ruN squid-2.6.STABLE7/include/version.h squid-2.6.STABLE8/include/version.h --- squid-2.6.STABLE7/include/version.h Sat Jan 13 09:22:10 2007 +++ squid-2.6.STABLE8/include/version.h Sun Jan 21 03:30:04 2007 @@ -9,5 +9,5 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1168705326 +#define SQUID_RELEASE_TIME 1169375401 #endif diff -ruN squid-2.6.STABLE7/lib/rfc1123.c squid-2.6.STABLE8/lib/rfc1123.c --- squid-2.6.STABLE7/lib/rfc1123.c Wed Nov 29 08:54:58 2006 +++ squid-2.6.STABLE8/lib/rfc1123.c Thu Jan 18 16:25:41 2007 @@ -1,6 +1,6 @@ /* - * $Id: rfc1123.c,v 1.36 2006/11/29 15:54:58 hno Exp $ + * $Id: rfc1123.c,v 1.37 2007/01/18 23:25:41 hno Exp $ * * DEBUG: * AUTHOR: Harvest Derived @@ -119,7 +119,7 @@ return 0; if (tm->tm_mon < 0 || tm->tm_mon > 11) return 0; - return mktime(tm) != -1; + return 1; } static struct tm * @@ -219,14 +219,14 @@ t = timegm(tm); #elif HAVE_TM_GMTOFF t = mktime(tm); - { + if (t != -1) { struct tm *local = localtime(&t); t += local->tm_gmtoff; } #else /* some systems do not have tm_gmtoff so we fake it */ t = mktime(tm); - { + if (t != -1) { time_t dst = 0; #if defined (_TIMEZONE) #elif defined (_timezone) diff -ruN squid-2.6.STABLE7/src/HttpHeader.c squid-2.6.STABLE8/src/HttpHeader.c --- squid-2.6.STABLE7/src/HttpHeader.c Tue Nov 28 22:31:48 2006 +++ squid-2.6.STABLE8/src/HttpHeader.c Sun Jan 21 03:26:44 2007 @@ -1,6 +1,6 @@ /* - * $Id: HttpHeader.c,v 1.90 2006/11/29 05:31:48 adrian Exp $ + * $Id: HttpHeader.c,v 1.91.2.1 2007/01/21 10:26:44 hno Exp $ * * DEBUG: section 55 HTTP Header * AUTHOR: Alex Rousskov diff -ruN squid-2.6.STABLE7/src/access_log.c squid-2.6.STABLE8/src/access_log.c --- squid-2.6.STABLE7/src/access_log.c Sat Nov 4 08:39:26 2006 +++ squid-2.6.STABLE8/src/access_log.c Thu Jan 18 17:19:26 2007 @@ -1,6 +1,6 @@ /* - * $Id: access_log.c,v 1.94 2006/11/04 15:39:26 hno Exp $ + * $Id: access_log.c,v 1.95 2007/01/19 00:19:26 hno Exp $ * * DEBUG: section 46 Access Log * AUTHOR: Duane Wessels @@ -46,33 +46,6 @@ static void mcast_encode(unsigned int *, size_t, const unsigned int *); #endif -const char *log_tags[] = -{ - "NONE", - "TCP_HIT", - "TCP_MISS", - "TCP_REFRESH_HIT", - "TCP_REF_FAIL_HIT", - "TCP_REFRESH_MISS", - "TCP_CLIENT_REFRESH_MISS", - "TCP_IMS_HIT", - "TCP_SWAPFAIL_MISS", - "TCP_NEGATIVE_HIT", - "TCP_MEM_HIT", - "TCP_DENIED", - "TCP_OFFLINE_HIT", -#if LOG_TCP_REDIRECTS - "TCP_REDIRECT", -#endif - "UDP_HIT", - "UDP_MISS", - "UDP_DENIED", - "UDP_INVALID", - "UDP_MISS_NOFETCH", - "ICP_QUERY", - "LOG_TYPE_MAX" -}; - #if FORW_VIA_DB typedef struct { hash_link hash; @@ -1233,7 +1206,6 @@ accessLogInit(void) { customlog *log; - assert(sizeof(log_tags) == (LOG_TYPE_MAX + 1) * sizeof(char *)); for (log = Config.Log.accesslogs; log; log = log->next) { if (log->type == CLF_NONE) continue; diff -ruN squid-2.6.STABLE7/src/auth/negotiate/auth_negotiate.c squid-2.6.STABLE8/src/auth/negotiate/auth_negotiate.c --- squid-2.6.STABLE7/src/auth/negotiate/auth_negotiate.c Wed Jan 3 05:17:29 2007 +++ squid-2.6.STABLE8/src/auth/negotiate/auth_negotiate.c Sat Jan 20 14:13:28 2007 @@ -1,6 +1,6 @@ /* - * $Id: auth_negotiate.c,v 1.6 2007/01/03 12:17:29 hno Exp $ + * $Id: auth_negotiate.c,v 1.7 2007/01/20 21:13:28 hno Exp $ * * DEBUG: section 29 Negotiate Authenticator * AUTHOR: Robert Collins @@ -340,6 +340,7 @@ request->flags.must_keepalive = 1; break; case AUTHENTICATE_STATE_FINISHED: + case AUTHENTICATE_STATE_DONE: /* Special case when authentication finished, but not allowed by ACL */ if (negotiate_request->server_blob) { debug(29, 9) ("authenticateNegotiateFixErrorHeader: Sending type:%d header: 'Negotiate %s'\n", type, negotiate_request->server_blob); @@ -347,6 +348,7 @@ safe_free(negotiate_request->server_blob); } else { debug(29, 9) ("authenticateNegotiateFixErrorHeader: Connection authenticated\n"); + httpHeaderPutStrf(&rep->header, type, "Negotiate"); } break; default: @@ -369,7 +371,7 @@ type = accel ? HDR_WWW_AUTHENTICATE : HDR_PROXY_AUTHENTICATE; - debug(29, 9) ("authenticateNegotiateFixErrorHeader: Sending type:%d header: 'Negotiate %s'\n", type, negotiate_request->server_blob); + debug(29, 9) ("authenticateNegotiateAddHeader: Sending type:%d header: 'Negotiate %s'\n", type, negotiate_request->server_blob); httpHeaderPutStrf(&rep->header, type, "Negotiate %s", negotiate_request->server_blob); safe_free(negotiate_request->server_blob); } diff -ruN squid-2.6.STABLE7/src/auth/ntlm/auth_ntlm.c squid-2.6.STABLE8/src/auth/ntlm/auth_ntlm.c --- squid-2.6.STABLE7/src/auth/ntlm/auth_ntlm.c Wed Jan 3 05:17:30 2007 +++ squid-2.6.STABLE8/src/auth/ntlm/auth_ntlm.c Sat Jan 20 14:13:28 2007 @@ -1,6 +1,6 @@ /* - * $Id: auth_ntlm.c,v 1.36 2007/01/03 12:17:30 hno Exp $ + * $Id: auth_ntlm.c,v 1.37 2007/01/20 21:13:28 hno Exp $ * * DEBUG: section 29 NTLM Authenticator * AUTHOR: Robert Collins @@ -333,6 +333,7 @@ request->flags.must_keepalive = 1; break; case AUTHENTICATE_STATE_FINISHED: + case AUTHENTICATE_STATE_DONE: /* Special case when authentication finished, but not allowed by ACL */ debug(29, 9) ("authenticateNTLMFixErrorHeader: Sending type:%d header: 'NTLM'\n", type); httpHeaderPutStrf(&rep->header, type, "NTLM"); diff -ruN squid-2.6.STABLE7/src/cache_cf.c squid-2.6.STABLE8/src/cache_cf.c --- squid-2.6.STABLE7/src/cache_cf.c Tue Jan 9 03:24:41 2007 +++ squid-2.6.STABLE8/src/cache_cf.c Thu Jan 18 16:19:14 2007 @@ -1,6 +1,6 @@ /* - * $Id: cache_cf.c,v 1.462 2007/01/09 10:24:41 hno Exp $ + * $Id: cache_cf.c,v 1.463 2007/01/18 23:19:14 hno Exp $ * * DEBUG: section 3 Configuration File Parsing * AUTHOR: Harvest Derived @@ -2738,6 +2738,8 @@ } else if (strncmp(token, "vport=", 6) == 0) { s->vport = xatos(token + 6); s->accel = 1; + } else if (strcmp(token, "accel") == 0) { + s->accel = 1; } else if (strcmp(token, "no-connection-auth") == 0) { s->no_connection_auth = 1; } else if (strncmp(token, "urlgroup=", 9) == 0) { @@ -2752,10 +2754,19 @@ } else { self_destruct(); } +} + +static void +verify_http_port_options(http_port_list * s) +{ if (s->accel && s->transparent) { debug(28, 0) ("Can't be both a transparent proxy and web server accelerator on the same port\n"); self_destruct(); } + if (s->accel && !s->vhost && !s->defaultsite && !s->vport) { + debug(28, 0) ("Accelerator mode requires at least one of vhost/vport/defaultsite\n"); + self_destruct(); + } } static void @@ -2790,6 +2801,7 @@ while ((token = strtok(NULL, w_space))) { parse_http_port_option(s, token); } + verify_http_port_options(s); while (*head) head = &(*head)->next; *head = s; @@ -2802,14 +2814,22 @@ n, inet_ntoa(s->s.sin_addr), ntohs(s->s.sin_port)); - if (s->defaultsite) - storeAppendPrintf(e, " defaultsite=%s", s->defaultsite); if (s->transparent) storeAppendPrintf(e, " transparent"); + if (s->accel) + storeAppendPrintf(e, " accel"); + if (s->defaultsite) + storeAppendPrintf(e, " defaultsite=%s", s->defaultsite); if (s->vhost) storeAppendPrintf(e, " vhost"); - if (s->vport) + if (s->vport == ntohs(s->s.sin_port)) storeAppendPrintf(e, " vport"); + else if (s->vport) + storeAppendPrintf(e, " vport=%d", s->vport); + if (s->urlgroup) + storeAppendPrintf(e, " urlgroup=%s", s->urlgroup); + if (s->protocol) + storeAppendPrintf(e, " protocol=%s", s->protocol); if (s->no_connection_auth) storeAppendPrintf(e, " no-connection-auth"); #if LINUX_TPROXY @@ -2914,6 +2934,7 @@ parse_http_port_option(&s->http, token); } } + verify_http_port_options(&s->http); while (*head) head = (https_port_list **) (void *) (&(*head)->http.next); s->sslContext = sslCreateServerContext(s->cert, s->key, s->version, s->cipher, s->options, s->sslflags, s->clientca, s->cafile, s->capath, s->crlfile, s->dhfile, s->sslcontext); diff -ruN squid-2.6.STABLE7/src/cf.data.pre squid-2.6.STABLE8/src/cf.data.pre --- squid-2.6.STABLE7/src/cf.data.pre Sat Jan 13 09:06:42 2007 +++ squid-2.6.STABLE8/src/cf.data.pre Fri Jan 19 15:03:03 2007 @@ -1,6 +1,6 @@ # -# $Id: cf.data.pre,v 1.380 2007/01/13 16:06:42 hno Exp $ +# $Id: cf.data.pre,v 1.382 2007/01/19 22:03:03 hno Exp $ # # # SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -83,23 +83,37 @@ You may specify multiple socket addresses on multiple lines. options are: + transparent Support for transparent interception of outgoing requests without browser settings + + accel Accelerator mode. Also needs at least one + of vhost/vport/defaultsite. + + defaultsite= Main web site name for accelerators. Implies + accel. + vhost Accelerator using the Host header for - virtual domain support. - vport Accelerator with IP based virtual host support + virtual domain support. Implies accel. + + vport Accelerator with IP based virtual host support. + Implies accel. + vport= As above, but uses specified port number - rather than the http_port number. - defaultsite= Main web site name for accelerators. + rather than the http_port number. Implies accel. + urlgroup= Default urlgroup to mark requests with (see also acl urlgroup and url_rewrite_program) + protocol= Protocol to reconstruct accelerated requests with. Defaults to http. + no-connection-auth Prevent forwarding of Microsoft connection oriented authentication (NTLM, Negotiate and Kerberos) + tproxy Support Linux TPROXY for spoofing outgoing connections using the client IP address. @@ -135,8 +149,16 @@ Options: + accel Accelerator mode. Also needs at least one of + defaultsite or vhost. + defaultsite= The name of the https site presented on - this port. + this port. Implies accel. + + vhost Domain based virtual host support. Useful + in combination with a wildcard certificate or + other certificates valid for more than one domain. + Implies accel. urlgroup= Default urlgroup to mark requests with (see also acl urlgroup and url_rewrite_program) @@ -596,7 +618,7 @@ is not feasible. use 'ssl' to indicate that connections to this peer should - bs SSL/TLS encrypted. + be SSL/TLS encrypted. use 'sslcert=/path/to/ssl/certificate' to specify a client SSL certificate to use when connecting to this peer. diff -ruN squid-2.6.STABLE7/src/client_side.c squid-2.6.STABLE8/src/client_side.c --- squid-2.6.STABLE7/src/client_side.c Sat Jan 6 10:22:45 2007 +++ squid-2.6.STABLE8/src/client_side.c Sun Jan 21 03:26:44 2007 @@ -1,6 +1,6 @@ /* - * $Id: client_side.c,v 1.690 2007/01/06 17:22:45 hno Exp $ + * $Id: client_side.c,v 1.693.2.1 2007/01/21 10:26:44 hno Exp $ * * DEBUG: section 33 Client-side Routines * AUTHOR: Duane Wessels @@ -983,12 +983,14 @@ oldentry->mem_obj->request = requestLink(mem->request); unlink_request = 1; } - /* Don't memcpy() the whole reply structure here. For example, - * www.thegist.com (Netscape/1.13) returns a content-length for - * 304's which seems to be the length of the 304 HEADERS!!! and - * not the body they refer to. */ - httpReplyUpdateOnNotModified(oldentry->mem_obj->reply, mem->reply); - storeTimestampsSet(oldentry); + if (mem->reply->sline.status == HTTP_NOT_MODIFIED) { + /* Don't memcpy() the whole reply structure here. For example, + * www.thegist.com (Netscape/1.13) returns a content-length for + * 304's which seems to be the length of the 304 HEADERS!!! and + * not the body they refer to. */ + httpReplyUpdateOnNotModified(oldentry->mem_obj->reply, mem->reply); + storeTimestampsSet(oldentry); + } storeClientUnregister(http->sc, entry, http); http->sc = http->old_sc; storeUnlockObject(entry); @@ -1663,6 +1665,8 @@ /* this should be a bitmap for better optimization */ if (code == LOG_TCP_HIT) return 1; + if (code == LOG_TCP_STALE_HIT) + return 1; if (code == LOG_TCP_IMS_HIT) return 1; if (code == LOG_TCP_REFRESH_FAIL_HIT) @@ -2058,6 +2062,7 @@ MemObject *mem; request_t *r = http->request; int is_modified = -1; + int stale; debug(33, 3) ("clientCacheHit: %s, %d bytes\n", http->uri, (int) size); http->flags.hit = 0; if (http->entry == NULL) { @@ -2171,10 +2176,6 @@ } return; } - if (Config.refresh_stale_window > 0 && e->mem_obj && e->mem_obj->refresh_timestamp + Config.refresh_stale_window > squid_curtime && !refreshCheckHTTPStale(e, r)) { - debug(33, 2) ("clientProcessHit: refresh_stale HIT\n"); - goto hit; - } if (httpHeaderHas(&r->header, HDR_IF_MATCH)) { String req_etags; const char *rep_etag = httpHeaderGetStr(&e->mem_obj->reply->header, HDR_ETAG); @@ -2192,14 +2193,74 @@ stringClean(&req_etags); if (!has_etag) { /* The entity tags does not match. This cannot be a - * hit for this object. Qyery the origin. + * hit for this object. Query the origin. */ http->log_type = LOG_TCP_MISS; clientProcessMiss(http); return; } } - if (!Config.onoff.offline && refreshCheckHTTP(e, r) && !http->flags.internal) { + if (httpHeaderHas(&r->header, HDR_IF_NONE_MATCH)) { + String req_etags; + const char *rep_etag = httpHeaderGetStr(&e->mem_obj->reply->header, HDR_ETAG); + int has_etag; + if (mem->reply->sline.status != HTTP_OK) { + debug(33, 4) ("clientCacheHit: Reply code %d != 200\n", + mem->reply->sline.status); + http->log_type = LOG_TCP_MISS; + clientProcessMiss(http); + return; + } + if (rep_etag) { + req_etags = httpHeaderGetList(&http->request->header, HDR_IF_NONE_MATCH); + has_etag = strListIsMember(&req_etags, rep_etag, ','); + stringClean(&req_etags); + if (has_etag) { + debug(33, 4) ("clientCacheHit: If-None-Match matches\n"); + is_modified = 0; + } else { + debug(33, 4) ("clientCacheHit: If-None-Match mismatch\n"); + if (is_modified == -1) + is_modified = 1; + } + } + } + if (r->flags.ims) { + /* + * Handle If-Modified-Since requests from the client + */ + if (mem->reply->sline.status != HTTP_OK) { + debug(33, 4) ("clientCacheHit: Reply code %d != 200\n", + mem->reply->sline.status); + http->log_type = LOG_TCP_MISS; + clientProcessMiss(http); + return; + } + if (modifiedSince(e, http->request)) { + debug(33, 4) ("clientCacheHit: If-Modified-Since not modified\n"); + is_modified = 0; + } else { + debug(33, 4) ("clientCacheHit: If-Modified-Since modified\n"); + if (is_modified == -1) + is_modified = 1; + } + } + stale = refreshCheckHTTPStale(e, r); + if (stale == 0) { + debug(33, 2) ("clientProcessHit: HIT\n"); + } else if (stale == -1 && Config.refresh_stale_window > 0 && e->mem_obj->refresh_timestamp + Config.refresh_stale_window > squid_curtime) { + debug(33, 2) ("clientProcessHit: refresh_stale HIT\n"); + http->log_type = LOG_TCP_STALE_HIT; + stale = 0; + } else if (stale && http->flags.internal) { + debug(33, 2) ("clientProcessHit: internal HIT\n"); + stale = 0; + } else if (stale && Config.onoff.offline) { + debug(33, 2) ("clientProcessHit: offline HIT\n"); + http->log_type = LOG_TCP_OFFLINE_HIT; + stale = 0; + } + if (stale) { debug(33, 5) ("clientCacheHit: in refreshCheck() block\n"); /* * We hold a stale copy; it needs to be validated @@ -2229,69 +2290,11 @@ */ http->log_type = LOG_TCP_CLIENT_REFRESH_MISS; clientProcessMiss(http); - } else if (r->protocol == PROTO_HTTP) { - /* - * Object needs to be revalidated - * XXX This could apply to FTP as well, if Last-Modified is known. - */ - http->log_type = LOG_TCP_REFRESH_MISS; - clientProcessExpired(http); } else { - /* - * We don't know how to re-validate other protocols. Handle - * them as if the object has expired. - */ - http->log_type = LOG_TCP_MISS; - clientProcessMiss(http); + clientProcessExpired(http); } return; } - hit: - if (httpHeaderHas(&r->header, HDR_IF_NONE_MATCH)) { - String req_etags; - const char *rep_etag = httpHeaderGetStr(&e->mem_obj->reply->header, HDR_ETAG); - int has_etag; - if (mem->reply->sline.status != HTTP_OK) { - debug(33, 4) ("clientCacheHit: Reply code %d != 200\n", - mem->reply->sline.status); - http->log_type = LOG_TCP_MISS; - clientProcessMiss(http); - return; - } - if (!rep_etag) { - /* The cached object does not have a entity tag, but the client - * obviously thinks there should be one... Query the origin to - * be on the safe side. - */ - http->log_type = LOG_TCP_MISS; - clientProcessMiss(http); - return; - } - req_etags = httpHeaderGetList(&http->request->header, HDR_IF_NONE_MATCH); - has_etag = strListIsMember(&req_etags, rep_etag, ','); - stringClean(&req_etags); - if (has_etag) { - http->log_type = LOG_TCP_IMS_HIT; - is_modified = 0; - } - } - if (is_modified != 0 && r->flags.ims) { - /* - * Handle If-Modified-Since requests from the client - */ - if (mem->reply->sline.status != HTTP_OK) { - debug(33, 4) ("clientCacheHit: Reply code %d != 200\n", - mem->reply->sline.status); - http->log_type = LOG_TCP_MISS; - clientProcessMiss(http); - return; - } else if (modifiedSince(e, http->request)) { - http->log_type = LOG_TCP_IMS_HIT; - clientSendMoreHeaderData(data, buf, size); - return; - } - is_modified = 0; - } if (is_modified == 0) { time_t timestamp = e->timestamp; MemBuf mb = httpPacked304Reply(e->mem_obj->reply); @@ -2317,10 +2320,8 @@ */ if (e->store_status != STORE_OK) http->log_type = LOG_TCP_MISS; - else if (e->mem_status == IN_MEMORY) + else if (http->log_type == LOG_TCP_HIT && e->mem_status == IN_MEMORY) http->log_type = LOG_TCP_MEM_HIT; - else if (Config.onoff.offline) - http->log_type = LOG_TCP_OFFLINE_HIT; clientSendMoreHeaderData(data, buf, size); } diff -ruN squid-2.6.STABLE7/src/enums.h squid-2.6.STABLE8/src/enums.h --- squid-2.6.STABLE7/src/enums.h Sat Sep 30 15:10:48 2006 +++ squid-2.6.STABLE8/src/enums.h Sun Jan 21 03:26:44 2007 @@ -1,6 +1,6 @@ /* - * $Id: enums.h,v 1.235 2006/09/30 21:10:48 hno Exp $ + * $Id: enums.h,v 1.237.2.1 2007/01/21 10:26:44 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -51,6 +51,7 @@ #if LOG_TCP_REDIRECTS LOG_TCP_REDIRECT, #endif + LOG_TCP_STALE_HIT, LOG_UDP_HIT, LOG_UDP_MISS, LOG_UDP_DENIED, diff -ruN squid-2.6.STABLE7/src/errorpage.c squid-2.6.STABLE8/src/errorpage.c --- squid-2.6.STABLE7/src/errorpage.c Mon Nov 6 19:59:27 2006 +++ squid-2.6.STABLE8/src/errorpage.c Thu Jan 18 17:21:01 2007 @@ -1,6 +1,6 @@ /* - * $Id: errorpage.c,v 1.189 2006/11/07 02:59:27 hno Exp $ + * $Id: errorpage.c,v 1.190 2007/01/19 00:21:01 hno Exp $ * * DEBUG: section 4 Error Generation * AUTHOR: Duane Wessels @@ -324,10 +324,10 @@ authenticateFixHeader(rep, err->auth_user_request, err->request, 0, 1); httpReplySwapOut(rep, entry); EBIT_CLR(entry->flags, ENTRY_FWD_HDR_WAIT); - storeBufferFlush(entry); - storeComplete(entry); storeNegativeCache(entry); storeReleaseRequest(entry); + storeBufferFlush(entry); + storeComplete(entry); storeUnlockObject(entry); errorStateFree(err); } diff -ruN squid-2.6.STABLE7/src/forward.c squid-2.6.STABLE8/src/forward.c --- squid-2.6.STABLE7/src/forward.c Sat Jan 6 10:22:45 2007 +++ squid-2.6.STABLE8/src/forward.c Thu Jan 18 17:21:01 2007 @@ -1,6 +1,6 @@ /* - * $Id: forward.c,v 1.119 2007/01/06 17:22:45 hno Exp $ + * $Id: forward.c,v 1.120 2007/01/19 00:21:01 hno Exp $ * * DEBUG: section 17 Request Forwarding * AUTHOR: Duane Wessels @@ -106,8 +106,8 @@ fwdState->err = NULL; } else { EBIT_CLR(e->flags, ENTRY_FWD_HDR_WAIT); - storeComplete(e); storeReleaseRequest(e); + storeComplete(e); } } if (EBIT_TEST(e->flags, ENTRY_DEFER_READ)) diff -ruN squid-2.6.STABLE7/src/ftp.c squid-2.6.STABLE8/src/ftp.c --- squid-2.6.STABLE7/src/ftp.c Mon Jan 1 14:38:39 2007 +++ squid-2.6.STABLE8/src/ftp.c Thu Jan 18 17:52:49 2007 @@ -1,6 +1,6 @@ /* - * $Id: ftp.c,v 1.341 2007/01/01 21:38:39 hno Exp $ + * $Id: ftp.c,v 1.342 2007/01/19 00:52:49 hno Exp $ * * DEBUG: section 9 File Transfer Protocol (FTP) * AUTHOR: Harvest Derived @@ -2624,7 +2624,7 @@ ftpUrlWith2f(const request_t * request) { LOCAL_ARRAY(char, buf, MAX_URL); - LOCAL_ARRAY(char, loginbuf, MAX_LOGIN_SZ + 1); + LOCAL_ARRAY(char, loginbuf, MAX_LOGIN_SZ + 2); LOCAL_ARRAY(char, portbuf, 32); char *t; portbuf[0] = '\0'; @@ -2634,7 +2634,7 @@ snprintf(portbuf, 32, ":%d", request->port); loginbuf[0] = '\0'; if ((int) strlen(request->login) > 0) { - xstrncpy(loginbuf, request->login, sizeof(loginbuf) - 2); + xstrncpy(loginbuf, request->login, MAX_LOGIN_SZ); if ((t = strchr(loginbuf, ':'))) *t = '\0'; strcat(loginbuf, "@"); diff -ruN squid-2.6.STABLE7/src/globals.h squid-2.6.STABLE8/src/globals.h --- squid-2.6.STABLE7/src/globals.h Mon Sep 25 13:31:34 2006 +++ squid-2.6.STABLE8/src/globals.h Thu Jan 18 17:19:26 2007 @@ -1,6 +1,6 @@ /* - * $Id: globals.h,v 1.122 2006/09/25 19:31:34 serassio Exp $ + * $Id: globals.h,v 1.123 2007/01/19 00:19:26 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -120,10 +120,10 @@ extern unsigned long store_mem_size; /* 0 */ extern time_t hit_only_mode_until; /* 0 */ extern StatCounters statCounter; -extern char *err_type_str[]; -extern char *icp_opcode_str[]; -extern char *swap_log_op_str[]; -extern char *lookup_t_str[]; +extern const char *err_type_str[]; +extern const char *icp_opcode_str[]; +extern const char *swap_log_op_str[]; +extern const char *lookup_t_str[]; extern double request_failure_ratio; /* 0.0 */ extern double current_dtime; extern int store_hash_buckets; /* 0 */ diff -ruN squid-2.6.STABLE7/src/http.c squid-2.6.STABLE8/src/http.c --- squid-2.6.STABLE7/src/http.c Mon Oct 23 15:34:17 2006 +++ squid-2.6.STABLE8/src/http.c Sun Jan 21 03:26:44 2007 @@ -1,6 +1,6 @@ /* - * $Id: http.c,v 1.418 2006/10/23 21:34:17 hno Exp $ + * $Id: http.c,v 1.419.2.2 2007/01/21 10:26:44 hno Exp $ * * DEBUG: section 11 Hypertext Transfer Protocol (HTTP) * AUTHOR: Harvest Derived diff -ruN squid-2.6.STABLE7/src/mk-string-arrays.pl squid-2.6.STABLE8/src/mk-string-arrays.pl --- squid-2.6.STABLE7/src/mk-string-arrays.pl Tue Apr 7 17:31:51 1998 +++ squid-2.6.STABLE8/src/mk-string-arrays.pl Thu Jan 18 17:19:26 2007 @@ -1,5 +1,5 @@ #****************************************************************************** -# $Id: mk-string-arrays.pl,v 1.4 1998/04/07 23:31:51 rousskov Exp $ +# $Id: mk-string-arrays.pl,v 1.5 2007/01/19 00:19:26 hno Exp $ # # File: mk-strs.pl # @@ -16,6 +16,9 @@ $pat{'icp_opcode'} = "icp_opcode_str"; $pat{'swap_log_op'} = "swap_log_op_str"; $pat{'lookup_t'} = "lookup_t_str"; +$pat{'log_type'} = "log_tags"; + +print "#include \"squid.h\"\n"; $state = 0; # start state while (<>) { @@ -35,19 +38,27 @@ print "const char *$pat{$t}\[\] = \n"; print "{\n"; for ($i = 0; $i < $count; $i++) { - printf "\t\"%s\"%s\n", - $ea[$i], - $i == $count - 1 ? '' : ','; + if ($ea[$i] =~ /^#/) { + print $ea[$i]; + } else { + printf "\t\"%s\"%s\n", + $ea[$i], + $i == $count - 1 ? '' : ','; + } } print "};\n"; print "\n"; } $state = 0; + } elsif (/^#/) { + $ea[$count++] = $_; } else { ($e) = split(' ', $_); $e =~ s/,//; - $ea[$count] = $e; - $count++; + $e =~ s/^LOG_TAG_//; + $e =~ s/^LOG_//; + $e =~ s/^REFRESH_FAIL_HIT$/REF_FAIL_HIT/; + $ea[$count++] = $e; } next; } diff -ruN squid-2.6.STABLE7/src/neighbors.c squid-2.6.STABLE8/src/neighbors.c --- squid-2.6.STABLE7/src/neighbors.c Sat Dec 9 22:18:47 2006 +++ squid-2.6.STABLE8/src/neighbors.c Thu Jan 18 17:19:26 2007 @@ -1,6 +1,6 @@ /* - * $Id: neighbors.c,v 1.312 2006/12/10 05:18:47 hno Exp $ + * $Id: neighbors.c,v 1.313 2007/01/19 00:19:26 hno Exp $ * * DEBUG: section 15 Neighbor Routines * AUTHOR: Harvest Derived @@ -799,7 +799,7 @@ StoreEntry *entry; MemObject *mem = NULL; peer_t ntype = PEER_NONE; - char *opcode_d; + const char *opcode_d; icp_opcode opcode = (icp_opcode) header->opcode; debug(15, 6) ("neighborsUdpAck: opcode %d '%s'\n", diff -ruN squid-2.6.STABLE7/src/refresh.c squid-2.6.STABLE8/src/refresh.c --- squid-2.6.STABLE7/src/refresh.c Fri Aug 18 15:06:04 2006 +++ squid-2.6.STABLE8/src/refresh.c Thu Jan 18 17:21:01 2007 @@ -1,6 +1,6 @@ /* - * $Id: refresh.c,v 1.62 2006/08/18 21:06:04 hno Exp $ + * $Id: refresh.c,v 1.63 2007/01/19 00:21:01 hno Exp $ * * DEBUG: section 22 Refresh Calculation * AUTHOR: Harvest Derived @@ -80,6 +80,7 @@ STALE_EXPIRES, STALE_MAX_RULE, STALE_LMFACTOR_RULE, + STALE_WITHIN_DELTA, STALE_DEFAULT = 299 }; @@ -220,7 +221,7 @@ const refresh_t *R; const char *uri = NULL; time_t age = 0; - time_t check_time = squid_curtime + delta; + time_t check_time = squid_curtime; int staleness; stale_flags sf; if (entry->mem_obj) @@ -230,6 +231,8 @@ debug(22, 3) ("refreshCheck: '%s'\n", uri ? uri : ""); + if (delta > 0) + check_time += delta; if (check_time > entry->timestamp) age = check_time - entry->timestamp; R = uri ? refreshLimits(uri) : refreshUncompiledPattern("."); @@ -280,7 +283,7 @@ return STALE_EXCEEDS_REQUEST_MAX_AGE_VALUE; } } - if (EBIT_TEST(cc->mask, CC_MAX_STALE) && staleness > -1) { + if (EBIT_TEST(cc->mask, CC_MAX_STALE) && staleness >= 0) { if (cc->max_stale < 0) { /* max-stale directive without a value */ debug(22, 3) ("refreshCheck: NO: max-stale wildcard\n"); @@ -292,7 +295,7 @@ } } } - if (-1 == staleness) { + if (staleness < 0) { if (sf.expires) return FRESH_EXPIRES; assert(!sf.max); @@ -305,6 +308,9 @@ * At this point the response is stale, unless one of * the override options kicks in. */ + if (delta < 0 && staleness + delta < 0) { + return STALE_WITHIN_DELTA; + } if (sf.expires) { #if HTTP_VIOLATIONS if (R->flags.override_expire && age < R->min) { @@ -375,6 +381,8 @@ refreshCheckHTTPStale(const StoreEntry * entry, request_t * request) { int reason = refreshCheck(entry, request, -Config.refresh_stale_window); + if (reason == STALE_WITHIN_DELTA) + return -1; return (reason < 200) ? 0 : 1; } diff -ruN squid-2.6.STABLE7/src/store.c squid-2.6.STABLE8/src/store.c --- squid-2.6.STABLE7/src/store.c Sat Dec 9 22:55:17 2006 +++ squid-2.6.STABLE8/src/store.c Thu Jan 18 17:21:01 2007 @@ -1,6 +1,6 @@ /* - * $Id: store.c,v 1.569 2006/12/10 05:55:17 hno Exp $ + * $Id: store.c,v 1.570 2007/01/19 00:21:01 hno Exp $ * * DEBUG: section 20 Storage Manager * AUTHOR: Harvest Derived @@ -1308,6 +1308,7 @@ if (e->mem_obj->request) e->mem_obj->request->hier.store_complete_stop = current_time; #endif + e->mem_obj->refresh_timestamp = e->timestamp; /* * We used to call InvokeHandlers, then storeSwapOut. However, * Madhukar Reddy reported that diff -ruN squid-2.6.STABLE7/src/structs.h squid-2.6.STABLE8/src/structs.h --- squid-2.6.STABLE7/src/structs.h Wed Nov 29 08:58:52 2006 +++ squid-2.6.STABLE8/src/structs.h Sun Jan 21 03:26:44 2007 @@ -1,6 +1,6 @@ /* - * $Id: structs.h,v 1.506 2006/11/29 15:58:52 adrian Exp $ + * $Id: structs.h,v 1.507.2.1 2007/01/21 10:26:44 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/