diff -u -r -N squid-3.5.4/acinclude/ax_cxx_0x_types.m4 squid-3.5.5/acinclude/ax_cxx_0x_types.m4 --- squid-3.5.4/acinclude/ax_cxx_0x_types.m4 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/acinclude/ax_cxx_0x_types.m4 2015-05-28 04:06:38.000000000 -0700 @@ -17,8 +17,8 @@ AC_MSG_RESULT(yes)], [ HAVE_NULLPTR=no AC_MSG_RESULT(no)]) - if test "x$HAVE_NULLPTR" = xyes; then - AC_DEFINE(HAVE_NULLPTR, 1, [Define to 1 if nullptr is supported]) + if test "x$HAVE_NULLPTR" = xno; then + AC_DEFINE(nullptr, NULL, [Leave undefined if nullptr is supported]) fi AC_MSG_CHECKING([whether nullptr_t is supported]) AC_TRY_COMPILE([#include ],[typedef nullptr_t peng;], [ @@ -42,6 +42,9 @@ AC_MSG_RESULT(yes)], [ HAVE_UNIQUE_PTR=no AC_MSG_RESULT(no)]) + if test "x$HAVE_UNIQUE_PTR" = xno; then + AC_DEFINE(unique_ptr, auto_ptr, [Leave undefined if std::unique_ptr is supported]) + fi if test "x$HAVE_UNIQUE_PTR" = xyes; then AC_DEFINE(HAVE_UNIQUE_PTR, 1, [Define to 1 if std::unique_ptr is supported]) fi diff -u -r -N squid-3.5.4/ChangeLog squid-3.5.5/ChangeLog --- squid-3.5.4/ChangeLog 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/ChangeLog 2015-05-28 04:06:38.000000000 -0700 @@ -1,3 +1,19 @@ +Changes to squid-3.5.5 (28 May 2015): + + - Regression Bug 4132: short_icon_urls with global_internal_static on + - Bug 4238: assertion Read.cc:205: "params.data == data" + - Bug 4236: SSL negotiation error of 'success' + - Bug 3930: assertion 'connIsUsable(http->getConn())' + - Fix assertion MemBuf.cc:380: "new_cap > (size_t) capacity" in SSL I/O buffer + - Fix assertion errorpage.cc:600: "entry->isEmpty()" + - Fix comm_connect_addr on failures returns Comm:OK + - Fix missing external ACL helper notes + - Fix "Not enough space to hold server hello message" error message + - Fix segmentation fault inside Adaptation::Icap::Xaction::swanSong + - Prevent unused ssl_crtd helpers being run + - ... and some code cleanup and portability updates + - ... and several documentation updates + Changes to squid-3.5.4 (01 May 2015): - Bug 4234: comm_connect_addr uses errno incorrectly diff -u -r -N squid-3.5.4/compat/Makefile.in squid-3.5.5/compat/Makefile.in --- squid-3.5.4/compat/Makefile.in 2015-05-01 04:28:27.000000000 -0700 +++ squid-3.5.5/compat/Makefile.in 2015-05-28 04:08:10.000000000 -0700 @@ -83,8 +83,8 @@ build_triplet = @build@ host_triplet = @host@ DIST_COMMON = $(top_srcdir)/src/Common.am $(srcdir)/Makefile.in \ - $(srcdir)/Makefile.am psignal.c initgroups.c drand48.c \ - tempnam.c strtoll.c strerror.c $(top_srcdir)/cfgaux/depcomp \ + $(srcdir)/Makefile.am strtoll.c tempnam.c drand48.c psignal.c \ + initgroups.c strerror.c $(top_srcdir)/cfgaux/depcomp \ $(top_srcdir)/cfgaux/test-driver check_PROGRAMS = testPreCompiler$(EXEEXT) TESTS = testPreCompiler$(EXEEXT) testHeaders diff -u -r -N squid-3.5.4/compat/types.h squid-3.5.5/compat/types.h --- squid-3.5.4/compat/types.h 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/compat/types.h 2015-05-28 04:06:38.000000000 -0700 @@ -157,12 +157,8 @@ #endif #ifndef NULL -#if defined(__cplusplus) && HAVE_NULLPTR -#define NULL nullptr -#else #define NULL 0 #endif -#endif #endif /* SQUID_TYPES_H */ diff -u -r -N squid-3.5.4/configure squid-3.5.5/configure --- squid-3.5.4/configure 2015-05-01 04:29:25.000000000 -0700 +++ squid-3.5.5/configure 2015-05-28 04:09:24.000000000 -0700 @@ -1,7 +1,7 @@ #! /bin/sh # From configure.ac Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for Squid Web Proxy 3.5.4. +# Generated by GNU Autoconf 2.69 for Squid Web Proxy 3.5.5. # # Report bugs to . # @@ -595,8 +595,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.5.4' -PACKAGE_STRING='Squid Web Proxy 3.5.4' +PACKAGE_VERSION='3.5.5' +PACKAGE_STRING='Squid Web Proxy 3.5.5' PACKAGE_BUGREPORT='http://bugs.squid-cache.org/' PACKAGE_URL='' @@ -1617,7 +1617,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.5.4 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.5.5 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1687,7 +1687,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.5.4:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.5.5:";; esac cat <<\_ACEOF @@ -2094,7 +2094,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.5.4 +Squid Web Proxy configure 3.5.5 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -3198,7 +3198,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.5.4, which was +It was created by Squid Web Proxy $as_me 3.5.5, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -4065,7 +4065,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.5.4' + VERSION='3.5.5' cat >>confdefs.h <<_ACEOF @@ -35519,9 +35519,9 @@ $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - if test "x$HAVE_NULLPTR" = xyes; then + if test "x$HAVE_NULLPTR" = xno; then -$as_echo "#define HAVE_NULLPTR 1" >>confdefs.h +$as_echo "#define nullptr NULL" >>confdefs.h fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether nullptr_t is supported" >&5 @@ -35594,6 +35594,11 @@ $as_echo "no" >&6; } fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test "x$HAVE_UNIQUE_PTR" = xno; then + +$as_echo "#define unique_ptr auto_ptr" >>confdefs.h + + fi if test "x$HAVE_UNIQUE_PTR" = xyes; then $as_echo "#define HAVE_UNIQUE_PTR 1" >>confdefs.h @@ -40914,7 +40919,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.5.4, which was +This file was extended by Squid Web Proxy $as_me 3.5.5, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -40980,7 +40985,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -Squid Web Proxy config.status 3.5.4 +Squid Web Proxy config.status 3.5.5 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -u -r -N squid-3.5.4/configure.ac squid-3.5.5/configure.ac --- squid-3.5.4/configure.ac 2015-05-01 04:29:24.000000000 -0700 +++ squid-3.5.5/configure.ac 2015-05-28 04:09:23.000000000 -0700 @@ -5,7 +5,7 @@ ## Please see the COPYING and CONTRIBUTORS files for details. ## -AC_INIT([Squid Web Proxy],[3.5.4],[http://bugs.squid-cache.org/],[squid]) +AC_INIT([Squid Web Proxy],[3.5.5],[http://bugs.squid-cache.org/],[squid]) AC_PREREQ(2.61) AC_CONFIG_HEADERS([include/autoconf.h]) AC_CONFIG_AUX_DIR(cfgaux) diff -u -r -N squid-3.5.4/helpers/basic_auth/DB/basic_db_auth.8 squid-3.5.5/helpers/basic_auth/DB/basic_db_auth.8 --- squid-3.5.4/helpers/basic_auth/DB/basic_db_auth.8 2015-05-01 05:22:12.000000000 -0700 +++ squid-3.5.5/helpers/basic_auth/DB/basic_db_auth.8 2015-05-28 04:56:18.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_DB_AUTH 1" -.TH BASIC_DB_AUTH 1 "2015-05-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH BASIC_DB_AUTH 1 "2015-05-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.4/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 squid-3.5.5/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 --- squid-3.5.4/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 2015-05-01 05:22:18.000000000 -0700 +++ squid-3.5.5/helpers/basic_auth/MSNT-multi-domain/basic_msnt_multi_domain_auth.8 2015-05-28 04:56:22.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_MSNT_MULTI_DOMAIN_AUTH 1" -.TH BASIC_MSNT_MULTI_DOMAIN_AUTH 1 "2015-05-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH BASIC_MSNT_MULTI_DOMAIN_AUTH 1 "2015-05-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.4/helpers/basic_auth/POP3/basic_pop3_auth.8 squid-3.5.5/helpers/basic_auth/POP3/basic_pop3_auth.8 --- squid-3.5.4/helpers/basic_auth/POP3/basic_pop3_auth.8 2015-05-01 05:22:24.000000000 -0700 +++ squid-3.5.5/helpers/basic_auth/POP3/basic_pop3_auth.8 2015-05-28 04:56:26.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "BASIC_POP3_AUTH 1" -.TH BASIC_POP3_AUTH 1 "2015-05-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH BASIC_POP3_AUTH 1 "2015-05-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.4/helpers/external_acl/delayer/ext_delayer_acl.8 squid-3.5.5/helpers/external_acl/delayer/ext_delayer_acl.8 --- squid-3.5.4/helpers/external_acl/delayer/ext_delayer_acl.8 2015-05-01 05:22:43.000000000 -0700 +++ squid-3.5.5/helpers/external_acl/delayer/ext_delayer_acl.8 2015-05-28 04:56:36.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_DELAYER_ACL 1" -.TH EXT_DELAYER_ACL 1 "2015-05-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH EXT_DELAYER_ACL 1 "2015-05-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.4/helpers/external_acl/SQL_session/ext_sql_session_acl.8 squid-3.5.5/helpers/external_acl/SQL_session/ext_sql_session_acl.8 --- squid-3.5.4/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2015-05-01 05:22:54.000000000 -0700 +++ squid-3.5.5/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2015-05-28 04:56:43.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_SQL_SESSION_ACL 1" -.TH EXT_SQL_SESSION_ACL 1 "2015-05-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH EXT_SQL_SESSION_ACL 1 "2015-05-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.4/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.5.5/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 --- squid-3.5.4/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2015-05-01 05:22:58.000000000 -0700 +++ squid-3.5.5/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2015-05-28 04:56:46.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "EXT_WBINFO_GROUP_ACL 1" -.TH EXT_WBINFO_GROUP_ACL 1 "2015-05-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH EXT_WBINFO_GROUP_ACL 1 "2015-05-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.4/helpers/log_daemon/DB/log_db_daemon.8 squid-3.5.5/helpers/log_daemon/DB/log_db_daemon.8 --- squid-3.5.4/helpers/log_daemon/DB/log_db_daemon.8 2015-05-01 05:23:02.000000000 -0700 +++ squid-3.5.5/helpers/log_daemon/DB/log_db_daemon.8 2015-05-28 04:56:48.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "LOG_DB_DAEMON 1" -.TH LOG_DB_DAEMON 1 "2015-05-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH LOG_DB_DAEMON 1 "2015-05-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.4/helpers/storeid_rewrite/file/storeid_file_rewrite.8 squid-3.5.5/helpers/storeid_rewrite/file/storeid_file_rewrite.8 --- squid-3.5.4/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2015-05-01 05:23:20.000000000 -0700 +++ squid-3.5.5/helpers/storeid_rewrite/file/storeid_file_rewrite.8 2015-05-28 04:57:00.000000000 -0700 @@ -133,7 +133,7 @@ .\" ======================================================================== .\" .IX Title "STOREID_FILE_REWRITE 1" -.TH STOREID_FILE_REWRITE 1 "2015-05-01" "perl v5.20.2" "User Contributed Perl Documentation" +.TH STOREID_FILE_REWRITE 1 "2015-05-28" "perl v5.20.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l diff -u -r -N squid-3.5.4/include/autoconf.h.in squid-3.5.5/include/autoconf.h.in --- squid-3.5.4/include/autoconf.h.in 2015-05-01 04:28:05.000000000 -0700 +++ squid-3.5.5/include/autoconf.h.in 2015-05-28 04:07:39.000000000 -0700 @@ -664,9 +664,6 @@ /* Define to 1 if you have the header file. */ #undef HAVE_NET_ROUTE_H -/* Define to 1 if nullptr is supported */ -#undef HAVE_NULLPTR - /* Define to 1 if nullptr_t is supported */ #undef HAVE_NULLPTR_T @@ -1577,6 +1574,9 @@ a type exists and the standard includes do not define it. */ #undef int8_t +/* Leave undefined if nullptr is supported */ +#undef nullptr + /* Define to `long int' if does not define. */ #undef off_t @@ -1607,3 +1607,6 @@ /* Define to the type of an unsigned integer type of width exactly 8 bits if such a type exists and the standard includes do not define it. */ #undef uint8_t + +/* Leave undefined if std::unique_ptr is supported */ +#undef unique_ptr diff -u -r -N squid-3.5.4/include/version.h squid-3.5.5/include/version.h --- squid-3.5.4/include/version.h 2015-05-01 04:29:25.000000000 -0700 +++ squid-3.5.5/include/version.h 2015-05-28 04:09:24.000000000 -0700 @@ -7,7 +7,7 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1430479633 +#define SQUID_RELEASE_TIME 1432811191 #endif /* diff -u -r -N squid-3.5.4/lib/rfcnb/rfcnb-io.c squid-3.5.5/lib/rfcnb/rfcnb-io.c --- squid-3.5.4/lib/rfcnb/rfcnb-io.c 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/lib/rfcnb/rfcnb-io.c 2015-05-28 04:06:38.000000000 -0700 @@ -36,11 +36,13 @@ #include "rfcnb/rfcnb-util.h" #include "rfcnb/std-includes.h" +#if HAVE_SIGNAL_H +#include +#endif #if HAVE_STRING_H #include #endif #include -#include int RFCNB_Timeout = 0; /* Timeout in seconds ... */ diff -u -r -N squid-3.5.4/RELEASENOTES.html squid-3.5.5/RELEASENOTES.html --- squid-3.5.4/RELEASENOTES.html 2015-05-01 05:25:08.000000000 -0700 +++ squid-3.5.5/RELEASENOTES.html 2015-05-28 04:58:09.000000000 -0700 @@ -2,10 +2,10 @@ - Squid 3.5.4 release notes + Squid 3.5.5 release notes -

Squid 3.5.4 release notes

+

Squid 3.5.5 release notes

Squid Developers

@@ -63,7 +63,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.5.4.

+

The Squid Team are pleased to announce the release of Squid-3.5.5.

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.5/ or the mirrors.

diff -u -r -N squid-3.5.4/src/adaptation/icap/Xaction.cc squid-3.5.5/src/adaptation/icap/Xaction.cc --- squid-3.5.4/src/adaptation/icap/Xaction.cc 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/adaptation/icap/Xaction.cc 2015-05-28 04:06:38.000000000 -0700 @@ -184,7 +184,7 @@ connector = JobCallback(93,3, ConnectDialer, this, Adaptation::Icap::Xaction::noteCommConnected); cs = new Comm::ConnOpener(connection, connector, TheConfig.connect_timeout(service().cfg().bypass)); cs->setHost(s.cfg().host.termedBuf()); - AsyncJob::Start(cs); + AsyncJob::Start(cs.get()); } /* @@ -522,7 +522,7 @@ void Adaptation::Icap::Xaction::swanSong() { // kids should sing first and then call the parent method. - if (cs) { + if (cs.valid()) { debugs(93,6, HERE << id << " about to notify ConnOpener!"); CallJobHere(93, 3, cs, Comm::ConnOpener, noteAbort); cs = NULL; diff -u -r -N squid-3.5.4/src/adaptation/icap/Xaction.h squid-3.5.5/src/adaptation/icap/Xaction.h --- squid-3.5.4/src/adaptation/icap/Xaction.h 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/adaptation/icap/Xaction.h 2015-05-28 04:06:38.000000000 -0700 @@ -12,8 +12,7 @@ #include "AccessLogEntry.h" #include "adaptation/icap/ServiceRep.h" #include "adaptation/Initiate.h" -#include "comm/forward.h" -#include "CommCalls.h" +#include "comm/ConnOpener.h" #include "HttpReply.h" #include "ipcache.h" #include "MemBuf.h" @@ -163,8 +162,7 @@ timeval icap_tio_finish; /*time when the last byte of the ICAP responsewas received*/ private: - Comm::ConnOpener *cs; - //CBDATA_CLASS2(Xaction); + Comm::ConnOpener::Pointer cs; }; } // namespace Icap diff -u -r -N squid-3.5.4/src/base/TidyPointer.h squid-3.5.5/src/base/TidyPointer.h --- squid-3.5.4/src/base/TidyPointer.h 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/base/TidyPointer.h 2015-05-28 04:06:38.000000000 -0700 @@ -11,7 +11,7 @@ /** * A pointer that deletes the object it points to when the pointer's owner or - * context is gone. Similar to std::auto_ptr but without confusing assignment + * context is gone. Similar to std::unique_ptr but without confusing assignment * and with a customizable cleanup method. Prevents memory leaks in * the presence of exceptions and processing short cuts. */ diff -u -r -N squid-3.5.4/src/cf.data.pre squid-3.5.5/src/cf.data.pre --- squid-3.5.4/src/cf.data.pre 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/cf.data.pre 2015-05-28 04:06:38.000000000 -0700 @@ -322,6 +322,49 @@ DOC_END COMMENT_START + OPTIONS FOR SMP + ----------------------------------------------------------------------------- +COMMENT_END + +NAME: workers +TYPE: int +LOC: Config.workers +DEFAULT: 1 +DEFAULT_DOC: SMP support disabled. +DOC_START + Number of main Squid processes or "workers" to fork and maintain. + 0: "no daemon" mode, like running "squid -N ..." + 1: "no SMP" mode, start one main Squid process daemon (default) + N: start N main Squid process daemons (i.e., SMP mode) + + In SMP mode, each worker does nearly all what a single Squid daemon + does (e.g., listen on http_port and forward HTTP requests). +DOC_END + +NAME: cpu_affinity_map +TYPE: CpuAffinityMap +LOC: Config.cpuAffinityMap +DEFAULT: none +DEFAULT_DOC: Let operating system decide. +DOC_START + Usage: cpu_affinity_map process_numbers=P1,P2,... cores=C1,C2,... + + Sets 1:1 mapping between Squid processes and CPU cores. For example, + + cpu_affinity_map process_numbers=1,2,3,4 cores=1,3,5,7 + + affects processes 1 through 4 only and places them on the first + four even cores, starting with core #1. + + CPU cores are numbered starting from 1. Requires support for + sched_getaffinity(2) and sched_setaffinity(2) system calls. + + Multiple cpu_affinity_map options are merged. + + See also: workers +DOC_END + +COMMENT_START OPTIONS FOR AUTHENTICATION ----------------------------------------------------------------------------- COMMENT_END @@ -9259,42 +9302,4 @@ not all I/O types supports large values (eg on Windows). DOC_END -NAME: workers -TYPE: int -LOC: Config.workers -DEFAULT: 1 -DEFAULT_DOC: SMP support disabled. -DOC_START - Number of main Squid processes or "workers" to fork and maintain. - 0: "no daemon" mode, like running "squid -N ..." - 1: "no SMP" mode, start one main Squid process daemon (default) - N: start N main Squid process daemons (i.e., SMP mode) - - In SMP mode, each worker does nearly all what a single Squid daemon - does (e.g., listen on http_port and forward HTTP requests). -DOC_END - -NAME: cpu_affinity_map -TYPE: CpuAffinityMap -LOC: Config.cpuAffinityMap -DEFAULT: none -DEFAULT_DOC: Let operating system decide. -DOC_START - Usage: cpu_affinity_map process_numbers=P1,P2,... cores=C1,C2,... - - Sets 1:1 mapping between Squid processes and CPU cores. For example, - - cpu_affinity_map process_numbers=1,2,3,4 cores=1,3,5,7 - - affects processes 1 through 4 only and places them on the first - four even cores, starting with core #1. - - CPU cores are numbered starting from 1. Requires support for - sched_getaffinity(2) and sched_setaffinity(2) system calls. - - Multiple cpu_affinity_map options are merged. - - See also: workers -DOC_END - EOF diff -u -r -N squid-3.5.4/src/client_side.cc squid-3.5.5/src/client_side.cc --- squid-3.5.4/src/client_side.cc 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/client_side.cc 2015-05-28 04:06:38.000000000 -0700 @@ -191,9 +191,6 @@ static void clientUpdateHierCounters(HierarchyLogEntry *); static bool clientPingHasFinished(ping_data const *aPing); void prepareLogWithRequestDetails(HttpRequest *, AccessLogEntry::Pointer &); -#ifndef PURIFY -static bool connIsUsable(ConnStateData * conn); -#endif static void ClientSocketContextPushDeferredIfNeeded(ClientSocketContext::Pointer deferredRequest, ConnStateData * conn); static void clientUpdateSocketStats(LogTags logType, size_t size); @@ -908,18 +905,6 @@ return 0; } -#ifndef PURIFY -bool -connIsUsable(ConnStateData * conn) -{ - if (conn == NULL || !cbdataReferenceValid(conn) || !Comm::IsConnOpen(conn->clientConnection)) - return false; - - return true; -} - -#endif - // careful: the "current" context may be gone if we wrote an early response ClientSocketContext::Pointer ConnStateData::getCurrentContext() const @@ -1438,6 +1423,10 @@ clientSocketRecipient(clientStreamNode * node, ClientHttpRequest * http, HttpReply * rep, StoreIOBuffer receivedData) { + // dont tryt to deliver if client already ABORTED + if (!http->getConn() || !cbdataReferenceValid(http->getConn()) || !Comm::IsConnOpen(http->getConn()->clientConnection)) + return; + /* Test preconditions */ assert(node != NULL); PROF_start(clientSocketRecipient); @@ -1450,7 +1439,6 @@ assert(node->node.next == NULL); ClientSocketContext::Pointer context = dynamic_cast(node->data.getRaw()); assert(context != NULL); - assert(connIsUsable(http->getConn())); /* TODO: check offset is what we asked for */ @@ -2207,7 +2195,7 @@ return csd->abortRequestParsing("error:method-not-allowed"); } - /* draft-ietf-httpbis-http2-16 section 11.6 registers the method PRI as HTTP/2 specific + /* RFC 7540 section 11.6 registers the method PRI as HTTP/2 specific * Deny "PRI" method if used in HTTP/1.x or 0.9 versions. * If seen it signals a broken client or proxy has corrupted the traffic. */ @@ -2685,6 +2673,7 @@ } else if (Config.onoff.global_internal_static && internalStaticCheck(request->urlpath.termedBuf())) { debugs(33, 2, "internal URL found: " << request->url.getScheme() << "://" << request->GetHost() << ':' << request->port << " (global_internal_static on)"); + request->url.setScheme(AnyP::PROTO_HTTP); request->SetHost(internalHostname()); request->port = getMyPort(); http->flags.internal = true; @@ -3676,7 +3665,9 @@ SSL *ssl = fd_table[fd].ssl; int ret; + errno = 0; if ((ret = SSL_accept(ssl)) <= 0) { + int xerrno = errno; int ssl_error = SSL_get_error(ssl, ret); switch (ssl_error) { @@ -3690,24 +3681,14 @@ return false; case SSL_ERROR_SYSCALL: - if (ret == 0) { debugs(83, 2, "Error negotiating SSL connection on FD " << fd << ": Aborted by client: " << ssl_error); - comm_close(fd); - return false; } else { - int hard = 1; - - if (errno == ECONNRESET) - hard = 0; - - debugs(83, hard ? 1 : 2, "Error negotiating SSL connection on FD " << - fd << ": " << strerror(errno) << " (" << errno << ")"); - - comm_close(fd); - - return false; + debugs(83, (xerrno == ECONNRESET) ? 1 : 2, "Error negotiating SSL connection on FD " << fd << ": " << + (xerrno == 0 ? ERR_error_string(ssl_error, NULL) : xstrerr(xerrno))); } + comm_close(fd); + return false; case SSL_ERROR_ZERO_RETURN: debugs(83, DBG_IMPORTANT, "Error negotiating SSL connection on FD " << fd << ": Closed by client"); @@ -4519,7 +4500,7 @@ } if (s->flags.tunnelSslBumping && !s->staticSslContext && !s->generateHostCertificates) { - debugs(1, DBG_IMPORTANT, "Will not bump SSL at http_port " << s->s << " due to SSL initialization failure."); + debugs(1, DBG_IMPORTANT, "Will not bump SSL at https_port " << s->s << " due to SSL initialization failure."); s->flags.tunnelSslBumping = false; } diff -u -r -N squid-3.5.4/src/client_side_reply.cc squid-3.5.5/src/client_side_reply.cc --- squid-3.5.4/src/client_side_reply.cc 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/client_side_reply.cc 2015-05-28 04:06:38.000000000 -0700 @@ -786,7 +786,7 @@ return false; // internal content "hits" cannot be blocked if (const HttpReply *rep = http->storeEntry()->getReply()) { - std::auto_ptr chl(clientAclChecklistCreate(Config.accessList.sendHit, http)); + std::unique_ptr chl(clientAclChecklistCreate(Config.accessList.sendHit, http)); chl->reply = const_cast(rep); // ACLChecklist API bug HTTPMSGLOCK(chl->reply); return chl->fastCheck() != ACCESS_ALLOWED; // when in doubt, block diff -u -r -N squid-3.5.4/src/CollapsedForwarding.cc squid-3.5.5/src/CollapsedForwarding.cc --- squid-3.5.4/src/CollapsedForwarding.cc 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/CollapsedForwarding.cc 2015-05-28 04:06:38.000000000 -0700 @@ -27,7 +27,7 @@ // TODO: make configurable or compute from squid.conf settings if possible static const int QueueCapacity = 1024; -std::auto_ptr CollapsedForwarding::queue; +std::unique_ptr CollapsedForwarding::queue; /// IPC queue message class CollapsedForwardingMsg diff -u -r -N squid-3.5.4/src/CollapsedForwarding.h squid-3.5.5/src/CollapsedForwarding.h --- squid-3.5.4/src/CollapsedForwarding.h 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/CollapsedForwarding.h 2015-05-28 04:06:38.000000000 -0700 @@ -40,7 +40,7 @@ private: typedef Ipc::MultiQueue Queue; - static std::auto_ptr queue; ///< IPC queue + static std::unique_ptr queue; ///< IPC queue }; #endif /* SQUID_COLLAPSED_FORWARDING_H */ diff -u -r -N squid-3.5.4/src/comm/ModSelectWin32.cc squid-3.5.5/src/comm/ModSelectWin32.cc --- squid-3.5.4/src/comm/ModSelectWin32.cc 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/comm/ModSelectWin32.cc 2015-05-28 04:06:38.000000000 -0700 @@ -188,8 +188,6 @@ PF *hdl = NULL; fd_set read_mask; fd_set write_mask; - fd_set errfds; - FD_ZERO(&errfds); FD_ZERO(&read_mask); FD_ZERO(&write_mask); incoming_sockets_accepted = 0; @@ -219,8 +217,7 @@ ++ statCounter.syscalls.selects; - if (select(maxfd, &read_mask, &write_mask, &errfds, &zero_tv) < 1) - + if (select(maxfd, &read_mask, &write_mask, NULL, &zero_tv) < 1) return incoming_sockets_accepted; for (i = 0; i < nfds; ++i) { @@ -273,7 +270,7 @@ nevents = comm_check_incoming_select_handlers(nfds, fds); - incoming_udp_interval += Config.comm_incoming.udp_average - nevents; + incoming_udp_interval += Config.comm_incoming.udp.average - nevents; if (incoming_udp_interval < 0) incoming_udp_interval = 0; @@ -305,7 +302,7 @@ } nevents = comm_check_incoming_select_handlers(nfds, fds); - incoming_tcp_interval += Config.comm_incoming.tcp_average - nevents; + incoming_tcp_interval += Config.comm_incoming.tcp.average - nevents; if (incoming_tcp_interval < 0) incoming_tcp_interval = 0; @@ -333,7 +330,7 @@ int maxfd; int num; int pending; - int calldns = 0, callicp = 0, callhttp = 0; + int calldns = 0, calludp = 0, calltcp = 0; int j; #if DEBUG_FDBITS @@ -361,7 +358,7 @@ if (commCheckTcpIncoming) comm_select_tcp_incoming(); - calludp = calldns = calltcp = 0; + calldns = calludp = calltcp = 0; maxfd = Biggest_FD + 1; @@ -426,9 +423,9 @@ for (;;) { poll_time.tv_sec = msec / 1000; poll_time.tv_usec = (msec % 1000) * 1000; - ++statCounter.syscalls.selects; + ++ statCounter.syscalls.selects; num = select(maxfd, &readfds, &writefds, &errfds, &poll_time); - ++statCounter.select_loops; + ++ statCounter.select_loops; if (num >= 0 || pending > 0) break; diff -u -r -N squid-3.5.4/src/comm/Read.cc squid-3.5.5/src/comm/Read.cc --- squid-3.5.4/src/comm/Read.cc 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/comm/Read.cc 2015-05-28 04:06:38.000000000 -0700 @@ -138,22 +138,22 @@ /* For legacy callers : Attempt a read */ // Keep in sync with Comm::ReadNow()! ++ statCounter.syscalls.sock.reads; - errno = 0; + int xerrno = errno = 0; int retval = FD_READ_METHOD(fd, ccb->buf, ccb->size); - debugs(5, 3, "FD " << fd << ", size " << ccb->size << ", retval " << retval << ", errno " << errno); + xerrno = errno; + debugs(5, 3, "FD " << fd << ", size " << ccb->size << ", retval " << retval << ", errno " << xerrno); /* See if we read anything */ /* Note - read 0 == socket EOF, which is a valid read */ if (retval >= 0) { fd_bytes(fd, retval, FD_READ); ccb->offset = retval; - ccb->finish(Comm::OK, errno); + ccb->finish(Comm::OK, 0); return; - - } else if (retval < 0 && !ignoreErrno(errno)) { + } else if (retval < 0 && !ignoreErrno(xerrno)) { debugs(5, 3, "comm_read_try: scheduling Comm::COMM_ERROR"); ccb->offset = 0; - ccb->finish(Comm::COMM_ERROR, errno); + ccb->finish(Comm::COMM_ERROR, xerrno); return; }; diff -u -r -N squid-3.5.4/src/comm/TcpAcceptor.cc squid-3.5.5/src/comm/TcpAcceptor.cc --- squid-3.5.4/src/comm/TcpAcceptor.cc 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/comm/TcpAcceptor.cc 2015-05-28 04:06:38.000000000 -0700 @@ -150,10 +150,10 @@ void Comm::TcpAcceptor::setListen() { - errcode = 0; // reset local errno copy. + errcode = errno = 0; if (listen(conn->fd, Squid_MaxFD >> 2) < 0) { - debugs(50, DBG_CRITICAL, "ERROR: listen(" << status() << ", " << (Squid_MaxFD >> 2) << "): " << xstrerror()); errcode = errno; + debugs(50, DBG_CRITICAL, "ERROR: listen(" << status() << ", " << (Squid_MaxFD >> 2) << "): " << xstrerr(errcode)); return; } diff -u -r -N squid-3.5.4/src/comm/Write.cc squid-3.5.5/src/comm/Write.cc --- squid-3.5.4/src/comm/Write.cc 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/comm/Write.cc 2015-05-28 04:06:38.000000000 -0700 @@ -102,7 +102,9 @@ #endif /* USE_DELAY_POOLS */ /* actually WRITE data */ + int xerrno = errno = 0; len = FD_WRITE_METHOD(fd, state->buf + state->offset, nleft); + xerrno = errno; debugs(5, 5, HERE << "write() returns " << len); #if USE_DELAY_POOLS @@ -133,18 +135,18 @@ if (nleft != 0) debugs(5, DBG_IMPORTANT, "FD " << fd << " write failure: connection closed with " << nleft << " bytes remaining."); - state->finish(nleft ? Comm::COMM_ERROR : Comm::OK, errno); + state->finish(nleft ? Comm::COMM_ERROR : Comm::OK, 0); } else if (len < 0) { /* An error */ if (fd_table[fd].flags.socket_eof) { - debugs(50, 2, HERE << "FD " << fd << " write failure: " << xstrerror() << "."); - state->finish(nleft ? Comm::COMM_ERROR : Comm::OK, errno); - } else if (ignoreErrno(errno)) { - debugs(50, 9, HERE << "FD " << fd << " write failure: " << xstrerror() << "."); + debugs(50, 2, "FD " << fd << " write failure: " << xstrerr(xerrno) << "."); + state->finish(nleft ? Comm::COMM_ERROR : Comm::OK, xerrno); + } else if (ignoreErrno(xerrno)) { + debugs(50, 9, "FD " << fd << " write failure: " << xstrerr(xerrno) << "."); state->selectOrQueueWrite(); } else { - debugs(50, 2, HERE << "FD " << fd << " write failure: " << xstrerror() << "."); - state->finish(nleft ? Comm::COMM_ERROR : Comm::OK, errno); + debugs(50, 2, "FD " << fd << " write failure: " << xstrerr(xerrno) << "."); + state->finish(nleft ? Comm::COMM_ERROR : Comm::OK, xerrno); } } else { /* A successful write, continue */ @@ -154,7 +156,7 @@ /* Not done, reinstall the write handler and write some more */ state->selectOrQueueWrite(); } else { - state->finish(nleft ? Comm::OK : Comm::COMM_ERROR, errno); + state->finish(nleft ? Comm::OK : Comm::COMM_ERROR, 0); } } diff -u -r -N squid-3.5.4/src/comm.cc squid-3.5.5/src/comm.cc --- squid-3.5.4/src/comm.cc 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/comm.cc 2015-05-28 04:06:38.000000000 -0700 @@ -632,24 +632,24 @@ F->flags.called_connect = true; ++ statCounter.syscalls.sock.connects; - x = connect(sock, AI->ai_addr, AI->ai_addrlen); - - // XXX: ICAP code refuses callbacks during a pending comm_ call - // Async calls development will fix this. - if (x == 0) { - x = -1; - xerrno = EINPROGRESS; - } else if (x < 0) { - debugs(5,5, "comm_connect_addr: sock=" << sock << ", addrinfo( " << + errno = 0; + if ((x = connect(sock, AI->ai_addr, AI->ai_addrlen)) < 0) { + xerrno = errno; + debugs(5,5, "sock=" << sock << ", addrinfo(" << " flags=" << AI->ai_flags << ", family=" << AI->ai_family << ", socktype=" << AI->ai_socktype << ", protocol=" << AI->ai_protocol << ", &addr=" << AI->ai_addr << - ", addrlen=" << AI->ai_addrlen << - " )" ); + ", addrlen=" << AI->ai_addrlen << " )"); debugs(5, 9, "connect FD " << sock << ": (" << x << ") " << xstrerr(xerrno)); - debugs(14,9, "connecting to: " << address ); + debugs(14,9, "connecting to: " << address); + + } else if (x == 0) { + // XXX: ICAP code refuses callbacks during a pending comm_ call + // Async calls development will fix this. + x = -1; + xerrno = EINPROGRESS; } } else { diff -u -r -N squid-3.5.4/src/DiskIO/IpcIo/IpcIoFile.cc squid-3.5.5/src/DiskIO/IpcIo/IpcIoFile.cc --- squid-3.5.4/src/DiskIO/IpcIo/IpcIoFile.cc 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/DiskIO/IpcIo/IpcIoFile.cc 2015-05-28 04:06:38.000000000 -0700 @@ -45,7 +45,7 @@ const double IpcIoFile::Timeout = 7; // seconds; XXX: ALL,9 may require more IpcIoFile::IpcIoFileList IpcIoFile::WaitingForOpen; IpcIoFile::IpcIoFilesMap IpcIoFile::IpcIoFiles; -std::auto_ptr IpcIoFile::queue; +std::unique_ptr IpcIoFile::queue; bool IpcIoFile::DiskerHandleMoreRequestsScheduled = false; diff -u -r -N squid-3.5.4/src/DiskIO/IpcIo/IpcIoFile.h squid-3.5.5/src/DiskIO/IpcIo/IpcIoFile.h --- squid-3.5.4/src/DiskIO/IpcIo/IpcIoFile.h 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/DiskIO/IpcIo/IpcIoFile.h 2015-05-28 04:06:38.000000000 -0700 @@ -139,7 +139,7 @@ static IpcIoFilesMap IpcIoFiles; typedef Ipc::FewToFewBiQueue Queue; - static std::auto_ptr queue; ///< IPC queue + static std::unique_ptr queue; ///< IPC queue /// whether we are waiting for an event to handle still queued I/O requests static bool DiskerHandleMoreRequestsScheduled; diff -u -r -N squid-3.5.4/src/external_acl.cc squid-3.5.5/src/external_acl.cc --- squid-3.5.4/src/external_acl.cc 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/external_acl.cc 2015-05-28 04:06:38.000000000 -0700 @@ -706,6 +706,9 @@ if (entry->message.size()) req->extacl_message = entry->message; + + // attach the helper kv-pair to the transaction + UpdateRequestNotes(req->clientConnectionManager.get(), *req, entry->notes); } } @@ -1532,18 +1535,6 @@ { ACLFilledChecklist *checklist = Filled(static_cast(data)); checklist->extacl_entry = result; - - // attach the helper kv-pair to the transaction - if (checklist->extacl_entry != NULL) { - if (HttpRequest * req = checklist->request) { - // XXX: we have no access to the transaction / AccessLogEntry so cant SyncNotes(). - // workaround by using anything already set in HttpRequest - // OR use new and rely on a later Sync copying these to AccessLogEntry - - UpdateRequestNotes(checklist->conn(), *req, checklist->extacl_entry->notes); - } - } - checklist->resumeNonBlockingCheck(ExternalACLLookup::Instance()); } diff -u -r -N squid-3.5.4/src/FwdState.cc squid-3.5.5/src/FwdState.cc --- squid-3.5.4/src/FwdState.cc 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/FwdState.cc 2015-05-28 04:06:38.000000000 -0700 @@ -625,7 +625,7 @@ request->hier.stopPeerClock(false); - if (self != NULL && !err && shutting_down) { + if (self != NULL && !err && shutting_down && entry->isEmpty()) { ErrorState *anErr = new ErrorState(ERR_SHUTTING_DOWN, Http::scServiceUnavailable, request); errorAppendEntry(entry, anErr); } diff -u -r -N squid-3.5.4/src/http/MethodType.h squid-3.5.5/src/http/MethodType.h --- squid-3.5.4/src/http/MethodType.h 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/http/MethodType.h 2015-05-28 04:06:38.000000000 -0700 @@ -87,7 +87,7 @@ METHOD_UNBIND, #endif - // draft-ietf-httpbis-http2-16 section 11.6 + // RFC 7540 METHOD_PRI, // Squid extension methods diff -u -r -N squid-3.5.4/src/http/StatusCode.h squid-3.5.5/src/http/StatusCode.h --- squid-3.5.4/src/http/StatusCode.h 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/http/StatusCode.h 2015-05-28 04:06:38.000000000 -0700 @@ -58,7 +58,7 @@ scUnsupportedMediaType = 415, scRequestedRangeNotSatisfied = 416, scExpectationFailed = 417, - scMisdirectedRequest = 421, /**< draft-ietf-httpbis-http2-16 section 9.1.2 */ + scMisdirectedRequest = 421, /**< RFC7540 section 9.1.2 */ scUnprocessableEntity = 422, /**< RFC2518 section 10.3 / RFC4918 */ scLocked = 423, /**< RFC2518 section 10.4 / RFC4918 */ scFailedDependency = 424, /**< RFC2518 section 10.5 / RFC4918 */ diff -u -r -N squid-3.5.4/src/HttpHeader.h squid-3.5.5/src/HttpHeader.h --- squid-3.5.4/src/HttpHeader.h 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/HttpHeader.h 2015-05-28 04:06:38.000000000 -0700 @@ -66,7 +66,7 @@ HDR_FORWARDED, /**< RFC 7239 */ HDR_FROM, /**< RFC 7231 */ HDR_HOST, /**< RFC 7230 */ - HDR_HTTP2_SETTINGS, /**< HTTP/2.0 upgrade header. see draft-ietf-httpbis-http2-13 */ + HDR_HTTP2_SETTINGS, /**< RFC 7540 */ /*HDR_IF,*/ /* RFC 2518 */ HDR_IF_MATCH, /**< RFC 7232 */ HDR_IF_MODIFIED_SINCE, /**< RFC 7232 */ diff -u -r -N squid-3.5.4/src/HttpRequestMethod.cc squid-3.5.5/src/HttpRequestMethod.cc --- squid-3.5.4/src/HttpRequestMethod.cc 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/HttpRequestMethod.cc 2015-05-28 04:06:38.000000000 -0700 @@ -109,8 +109,11 @@ // RFC 5323 section 2 case Http::METHOD_SEARCH: - // RFC 5789 - none - // RFC 5842 - none + // RFC 5789 - none + // RFC 5842 - none + + // RFC 7540 section 11.6 + case Http::METHOD_PRI: return true; @@ -154,9 +157,12 @@ case Http::METHOD_MOVE: case Http::METHOD_UNLOCK: - // RFC 5323 - TODO check - // RFC 5789 - TODO check - // RFC 5842 - TODO check + // RFC 5323 - TODO check + // RFC 5789 - TODO check + // RFC 5842 - TODO check + + // RFC 7540 section 11.6 + case Http::METHOD_PRI: return true; diff -u -r -N squid-3.5.4/src/mgr/Inquirer.cc squid-3.5.5/src/mgr/Inquirer.cc --- squid-3.5.4/src/mgr/Inquirer.cc 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/mgr/Inquirer.cc 2015-05-28 04:06:38.000000000 -0700 @@ -72,28 +72,16 @@ Must(Comm::IsConnOpen(conn)); Must(aggrAction != NULL); -#if HAVE_UNIQUE_PTR std::unique_ptr replyBuf; -#else - std::auto_ptr replyBuf; -#endif if (strands.empty()) { LOCAL_ARRAY(char, url, MAX_URL); snprintf(url, MAX_URL, "%s", aggrAction->command().params.httpUri.termedBuf()); HttpRequest *req = HttpRequest::CreateFromUrl(url); ErrorState err(ERR_INVALID_URL, Http::scNotFound, req); -#if HAVE_UNIQUE_PTR std::unique_ptr reply(err.BuildHttpReply()); -#else - std::auto_ptr reply(err.BuildHttpReply()); -#endif replyBuf.reset(reply->pack()); } else { -#if HAVE_UNIQUE_PTR std::unique_ptr reply(new HttpReply); -#else - std::auto_ptr reply(new HttpReply); -#endif reply->setHeaders(Http::scOkay, NULL, "text/plain", -1, squid_curtime, squid_curtime); reply->header.putStr(HDR_CONNECTION, "close"); // until we chunk response replyBuf.reset(reply->pack()); diff -u -r -N squid-3.5.4/src/pconn.cc squid-3.5.5/src/pconn.cc --- squid-3.5.4/src/pconn.cc 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/pconn.cc 2015-05-28 04:06:38.000000000 -0700 @@ -218,9 +218,9 @@ // finally, a match. pop and return it. Comm::ConnectionPointer result = theList_[i]; + clearHandlers(result); /* may delete this */ removeAt(i); - clearHandlers(result); return result; } @@ -264,9 +264,9 @@ // finally, a match. pop and return it. Comm::ConnectionPointer result = theList_[i]; + clearHandlers(result); /* may delete this */ removeAt(i); - clearHandlers(result); return result; } @@ -281,9 +281,9 @@ if (index >= 0) { if (parent_) parent_->notifyManager("idle conn closure"); + clearHandlers(conn); /* might delete this */ removeAt(index); - clearHandlers(conn); conn->close(); } } diff -u -r -N squid-3.5.4/src/ssl/bio.cc squid-3.5.5/src/ssl/bio.cc --- squid-3.5.4/src/ssl/bio.cc 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/ssl/bio.cc 2015-05-28 04:06:38.000000000 -0700 @@ -130,6 +130,28 @@ return result; } +int +Ssl::Bio::readAndBuffer(char *buf, int size, BIO *table, const char *description) +{ + prepReadBuf(); + + size = min((int)rbuf.potentialSpaceSize(), size); + if (size <= 0) { + debugs(83, DBG_IMPORTANT, "Not enough space to hold " << + rbuf.contentSize() << "+ byte " << description); + return -1; + } + + const int bytes = Ssl::Bio::read(buf, size, table); + debugs(83, 5, "read " << bytes << " out of " << size << " bytes"); // move to Ssl::Bio::read() + + if (bytes > 0) { + rbuf.append(buf, bytes); + debugs(83, 5, "recorded " << bytes << " bytes of " << description); + } + return bytes; +} + /// Called whenever the SSL connection state changes, an alert appears, or an /// error occurs. See SSL_set_info_callback(). void @@ -148,6 +170,13 @@ SSL_state_string(ssl) << " (" << SSL_state_string_long(ssl) << ")"); } +void +Ssl::Bio::prepReadBuf() +{ + if (rbuf.isNull()) + rbuf.init(4096, 65536); +} + bool Ssl::ClientBio::isClientHello(int state) { @@ -196,20 +225,9 @@ Ssl::ClientBio::read(char *buf, int size, BIO *table) { if (helloState < atHelloReceived) { - - if (rbuf.isNull()) - rbuf.init(1024, 16384); - - size = rbuf.spaceSize() > size ? size : rbuf.spaceSize(); - - if (!size) - return 0; - - int bytes = Ssl::Bio::read(buf, size, table); + int bytes = readAndBuffer(buf, size, table, "TLS client Hello"); if (bytes <= 0) return bytes; - rbuf.append(buf, bytes); - debugs(83, 7, "rbuf size: " << rbuf.contentSize()); } if (helloState == atHelloNone) { @@ -272,16 +290,8 @@ int Ssl::ServerBio::read(char *buf, int size, BIO *table) { - int bytes = Ssl::Bio::read(buf, size, table); - - if (bytes > 0 && record_) { - if (rbuf.isNull()) - rbuf.init(1024, 16384); - rbuf.append(buf, bytes); - debugs(83, 5, "Record is enabled store " << bytes << " bytes"); - } - debugs(83, 5, "Read " << bytes << " from " << size << " bytes"); - return bytes; + return record_ ? + readAndBuffer(buf, size, table, "TLS server Hello") : Ssl::Bio::read(buf, size, table); } // This function makes the required checks to examine if the client hello diff -u -r -N squid-3.5.4/src/ssl/bio.h squid-3.5.5/src/ssl/bio.h --- squid-3.5.4/src/ssl/bio.h 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/ssl/bio.h 2015-05-28 04:06:38.000000000 -0700 @@ -110,6 +110,12 @@ /// Tells ssl connection to use BIO and monitor state via stateChanged() static void Link(SSL *ssl, BIO *bio); + /// Prepare the rbuf buffer to accept hello data + void prepReadBuf(); + + /// Reads data from socket and record them to a buffer + int readAndBuffer(char *buf, int size, BIO *table, const char *description); + const MemBuf &rBufData() {return rbuf;} protected: const int fd_; ///< the SSL socket we are reading and writing diff -u -r -N squid-3.5.4/src/ssl/helper.cc squid-3.5.5/src/ssl/helper.cc --- squid-3.5.4/src/ssl/helper.cc 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/ssl/helper.cc 2015-05-28 04:06:38.000000000 -0700 @@ -41,12 +41,13 @@ { assert(ssl_crtd == NULL); - // we need to start ssl_crtd only if some port(s) need to bump SSL + // we need to start ssl_crtd only if some port(s) need to bump SSL *and* generate certificates + // TODO: generate host certificates for SNI enabled accel ports bool found = false; for (AnyP::PortCfgPointer s = HttpPortList; !found && s != NULL; s = s->next) - found = s->flags.tunnelSslBumping; + found = s->flags.tunnelSslBumping && s->generateHostCertificates; for (AnyP::PortCfgPointer s = HttpsPortList; !found && s != NULL; s = s->next) - found = s->flags.tunnelSslBumping; + found = s->flags.tunnelSslBumping && s->generateHostCertificates; if (!found) return; diff -u -r -N squid-3.5.4/src/stat.cc squid-3.5.5/src/stat.cc --- squid-3.5.4/src/stat.cc 2015-05-01 04:27:20.000000000 -0700 +++ squid-3.5.5/src/stat.cc 2015-05-28 04:06:38.000000000 -0700 @@ -620,8 +620,10 @@ storeAppendPrintf(sentry, "Connection information for %s:\n",APP_SHORTNAME); - storeAppendPrintf(sentry, "\tNumber of clients accessing cache:\t%.0f\n", - stats.client_http_clients); + if (Config.onoff.client_db) + storeAppendPrintf(sentry, "\tNumber of clients accessing cache:\t%.0f\n", stats.client_http_clients); + else + sentry->append("\tNumber of clients accessing cache:\t(client_db off)\n", 52); storeAppendPrintf(sentry, "\tNumber of HTTP requests received:\t%.0f\n", stats.client_http_requests);