diff -r -u squid-2.6.STABLE13/configure new-STABLE13/configure --- squid-2.6.STABLE13/configure Fri May 11 08:59:36 2007 +++ new-STABLE13/configure Sun May 13 00:59:36 2007 @@ -1,7 +1,7 @@ #! /bin/sh -# From configure.in Revision: 1.416.2.10 . +# From configure.in Revision: 1.3 . # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.59 for Squid Web Proxy 2.6.STABLE13. +# Generated by GNU Autoconf 2.59 for Squid Web Proxy 2.6.STABLE13.v6patch20070512. # # Report bugs to . # @@ -270,8 +270,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='2.6.STABLE13' -PACKAGE_STRING='Squid Web Proxy 2.6.STABLE13' +PACKAGE_VERSION='2.6.STABLE13.v6patch20070512' +PACKAGE_STRING='Squid Web Proxy 2.6.STABLE13.v6patch20070512' PACKAGE_BUGREPORT='http://www.squid-cache.org/bugs/' ac_default_prefix=/usr/local/squid @@ -781,7 +781,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 2.6.STABLE13 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 2.6.STABLE13.v6patch20070512 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -847,7 +847,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 2.6.STABLE13:";; + short | recursive ) echo "Configuration of Squid Web Proxy 2.6.STABLE13.v6patch20070512:";; esac cat <<\_ACEOF @@ -1158,7 +1158,7 @@ test -n "$ac_init_help" && exit 0 if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 2.6.STABLE13 +Squid Web Proxy configure 2.6.STABLE13.v6patch20070512 generated by GNU Autoconf 2.59 Copyright (C) 2003 Free Software Foundation, Inc. @@ -1172,7 +1172,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 2.6.STABLE13, which was +It was created by Squid Web Proxy $as_me 2.6.STABLE13.v6patch20070512, which was generated by GNU Autoconf 2.59. Invocation command line was $ $0 $@ @@ -1818,7 +1818,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='2.6.STABLE13' + VERSION='2.6.STABLE13.v6patch20070512' cat >>confdefs.h <<_ACEOF @@ -18614,7 +18614,7 @@ } >&5 cat >&5 <<_CSEOF -This file was extended by Squid Web Proxy $as_me 2.6.STABLE13, which was +This file was extended by Squid Web Proxy $as_me 2.6.STABLE13.v6patch20070512, which was generated by GNU Autoconf 2.59. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -18677,7 +18677,7 @@ cat >>$CONFIG_STATUS <<_ACEOF ac_cs_version="\\ -Squid Web Proxy config.status 2.6.STABLE13 +Squid Web Proxy config.status 2.6.STABLE13.v6patch20070512 configured by $0, generated by GNU Autoconf 2.59, with options \\"`echo "$ac_configure_args" | sed 's/[\\""\`\$]/\\\\&/g'`\\" diff -r -u squid-2.6.STABLE13/configure.in new-STABLE13/configure.in --- squid-2.6.STABLE13/configure.in Fri May 11 08:59:36 2007 +++ new-STABLE13/configure.in Sun May 13 00:59:36 2007 @@ -1,16 +1,16 @@ dnl dnl Configuration input file for Squid dnl -dnl $Id: configure.in,v 1.416.2.10 2007/05/10 23:56:28 hno Exp $ +dnl $Id: configure.in,v 1.3 2007/05/12 15:53:18 husni Exp $ dnl dnl dnl -AC_INIT(Squid Web Proxy, 2.6.STABLE13, http://www.squid-cache.org/bugs/, squid) +AC_INIT(Squid Web Proxy, 2.6.STABLE13.v6patch20070512, http://www.squid-cache.org/bugs/, squid) AC_PREREQ(2.52) AM_CONFIG_HEADER(include/autoconf.h) AC_CONFIG_AUX_DIR(cfgaux) AM_INIT_AUTOMAKE -AC_REVISION($Revision: 1.416.2.10 $)dnl +AC_REVISION($Revision: 1.3 $)dnl AC_PREFIX_DEFAULT(/usr/local/squid) AM_MAINTAINER_MODE diff -r -u squid-2.6.STABLE13/helpers/ntlm_auth/fakeauth/ntlm.h new-STABLE13/helpers/ntlm_auth/fakeauth/ntlm.h --- squid-2.6.STABLE13/helpers/ntlm_auth/fakeauth/ntlm.h Sun Mar 4 03:27:21 2007 +++ new-STABLE13/helpers/ntlm_auth/fakeauth/ntlm.h Sun May 13 00:59:38 2007 @@ -1,5 +1,5 @@ /* - * $Id: ntlm.h,v 1.7.2.1 2007/03/03 18:27:21 hno Exp $ + * $Id: ntlm.h,v 1.1 2007/05/11 04:58:38 husni Exp $ * * AUTHOR: Andrew Doran * diff -r -u squid-2.6.STABLE13/include/ntlmauth.h new-STABLE13/include/ntlmauth.h --- squid-2.6.STABLE13/include/ntlmauth.h Tue Mar 13 11:12:39 2007 +++ new-STABLE13/include/ntlmauth.h Sun May 13 00:59:36 2007 @@ -1,5 +1,5 @@ /* - * $Id: ntlmauth.h,v 1.10.2.1 2007/03/13 02:12:39 hno Exp $ + * $Id: ntlmauth.h,v 1.1 2007/05/11 04:58:36 husni Exp $ * * * * * * * * * Legal stuff * * * * * * * * diff -r -u squid-2.6.STABLE13/include/rfc1035.h new-STABLE13/include/rfc1035.h --- squid-2.6.STABLE13/include/rfc1035.h Fri Apr 28 19:17:18 2006 +++ new-STABLE13/include/rfc1035.h Sun May 13 00:59:36 2007 @@ -1,5 +1,5 @@ /* - * $Id: rfc1035.h,v 1.10 2006/04/28 10:17:18 hno Exp $ + * $Id: rfc1035.h,v 1.11 2007/05/11 05:02:31 husni Exp $ * * AUTHOR: Duane Wessels * @@ -38,6 +38,9 @@ #if HAVE_SYS_TYPES_H #include #endif +#if HAVE_SYS_SOCKET_H +#include +#endif #if HAVE_NETINET_IN_H #include #endif @@ -71,6 +74,7 @@ unsigned int tc:1; unsigned int rd:1; unsigned int ra:1; + unsigned int z:3; unsigned int rcode:4; unsigned short qdcount; unsigned short ancount; @@ -85,7 +89,12 @@ size_t sz, unsigned short qid, rfc1035_query * query); -extern ssize_t rfc1035BuildPTRQuery(const struct in_addr, +extern ssize_t rfc1035BuildAAAAQuery(const char *hostname, + char *buf, + size_t sz, + unsigned short qid, + rfc1035_query * query); +extern ssize_t rfc1035BuildPTRQuery(const struct sockaddr *, char *buf, size_t sz, unsigned short qid, @@ -100,6 +109,7 @@ extern const char *rfc1035_error_message; #define RFC1035_TYPE_A 1 +#define RFC1035_TYPE_AAAA 28 #define RFC1035_TYPE_CNAME 5 #define RFC1035_TYPE_PTR 12 #define RFC1035_CLASS_IN 1 diff -r -u squid-2.6.STABLE13/include/squid_mswin.h new-STABLE13/include/squid_mswin.h --- squid-2.6.STABLE13/include/squid_mswin.h Fri Apr 27 08:09:46 2007 +++ new-STABLE13/include/squid_mswin.h Fri May 11 13:58:36 2007 @@ -1,5 +1,5 @@ /* - * $Id: squid_mswin.h,v 1.4.2.1 2007/04/26 23:09:46 hno Exp $ + * $Id: squid_mswin.h,v 1.1 2007/05/11 04:58:36 husni Exp $ * * AUTHOR: Andrey Shorin * AUTHOR: Guido Serassio diff -r -u squid-2.6.STABLE13/include/util.h new-STABLE13/include/util.h --- squid-2.6.STABLE13/include/util.h Sun Dec 10 22:36:23 2006 +++ new-STABLE13/include/util.h Sun May 13 00:59:36 2007 @@ -1,5 +1,5 @@ /* - * $Id: util.h,v 1.69 2006/12/10 13:36:23 serassio Exp $ + * $Id: util.h,v 1.70 2007/05/11 05:02:31 husni Exp $ * * AUTHOR: Harvest Derived * @@ -104,7 +104,7 @@ extern void xmalloc_find_leaks(void); #endif -typedef struct in_addr SIA; +typedef struct sockaddr SIA; extern int safe_inet_addr(const char *, SIA *); extern time_t parse_iso3307_time(const char *buf); extern char *base64_decode(const char *coded); diff -r -u squid-2.6.STABLE13/lib/rfc1035.c new-STABLE13/lib/rfc1035.c --- squid-2.6.STABLE13/lib/rfc1035.c Wed May 18 01:56:36 2005 +++ new-STABLE13/lib/rfc1035.c Sun May 13 00:59:36 2007 @@ -1,6 +1,6 @@ /* - * $Id: rfc1035.c,v 1.29 2005/05/17 16:56:36 hno Exp $ + * $Id: rfc1035.c,v 1.30 2007/05/11 05:02:31 husni Exp $ * * Low level DNS protocol routines * AUTHOR: Duane Wessels @@ -644,7 +644,7 @@ h.qr = 0; h.rd = 1; h.opcode = 0; /* QUERY */ - h.qdcount = (unsigned int) 1; + h.qdcount = 1; offset += rfc1035HeaderPack(buf + offset, sz - offset, &h); offset += rfc1035QuestionPack(buf + offset, sz - offset, @@ -660,6 +660,32 @@ return offset; } +ssize_t +rfc1035BuildAAAAQuery(const char *hostname, char *buf, size_t sz, unsigned short qid, rfc1035_query * query) +{ + static rfc1035_message h; + size_t offset = 0; + memset(&h, '\0', sizeof(h)); + h.id = qid; + h.qr = 0; + h.rd = 1; + h.opcode = 0; /* QUERY */ + h.qdcount = 1; + offset += rfc1035HeaderPack(buf + offset, sz - offset, &h); + offset += rfc1035QuestionPack(buf + offset, + sz - offset, + hostname, + RFC1035_TYPE_AAAA, + RFC1035_CLASS_IN); + if (query) { + query->qtype = RFC1035_TYPE_AAAA; + query->qclass = RFC1035_CLASS_IN; + xstrncpy(query->name, hostname, sizeof(query->name)); + } + assert(offset <= sz); + return offset; +} + /* * rfc1035BuildPTRQuery() * @@ -671,19 +697,45 @@ * Returns the size of the query */ ssize_t -rfc1035BuildPTRQuery(const struct in_addr addr, char *buf, size_t sz, unsigned short qid, rfc1035_query * query) +rfc1035BuildPTRQuery(const struct sockaddr *addr, char *buf, size_t sz, unsigned short qid, rfc1035_query * query) { static rfc1035_message h; size_t offset = 0; - static char rev[32]; + static char rev[100]; unsigned int i; memset(&h, '\0', sizeof(h)); - i = (unsigned int) ntohl(addr.s_addr); + memset(rev, '\0', sizeof(rev)); + if (addr->sa_family == AF_INET) { + i = (unsigned int) ntohl(((struct sockaddr_in *)addr)->sin_addr.s_addr); snprintf(rev, 32, "%u.%u.%u.%u.in-addr.arpa.", i & 255, (i >> 8) & 255, (i >> 16) & 255, (i >> 24) & 255); + } + if (addr->sa_family == AF_INET6) { + char temp[16]; + int sx, ex; + u_int8_t ci; +#if BYTE_ORDER == BIG_ENDIAN + sx = 0; +#elif BYTE_ORDER == LITTLE_ENDIAN + sx = 15; +#endif + for (i = 0; i < 16; i++) { + ci = ((struct sockaddr_in6 *)addr)->sin6_addr.s6_addr[sx]; + memset(temp, '\0', sizeof(temp)); + sprintf(temp, "%x.%x", ci & 0xf, ci & 0xf0); + strcat(rev, temp); +#if BYTE_ORDER == BIG_ENDIAN + sx++; +#elif BYTE_ORDER == LITTLE_ENDIAN + sx--; +#endif + + } + strcat(rev, ".ip6.arpa"); + } h.id = qid; h.qr = 0; h.rd = 1; diff -r -u squid-2.6.STABLE13/lib/safe_inet_addr.c new-STABLE13/lib/safe_inet_addr.c --- squid-2.6.STABLE13/lib/safe_inet_addr.c Thu Feb 8 03:56:51 2001 +++ new-STABLE13/lib/safe_inet_addr.c Sun May 13 00:59:36 2007 @@ -1,6 +1,6 @@ /* - * $Id: safe_inet_addr.c,v 1.12 2001/02/07 18:56:51 hno Exp $ + * $Id: safe_inet_addr.c,v 1.13 2007/05/11 05:02:31 husni Exp $ */ #include "config.h" @@ -24,6 +24,9 @@ #if HAVE_NETINET_IN_H #include #endif +#if HAVE_NETDB_H +#include +#endif #if HAVE_ARPA_INET_H #include #endif @@ -31,36 +34,18 @@ #include "snprintf.h" int -safe_inet_addr(const char *buf, struct in_addr *addr) +safe_inet_addr(const char *buf, struct sockaddr *addr) { - static char addrbuf[32]; - int a1 = 0, a2 = 0, a3 = 0, a4 = 0; - struct in_addr A; - char x; -#if defined(_SQUID_HPUX_) - /* - * MIYOSHI Tsutomu says scanning 'buf' - * causes a bus error on hppa1.1-hp-hpux9.07, so we - * have a broad hack for all HP systems. - */ - static char buftmp[32]; - snprintf(buftmp, 32, "%s", buf); - if (sscanf(buftmp, "%d.%d.%d.%d%c", &a1, &a2, &a3, &a4, &x) != 4) -#else - if (sscanf(buf, "%d.%d.%d.%d%c", &a1, &a2, &a3, &a4, &x) != 4) -#endif - return 0; - if (a1 < 0 || a1 > 255) - return 0; - if (a2 < 0 || a2 > 255) - return 0; - if (a3 < 0 || a3 > 255) - return 0; - if (a4 < 0 || a4 > 255) - return 0; - snprintf(addrbuf, 32, "%d.%d.%d.%d", a1, a2, a3, a4); - A.s_addr = inet_addr(addrbuf); - if (addr) - addr->s_addr = A.s_addr; + struct addrinfo hints, *res; + int error; + + memset(&hints, 0, sizeof(hints)); + hints.ai_flags = AI_NUMERICHOST|AI_PASSIVE; + hints.ai_family = PF_UNSPEC; + error = getaddrinfo(buf, NULL, &hints, &res); + if (error) return 0; + xmemcpy(addr, res->ai_addr, res->ai_addrlen); + freeaddrinfo(res); return 1; + } diff -r -u squid-2.6.STABLE13/src/HttpHeader.c new-STABLE13/src/HttpHeader.c --- squid-2.6.STABLE13/src/HttpHeader.c Tue Feb 27 07:41:46 2007 +++ new-STABLE13/src/HttpHeader.c Sun May 13 00:59:36 2007 @@ -1,6 +1,6 @@ /* - * $Id: HttpHeader.c,v 1.91.2.2 2007/02/26 22:41:46 hno Exp $ + * $Id: HttpHeader.c,v 1.1 2007/05/11 04:58:37 husni Exp $ * * DEBUG: section 55 HTTP Header * AUTHOR: Alex Rousskov diff -r -u squid-2.6.STABLE13/src/HttpRequest.c new-STABLE13/src/HttpRequest.c --- squid-2.6.STABLE13/src/HttpRequest.c Mon Jul 17 11:31:59 2006 +++ new-STABLE13/src/HttpRequest.c Sun May 13 00:59:36 2007 @@ -1,6 +1,6 @@ /* - * $Id: HttpRequest.c,v 1.41 2006/07/17 02:31:59 hno Exp $ + * $Id: HttpRequest.c,v 1.42 2007/05/11 05:02:31 husni Exp $ * * DEBUG: section 73 HTTP Request * AUTHOR: Duane Wessels @@ -45,8 +45,8 @@ stringReset(&req->urlpath, urlpath); req->max_forwards = -1; req->lastmod = -1; - req->client_addr = no_addr; - req->my_addr = no_addr; + memset(&req->client_addr, 0, sizeof(req->client_addr)); + memset(&req->my_addr, 0, sizeof(req->client_addr)); httpHeaderInit(&req->header, hoRequest); return req; } @@ -135,8 +135,8 @@ { assert(req && p); /* Client info */ - packerPrintf(p, "Client: %s ", inet_ntoa(req->client_addr)); - packerPrintf(p, "http_port: %s:%d", inet_ntoa(req->my_addr), req->my_port); + packerPrintf(p, "Client: %s ", sockaddr_ntoa(&req->client_addr)); + packerPrintf(p, "http_port: %s:%d", sockaddr_ntoa(&req->my_addr), req->my_port); if (req->auth_user_request && authenticateUserRequestUsername(req->auth_user_request)) packerPrintf(p, "user: %s", authenticateUserRequestUsername(req->auth_user_request)); packerPrintf(p, "\n"); diff -r -u squid-2.6.STABLE13/src/Makefile.in new-STABLE13/src/Makefile.in --- squid-2.6.STABLE13/src/Makefile.in Sun May 6 07:06:55 2007 +++ new-STABLE13/src/Makefile.in Fri May 11 13:58:37 2007 @@ -17,7 +17,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.in,v 1.281.2.1 2007/05/05 22:06:55 hno Exp $ +# $Id: Makefile.in,v 1.1 2007/05/11 04:58:37 husni Exp $ # # Uncomment and customize the following to suit your needs: # diff -r -u squid-2.6.STABLE13/src/access_log.c new-STABLE13/src/access_log.c --- squid-2.6.STABLE13/src/access_log.c Sun Feb 4 06:59:24 2007 +++ new-STABLE13/src/access_log.c Sun May 13 00:59:36 2007 @@ -1,6 +1,6 @@ /* - * $Id: access_log.c,v 1.95.2.1 2007/02/03 21:59:24 hno Exp $ + * $Id: access_log.c,v 1.2 2007/05/11 05:02:31 husni Exp $ * * DEBUG: section 46 Access Log * AUTHOR: Duane Wessels @@ -445,6 +445,7 @@ long int outint = 0; int doint = 0; int dofree = 0; + char caddr[80]; switch (fmt->type) { case LFT_NONE: out = ""; @@ -453,13 +454,18 @@ out = fmt->data.string; break; case LFT_CLIENT_IP_ADDRESS: - out = inet_ntoa(al->cache.caddr); + getnameinfo(&al->cache.caddr, SOCKLEN(&al->cache.caddr), caddr, 80, + (char *)NULL, 0, NI_NUMERICHOST); + out = caddr; break; case LFT_CLIENT_FQDN: - out = fqdncache_gethostbyaddr(al->cache.caddr, FQDN_LOOKUP_IF_MISS); - if (!out) - out = inet_ntoa(al->cache.caddr); + out = fqdncache_gethostbyaddr((struct sockaddr *)&al->cache.caddr, FQDN_LOOKUP_IF_MISS); + if (!out) { + getnameinfo(&al->cache.caddr, SOCKLEN(&al->cache.caddr), caddr, 80, + (char *)NULL, 0, NI_NUMERICHOST); + out = caddr; + } break; case LFT_CLIENT_PORT: @@ -478,8 +484,12 @@ /* case LFT_SERVER_PORT: */ case LFT_LOCAL_IP: - if (al->request) - out = inet_ntoa(al->request->my_addr); + if (al->request) { + getnameinfo(&al->request->my_addr, + SOCKLEN(&al->request->my_addr), + caddr, 80, (char *)NULL, 0, NI_NUMERICHOST); + out = caddr; + } break; case LFT_LOCAL_PORT: @@ -1008,10 +1018,14 @@ { const char *client = NULL; const char *user = NULL; + char caddr[80]; if (Config.onoff.log_fqdn) - client = fqdncache_gethostbyaddr(al->cache.caddr, FQDN_LOOKUP_IF_MISS); - if (client == NULL) - client = inet_ntoa(al->cache.caddr); + client = fqdncache_gethostbyaddr((struct sockaddr *)&al->cache.caddr, FQDN_LOOKUP_IF_MISS); + if (client == NULL) { + getnameinfo(&al->cache.caddr, SOCKLEN(&al->cache.caddr), caddr, 80, + (char *)NULL, 0, NI_NUMERICHOST); + client = caddr; + } user = accessLogFormatName(al->cache.authuser); if (!user) user = accessLogFormatName(al->cache.rfc931); @@ -1068,10 +1082,14 @@ { const char *client = NULL; char *user1 = NULL, *user2 = NULL; + char caddr[80]; if (Config.onoff.log_fqdn) - client = fqdncache_gethostbyaddr(al->cache.caddr, 0); - if (client == NULL) - client = inet_ntoa(al->cache.caddr); + client = fqdncache_gethostbyaddr(&al->cache.caddr, FQDN_LOOKUP_IF_MISS); + if (client == NULL) { + getnameinfo(&al->cache.caddr, SOCKLEN(&al->cache.caddr), caddr, 80, + (char *)NULL, 0, NI_NUMERICHOST); + client = caddr; + } user1 = accessLogFormatName(al->cache.authuser); user2 = accessLogFormatName(al->cache.rfc931); logfilePrintf(logfile, "%s %s %s [%s] \"%s %s HTTP/%d.%d\" %d %" PRINTF_OFF_T " %s:%s", diff -r -u squid-2.6.STABLE13/src/acl.c new-STABLE13/src/acl.c --- squid-2.6.STABLE13/src/acl.c Sun Jan 7 02:22:45 2007 +++ new-STABLE13/src/acl.c Sun May 13 00:59:36 2007 @@ -1,6 +1,6 @@ /* - * $Id: acl.c,v 1.318 2007/01/06 17:22:45 hno Exp $ + * $Id: acl.c,v 1.320 2007/05/12 15:59:36 husni Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -53,18 +53,18 @@ static int aclMatchAcl(struct _acl *, aclCheck_t *); static int aclMatchTime(acl_time_data * data, time_t when); static int aclMatchUser(void *proxyauth_acl, char *user); -static int aclMatchIp(void *dataptr, struct in_addr c); +static int aclMatchIp(void *dataptr, struct sockaddr *c); static int aclMatchDomainList(void *dataptr, const char *); static int aclMatchIntegerRange(intrange * data, int i); static int aclMatchWordList(wordlist *, const char *); static void aclParseUserMaxIP(void *data); static void aclDestroyUserMaxIP(void *data); static wordlist *aclDumpUserMaxIP(void *data); -static int aclMatchUserMaxIP(void *, auth_user_request_t *, struct in_addr); +static int aclMatchUserMaxIP(void *, auth_user_request_t *, struct sockaddr *); static void aclParseHeader(void *data); static void aclDestroyHeader(void *data); static squid_acl aclStrToType(const char *s); -static int decode_addr(const char *, struct in_addr *); +static int decode_addr(const char *, struct sockaddr *); static void aclCheck(aclCheck_t * checklist); static void aclCheckCallback(aclCheck_t * checklist, allow_t answer); #if USE_IDENT @@ -431,35 +431,31 @@ * This function should NOT be called if 'asc' is a hostname! */ static int -decode_addr(const char *asc, struct in_addr *addr) +decode_addr(const char *asc, struct sockaddr *addr) { - int a1 = 0, a2 = 0, a3 = 0, a4 = 0; + struct addrinfo hints, *res; + int error; - switch (sscanf(asc, "%d.%d.%d.%d", &a1, &a2, &a3, &a4)) { - case 4: /* a dotted quad */ - if (!safe_inet_addr(asc, addr)) { - debug(28, 0) ("decode_addr: unsafe IP address: '%s'\n", asc); - self_destruct(); - } - break; - case 1: /* a significant bits value for a mask */ - if (a1 >= 0 && a1 < 33) { - addr->s_addr = a1 ? htonl(0xfffffffful << (32 - a1)) : 0; - break; - } - default: + memset(&hints, 0, sizeof(hints)); + hints.ai_family = PF_UNSPEC; + hints.ai_flags = AI_NUMERICHOST|AI_PASSIVE; + + error = getaddrinfo(asc, NULL, &hints, &res); + if (error) { debug(28, 0) ("decode_addr: Invalid IP address '%s'\n", asc); return 0; /* This is not valid address */ } + xmemcpy(addr, res->ai_addr, SOCKLEN(res->ai_addr)); + freeaddrinfo(res); return 1; } -#define SCAN_ACL1 "%[0123456789.]-%[0123456789.]/%[0123456789.]" -#define SCAN_ACL2 "%[0123456789.]-%[0123456789.]%c" -#define SCAN_ACL3 "%[0123456789.]/%[0123456789.]" -#define SCAN_ACL4 "%[0123456789.]%c" +#define SCAN_ACL1 "%[0123456789abcdef:.]-%[0123456789abcdef:.]/%[0123456789]" +#define SCAN_ACL2 "%[0123456789abcdef:.]-%[0123456789abcdef:.]%c" +#define SCAN_ACL3 "%[0123456789abcdef:.]/%[0123456789]" +#define SCAN_ACL4 "%[0123456789abcdef:.]%c" static acl_ip_data * aclParseIpData(const char *t) @@ -468,19 +464,14 @@ LOCAL_ARRAY(char, addr2, 256); LOCAL_ARRAY(char, mask, 256); acl_ip_data *q = memAllocate(MEM_ACL_IP_DATA); - acl_ip_data *r; - acl_ip_data **Q; - struct hostent *hp; - char **x; char c; debug(28, 5) ("aclParseIpData: %s\n", t); if (!strcasecmp(t, "all")) { - q->addr1.s_addr = 0; - q->addr2.s_addr = 0; - q->mask.s_addr = 0; + q->addr1.ss_family = 0; + q->addr2.ss_family = 0; + q->masklen = 0; return q; } - q->mask.s_addr = no_addr.s_addr; /* 255.255.255.255 */ if (sscanf(t, SCAN_ACL1, addr1, addr2, mask) == 3) { (void) 0; } else if (sscanf(t, SCAN_ACL2, addr1, addr2, &c) == 2) { @@ -489,29 +480,21 @@ addr2[0] = '\0'; } else if (sscanf(t, SCAN_ACL4, addr1, &c) == 1) { addr2[0] = '\0'; - mask[0] = '\0'; + strcpy(mask, "-1"); } else if (sscanf(t, "%[^/]/%s", addr1, mask) == 2) { addr2[0] = '\0'; } else if (sscanf(t, "%s", addr1) == 1) { - /* - * Note, must use plain gethostbyname() here because at startup - * ipcache hasn't been initialized - */ - if ((hp = gethostbyname(addr1)) == NULL) { + struct addrinfo hints, *res; + memset(&hints, '\0', sizeof(hints)); + hints.ai_family = PF_UNSPEC; + if (getaddrinfo(t, NULL, &hints, &res)) { debug(28, 0) ("aclParseIpData: Bad host/IP: '%s'\n", t); safe_free(q); return NULL; } - Q = &q; - for (x = hp->h_addr_list; x != NULL && *x != NULL; x++) { - if ((r = *Q) == NULL) - r = *Q = memAllocate(MEM_ACL_IP_DATA); - xmemcpy(&r->addr1.s_addr, *x, sizeof(r->addr1.s_addr)); - r->addr2.s_addr = 0; - r->mask.s_addr = no_addr.s_addr; /* 255.255.255.255 */ - Q = &r->next; - debug(28, 3) ("%s --> %s\n", addr1, inet_ntoa(r->addr1)); - } + xmemcpy(&q->addr1, res->ai_addr, res->ai_addrlen); + q->masklen = (res->ai_family == AF_INET6) ? 128 : 32; + freeaddrinfo(res); return q; } else { debug(28, 0) ("aclParseIpData: Bad host/IP: '%s'\n", t); @@ -519,7 +502,7 @@ return NULL; } /* Decode addr1 */ - if (!decode_addr(addr1, &q->addr1)) { + if (!decode_addr(addr1, (struct sockaddr *)&q->addr1)) { debug(28, 0) ("%s line %d: %s\n", cfg_filename, config_lineno, config_input_line); debug(28, 0) ("aclParseIpData: Ignoring invalid IP acl entry: unknown first address '%s'\n", addr1); @@ -527,7 +510,7 @@ return NULL; } /* Decode addr2 */ - if (*addr2 && !decode_addr(addr2, &q->addr2)) { + if (*addr2 && !decode_addr(addr2, (struct sockaddr *)&q->addr2)) { debug(28, 0) ("%s line %d: %s\n", cfg_filename, config_lineno, config_input_line); debug(28, 0) ("aclParseIpData: Ignoring invalid IP acl entry: unknown second address '%s'\n", addr2); @@ -535,19 +518,30 @@ return NULL; } /* Decode mask */ - if (*mask && !decode_addr(mask, &q->mask)) { - debug(28, 0) ("%s line %d: %s\n", + if (*mask) { + q->masklen = atoi(mask); + switch (q->addr1.ss_family) { + case AF_INET: + if (q->masklen == -1) + q->masklen = 32; + if (q->masklen > 32) + q->masklen = -1; + break; + case AF_INET6: + if (q->masklen == -1) + q->masklen = 128; + if (q->masklen > 128) + q->masklen = -1; + break; + } + if (*mask && (q->masklen == -1)) { + debug(28, 0) ("%s line %d: %s\n", cfg_filename, config_lineno, config_input_line); - debug(28, 0) ("aclParseIpData: Ignoring invalid IP acl entry: unknown netmask '%s'\n", mask); - safe_free(q); - return NULL; + debug(28, 0) ("aclParseIpData: Ignoring invalid IP acl entry: unknown masklen'%s'\n", mask); + safe_free(q); + return NULL; + } } - if ((q->addr1.s_addr & q->mask.s_addr) != q->addr1.s_addr || - (q->addr2.s_addr & q->mask.s_addr) != q->addr2.s_addr) - debug(28, 0) ("aclParseIpData: WARNING: Netmask masks away part of the specified IP in '%s'\n", t); - q->addr1.s_addr &= q->mask.s_addr; - q->addr2.s_addr &= q->mask.s_addr; - /* 1.2.3.4/255.255.255.0 --> 1.2.3.0 */ return q; } @@ -1295,7 +1289,7 @@ /**************/ static int -aclMatchIp(void *dataptr, struct in_addr c) +aclMatchIp(void *dataptr, struct sockaddr *c) { splayNode **Top = dataptr; acl_ip_data x; @@ -1308,13 +1302,12 @@ * XXX Could eliminate these repetitive assignments with a * static structure. */ - x.addr1 = c; - x.addr2 = any_addr; - x.mask = no_addr; + xmemcpy(&x.addr1, c, SOCKLEN(c)); + x.masklen = 0; x.next = NULL; *Top = splay_splay(&x, *Top, aclIpAddrNetworkCompare); debug(28, 3) ("aclMatchIp: '%s' %s\n", - inet_ntoa(c), splayLastResult ? "NOT found" : "found"); + sockaddr_ntoa(c), splayLastResult ? "NOT found" : "found"); return !splayLastResult; } @@ -1549,7 +1542,7 @@ */ int aclMatchUserMaxIP(void *data, auth_user_request_t * auth_user_request, - struct in_addr src_addr) + struct sockaddr *src_addr) { /* * the logic for flush the ip list when the limit is hit vs keep @@ -1714,7 +1707,7 @@ } /* get authed here */ /* Note: this fills in checklist->auth_user_request when applicable (auth incomplete) */ - switch (authenticateTryToAuthenticateAndSetAuthUser(&checklist->auth_user_request, headertype, checklist->request, checklist->conn, checklist->src_addr)) { + switch (authenticateTryToAuthenticateAndSetAuthUser(&checklist->auth_user_request, headertype, checklist->request, checklist->conn, &checklist->src_addr)) { case AUTH_ACL_CANNOT_AUTHENTICATE: debug(28, 4) ("aclMatchAcl: returning 0 user authenticated but not authorised.\n"); return 0; @@ -1785,16 +1778,16 @@ debug(28, 3) ("aclMatchAcl: checking '%s'\n", ae->cfgline); switch (ae->type) { case ACL_SRC_IP: - return aclMatchIp(&ae->data, checklist->src_addr); + return aclMatchIp(&ae->data, (struct sockaddr *)&checklist->src_addr); /* NOTREACHED */ case ACL_MY_IP: - return aclMatchIp(&ae->data, checklist->my_addr); + return aclMatchIp(&ae->data, (struct sockaddr *)&checklist->my_addr); /* NOTREACHED */ case ACL_DST_IP: ia = ipcache_gethostbyname(r->host, IP_LOOKUP_IF_MISS); if (ia) { for (k = 0; k < (int) ia->count; k++) { - if (aclMatchIp(&ae->data, ia->in_addrs[k])) + if (aclMatchIp(&ae->data, (struct sockaddr *)&ia->in_addrs[k])) return 1; } return 0; @@ -1812,24 +1805,24 @@ return 1; if ((ia = ipcacheCheckNumeric(r->host)) == NULL) return 0; - fqdn = fqdncache_gethostbyaddr(ia->in_addrs[0], FQDN_LOOKUP_IF_MISS); + fqdn = fqdncache_gethostbyaddr((struct sockaddr *)&ia->in_addrs[0], FQDN_LOOKUP_IF_MISS); if (fqdn) return aclMatchDomainList(&ae->data, fqdn); if (checklist->state[ACL_DST_DOMAIN] == ACL_LOOKUP_NONE) { debug(28, 3) ("aclMatchAcl: Can't yet compare '%s' ACL for '%s'\n", - ae->name, inet_ntoa(ia->in_addrs[0])); + ae->name, sockaddr_ntoa(&ia->in_addrs[0])); checklist->state[ACL_DST_DOMAIN] = ACL_LOOKUP_NEEDED; return 0; } return aclMatchDomainList(&ae->data, "none"); /* NOTREACHED */ case ACL_SRC_DOMAIN: - fqdn = fqdncache_gethostbyaddr(checklist->src_addr, FQDN_LOOKUP_IF_MISS); + fqdn = fqdncache_gethostbyaddr((struct sockaddr *)&checklist->src_addr, FQDN_LOOKUP_IF_MISS); if (fqdn) { return aclMatchDomainList(&ae->data, fqdn); } else if (checklist->state[ACL_SRC_DOMAIN] == ACL_LOOKUP_NONE) { debug(28, 3) ("aclMatchAcl: Can't yet compare '%s' ACL for '%s'\n", - ae->name, inet_ntoa(checklist->src_addr)); + ae->name, ""); /*XXX inet_ntoa(checklist->src_addr)); */ checklist->state[ACL_SRC_DOMAIN] = ACL_LOOKUP_NEEDED; return 0; } @@ -1840,24 +1833,24 @@ return 1; if ((ia = ipcacheCheckNumeric(r->host)) == NULL) return 0; - fqdn = fqdncache_gethostbyaddr(ia->in_addrs[0], FQDN_LOOKUP_IF_MISS); + fqdn = fqdncache_gethostbyaddr((struct sockaddr *)&ia->in_addrs[0], FQDN_LOOKUP_IF_MISS); if (fqdn) return aclMatchRegex(ae->data, fqdn); if (checklist->state[ACL_DST_DOMAIN] == ACL_LOOKUP_NONE) { debug(28, 3) ("aclMatchAcl: Can't yet compare '%s' ACL for '%s'\n", - ae->name, inet_ntoa(ia->in_addrs[0])); + ae->name, sockaddr_ntoa(&ia->in_addrs[0])); checklist->state[ACL_DST_DOMAIN] = ACL_LOOKUP_NEEDED; return 0; } return aclMatchRegex(ae->data, "none"); /* NOTREACHED */ case ACL_SRC_DOM_REGEX: - fqdn = fqdncache_gethostbyaddr(checklist->src_addr, FQDN_LOOKUP_IF_MISS); + fqdn = fqdncache_gethostbyaddr((struct sockaddr *)&checklist->src_addr, FQDN_LOOKUP_IF_MISS); if (fqdn) { return aclMatchRegex(ae->data, fqdn); } else if (checklist->state[ACL_SRC_DOMAIN] == ACL_LOOKUP_NONE) { debug(28, 3) ("aclMatchAcl: Can't yet compare '%s' ACL for '%s'\n", - ae->name, inet_ntoa(checklist->src_addr)); + ae->name, sockaddr_ntoa(&checklist->src_addr)); checklist->state[ACL_SRC_DOMAIN] = ACL_LOOKUP_NEEDED; return 0; } @@ -1887,7 +1880,7 @@ return k; /* NOTREACHED */ case ACL_MAXCONN: - k = clientdbEstablished(checklist->src_addr, 0); + k = clientdbEstablished((struct sockaddr *)&checklist->src_addr, 0); return ((k > ((intlist *) ae->data)->i) ? 1 : 0); /* NOTREACHED */ case ACL_URL_PORT: @@ -1950,7 +1943,7 @@ if ((ti = aclAuthenticated(checklist)) != 1) return ti; ti = aclMatchUserMaxIP(ae->data, r->auth_user_request, - checklist->src_addr); + (struct sockaddr *)&checklist->src_addr); return ti; /* NOTREACHED */ #if SQUID_SNMP @@ -1959,13 +1952,13 @@ /* NOTREACHED */ #endif case ACL_SRC_ASN: - return asnMatchIp(ae->data, checklist->src_addr); + return asnMatchIp(ae->data, &checklist->src_addr); /* NOTREACHED */ case ACL_DST_ASN: ia = ipcache_gethostbyname(r->host, IP_LOOKUP_IF_MISS); if (ia) { for (k = 0; k < (int) ia->count; k++) { - if (asnMatchIp(ae->data, ia->in_addrs[k])) + if (asnMatchIp(ae->data, &ia->in_addrs[k])) return 1; } return 0; @@ -1974,7 +1967,7 @@ ae->name, r->host); checklist->state[ACL_DST_ASN] = ACL_LOOKUP_NEEDED; } else { - return asnMatchIp(ae->data, no_addr); + return asnMatchIp(ae->data, &no_addr); } return 0; /* NOTREACHED */ @@ -2166,7 +2159,7 @@ return; } else if (checklist->state[ACL_SRC_DOMAIN] == ACL_LOOKUP_NEEDED) { checklist->state[ACL_SRC_DOMAIN] = ACL_LOOKUP_PENDING; - fqdncache_nbgethostbyaddr(checklist->src_addr, + fqdncache_nbgethostbyaddr((struct sockaddr *)&checklist->src_addr, aclLookupSrcFQDNDone, checklist); return; } else if (checklist->state[ACL_DST_DOMAIN] == ACL_LOOKUP_NEEDED) { @@ -2177,7 +2170,7 @@ } checklist->dst_addr = ia->in_addrs[0]; checklist->state[ACL_DST_DOMAIN] = ACL_LOOKUP_PENDING; - fqdncache_nbgethostbyaddr(checklist->dst_addr, + fqdncache_nbgethostbyaddr((struct sockaddr *)&checklist->dst_addr, aclLookupDstFQDNDone, checklist); return; } else if (checklist->state[ACL_PROXY_AUTH] == ACL_LOOKUP_NEEDED) { @@ -2199,7 +2192,7 @@ else if (checklist->state[ACL_IDENT] == ACL_LOOKUP_NEEDED) { debug(28, 3) ("aclCheck: Doing ident lookup\n"); if (cbdataValid(checklist->conn)) { - identStart(&checklist->conn->me, &checklist->conn->peer, + identStart((struct sockaddr *)&checklist->conn->me, (struct sockaddr *)&checklist->conn->peer, aclLookupIdentDone, checklist); checklist->state[ACL_IDENT] = ACL_LOOKUP_PENDING; return; @@ -2382,11 +2375,11 @@ checklist->request = requestLink(request); #if FOLLOW_X_FORWARDED_FOR if (Config.onoff.acl_uses_indirect_client) { - checklist->src_addr = request->indirect_client_addr; + xmemcpy(&checklist->src_addr, &request->indirect_client_addr, sizeof(struct sockaddr_storage)); } else #endif /* FOLLOW_X_FORWARDED_FOR */ - checklist->src_addr = request->client_addr; - checklist->my_addr = request->my_addr; + xmemcpy(&checklist->src_addr, &request->client_addr, sizeof(struct sockaddr_storage)); + xmemcpy(&checklist->my_addr, &request->my_addr, sizeof(struct sockaddr_storage)); checklist->my_port = request->my_port; } for (i = 0; i < ACL_ENUM_MAX; i++) @@ -2665,19 +2658,7 @@ static void aclIpDataToStr(const acl_ip_data * ip, char *buf, int len) { - char b1[20]; - char b2[20]; - char b3[20]; - snprintf(b1, 20, "%s", inet_ntoa(ip->addr1)); - if (ip->addr2.s_addr != any_addr.s_addr) - snprintf(b2, 20, "-%s", inet_ntoa(ip->addr2)); - else - b2[0] = '\0'; - if (ip->mask.s_addr != no_addr.s_addr) - snprintf(b3, 20, "/%s", inet_ntoa(ip->mask)); - else - b3[0] = '\0'; - snprintf(buf, len, "%s%s%s", b1, b2, b3); + sprintf(buf, len, "%s/%d", sockaddr_ntoa(&ip->addr1), ip->masklen); } /* @@ -2690,27 +2671,77 @@ static int aclIpNetworkCompare2(const acl_ip_data * p, const acl_ip_data * q) { - struct in_addr A = p->addr1; - const struct in_addr B = q->addr1; - const struct in_addr C = q->addr2; - int rc = 0; - A.s_addr &= q->mask.s_addr; /* apply netmask */ - if (C.s_addr == 0) { /* single address check */ - if (ntohl(A.s_addr) > ntohl(B.s_addr)) - rc = 1; - else if (ntohl(A.s_addr) < ntohl(B.s_addr)) - rc = -1; - else - rc = 0; - } else { /* range address check */ - if (ntohl(A.s_addr) > ntohl(C.s_addr)) - rc = 1; - else if (ntohl(A.s_addr) < ntohl(B.s_addr)) - rc = -1; + if (q->addr1.ss_family < p->addr1.ss_family) + return -1; + else + if (q->addr1.ss_family > p->addr1.ss_family) + return 1; + else + if (q->addr1.ss_family == AF_INET) { + u_int32_t maskedup_B; + u_int32_t A = ntohl(((struct sockaddr_in *)&p->addr1)->sin_addr.s_addr); + u_int32_t B = ntohl(((struct sockaddr_in *)&q->addr1)->sin_addr.s_addr); + + if (q->masklen == 0) + return 0; + + maskedup_B = ((B >> (32 - q->masklen)) + 1) << (32 - q->masklen); + maskedup_B--; + + if (A < B) + return -1; + else if (A > maskedup_B) + return 1; else - rc = 0; + return 0; + } + else + if (q->addr1.ss_family == AF_INET6) { + + int masklen, invmasklen, i, rc; + struct in6_addr A, B; + + if (q->masklen == 0) + return 0; + + xmemcpy(&A, &((struct sockaddr_in6 *)&p->addr1)->sin6_addr, sizeof(struct in6_addr)); + xmemcpy(&B, &((struct sockaddr_in6 *)&q->addr1)->sin6_addr, sizeof(struct in6_addr)); + + invmasklen = 128 - q->masklen; + masklen = q->masklen; + + rc = 0; + for (i = 0; i < 16; i=i+4) { + if (masklen >= 32) { + if (IN6_NTOHL_N(&A, i) < IN6_NTOHL_N(&B, i)) + return -1; + else + if (IN6_NTOHL_N(&A, i) > IN6_NTOHL_N(&B, i)) + return 1; + else + masklen = masklen - 32; + } + else if (masklen > 0) { + invmasklen = 32 - masklen; + debug(28, 3) ("aclIpNetworkCompare2: %s vs %s,\n", + sockaddr_ntoa(&p->addr1), sockaddr_ntoa(&q->addr1)); + debug(28, 3) ("aclIpNetworkCompare2: %x/%d (%x) vs %x\n", + IN6_NTOHL_N(&A, i), masklen, + IN6_NTOHL_N(&A, i) & (0xffffffff << invmasklen), + IN6_NTOHL_N(&B, i)); + if (IN6_NTOHL_N(&A, i) < IN6_NTOHL_N(&B, i)) + return -1; + else + if ((IN6_NTOHL_N(&A, i) & (0xffffffff << invmasklen)) > IN6_NTOHL_N(&B, i)) + return 1; + else + return 0; + } + } } - return rc; + else + return 0; + return 0; } /* @@ -2734,16 +2765,14 @@ ret = aclIpNetworkCompare2(n1, n2); } if (ret == 0) { - char buf_n1[60]; - char buf_n2[60]; - char buf_a[60]; - aclIpDataToStr(n1, buf_n1, 60); - aclIpDataToStr(n2, buf_n2, 60); - aclIpDataToStr((acl_ip_data *) a, buf_a, 60); + char buf_n1[100]; + char buf_n2[100]; + getnameinfo(&n1->addr1, SOCKLEN(&n1->addr1), &buf_n1, 100, NULL, 0, NI_NUMERICHOST); + getnameinfo(&n2->addr1, SOCKLEN(&n2->addr1), &buf_n2, 100, NULL, 0, NI_NUMERICHOST); debug(28, 0) ("WARNING: '%s' is a subnetwork of " "'%s'\n", buf_n1, buf_n2); debug(28, 0) ("WARNING: because of this '%s' is ignored " - "to keep splay tree searching predictable\n", buf_a); + "to keep splay tree searching predictable\n", buf_n1); debug(28, 0) ("WARNING: You should probably remove '%s' " "from the ACL named '%s'\n", buf_n1, AclMatchedName); } @@ -2794,11 +2823,12 @@ MemBuf mb; wordlist **W = state; memBufDefInit(&mb); - memBufPrintf(&mb, "%s", inet_ntoa(ip->addr1)); + memBufPrintf(&mb, "%s", sockaddr_ntoa(&ip->addr1)); +/* if (ip->addr2.s_addr != any_addr.s_addr) - memBufPrintf(&mb, "-%s", inet_ntoa(ip->addr2)); - if (ip->mask.s_addr != no_addr.s_addr) - memBufPrintf(&mb, "/%s", inet_ntoa(ip->mask)); + memBufPrintf(&mb, "-%s", sockaddr_ntoa(&ip->addr2)); +*/ + memBufPrintf(&mb, "/%d", ip->masklen); wordlistAdd(W, mb.buf); memBufClean(&mb); } @@ -3205,7 +3235,7 @@ /* Do lookup */ *Top = splay_splay(&arpReq.arp_ha.sa_data, *Top, aclArpCompare); debug(28, 3) ("aclMatchArp: '%s' %s\n", - inet_ntoa(c), splayLastResult ? "NOT found" : "found"); + sockaddr_ntoa(c), splayLastResult ? "NOT found" : "found"); return (0 == splayLastResult); } /* lookup list of interface names */ diff -r -u squid-2.6.STABLE13/src/asn.c new-STABLE13/src/asn.c --- squid-2.6.STABLE13/src/asn.c Tue Jun 6 07:47:01 2006 +++ new-STABLE13/src/asn.c Sun May 13 00:59:36 2007 @@ -1,6 +1,6 @@ /* - * $Id: asn.c,v 1.84 2006/06/05 22:47:01 hno Exp $ + * $Id: asn.c,v 1.85 2007/05/11 05:02:31 husni Exp $ * * DEBUG: section 53 AS Number handling * AUTHOR: Duane Wessels, Kostas Anagnostakis @@ -103,7 +103,7 @@ /* PUBLIC */ int -asnMatchIp(void *data, struct in_addr addr) +asnMatchIp(void *data, struct sockaddr *saddr) { unsigned long lh; struct squid_radix_node *rn; @@ -111,6 +111,10 @@ m_int m_addr; intlist *a = NULL; intlist *b = NULL; + struct in_addr addr = ((struct sockaddr_in *)saddr)->sin_addr; + + if (saddr->sa_family == AF_INET6) + return 1; lh = ntohl(addr.s_addr); debug(53, 3) ("asnMatchIp: Called for %s.\n", inet_ntoa(addr)); diff -r -u squid-2.6.STABLE13/src/auth/digest/auth_digest.c new-STABLE13/src/auth/digest/auth_digest.c --- squid-2.6.STABLE13/src/auth/digest/auth_digest.c Mon Jul 31 08:27:04 2006 +++ new-STABLE13/src/auth/digest/auth_digest.c Sun May 13 00:59:37 2007 @@ -1,6 +1,6 @@ /* - * $Id: auth_digest.c,v 1.21 2006/07/30 23:27:04 hno Exp $ + * $Id: auth_digest.c,v 1.22 2007/05/11 05:02:31 husni Exp $ * * DEBUG: section 29 Authenticator * AUTHOR: Robert Collins @@ -727,16 +727,17 @@ return; } else { const char *useragent = httpHeaderGetStr(&request->header, HDR_USER_AGENT); - static struct in_addr last_broken_addr; + static struct sockaddr_storage last_broken_addr; static int seen_broken_client = 0; if (!seen_broken_client) { - last_broken_addr = no_addr; + memset(&last_broken_addr, '\0', sizeof(last_broken_addr)); seen_broken_client = 1; } if (memcmp(&last_broken_addr, &request->client_addr, sizeof(last_broken_addr)) != 0) { - debug(29, 1) ("\nDigest POST bug detected from %s using '%s'. Please upgrade browser. See Bug #630 for details.\n", inet_ntoa(request->client_addr), useragent ? useragent : "-"); - last_broken_addr = request->client_addr; + debug(29, 1) ("\nDigest POST bug detected from %s using '%s'. Please upgrade browser. See Bug #630 for details.\n", sockaddr_ntoa(&request->client_addr), useragent ? useragent : "-"); + xmemcpy(&last_broken_addr, &request->client_addr, + SOCKLEN(&request->client_addr)); } } } else { diff -r -u squid-2.6.STABLE13/src/auth/negotiate/auth_negotiate.c new-STABLE13/src/auth/negotiate/auth_negotiate.c --- squid-2.6.STABLE13/src/auth/negotiate/auth_negotiate.c Wed Feb 28 07:43:52 2007 +++ new-STABLE13/src/auth/negotiate/auth_negotiate.c Sun May 13 00:59:37 2007 @@ -1,6 +1,6 @@ /* - * $Id: auth_negotiate.c,v 1.7.2.1 2007/02/27 22:43:52 hno Exp $ + * $Id: auth_negotiate.c,v 1.1 2007/05/11 04:58:37 husni Exp $ * * DEBUG: section 29 Negotiate Authenticator * AUTHOR: Robert Collins diff -r -u squid-2.6.STABLE13/src/auth/ntlm/auth_ntlm.c new-STABLE13/src/auth/ntlm/auth_ntlm.c --- squid-2.6.STABLE13/src/auth/ntlm/auth_ntlm.c Wed Feb 28 07:43:52 2007 +++ new-STABLE13/src/auth/ntlm/auth_ntlm.c Sun May 13 00:59:37 2007 @@ -1,6 +1,6 @@ /* - * $Id: auth_ntlm.c,v 1.37.2.1 2007/02/27 22:43:52 hno Exp $ + * $Id: auth_ntlm.c,v 1.1 2007/05/11 04:58:37 husni Exp $ * * DEBUG: section 29 NTLM Authenticator * AUTHOR: Robert Collins diff -r -u squid-2.6.STABLE13/src/authenticate.c new-STABLE13/src/authenticate.c --- squid-2.6.STABLE13/src/authenticate.c Tue Jan 2 07:44:58 2007 +++ new-STABLE13/src/authenticate.c Sun May 13 00:59:36 2007 @@ -1,6 +1,6 @@ /* - * $Id: authenticate.c,v 1.51 2007/01/01 22:44:58 hno Exp $ + * $Id: authenticate.c,v 1.52 2007/05/11 05:02:31 husni Exp $ * * DEBUG: section 29 Authenticator * AUTHOR: Duane Wessels @@ -43,7 +43,7 @@ CBDATA_TYPE(auth_user_ip_t); static void authenticateDecodeAuth(const char *proxy_auth, auth_user_request_t * auth_user_request); -static auth_acl_t authenticateAuthenticate(auth_user_request_t ** auth_user_request, http_hdr_type headertype, request_t * request, ConnStateData * conn, struct in_addr src_addr); +static auth_acl_t authenticateAuthenticate(auth_user_request_t ** auth_user_request, http_hdr_type headertype, request_t * request, ConnStateData * conn, struct sockaddr *src_addr); /* * @@ -259,11 +259,10 @@ } static void -authenticateAuthUserRequestSetIp(auth_user_request_t * auth_user_request, struct in_addr ipaddr) +authenticateAuthUserRequestSetIp(auth_user_request_t * auth_user_request, struct sockaddr *ipaddr) { auth_user_ip_t *ipdata, *next; auth_user_t *auth_user; - char *ip1; int found = 0; CBDATA_INIT_TYPE(auth_user_ip_t); if (!auth_user_request->auth_user) @@ -278,7 +277,7 @@ while ((ipdata = next) != NULL) { next = (auth_user_ip_t *) ipdata->node.next; /* walk the ip list */ - if (ipdata->ipaddr.s_addr == ipaddr.s_addr) { + if (!memcmp(&ipdata->ipaddr, ipaddr, SOCKLEN(ipaddr))) { /* This ip has already been seen. */ found = 1; /* update IP ttl */ @@ -295,17 +294,15 @@ /* This ip is not in the seen list */ ipdata = cbdataAlloc(auth_user_ip_t); ipdata->ip_expiretime = squid_curtime; - ipdata->ipaddr = ipaddr; + xmemcpy(&ipdata->ipaddr, ipaddr, SOCKLEN(ipaddr)); dlinkAddTail(ipdata, &ipdata->node, &auth_user->ip_list); auth_user->ipcount++; - ip1 = xstrdup(inet_ntoa(ipaddr)); - debug(29, 2) ("authenticateAuthUserRequestSetIp: user '%s' has been seen at a new IP address (%s)\n", authenticateUserUsername(auth_user), ip1); - safe_free(ip1); + debug(29, 2) ("authenticateAuthUserRequestSetIp: user '%s' has been seen at a new IP address (%s)\n", authenticateUserUsername(auth_user), sockaddr_ntoa(ipaddr)); } void -authenticateAuthUserRequestRemoveIp(auth_user_request_t * auth_user_request, struct in_addr ipaddr) +authenticateAuthUserRequestRemoveIp(auth_user_request_t * auth_user_request, struct sockaddr *ipaddr) { auth_user_ip_t *ipdata; auth_user_t *auth_user; @@ -315,7 +312,7 @@ ipdata = (auth_user_ip_t *) auth_user->ip_list.head; while (ipdata) { /* walk the ip list */ - if (ipdata->ipaddr.s_addr == ipaddr.s_addr) { + if (!memcmp(&ipdata->ipaddr, ipaddr, SOCKLEN(ipaddr))) { authenticateAuthUserRemoveIpEntry(auth_user, ipdata); return; } @@ -434,7 +431,7 @@ * the authenticateStart routine for rv==AUTH_ACL_HELPER */ auth_acl_t -authenticateAuthenticate(auth_user_request_t ** auth_user_request, http_hdr_type headertype, request_t * request, ConnStateData * conn, struct in_addr src_addr) +authenticateAuthenticate(auth_user_request_t ** auth_user_request, http_hdr_type headertype, request_t * request, ConnStateData * conn, struct sockaddr *src_addr) { const char *proxy_auth; assert(headertype != 0); @@ -500,8 +497,8 @@ if (proxy_auth && !request->auth_user_request && conn && conn->auth_user_request) { int id = authenticateAuthSchemeId(proxy_auth) + 1; if (!conn->auth_user_request->auth_user || conn->auth_user_request->auth_user->auth_module != id) { - debug(29, 1) ("authenticateAuthenticate: Unexpected change of authentication scheme from '%s' to '%s' (client %s)\n", - authscheme_list[conn->auth_user_request->auth_user->auth_module - 1].typestr, proxy_auth, inet_ntoa(src_addr)); + debug(29, 1) ("authenticateAuthenticate: Unexpected change of authentication scheme from '%s' to '%s'", /* (client %s)\n",*/ + authscheme_list[conn->auth_user_request->auth_user->auth_module - 1].typestr, proxy_auth/*, inet_ntoa(src_addr)*/); /* XXX husni */ authenticateAuthUserRequestUnlock(conn->auth_user_request); conn->auth_user_request = NULL; conn->auth_type = AUTH_UNKNOWN; @@ -602,7 +599,7 @@ } auth_acl_t -authenticateTryToAuthenticateAndSetAuthUser(auth_user_request_t ** auth_user_request, http_hdr_type headertype, request_t * request, ConnStateData * conn, struct in_addr src_addr) +authenticateTryToAuthenticateAndSetAuthUser(auth_user_request_t ** auth_user_request, http_hdr_type headertype, request_t * request, ConnStateData * conn, struct sockaddr *src_addr) { /* If we have already been called, return the cached value */ auth_user_request_t *t = authTryGetUser(auth_user_request, conn, request); diff -r -u squid-2.6.STABLE13/src/cache_cf.c new-STABLE13/src/cache_cf.c --- squid-2.6.STABLE13/src/cache_cf.c Tue Feb 27 07:45:24 2007 +++ new-STABLE13/src/cache_cf.c Sun May 13 00:59:36 2007 @@ -1,6 +1,6 @@ /* - * $Id: cache_cf.c,v 1.463.2.1 2007/02/26 22:45:24 hno Exp $ + * $Id: cache_cf.c,v 1.2 2007/05/11 05:02:31 husni Exp $ * * DEBUG: section 3 Configuration File Parsing * AUTHOR: Harvest Derived @@ -76,6 +76,7 @@ }; +static void cbdataFree_http_port(void *data); static void update_maxobjsize(void); static void configDoConfigure(void); static void parse_refreshpattern(refresh_t **); @@ -103,11 +104,11 @@ static void dump_denyinfo(StoreEntry * entry, const char *name, acl_deny_info_list * var); static void free_denyinfo(acl_deny_info_list ** var); #if USE_WCCPv2 -static void parse_sockaddr_in_list(sockaddr_in_list **); -static void dump_sockaddr_in_list(StoreEntry *, const char *, const sockaddr_in_list *); -static void free_sockaddr_in_list(sockaddr_in_list **); +static void parse_sockaddr_storage_list(sockaddr_storage_list **); +static void dump_sockaddr_storage_list(StoreEntry *, const char *, const sockaddr_storage_list *); +static void free_sockaddr_storage_list(sockaddr_storage_list **); #if UNUSED_CODE -static int check_null_sockaddr_in_list(const sockaddr_in_list *); +static int check_null_sockaddr_storage_list(const sockaddr_storage_list *); #endif #endif static void parse_http_port_list(http_port_list **); @@ -757,31 +758,44 @@ } static void -dump_address(StoreEntry * entry, const char *name, struct in_addr addr) +dump_address(StoreEntry * entry, const char *name, struct sockaddr *addr) { - storeAppendPrintf(entry, "%s %s\n", name, inet_ntoa(addr)); + storeAppendPrintf(entry, "%s %s\n", name, sockaddr_ntoa(addr)); } static void -parse_address(struct in_addr *addr) +parse_address(struct sockaddr *addr) { const struct hostent *hp; + struct addrinfo hints, *res, *res0; + int error; char *token = strtok(NULL, w_space); if (token == NULL) self_destruct(); if (safe_inet_addr(token, addr) == 1) (void) 0; - else if ((hp = gethostbyname(token))) /* dont use ipcache */ - *addr = inaddrFromHostent(hp); - else - self_destruct(); + else { + memset(&hints, 0, sizeof(hints)); + hints.ai_family = PF_UNSPEC; + hints.ai_flags = AI_PASSIVE; + error = getaddrinfo(token, NULL, &hints, &res); + if (error) + self_destruct(); + for (res = res0; res; res = res->ai_next) { + if ((res->ai_family == AF_INET) || (res->ai_family == AF_INET6)) { + xmemcpy(addr, res->ai_addr, SOCKLEN(res->ai_addr)); + break; + } + } + freeaddrinfo(res0); + } } static void -free_address(struct in_addr *addr) +free_address(struct sockaddr *addr) { - memset(addr, '\0', sizeof(struct in_addr)); + memset(addr, '\0', SOCKLEN(addr)); } CBDATA_TYPE(acl_address); @@ -791,10 +805,8 @@ { acl_address *l; for (l = head; l; l = l->next) { - if (l->addr.s_addr != INADDR_ANY) - storeAppendPrintf(entry, "%s %s", name, inet_ntoa(l->addr)); - else - storeAppendPrintf(entry, "%s autoselect", name); + storeAppendPrintf(entry, "%s %s", name, sockaddr_ntoa(&l->addr)); +/* storeAppendPrintf(entry, "%s autoselect", name); */ dump_acl_list(entry, l->acl_list); storeAppendPrintf(entry, "\n"); } @@ -2613,19 +2625,20 @@ #if USE_WCCPv2 static void -parse_sockaddr_in_list(sockaddr_in_list ** head) +parse_sockaddr_storage_list(sockaddr_storage_list ** head) { char *token; char *t; char *host; char *tmp; - const struct hostent *hp; + struct addrinfo hints, *res, *res0; unsigned short port = 0; - sockaddr_in_list *s; + sockaddr_storage_list *s; + int error; while ((token = strtok(NULL, w_space))) { host = NULL; port = 0; - if ((t = strchr(token, ':'))) { + if ((t = strrchr(token, ':'))) { /* host:port */ host = token; *t = '\0'; @@ -2639,15 +2652,27 @@ port = 0; } s = xcalloc(1, sizeof(*s)); - s->s.sin_port = htons(port); - if (NULL == host) - s->s.sin_addr = any_addr; - else if (1 == safe_inet_addr(host, &s->s.sin_addr)) + if (safe_inet_addr(token, &s->s) == 1) (void) 0; - else if ((hp = gethostbyname(host))) /* dont use ipcache */ - s->s.sin_addr = inaddrFromHostent(hp); + else { + memset(&hints, 0, sizeof(hints)); + hints.ai_family = PF_UNSPEC; + hints.ai_flags = AI_PASSIVE; + error = getaddrinfo(token, NULL, &hints, &res); + if (error) + self_destruct(); + for (res = res0; res; res = res->ai_next) { + if ((res->ai_family == AF_INET) || (res->ai_family == AF_INET6)) { + xmemcpy(&s->s, res->ai_addr, SOCKLEN(res->ai_addr)); + break; + } + } + freeaddrinfo(res0); + } + if (s->s.ss_family == AF_INET6) + ((struct sockaddr_in6 *)&s->s)->sin6_port = htons(port); else - self_destruct(); + ((struct sockaddr_in *)&s->s)->sin_port = htons(port); while (*head) head = &(*head)->next; *head = s; @@ -2655,21 +2680,23 @@ } static void -dump_sockaddr_in_list(StoreEntry * e, const char *n, const sockaddr_in_list * s) +dump_sockaddr_storage_list(StoreEntry * e, const char *n, const sockaddr_storage_list * s) { while (s) { storeAppendPrintf(e, "%s %s:%d\n", n, - inet_ntoa(s->s.sin_addr), - ntohs(s->s.sin_port)); + sockaddr_ntoa(&s->s), + s->s.ss_family == AF_INET6 ? + ntohs(((struct sockaddr_in6 *)&s->s)->sin6_port) : + ntohs(((struct sockaddr_in *)&s->s)->sin_port)); s = s->next; } } static void -free_sockaddr_in_list(sockaddr_in_list ** head) +free_sockaddr_storage_list(sockaddr_storage_list ** head) { - sockaddr_in_list *s; + sockaddr_storage_list *s; while ((s = *head) != NULL) { *head = s->next; xfree(s); @@ -2678,7 +2705,7 @@ #if UNUSED_CODE static int -check_null_sockaddr_in_list(const sockaddr_in_list * s) +check_null_sockaddr_storage_list(const sockaddr_storage_list * s) { return NULL == s; } @@ -2688,32 +2715,64 @@ static void parse_http_port_specification(http_port_list * s, char *token) { + CBDATA_TYPE(http_port_list); char *host = NULL; - const struct hostent *hp; + char *portstr = NULL; + struct addrinfo hints, *res, *res0; + http_port_list *sn1, *sn2; + int error; unsigned short port = 0; char *t; - if ((t = strchr(token, ':'))) { + CBDATA_INIT_TYPE_FREECB(http_port_list, cbdataFree_http_port); + if ((t = strrchr(token, ':'))) { /* host:port */ + port = xatos(t + 1); + portstr = t + 1; host = token; *t = '\0'; - port = xatos(t + 1); + t--; + if (*t == ']') { + *t = '\0'; + host = token+1; + } } else { /* port */ port = xatos(token); + portstr = token; } if (port == 0) self_destruct(); - s->s.sin_port = htons(port); - if (NULL == host) - s->s.sin_addr = any_addr; - else if (1 == safe_inet_addr(host, &s->s.sin_addr)) - (void) 0; - else if ((hp = gethostbyname(host))) { - /* dont use ipcache */ - s->s.sin_addr = inaddrFromHostent(hp); - s->defaultsite = xstrdup(host); - } else - self_destruct(); + + memset(&hints, 0, sizeof(hints)); + if (!host) { + hints.ai_family = PF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_PASSIVE; + } + error = getaddrinfo(host, portstr, &hints, &res0); + if (error) + self_destruct(); + sn1 = s; + sn2 = s; + for (res = res0; res; res = res->ai_next) { + if ((res->ai_family == AF_INET) ||(res->ai_family == AF_INET6)) { + if (!sn2) { + sn2 = cbdataAlloc(http_port_list); + sn1->next = sn2; + sn1 = sn2; + } + xmemcpy(&sn2->s, res->ai_addr, SOCKLEN(res->ai_addr)); + if (res->ai_family == AF_INET6) + ((struct sockaddr_in6 *)&sn2->s)->sin6_port = htons(port); + else + ((struct sockaddr_in *)&sn2->s)->sin_port = htons(port); + if (host) + sn2->defaultsite = xstrdup(host); + sn2 = sn2->next; + } + } + freeaddrinfo(res0); + } static void @@ -2732,7 +2791,9 @@ s->vhost = 1; s->accel = 1; } else if (strcmp(token, "vport") == 0) { - s->vport = ntohs(s->s.sin_port); + s->vport = (s->s.ss_family == AF_INET6) ? + ntohs(((struct sockaddr_in6 *)&s->s)->sin6_port) : + ntohs(((struct sockaddr_in *)&s->s)->sin_port); s->accel = 1; } else if (strncmp(token, "vport=", 6) == 0) { s->vport = xatos(token + 6); @@ -2811,8 +2872,10 @@ { storeAppendPrintf(e, "%s %s:%d", n, - inet_ntoa(s->s.sin_addr), - ntohs(s->s.sin_port)); + sockaddr_ntoa(&s->s), + s->s.ss_family == AF_INET6 ? + ntohs(((struct sockaddr_in6 *)&s->s)->sin6_port) : + ntohs(((struct sockaddr_in *)&s->s)->sin_port) ); if (s->transparent) storeAppendPrintf(e, " transparent"); if (s->accel) @@ -2821,7 +2884,7 @@ storeAppendPrintf(e, " defaultsite=%s", s->defaultsite); if (s->vhost) storeAppendPrintf(e, " vhost"); - if (s->vport == ntohs(s->s.sin_port)) + if (s->vport == ntohs(((struct sockaddr_in *)&s->s)->sin_port)) storeAppendPrintf(e, " vport"); else if (s->vport) storeAppendPrintf(e, " vport=%d", s->vport); diff -r -u squid-2.6.STABLE13/src/cf.data.pre new-STABLE13/src/cf.data.pre --- squid-2.6.STABLE13/src/cf.data.pre Wed Apr 25 06:30:03 2007 +++ new-STABLE13/src/cf.data.pre Sun May 13 00:59:36 2007 @@ -1,6 +1,6 @@ # -# $Id: cf.data.pre,v 1.382.2.2 2007/04/24 21:30:03 hno Exp $ +# $Id: cf.data.pre,v 1.2 2007/05/11 05:02:31 husni Exp $ # # # SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -380,15 +380,26 @@ By default, Squid doesn't listen on any multicast groups. DOC_END +NAME: udp_incoming_address6 +TYPE: address* +LOC:Config.Addrs.udp6_incoming +DEFAULT: :: +DOC_NONE + +NAME: udp_outgoing_address6 +TYPE: address* +LOC:Config.Addrs.udp6_outgoing +DEFAULT: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff +DOC_NONE NAME: udp_incoming_address -TYPE: address +TYPE: address* LOC:Config.Addrs.udp_incoming DEFAULT: 0.0.0.0 DOC_NONE NAME: udp_outgoing_address -TYPE: address +TYPE: address* LOC: Config.Addrs.udp_outgoing DEFAULT: 255.255.255.255 DOC_START @@ -412,6 +423,7 @@ have the same value since they both use port 3130. DOC_END + COMMENT_START OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM ----------------------------------------------------------------------------- @@ -1477,8 +1489,20 @@ DOC_END +NAME: client_masklen +TYPE: int +LOC: Config.Addrs.client_masklen +DEFAULT: 32 +DOC_NONE + +NAME: client6_masklen +TYPE: int +LOC: Config.Addrs.client6_masklen +DEFAULT: 128 +DOC_NONE + NAME: client_netmask -TYPE: address +TYPE: address* LOC: Config.Addrs.client_netmask DEFAULT: 255.255.255.255 DOC_START @@ -2828,10 +2852,10 @@ NOCOMMENT_START #Recommended minimum configuration: -acl all src 0.0.0.0/0.0.0.0 +acl all src 0.0.0.0/0 ::/0 acl manager proto cache_object -acl localhost src 127.0.0.1/255.255.255.255 -acl to_localhost dst 127.0.0.0/8 +acl localhost src 127.0.0.1/32 ::1/128 +acl to_localhost dst 127.0.0.0/8 ::/126 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp @@ -3162,8 +3186,8 @@ Example where normal_service_net uses the TOS value 0x00 and normal_service_net uses 0x20 - acl normal_service_net src 10.0.0.0/255.255.255.0 - acl good_service_net src 10.0.1.0/255.255.255.0 + acl normal_service_net src 10.0.0.0/24 + acl good_service_net src 10.0.1.0/24 tcp_outgoing_tos 0x00 normal_service_net 0x00 tcp_outgoing_tos 0x20 good_service_net @@ -3201,8 +3225,8 @@ source address 10.1.0.2 and the rest will be forwarded with source address 10.1.0.3. - acl normal_service_net src 10.0.0.0/255.255.255.0 - acl good_service_net src 10.0.1.0/255.255.255.0 + acl normal_service_net src 10.0.0.0/24 + acl good_service_net src 10.0.1.0/24 tcp_outgoing_address 10.0.0.1 normal_service_net tcp_outgoing_address 10.0.0.2 good_service_net tcp_outgoing_address 10.0.0.3 @@ -3986,7 +4010,7 @@ requests, except those in your local domain use something like: acl local-servers dstdomain .foo.net - acl all src 0.0.0.0/0.0.0.0 + acl all src 0.0.0.0/0 ::/0 never_direct deny local-servers never_direct allow all @@ -4191,13 +4215,13 @@ DOC_END NAME: snmp_incoming_address -TYPE: address +TYPE: address* LOC: Config.Addrs.snmp_incoming DEFAULT: 0.0.0.0 IFDEF: SQUID_SNMP DOC_NONE NAME: snmp_outgoing_address -TYPE: address +TYPE: address* LOC: Config.Addrs.snmp_outgoing DEFAULT: 255.255.255.255 IFDEF: SQUID_SNMP @@ -4232,13 +4256,13 @@ DOC_END NAME: wccp_router -TYPE: address +TYPE: address* LOC: Config.Wccp.router DEFAULT: 0.0.0.0 IFDEF: USE_WCCP DOC_NONE NAME: wccp2_router -TYPE: sockaddr_in_list +TYPE: sockaddr_storage_list LOC: Config.Wccp2.router DEFAULT: none IFDEF: USE_WCCPv2 @@ -4408,13 +4432,13 @@ DOC_END NAME: wccp_address -TYPE: address +TYPE: address* LOC: Config.Wccp.address DEFAULT: 0.0.0.0 IFDEF: USE_WCCP DOC_NONE NAME: wccp2_address -TYPE: address +TYPE: address* LOC: Config.Wccp2.address DEFAULT: 0.0.0.0 IFDEF: USE_WCCPv2 @@ -4688,7 +4712,7 @@ NAME: mcast_miss_addr IFDEF: MULTICAST_MISS_STREAM -TYPE: address +TYPE: address* LOC: Config.mcast_miss.addr DEFAULT: 255.255.255.255 DOC_START diff -r -u squid-2.6.STABLE13/src/cf_gen.c new-STABLE13/src/cf_gen.c --- squid-2.6.STABLE13/src/cf_gen.c Tue May 23 03:55:23 2006 +++ new-STABLE13/src/cf_gen.c Sun May 13 00:59:36 2007 @@ -1,6 +1,6 @@ /* - * $Id: cf_gen.c,v 1.50 2006/05/22 18:55:23 serassio Exp $ + * $Id: cf_gen.c,v 1.51 2007/05/11 05:02:31 husni Exp $ * * DEBUG: none Generate squid.conf.default and cf_parser.h * AUTHOR: Max Okumoto @@ -85,6 +85,7 @@ Line *doc; Line *nocomment; int array_flag; + int ptr_flag; struct Entry *next; } Entry; @@ -215,6 +216,12 @@ curr->array_flag = 1; *(ptr + strlen(ptr) - 2) = '\0'; } + /* hack to support pointers to struct */ + curr->ptr_flag = 0; + if (0 == strcmp(ptr + strlen(ptr) - 1, "*")) { + curr->ptr_flag = 1; + *(ptr + strlen(ptr) - 1) = '\0'; + } curr->type = xstrdup(ptr); } else if (!strncmp(buff, "IFDEF:", 6)) { if ((ptr = strtok(buff + 6, WS)) == NULL) { @@ -521,9 +528,10 @@ continue; if (entry->ifdef) fprintf(fp, "#if %s\n", entry->ifdef); - fprintf(fp, "\tdump_%s(entry, \"%s\", %s);\n", + fprintf(fp, "\tdump_%s(entry, \"%s\", %s%s);\n", entry->type, entry->name, + entry->ptr_flag ? "&" : "", entry->loc); if (entry->ifdef) fprintf(fp, "#endif\n"); diff -r -u squid-2.6.STABLE13/src/client_db.c new-STABLE13/src/client_db.c --- squid-2.6.STABLE13/src/client_db.c Mon Oct 24 00:20:54 2005 +++ new-STABLE13/src/client_db.c Sun May 13 00:59:36 2007 @@ -1,6 +1,6 @@ /* - * $Id: client_db.c,v 1.56 2005/10/23 15:20:54 hno Exp $ + * $Id: client_db.c,v 1.57 2007/05/11 05:02:31 husni Exp $ * * DEBUG: section 0 Client Database * AUTHOR: Duane Wessels @@ -36,7 +36,7 @@ #include "squid.h" static hash_table *client_table = NULL; -static ClientInfo *clientdbAdd(struct in_addr addr); +static ClientInfo *clientdbAdd(struct sockaddr *addr); static FREE clientdbFreeItem; static void clientdbStartGC(void); static void clientdbScheduledGC(void *); @@ -49,12 +49,14 @@ #define CLIENT_DB_HASH_SIZE 467 static ClientInfo * -clientdbAdd(struct in_addr addr) +clientdbAdd(struct sockaddr *addr) { ClientInfo *c; + char host[100]; + getnameinfo(addr, SOCKLEN(addr), host, 100, NULL, 0, NI_NUMERICHOST); c = memAllocate(MEM_CLIENT_INFO); - c->hash.key = xstrdup(inet_ntoa(addr)); - c->addr = addr; + c->hash.key = xstrdup(host); + xmemcpy(&c->addr, addr, SOCKLEN(addr)); hash_join(client_table, &c->hash); statCounter.client_http.clients++; if ((statCounter.client_http.clients > max_clients) && !cleanup_running && cleanup_scheduled < 2) { @@ -77,13 +79,13 @@ } void -clientdbUpdate(struct in_addr addr, log_type ltype, protocol_t p, squid_off_t size) +clientdbUpdate(struct sockaddr *addr, log_type ltype, protocol_t p, squid_off_t size) { - char *key; ClientInfo *c; + char key[100]; if (!Config.onoff.client_db) return; - key = inet_ntoa(addr); + getnameinfo(addr, SOCKLEN(addr), key, 100, NULL, 0, NI_NUMERICHOST); c = (ClientInfo *) hash_lookup(client_table, key); if (c == NULL) c = clientdbAdd(addr); @@ -113,13 +115,13 @@ * -1. To get the current value, simply call with delta = 0. */ int -clientdbEstablished(struct in_addr addr, int delta) +clientdbEstablished(struct sockaddr *addr, int delta) { - char *key; + char key[100]; ClientInfo *c; if (!Config.onoff.client_db) return 0; - key = inet_ntoa(addr); + getnameinfo(addr, SOCKLEN(addr), key, 100, NULL, 0, NI_NUMERICHOST); c = (ClientInfo *) hash_lookup(client_table, key); if (c == NULL) c = clientdbAdd(addr); @@ -131,16 +133,16 @@ #define CUTOFF_SECONDS 3600 int -clientdbCutoffDenied(struct in_addr addr) +clientdbCutoffDenied(struct sockaddr *addr) { - char *key; + char key[100]; int NR; int ND; double p; ClientInfo *c; if (!Config.onoff.client_db) return 0; - key = inet_ntoa(addr); + getnameinfo(addr, SOCKLEN(addr), key, 100, NULL, 0, NI_NUMERICHOST); c = (ClientInfo *) hash_lookup(client_table, key); if (c == NULL) return 0; @@ -184,7 +186,7 @@ hash_first(client_table); while ((c = (ClientInfo *) hash_next(client_table))) { storeAppendPrintf(sentry, "Address: %s\n", hashKeyStr(&c->hash)); - storeAppendPrintf(sentry, "Name: %s\n", fqdnFromAddr(c->addr)); + storeAppendPrintf(sentry, "Name: %s\n", fqdnFromAddr(&c->addr)); storeAppendPrintf(sentry, "Currently established connections: %d\n", c->n_established); storeAppendPrintf(sentry, " ICP Requests %d\n", @@ -299,6 +301,7 @@ } #if SQUID_SNMP +/* XXX husni */ struct in_addr * client_entry(struct in_addr *current) { @@ -347,7 +350,7 @@ switch (Var->name[LEN_SQ_NET + 2]) { case MESH_CTBL_ADDR: Answer = snmp_var_new_integer(Var->name, Var->name_length, - (snint) c->addr.s_addr, + (snint) 0 /* c->addr.s_addr */, SMI_IPADDRESS); break; case MESH_CTBL_HTBYTES: diff -r -u squid-2.6.STABLE13/src/client_side.c new-STABLE13/src/client_side.c --- squid-2.6.STABLE13/src/client_side.c Wed Mar 21 06:26:34 2007 +++ new-STABLE13/src/client_side.c Sun May 13 00:59:36 2007 @@ -1,6 +1,6 @@ /* - * $Id: client_side.c,v 1.693.2.12 2007/03/20 21:26:34 hno Exp $ + * $Id: client_side.c,v 1.2 2007/05/11 05:02:31 husni Exp $ * * DEBUG: section 33 Client-side Routines * AUTHOR: Duane Wessels @@ -220,8 +220,8 @@ request_t *request = http->request; request->x_forwarded_for_iterator = httpHeaderGetList( &request->header, HDR_X_FORWARDED_FOR); - debug(33, 5) ("clientFollowXForwardedForStart: indirect_client_addr=%s XFF='%s'\n", - inet_ntoa(request->indirect_client_addr), + debug(33, 5) ("clientFollowXForwardedForStart: indirect_client_addr=%s XFF='%s'\n", + sockaddr_ntoa(&request->indirect_client_addr), strBuf(request->x_forwarded_for_iterator)); clientFollowXForwardedForNext(http); } @@ -232,7 +232,7 @@ clientHttpRequest *http = data; request_t *request = http->request; debug(33, 5) ("clientFollowXForwardedForNext: indirect_client_addr=%s XFF='%s'\n", - inet_ntoa(request->indirect_client_addr), + sockaddr_ntoa(&request->indirect_client_addr), strBuf(request->x_forwarded_for_iterator)); if (strLen(request->x_forwarded_for_iterator) != 0) { /* check the acl to see whether to believe the X-Forwarded-For header */ @@ -266,9 +266,10 @@ const char *p; const char *asciiaddr; int l; - struct in_addr addr; + struct addrinfo hints, *res; + debug(33, 5) ("clientFollowXForwardedForDone: indirect_client_addr=%s is trusted\n", - inet_ntoa(request->indirect_client_addr)); + sockaddr_ntoa(&request->indirect_client_addr)); p = strBuf(request->x_forwarded_for_iterator); l = strLen(request->x_forwarded_for_iterator); @@ -290,16 +291,18 @@ while (l > 0 && !(p[l - 1] == ',' || xisspace(p[l - 1]))) l--; asciiaddr = p + l; - if (inet_aton(asciiaddr, &addr) == 0) { + memset(&hints, 0, sizeof(hints)); + if (getaddrinfo(asciiaddr, NULL, &hints, &res)) { /* the address is not well formed; do not use it */ debug(33, 3) ("clientFollowXForwardedForDone: malformed address '%s'\n", asciiaddr); goto done; } + debug(33, 3) ("clientFollowXForwardedForDone: changing indirect_client_addr from %s to '%s'\n", - inet_ntoa(request->indirect_client_addr), + sockaddr_ntoa(&request->indirect_client_addr), asciiaddr); - request->indirect_client_addr = addr; + xmemcpy(&request->indirect_client_addr, res->ai_addr, SOCKLEN(res->ai_addr)); strCut(request->x_forwarded_for_iterator, l); if (!Config.onoff.acl_uses_indirect_client) { /* @@ -312,10 +315,10 @@ return; } else if (answer == ACCESS_DENIED) { debug(33, 5) ("clientFollowXForwardedForDone: indirect_client_addr=%s not trusted\n", - inet_ntoa(request->indirect_client_addr)); + sockaddr_ntoa(&request->indirect_client_addr)); } else { debug(33, 5) ("clientFollowXForwardedForDone: indirect_client_addr=%s nothing more to do\n", - inet_ntoa(request->indirect_client_addr)); + sockaddr_ntoa(&request->indirect_client_addr)); } done: /* clean up, and pass control to clientAccessCheck */ @@ -326,10 +329,10 @@ * instead of the direct client. */ ConnStateData *conn = http->conn; - conn->log_addr = request->indirect_client_addr; - conn->log_addr.s_addr &= Config.Addrs.client_netmask.s_addr; + xmemcpy(&conn->log_addr, &request->indirect_client_addr, + sizeof(struct sockaddr_storage)); debug(33, 3) ("clientFollowXForwardedForDone: setting log_addr=%s\n", - inet_ntoa(conn->log_addr)); + sockaddr_ntoa(&conn->log_addr)); } stringClean(&request->x_forwarded_for_iterator); http->acl_checklist = NULL; /* XXX do we need to aclChecklistFree() ? */ @@ -602,12 +605,14 @@ http->uri = xstrdup(urlCanonical(new_request)); new_request->http_ver = old_request->http_ver; httpHeaderAppend(&new_request->header, &old_request->header); - new_request->client_addr = old_request->client_addr; + xmemcpy(&new_request->client_addr, &old_request->client_addr, + sizeof(struct sockaddr_storage)); new_request->client_port = old_request->client_port; #if FOLLOW_X_FORWARDED_FOR new_request->indirect_client_addr = old_request->indirect_client_addr; #endif /* FOLLOW_X_FORWARDED_FOR */ - new_request->my_addr = old_request->my_addr; + xmemcpy(&new_request->my_addr, &old_request->my_addr, + sizeof(struct sockaddr_storage)); new_request->my_port = old_request->my_port; new_request->client_port = old_request->client_port; new_request->flags = old_request->flags; @@ -1282,7 +1287,8 @@ http->al.http.code = mem->reply->sline.status; http->al.http.content_type = strBuf(mem->reply->content_type); } - http->al.cache.caddr = conn->log_addr; + xmemcpy(&http->al.cache.caddr, &conn->log_addr, + sizeof(struct sockaddr_storage)); http->al.cache.size = http->out.size; http->al.cache.code = http->log_type; http->al.cache.msec = tvSubMsec(http->start, current_time); @@ -1324,7 +1330,7 @@ http->al.reply = http->reply; accessLogLog(&http->al, http->acl_checklist); clientUpdateCounters(http); - clientdbUpdate(conn->peer.sin_addr, http->log_type, PROTO_HTTP, http->out.size); + clientdbUpdate(&conn->peer, http->log_type, PROTO_HTTP, http->out.size); } } if (http->acl_checklist) @@ -1380,7 +1386,7 @@ clientHttpRequest *http; debug(33, 3) ("connStateFree: FD %d\n", fd); assert(connState != NULL); - clientdbEstablished(connState->peer.sin_addr, -1); /* decrement */ + clientdbEstablished(&connState->peer, -1); /* decrement */ n = connState->reqs.head; while (n != NULL) { http = n->data; @@ -1538,11 +1544,11 @@ } #if USE_USERAGENT_LOG if ((str = httpHeaderGetStr(req_hdr, HDR_USER_AGENT))) - logUserAgent(fqdnFromAddr(http->conn->log_addr), str); + logUserAgent(fqdnFromAddr(&http->conn->log_addr), str); #endif #if USE_REFERER_LOG if ((str = httpHeaderGetStr(req_hdr, HDR_REFERER))) - logReferer(fqdnFromAddr(http->conn->log_addr), str, + logReferer(fqdnFromAddr(&http->conn->log_addr), str, http->log_uri); #endif #if FORW_VIA_DB @@ -3076,7 +3082,7 @@ #if SIZEOF_SQUID_OFF_T <= 4 if (http->out.size > 0x7FFF0000) { debug(33, 1) ("WARNING: closing FD %d to prevent counter overflow\n", fd); - debug(33, 1) ("\tclient %s\n", inet_ntoa(http->conn->peer.sin_addr)); + debug(33, 1) ("\tclient %s\n", sockaddr_ntoa(&http->conn->peer)); debug(33, 1) ("\treceived %d bytes\n", (int) http->out.size); debug(33, 1) ("\tURI %s\n", http->log_uri); comm_close(fd); @@ -3085,7 +3091,7 @@ #if SIZEOF_SQUID_OFF_T <= 4 if (http->out.offset > 0x7FFF0000) { debug(33, 1) ("WARNING: closing FD %d to prevent counter overflow\n", fd); - debug(33, 1) ("\tclient %s\n", inet_ntoa(http->conn->peer.sin_addr)); + debug(33, 1) ("\tclient %s\n", sockaddr_ntoa(&http->conn->peer)); debug(33, 1) ("\treceived %d bytes (offset %d)\n", (int) http->out.size, (int) http->out.offset); debug(33, 1) ("\tURI %s\n", http->log_uri); @@ -3640,10 +3646,13 @@ http->flags.accel = 1; debug(33, 5) ("INTERNAL REWRITE: '%s'\n", http->uri); } else if (*url == '/' && conn->port->transparent) { + char *q = NULL; int port = 0; const char *host = mime_get_header(req_hdr, "Host"); char *portstr; - if (host && (portstr = strchr(host, ':')) != NULL) { + if (!(q = strchr(host, ']'))) + q = host; + if (host && (portstr = strchr(q, ':')) != NULL) { *portstr++ = '\0'; port = atoi(portstr); } @@ -3663,9 +3672,11 @@ if (!host && !conn->transparent && clientNatLookup(conn) == 0) conn->transparent = 1; if (!host && conn->transparent) { - port = ntohs(conn->me.sin_port); + port = (conn->me.ss_family == AF_INET6) ? + ntohs(((struct sockaddr_in6 *)&conn->me)->sin6_port) : + ntohs(((struct sockaddr_in *)&conn->me)->sin_port); if (!host) - host = inet_ntoa(conn->me.sin_addr); + host = sockaddr_ntoa(&conn->me); } if (host) { size_t url_sz = 10 + strlen(host) + 6 + strlen(url) + 32 + Config.appendDomainLen; @@ -3697,9 +3708,13 @@ if (*url != '/') { /* Fully qualified URL. Nothing special to do */ } else if (vhost && (t = mime_get_header(req_hdr, "Host"))) { - char *portstr = strchr(t, ':'); + char *portstr, *q; int port = 0; size_t url_sz = strlen(url) + 32 + Config.appendDomainLen + strlen(t); + + if (!(q = strchr(t, ']'))) + q = t; + portstr = strchr(q, ':'); if (portstr) { *portstr++ = '\0'; port = atoi(portstr); @@ -3728,7 +3743,7 @@ http->uri = xcalloc(url_sz, 1); snprintf(http->uri, url_sz, "%s://%s:%d%s", http->conn->port->protocol, - inet_ntoa(http->conn->me.sin_addr), + sockaddr_ntoa(&http->conn->me), vport, url); debug(33, 5) ("VPORT REWRITE: '%s'\n", http->uri); } else if (internalCheck(url)) { @@ -3915,7 +3930,8 @@ if (parser_return_code < 0) { debug(33, 1) ("clientReadRequest: FD %d (%s:%d) Invalid Request\n", fd, fd_table[fd].ipaddr, fd_table[fd].remote_port); err = errorCon(ERR_INVALID_REQ, HTTP_BAD_REQUEST, NULL); - err->src_addr = conn->peer.sin_addr; + xmemcpy(&err->src_addr, &conn->peer, + sizeof(struct sockaddr_storage)); err->request_hdrs = xstrdup(conn->in.buf); http->log_type = LOG_TCP_DENIED; http->entry = clientCreateStoreEntry(http, method, null_request_flags); @@ -3926,7 +3942,8 @@ if ((request = urlParse(method, http->uri)) == NULL) { debug(33, 5) ("Invalid URL: %s\n", http->uri); err = errorCon(ERR_INVALID_URL, HTTP_BAD_REQUEST, NULL); - err->src_addr = conn->peer.sin_addr; + xmemcpy(&err->src_addr, &conn->peer, + sizeof(struct sockaddr_storage)); err->url = xstrdup(http->uri); http->al.http.code = err->http_status; http->log_type = LOG_TCP_DENIED; @@ -3977,14 +3994,22 @@ request->content_length = httpHeaderGetSize(&request->header, HDR_CONTENT_LENGTH); request->flags.internal = http->flags.internal; - request->client_addr = conn->peer.sin_addr; - request->client_port = conn->peer.sin_port; + xmemcpy(&request->client_addr, &conn->peer, + sizeof(struct sockaddr_storage)); + request->client_port = (conn->peer.ss_family == AF_INET6) ? + ntohs(((struct sockaddr_in6 *)&conn->peer)->sin6_port) : + ntohs(((struct sockaddr_in *)&conn->peer)->sin_port); #if FOLLOW_X_FORWARDED_FOR request->indirect_client_addr = request->client_addr; #endif /* FOLLOW_X_FORWARDED_FOR */ - request->my_addr = conn->me.sin_addr; - request->my_port = ntohs(conn->me.sin_port); - request->client_port = ntohs(conn->peer.sin_port); + xmemcpy(&request->my_addr, &conn->me, + sizeof(struct sockaddr_storage)); + request->my_port = (conn->me.ss_family == AF_INET6) ? + ntohs(((struct sockaddr_in6 *)&conn->me)->sin6_port) : + ntohs(((struct sockaddr_in *)&conn->me)->sin_port); + request->client_port = (conn->peer.ss_family == AF_INET6) ? + ntohs(((struct sockaddr_in6 *)&conn->peer)->sin6_port) : + ntohs(((struct sockaddr_in *)&conn->peer)->sin_port); request->http_ver = http->http_ver; if (!urlCheckRequest(request) || httpHeaderHas(&request->header, HDR_TRANSFER_ENCODING)) { @@ -4029,7 +4054,7 @@ if (!DLINK_ISEMPTY(conn->reqs) && DLINK_HEAD(conn->reqs) == http) clientCheckFollowXForwardedFor(http); else { - debug(33, 1) ("WARNING: pipelined CONNECT request seen from %s\n", inet_ntoa(http->conn->peer.sin_addr)); + debug(33, 1) ("WARNING: pipelined CONNECT request seen from %s\n", sockaddr_ntoa(&http->conn->peer)); debugObj(33, 1, "Previous request:\n", ((clientHttpRequest *) DLINK_HEAD(conn->reqs))->request, (ObjPackMethod) & httpRequestPackDebug); debugObj(33, 1, "This request:\n", request, (ObjPackMethod) & httpRequestPackDebug); @@ -4050,7 +4075,8 @@ debug(33, 1) ("Config 'request_header_max_size'= %ld bytes.\n", (long int) Config.maxRequestHeaderSize); err = errorCon(ERR_TOO_BIG, HTTP_REQUEST_ENTITY_TOO_LARGE, NULL); - err->src_addr = conn->peer.sin_addr; + xmemcpy(&err->src_addr, &conn->peer, + sizeof(struct sockaddr_storage)); http = parseHttpRequestAbort(conn, "error:request-too-large"); /* add to the client request queue */ dlinkAddTail(http, &http->node, &conn->reqs); @@ -4262,7 +4288,8 @@ * Generate an error */ err = errorCon(ERR_LIFETIME_EXP, HTTP_REQUEST_TIMEOUT, NULL); - err->src_addr = conn->peer.sin_addr; + xmemcpy(&err->src_addr, &conn->peer, + sizeof(struct sockaddr_storage)); err->url = xstrdup("N/A"); /* * Normally we shouldn't call errorSend() in client_side.c, but @@ -4301,7 +4328,7 @@ clientHttpRequest *http = data; ConnStateData *conn = http->conn; debug(33, 1) ("WARNING: Closing client %s connection due to lifetime timeout\n", - inet_ntoa(conn->peer.sin_addr)); + sockaddr_ntoa(&conn->peer)); debug(33, 1) ("\t%s\n", http->uri); comm_close(fd); } @@ -4411,7 +4438,7 @@ clientNatLookup(ConnStateData * conn) { socklen_t sock_sz = sizeof(conn->me); - struct in_addr orig_addr = conn->me.sin_addr; + struct in_addr orig_addr = ((struct sockaddr_in *)&conn->me)->sin_addr; static time_t last_reported = 0; /* If the call fails the address structure will be unchanged */ if (getsockopt(conn->fd, SOL_IP, SO_ORIGINAL_DST, &conn->me, &sock_sz) != 0) { @@ -4421,8 +4448,8 @@ } return -1; } - debug(33, 5) ("clientNatLookup: addr = %s", inet_ntoa(conn->me.sin_addr)); - if (orig_addr.s_addr != conn->me.sin_addr.s_addr) + debug(33, 5) ("clientNatLookup: addr = %s", sockaddr_ntoa(&conn->me)); + if (orig_addr.s_addr != ((struct sockaddr_in *)&conn->me)->sin_addr.s_addr) return 0; else return -1; @@ -4493,16 +4520,16 @@ int fd = -1; fde *F; ConnStateData *connState = NULL; - struct sockaddr_in peer; - struct sockaddr_in me; + struct sockaddr_storage peer; + struct sockaddr_storage me; int max = INCOMING_HTTP_MAX; #if USE_IDENT static aclCheck_t identChecklist; #endif commSetSelect(sock, COMM_SELECT_READ, httpAccept, data, 0); while (max-- && !httpAcceptDefer(sock, NULL)) { - memset(&peer, '\0', sizeof(struct sockaddr_in)); - memset(&me, '\0', sizeof(struct sockaddr_in)); + memset(&peer, '\0', sizeof(struct sockaddr_storage)); + memset(&me, '\0', sizeof(struct sockaddr_storage)); if ((fd = comm_accept(sock, &peer, &me)) < 0) { if (!ignoreErrno(errno)) debug(50, 1) ("httpAccept: FD %d: accept failure: %s\n", @@ -4515,27 +4542,36 @@ connState = cbdataAlloc(ConnStateData); connState->port = s; cbdataLock(connState->port); - connState->peer = peer; - connState->log_addr = peer.sin_addr; + xmemcpy(&connState->peer, &peer, + sizeof(struct sockaddr_storage)); + xmemcpy(&connState->log_addr, &peer, + sizeof(struct sockaddr_storage)); +/* connState->log_addr.s_addr &= Config.Addrs.client_netmask.s_addr; - connState->me = me; +*/ + xmemcpy(&connState->me, &me, + sizeof(struct sockaddr_storage)); connState->fd = fd; connState->pinning.fd = -1; connState->in.buf = memAllocBuf(CLIENT_REQ_BUF_SZ, &connState->in.size); comm_add_close_handler(fd, connStateFree, connState); if (Config.onoff.log_fqdn) - fqdncache_gethostbyaddr(peer.sin_addr, FQDN_LOOKUP_IF_MISS); + fqdncache_gethostbyaddr(&peer, FQDN_LOOKUP_IF_MISS); commSetTimeout(fd, Config.Timeout.request, requestTimeout, connState); #if USE_IDENT - identChecklist.src_addr = peer.sin_addr; - identChecklist.my_addr = me.sin_addr; - identChecklist.my_port = ntohs(me.sin_port); + xmemcpy(&identChecklist.src_addr, &peer, + sizeof(struct sockaddr_storage)); + xmemcpy(&identChecklist.my_addr, &me, + sizeof(struct sockaddr_storage)); + identChecklist.my_port = (me.ss_family == AF_INET6) ? + ntohs(((struct sockaddr_in6 *)&me)->sin6_port) : + ntohs(((struct sockaddr_in *)&me)->sin_port) ; if (aclCheckFast(Config.accessList.identLookup, &identChecklist)) identStart(&me, &peer, clientIdentDone, connState); #endif commSetSelect(fd, COMM_SELECT_READ, clientReadRequest, connState, 0); commSetDefer(fd, clientReadDefer, connState); - clientdbEstablished(peer.sin_addr, 1); + clientdbEstablished(&peer, 1); incoming_sockets_accepted++; } } @@ -4653,8 +4689,8 @@ https_port_list *s = data; int fd = -1; ConnStateData *connState = NULL; - struct sockaddr_in peer; - struct sockaddr_in me; + struct sockaddr_storage peer; + struct sockaddr_storage me; int max = INCOMING_HTTP_MAX; #if USE_IDENT static aclCheck_t identChecklist; @@ -4662,8 +4698,8 @@ commSetSelect(sock, COMM_SELECT_READ, httpsAccept, s, 0); while (max-- && !httpAcceptDefer(sock, NULL)) { fde *F; - memset(&peer, '\0', sizeof(struct sockaddr_in)); - memset(&me, '\0', sizeof(struct sockaddr_in)); + memset(&peer, '\0', sizeof(struct sockaddr_storage)); + memset(&me, '\0', sizeof(struct sockaddr_storage)); if ((fd = comm_accept(sock, &peer, &me)) < 0) { if (!ignoreErrno(errno)) debug(50, 1) ("httpsAccept: FD %d: accept failure: %s\n", @@ -4675,25 +4711,34 @@ connState = cbdataAlloc(ConnStateData); connState->port = (http_port_list *) s; cbdataLock(connState->port); - connState->peer = peer; - connState->log_addr = peer.sin_addr; + xmemcpy(&connState->peer, &peer, + sizeof(struct sockaddr_storage)); + xmemcpy(&connState->log_addr, &peer, + sizeof(struct sockaddr_storage)); +/* connState->log_addr.s_addr &= Config.Addrs.client_netmask.s_addr; - connState->me = me; +*/ + xmemcpy(&connState->me, &me, + sizeof(struct sockaddr_storage)); connState->fd = fd; connState->pinning.fd = -1; connState->in.buf = memAllocBuf(CLIENT_REQ_BUF_SZ, &connState->in.size); comm_add_close_handler(fd, connStateFree, connState); if (Config.onoff.log_fqdn) - fqdncache_gethostbyaddr(peer.sin_addr, FQDN_LOOKUP_IF_MISS); + fqdncache_gethostbyaddr(&peer, FQDN_LOOKUP_IF_MISS); commSetTimeout(fd, Config.Timeout.request, requestTimeout, connState); #if USE_IDENT - identChecklist.src_addr = peer.sin_addr; - identChecklist.my_addr = me.sin_addr; + xmemcpy(&identChecklist.src_addr, &peer, + sizeof(struct sockaddr_storage)); + xmemcpy(&identChecklist.my_addr, &me, + sizeof(struct sockaddr_storage)); +/* identChecklist.my_port = ntohs(me.sin_port); +*/ if (aclCheckFast(Config.accessList.identLookup, &identChecklist)) identStart(&me, &peer, clientIdentDone, connState); #endif - clientdbEstablished(peer.sin_addr, 1); + clientdbEstablished(&peer, 1); incoming_sockets_accepted++; httpsAcceptSSL(connState, s->sslContext); } @@ -4831,6 +4876,7 @@ { http_port_list *s; int fd; + char host[100], port[8]; for (s = Config.Sockaddr.http; s; s = s->next) { if (MAXHTTPPORTS == NHttpSockets) { debug(1, 1) ("WARNING: You have too many 'http_port' lines.\n"); @@ -4840,8 +4886,7 @@ enter_suid(); fd = comm_open(SOCK_STREAM, IPPROTO_TCP, - s->s.sin_addr, - ntohs(s->s.sin_port), + &s->s, COMM_NONBLOCKING, "HTTP Socket"); leave_suid(); @@ -4854,12 +4899,14 @@ * peg the CPU with select() when we hit the FD limit. */ commSetDefer(fd, httpAcceptDefer, NULL); - debug(1, 1) ("Accepting %s HTTP connections at %s, port %d, FD %d.\n", + getnameinfo(&s->s, SOCKLEN(&s->s), + host, 100, port, 8, NI_NUMERICHOST|NI_NUMERICSERV); + debug(1, 1) ("Accepting %s HTTP connections at %s, port %s, FD %d.\n", s->transparent ? "transparently proxied" : s->accel ? "accelerated" : "proxy", - inet_ntoa(s->s.sin_addr), - (int) ntohs(s->s.sin_port), + host, + port, fd); HttpSockets[NHttpSockets++] = fd; } @@ -4882,8 +4929,7 @@ enter_suid(); fd = comm_open(SOCK_STREAM, IPPROTO_TCP, - s->http.s.sin_addr, - ntohs(s->http.s.sin_port), + &s->http.s, COMM_NONBLOCKING, "HTTPS Socket"); leave_suid(); @@ -4893,8 +4939,10 @@ commSetSelect(fd, COMM_SELECT_READ, httpsAccept, s, 0); commSetDefer(fd, httpAcceptDefer, NULL); debug(1, 1) ("Accepting HTTPS connections at %s, port %d, FD %d.\n", - inet_ntoa(s->http.s.sin_addr), - (int) ntohs(s->http.s.sin_port), + sockaddr_ntoa(&s->http.s), + (int) s->http.s.ss_family == AF_INET6 ? + ntohs(((struct sockaddr_in6 *)&s->http.s)->sin6_port) : + ntohs(((struct sockaddr_in *)&s->http.s)->sin_port) , fd); HttpSockets[NHttpSockets++] = fd; } diff -r -u squid-2.6.STABLE13/src/comm.c new-STABLE13/src/comm.c --- squid-2.6.STABLE13/src/comm.c Tue Apr 17 18:39:56 2007 +++ new-STABLE13/src/comm.c Sun May 13 00:59:36 2007 @@ -1,6 +1,6 @@ /* - * $Id: comm.c,v 1.358.2.1 2007/04/17 09:39:56 hno Exp $ + * $Id: comm.c,v 1.2 2007/05/11 05:02:31 husni Exp $ * * DEBUG: section 5 Socket Functions * AUTHOR: Harvest Derived @@ -50,18 +50,19 @@ typedef struct { char *host; u_short port; - struct sockaddr_in S; + struct sockaddr_storage S; CNCB *callback; void *data; - struct in_addr in_addr; + struct sockaddr_storage in_addr; int fd; int tries; + int ia_cur; int addrcount; int connstart; } ConnectStateData; /* STATIC */ -static int commBind(int s, struct in_addr, u_short port); +static int commBind(int s, struct sockaddr *S); static void commSetReuseAddr(int); static void commSetNoLinger(int); static void CommWriteStateCallbackAndFree(int fd, int code); @@ -111,7 +112,7 @@ u_short comm_local_port(int fd) { - struct sockaddr_in addr; + struct sockaddr_storage addr; socklen_t addr_len = 0; fde *F = &fd_table[fd]; @@ -122,33 +123,29 @@ } if (F->local_port) return F->local_port; - addr_len = sizeof(addr); + addr_len = sizeof(struct sockaddr_storage); if (getsockname(fd, (struct sockaddr *) &addr, &addr_len)) { debug(5, 1) ("comm_local_port: Failed to retrieve TCP/UDP port number for socket: FD %d: %s\n", fd, xstrerror()); return 0; } - F->local_port = ntohs(addr.sin_port); + F->local_port = (addr.ss_family == AF_INET6) ? + ntohs(((struct sockaddr_in6 *)&addr)->sin6_port): + ntohs(((struct sockaddr_in *)&addr)->sin_port) ; debug(5, 6) ("comm_local_port: FD %d: port %d\n", fd, (int) F->local_port); return F->local_port; } static int -commBind(int s, struct in_addr in_addr, u_short port) +commBind(int s, struct sockaddr *S) { - struct sockaddr_in S; - - memset(&S, '\0', sizeof(S)); - S.sin_family = AF_INET; - S.sin_port = htons(port); - S.sin_addr = in_addr; + char hbuf[80], sbuf[8]; statCounter.syscalls.sock.binds++; - if (bind(s, (struct sockaddr *) &S, sizeof(S)) == 0) + if (bind(s, S, SOCKLEN(S)) == 0) return COMM_OK; - debug(5, 0) ("commBind: Cannot bind socket FD %d to %s:%d: %s\n", - s, - S.sin_addr.s_addr == INADDR_ANY ? "*" : inet_ntoa(S.sin_addr), - (int) port, - xstrerror()); + getnameinfo(S, S->sa_family, hbuf, 80, sbuf, 8, + NI_NUMERICHOST|NI_NUMERICSERV); + debug(5, 0) ("commBind: Cannot bind socket FD %d to %s:%s: %s\n", + s, hbuf, sbuf, xstrerror()); return COMM_ERROR; } @@ -157,12 +154,11 @@ int comm_open(int sock_type, int proto, - struct in_addr addr, - u_short port, + struct sockaddr *addr, int flags, const char *note) { - return comm_openex(sock_type, proto, addr, port, flags, 0, note); + return comm_openex(sock_type, proto, addr, flags, 0, note); } @@ -171,19 +167,19 @@ int comm_openex(int sock_type, int proto, - struct in_addr addr, - u_short port, + struct sockaddr *addr, int flags, unsigned char TOS, const char *note) { int new_socket; + u_short port; int tos = 0; fde *F = NULL; /* Create socket for accepting new connections. */ statCounter.syscalls.sock.sockets++; - if ((new_socket = socket(AF_INET, sock_type, proto)) < 0) { + if ((new_socket = socket(addr->sa_family, sock_type, proto)) < 0) { /* Increase the number of reserved fd's if calls to socket() * are failing because the open file table is full. This * limits the number of simultaneous clients */ @@ -213,12 +209,15 @@ debug(5, 5) ("comm_open: FD %d is a new socket\n", new_socket); fd_open(new_socket, FD_SOCKET, note); F = &fd_table[new_socket]; - F->local_addr = addr; + xmemcpy(&F->local_addr, addr, SOCKLEN(addr)); F->tos = tos; if (!(flags & COMM_NOCLOEXEC)) commSetCloseOnExec(new_socket); if ((flags & COMM_REUSEADDR)) commSetReuseAddr(new_socket); + port = (addr->sa_family == AF_INET6) ? + ntohs(((struct sockaddr_in6 *)addr)->sin6_port) : + ntohs(((struct sockaddr_in *)addr)->sin_port); if (port > (u_short) 0) { #ifdef _SQUID_MSWIN_ if (sock_type != SOCK_DGRAM) @@ -227,14 +226,38 @@ if (opt_reuseaddr) commSetReuseAddr(new_socket); } - if (addr.s_addr != no_addr.s_addr) { - if (commBind(new_socket, addr, port) != COMM_OK) { + switch (addr->sa_family) { + case AF_INET: + if (((struct sockaddr_in *)addr)->sin_addr.s_addr != no_addr.s_addr) { + if (commBind(new_socket, addr) != COMM_OK) { + comm_close(new_socket); + return -1; + } + } + F->local_port = ntohs(((struct sockaddr_in *)addr)->sin_port); + break; + case AF_INET6: + { + struct in6_addr *s6 = &((struct sockaddr_in6 *)addr)->sin6_addr; + if (!IN6_IS_ADDR_ALLF( (struct in6_addr*)&((struct sockaddr_in6 *)addr)->sin6_addr )){ +#ifdef IPV6_V6ONLY + const int on = 1; + if (setsockopt(new_socket, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0) { comm_close(new_socket); return -1; } +#endif + if (commBind(new_socket, addr) != COMM_OK) { + comm_close(new_socket); + return -1; + } + } } - F->local_port = port; + F->local_port = ntohs(((struct sockaddr_in6 *)addr)->sin6_port); + break; + } + xmemcpy(&F->local_addr, addr, SOCKLEN(addr)); if (flags & COMM_NONBLOCKING) if (commSetNonBlocking(new_socket) == COMM_ERROR) return -1; @@ -268,9 +291,10 @@ } void -commConnectStart(int fd, const char *host, u_short port, CNCB * callback, void *data) +commConnectStart(int fd, const char *host, u_short port, CNCB *callback, void *data) { ConnectStateData *cs; + FwdState *fwdState = data; debug(5, 3) ("commConnectStart: FD %d, %s:%d\n", fd, host, (int) port); cs = cbdataAlloc(ConnectStateData); cs->fd = fd; @@ -278,6 +302,7 @@ cs->port = port; cs->callback = callback; cs->data = data; + cs->ia_cur= fwdState->ia_cur; cbdataLock(cs->data); comm_add_close_handler(fd, commConnectFree, cs); ipcache_nbgethostbyname(host, commConnectDnsHandle, cs); @@ -298,9 +323,15 @@ return; } assert(ia->cur < ia->count); - cs->in_addr = ia->in_addrs[ia->cur]; - if (Config.onoff.balance_on_multiple_ip) - ipcacheCycleAddr(cs->host, NULL); + if (Config.onoff.balance_on_multiple_ip) { + if (cs->ia_cur < 0) { + ipcacheCycleAddr(cs->host, NULL); + cs->ia_cur = ia->cur; + } + } + else + cs->ia_cur = ia->cur; + xmemcpy(&cs->in_addr, &ia->in_addrs[cs->ia_cur], sizeof(struct sockaddr_storage)); cs->addrcount = ia->count; cs->connstart = squid_curtime; commConnectHandle(cs->fd, cs); @@ -311,7 +342,9 @@ { CNCB *callback = cs->callback; void *data = cs->data; + FwdState *fwdState = cs->data; int fd = cs->fd; + fwdState->ia_cur = cs->ia_cur; comm_remove_close_handler(fd, commConnectFree, cs); cs->callback = NULL; cs->data = NULL; @@ -339,10 +372,17 @@ { int fd2; fde *F; + struct sockaddr_storage oldsock; + socklen_t oldsocklen = sizeof(oldsock); if (!cbdataValid(cs->data)) return 0; statCounter.syscalls.sock.sockets++; - fd2 = socket(AF_INET, SOCK_STREAM, 0); + getsockname(cs->fd, (struct sockaddr *)&oldsock, &oldsocklen); + F = &fd_table[cs->fd]; + if (F->local_addr.ss_family == AF_INET6) + fd2 = socket(AF_INET6, SOCK_STREAM, 0); + else + fd2 = socket(AF_INET, SOCK_STREAM, 0); statCounter.syscalls.sock.sockets++; if (fd2 < 0) { debug(5, 0) ("commResetFD: socket: %s\n", xstrerror()); @@ -365,13 +405,12 @@ return 0; } close(fd2); - F = &fd_table[cs->fd]; fd_table[cs->fd].flags.called_connect = 0; /* * yuck, this has assumptions about comm_open() arguments for * the original socket */ - if (commBind(cs->fd, F->local_addr, F->local_port) != COMM_OK) { + if (commBind(cs->fd, &F->local_addr) != COMM_OK) { debug(5, 0) ("commResetFD: bind: %s\n", xstrerror()); return 0; } @@ -426,10 +465,14 @@ commConnectHandle(int fd, void *data) { ConnectStateData *cs = data; - if (cs->S.sin_addr.s_addr == 0) { - cs->S.sin_family = AF_INET; - cs->S.sin_addr = cs->in_addr; - cs->S.sin_port = htons(cs->port); + struct sockaddr *sa; + if ((cs->in_addr.ss_family == AF_INET) || (cs->in_addr.ss_family == AF_INET6)) { + xmemcpy(&cs->S, &cs->in_addr, sizeof(struct sockaddr_storage)); + sa =(struct sockaddr *)&cs->S; + if (sa->sa_family == AF_INET6) + ((struct sockaddr_in6 *)&cs->S)->sin6_port = htons(cs->port); + else + ((struct sockaddr_in *)&cs->S)->sin_port = htons(cs->port); } switch (comm_connect_addr(fd, &cs->S)) { case COMM_INPROGRESS: @@ -437,14 +480,18 @@ commSetSelect(fd, COMM_SELECT_WRITE, commConnectHandle, cs, 0); break; case COMM_OK: - ipcacheMarkGoodAddr(cs->host, cs->S.sin_addr); + ipcacheMarkGoodAddr(cs->host, &cs->S); commConnectCallback(cs, COMM_OK); break; + case COMM_ERR_NOSUPPORT: + case COMM_ERR_INV_ARGS: + commConnectCallback(cs, COMM_ERR_INV_ARGS); + break; default: cs->tries++; - ipcacheMarkBadAddr(cs->host, cs->S.sin_addr); + ipcacheMarkBadAddr(cs->host, &cs->S); if (Config.onoff.test_reachability) - netdbDeleteAddrNetwork(cs->S.sin_addr); + netdbDeleteAddrNetwork(&cs->S); if (commRetryConnect(cs)) { eventAdd("commReconnect", commReconnect, cs, cs->addrcount == 1 ? 0.05 : 0.0, 0); } else { @@ -477,26 +524,31 @@ } int -comm_connect_addr(int sock, const struct sockaddr_in *address) +comm_connect_addr(int sock, const struct sockaddr *address) { int status = COMM_OK; fde *F = &fd_table[sock]; int x; int err = 0; socklen_t errlen; - assert(ntohs(address->sin_port) != 0); + + if (address->sa_family == AF_INET6) + assert(ntohs(((struct sockaddr_in6 *)address)->sin6_port) != 0); + else + assert(ntohs(((struct sockaddr_in *)address)->sin_port) != 0); /* Establish connection. */ errno = 0; if (!F->flags.called_connect) { F->flags.called_connect = 1; statCounter.syscalls.sock.connects++; - x = connect(sock, (struct sockaddr *) address, sizeof(*address)); + x = connect(sock, address, SOCKLEN(address)); if (x < 0) - debug(5, 9) ("connect FD %d: %s\n", sock, xstrerror()); + debug(5, 2) ("connect FD %d to %s : %s\n", sock, + sockaddr_ntoa(address), xstrerror()); } else { #if defined(_SQUID_NEWSOS6_) /* Makoto MATSUSHITA */ - connect(sock, (struct sockaddr *) address, sizeof(*address)); + connect(sock, address, SOCKLEN(address)); if (errno == EINVAL) { errlen = sizeof(err); x = getsockopt(sock, SOL_SOCKET, SO_ERROR, &err, &errlen); @@ -524,10 +576,16 @@ status = COMM_OK; else if (ignoreErrno(errno)) status = COMM_INPROGRESS; + else if (errno == COMM_ERR_INV_ARGS) + return COMM_ERR_INV_ARGS; + else if (errno == COMM_ERR_NOSUPPORT) + return COMM_ERR_INV_ARGS; else return COMM_ERROR; - xstrncpy(F->ipaddr, inet_ntoa(address->sin_addr), 16); - F->remote_port = ntohs(address->sin_port); + xstrncpy(F->ipaddr, sockaddr_ntoa(address), 80); + F->remote_port = (address->sa_family == AF_INET6) ? + ntohs(((struct sockaddr_in6 *)address)->sin6_port) : + ntohs(((struct sockaddr_in *)address)->sin_port); if (status == COMM_OK) { debug(5, 10) ("comm_connect_addr: FD %d connected to %s:%d\n", sock, F->ipaddr, F->remote_port); @@ -540,11 +598,11 @@ /* Wait for an incoming connection on FD. FD should be a socket returned * from comm_listen. */ int -comm_accept(int fd, struct sockaddr_in *pn, struct sockaddr_in *me) +comm_accept(int fd, struct sockaddr *pn, struct sockaddr *me) { int sock; - struct sockaddr_in P; - struct sockaddr_in M; + struct sockaddr_storage P; + struct sockaddr_storage M; socklen_t Slen; fde *F = NULL; Slen = sizeof(P); @@ -562,19 +620,27 @@ } } if (pn) - *pn = P; + xmemcpy(pn, &P, SOCKLEN(&P)); Slen = sizeof(M); memset(&M, '\0', Slen); getsockname(sock, (struct sockaddr *) &M, &Slen); if (me) - *me = M; + xmemcpy(me, &M, SOCKLEN(&M)); commSetCloseOnExec(sock); /* fdstat update */ fd_open(sock, FD_SOCKET, "HTTP Request"); F = &fd_table[sock]; - xstrncpy(F->ipaddr, inet_ntoa(P.sin_addr), 16); - F->remote_port = htons(P.sin_port); - F->local_port = htons(M.sin_port); + xstrncpy(F->ipaddr, sockaddr_ntoa(&P), 80); + switch (P.ss_family) { + case AF_INET6: + F->remote_port = ntohs(((struct sockaddr_in6 *)&P)->sin6_port); + F->local_port = ntohs(((struct sockaddr_in6 *)&M)->sin6_port); + break; + case AF_INET: + F->remote_port = ntohs(((struct sockaddr_in *)&P)->sin_port); + F->local_port = ntohs(((struct sockaddr_in *)&M)->sin_port); + break; + } commSetNonBlocking(sock); return sock; } @@ -762,22 +828,25 @@ /* Send a udp datagram to specified TO_ADDR. */ int comm_udp_sendto(int fd, - const struct sockaddr_in *to_addr, + const struct sockaddr *to_addr, int addr_len, const void *buf, int len) { int x; + char hbuf[100], sbuf[8]; statCounter.syscalls.sock.sendtos++; - x = sendto(fd, buf, len, 0, (struct sockaddr *) to_addr, addr_len); + x = sendto(fd, buf, len, 0, to_addr, SOCKLEN(to_addr)); if (x < 0) { + getnameinfo(to_addr, SOCKLEN(to_addr), hbuf, 100, sbuf, 8, + NI_NUMERICHOST|NI_NUMERICSERV); #ifdef _SQUID_LINUX_ if (ECONNREFUSED != errno) #endif - debug(5, 1) ("comm_udp_sendto: FD %d, %s, port %d: %s\n", + debug(5, 1) ("comm_udp_sendto: FD %d, %s, port %s: %s\n", fd, - inet_ntoa(to_addr->sin_addr), - (int) htons(to_addr->sin_port), + hbuf, + sbuf, xstrerror()); return COMM_ERROR; } diff -r -u squid-2.6.STABLE13/src/comm_generic.c new-STABLE13/src/comm_generic.c --- squid-2.6.STABLE13/src/comm_generic.c Wed Nov 1 03:25:15 2006 +++ new-STABLE13/src/comm_generic.c Sun May 13 00:59:36 2007 @@ -1,6 +1,6 @@ /* - * $Id: comm_generic.c,v 1.8 2006/10/31 18:25:15 serassio Exp $ + * $Id: comm_generic.c,v 1.9 2007/05/11 05:02:31 husni Exp $ * * DEBUG: section 5 Socket Functions * @@ -165,6 +165,10 @@ do_call_incoming(theInIcpConnection); if (theOutIcpConnection != theInIcpConnection) do_call_incoming(theOutIcpConnection); + if (theInIcpConnection6 >= 0) + do_call_incoming(theInIcpConnection6); + if (theOutIcpConnection6 != theInIcpConnection6) + do_call_incoming(theOutIcpConnection6); } static inline void diff -r -u squid-2.6.STABLE13/src/comm_kqueue.c new-STABLE13/src/comm_kqueue.c --- squid-2.6.STABLE13/src/comm_kqueue.c Tue Mar 13 07:23:04 2007 +++ new-STABLE13/src/comm_kqueue.c Sun May 13 00:59:36 2007 @@ -1,6 +1,6 @@ /* - * $Id: comm_kqueue.c,v 1.10.2.1 2007/03/12 22:23:04 hno Exp $ + * $Id: comm_kqueue.c,v 1.1 2007/05/11 04:58:37 husni Exp $ * * DEBUG: section 5 Socket Functions * diff -r -u squid-2.6.STABLE13/src/defines.h new-STABLE13/src/defines.h --- squid-2.6.STABLE13/src/defines.h Sun Feb 4 07:58:20 2007 +++ new-STABLE13/src/defines.h Sun May 13 00:59:36 2007 @@ -1,6 +1,6 @@ /* - * $Id: defines.h,v 1.122.2.1 2007/02/03 22:58:20 hno Exp $ + * $Id: defines.h,v 1.2 2007/05/11 05:02:31 husni Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -84,6 +84,8 @@ #define COMM_ERR_CONNECT (-7) #define COMM_ERR_DNS (-8) #define COMM_ERR_CLOSING (-9) +#define COMM_ERR_INV_ARGS (22) +#define COMM_ERR_NOSUPPORT (97) /* Select types. */ #define COMM_SELECT_READ (0x1) @@ -364,4 +366,18 @@ #define DLINK_ISEMPTY(n) ( (n).head == NULL ) #define DLINK_HEAD(n) ( (n).head->data ) +/* + * Macro to compare IPv6 addresses (b is 0, 4, 8, 12) + */ +#define IN6_NTOHL_N(a,b) \ + (ntohl(*(const u_int32_t *)(const void *)(&(a)->s6_addr[(b)]))) + +#define IN6_IS_ADDR_ALLF(a) \ + (IN6_NTOHL_N(a,0) & IN6_NTOHL_N(a,4) & \ + IN6_NTOHL_N(a,8) & IN6_NTOHL_N(a,12) == \ + (u_int32_t)0xffffffff) + +#define SOCKLEN(a) \ + (((struct sockaddr_storage *)(a))->ss_family == AF_INET6 ? \ + sizeof(struct sockaddr_in6) : sizeof(struct sockaddr_in)) #endif /* SQUID_DEFINES_H */ diff -r -u squid-2.6.STABLE13/src/delay_pools.c new-STABLE13/src/delay_pools.c --- squid-2.6.STABLE13/src/delay_pools.c Mon Oct 23 20:22:21 2006 +++ new-STABLE13/src/delay_pools.c Sun May 13 00:59:36 2007 @@ -1,6 +1,6 @@ /* - * $Id: delay_pools.c,v 1.34 2006/10/23 11:22:21 hno Exp $ + * $Id: delay_pools.c,v 1.35 2007/05/11 05:02:31 husni Exp $ * * DEBUG: section 77 Delay Pools * AUTHOR: David Luyer @@ -322,12 +322,13 @@ ch.src_addr = r->indirect_client_addr; } else #endif /* FOLLOW_X_FORWARDED_FOR */ - ch.src_addr = r->client_addr; - ch.my_addr = r->my_addr; + xmemcpy(&ch.src_addr, &r->client_addr, SOCKLEN(&r->client_addr)); + xmemcpy(&ch.my_addr, &r->my_addr, SOCKLEN(&r->my_addr)); ch.my_port = r->my_port; ch.conn = http->conn; ch.request = r; - if (r->client_addr.s_addr == INADDR_BROADCAST) { + if (r->client_addr.ss_family == AF_INET && + ((struct sockaddr_in *)&r->client_addr)->sin_addr.s_addr == INADDR_BROADCAST) { debug(77, 2) ("delayClient: WARNING: Called with 'allones' address, ignoring\n"); return delayId(0, 0); } @@ -343,7 +344,10 @@ if (class == 1) return delayId(pool + 1, 0); if (class == 2) { +/* XXX husni host = ntohl(ch.src_addr.s_addr) & 0xff; +*/ + host = 255; if (host == 255) { if (!delay_data[pool].class2->individual_255_used) { delay_data[pool].class2->individual_255_used = 1; @@ -369,7 +373,10 @@ return delayId(pool + 1, i); } /* class == 3 */ +/* XXX husni host = ntohl(ch.src_addr.s_addr) & 0xffff; +*/ + host = 0xffff; net = host >> 8; host &= 0xff; if (net == 255) { diff -r -u squid-2.6.STABLE13/src/dns_internal.c new-STABLE13/src/dns_internal.c --- squid-2.6.STABLE13/src/dns_internal.c Sun Dec 17 19:51:44 2006 +++ new-STABLE13/src/dns_internal.c Sun May 13 00:59:36 2007 @@ -1,6 +1,6 @@ /* - * $Id: dns_internal.c,v 1.61 2006/12/17 10:51:44 serassio Exp $ + * $Id: dns_internal.c,v 1.62 2007/05/11 05:02:31 husni Exp $ * * DEBUG: section 78 DNS lookups; interacts with lib/rfc1035.c * AUTHOR: Duane Wessels @@ -89,12 +89,14 @@ struct _idns_query { hash_link hash; + int ia_cur; rfc1035_query query; + char query_key[RFC1035_MAXHOSTNAMESZ+5]; char buf[RESOLV_BUFSZ]; char name[NS_MAXDNAME + 1]; char orig[NS_MAXDNAME + 1]; ssize_t sz; - unsigned short id; + unsigned short id, id_pair; int nsends; struct timeval start_t; struct timeval sent_t; @@ -114,7 +116,7 @@ }; struct _ns { - struct sockaddr_in S; + struct sockaddr_storage S; int nqueries; int nreplies; }; @@ -150,7 +152,7 @@ #endif static void idnsCacheQuery(idns_query * q); static void idnsSendQuery(idns_query * q); -static int idnsFromKnownNameserver(struct sockaddr_in *from); +static int idnsFromKnownNameserver(struct sockaddr *from); static idns_query *idnsFindQuery(unsigned short id); static void idnsGrokReply(const char *buf, size_t sz); static PF idnsRead; @@ -161,12 +163,13 @@ static void idnsAddNameserver(const char *buf) { - struct in_addr A; + struct sockaddr_storage A; if (!safe_inet_addr(buf, &A)) { debug(78, 0) ("WARNING: rejecting '%s' as a name server, because it is not a numeric IP address\n", buf); return; } - if (A.s_addr == 0) { + if ( ((A.ss_family == AF_INET6) && IN6_IS_ADDR_UNSPECIFIED(&((struct sockaddr_in6 *)&A)->sin6_addr)) || + ((A.ss_family == AF_INET) && (((struct sockaddr_in *)&A)->sin_addr.s_addr == 0)) ) { debug(78, 0) ("WARNING: Squid does not accept 0.0.0.0 in DNS server specifications.\n"); debug(78, 0) ("Will be using 127.0.0.1 instead, assuming you meant that DNS is running on the same machine\n"); safe_inet_addr("127.0.0.1", &A); @@ -185,11 +188,13 @@ safe_free(oldptr); } assert(nns < nns_alloc); - nameservers[nns].S.sin_family = AF_INET; - nameservers[nns].S.sin_port = htons(NS_DEFAULTPORT); - nameservers[nns].S.sin_addr.s_addr = A.s_addr; + xmemcpy(&nameservers[nns].S, &A, sizeof(struct sockaddr_storage)); + if (A.ss_family == AF_INET) + ((struct sockaddr_in *)&nameservers[nns].S)->sin_port = htons(NS_DEFAULTPORT); + if (A.ss_family == AF_INET6) + ((struct sockaddr_in6 *)&nameservers[nns].S)->sin6_port = htons(NS_DEFAULTPORT); debug(78, 3) ("idnsAddNameserver: Added nameserver #%d: %s\n", - nns, inet_ntoa(nameservers[nns].S.sin_addr)); + nns, sockaddr_ntoa(&nameservers[nns].S)); nns++; } @@ -499,7 +504,7 @@ storeAppendPrintf(sentry, "--------------- --------- ---------\n"); for (i = 0; i < nns; i++) { storeAppendPrintf(sentry, "%-15s %9d %9d\n", - inet_ntoa(nameservers[i].S.sin_addr), + sockaddr_ntoa(&nameservers[i].S), nameservers[i].nqueries, nameservers[i].nreplies); } @@ -551,6 +556,7 @@ { int x; int ns; + int DnsSocketTemp; if (DnsSocket < 0) { debug(78, 1) ("idnsSendQuery: Can't send query, no DNS socket!\n"); return; @@ -562,21 +568,29 @@ idnsTcpCleanup(q); try_again: ns = q->nsends % nns; - x = comm_udp_sendto(DnsSocket, + if (nameservers[ns].S.ss_family == AF_INET6) + DnsSocketTemp = DnsSocket6; + else + DnsSocketTemp = DnsSocket; + + x = comm_udp_sendto(DnsSocketTemp, &nameservers[ns].S, - sizeof(nameservers[ns].S), + SOCKLEN(&nameservers[ns].S), q->buf, q->sz); q->nsends++; q->sent_t = current_time; if (x < 0) { debug(50, 1) ("idnsSendQuery: FD %d: sendto: %s\n", - DnsSocket, xstrerror()); + DnsSocketTemp, xstrerror()); if (q->nsends % nns != 0) goto try_again; } else { - fd_bytes(DnsSocket, x, FD_WRITE); - commSetSelect(DnsSocket, COMM_SELECT_READ, idnsRead, NULL, 0); + fd_bytes(DnsSocketTemp, x, FD_WRITE); +/* + if (q->query.qtype == RFC1035_TYPE_A) +*/ + commSetSelect(DnsSocketTemp, COMM_SELECT_READ, idnsRead, NULL, 0); } nameservers[ns].nqueries++; dlinkAdd(q, &q->lru, &lru_list); @@ -584,13 +598,19 @@ } static int -idnsFromKnownNameserver(struct sockaddr_in *from) +idnsFromKnownNameserver(struct sockaddr *from) { int i; for (i = 0; i < nns; i++) { - if (nameservers[i].S.sin_addr.s_addr != from->sin_addr.s_addr) + if (nameservers[i].S.ss_family != from->sa_family) + continue; + if (from->sa_family == AF_INET && + (((struct sockaddr_in *)&nameservers[i].S)->sin_addr.s_addr != ((struct sockaddr_in *)from)->sin_addr.s_addr || + ((struct sockaddr_in *)&nameservers[i].S)->sin_port != ((struct sockaddr_in *)from)->sin_port)) continue; - if (nameservers[i].S.sin_port != from->sin_port) + if (from->sa_family == AF_INET6 && + (!IN6_ARE_ADDR_EQUAL( &((struct sockaddr_in6 *)&nameservers[i].S)->sin6_addr, &((struct sockaddr_in6 *)from)->sin6_addr) || + ((struct sockaddr_in6 *)&nameservers[i].S)->sin6_port != ((struct sockaddr_in6 *)from)->sin6_port)) continue; return i; } @@ -724,23 +744,34 @@ static void idnsRetryTcp(idns_query * q) { - struct in_addr addr; + struct sockaddr_storage addr; + char host[100], port[8]; int ns = (q->nsends - 1) % nns; idnsTcpCleanup(q); - if (Config.Addrs.udp_outgoing.s_addr != no_addr.s_addr) - addr = Config.Addrs.udp_outgoing; - else - addr = Config.Addrs.udp_incoming; + if (nameservers[ns].S.ss_family == AF_INET6) { + if (!IN6_IS_ADDR_ALLF(&((struct sockaddr_in6 *)&Config.Addrs.udp6_outgoing)->sin6_addr)) + xmemcpy(&addr, &Config.Addrs.udp6_outgoing, sizeof(addr)); + else + xmemcpy(&addr, &Config.Addrs.udp6_incoming, sizeof(addr)); + } + else { + if (((struct sockaddr_in *)&Config.Addrs.udp_outgoing)->sin_addr.s_addr != no_addr.s_addr) + xmemcpy(&addr, &Config.Addrs.udp_outgoing, sizeof(addr)); + else + xmemcpy(&addr, &Config.Addrs.udp_incoming, sizeof(addr)); + } q->tcp_socket = comm_open(SOCK_STREAM, IPPROTO_TCP, - addr, - 0, + &addr, COMM_NONBLOCKING, "DNS TCP Socket"); dlinkAdd(q, &q->lru, &lru_list); + q->ia_cur = -1; commConnectStart(q->tcp_socket, - inet_ntoa(nameservers[ns].S.sin_addr), - ntohs(nameservers[ns].S.sin_port), + sockaddr_ntoa(&nameservers[ns].S), + nameservers[ns].S.ss_family == AF_INET6 ? + ntohs(((struct sockaddr_in6 *)&nameservers[ns])->sin6_port) : + ntohs(((struct sockaddr_in *)&nameservers[ns])->sin_port) , idnsSendTcpQuery, q ); @@ -751,7 +782,7 @@ { int n; rfc1035_message *message = NULL; - idns_query *q; + idns_query *q, *q_pair; n = rfc1035MessageUnpack(buf, sz, &message); @@ -768,6 +799,9 @@ rfc1035MessageDestroy(message); return; } + + q_pair = idnsFindQuery(q->id_pair); + if (rfc1035QueryCompare(&q->query, message->query) != 0) { debug(78, 3) ("idnsGrokReply: Query mismatch (%s != %s)\n", q->query.name, message->query->name); rfc1035MessageDestroy(message); @@ -823,6 +857,9 @@ return; } } + if (q_pair) + n = n + 10000; + debug(78, 3) ("idnsGrokReply: id %d pair %d: %d\n", q->id, q_pair ? q->id_pair: -1, n); idnsCallback(q, message->answer, n, q->error); rfc1035MessageDestroy(message); @@ -835,7 +872,7 @@ { int *N = &incoming_sockets_accepted; ssize_t len; - struct sockaddr_in from; + struct sockaddr_storage from; socklen_t from_len; int max = INCOMING_DNS_MAX; static char rbuf[SQUID_UDP_SO_RCVBUF]; @@ -861,13 +898,13 @@ fd, xstrerror()); break; } - fd_bytes(DnsSocket, len, FD_READ); + fd_bytes(fd, len, FD_READ); assert(N); (*N)++; debug(78, 3) ("idnsRead: FD %d: received %d bytes from %s.\n", fd, (int) len, - inet_ntoa(from.sin_addr)); + sockaddr_ntoa(&from)); ns = idnsFromKnownNameserver(&from); if (ns >= 0) { nameservers[ns].nreplies++; @@ -875,7 +912,7 @@ static time_t last_warning = 0; if (squid_curtime - last_warning > 60) { debug(78, 1) ("WARNING: Reply from unknown nameserver [%s]\n", - inet_ntoa(from.sin_addr)); + sockaddr_ntoa(&from)); last_warning = squid_curtime; } continue; @@ -883,7 +920,7 @@ idnsGrokReply(rbuf, len); } if (lru_list.head) - commSetSelect(DnsSocket, COMM_SELECT_READ, idnsRead, NULL, 0); + commSetSelect(fd, COMM_SELECT_READ, idnsRead, NULL, 0); } static void @@ -945,15 +982,15 @@ CBDATA_INIT_TYPE(idns_query); if (DnsSocket < 0) { int port; - struct in_addr addr; - if (Config.Addrs.udp_outgoing.s_addr != no_addr.s_addr) - addr = Config.Addrs.udp_outgoing; - else - addr = Config.Addrs.udp_incoming; + struct sockaddr_storage addr; + memset(&addr, 0, sizeof(addr)); + addr.ss_family = AF_INET; +#if defined(_SQUID_FREEBSD_) || defined(_SQUID_NETBSD_) || defined(_SQUID_OPENBSD_) + addr.ss_len = sizeof(struct sockaddr_in); +#endif DnsSocket = comm_open(SOCK_DGRAM, IPPROTO_UDP, - addr, - 0, + &addr, COMM_NONBLOCKING, "DNS Socket"); if (DnsSocket < 0) @@ -963,9 +1000,32 @@ */ port = comm_local_port(DnsSocket); debug(78, 1) ("DNS Socket created at %s, port %d, FD %d\n", - inet_ntoa(addr), + sockaddr_ntoa(&addr), port, DnsSocket); } + if (DnsSocket6 < 0) { + int port; + struct sockaddr_storage addr; + memset(&addr, 0, sizeof(addr)); + addr.ss_family = AF_INET6; +#if defined(_SQUID_FREEBSD_) || defined(_SQUID_NETBSD_) || defined(_SQUID_OPENBSD_) + addr.ss_len = sizeof(struct sockaddr_in6); +#endif + DnsSocket6 = comm_open(SOCK_DGRAM, + IPPROTO_UDP, + &addr, + COMM_NONBLOCKING, + "DNS Socket v6"); + if (DnsSocket < 0) + fatal("Could not create a DNS socket"); + /* Ouch... we can't call functions using debug from a debug + * statement. Doing so messes up the internal _db_level + */ + port = comm_local_port(DnsSocket6); + debug(78, 1) ("DNS Socket v6 created at %s, port %d, FD %d\n", + sockaddr_ntoa(&addr), + port, DnsSocket6); + } assert(0 == nns); idnsParseNameservers(); #ifndef _SQUID_MSWIN_ @@ -1000,10 +1060,12 @@ void idnsShutdown(void) { - if (DnsSocket < 0) + if (DnsSocket < 0 && DnsSocket6 < 0) return; comm_close(DnsSocket); + comm_close(DnsSocket6); DnsSocket = -1; + DnsSocket6 = -1; idnsFreeNameservers(); idnsFreeSearchpath(); } @@ -1028,21 +1090,84 @@ static void idnsCacheQuery(idns_query * q) { - q->hash.key = q->query.name; + q->hash.key = q->query_key; hash_join(idns_lookup_hash, &q->hash); } +static void +idnsAAAALookup(const char *name, IDNSCB * callback, void *data, unsigned short id_pair, unsigned short id) +{ + unsigned int i; + int nd = 0; + idns_query *q; + char query_key[RFC1035_MAXHOSTNAMESZ+5]; + snprintf(query_key, RFC1035_MAXHOSTNAMESZ+5, "%s%d", name, RFC1035_TYPE_AAAA); + if (idnsCachedLookup(query_key, callback, data)) + return; + if (!id_pair && !id) + return; + q = cbdataAlloc(idns_query); + q->tcp_socket = -1; + q->id = id; + q->id_pair = id_pair; + + for (i = 0; i < strlen(name); i++) { + if (name[i] == '.') { + nd++; + } + } + + if (Config.onoff.res_defnames && npc > 0 && name[strlen(name) - 1] != '.') { + q->do_searchpath = 1; + } else { + q->do_searchpath = 0; + } + strcpy(q->orig, name); + strcpy(q->name, q->orig); + if (q->do_searchpath && nd < ndots) { + q->domain = 0; + strcat(q->name, "."); + strcat(q->name, searchpath[q->domain].domain); + debug(78, 3) ("idnsALookup: searchpath used for %s\n", + q->name); + } + q->sz = rfc1035BuildAAAAQuery(q->name, q->buf, sizeof(q->buf), q->id, + &q->query); + + if (q->sz < 0) { + /* problem with query data -- query not sent */ + callback(data, NULL, 0, "Internal error"); + cbdataFree(q); + return; + } + debug(78, 3) ("idnsAAAALookup: buf is %d bytes for %s, id = %#hx\n", + (int) q->sz, q->name, q->id); + snprintf(q->query_key, RFC1035_MAXHOSTNAMESZ+5, "%s%d", q->query.name, q->query.qtype); + q->callback = callback; + q->callback_data = data; + cbdataLock(q->callback_data); + q->start_t = current_time; + idnsCacheQuery(q); + idnsSendQuery(q); +} + + void idnsALookup(const char *name, IDNSCB * callback, void *data) { unsigned int i; int nd = 0; idns_query *q; - if (idnsCachedLookup(name, callback, data)) + char query_key[RFC1035_MAXHOSTNAMESZ+5]; + snprintf(query_key, RFC1035_MAXHOSTNAMESZ+5, "%s%d", name, RFC1035_TYPE_A); + if (idnsCachedLookup(query_key, callback, data)) { + idnsAAAALookup(name, callback, data, 0, 0); return; + } q = cbdataAlloc(idns_query); q->tcp_socket = -1; q->id = idnsQueryID(); + q->id_pair = idnsQueryID(); for (i = 0; i < strlen(name); i++) { if (name[i] == '.') { @@ -1075,19 +1200,21 @@ } debug(78, 3) ("idnsALookup: buf is %d bytes for %s, id = %#hx\n", (int) q->sz, q->name, q->id); + snprintf(q->query_key, RFC1035_MAXHOSTNAMESZ+5, "%s%d", q->query.name, q->query.qtype); q->callback = callback; q->callback_data = data; cbdataLock(q->callback_data); q->start_t = current_time; idnsCacheQuery(q); idnsSendQuery(q); + idnsAAAALookup(name, callback, data, q->id, q->id_pair); } void -idnsPTRLookup(const struct in_addr addr, IDNSCB * callback, void *data) +idnsPTRLookup(const struct sockaddr *addr, IDNSCB * callback, void *data) { idns_query *q; - const char *ip = inet_ntoa(addr); + const char *ip = sockaddr_ntoa(addr); q = cbdataAlloc(idns_query); q->tcp_socket = -1; q->id = idnsQueryID(); diff -r -u squid-2.6.STABLE13/src/enums.h new-STABLE13/src/enums.h --- squid-2.6.STABLE13/src/enums.h Sun Mar 4 03:34:13 2007 +++ new-STABLE13/src/enums.h Sun May 13 00:59:36 2007 @@ -1,6 +1,6 @@ /* - * $Id: enums.h,v 1.237.2.3 2007/03/03 18:34:13 hno Exp $ + * $Id: enums.h,v 1.1 2007/05/11 04:58:37 husni Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ diff -r -u squid-2.6.STABLE13/src/errorpage.c new-STABLE13/src/errorpage.c --- squid-2.6.STABLE13/src/errorpage.c Fri Jan 19 09:21:01 2007 +++ new-STABLE13/src/errorpage.c Sun May 13 00:59:36 2007 @@ -1,6 +1,6 @@ /* - * $Id: errorpage.c,v 1.190 2007/01/19 00:21:01 hno Exp $ + * $Id: errorpage.c,v 1.191 2007/05/11 05:02:31 husni Exp $ * * DEBUG: section 4 Error Generation * AUTHOR: Duane Wessels @@ -507,7 +507,7 @@ p = "[unknown host]"; break; case 'i': - memBufPrintf(&mb, "%s", inet_ntoa(err->src_addr)); + memBufPrintf(&mb, "%s", sockaddr_ntoa(&err->src_addr)); break; case 'I': if (r && r->hier.host) { diff -r -u squid-2.6.STABLE13/src/external_acl.c new-STABLE13/src/external_acl.c --- squid-2.6.STABLE13/src/external_acl.c Tue Jan 2 08:32:13 2007 +++ new-STABLE13/src/external_acl.c Sun May 13 00:59:37 2007 @@ -1,6 +1,6 @@ /* - * $Id: external_acl.c,v 1.29 2007/01/01 23:32:13 hno Exp $ + * $Id: external_acl.c,v 1.30 2007/05/11 05:02:31 husni Exp $ * * DEBUG: section 82 External ACL * AUTHOR: Henrik Nordstrom, MARA Systems AB @@ -639,14 +639,14 @@ break; #endif case EXT_ACL_SRC: - str = inet_ntoa(ch->src_addr); + str = sockaddr_ntoa(&ch->src_addr); break; case EXT_ACL_SRCPORT: snprintf(buf, sizeof(buf), "%d", request->client_port); str = buf; break; case EXT_ACL_MYADDR: - str = inet_ntoa(request->my_addr); + str = sockaddr_ntoa(&request->my_addr); break; case EXT_ACL_MYPORT: snprintf(buf, sizeof(buf), "%d", request->my_port); diff -r -u squid-2.6.STABLE13/src/forward.c new-STABLE13/src/forward.c --- squid-2.6.STABLE13/src/forward.c Tue Apr 17 18:35:17 2007 +++ new-STABLE13/src/forward.c Sun May 13 00:59:37 2007 @@ -1,6 +1,6 @@ /* - * $Id: forward.c,v 1.120.2.3 2007/04/17 09:35:17 hno Exp $ + * $Id: forward.c,v 1.2 2007/05/11 05:02:31 husni Exp $ * * DEBUG: section 17 Request Forwarding * AUTHOR: Duane Wessels @@ -348,6 +348,15 @@ err->dnsserver_msg = xstrdup(dns_error_message); fwdFail(fwdState, err); comm_close(server_fd); + } else if (status == COMM_ERR_INV_ARGS) { + assert(fs); + err = errorCon(ERR_CONNECT_FAIL, HTTP_SERVICE_UNAVAILABLE, fwdState->request); + err->xerrno = errno; + fwdState->server_fd_was_inv_args = 1; + fwdFail(fwdState, err); + if (fs->peer) + peerConnectFailed(fs->peer); + comm_close(server_fd); } else if (status != COMM_OK) { assert(fs); err = errorCon(ERR_CONNECT_FAIL, HTTP_SERVICE_UNAVAILABLE, fwdState->request); @@ -387,23 +396,32 @@ /* * This marks the peer DOWN ... */ - if (fwdState->servers) + if (fwdState->servers) { if (fwdState->servers->peer) peerConnectFailed(fwdState->servers->peer); + if (fwdState->servers->code == HIER_DIRECT) { + struct sockaddr_storage host_addr; + safe_inet_addr(fwdState->request->hier.host, (struct sockaddr *)&host_addr); + ipcacheMarkBadAddr(fwdState->request->host, (struct sockaddr *)&host_addr); + } + } } comm_close(fd); } -static struct in_addr +static struct sockaddr_storage * aclMapAddr(acl_address * head, aclCheck_t * ch) { acl_address *l; - struct in_addr addr; + struct sockaddr_storage *addr; + struct sockaddr_in *addr4; for (l = head; l; l = l->next) { if (aclMatchAclList(l->acl_list, ch)) - return l->addr; + return &l->addr; } - addr.s_addr = INADDR_ANY; + addr = xmalloc(sizeof(struct sockaddr_storage)); + addr4 = (struct sockaddr_in *)addr; + addr4->sin_addr.s_addr = INADDR_ANY; return addr; } @@ -418,14 +436,14 @@ return 0; } -struct in_addr +struct sockaddr_storage * getOutgoingAddr(request_t * request) { aclCheck_t ch; memset(&ch, '\0', sizeof(aclCheck_t)); if (request) { - ch.src_addr = request->client_addr; - ch.my_addr = request->my_addr; + xmemcpy(&ch.src_addr, &request->client_addr, sizeof(struct sockaddr_storage)); + xmemcpy(&ch.my_addr, &request->my_addr, sizeof(struct sockaddr_storage)); ch.my_port = request->my_port; ch.request = request; } @@ -439,7 +457,8 @@ memset(&ch, '\0', sizeof(aclCheck_t)); if (request) { ch.src_addr = request->client_addr; - ch.my_addr = request->my_addr; + xmemcpy(&ch.src_addr, &request->client_addr, sizeof(struct sockaddr_storage)); + xmemcpy(&ch.my_addr, &request->my_addr, sizeof(struct sockaddr_storage)); ch.my_port = request->my_port; ch.request = request; } @@ -456,11 +475,13 @@ FwdServer *fs = fwdState->servers; const char *host; const char *name; + char portstr[8]; unsigned short port; const char *domain = NULL; int ctimeout; int ftimeout = Config.Timeout.forward - (squid_curtime - fwdState->start); - struct in_addr outgoing; + struct sockaddr_storage outgoing, peerinfo; + struct addrinfo hints, *res; unsigned short tos; #if LINUX_TPROXY struct in_tproxy itp; @@ -469,6 +490,9 @@ assert(fs); assert(fwdState->server_fd == -1); debug(17, 3) ("fwdConnectStart: %s\n", url); + debug(17, 3) (" fwdState: 0x%x was IPv6: %d tries: %d err: %d\n", + fwdState, fwdState->server_fd_was_v6, fwdState->n_tries, + fwdState->err ? fwdState->err->xerrno : 0); if (fs->peer) { host = fs->peer->host; name = fs->peer->name; @@ -517,7 +541,7 @@ fd = pconnPop(name, port, domain, &fwdState->request->client_addr, 0); #endif if (fd == -1) - fd = pconnPop(name, port, domain, NULL, 0); + fd = pconnPop(name, port, domain, NULL); if (fd != -1) { if (fwdCheckRetriable(fwdState)) { debug(17, 3) ("fwdConnectStart: reusing pconn FD %d\n", fd); @@ -545,15 +569,44 @@ #if URL_CHECKSUM_DEBUG assert(fwdState->entry->mem_obj->chksum == url_checksum(url)); #endif + + if (fwdState->server_fd_was_inv_args) { + fwdState->n_tries--; + if (!fs->peer) + fwdState->origin_tries--; + } + else + fwdState->ia_cur = -1; + memset(&outgoing, 0, sizeof(outgoing)); + if (fwdState->server_fd_was_v6) + outgoing.ss_family = fwdState->server_fd_was_inv_args ? + AF_INET : AF_INET6 ; + else + outgoing.ss_family = fwdState->server_fd_was_inv_args ? + AF_INET6 : AF_INET ; + fwdState->server_fd_was_inv_args = 0; + + if (fs->peer && fs->peer->in_addr.ss_family == AF_INET6) + outgoing.ss_family = AF_INET6; + if (outgoing.ss_family == AF_INET6) + fwdState->server_fd_was_v6 = 1; + else + fwdState->server_fd_was_v6 = 0; +#if defined(_SQUID_FREEBSD_) || defined(_SQUID_NETBSD_) || defined(_SQUID_OPENBSD_) + outgoing.ss_len = outgoing.ss_family == AF_INET6 ? + sizeof(struct sockaddr_in6) : sizeof(struct sockaddr_in); +#endif + tos = 0; +/* HUSNI skip ACL outgoing = getOutgoingAddr(fwdState->request); tos = getOutgoingTOS(fwdState->request); +*/ debug(17, 3) ("fwdConnectStart: got addr %s, tos %d\n", - inet_ntoa(outgoing), tos); + sockaddr_ntoa(&outgoing), tos); fd = comm_openex(SOCK_STREAM, IPPROTO_TCP, - outgoing, - 0, + &outgoing, COMM_NONBLOCKING, tos, url); @@ -813,13 +866,13 @@ * from peer_digest.c, asn.c, netdb.c, etc and should always * be allowed. yuck, I know. */ - if (r->client_addr.s_addr != no_addr.s_addr && r->protocol != PROTO_INTERNAL && r->protocol != PROTO_CACHEOBJ) { + if (((struct sockaddr_in *)&r->client_addr)->sin_addr.s_addr != no_addr.s_addr && r->protocol != PROTO_INTERNAL && r->protocol != PROTO_CACHEOBJ) { /* * Check if this host is allowed to fetch MISSES from us (miss_access) */ memset(&ch, '\0', sizeof(aclCheck_t)); - ch.src_addr = r->client_addr; - ch.my_addr = r->my_addr; + xmemcpy(&ch.src_addr, &r->client_addr, sizeof(struct sockaddr_storage)); + xmemcpy(&ch.my_addr, &r->my_addr, sizeof(struct sockaddr_storage)); ch.my_port = r->my_port; ch.request = r; answer = aclCheckFast(Config.accessList.miss, &ch); @@ -871,9 +924,7 @@ #if LINUX_TPROXY /* If we need to transparently proxy the request * then we need the client source address and port */ - fwdState->src.sin_family = AF_INET; - fwdState->src.sin_addr = r->client_addr; - fwdState->src.sin_port = r->client_port; + xmemcpy(&fwdState->src, &r->client_addr, sizeof(struct sockaddr_storage)); #endif storeLockObject(e); @@ -947,6 +998,11 @@ err_type_str[errorState->type], httpStatusString(errorState->http_status), storeUrl(fwdState->entry)); + if (fwdState->server_fd_was_inv_args) { + errorStateFree(errorState); + return; + } + fwdState->server_fd_was_inv_args = 0; if (fwdState->err) errorStateFree(fwdState->err); fwdState->err = errorState; diff -r -u squid-2.6.STABLE13/src/fqdncache.c new-STABLE13/src/fqdncache.c --- squid-2.6.STABLE13/src/fqdncache.c Tue May 30 09:56:11 2006 +++ new-STABLE13/src/fqdncache.c Sun May 13 00:59:37 2007 @@ -1,6 +1,6 @@ /* - * $Id: fqdncache.c,v 1.156 2006/05/30 00:56:11 hno Exp $ + * $Id: fqdncache.c,v 1.157 2007/05/11 05:02:31 husni Exp $ * * DEBUG: section 35 FQDN Cache * AUTHOR: Harvest Derived @@ -351,11 +351,12 @@ } void -fqdncache_nbgethostbyaddr(struct in_addr addr, FQDNH * handler, void *handlerData) +fqdncache_nbgethostbyaddr(struct sockaddr *addr, FQDNH * handler, void *handlerData) { fqdncache_entry *f = NULL; - char *name = inet_ntoa(addr); + char name[80]; generic_cbdata *c; + getnameinfo(addr, SOCKLEN(addr), name, 80, NULL, 0, NULL); assert(handler); debug(35, 4) ("fqdncache_nbgethostbyaddr: Name '%s'.\n", name); FqdncacheStats.requests++; @@ -427,11 +428,12 @@ } const char * -fqdncache_gethostbyaddr(struct in_addr addr, int flags) +fqdncache_gethostbyaddr(struct sockaddr *addr, int flags) { - char *name = inet_ntoa(addr); + char name[80]; fqdncache_entry *f = NULL; struct in_addr ip; + getnameinfo(addr, SOCKLEN(addr), name, 80, NULL, 0, NULL); assert(name); FqdncacheStats.requests++; f = fqdncache_get(name); @@ -452,7 +454,7 @@ } dns_error_message = NULL; /* check if it's already a FQDN address in text form. */ - if (!safe_inet_addr(name, &ip)) + if (!safe_inet_addr(name, &ip)) return name; FqdncacheStats.misses++; if (flags & FQDN_LOOKUP_IF_MISS) @@ -506,13 +508,13 @@ } const char * -fqdnFromAddr(struct in_addr addr) +fqdnFromAddr(struct sockaddr *addr) { const char *n; - static char buf[32]; + static char buf[80]; if (Config.onoff.log_fqdn && (n = fqdncache_gethostbyaddr(addr, 0))) return n; - xstrncpy(buf, inet_ntoa(addr), 32); + xstrncpy(buf, sockaddr_ntoa(addr), 80); return buf; } diff -r -u squid-2.6.STABLE13/src/fs/aufs/store_dir_aufs.c new-STABLE13/src/fs/aufs/store_dir_aufs.c --- squid-2.6.STABLE13/src/fs/aufs/store_dir_aufs.c Sat Mar 3 22:34:51 2007 +++ new-STABLE13/src/fs/aufs/store_dir_aufs.c Sun May 13 00:59:37 2007 @@ -1,6 +1,6 @@ /* - * $Id: store_dir_aufs.c,v 1.67.2.1 2007/03/03 13:34:51 hno Exp $ + * $Id: store_dir_aufs.c,v 1.1 2007/05/11 04:58:37 husni Exp $ * * DEBUG: section 47 Store Directory Routines * AUTHOR: Duane Wessels diff -r -u squid-2.6.STABLE13/src/fs/coss/store_dir_coss.c new-STABLE13/src/fs/coss/store_dir_coss.c --- squid-2.6.STABLE13/src/fs/coss/store_dir_coss.c Sun May 6 07:03:47 2007 +++ new-STABLE13/src/fs/coss/store_dir_coss.c Sun May 13 00:59:37 2007 @@ -1,6 +1,6 @@ /* - * $Id: store_dir_coss.c,v 1.66.2.4 2007/05/05 22:03:47 hno Exp $ + * $Id: store_dir_coss.c,v 1.1 2007/05/11 04:58:37 husni Exp $ * * DEBUG: section 47 Store COSS Directory Routines * AUTHOR: Eric Stern diff -r -u squid-2.6.STABLE13/src/fs/diskd/diskd.c new-STABLE13/src/fs/diskd/diskd.c --- squid-2.6.STABLE13/src/fs/diskd/diskd.c Sun Feb 4 06:48:16 2007 +++ new-STABLE13/src/fs/diskd/diskd.c Sun May 13 00:59:37 2007 @@ -1,5 +1,5 @@ /* - * $Id: diskd.c,v 1.11.2.1 2007/02/03 21:48:16 hno Exp $ + * $Id: diskd.c,v 1.1 2007/05/11 04:58:37 husni Exp $ * * DEBUG: section -- External DISKD process implementation. * AUTHOR: Harvest Derived diff -r -u squid-2.6.STABLE13/src/fs/diskd/store_dir_diskd.c new-STABLE13/src/fs/diskd/store_dir_diskd.c --- squid-2.6.STABLE13/src/fs/diskd/store_dir_diskd.c Sat Mar 3 22:34:51 2007 +++ new-STABLE13/src/fs/diskd/store_dir_diskd.c Sun May 13 00:59:37 2007 @@ -1,6 +1,6 @@ /* - * $Id: store_dir_diskd.c,v 1.87.2.1 2007/03/03 13:34:51 hno Exp $ + * $Id: store_dir_diskd.c,v 1.1 2007/05/11 04:58:37 husni Exp $ * * DEBUG: section 47 Store Directory Routines * AUTHOR: Duane Wessels diff -r -u squid-2.6.STABLE13/src/fs/diskd/store_io_diskd.c new-STABLE13/src/fs/diskd/store_io_diskd.c --- squid-2.6.STABLE13/src/fs/diskd/store_io_diskd.c Sun Feb 4 06:54:16 2007 +++ new-STABLE13/src/fs/diskd/store_io_diskd.c Sun May 13 00:59:37 2007 @@ -1,6 +1,6 @@ /* - * $Id: store_io_diskd.c,v 1.33.2.4 2007/02/03 21:54:16 hno Exp $ + * $Id: store_io_diskd.c,v 1.1 2007/05/11 04:58:37 husni Exp $ * * DEBUG: section 79 Squid-side DISKD I/O functions. * AUTHOR: Duane Wessels diff -r -u squid-2.6.STABLE13/src/fs/ufs/store_dir_ufs.c new-STABLE13/src/fs/ufs/store_dir_ufs.c --- squid-2.6.STABLE13/src/fs/ufs/store_dir_ufs.c Sat Mar 3 22:34:52 2007 +++ new-STABLE13/src/fs/ufs/store_dir_ufs.c Sun May 13 00:59:37 2007 @@ -1,6 +1,6 @@ /* - * $Id: store_dir_ufs.c,v 1.63.2.1 2007/03/03 13:34:52 hno Exp $ + * $Id: store_dir_ufs.c,v 1.1 2007/05/11 04:58:37 husni Exp $ * * DEBUG: section 47 Store Directory Routines * AUTHOR: Duane Wessels diff -r -u squid-2.6.STABLE13/src/ftp.c new-STABLE13/src/ftp.c --- squid-2.6.STABLE13/src/ftp.c Tue Mar 27 08:41:43 2007 +++ new-STABLE13/src/ftp.c Sun May 13 00:59:37 2007 @@ -1,6 +1,6 @@ /* - * $Id: ftp.c,v 1.342.2.2 2007/03/26 23:41:43 hno Exp $ + * $Id: ftp.c,v 1.2 2007/05/11 05:02:31 husni Exp $ * * DEBUG: section 9 File Transfer Protocol (FTP) * AUTHOR: Harvest Derived @@ -81,6 +81,8 @@ }; typedef struct _Ftpdata { + hash_link hash; /* dummy, must be fist */ + int ia_cur; StoreEntry *entry; request_t *request; char user[MAX