From arianna.aondio at varnish-software.com Wed Feb 4 10:15:25 2015 From: arianna.aondio at varnish-software.com (arianna-aondio) Date: Wed, 04 Feb 2015 11:15:25 +0100 Subject: [master] f9aa628 We measure the timeout_req starting from sp->t_first(record first byte received timestamp) instead of sp->t_idle. Message-ID: commit f9aa6281f5194ed27cfa4c7ad7ce50cdb8f9bf1c Author: arianna-aondio Date: Wed Feb 4 11:05:47 2015 +0100 We measure the timeout_req starting from sp->t_first(record first byte received timestamp) instead of sp->t_idle. diff --git a/bin/varnishd/http1/cache_http1_fsm.c b/bin/varnishd/http1/cache_http1_fsm.c index a8c9959..84a8c16 100644 --- a/bin/varnishd/http1/cache_http1_fsm.c +++ b/bin/varnishd/http1/cache_http1_fsm.c @@ -121,7 +121,7 @@ http1_wait(struct sess *sp, struct worker *wrk, struct req *req) if (isnan(req->t_first)) /* Record first byte received time stamp */ req->t_first = now; - when = sp->t_idle + cache_param->timeout_req; + when = req->t_first + cache_param->timeout_req; tmo = (int)(1e3 * (when - now)); if (when < now || tmo == 0) { why = SC_RX_TIMEOUT; From phk at FreeBSD.org Thu Feb 5 09:04:09 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Thu, 05 Feb 2015 10:04:09 +0100 Subject: [master] 835b508 Switch to PTHREAD_MUTEX_ERRORCHECK mutexen. Message-ID: commit 835b5088dc8823323bec7427514a3c08c7a4586e Author: Poul-Henning Kamp Date: Thu Feb 5 09:01:59 2015 +0000 Switch to PTHREAD_MUTEX_ERRORCHECK mutexen. This is very unlikely to make any difference, but the sheer stupidity fot he PTHREAD_MUTEX_NORMAL definition is ubearable, now that I've become aware of it. Inspired by: CERT secure coding POS04-C diff --git a/bin/varnishd/cache/cache_lck.c b/bin/varnishd/cache/cache_lck.c index 288d452..b35b629 100644 --- a/bin/varnishd/cache/cache_lck.c +++ b/bin/varnishd/cache/cache_lck.c @@ -53,6 +53,8 @@ struct ilck { struct VSC_C_lck *stat; }; +static pthread_mutexattr_t attr; + static VTAILQ_HEAD(, ilck) ilck_head = VTAILQ_HEAD_INITIALIZER(ilck_head); @@ -177,7 +179,7 @@ Lck__New(struct lock *lck, struct VSC_C_lck *st, const char *w) ilck->w = w; ilck->stat = st; ilck->stat->creat++; - AZ(pthread_mutex_init(&ilck->mtx, NULL)); + AZ(pthread_mutex_init(&ilck->mtx, &attr)); AZ(pthread_mutex_lock(&lck_mtx)); VTAILQ_INSERT_TAIL(&ilck_head, ilck, list); AZ(pthread_mutex_unlock(&lck_mtx)); @@ -207,7 +209,9 @@ void LCK_Init(void) { - AZ(pthread_mutex_init(&lck_mtx, NULL)); + AZ(pthread_mutexattr_init(&attr)); + AZ(pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_ERRORCHECK)); + AZ(pthread_mutex_init(&lck_mtx, &attr)); #define LOCK(nam) \ lck_##nam = VSM_Alloc(sizeof(struct VSC_C_lck), \ VSC_CLASS, VSC_type_lck, #nam); From lkarsten at varnish-software.com Thu Feb 5 12:51:24 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Thu, 05 Feb 2015 13:51:24 +0100 Subject: [master] c816cc1 Remove statoverride on uninstall/purge. Message-ID: commit c816cc198a3bea643a9f8b54eaed81d8884cae23 Author: Lasse Karstensen Date: Thu Feb 5 13:49:40 2015 +0100 Remove statoverride on uninstall/purge. This is added during package installation, and was previously not cleaned up properly. Having the extra line in statoverride that references a non-existing varnishlog user, makes dpkg very sad. diff --git a/varnish.postrm b/varnish.postrm index 026b5c5..57809cd 100644 --- a/varnish.postrm +++ b/varnish.postrm @@ -8,6 +8,11 @@ case "$1" in remove|failed-upgrade|abort-install|abort-upgrade|disappear) + if dpkg-statoverride --list /var/log/varnish >/dev/null; then + dpkg-statoverride --remove /var/log/varnish || true + + fi + if test -e /var/log/varnish ; then rm -r /var/log/varnish > /dev/null 2>&1 || exit 78 @@ -35,6 +40,7 @@ case "$1" in fi rm -f /etc/varnish/secret + dpkg-statoverride --remove /var/log/varnish || true ;; From phk at FreeBSD.org Mon Feb 9 09:21:10 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Mon, 09 Feb 2015 10:21:10 +0100 Subject: [master] 2e4a2e2 Only look for libedit package if it is not native to the system Message-ID: commit 2e4a2e2866f7a5dbabce79a2fe504a5df911cf67 Author: Poul-Henning Kamp Date: Mon Feb 9 09:20:25 2015 +0000 Only look for libedit package if it is not native to the system (...or something. Needless to say, somebody with autocrap clue should stare at this in disbelief.) diff --git a/configure.ac b/configure.ac index a66d61a..c2fefe7 100644 --- a/configure.ac +++ b/configure.ac @@ -150,32 +150,36 @@ fi AC_SUBST(PCRE_CFLAGS) AC_SUBST(PCRE_LIBS) -PKG_CHECK_MODULES([LIBEDIT], [libedit], - # having the module does not imply having the header - [AC_CHECK_HEADERS([editline/readline.h], - [AC_DEFINE([HAVE_LIBEDIT], [1], [Define if we have libedit])], - [AC_MSG_ERROR([Found libedit, but header file is missing. Hint: Install dev package?])])], - [ - # AX_LIB_READLINE overwrites LIBS which leads to every binary getting - # linked against libreadline uselessly. So we re-use LIBEDIT_LIBS which - # we have for libedit to add the lib specifically where needed - save_LIBS="${LIBS}" - AX_LIB_READLINE - LIBS="${save_LIBS}" - if test "$ax_cv_lib_readline" = "no"; then - AC_MSG_ERROR([neither libedit nor another readline compatible library found]) - fi - if test "x$ax_cv_lib_readline_history" != "xyes"; then - AC_MSG_ERROR([need readline history support]) - fi - LIBEDIT_LIBS="$ax_cv_lib_readline" +AC_CHECK_HEADERS([edit/readline/readline.h], + [AC_DEFINE([HAVE_LIBEDIT], [1], [Define if we have libedit]) + LIBEDIT_LIBS="-ledit"], + + [PKG_CHECK_MODULES([LIBEDIT], [libedit], + # having the module does not imply having the header + [AC_CHECK_HEADERS([editline/readline.h], + [AC_DEFINE([HAVE_LIBEDIT], [1], [Define if we have libedit])], + [AC_MSG_ERROR([Found libedit, but header file is missing. Hint: Install dev package?])])], + [ + # AX_LIB_READLINE overwrites LIBS which leads to every binary getting + # linked against libreadline uselessly. So we re-use LIBEDIT_LIBS which + # we have for libedit to add the lib specifically where needed + save_LIBS="${LIBS}" + AX_LIB_READLINE + LIBS="${save_LIBS}" + if test "$ax_cv_lib_readline" = "no"; then + AC_MSG_ERROR([neither libedit nor another readline compatible library found]) + fi + if test "x$ax_cv_lib_readline_history" != "xyes"; then + AC_MSG_ERROR([need readline history support]) + fi + LIBEDIT_LIBS="$ax_cv_lib_readline" + ]) ]) # Checks for header files. AC_HEADER_STDC AC_HEADER_SYS_WAIT AC_HEADER_TIME -AC_CHECK_HEADERS([edit/readline/readline.h]) AC_CHECK_HEADERS([sys/param.h]) AC_CHECK_HEADERS([sys/types.h]) AC_CHECK_HEADERS([sys/endian.h]) From phk at FreeBSD.org Mon Feb 9 10:27:57 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Mon, 09 Feb 2015 11:27:57 +0100 Subject: [master] 62f6ecb Make sure the ims-candidate has a Last-Modified header. Message-ID: commit 62f6ecb981b98c61c2480df5bfb7f6b02b79679b Author: Poul-Henning Kamp Date: Mon Feb 9 09:53:08 2015 +0000 Make sure the ims-candidate has a Last-Modified header. diff --git a/bin/varnishtest/tests/c00058.vtc b/bin/varnishtest/tests/c00058.vtc index 8c9940b..b898034 100644 --- a/bin/varnishtest/tests/c00058.vtc +++ b/bin/varnishtest/tests/c00058.vtc @@ -2,7 +2,7 @@ varnishtest "Test v4 grace" server s1 { rxreq - txresp -bodylen 3 + txresp -hdr "Last-Modified: Mon, 09 Feb 2015 09:32:47 GMT" -bodylen 3 rxreq txresp -bodylen 6 sema r2 sync 2 From phk at FreeBSD.org Mon Feb 9 10:27:57 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Mon, 09 Feb 2015 11:27:57 +0100 Subject: [master] 021ffee If the backend sends 304 to a non-conditional fetch, we should not assert but fail the fetch. Message-ID: commit 021ffeef1dbb9510d147f080795a568253a1a13a Author: Poul-Henning Kamp Date: Mon Feb 9 10:27:02 2015 +0000 If the backend sends 304 to a non-conditional fetch, we should not assert but fail the fetch. Fixes #1672 Based mostly on patch from martin diff --git a/bin/varnishd/cache/cache_fetch.c b/bin/varnishd/cache/cache_fetch.c index 07801e8..19d1617 100644 --- a/bin/varnishd/cache/cache_fetch.c +++ b/bin/varnishd/cache/cache_fetch.c @@ -190,7 +190,8 @@ vbf_stp_mkbereq(const struct worker *wrk, struct busyobj *bo) AN(bo->req); bo->req = NULL; http_CopyHome(bo->bereq0); - } + } else + AZ(bo->ims_oc); if (bo->ims_oc != NULL && ObjCheckFlag(bo->wrk, bo->ims_oc, OF_IMSCAND)) { @@ -259,7 +260,7 @@ vbf_stp_retry(struct worker *wrk, struct busyobj *bo) static enum fetch_step vbf_stp_startfetch(struct worker *wrk, struct busyobj *bo) { - int i, do_ims; + int i, do_ims = 0; double now; char time_str[VTIM_FORMAT_SIZE]; @@ -393,22 +394,33 @@ vbf_stp_startfetch(struct worker *wrk, struct busyobj *bo) AZ(bo->do_esi); - if (bo->ims_oc != NULL && http_IsStatus(bo->beresp, 304)) { - if (ObjCheckFlag(bo->wrk, bo->ims_oc, OF_CHGGZIP)) { + if (http_IsStatus(bo->beresp, 304)) { + if (bo->ims_oc != NULL && + ObjCheckFlag(bo->wrk, bo->ims_oc, OF_IMSCAND)) { + if (ObjCheckFlag(bo->wrk, bo->ims_oc, OF_CHGGZIP)) { + /* + * If we changed the gzip status of the object + * the stored Content_Encoding controls we + * must weaken any new ETag we get. + */ + http_Unset(bo->beresp, H_Content_Encoding); + RFC2616_Weaken_Etag(bo->beresp); + } + http_Unset(bo->beresp, H_Content_Length); + HTTP_Merge(bo->wrk, bo->ims_oc, bo->beresp); + assert(http_IsStatus(bo->beresp, 200)); + do_ims = 1; + } else if (!bo->do_pass) { /* - * If we changed the gzip status of the object - * the stored Content_Encoding controls we - * must weaken any new ETag we get. + * Backend sent unallowed 304 */ - http_Unset(bo->beresp, H_Content_Encoding); - RFC2616_Weaken_Etag(bo->beresp); + VSLb(bo->vsl, SLT_Error, + "304 response but not conditional fetch"); + bo->doclose = SC_RX_BAD; + VDI_Finish(bo->wrk, bo); + return (F_STP_FAIL); } - http_Unset(bo->beresp, H_Content_Length); - HTTP_Merge(bo->wrk, bo->ims_oc, bo->beresp); - assert(http_IsStatus(bo->beresp, 200)); - do_ims = 1; - } else - do_ims = 0; + } bo->vfc->bo = bo; bo->vfc->oc = bo->fetch_objcore; diff --git a/include/tbl/sess_close.h b/include/tbl/sess_close.h index 351cc58..8930b74 100644 --- a/include/tbl/sess_close.h +++ b/include/tbl/sess_close.h @@ -32,7 +32,7 @@ SESS_CLOSE(REM_CLOSE, "Client Closed") SESS_CLOSE(REQ_CLOSE, "Client requested close") SESS_CLOSE(REQ_HTTP10, "Proto < HTTP/1.1") -SESS_CLOSE(RX_BAD, "Received bad request") +SESS_CLOSE(RX_BAD, "Received bad req/resp") SESS_CLOSE(RX_BODY, "Failure receiving req.body") SESS_CLOSE(RX_JUNK, "Received junk data") SESS_CLOSE(RX_OVERFLOW, "Received buffer overflow") From phk at FreeBSD.org Mon Feb 9 10:34:50 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Mon, 09 Feb 2015 11:34:50 +0100 Subject: [master] 216bea7 add testcase for 1672 Message-ID: commit 216bea7e84ea605a48e62923fd6afd0069d3301a Author: Poul-Henning Kamp Date: Mon Feb 9 10:34:42 2015 +0000 add testcase for 1672 diff --git a/bin/varnishtest/tests/r01672.vtc b/bin/varnishtest/tests/r01672.vtc new file mode 100644 index 0000000..e59670d --- /dev/null +++ b/bin/varnishtest/tests/r01672.vtc @@ -0,0 +1,34 @@ +varnishtest "#1672: Bogus 304 backend reply" + +# First serve a non-200 status object to the cache, +# then revalidate it unconditionally + +server s1 { + rxreq + txresp -status 404 + + rxreq + txresp -status 304 +} -start + +varnish v1 -vcl+backend { + sub vcl_backend_response { + set beresp.ttl = 0.1s; + set beresp.grace = 0s; + set beresp.keep = 10s; + } +} -start + +client c1 { + txreq + rxresp + expect resp.status == 404 +} -run + +delay 0.2 + +client c1 { + txreq + rxresp + expect resp.status == 503 +} -run From phk at FreeBSD.org Mon Feb 9 10:36:00 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Mon, 09 Feb 2015 11:36:00 +0100 Subject: [master] a548984 Rename ims_oc to stable_oc, per martins suggestion Message-ID: commit a548984b2a1c8d46000e5119df0573690b244371 Author: Poul-Henning Kamp Date: Mon Feb 9 10:35:37 2015 +0000 Rename ims_oc to stable_oc, per martins suggestion diff --git a/bin/varnishd/cache/cache.h b/bin/varnishd/cache/cache.h index fccc466..faaaf4f 100644 --- a/bin/varnishd/cache/cache.h +++ b/bin/varnishd/cache/cache.h @@ -509,7 +509,7 @@ struct busyobj { struct http *bereq0; struct http *bereq; struct http *beresp; - struct objcore *ims_oc; + struct objcore *stale_oc; struct objcore *fetch_objcore; struct http_conn *htc; @@ -610,7 +610,7 @@ struct req { struct ws ws[1]; struct objcore *objcore; - struct objcore *ims_oc; + struct objcore *stale_oc; /* Lookup stuff */ struct SHA256Context *sha256ctx; diff --git a/bin/varnishd/cache/cache_fetch.c b/bin/varnishd/cache/cache_fetch.c index 19d1617..8f0ba2e 100644 --- a/bin/varnishd/cache/cache_fetch.c +++ b/bin/varnishd/cache/cache_fetch.c @@ -191,15 +191,15 @@ vbf_stp_mkbereq(const struct worker *wrk, struct busyobj *bo) bo->req = NULL; http_CopyHome(bo->bereq0); } else - AZ(bo->ims_oc); + AZ(bo->stale_oc); - if (bo->ims_oc != NULL && - ObjCheckFlag(bo->wrk, bo->ims_oc, OF_IMSCAND)) { - q = HTTP_GetHdrPack(bo->wrk, bo->ims_oc, H_Last_Modified); + if (bo->stale_oc != NULL && + ObjCheckFlag(bo->wrk, bo->stale_oc, OF_IMSCAND)) { + q = HTTP_GetHdrPack(bo->wrk, bo->stale_oc, H_Last_Modified); if (q != NULL) http_PrintfHeader(bo->bereq0, "If-Modified-Since: %s", q); - q = HTTP_GetHdrPack(bo->wrk, bo->ims_oc, H_ETag); + q = HTTP_GetHdrPack(bo->wrk, bo->stale_oc, H_ETag); if (q != NULL) http_PrintfHeader(bo->bereq0, "If-None-Match: %s", q); @@ -395,9 +395,9 @@ vbf_stp_startfetch(struct worker *wrk, struct busyobj *bo) AZ(bo->do_esi); if (http_IsStatus(bo->beresp, 304)) { - if (bo->ims_oc != NULL && - ObjCheckFlag(bo->wrk, bo->ims_oc, OF_IMSCAND)) { - if (ObjCheckFlag(bo->wrk, bo->ims_oc, OF_CHGGZIP)) { + if (bo->stale_oc != NULL && + ObjCheckFlag(bo->wrk, bo->stale_oc, OF_IMSCAND)) { + if (ObjCheckFlag(bo->wrk, bo->stale_oc, OF_CHGGZIP)) { /* * If we changed the gzip status of the object * the stored Content_Encoding controls we @@ -407,7 +407,7 @@ vbf_stp_startfetch(struct worker *wrk, struct busyobj *bo) RFC2616_Weaken_Etag(bo->beresp); } http_Unset(bo->beresp, H_Content_Length); - HTTP_Merge(bo->wrk, bo->ims_oc, bo->beresp); + HTTP_Merge(bo->wrk, bo->stale_oc, bo->beresp); assert(http_IsStatus(bo->beresp, 200)); do_ims = 1; } else if (!bo->do_pass) { @@ -684,8 +684,8 @@ vbf_stp_fetch(struct worker *wrk, struct busyobj *bo) VBO_setstate(bo, BOS_FINISHED); VSLb_ts_busyobj(bo, "BerespBody", W_TIM_real(wrk)); - if (bo->ims_oc != NULL) - EXP_Rearm(bo->ims_oc, bo->ims_oc->exp.t_origin, 0, 0, 0); + if (bo->stale_oc != NULL) + EXP_Rearm(bo->stale_oc, bo->stale_oc->exp.t_origin, 0, 0, 0); return (F_STP_DONE); } @@ -706,12 +706,12 @@ vbf_stp_condfetch(struct worker *wrk, struct busyobj *bo) AZ(vbf_beresp2obj(bo)); - if (ObjGetattr(bo->wrk, bo->ims_oc, OA_ESIDATA, NULL) != NULL) - AZ(ObjCopyAttr(bo->wrk, bo->fetch_objcore, bo->ims_oc, + if (ObjGetattr(bo->wrk, bo->stale_oc, OA_ESIDATA, NULL) != NULL) + AZ(ObjCopyAttr(bo->wrk, bo->fetch_objcore, bo->stale_oc, OA_ESIDATA)); - AZ(ObjCopyAttr(bo->wrk, bo->fetch_objcore, bo->ims_oc, OA_FLAGS)); - AZ(ObjCopyAttr(bo->wrk, bo->fetch_objcore, bo->ims_oc, OA_GZIPBITS)); + AZ(ObjCopyAttr(bo->wrk, bo->fetch_objcore, bo->stale_oc, OA_FLAGS)); + AZ(ObjCopyAttr(bo->wrk, bo->fetch_objcore, bo->stale_oc, OA_GZIPBITS)); if (bo->do_stream) { HSH_Unbusy(wrk, bo->fetch_objcore); @@ -719,13 +719,13 @@ vbf_stp_condfetch(struct worker *wrk, struct busyobj *bo) } al = 0; - oi = ObjIterBegin(wrk, bo->ims_oc); + oi = ObjIterBegin(wrk, bo->stale_oc); do { - ois = ObjIter(bo->ims_oc, oi, &sp, &sl); + ois = ObjIter(bo->stale_oc, oi, &sp, &sl); if (ois == OIS_ERROR) (void)VFP_Error(bo->vfc, "Template object failed"); while (sl > 0) { - l = ObjGetLen(bo->wrk, bo->ims_oc) - al; + l = ObjGetLen(bo->wrk, bo->stale_oc) - al; assert(l > 0); if (VFP_GetStorage(bo->vfc, &l, &ptr) != VFP_OK) break; @@ -738,8 +738,8 @@ vbf_stp_condfetch(struct worker *wrk, struct busyobj *bo) sl -= l; } } while (!bo->vfc->failed && (ois == OIS_DATA || ois == OIS_STREAM)); - ObjIterEnd(bo->ims_oc, &oi); - if (bo->ims_oc->flags & OC_F_FAILED) + ObjIterEnd(bo->stale_oc, &oi); + if (bo->stale_oc->flags & OC_F_FAILED) (void)VFP_Error(bo->vfc, "Template object failed"); if (bo->vfc->failed) { VDI_Finish(bo->wrk, bo); @@ -750,7 +750,7 @@ vbf_stp_condfetch(struct worker *wrk, struct busyobj *bo) HSH_Unbusy(wrk, bo->fetch_objcore); assert(ObjGetLen(bo->wrk, bo->fetch_objcore) == al); - EXP_Rearm(bo->ims_oc, bo->ims_oc->exp.t_origin, 0, 0, 0); + EXP_Rearm(bo->stale_oc, bo->stale_oc->exp.t_origin, 0, 0, 0); /* Recycle the backend connection before setting BOS_FINISHED to give predictable backend reuse behavior for varnishtest */ @@ -930,8 +930,8 @@ vbf_fetch_thread(struct worker *wrk, void *priv) } AZ(bo->fetch_objcore->busyobj); - if (bo->ims_oc != NULL) - (void)HSH_DerefObjCore(wrk, &bo->ims_oc); + if (bo->stale_oc != NULL) + (void)HSH_DerefObjCore(wrk, &bo->stale_oc); wrk->vsl = NULL; @@ -986,11 +986,11 @@ VBF_Fetch(struct worker *wrk, struct req *req, struct objcore *oc, HSH_Ref(oc); bo->fetch_objcore = oc; - AZ(bo->ims_oc); + AZ(bo->stale_oc); if (oldoc != NULL) { assert(oldoc->refcnt > 0); HSH_Ref(oldoc); - bo->ims_oc = oldoc; + bo->stale_oc = oldoc; } AZ(bo->req); @@ -1002,8 +1002,8 @@ VBF_Fetch(struct worker *wrk, struct req *req, struct objcore *oc, if (Pool_Task(wrk->pool, &bo->fetch_task, POOL_QUEUE_FRONT)) { wrk->stats->fetch_no_thread++; (void)vbf_stp_fail(req->wrk, bo); - if (bo->ims_oc != NULL) - (void)HSH_DerefObjCore(wrk, &bo->ims_oc); + if (bo->stale_oc != NULL) + (void)HSH_DerefObjCore(wrk, &bo->stale_oc); VBO_DerefBusyObj(wrk, &bo_fetch); } else { bo_fetch = NULL; /* ref transferred to fetch thread */ diff --git a/bin/varnishd/cache/cache_panic.c b/bin/varnishd/cache/cache_panic.c index a5c2ce6..193ac22 100644 --- a/bin/varnishd/cache/cache_panic.c +++ b/bin/varnishd/cache/cache_panic.c @@ -356,8 +356,8 @@ pan_busyobj(const struct busyobj *bo) pan_http("beresp", bo->beresp, 4); if (bo->fetch_objcore) pan_objcore("FETCH", bo->fetch_objcore); - if (bo->ims_oc) - pan_objcore("IMS", bo->ims_oc); + if (bo->stale_oc) + pan_objcore("IMS", bo->stale_oc); VSB_printf(pan_vsp, " }\n"); } diff --git a/bin/varnishd/cache/cache_req_fsm.c b/bin/varnishd/cache/cache_req_fsm.c index e080eee..aa737d9 100644 --- a/bin/varnishd/cache/cache_req_fsm.c +++ b/bin/varnishd/cache/cache_req_fsm.c @@ -371,7 +371,7 @@ cnt_lookup(struct worker *wrk, struct req *req) case VCL_RET_FETCH: if (boc != NULL) { req->objcore = boc; - req->ims_oc = oc; + req->stale_oc = oc; req->req_step = R_STP_MISS; } else { (void)HSH_DerefObjCore(wrk, &req->objcore); @@ -428,10 +428,10 @@ cnt_miss(struct worker *wrk, struct req *req) switch (wrk->handling) { case VCL_RET_FETCH: wrk->stats->cache_miss++; - VBF_Fetch(wrk, req, req->objcore, req->ims_oc, VBF_NORMAL); + VBF_Fetch(wrk, req, req->objcore, req->stale_oc, VBF_NORMAL); req->req_step = R_STP_FETCH; - if (req->ims_oc != NULL) - (void)HSH_DerefObjCore(wrk, &req->ims_oc); + if (req->stale_oc != NULL) + (void)HSH_DerefObjCore(wrk, &req->stale_oc); return (REQ_FSM_MORE); case VCL_RET_SYNTH: req->req_step = R_STP_SYNTH; @@ -446,8 +446,8 @@ cnt_miss(struct worker *wrk, struct req *req) WRONG("Illegal return from vcl_miss{}"); } VRY_Clear(req); - if (req->ims_oc != NULL) - (void)HSH_DerefObjCore(wrk, &req->ims_oc); + if (req->stale_oc != NULL) + (void)HSH_DerefObjCore(wrk, &req->stale_oc); AZ(HSH_DerefObjCore(wrk, &req->objcore)); return (REQ_FSM_MORE); } From lkarsten at varnish-software.com Mon Feb 9 10:36:26 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Mon, 09 Feb 2015 11:36:26 +0100 Subject: [master] 206060d Update .deb contact information and git URL. Message-ID: commit 206060df5386fbf7867a1ecca8d47633e505becb Author: Lasse Karstensen Date: Mon Feb 9 11:29:17 2015 +0100 Update .deb contact information and git URL. So that users can report our packaging mistakes to us, and not to the Debian packaging team. diff --git a/control b/control index ae870f6..e510849 100644 --- a/control +++ b/control @@ -1,12 +1,7 @@ Source: varnish Section: web Priority: optional -Maintainer: Varnish Package Maintainers -Uploaders: - Jan Wagner , - Lars Bahner , - Stig Sandbeck Mathisen , - Tollef Fog Heen , +Maintainer: Varnish Package Maintainers Build-Depends: automake, autotools-dev, @@ -19,9 +14,8 @@ Build-Depends: pkg-config, python-docutils, python-sphinx -Vcs-Browser: http://git.debian.org/?p=pkg-varnish/pkg-varnish.git;a=summary -Vcs-Git: git://git.debian.org/pkg-varnish/pkg-varnish.git -Homepage: http://varnish-cache.org/ +Vcs-Git: git://git.varnish-cache.org/varnish-cache-debian.git +Homepage: https://varnish-cache.org/ Standards-Version: 3.9.6 Package: varnish From lkarsten at varnish-software.com Mon Feb 9 10:43:34 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Mon, 09 Feb 2015 11:43:34 +0100 Subject: [master] bf09b12 Update description slightly. Message-ID: commit bf09b124d79118b2c07e38e1faca7182204e7c28 Author: Lasse Karstensen Date: Mon Feb 9 11:36:59 2015 +0100 Update description slightly. diff --git a/redhat/varnish.spec b/redhat/varnish.spec index 146548d..942ad15 100644 --- a/redhat/varnish.spec +++ b/redhat/varnish.spec @@ -51,8 +51,14 @@ Requires: gcc %description This is Varnish Cache, a high-performance HTTP accelerator. + +Varnish Cache stores web pages in memory so web servers don't have to +create the same web page over and over again. Varnish serves pages +much faster than any application server; giving the website a +significant speed up. + Documentation wiki and additional information about Varnish is -available on the following web site: http://www.varnish-cache.org/ +available on the following web site: https://www.varnish-cache.org/ %package libs Summary: Libraries for %{name} From lkarsten at varnish-software.com Mon Feb 9 10:43:34 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Mon, 09 Feb 2015 11:43:34 +0100 Subject: [master] 32a1ace Remove extra whitespace. Message-ID: commit 32a1ace00acca875f77ba4384cea30de81b7c95a Author: Lasse Karstensen Date: Mon Feb 9 11:38:17 2015 +0100 Remove extra whitespace. diff --git a/redhat/README.redhat b/redhat/README.redhat index bb020cf..2c039bd 100644 --- a/redhat/README.redhat +++ b/redhat/README.redhat @@ -15,7 +15,7 @@ git clone git://git.varnish-cache.org/varnish-cache cd varnish-cache sed -i "s/^Release: .*/Release: 0.git$(date +%Y%m%d)%{?dist}/" \ redhat/varnish.spec -./autogen.sh && ./configure +./autogen.sh && ./configure make dist && rpmbuild -ts varnish-trunk.tar.gz This builds a source rpm. Then you can, for example on a RHEL5 system, @@ -65,9 +65,9 @@ To get a package through to Fedora, it has to build in Red Hat's Koji build environment. Their ppc and ppc64 builders run mock on a RHEL ppc64 kernel. Our use of jemalloc does not work on this kernel, and the build stays unsuccessful. As ppc64 is not the primary target of -varnish development, it may take some time to get this bug fixed. +varnish development, it may take some time to get this bug fixed. To get the package through to Fedora, jemalloc is disabled in the ppc -and ppc64 builds. +and ppc64 builds. Now, varnish with jemalloc enabled is known to work at least on the ppc (32bit) kernel in Fedora 9. If you run on ppc, and have a workload From lkarsten at varnish-software.com Mon Feb 9 10:43:35 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Mon, 09 Feb 2015 11:43:35 +0100 Subject: [master] 6e9ce86 Remove outdated upgrade help. Message-ID: commit 6e9ce86ada2f48be3be63bde120765adfa18d74b Author: Lasse Karstensen Date: Mon Feb 9 11:38:21 2015 +0100 Remove outdated upgrade help. Anyone upgrading from 1.x to 2.0 today has greater problems than what this section could help them with. diff --git a/redhat/README.redhat b/redhat/README.redhat index 2c039bd..1f9c016 100644 --- a/redhat/README.redhat +++ b/redhat/README.redhat @@ -24,25 +24,6 @@ do something like this: rpmbuild --define "dist .el5" --rebuild /path/to/varnish-3.0-0.git20110203.src.rpm -Upgrading from 1.x to 2.0 -========================= -There are a few changes in the vcl language from varnish-1.x to 2.0. -Because of varnish' dynamic vcl loading feature, there is no way to -guarantee that the vcl file in use actually exists on disk. Thus, -there is no way to securely automate this process, and one must do the -changes by hand. - -In vcl, the word "insert" has been replaced by "deliver". - -In the vcl declaration of backends, where one earlier used "set -backend", backend parts are now just prefixed with a dot, so the -default localhost configuration will look like this: - -backend default { - .host = "127.0.0.1"; - .port = "80"; -} - Configuration of addresses and ports ==================================== In this package, varnish is configured to make the accelerator daemon From lkarsten at varnish-software.com Mon Feb 9 10:43:35 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Mon, 09 Feb 2015 11:43:35 +0100 Subject: [master] df927b3 Remove TODO file last touched in 2006. Message-ID: commit df927b3647060225c3062581c705ed9fffe9fe81 Author: Lasse Karstensen Date: Mon Feb 9 11:41:28 2015 +0100 Remove TODO file last touched in 2006. Anything that would be put here should instead be added to Future_* in the wiki. diff --git a/redhat/TODO b/redhat/TODO deleted file mode 100644 index e055efd..0000000 --- a/redhat/TODO +++ /dev/null @@ -1,5 +0,0 @@ -Todolist for the rpm package - -* Perhaps add a default logger, adding Common Logfile Format logs -* Add the package to Fedora Extras - From lkarsten at varnish-software.com Mon Feb 9 10:52:23 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Mon, 09 Feb 2015 11:52:23 +0100 Subject: [master] 95950e3 Remove reference to deleted TODO file. Message-ID: commit 95950e34e8df789ed092e321f35c2513272b852a Author: Lasse Karstensen Date: Mon Feb 9 11:51:36 2015 +0100 Remove reference to deleted TODO file. Spotted by fgs. diff --git a/redhat/Makefile.am b/redhat/Makefile.am index ceac128..62997e1 100644 --- a/redhat/Makefile.am +++ b/redhat/Makefile.am @@ -2,7 +2,6 @@ EXTRA_DIST = \ README.redhat \ - TODO \ varnish.initrc \ varnish.logrotate \ varnish_reload_vcl \ From phk at FreeBSD.org Tue Feb 10 15:18:15 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Tue, 10 Feb 2015 16:18:15 +0100 Subject: [master] 25417c3 Refactor the VCC/CC invocations. Message-ID: commit 25417c3287d01f5c768b9c126f0eb3ce3459a99c Author: Poul-Henning Kamp Date: Tue Feb 10 10:49:58 2015 +0000 Refactor the VCC/CC invocations. Store C-src and compiled VCL under their VCL names, rather than randomized names -- we know the VCL names are unique. diff --git a/bin/varnishd/mgt/mgt_vcc.c b/bin/varnishd/mgt/mgt_vcc.c index f18fe41..24fe666 100644 --- a/bin/varnishd/mgt/mgt_vcc.c +++ b/bin/varnishd/mgt/mgt_vcc.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2006 Verdens Gang AS - * Copyright (c) 2006-2011 Varnish Software AS + * Copyright (c) 2006-2015 Varnish Software AS * All rights reserved. * * Author: Poul-Henning Kamp @@ -58,6 +58,14 @@ struct vclprog { int active; }; +struct vcc_priv { + unsigned magic; +#define VCC_PRIV_MAGIC 0x70080cb8 + const char *src; + char *srcfile; + char *libfile; +}; + static VTAILQ_HEAD(, vclprog) vclhead = VTAILQ_HEAD_INITIALIZER(vclhead); char *mgt_cc_cmd; @@ -79,22 +87,23 @@ static const char * const builtin_vcl = * Prepare the compiler command line */ static struct vsb * -mgt_make_cc_cmd(const char *sf, const char *of) +mgt_make_cc_cmd(const struct vcc_priv *vp) { struct vsb *sb; int pct; char *p; + CHECK_OBJ_NOTNULL(vp, VCC_PRIV_MAGIC); sb = VSB_new_auto(); XXXAN(sb); for (p = mgt_cc_cmd, pct = 0; *p; ++p) { if (pct) { switch (*p) { case 's': - VSB_cat(sb, sf); + VSB_cat(sb, vp->srcfile); break; case 'o': - VSB_cat(sb, of); + VSB_cat(sb, vp->libfile); break; case '%': VSB_putc(sb, '%'); @@ -121,13 +130,6 @@ mgt_make_cc_cmd(const char *sf, const char *of) * Invoke system VCC compiler in a sub-process */ -struct vcc_priv { - unsigned magic; -#define VCC_PRIV_MAGIC 0x70080cb8 - char *sf; - const char *vcl; -}; - static void run_vcc(void *priv) { @@ -145,7 +147,7 @@ run_vcc(void *priv) VCC_Err_Unref(vcc, mgt_vcc_err_unref); VCC_Allow_InlineC(vcc, mgt_vcc_allow_inline_c); VCC_Unsafe_Path(vcc, mgt_vcc_unsafe_path); - csrc = VCC_Compile(vcc, sb, vp->vcl); + csrc = VCC_Compile(vcc, sb, vp->src); AZ(VSB_finish(sb)); if (VSB_len(sb)) printf("%s", VSB_data(sb)); @@ -153,15 +155,15 @@ run_vcc(void *priv) if (csrc == NULL) exit(2); - fd = open(vp->sf, O_WRONLY); + fd = open(vp->srcfile, O_WRONLY|O_TRUNC|O_CREAT, 0600); if (fd < 0) { - fprintf(stderr, "Cannot open %s", vp->sf); + fprintf(stderr, "Cannot open %s", vp->srcfile); exit(2); } l = strlen(csrc); i = write(fd, csrc, l); if (i != l) { - fprintf(stderr, "Cannot write %s", vp->sf); + fprintf(stderr, "Cannot write %s", vp->srcfile); exit(2); } AZ(close(fd)); @@ -176,8 +178,17 @@ run_vcc(void *priv) static void run_cc(void *priv) { + struct vcc_priv *vp; + struct vsb *cmdsb; + mgt_sandbox(SANDBOX_CC); - (void)execl("/bin/sh", "/bin/sh", "-c", priv, (char*)0); + CAST_OBJ_NOTNULL(vp, priv, VCC_PRIV_MAGIC); + + /* Build the C-compiler command line */ + cmdsb = mgt_make_cc_cmd(vp); + + (void)umask(0177); + (void)execl("/bin/sh", "/bin/sh", "-c", VSB_data(cmdsb), (char*)0); } /*-------------------------------------------------------------------- @@ -187,18 +198,16 @@ run_cc(void *priv) static void __match_proto__(sub_func_f) run_dlopen(void *priv) { - const char *of; void *dlh; struct VCL_conf const *cnf; - - of = priv; + struct vcc_priv *vp; mgt_sandbox(SANDBOX_VCLLOAD); + CAST_OBJ_NOTNULL(vp, priv, VCC_PRIV_MAGIC); /* Try to load the object into this sub-process */ - if ((dlh = dlopen(of, RTLD_NOW | RTLD_LOCAL)) == NULL) { - fprintf(stderr, - "Compiled VCL program failed to load:\n %s\n", + if ((dlh = dlopen(vp->libfile, RTLD_NOW | RTLD_LOCAL)) == NULL) { + fprintf(stderr, "Compiled VCL program failed to load:\n %s\n", dlerror()); exit(1); } @@ -224,121 +233,101 @@ run_dlopen(void *priv) } /*-------------------------------------------------------------------- - * Compile a VCL program, return shared object, errors in sb. + * Touch a filename and make it available to privsep-privs */ -static char * -mgt_run_cc(const char *vcl, struct vsb *sb, int C_flag, unsigned *status) +static int +mgt_vcc_touchfile(const char *fn, struct vsb *sb) { - char *csrc; - struct vsb *cmdsb; - char sf[] = "./vcl.########.c"; - char of[sizeof sf + 1]; - char *retval; - int sfd, i; - unsigned subs; - struct vcc_priv vp; + int i; - *status = 0; - - /* Create temporary C source file */ - sfd = VFIL_tmpfile(sf); - if (sfd < 0) { - VSB_printf(sb, "Failed to create %s: %s", sf, strerror(errno)); - *status = 2; - return (NULL); - } - if (fchown(sfd, mgt_param.uid, mgt_param.gid) != 0) - if (geteuid() == 0) - VSB_printf(sb, "Failed to change owner on %s: %s\n", - sf, strerror(errno)); - AZ(close(sfd)); - - - /* Run the VCC compiler in a sub-process */ - INIT_OBJ(&vp, VCC_PRIV_MAGIC); - vp.sf = sf; - vp.vcl = vcl; - subs = VSUB_run(sb, run_vcc, &vp, "VCC-compiler", -1); - if (subs) { - (void)unlink(sf); - *status = subs; - return (NULL); - } - - if (C_flag) { - csrc = VFIL_readfile(NULL, sf, NULL); - XXXAN(csrc); - (void)fputs(csrc, stdout); - free(csrc); - } - - /* Name the output shared library by "s/[.]c$/[.]so/" */ - memcpy(of, sf, sizeof sf); - assert(sf[sizeof sf - 2] == 'c'); - of[sizeof sf - 2] = 's'; - of[sizeof sf - 1] = 'o'; - of[sizeof sf] = '\0'; - - i = open(of, O_WRONLY|O_CREAT|O_TRUNC, 0600); + i = open(fn, O_WRONLY|O_CREAT|O_TRUNC, 0600); if (i < 0) { - VSB_printf(sb, "Failed to create %s: %s", - of, strerror(errno)); - (void)unlink(sf); - *status = 2; - return (NULL); + VSB_printf(sb, "Failed to create %s: %s", fn, strerror(errno)); + return (2); } if (fchown(i, mgt_param.uid, mgt_param.gid) != 0) if (geteuid() == 0) VSB_printf(sb, "Failed to change owner on %s: %s\n", - of, strerror(errno)); + fn, strerror(errno)); AZ(close(i)); + return (0); +} - /* Build the C-compiler command line */ - cmdsb = mgt_make_cc_cmd(sf, of); +/*-------------------------------------------------------------------- + * Compile a VCL program, return shared object, errors in sb. + */ - /* Run the C-compiler in a sub-shell */ - subs = VSUB_run(sb, run_cc, VSB_data(cmdsb), "C-compiler", 10); +static unsigned +mgt_vcc_compile(struct vcc_priv *vp, struct vsb *sb, int C_flag) +{ + char *csrc; + unsigned subs; - (void)unlink(sf); - VSB_delete(cmdsb); + if (mgt_vcc_touchfile(vp->srcfile, sb)) + return (2); + if (mgt_vcc_touchfile(vp->libfile, sb)) + return (2); - if (!subs) - subs = VSUB_run(sb, run_dlopen, of, "dlopen", 10); + subs = VSUB_run(sb, run_vcc, vp, "VCC-compiler", -1); + if (subs) + return (subs); - /* Ensure the file is readable to the unprivileged user */ - if (!subs) { - i = chmod(of, 0755); - if (i) { - VSB_printf(sb, "Failed to set permissions on %s: %s", - of, strerror(errno)); - subs = 2; - } + if (C_flag) { + csrc = VFIL_readfile(NULL, vp->srcfile, NULL); + AN(csrc); + VSB_cat(sb, csrc); } - if (subs) { - (void)unlink(of); - *status = subs; - return (NULL); - } + subs = VSUB_run(sb, run_cc, vp, "C-compiler", 10); + if (subs) + return (subs); + + subs = VSUB_run(sb, run_dlopen, vp, "dlopen", 10); - retval = strdup(of); - XXXAN(retval); - return (retval); + return (subs); } /*--------------------------------------------------------------------*/ static char * -mgt_VccCompile(struct vsb **sb, const char *b, int C_flag, unsigned *status) +mgt_VccCompile(struct vsb **sb, const char *vclname, const char *vclsrc, + int C_flag, unsigned *status) { - char *vf; + struct vcc_priv vp; *sb = VSB_new_auto(); XXXAN(*sb); - vf = mgt_run_cc(b, *sb, C_flag, status); + + INIT_OBJ(&vp, VCC_PRIV_MAGIC); + vp.src = vclsrc; + + VSB_printf(*sb, "./vcl_%s.c", vclname); + AZ(VSB_finish(*sb)); + vp.srcfile = strdup(VSB_data(*sb)); + AN(vp.srcfile); + VSB_clear(*sb); + + VSB_printf(*sb, "./vcl_%s.so", vclname); AZ(VSB_finish(*sb)); - return (vf); + vp.libfile = strdup(VSB_data(*sb)); + AN(vp.srcfile); + VSB_clear(*sb); + + *status = mgt_vcc_compile(&vp, *sb, C_flag); + + AZ(VSB_finish(*sb)); + + (void)unlink(vp.srcfile); + free(vp.srcfile); + + if (*status) { + (void)unlink(vp.libfile); + free(vp.libfile); + return (NULL); + } else { + return (vp.libfile); + } } /*--------------------------------------------------------------------*/ @@ -427,7 +416,7 @@ mgt_vcc_default(const char *b_arg, const char *f_arg, char *vcl, int C_flag) } strcpy(buf, "boot"); - vf = mgt_VccCompile(&sb, vcl, C_flag, &status); + vf = mgt_VccCompile(&sb, buf, vcl, C_flag, &status); free(vcl); if (VSB_len(sb) > 0) fprintf(stderr, "%s", VSB_data(sb)); @@ -527,7 +516,7 @@ mcf_config_inline(struct cli *cli, const char * const *av, void *priv) return; } - vf = mgt_VccCompile(&sb, av[3], 0, &status); + vf = mgt_VccCompile(&sb, av[2], av[3], 0, &status); if (VSB_len(sb) > 0) VCLI_Out(cli, "%s\n", VSB_data(sb)); VSB_delete(sb); @@ -572,7 +561,7 @@ mcf_config_load(struct cli *cli, const char * const *av, void *priv) return; } - vf = mgt_VccCompile(&sb, vcl, 0, &status); + vf = mgt_VccCompile(&sb, av[2], vcl, 0, &status); free(vcl); if (VSB_len(sb) > 0) From phk at FreeBSD.org Tue Feb 10 15:18:15 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Tue, 10 Feb 2015 16:18:15 +0100 Subject: [master] 117c2bd Remove now unused VFIL_tmpfile() Message-ID: commit 117c2bdcfbb8c11f48bd9137e76edfc746dfbe71 Author: Poul-Henning Kamp Date: Tue Feb 10 10:53:42 2015 +0000 Remove now unused VFIL_tmpfile() diff --git a/include/vfil.h b/include/vfil.h index dff6560..97484ad 100644 --- a/include/vfil.h +++ b/include/vfil.h @@ -30,7 +30,6 @@ /* from libvarnish/vfil.c */ int seed_random(void); -int VFIL_tmpfile(char *); char *VFIL_readfile(const char *pfx, const char *fn, ssize_t *sz); char *VFIL_readfd(int fd, ssize_t *sz); int VFIL_nonblocking(int fd); diff --git a/lib/libvarnish/vfil.c b/lib/libvarnish/vfil.c index 0b035da..1a48231 100644 --- a/lib/libvarnish/vfil.c +++ b/lib/libvarnish/vfil.c @@ -56,43 +56,6 @@ #include "vdef.h" #include "vfil.h" -int -VFIL_tmpfile(char *template) -{ - char *b, *e, *p; - int fd; - char ran; - - for (b = template; *b != '#'; ++b) - /* nothing */ ; - if (*b == '\0') { - errno = EINVAL; - return (-1); - } - for (e = b; *e == '#'; ++e) - /* nothing */ ; - - for (;;) { - for (p = b; p < e; ++p) { - ran = random() % 63; - if (ran < 10) - *p = '0' + ran; - else if (ran < 36) - *p = 'A' + ran - 10; - else if (ran < 62) - *p = 'a' + ran - 36; - else - *p = '_'; - } - fd = open(template, O_RDWR|O_CREAT|O_EXCL, 0600); - if (fd >= 0) - return (fd); - if (errno != EEXIST) - return (-1); - } - /* not reached */ -} - char * VFIL_readfd(int fd, ssize_t *sz) { From phk at FreeBSD.org Tue Feb 10 15:18:15 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Tue, 10 Feb 2015 16:18:15 +0100 Subject: [master] b4d0866 Rearrange function order Message-ID: commit b4d086600d110e8bfbaded421c98e476e7285480 Author: Poul-Henning Kamp Date: Tue Feb 10 10:55:09 2015 +0000 Rearrange function order diff --git a/bin/varnishd/mgt/mgt_vcc.c b/bin/varnishd/mgt/mgt_vcc.c index 24fe666..62a03d5 100644 --- a/bin/varnishd/mgt/mgt_vcc.c +++ b/bin/varnishd/mgt/mgt_vcc.c @@ -83,6 +83,58 @@ static const char * const builtin_vcl = #include "builtin_vcl.h" "" ; +/*--------------------------------------------------------------------*/ + +static struct vclprog * +mgt_vcc_add(const char *name, char *file) +{ + struct vclprog *vp; + + vp = calloc(sizeof *vp, 1); + XXXAN(vp); + vp->name = strdup(name); + XXXAN(vp->name); + vp->fname = file; + VTAILQ_INSERT_TAIL(&vclhead, vp, list); + return (vp); +} + +static void +mgt_vcc_del(struct vclprog *vp) +{ + VTAILQ_REMOVE(&vclhead, vp, list); + printf("unlink %s\n", vp->fname); + XXXAZ(unlink(vp->fname)); + free(vp->fname); + free(vp->name); + free(vp); +} + +static struct vclprog * +mgt_vcc_byname(const char *name) +{ + struct vclprog *vp; + + VTAILQ_FOREACH(vp, &vclhead, list) + if (!strcmp(name, vp->name)) + return (vp); + return (NULL); +} + + +static int +mgt_vcc_delbyname(const char *name) +{ + struct vclprog *vp; + + vp = mgt_vcc_byname(name); + if (vp != NULL) { + mgt_vcc_del(vp); + return (0); + } + return (1); +} + /*-------------------------------------------------------------------- * Prepare the compiler command line */ @@ -332,58 +384,6 @@ mgt_VccCompile(struct vsb **sb, const char *vclname, const char *vclsrc, /*--------------------------------------------------------------------*/ -static struct vclprog * -mgt_vcc_add(const char *name, char *file) -{ - struct vclprog *vp; - - vp = calloc(sizeof *vp, 1); - XXXAN(vp); - vp->name = strdup(name); - XXXAN(vp->name); - vp->fname = file; - VTAILQ_INSERT_TAIL(&vclhead, vp, list); - return (vp); -} - -static void -mgt_vcc_del(struct vclprog *vp) -{ - VTAILQ_REMOVE(&vclhead, vp, list); - printf("unlink %s\n", vp->fname); - XXXAZ(unlink(vp->fname)); - free(vp->fname); - free(vp->name); - free(vp); -} - -static struct vclprog * -mgt_vcc_byname(const char *name) -{ - struct vclprog *vp; - - VTAILQ_FOREACH(vp, &vclhead, list) - if (!strcmp(name, vp->name)) - return (vp); - return (NULL); -} - - -static int -mgt_vcc_delbyname(const char *name) -{ - struct vclprog *vp; - - vp = mgt_vcc_byname(name); - if (vp != NULL) { - mgt_vcc_del(vp); - return (0); - } - return (1); -} - -/*--------------------------------------------------------------------*/ - unsigned mgt_vcc_default(const char *b_arg, const char *f_arg, char *vcl, int C_flag) { From phk at FreeBSD.org Tue Feb 10 15:18:15 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Tue, 10 Feb 2015 16:18:15 +0100 Subject: [master] 97c3fe2 Various cleanup Message-ID: commit 97c3fe275390922635a0c71e78b04a17d3d37a2e Author: Poul-Henning Kamp Date: Tue Feb 10 13:57:30 2015 +0000 Various cleanup diff --git a/bin/varnishd/mgt/mgt.h b/bin/varnishd/mgt/mgt.h index c57ac27..56de674 100644 --- a/bin/varnishd/mgt/mgt.h +++ b/bin/varnishd/mgt/mgt.h @@ -118,7 +118,7 @@ void STV_Config_Transient(void); /* mgt_vcc.c */ void mgt_vcc_init(void); -unsigned mgt_vcc_default(const char *bflag, const char *f_arg, char *vcl, int Cflag); +unsigned mgt_vcc_default(const char *bflag, char *vcl, int Cflag); int mgt_push_vcls_and_start(unsigned *status, char **p); int mgt_has_vcl(void); extern char *mgt_cc_cmd; diff --git a/bin/varnishd/mgt/mgt_cli.c b/bin/varnishd/mgt/mgt_cli.c index 8c16692..c52b3cf 100644 --- a/bin/varnishd/mgt/mgt_cli.c +++ b/bin/varnishd/mgt/mgt_cli.c @@ -94,11 +94,11 @@ static struct cli_proto cli_proto[] = { { CLI_SERVER_STATUS, "", mcf_server_status, NULL }, { CLI_SERVER_START, "", mcf_server_startstop, NULL }, { CLI_SERVER_STOP, "", mcf_server_startstop, cli_proto }, - { CLI_VCL_LOAD, "", mcf_config_load, NULL }, - { CLI_VCL_INLINE, "", mcf_config_inline, NULL }, - { CLI_VCL_USE, "", mcf_config_use, NULL }, - { CLI_VCL_DISCARD, "", mcf_config_discard, NULL }, - { CLI_VCL_LIST, "", mcf_config_list, NULL }, + { CLI_VCL_LOAD, "", mcf_vcl_load, NULL }, + { CLI_VCL_INLINE, "", mcf_vcl_inline, NULL }, + { CLI_VCL_USE, "", mcf_vcl_use, NULL }, + { CLI_VCL_DISCARD, "", mcf_vcl_discard, NULL }, + { CLI_VCL_LIST, "", mcf_vcl_list, NULL }, { CLI_PARAM_SHOW, "", mcf_param_show, NULL }, { CLI_PARAM_SET, "", mcf_param_set, NULL }, { CLI_PANIC_SHOW, "", mcf_panic_show, NULL }, diff --git a/bin/varnishd/mgt/mgt_cli.h b/bin/varnishd/mgt/mgt_cli.h index 4d04535..0782bf6 100644 --- a/bin/varnishd/mgt/mgt_cli.h +++ b/bin/varnishd/mgt/mgt_cli.h @@ -39,11 +39,11 @@ cli_func_t mcf_param_show; cli_func_t mcf_param_set; /* mgt_vcc.c */ -cli_func_t mcf_config_load; -cli_func_t mcf_config_inline; -cli_func_t mcf_config_use; -cli_func_t mcf_config_discard; -cli_func_t mcf_config_list; +cli_func_t mcf_vcl_load; +cli_func_t mcf_vcl_inline; +cli_func_t mcf_vcl_use; +cli_func_t mcf_vcl_discard; +cli_func_t mcf_vcl_list; /* stevedore.c */ extern struct cli_proto cli_stv[]; diff --git a/bin/varnishd/mgt/mgt_main.c b/bin/varnishd/mgt/mgt_main.c index 1a46837..074e81c 100644 --- a/bin/varnishd/mgt/mgt_main.c +++ b/bin/varnishd/mgt/mgt_main.c @@ -656,7 +656,7 @@ main(int argc, char * const *argv) P_arg, strerror(errno)); if (b_arg != NULL || f_arg != NULL) - if ((o = mgt_vcc_default(b_arg, f_arg, vcl, C_flag)) != 0) + if ((o = mgt_vcc_default(b_arg, vcl, C_flag)) != 0) exit(o); if (C_flag) diff --git a/bin/varnishd/mgt/mgt_vcc.c b/bin/varnishd/mgt/mgt_vcc.c index 62a03d5..d094688 100644 --- a/bin/varnishd/mgt/mgt_vcc.c +++ b/bin/varnishd/mgt/mgt_vcc.c @@ -135,47 +135,11 @@ mgt_vcc_delbyname(const char *name) return (1); } -/*-------------------------------------------------------------------- - * Prepare the compiler command line - */ -static struct vsb * -mgt_make_cc_cmd(const struct vcc_priv *vp) +int +mgt_has_vcl(void) { - struct vsb *sb; - int pct; - char *p; - CHECK_OBJ_NOTNULL(vp, VCC_PRIV_MAGIC); - sb = VSB_new_auto(); - XXXAN(sb); - for (p = mgt_cc_cmd, pct = 0; *p; ++p) { - if (pct) { - switch (*p) { - case 's': - VSB_cat(sb, vp->srcfile); - break; - case 'o': - VSB_cat(sb, vp->libfile); - break; - case '%': - VSB_putc(sb, '%'); - break; - default: - VSB_putc(sb, '%'); - VSB_putc(sb, *p); - break; - } - pct = 0; - } else if (*p == '%') { - pct = 1; - } else { - VSB_putc(sb, *p); - } - } - if (pct) - VSB_putc(sb, '%'); - AZ(VSB_finish(sb)); - return (sb); + return (!VTAILQ_EMPTY(&vclhead)); } /*-------------------------------------------------------------------- @@ -231,16 +195,46 @@ static void run_cc(void *priv) { struct vcc_priv *vp; - struct vsb *cmdsb; + struct vsb *sb; + int pct; + char *p; mgt_sandbox(SANDBOX_CC); CAST_OBJ_NOTNULL(vp, priv, VCC_PRIV_MAGIC); - /* Build the C-compiler command line */ - cmdsb = mgt_make_cc_cmd(vp); + sb = VSB_new_auto(); + AN(sb); + for (p = mgt_cc_cmd, pct = 0; *p; ++p) { + if (pct) { + switch (*p) { + case 's': + VSB_cat(sb, vp->srcfile); + break; + case 'o': + VSB_cat(sb, vp->libfile); + break; + case '%': + VSB_putc(sb, '%'); + break; + default: + VSB_putc(sb, '%'); + VSB_putc(sb, *p); + break; + } + pct = 0; + } else if (*p == '%') { + pct = 1; + } else { + VSB_putc(sb, *p); + } + } + if (pct) + VSB_putc(sb, '%'); + AZ(VSB_finish(sb)); (void)umask(0177); - (void)execl("/bin/sh", "/bin/sh", "-c", VSB_data(cmdsb), (char*)0); + (void)execl("/bin/sh", "/bin/sh", "-c", VSB_data(sb), (char*)0); + VSB_delete(sb); // For flexelint } /*-------------------------------------------------------------------- @@ -385,7 +379,7 @@ mgt_VccCompile(struct vsb **sb, const char *vclname, const char *vclsrc, /*--------------------------------------------------------------------*/ unsigned -mgt_vcc_default(const char *b_arg, const char *f_arg, char *vcl, int C_flag) +mgt_vcc_default(const char *b_arg, char *vcl, int C_flag) { char *vf; struct vsb *sb; @@ -393,9 +387,6 @@ mgt_vcc_default(const char *b_arg, const char *f_arg, char *vcl, int C_flag) char buf[BUFSIZ]; unsigned status = 0; - /* XXX: annotate vcl with -b/-f arg so people know where it came from */ - (void)f_arg; - if (b_arg != NULL) { AZ(vcl); /* @@ -436,15 +427,6 @@ mgt_vcc_default(const char *b_arg, const char *f_arg, char *vcl, int C_flag) /*--------------------------------------------------------------------*/ int -mgt_has_vcl(void) -{ - - return (!VTAILQ_EMPTY(&vclhead)); -} - -/*--------------------------------------------------------------------*/ - -int mgt_push_vcls_and_start(unsigned *status, char **p) { struct vclprog *vp; @@ -470,8 +452,7 @@ mgt_push_vcls_and_start(unsigned *status, char **p) /*--------------------------------------------------------------------*/ -static -void +static void mgt_vcc_atexit(void) { struct vclprog *vp; @@ -500,7 +481,7 @@ mgt_vcc_init(void) /*--------------------------------------------------------------------*/ void -mcf_config_inline(struct cli *cli, const char * const *av, void *priv) +mcf_vcl_inline(struct cli *cli, const char * const *av, void *priv) { char *vf, *p = NULL; struct vsb *sb; @@ -538,7 +519,7 @@ mcf_config_inline(struct cli *cli, const char * const *av, void *priv) } void -mcf_config_load(struct cli *cli, const char * const *av, void *priv) +mcf_vcl_load(struct cli *cli, const char * const *av, void *priv) { char *vf, *vcl; struct vsb *sb; @@ -598,7 +579,7 @@ mcf_find_vcl(struct cli *cli, const char *name) } void -mcf_config_use(struct cli *cli, const char * const *av, void *priv) +mcf_vcl_use(struct cli *cli, const char * const *av, void *priv) { unsigned status; char *p = NULL; @@ -628,7 +609,7 @@ mcf_config_use(struct cli *cli, const char * const *av, void *priv) } void -mcf_config_discard(struct cli *cli, const char * const *av, void *priv) +mcf_vcl_discard(struct cli *cli, const char * const *av, void *priv) { unsigned status; char *p = NULL; @@ -653,7 +634,7 @@ mcf_config_discard(struct cli *cli, const char * const *av, void *priv) } void -mcf_config_list(struct cli *cli, const char * const *av, void *priv) +mcf_vcl_list(struct cli *cli, const char * const *av, void *priv) { unsigned status; char *p; From phk at FreeBSD.org Tue Feb 10 15:18:15 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Tue, 10 Feb 2015 16:18:15 +0100 Subject: [master] c35eb1e Last pass over the mgt_vcc code for today. Message-ID: commit c35eb1e0b187149e1e36d7d6d531b3ed3ad181c1 Author: Poul-Henning Kamp Date: Tue Feb 10 15:17:52 2015 +0000 Last pass over the mgt_vcc code for today. diff --git a/bin/varnishd/mgt/mgt.h b/bin/varnishd/mgt/mgt.h index 56de674..bbbbc66 100644 --- a/bin/varnishd/mgt/mgt.h +++ b/bin/varnishd/mgt/mgt.h @@ -118,7 +118,7 @@ void STV_Config_Transient(void); /* mgt_vcc.c */ void mgt_vcc_init(void); -unsigned mgt_vcc_default(const char *bflag, char *vcl, int Cflag); +unsigned mgt_vcc_default(const char *bflag, const char *vcl, int Cflag); int mgt_push_vcls_and_start(unsigned *status, char **p); int mgt_has_vcl(void); extern char *mgt_cc_cmd; diff --git a/bin/varnishd/mgt/mgt_main.c b/bin/varnishd/mgt/mgt_main.c index 074e81c..999c5d8 100644 --- a/bin/varnishd/mgt/mgt_main.c +++ b/bin/varnishd/mgt/mgt_main.c @@ -655,9 +655,11 @@ main(int argc, char * const *argv) ARGV_ERR("Could not open pid/lock (-P) file (%s): %s\n", P_arg, strerror(errno)); - if (b_arg != NULL || f_arg != NULL) + if (b_arg != NULL || f_arg != NULL) { if ((o = mgt_vcc_default(b_arg, vcl, C_flag)) != 0) exit(o); + free(vcl); + } if (C_flag) exit(0); diff --git a/bin/varnishd/mgt/mgt_vcc.c b/bin/varnishd/mgt/mgt_vcc.c index d094688..e7eca8a 100644 --- a/bin/varnishd/mgt/mgt_vcc.c +++ b/bin/varnishd/mgt/mgt_vcc.c @@ -85,18 +85,18 @@ static const char * const builtin_vcl = /*--------------------------------------------------------------------*/ -static struct vclprog * -mgt_vcc_add(const char *name, char *file) +static void +mgt_vcc_add(const char *name, const char *libfile) { struct vclprog *vp; vp = calloc(sizeof *vp, 1); XXXAN(vp); - vp->name = strdup(name); - XXXAN(vp->name); - vp->fname = file; + REPLACE(vp->name, name); + REPLACE(vp->fname, libfile); + if (VTAILQ_EMPTY(&vclhead)) + vp->active = 1; VTAILQ_INSERT_TAIL(&vclhead, vp, list); - return (vp); } static void @@ -330,98 +330,113 @@ mgt_vcc_compile(struct vcc_priv *vp, struct vsb *sb, int C_flag) return (subs); subs = VSUB_run(sb, run_dlopen, vp, "dlopen", 10); - return (subs); } /*--------------------------------------------------------------------*/ -static char * -mgt_VccCompile(struct vsb **sb, const char *vclname, const char *vclsrc, - int C_flag, unsigned *status) +static unsigned +mgt_VccCompile(struct cli *cli, const char *vclname, const char *vclsrc, + int C_flag) { struct vcc_priv vp; + struct vsb *sb; + unsigned status; + char *p; - *sb = VSB_new_auto(); - XXXAN(*sb); + (void)cli; + sb = VSB_new_auto(); + XXXAN(sb); INIT_OBJ(&vp, VCC_PRIV_MAGIC); vp.src = vclsrc; - VSB_printf(*sb, "./vcl_%s.c", vclname); - AZ(VSB_finish(*sb)); - vp.srcfile = strdup(VSB_data(*sb)); + VSB_printf(sb, "./vcl_%s.c", vclname); + AZ(VSB_finish(sb)); + vp.srcfile = strdup(VSB_data(sb)); AN(vp.srcfile); - VSB_clear(*sb); + VSB_clear(sb); - VSB_printf(*sb, "./vcl_%s.so", vclname); - AZ(VSB_finish(*sb)); - vp.libfile = strdup(VSB_data(*sb)); + VSB_printf(sb, "./vcl_%s.so", vclname); + AZ(VSB_finish(sb)); + vp.libfile = strdup(VSB_data(sb)); AN(vp.srcfile); - VSB_clear(*sb); + VSB_clear(sb); - *status = mgt_vcc_compile(&vp, *sb, C_flag); + status = mgt_vcc_compile(&vp, sb, C_flag); - AZ(VSB_finish(*sb)); + AZ(VSB_finish(sb)); + if (VSB_len(sb) > 0) { + if (cli != NULL) + VCLI_Out(cli, "%s", VSB_data(sb)); + else + fprintf(stderr, "%s", VSB_data(sb)); + } + VSB_delete(sb); (void)unlink(vp.srcfile); free(vp.srcfile); - if (*status) { + if (status || C_flag) { (void)unlink(vp.libfile); free(vp.libfile); - return (NULL); - } else { - return (vp.libfile); + if (cli != NULL) { + VCLI_Out(cli, "VCL compilation failed"); + } else if (!C_flag) + fprintf(stderr, "\nVCL compilation failed\n"); + return (status); } + + if (cli != NULL) + VCLI_Out(cli, "VCL compiled.\n"); + + if (cli == NULL || child_pid < 0) { + mgt_vcc_add(vclname, vp.libfile); + free(vp.libfile); + return (0); + } + + if (!mgt_cli_askchild(&status, &p, + "vcl.load %s %s\n", vclname, vp.libfile)) { + mgt_vcc_add(vclname, vp.libfile); + free(vp.libfile); + return (0); + } + + VCLI_SetResult(cli, status); + VCLI_Out(cli, "%s", p); + (void)unlink(vp.libfile); + free(vp.libfile); + return (status); } /*--------------------------------------------------------------------*/ unsigned -mgt_vcc_default(const char *b_arg, char *vcl, int C_flag) +mgt_vcc_default(const char *b_arg, const char *vcl, int C_flag) { - char *vf; - struct vsb *sb; - struct vclprog *vp; char buf[BUFSIZ]; - unsigned status = 0; - - if (b_arg != NULL) { - AZ(vcl); - /* - * XXX: should do a "HEAD /" on the -b argument to see that - * XXX: it even works. On the other hand, we should do that - * XXX: for all backends in the cache process whenever we - * XXX: change config, but for a complex VCL, it might not be - * XXX: a bug for a backend to not reply at that time, so then - * XXX: again: we should check it here in the "trivial" case. - */ - bprintf(buf, - "vcl 4.0;\n" - "backend default {\n" - " .host = \"%s\";\n" - "}\n", b_arg); - vcl = strdup(buf); + + if (b_arg == NULL) { AN(vcl); + return (mgt_VccCompile(NULL, "boot", vcl, C_flag)); } - strcpy(buf, "boot"); - vf = mgt_VccCompile(&sb, buf, vcl, C_flag, &status); - free(vcl); - if (VSB_len(sb) > 0) - fprintf(stderr, "%s", VSB_data(sb)); - VSB_delete(sb); - if (C_flag && vf != NULL) - AZ(unlink(vf)); - if (vf == NULL) { - assert(status != 0); - fprintf(stderr, "\nVCL compilation failed\n"); - } else { - vp = mgt_vcc_add(buf, vf); - vp->active = 1; - } - return (status); + AZ(vcl); + /* + * XXX: should do a "HEAD /" on the -b argument to see that + * XXX: it even works. On the other hand, we should do that + * XXX: for all backends in the cache process whenever we + * XXX: change config, but for a complex VCL, it might not be + * XXX: a bug for a backend to not reply at that time, so then + * XXX: again: we should check it here in the "trivial" case. + */ + bprintf(buf, + "vcl 4.0;\n" + "backend default {\n" + " .host = \"%s\";\n" + "}\n", b_arg); + return (mgt_VccCompile(NULL, "boot", buf, C_flag)); } /*--------------------------------------------------------------------*/ @@ -483,9 +498,6 @@ mgt_vcc_init(void) void mcf_vcl_inline(struct cli *cli, const char * const *av, void *priv) { - char *vf, *p = NULL; - struct vsb *sb; - unsigned status; struct vclprog *vp; (void)priv; @@ -497,34 +509,14 @@ mcf_vcl_inline(struct cli *cli, const char * const *av, void *priv) return; } - vf = mgt_VccCompile(&sb, av[2], av[3], 0, &status); - if (VSB_len(sb) > 0) - VCLI_Out(cli, "%s\n", VSB_data(sb)); - VSB_delete(sb); - if (vf == NULL) { - assert(status != 0); - VCLI_Out(cli, "VCL compilation failed"); + if (mgt_VccCompile(cli, av[2], av[3], 0)) VCLI_SetResult(cli, CLIS_PARAM); - return; - } - VCLI_Out(cli, "VCL compiled.\n"); - if (child_pid >= 0 && - mgt_cli_askchild(&status, &p, "vcl.load %s %s\n", av[2], vf)) { - VCLI_SetResult(cli, status); - VCLI_Out(cli, "%s", p); - } else { - (void)mgt_vcc_add(av[2], vf); - } - free(p); } void mcf_vcl_load(struct cli *cli, const char * const *av, void *priv) { - char *vf, *vcl; - struct vsb *sb; - unsigned status = 0; - char *p = NULL; + char *vcl; struct vclprog *vp; (void)priv; @@ -542,27 +534,9 @@ mcf_vcl_load(struct cli *cli, const char * const *av, void *priv) return; } - vf = mgt_VccCompile(&sb, av[2], vcl, 0, &status); - free(vcl); - - if (VSB_len(sb) > 0) - VCLI_Out(cli, "%s", VSB_data(sb)); - VSB_delete(sb); - if (vf == NULL) { - assert(status != 0); - VCLI_Out(cli, "VCL compilation failed"); + if (mgt_VccCompile(cli, av[2], vcl, 0)) VCLI_SetResult(cli, CLIS_PARAM); - return; - } - VCLI_Out(cli, "VCL compiled."); - if (child_pid >= 0 && - mgt_cli_askchild(&status, &p, "vcl.load %s %s\n", av[2], vf)) { - VCLI_SetResult(cli, status); - VCLI_Out(cli, "%s", p); - } else { - (void)mgt_vcc_add(av[2], vf); - } - free(p); + free(vcl); } static struct vclprog * From martin at varnish-software.com Wed Feb 11 11:00:04 2015 From: martin at varnish-software.com (Martin Blix Grydeland) Date: Wed, 11 Feb 2015 12:00:04 +0100 Subject: [master] e08ed18 Remove a racy assertion on the OC_EF_DYING state Message-ID: commit e08ed1881b7d49a3f3bbf2f57cd792946976892a Author: Martin Blix Grydeland Date: Wed Feb 11 11:56:48 2015 +0100 Remove a racy assertion on the OC_EF_DYING state This state could be set by the expiry timer even though a reference is grabbed during lookup, causing the assertion to trigger. Fixes: #1539 diff --git a/bin/varnishd/cache/cache_req_fsm.c b/bin/varnishd/cache/cache_req_fsm.c index aa737d9..0900fec 100644 --- a/bin/varnishd/cache/cache_req_fsm.c +++ b/bin/varnishd/cache/cache_req_fsm.c @@ -358,7 +358,6 @@ cnt_lookup(struct worker *wrk, struct req *req) case VCL_RET_DELIVER: if (boc != NULL) { AZ(oc->flags & OC_F_PASS); - AZ(oc->exp_flags & OC_EF_DYING); AZ(boc->busyobj); VBF_Fetch(wrk, req, boc, oc, VBF_BACKGROUND); } else { From lkarsten at varnish-software.com Wed Feb 11 12:24:23 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Wed, 11 Feb 2015 13:24:23 +0100 Subject: [4.0] 4ddf0ee Remove a racy assertion on the OC_EF_DYING state Message-ID: commit 4ddf0eef791a030694380fbb6736d87a43813c16 Author: Martin Blix Grydeland Date: Wed Feb 11 12:02:54 2015 +0100 Remove a racy assertion on the OC_EF_DYING state This state could be set by the expiry timer even though a reference is grabbed during lookup, causing the assertion to trigger. Fixes: #1539 diff --git a/bin/varnishd/cache/cache_req_fsm.c b/bin/varnishd/cache/cache_req_fsm.c index 88eaa53..40551f7 100644 --- a/bin/varnishd/cache/cache_req_fsm.c +++ b/bin/varnishd/cache/cache_req_fsm.c @@ -427,7 +427,6 @@ cnt_lookup(struct worker *wrk, struct req *req) case VCL_RET_DELIVER: if (boc != NULL) { AZ(oc->flags & OC_F_PASS); - AZ(oc->exp_flags & OC_EF_DYING); AZ(boc->busyobj); VBF_Fetch(wrk, req, boc, o, VBF_BACKGROUND); } else { From lkarsten at varnish-software.com Wed Feb 11 12:29:02 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Wed, 11 Feb 2015 13:29:02 +0100 Subject: [4.0] 412d148 Expire superseded objects also if they are no IMS/INM candidates Message-ID: commit 412d148583f07da73d34e298f84fa6d36df0b94b Author: Nils Goroll Date: Wed Feb 4 16:51:30 2015 +0100 Expire superseded objects also if they are no IMS/INM candidates Conflicts: bin/varnishd/cache/cache_fetch.c diff --git a/bin/varnishd/cache/cache_fetch.c b/bin/varnishd/cache/cache_fetch.c index f87c1bd..0370bab 100644 --- a/bin/varnishd/cache/cache_fetch.c +++ b/bin/varnishd/cache/cache_fetch.c @@ -939,12 +939,9 @@ VBF_Fetch(struct worker *wrk, struct req *req, struct objcore *oc, AZ(bo->ims_obj); if (oldobj != NULL) { - if (http_GetHdr(oldobj->http, H_Last_Modified, NULL) || - http_GetHdr(oldobj->http, H_ETag, NULL)) { - assert(oldobj->objcore->refcnt > 0); - HSH_Ref(oldobj->objcore); - bo->ims_obj = oldobj; - } + assert(oldobj->objcore->refcnt > 0); + HSH_Ref(oldobj->objcore); + bo->ims_obj = oldobj; } AZ(bo->req); diff --git a/bin/varnishtest/tests/c00058.vtc b/bin/varnishtest/tests/c00058.vtc index 440bbf3..8c9940b 100644 --- a/bin/varnishtest/tests/c00058.vtc +++ b/bin/varnishtest/tests/c00058.vtc @@ -22,7 +22,11 @@ client c1 { expect resp.bodylen == 3 delay 1 +} -run + +varnish v1 -expect n_object == 1 +client c1 { # We still get old object txreq rxresp @@ -37,3 +41,6 @@ client c1 { rxresp expect resp.bodylen == 6 } -run + +# and the old one has got superseded +varnish v1 -expect n_object == 1 From fgsch at lodoss.net Wed Feb 11 12:36:55 2015 From: fgsch at lodoss.net (Federico Schwindt) Date: Wed, 11 Feb 2015 12:36:55 +0000 Subject: [4.0] 412d148 Expire superseded objects also if they are no IMS/INM candidates In-Reply-To: References: Message-ID: \o/ On 11 Feb 2015 12:29, "Lasse Karstensen" wrote: > > commit 412d148583f07da73d34e298f84fa6d36df0b94b > Author: Nils Goroll > Date: Wed Feb 4 16:51:30 2015 +0100 > > Expire superseded objects also if they are no IMS/INM candidates > > Conflicts: > bin/varnishd/cache/cache_fetch.c > > diff --git a/bin/varnishd/cache/cache_fetch.c > b/bin/varnishd/cache/cache_fetch.c > index f87c1bd..0370bab 100644 > --- a/bin/varnishd/cache/cache_fetch.c > +++ b/bin/varnishd/cache/cache_fetch.c > @@ -939,12 +939,9 @@ VBF_Fetch(struct worker *wrk, struct req *req, struct > objcore *oc, > > AZ(bo->ims_obj); > if (oldobj != NULL) { > - if (http_GetHdr(oldobj->http, H_Last_Modified, NULL) || > - http_GetHdr(oldobj->http, H_ETag, NULL)) { > - assert(oldobj->objcore->refcnt > 0); > - HSH_Ref(oldobj->objcore); > - bo->ims_obj = oldobj; > - } > + assert(oldobj->objcore->refcnt > 0); > + HSH_Ref(oldobj->objcore); > + bo->ims_obj = oldobj; > } > > AZ(bo->req); > diff --git a/bin/varnishtest/tests/c00058.vtc > b/bin/varnishtest/tests/c00058.vtc > index 440bbf3..8c9940b 100644 > --- a/bin/varnishtest/tests/c00058.vtc > +++ b/bin/varnishtest/tests/c00058.vtc > @@ -22,7 +22,11 @@ client c1 { > expect resp.bodylen == 3 > > delay 1 > +} -run > + > +varnish v1 -expect n_object == 1 > > +client c1 { > # We still get old object > txreq > rxresp > @@ -37,3 +41,6 @@ client c1 { > rxresp > expect resp.bodylen == 6 > } -run > + > +# and the old one has got superseded > +varnish v1 -expect n_object == 1 > > _______________________________________________ > varnish-commit mailing list > varnish-commit at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-commit > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lkarsten at varnish-software.com Wed Feb 11 12:59:14 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Wed, 11 Feb 2015 13:59:14 +0100 Subject: [4.0] b7b4cf0 Do not recognize a 304 as a valid revalidation response for an ims_oc without OF_IMSCAND Message-ID: commit b7b4cf08134ea6cdb06214caac6fb56f94cc5cec Author: Martin Blix Grydeland Date: Wed Feb 4 16:51:31 2015 +0100 Do not recognize a 304 as a valid revalidation response for an ims_oc without OF_IMSCAND Fixes: #1672 Conflicts: bin/varnishd/cache/cache_fetch.c diff --git a/bin/varnishd/cache/cache_fetch.c b/bin/varnishd/cache/cache_fetch.c index 0370bab..3308ae6 100644 --- a/bin/varnishd/cache/cache_fetch.c +++ b/bin/varnishd/cache/cache_fetch.c @@ -379,7 +379,10 @@ vbf_stp_startfetch(struct worker *wrk, struct busyobj *bo) AZ(bo->do_esi); - if (bo->ims_obj != NULL && bo->beresp->status == 304) { + if (bo->ims_obj != NULL && bo->ims_obj->http->status == 200 && + (http_GetHdr(bo->ims_obj->http, H_Last_Modified, NULL) || + http_GetHdr(bo->ims_obj->http, H_ETag, NULL)) && + bo->beresp->status == 304) { http_Unset(bo->beresp, H_Content_Length); http_Merge(bo->ims_obj->http, bo->beresp, bo->ims_obj->changed_gzip); diff --git a/bin/varnishtest/tests/r01672.vtc b/bin/varnishtest/tests/r01672.vtc new file mode 100644 index 0000000..ae99a2f --- /dev/null +++ b/bin/varnishtest/tests/r01672.vtc @@ -0,0 +1,33 @@ +varnishtest "#1672: Bogus 304 backend reply" + +# First serve a non-200 status object to the cache, +# then revalidate it unconditionally +server s1 { + rxreq + txresp -status 404 + + rxreq + txresp -status 304 +} -start + +varnish v1 -vcl+backend { + sub vcl_backend_response { + set beresp.ttl = 0.1s; + set beresp.grace = 0s; + set beresp.keep = 10s; + } +} -start + +client c1 { + txreq + rxresp + expect resp.status == 404 +} -run + +delay 0.2 + +client c1 { + txreq + rxresp + expect resp.status == 304 +} -run From lkarsten at varnish-software.com Wed Feb 11 13:01:28 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Wed, 11 Feb 2015 14:01:28 +0100 Subject: [4.0] 41ee65f Fail the fetch processing if the vep callback failed. Message-ID: commit 41ee65f07722e397133bb14944163d0ae2d900c9 Author: Dag Haavi Finstad Date: Fri Feb 6 11:39:40 2015 +0100 Fail the fetch processing if the vep callback failed. Fixes: #1637 diff --git a/bin/varnishd/cache/cache_esi_fetch.c b/bin/varnishd/cache/cache_esi_fetch.c index 41bea3b..cc93194 100644 --- a/bin/varnishd/cache/cache_esi_fetch.c +++ b/bin/varnishd/cache/cache_esi_fetch.c @@ -137,6 +137,8 @@ vfp_esi_end(struct busyobj *bo, struct vef_priv *vef, enum vfp_status retval) } if (vef->ibuf != NULL) free(vef->ibuf); + if (vef->error) + retval = VFP_ERROR; FREE_OBJ(vef); return (retval); } @@ -160,7 +162,10 @@ vfp_esi_gzip_pull(struct busyobj *bo, void *p, ssize_t *lp, intptr_t *priv) vef->ibuf_i = vef->ibuf; vef->ibuf_o = vef->ibuf; *priv = (uintptr_t)vef; - return (VFP_OK); + if (vef->error) + return (VFP_ERROR); + else + return (VFP_OK); } if (p == vfp_fini) { if (*priv) diff --git a/bin/varnishtest/tests/r01637.vtc b/bin/varnishtest/tests/r01637.vtc new file mode 100644 index 0000000..9ffdcee --- /dev/null +++ b/bin/varnishtest/tests/r01637.vtc @@ -0,0 +1,32 @@ +varnishtest "do_esi + do_gzip + out of storage: #1637" + +server s1 { + # First consume (almost) all of the storage + rxreq + expect req.url == /url1 + txresp -bodylen 1040000 + + rxreq + expect req.url == /url2 + txresp -bodylen 1040000 +} -start + +varnish v1 -arg "-smalloc,1M" -arg "-p nuke_limit=0" -vcl+backend { + sub vcl_backend_response { + if (bereq.url == "/url2") { + set beresp.do_esi = true; + set beresp.do_gzip = true; + } + } +} -start + + +client c1 { + txreq -url /url1 + rxresp + expect resp.status == 200 + + txreq -url /url2 + rxresp + expect resp.status == 503 +} -run From lkarsten at varnish-software.com Wed Feb 11 13:42:36 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Wed, 11 Feb 2015 14:42:36 +0100 Subject: [4.0] afec111 Fix vmod priv doc typo. Message-ID: commit afec1119f8fe1f3ac9bbc00e98fbf3528463a103 Author: Dag Haavi Finstad Date: Fri Jan 30 20:27:38 2015 +0100 Fix vmod priv doc typo. Spotted by: gquintard diff --git a/doc/sphinx/reference/vmod.rst b/doc/sphinx/reference/vmod.rst index 5ad685f..c4d741b 100644 --- a/doc/sphinx/reference/vmod.rst +++ b/doc/sphinx/reference/vmod.rst @@ -273,7 +273,7 @@ malloc would look like this:: if (priv->priv == NULL) { priv->priv = calloc(sizeof(struct myfoo), 1); AN(priv->priv); - priv->priv = free; /* free(3) */ + priv->free = free; /* free(3) */ mystate = priv->priv; mystate->foo = 21; ... From lkarsten at varnish-software.com Wed Feb 11 13:42:36 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Wed, 11 Feb 2015 14:42:36 +0100 Subject: [4.0] 0dc1549 Preparing for 4.0.3-rc3. Message-ID: commit 0dc1549b34c45c8560cdd0f3c1151e7c473b1bfb Author: Lasse Karstensen Date: Wed Feb 11 14:38:48 2015 +0100 Preparing for 4.0.3-rc3. diff --git a/configure.ac b/configure.ac index ae333f2..78c6651 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ AC_PREREQ(2.59) AC_COPYRIGHT([Copyright (c) 2006 Verdens Gang AS Copyright (c) 2006-2015 Varnish Software AS]) AC_REVISION([$Id$]) -AC_INIT([Varnish], [4.0.3-rc2], [varnish-dev at varnish-cache.org]) +AC_INIT([Varnish], [4.0.3-rc3], [varnish-dev at varnish-cache.org]) AC_CONFIG_SRCDIR(include/miniobj.h) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_MACRO_DIR([m4]) diff --git a/doc/changes.rst b/doc/changes.rst index 669e3b7..9833b46 100644 --- a/doc/changes.rst +++ b/doc/changes.rst @@ -1,4 +1,22 @@ ================================================ +Changes from 4.0.3-rc2 to 4.0.3-rc3 (2015-02-11) +================================================ + +- Superseded objects are now expired immediately. + +Bugs fixed +---------- + +- 1539_ - Avoid panic when expiry thread modifies a candidate object. +- 1637_ - Fail the fetch processing if the vep callback failed. +- 1672_ - Do not panic on unsolicited 304 response to non-200 bereq. + +.. _1539: https://www.varnish-cache.org/trac/ticket/1539 +.. _1637: https://www.varnish-cache.org/trac/ticket/1637 +.. _1672: https://www.varnish-cache.org/trac/ticket/1672 + + +================================================ Changes from 4.0.3-rc1 to 4.0.3-rc2 (2015-01-28) ================================================ diff --git a/redhat/varnish.spec b/redhat/varnish.spec index 3491bf0..fc811d9 100644 --- a/redhat/varnish.spec +++ b/redhat/varnish.spec @@ -1,4 +1,4 @@ -%define v_rc rc2 +%define v_rc rc3 %define vd_rc %{?v_rc:-%{?v_rc}} %define _use_internal_dependency_generator 0 %define __find_provides %{_builddir}/varnish-%{version}%{?v_rc:-%{?v_rc}}/redhat/find-provides From phk at FreeBSD.org Wed Feb 11 14:05:39 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 11 Feb 2015 15:05:39 +0100 Subject: [master] bfd0d2d Move the param/tweak stuff related to sandboxing to its own source file. Message-ID: commit bfd0d2d061ba399987c973cd252bfafaab82a238 Author: Poul-Henning Kamp Date: Wed Feb 11 14:05:14 2015 +0000 Move the param/tweak stuff related to sandboxing to its own source file. diff --git a/bin/varnishd/Makefile.am b/bin/varnishd/Makefile.am index b5aafb0..03c23fe 100644 --- a/bin/varnishd/Makefile.am +++ b/bin/varnishd/Makefile.am @@ -68,6 +68,7 @@ varnishd_SOURCES = \ mgt/mgt_param.c \ mgt/mgt_param_tbl.c \ mgt/mgt_param_bits.c \ + mgt/mgt_param_sandbox.c \ mgt/mgt_param_tcp.c \ mgt/mgt_param_tweak.c \ mgt/mgt_pool.c \ diff --git a/bin/varnishd/mgt/mgt_param.c b/bin/varnishd/mgt/mgt_param.c index c8b7fe9..99d4496 100644 --- a/bin/varnishd/mgt/mgt_param.c +++ b/bin/varnishd/mgt/mgt_param.c @@ -470,6 +470,7 @@ MCF_CollectParams(void) MCF_AddParams(mgt_parspec); MCF_AddParams(WRK_parspec); MCF_AddParams(VSL_parspec); + MCF_AddParams(mgt_parspec_sandbox); } /*--------------------------------------------------------------------*/ diff --git a/bin/varnishd/mgt/mgt_param.h b/bin/varnishd/mgt/mgt_param.h index 1b8204a..95c402b 100644 --- a/bin/varnishd/mgt/mgt_param.h +++ b/bin/varnishd/mgt/mgt_param.h @@ -56,14 +56,11 @@ tweak_t tweak_bool; tweak_t tweak_bytes; tweak_t tweak_bytes_u; tweak_t tweak_double; -tweak_t tweak_group; -tweak_t tweak_group_cc; tweak_t tweak_listen_address; tweak_t tweak_poolparam; tweak_t tweak_string; tweak_t tweak_timeout; tweak_t tweak_uint; -tweak_t tweak_user; tweak_t tweak_waiter; tweak_t tweak_vsl_buffer; tweak_t tweak_vsl_reclen; @@ -71,11 +68,7 @@ tweak_t tweak_vsl_reclen; int tweak_generic_uint(struct vsb *vsb, volatile unsigned *dest, const char *arg, const char *min, const char *max); -/* mgt_param_tbl.c */ -extern struct parspec mgt_parspec[]; - -/* mgt_param_vsl.c */ -extern struct parspec VSL_parspec[]; - -/* mgt_pool.c */ -extern struct parspec WRK_parspec[]; +extern struct parspec mgt_parspec[]; /* mgt_param_tbl.c */ +extern struct parspec VSL_parspec[]; /* mgt_param_vsl.c */ +extern struct parspec WRK_parspec[]; /* mgt_pool.c */ +extern struct parspec mgt_parspec_sandbox[]; /* mgt_param_sandbox.c */ diff --git a/bin/varnishd/mgt/mgt_param_sandbox.c b/bin/varnishd/mgt/mgt_param_sandbox.c new file mode 100644 index 0000000..432c4d9 --- /dev/null +++ b/bin/varnishd/mgt/mgt_param_sandbox.c @@ -0,0 +1,160 @@ +/*- + * Copyright (c) 2006 Verdens Gang AS + * Copyright (c) 2006-2011 Varnish Software AS + * All rights reserved. + * + * Author: Poul-Henning Kamp + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * Functions for tweaking parameters + * + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "mgt/mgt.h" +#include "common/params.h" + +#include "mgt/mgt_param.h" + +/*-------------------------------------------------------------------- + * XXX: slightly magic. We want to initialize to "nobody" (XXX: shouldn't + * XXX: that be something autocrap found for us ?) but we don't want to + * XXX: fail initialization if that user doesn't exists, even though we + * XXX: do want to fail it, in subsequent sets. + * XXX: The magic init string is a hack for this. + */ + +static int +tweak_user(struct vsb *vsb, const struct parspec *par, const char *arg) +{ + struct passwd *pw; + + (void)par; + if (arg != NULL) { + pw = getpwnam(arg); + if (pw == NULL) { + VSB_printf(vsb, "Unknown user '%s'", arg); + return(-1); + } + REPLACE(mgt_param.user, pw->pw_name); + mgt_param.uid = pw->pw_uid; + endpwent(); + } else if (mgt_param.user) { + VSB_printf(vsb, "%s (%d)", mgt_param.user, (int)mgt_param.uid); + } else { + VSB_printf(vsb, "UID %d", (int)mgt_param.uid); + } + return (0); +} + +/*-------------------------------------------------------------------- + * XXX: see comment for tweak_user, same thing here. + */ + +static int +tweak_group(struct vsb *vsb, const struct parspec *par, const char *arg) +{ + struct group *gr; + + (void)par; + if (arg != NULL) { + gr = getgrnam(arg); + if (gr == NULL) { + VSB_printf(vsb, "Unknown group '%s'", arg); + return(-1); + } + REPLACE(mgt_param.group, gr->gr_name); + mgt_param.gid = gr->gr_gid; + endgrent(); + } else if (mgt_param.group) { + VSB_printf(vsb, "%s (%d)", mgt_param.group, (int)mgt_param.gid); + } else { + VSB_printf(vsb, "GID %d", (int)mgt_param.gid); + } + return (0); +} + +/*-------------------------------------------------------------------- + * XXX: see comment for tweak_user, same thing here. + */ + +static int +tweak_group_cc(struct vsb *vsb, const struct parspec *par, const char *arg) +{ + struct group *gr; + + (void)par; + if (arg != NULL) { + if (*arg != '\0') { + gr = getgrnam(arg); + if (gr == NULL) { + VSB_printf(vsb, "Unknown group"); + return(-1); + } + REPLACE(mgt_param.group_cc, gr->gr_name); + mgt_param.gid_cc = gr->gr_gid; + } else { + REPLACE(mgt_param.group_cc, ""); + mgt_param.gid_cc = 0; + } + } else if (strlen(mgt_param.group_cc) > 0) { + VSB_printf(vsb, "%s (%d)", + mgt_param.group_cc, (int)mgt_param.gid_cc); + } else { + VSB_printf(vsb, ""); + } + return (0); +} + +/*-------------------------------------------------------------------- + */ + +struct parspec mgt_parspec_sandbox[] = { + { "user", tweak_user, NULL, NULL, NULL, + "The unprivileged user to run as.", + MUST_RESTART | ONLY_ROOT, + "" }, + { "group", tweak_group, NULL, NULL, NULL, + "The unprivileged group to run as.", + MUST_RESTART | ONLY_ROOT, + "" }, + { "group_cc", tweak_group_cc, NULL, NULL, NULL, + "On some systems the C-compiler is restricted so not" + " everybody can run it. This parameter makes it possible" + " to add an extra group to the sandbox process which runs the" + " cc_command, in order to gain access to such a restricted" + " C-compiler.", + ONLY_ROOT, + "" }, + { NULL, NULL, NULL } +}; diff --git a/bin/varnishd/mgt/mgt_param_tbl.c b/bin/varnishd/mgt/mgt_param_tbl.c index fc9dc78..e57a68f 100644 --- a/bin/varnishd/mgt/mgt_param_tbl.c +++ b/bin/varnishd/mgt/mgt_param_tbl.c @@ -45,22 +45,6 @@ "\tmax_age\tmax age of free element." struct parspec mgt_parspec[] = { - { "user", tweak_user, NULL, NULL, NULL, - "The unprivileged user to run as.", - MUST_RESTART | ONLY_ROOT, - "" }, - { "group", tweak_group, NULL, NULL, NULL, - "The unprivileged group to run as.", - MUST_RESTART | ONLY_ROOT, - "" }, - { "group_cc", tweak_group_cc, NULL, NULL, NULL, - "On some systems the C-compiler is restricted so not" - " everybody can run it. This parameter makes it possible" - " to add an extra group to the sandbox process which runs the" - " cc_command, in order to gain access to such a restricted" - " C-compiler.", - ONLY_ROOT, - "" }, { "default_ttl", tweak_timeout, &mgt_param.default_ttl, "0", NULL, "The TTL assigned to objects if neither the backend nor " diff --git a/bin/varnishd/mgt/mgt_param_tweak.c b/bin/varnishd/mgt/mgt_param_tweak.c index f989307..7d4a13f 100644 --- a/bin/varnishd/mgt/mgt_param_tweak.c +++ b/bin/varnishd/mgt/mgt_param_tweak.c @@ -32,10 +32,8 @@ #include "config.h" -#include #include #include -#include #include #include #include @@ -369,96 +367,6 @@ tweak_vsl_reclen(struct vsb *vsb, const struct parspec *par, const char *arg) return (0); } -/*-------------------------------------------------------------------- - * XXX: slightly magic. We want to initialize to "nobody" (XXX: shouldn't - * XXX: that be something autocrap found for us ?) but we don't want to - * XXX: fail initialization if that user doesn't exists, even though we - * XXX: do want to fail it, in subsequent sets. - * XXX: The magic init string is a hack for this. - */ - -int -tweak_user(struct vsb *vsb, const struct parspec *par, const char *arg) -{ - struct passwd *pw; - - (void)par; - if (arg != NULL) { - pw = getpwnam(arg); - if (pw == NULL) { - VSB_printf(vsb, "Unknown user '%s'", arg); - return(-1); - } - REPLACE(mgt_param.user, pw->pw_name); - mgt_param.uid = pw->pw_uid; - endpwent(); - } else if (mgt_param.user) { - VSB_printf(vsb, "%s (%d)", mgt_param.user, (int)mgt_param.uid); - } else { - VSB_printf(vsb, "UID %d", (int)mgt_param.uid); - } - return (0); -} - -/*-------------------------------------------------------------------- - * XXX: see comment for tweak_user, same thing here. - */ - -int -tweak_group(struct vsb *vsb, const struct parspec *par, const char *arg) -{ - struct group *gr; - - (void)par; - if (arg != NULL) { - gr = getgrnam(arg); - if (gr == NULL) { - VSB_printf(vsb, "Unknown group '%s'", arg); - return(-1); - } - REPLACE(mgt_param.group, gr->gr_name); - mgt_param.gid = gr->gr_gid; - endgrent(); - } else if (mgt_param.group) { - VSB_printf(vsb, "%s (%d)", mgt_param.group, (int)mgt_param.gid); - } else { - VSB_printf(vsb, "GID %d", (int)mgt_param.gid); - } - return (0); -} - -/*-------------------------------------------------------------------- - * XXX: see comment for tweak_user, same thing here. - */ - -int -tweak_group_cc(struct vsb *vsb, const struct parspec *par, const char *arg) -{ - struct group *gr; - - (void)par; - if (arg != NULL) { - if (*arg != '\0') { - gr = getgrnam(arg); - if (gr == NULL) { - VSB_printf(vsb, "Unknown group"); - return(-1); - } - REPLACE(mgt_param.group_cc, gr->gr_name); - mgt_param.gid_cc = gr->gr_gid; - } else { - REPLACE(mgt_param.group_cc, ""); - mgt_param.gid_cc = 0; - } - } else if (strlen(mgt_param.group_cc) > 0) { - VSB_printf(vsb, "%s (%d)", - mgt_param.group_cc, (int)mgt_param.gid_cc); - } else { - VSB_printf(vsb, ""); - } - return (0); -} - /*--------------------------------------------------------------------*/ static void From lkarsten at varnish-software.com Wed Feb 11 14:08:46 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Wed, 11 Feb 2015 15:08:46 +0100 Subject: [4.0] 19f2d80 Varnishncsa logs the first value if on request side and uses the last entry if on delivery side. Message-ID: commit 19f2d802a7175c7d0cc66c08ba368520130c31d2 Author: arianna-aondio Date: Fri Jan 23 13:19:16 2015 +0100 Varnishncsa logs the first value if on request side and uses the last entry if on delivery side. Fixes #1462 diff --git a/bin/varnishncsa/varnishncsa.c b/bin/varnishncsa/varnishncsa.c index 6e01e60..8728336 100644 --- a/bin/varnishncsa/varnishncsa.c +++ b/bin/varnishncsa/varnishncsa.c @@ -699,7 +699,7 @@ isprefix(const char *str, const char *prefix, const char *end, } static void -frag_fields(const char *b, const char *e, ...) +frag_fields(int force, const char *b, const char *e, ...) { va_list ap; const char *p, *q; @@ -726,7 +726,7 @@ frag_fields(const char *b, const char *e, ...) q++; if (field == n) { - if (frag->gen != CTX.gen) { + if (frag->gen != CTX.gen || !force) { /* We only grab the same matching field once */ frag->gen = CTX.gen; frag->b = p; @@ -742,10 +742,10 @@ frag_fields(const char *b, const char *e, ...) } static void -frag_line(const char *b, const char *e, struct fragment *f) +frag_line(int force, const char *b, const char *e, struct fragment *f) { - if (f->gen == CTX.gen) + if (f->gen == CTX.gen && !force) /* We only grab the same matching record once */ return; @@ -770,7 +770,7 @@ process_hdr(const struct watch_head *head, const char *b, const char *e) VTAILQ_FOREACH(w, head, list) { if (strncasecmp(b, w->key, w->keylen)) continue; - frag_line(b + w->keylen, e, &w->frag); + frag_line(0, b + w->keylen, e, &w->frag); } } @@ -783,7 +783,6 @@ dispatch_f(struct VSL_data *vsl, struct VSL_transaction * const pt[], const char *b, *e, *p; struct watch *w; int i, skip; - (void)vsl; (void)priv; @@ -810,32 +809,34 @@ dispatch_f(struct VSL_data *vsl, struct VSL_transaction * const pt[], skip = 1; break; case SLT_PipeAcct: - frag_fields(b, e, + frag_fields(0, b, e, 3, &CTX.frag[F_I], 4, &CTX.frag[F_O], 0, NULL); break; case SLT_ReqStart: - frag_fields(b, e, 1, &CTX.frag[F_h], 0, NULL); + frag_fields(0, b, e, + 1, &CTX.frag[F_h], + 0, NULL); break; case SLT_ReqMethod: - frag_line(b, e, &CTX.frag[F_m]); + frag_line(0, b, e, &CTX.frag[F_m]); break; case SLT_ReqURL: p = memchr(b, '?', e - b); if (p == NULL) p = e; - frag_line(b, p, &CTX.frag[F_U]); - frag_line(p, e, &CTX.frag[F_q]); + frag_line(0, b, p, &CTX.frag[F_U]); + frag_line(0, p, e, &CTX.frag[F_q]); break; case SLT_ReqProtocol: - frag_line(b, e, &CTX.frag[F_H]); + frag_line(0, b, e, &CTX.frag[F_H]); break; case SLT_RespStatus: - frag_line(b, e, &CTX.frag[F_s]); + frag_line(1, b, e, &CTX.frag[F_s]); break; case SLT_ReqAcct: - frag_fields(b, e, + frag_fields(0, b, e, 3, &CTX.frag[F_I], 5, &CTX.frag[F_b], 6, &CTX.frag[F_O], @@ -843,26 +844,26 @@ dispatch_f(struct VSL_data *vsl, struct VSL_transaction * const pt[], break; case SLT_Timestamp: if (isprefix(b, "Start:", e, &p)) { - frag_fields(p, e, 1, + frag_fields(0, p, e, 1, &CTX.frag[F_tstart], 0, NULL); } else if (isprefix(b, "Resp:", e, &p) || isprefix(b, "PipeSess:", e, &p)) { - frag_fields(p, e, 1, + frag_fields(0, p, e, 1, &CTX.frag[F_tend], 0, NULL); } else if (isprefix(b, "Process:", e, &p) || isprefix(b, "Pipe:", e, &p)) { - frag_fields(p, e, 2, + frag_fields(0, p, e, 2, &CTX.frag[F_ttfb], 0, NULL); } break; case SLT_ReqHeader: if (isprefix(b, "Host:", e, &p)) - frag_line(p, e, &CTX.frag[F_host]); + frag_line(0, p, e, &CTX.frag[F_host]); else if (isprefix(b, "Authorization:", e, &p) && isprefix(p, "basic", e, &p)) - frag_line(p, e, &CTX.frag[F_auth]); + frag_line(0, p, e, &CTX.frag[F_auth]); break; case SLT_VCL_call: if (!strcasecmp(b, "recv")) { @@ -896,7 +897,6 @@ dispatch_f(struct VSL_data *vsl, struct VSL_transaction * const pt[], default: break; } - if (tag == SLT_VCL_Log) { VTAILQ_FOREACH(w, &CTX.watch_vcl_log, list) { CHECK_OBJ_NOTNULL(w, WATCH_MAGIC); @@ -908,7 +908,7 @@ dispatch_f(struct VSL_data *vsl, struct VSL_transaction * const pt[], p++; if (p > e) continue; - frag_line(p, e, &w->frag); + frag_line(0, p, e, &w->frag); } } if (tag == SLT_ReqHeader) From lkarsten at varnish-software.com Wed Feb 11 14:08:46 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Wed, 11 Feb 2015 15:08:46 +0100 Subject: [4.0] 36ea951 Fix logic in frag_fields Message-ID: commit 36ea951a3c590ed5332fd6be1ad804f870998e4b Author: Martin Blix Grydeland Date: Mon Jan 26 10:40:39 2015 +0100 Fix logic in frag_fields diff --git a/bin/varnishncsa/varnishncsa.c b/bin/varnishncsa/varnishncsa.c index 8728336..9cbbd50 100644 --- a/bin/varnishncsa/varnishncsa.c +++ b/bin/varnishncsa/varnishncsa.c @@ -726,7 +726,7 @@ frag_fields(int force, const char *b, const char *e, ...) q++; if (field == n) { - if (frag->gen != CTX.gen || !force) { + if (frag->gen != CTX.gen || force) { /* We only grab the same matching field once */ frag->gen = CTX.gen; frag->b = p; From lkarsten at varnish-software.com Wed Feb 11 14:08:46 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Wed, 11 Feb 2015 15:08:46 +0100 Subject: [4.0] bbfbef6 Be more accurate when computing client RX_TIMEOUT. Message-ID: commit bbfbef651744d9749a3a818c588aa1a1277f5b91 Author: Lasse Karstensen Date: Wed Feb 11 15:01:05 2015 +0100 Be more accurate when computing client RX_TIMEOUT. This a backport of f9aa6281f5194ed27cfa4c7ad7ce50cdb8f9bf1c in master. Fixes #1665. diff --git a/bin/varnishd/cache/cache_http1_fsm.c b/bin/varnishd/cache/cache_http1_fsm.c index 2934181..b398dc2 100644 --- a/bin/varnishd/cache/cache_http1_fsm.c +++ b/bin/varnishd/cache/cache_http1_fsm.c @@ -154,7 +154,7 @@ http1_wait(struct sess *sp, struct worker *wrk, struct req *req) if (isnan(req->t_first)) /* Record first byte received time stamp */ req->t_first = now; - when = sp->t_idle + cache_param->timeout_req; + when = req->t_first + cache_param->timeout_req; tmo = (int)(1e3 * (when - now)); if (when < now || tmo == 0) { why = SC_RX_TIMEOUT; From lkarsten at varnish-software.com Wed Feb 11 14:33:04 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Wed, 11 Feb 2015 15:33:04 +0100 Subject: [master] 12e40b3 Use HTTPS on all web URLs. Message-ID: commit 12e40b38726fa62daa6b9a59d9dd5a1b25610196 Author: Lasse Karstensen Date: Wed Feb 11 13:44:48 2015 +0100 Use HTTPS on all web URLs. diff --git a/redhat/varnish.spec b/redhat/varnish.spec index 942ad15..ff50441 100644 --- a/redhat/varnish.spec +++ b/redhat/varnish.spec @@ -9,7 +9,7 @@ Version: 4.0.1 Release: 1%{?v_rc}%{?dist} License: BSD Group: System Environment/Daemons -URL: http://www.varnish-cache.org/ +URL: https://www.varnish-cache.org/ #Source0: http://repo.varnish-cache.org/source/%{name}-%{version}.tar.gz Source0: %{name}-%{version}%{?vd_rc}.tar.gz #Source0: %{name}-trunk.tar.gz From lkarsten at varnish-software.com Wed Feb 11 14:33:05 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Wed, 11 Feb 2015 15:33:05 +0100 Subject: [master] b87d45e Output the log if any tests fail. Message-ID: commit b87d45ede9710d6b71862d2f332fd99893a6df13 Author: Lasse Karstensen Date: Wed Feb 11 15:32:25 2015 +0100 Output the log if any tests fail. diff --git a/.travis.yml b/.travis.yml index 3ed018a..8caad42 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,4 +7,4 @@ before_install: - sudo apt-get install python-docutils - ./autogen.sh - ./configure -script: 'make -j3 check' +script: 'make -j3 check VERBOSE=1' From lkarsten at varnish-software.com Wed Feb 11 14:33:47 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Wed, 11 Feb 2015 15:33:47 +0100 Subject: [4.0] 45516b6 Update with latest fixes for 4.0.3-rc3. Message-ID: commit 45516b64444a6c3f3c48850f16d9e7b02468063e Author: Lasse Karstensen Date: Wed Feb 11 15:20:06 2015 +0100 Update with latest fixes for 4.0.3-rc3. diff --git a/doc/changes.rst b/doc/changes.rst index 9833b46..293a5db 100644 --- a/doc/changes.rst +++ b/doc/changes.rst @@ -7,12 +7,16 @@ Changes from 4.0.3-rc2 to 4.0.3-rc3 (2015-02-11) Bugs fixed ---------- +- 1462_ - Use first/last log entry in varnishncsa. - 1539_ - Avoid panic when expiry thread modifies a candidate object. - 1637_ - Fail the fetch processing if the vep callback failed. +- 1665_ - Be more accurate when computing client RX_TIMEOUT. - 1672_ - Do not panic on unsolicited 304 response to non-200 bereq. +.. _1462: https://www.varnish-cache.org/trac/ticket/1462 .. _1539: https://www.varnish-cache.org/trac/ticket/1539 .. _1637: https://www.varnish-cache.org/trac/ticket/1637 +.. _1665: https://www.varnish-cache.org/trac/ticket/1665 .. _1672: https://www.varnish-cache.org/trac/ticket/1672 From lkarsten at varnish-software.com Wed Feb 11 14:33:47 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Wed, 11 Feb 2015 15:33:47 +0100 Subject: [4.0] 8ccfe58 Output the log if any tests fail. Message-ID: commit 8ccfe58df1107087c33cc96a9861f9df302d6b96 Author: Lasse Karstensen Date: Wed Feb 11 15:32:25 2015 +0100 Output the log if any tests fail. diff --git a/.travis.yml b/.travis.yml index 3ed018a..8caad42 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,4 +7,4 @@ before_install: - sudo apt-get install python-docutils - ./autogen.sh - ./configure -script: 'make -j3 check' +script: 'make -j3 check VERBOSE=1' From daghf at varnish-software.com Wed Feb 11 15:14:46 2015 From: daghf at varnish-software.com (Dag Haavi Finstad) Date: Wed, 11 Feb 2015 16:14:46 +0100 Subject: [4.0] 739fee0b Edit -bodylen in r01637.vtc to make varnishtest more cooperative. Message-ID: commit 739fee0b19595258cab835cad52eef5b875f160f Author: Dag Haavi Finstad Date: Wed Feb 11 16:01:31 2015 +0100 Edit -bodylen in r01637.vtc to make varnishtest more cooperative. diff --git a/bin/varnishtest/tests/r01637.vtc b/bin/varnishtest/tests/r01637.vtc index 9ffdcee..1c7489c 100644 --- a/bin/varnishtest/tests/r01637.vtc +++ b/bin/varnishtest/tests/r01637.vtc @@ -4,16 +4,29 @@ server s1 { # First consume (almost) all of the storage rxreq expect req.url == /url1 - txresp -bodylen 1040000 + txresp -bodylen 260000 rxreq expect req.url == /url2 - txresp -bodylen 1040000 + txresp -bodylen 260000 + + rxreq + expect req.url == /url3 + txresp -bodylen 260000 + + rxreq + expect req.url == /url4 + txresp -bodylen 260000 + + rxreq + expect req.url == /url5 + txresp -bodylen 9000 } -start -varnish v1 -arg "-smalloc,1M" -arg "-p nuke_limit=0" -vcl+backend { +varnish v1 -arg "-smalloc,1M" -arg "-p nuke_limit=0 -p gzip_level=0" \ + -vcl+backend { sub vcl_backend_response { - if (bereq.url == "/url2") { + if (bereq.url == "/url5") { set beresp.do_esi = true; set beresp.do_gzip = true; } @@ -28,5 +41,17 @@ client c1 { txreq -url /url2 rxresp + expect resp.status == 200 + + txreq -url /url3 + rxresp + expect resp.status == 200 + + txreq -url /url4 + rxresp + expect resp.status == 200 + + txreq -url /url5 + rxresp expect resp.status == 503 } -run From phk at FreeBSD.org Wed Feb 11 22:11:00 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 11 Feb 2015 23:11:00 +0100 Subject: [master] f9f2615 Eliminate special case for mgt_vcc_default() using the cli we have already set up in mgt_main. Message-ID: commit f9f261562dc4ab8f52aa80b4bcff713d71afc20f Author: Poul-Henning Kamp Date: Wed Feb 11 22:09:59 2015 +0000 Eliminate special case for mgt_vcc_default() using the cli we have already set up in mgt_main. diff --git a/bin/varnishd/mgt/mgt.h b/bin/varnishd/mgt/mgt.h index bbbbc66..601d194 100644 --- a/bin/varnishd/mgt/mgt.h +++ b/bin/varnishd/mgt/mgt.h @@ -118,7 +118,8 @@ void STV_Config_Transient(void); /* mgt_vcc.c */ void mgt_vcc_init(void); -unsigned mgt_vcc_default(const char *bflag, const char *vcl, int Cflag); +void mgt_vcc_default(struct cli *, const char *b_arg, const char *vclsrc, + int Cflag); int mgt_push_vcls_and_start(unsigned *status, char **p); int mgt_has_vcl(void); extern char *mgt_cc_cmd; diff --git a/bin/varnishd/mgt/mgt_main.c b/bin/varnishd/mgt/mgt_main.c index 999c5d8..d32ea13 100644 --- a/bin/varnishd/mgt/mgt_main.c +++ b/bin/varnishd/mgt/mgt_main.c @@ -656,13 +656,16 @@ main(int argc, char * const *argv) P_arg, strerror(errno)); if (b_arg != NULL || f_arg != NULL) { - if ((o = mgt_vcc_default(b_arg, vcl, C_flag)) != 0) - exit(o); + mgt_vcc_default(cli, b_arg, vcl, C_flag); + if (C_flag) { + AZ(VSB_finish(cli->sb)); + fprintf(stderr, "%s\n", VSB_data(cli->sb)); + exit(0); + } + cli_check(cli); free(vcl); - } - - if (C_flag) - exit(0); + } else if (C_flag) + ARGV_ERR("-C only good with -b or -f\n"); if (!d_flag) { if (MGT_open_sockets()) diff --git a/bin/varnishd/mgt/mgt_vcc.c b/bin/varnishd/mgt/mgt_vcc.c index e7eca8a..d6ddc30 100644 --- a/bin/varnishd/mgt/mgt_vcc.c +++ b/bin/varnishd/mgt/mgt_vcc.c @@ -335,7 +335,7 @@ mgt_vcc_compile(struct vcc_priv *vp, struct vsb *sb, int C_flag) /*--------------------------------------------------------------------*/ -static unsigned +static void mgt_VccCompile(struct cli *cli, const char *vclname, const char *vclsrc, int C_flag) { @@ -344,7 +344,7 @@ mgt_VccCompile(struct cli *cli, const char *vclname, const char *vclsrc, unsigned status; char *p; - (void)cli; + AN(cli); sb = VSB_new_auto(); XXXAN(sb); @@ -366,12 +366,8 @@ mgt_VccCompile(struct cli *cli, const char *vclname, const char *vclsrc, status = mgt_vcc_compile(&vp, sb, C_flag); AZ(VSB_finish(sb)); - if (VSB_len(sb) > 0) { - if (cli != NULL) - VCLI_Out(cli, "%s", VSB_data(sb)); - else - fprintf(stderr, "%s", VSB_data(sb)); - } + if (VSB_len(sb) > 0) + VCLI_Out(cli, "%s", VSB_data(sb)); VSB_delete(sb); (void)unlink(vp.srcfile); @@ -380,63 +376,55 @@ mgt_VccCompile(struct cli *cli, const char *vclname, const char *vclsrc, if (status || C_flag) { (void)unlink(vp.libfile); free(vp.libfile); - if (cli != NULL) { + if (!C_flag) { VCLI_Out(cli, "VCL compilation failed"); - } else if (!C_flag) - fprintf(stderr, "\nVCL compilation failed\n"); - return (status); + VCLI_SetResult(cli, CLIS_PARAM); + } + return; } - if (cli != NULL) - VCLI_Out(cli, "VCL compiled.\n"); + VCLI_Out(cli, "VCL compiled.\n"); - if (cli == NULL || child_pid < 0) { + if (child_pid < 0) { mgt_vcc_add(vclname, vp.libfile); free(vp.libfile); - return (0); + return; } if (!mgt_cli_askchild(&status, &p, "vcl.load %s %s\n", vclname, vp.libfile)) { mgt_vcc_add(vclname, vp.libfile); free(vp.libfile); - return (0); + return; } - VCLI_SetResult(cli, status); VCLI_Out(cli, "%s", p); + VCLI_SetResult(cli, CLIS_PARAM); (void)unlink(vp.libfile); free(vp.libfile); - return (status); } /*--------------------------------------------------------------------*/ -unsigned -mgt_vcc_default(const char *b_arg, const char *vcl, int C_flag) +void +mgt_vcc_default(struct cli *cli, const char *b_arg, const char *vclsrc, + int C_flag) { char buf[BUFSIZ]; if (b_arg == NULL) { - AN(vcl); - return (mgt_VccCompile(NULL, "boot", vcl, C_flag)); + AN(vclsrc); + mgt_VccCompile(cli, "boot", vclsrc, C_flag); + return; } - AZ(vcl); - /* - * XXX: should do a "HEAD /" on the -b argument to see that - * XXX: it even works. On the other hand, we should do that - * XXX: for all backends in the cache process whenever we - * XXX: change config, but for a complex VCL, it might not be - * XXX: a bug for a backend to not reply at that time, so then - * XXX: again: we should check it here in the "trivial" case. - */ + AZ(vclsrc); bprintf(buf, "vcl 4.0;\n" "backend default {\n" " .host = \"%s\";\n" "}\n", b_arg); - return (mgt_VccCompile(NULL, "boot", buf, C_flag)); + mgt_VccCompile(cli, "boot", buf, C_flag); } /*--------------------------------------------------------------------*/ @@ -509,8 +497,7 @@ mcf_vcl_inline(struct cli *cli, const char * const *av, void *priv) return; } - if (mgt_VccCompile(cli, av[2], av[3], 0)) - VCLI_SetResult(cli, CLIS_PARAM); + mgt_VccCompile(cli, av[2], av[3], 0); } void @@ -534,8 +521,7 @@ mcf_vcl_load(struct cli *cli, const char * const *av, void *priv) return; } - if (mgt_VccCompile(cli, av[2], vcl, 0)) - VCLI_SetResult(cli, CLIS_PARAM); + mgt_VccCompile(cli, av[2], vcl, 0); free(vcl); } From phk at FreeBSD.org Wed Feb 11 22:39:10 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 11 Feb 2015 23:39:10 +0100 Subject: [master] 5f865c5 Try to collect all the sandbox related stuff in mgt_sandbox.c Message-ID: commit 5f865c5a438efd22de6fd2b13027def63546d554 Author: Poul-Henning Kamp Date: Wed Feb 11 22:38:52 2015 +0000 Try to collect all the sandbox related stuff in mgt_sandbox.c diff --git a/bin/varnishd/Makefile.am b/bin/varnishd/Makefile.am index 03c23fe..b5aafb0 100644 --- a/bin/varnishd/Makefile.am +++ b/bin/varnishd/Makefile.am @@ -68,7 +68,6 @@ varnishd_SOURCES = \ mgt/mgt_param.c \ mgt/mgt_param_tbl.c \ mgt/mgt_param_bits.c \ - mgt/mgt_param_sandbox.c \ mgt/mgt_param_tcp.c \ mgt/mgt_param_tweak.c \ mgt/mgt_pool.c \ diff --git a/bin/varnishd/mgt/mgt.h b/bin/varnishd/mgt/mgt.h index 601d194..9c1c13d 100644 --- a/bin/varnishd/mgt/mgt.h +++ b/bin/varnishd/mgt/mgt.h @@ -96,6 +96,7 @@ enum sandbox_e { typedef void mgt_sandbox_f(enum sandbox_e); extern mgt_sandbox_f *mgt_sandbox; +void mgt_sandbox_init(void); /* mgt_sandbox_solaris.c */ #ifdef HAVE_SETPPRIV diff --git a/bin/varnishd/mgt/mgt_main.c b/bin/varnishd/mgt/mgt_main.c index d32ea13..52bb022 100644 --- a/bin/varnishd/mgt/mgt_main.c +++ b/bin/varnishd/mgt/mgt_main.c @@ -36,8 +36,6 @@ #include #include -#include -#include #include #include #include @@ -329,41 +327,11 @@ static void init_params(struct cli *cli) { ssize_t def, low; - struct passwd *pwd; - struct group *grp; MCF_CollectParams(); MCF_TcpParams(); - /* - * If we have nobody/nogroup, use them as defaults for sandboxes, - * else fall back to whoever we run as. - */ - if (getpwnam("nobody") != NULL) { - MCF_SetDefault("user", "nobody"); - } else { - pwd = getpwuid(getuid()); - if (pwd == NULL) - ARGV_ERR("Neither user 'nobody' or my uid (%jd)" - " found in password database.\n", - (intmax_t)getuid()); - MCF_SetDefault("user", pwd->pw_name); - } - endpwent(); - - if (getgrnam("nogroup") != NULL) { - MCF_SetDefault("group", "nogroup"); - } else { - grp = getgrgid(getgid()); - if (grp == NULL) - ARGV_ERR("Neither group 'nogroup' or my gid (%jd)" - " found in password database.\n", - (intmax_t)getgid()); - MCF_SetDefault("group", grp->gr_name); - } - endgrent(); - if (sizeof(void *) < 8) { /* * Adjust default parameters for 32 bit systems to conserve @@ -457,6 +425,15 @@ main(int argc, char * const *argv) */ SHA256_Test(); + /* + * Find out if we can sandbox + */ + mgt_sandbox_init(); + + /* + * Create a cli for convenience in otherwise CLI functions + */ + INIT_OBJ(cli, CLI_MAGIC); cli[0].sb = VSB_new_auto(); XXXAN(cli[0].sb); @@ -579,8 +556,6 @@ main(int argc, char * const *argv) argc -= optind; argv += optind; - mgt_vcc_init(); - if (argc != 0) ARGV_ERR("Too many arguments (%s...)\n", argv[0]); @@ -655,6 +630,8 @@ main(int argc, char * const *argv) ARGV_ERR("Could not open pid/lock (-P) file (%s): %s\n", P_arg, strerror(errno)); + mgt_vcc_init(); + if (b_arg != NULL || f_arg != NULL) { mgt_vcc_default(cli, b_arg, vcl, C_flag); if (C_flag) { diff --git a/bin/varnishd/mgt/mgt_param.c b/bin/varnishd/mgt/mgt_param.c index 99d4496..c8b7fe9 100644 --- a/bin/varnishd/mgt/mgt_param.c +++ b/bin/varnishd/mgt/mgt_param.c @@ -470,7 +470,6 @@ MCF_CollectParams(void) MCF_AddParams(mgt_parspec); MCF_AddParams(WRK_parspec); MCF_AddParams(VSL_parspec); - MCF_AddParams(mgt_parspec_sandbox); } /*--------------------------------------------------------------------*/ diff --git a/bin/varnishd/mgt/mgt_param.h b/bin/varnishd/mgt/mgt_param.h index 95c402b..4550b92 100644 --- a/bin/varnishd/mgt/mgt_param.h +++ b/bin/varnishd/mgt/mgt_param.h @@ -71,4 +71,3 @@ int tweak_generic_uint(struct vsb *vsb, volatile unsigned *dest, extern struct parspec mgt_parspec[]; /* mgt_param_tbl.c */ extern struct parspec VSL_parspec[]; /* mgt_param_vsl.c */ extern struct parspec WRK_parspec[]; /* mgt_pool.c */ -extern struct parspec mgt_parspec_sandbox[]; /* mgt_param_sandbox.c */ diff --git a/bin/varnishd/mgt/mgt_param_sandbox.c b/bin/varnishd/mgt/mgt_param_sandbox.c deleted file mode 100644 index 432c4d9..0000000 --- a/bin/varnishd/mgt/mgt_param_sandbox.c +++ /dev/null @@ -1,160 +0,0 @@ -/*- - * Copyright (c) 2006 Verdens Gang AS - * Copyright (c) 2006-2011 Varnish Software AS - * All rights reserved. - * - * Author: Poul-Henning Kamp - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * Functions for tweaking parameters - * - */ - -#include "config.h" - -#include -#include -#include -#include -#include -#include -#include -#include - -#include "mgt/mgt.h" -#include "common/params.h" - -#include "mgt/mgt_param.h" - -/*-------------------------------------------------------------------- - * XXX: slightly magic. We want to initialize to "nobody" (XXX: shouldn't - * XXX: that be something autocrap found for us ?) but we don't want to - * XXX: fail initialization if that user doesn't exists, even though we - * XXX: do want to fail it, in subsequent sets. - * XXX: The magic init string is a hack for this. - */ - -static int -tweak_user(struct vsb *vsb, const struct parspec *par, const char *arg) -{ - struct passwd *pw; - - (void)par; - if (arg != NULL) { - pw = getpwnam(arg); - if (pw == NULL) { - VSB_printf(vsb, "Unknown user '%s'", arg); - return(-1); - } - REPLACE(mgt_param.user, pw->pw_name); - mgt_param.uid = pw->pw_uid; - endpwent(); - } else if (mgt_param.user) { - VSB_printf(vsb, "%s (%d)", mgt_param.user, (int)mgt_param.uid); - } else { - VSB_printf(vsb, "UID %d", (int)mgt_param.uid); - } - return (0); -} - -/*-------------------------------------------------------------------- - * XXX: see comment for tweak_user, same thing here. - */ - -static int -tweak_group(struct vsb *vsb, const struct parspec *par, const char *arg) -{ - struct group *gr; - - (void)par; - if (arg != NULL) { - gr = getgrnam(arg); - if (gr == NULL) { - VSB_printf(vsb, "Unknown group '%s'", arg); - return(-1); - } - REPLACE(mgt_param.group, gr->gr_name); - mgt_param.gid = gr->gr_gid; - endgrent(); - } else if (mgt_param.group) { - VSB_printf(vsb, "%s (%d)", mgt_param.group, (int)mgt_param.gid); - } else { - VSB_printf(vsb, "GID %d", (int)mgt_param.gid); - } - return (0); -} - -/*-------------------------------------------------------------------- - * XXX: see comment for tweak_user, same thing here. - */ - -static int -tweak_group_cc(struct vsb *vsb, const struct parspec *par, const char *arg) -{ - struct group *gr; - - (void)par; - if (arg != NULL) { - if (*arg != '\0') { - gr = getgrnam(arg); - if (gr == NULL) { - VSB_printf(vsb, "Unknown group"); - return(-1); - } - REPLACE(mgt_param.group_cc, gr->gr_name); - mgt_param.gid_cc = gr->gr_gid; - } else { - REPLACE(mgt_param.group_cc, ""); - mgt_param.gid_cc = 0; - } - } else if (strlen(mgt_param.group_cc) > 0) { - VSB_printf(vsb, "%s (%d)", - mgt_param.group_cc, (int)mgt_param.gid_cc); - } else { - VSB_printf(vsb, ""); - } - return (0); -} - -/*-------------------------------------------------------------------- - */ - -struct parspec mgt_parspec_sandbox[] = { - { "user", tweak_user, NULL, NULL, NULL, - "The unprivileged user to run as.", - MUST_RESTART | ONLY_ROOT, - "" }, - { "group", tweak_group, NULL, NULL, NULL, - "The unprivileged group to run as.", - MUST_RESTART | ONLY_ROOT, - "" }, - { "group_cc", tweak_group_cc, NULL, NULL, NULL, - "On some systems the C-compiler is restricted so not" - " everybody can run it. This parameter makes it possible" - " to add an extra group to the sandbox process which runs the" - " cc_command, in order to gain access to such a restricted" - " C-compiler.", - ONLY_ROOT, - "" }, - { NULL, NULL, NULL } -}; diff --git a/bin/varnishd/mgt/mgt_sandbox.c b/bin/varnishd/mgt/mgt_sandbox.c index 69ce5fa..a7b5abf 100644 --- a/bin/varnishd/mgt/mgt_sandbox.c +++ b/bin/varnishd/mgt/mgt_sandbox.c @@ -48,14 +48,132 @@ #include #endif +#include #include #include +#include #include #include #include #include "mgt/mgt.h" #include "common/params.h" +#include "mgt/mgt_param.h" + +mgt_sandbox_f *mgt_sandbox; + +/*-------------------------------------------------------------------- + * XXX: slightly magic. We want to initialize to "nobody" (XXX: shouldn't + * XXX: that be something autocrap found for us ?) but we don't want to + * XXX: fail initialization if that user doesn't exists, even though we + * XXX: do want to fail it, in subsequent sets. + * XXX: The magic init string is a hack for this. + */ + +static int +tweak_user(struct vsb *vsb, const struct parspec *par, const char *arg) +{ + struct passwd *pw; + + (void)par; + if (arg != NULL) { + pw = getpwnam(arg); + if (pw == NULL) { + VSB_printf(vsb, "Unknown user '%s'", arg); + return(-1); + } + REPLACE(mgt_param.user, pw->pw_name); + mgt_param.uid = pw->pw_uid; + endpwent(); + } else if (mgt_param.user) { + VSB_printf(vsb, "%s (%d)", mgt_param.user, (int)mgt_param.uid); + } else { + VSB_printf(vsb, "UID %d", (int)mgt_param.uid); + } + return (0); +} + +/*-------------------------------------------------------------------- + * XXX: see comment for tweak_user, same thing here. + */ + +static int +tweak_group(struct vsb *vsb, const struct parspec *par, const char *arg) +{ + struct group *gr; + + (void)par; + if (arg != NULL) { + gr = getgrnam(arg); + if (gr == NULL) { + VSB_printf(vsb, "Unknown group '%s'", arg); + return(-1); + } + REPLACE(mgt_param.group, gr->gr_name); + mgt_param.gid = gr->gr_gid; + endgrent(); + } else if (mgt_param.group) { + VSB_printf(vsb, "%s (%d)", mgt_param.group, (int)mgt_param.gid); + } else { + VSB_printf(vsb, "GID %d", (int)mgt_param.gid); + } + return (0); +} + +/*-------------------------------------------------------------------- + * XXX: see comment for tweak_user, same thing here. + */ + +static int +tweak_group_cc(struct vsb *vsb, const struct parspec *par, const char *arg) +{ + struct group *gr; + + (void)par; + if (arg != NULL) { + if (*arg != '\0') { + gr = getgrnam(arg); + if (gr == NULL) { + VSB_printf(vsb, "Unknown group"); + return(-1); + } + REPLACE(mgt_param.group_cc, gr->gr_name); + mgt_param.gid_cc = gr->gr_gid; + } else { + REPLACE(mgt_param.group_cc, ""); + mgt_param.gid_cc = 0; + } + } else if (strlen(mgt_param.group_cc) > 0) { + VSB_printf(vsb, "%s (%d)", + mgt_param.group_cc, (int)mgt_param.gid_cc); + } else { + VSB_printf(vsb, ""); + } + return (0); +} + +/*-------------------------------------------------------------------- + */ + +static struct parspec mgt_parspec_sandbox[] = { + { "user", tweak_user, NULL, NULL, NULL, + "The unprivileged user to run as.", + MUST_RESTART | ONLY_ROOT, + "" }, + { "group", tweak_group, NULL, NULL, NULL, + "The unprivileged group to run as.", + MUST_RESTART | ONLY_ROOT, + "" }, + { "group_cc", tweak_group_cc, NULL, NULL, NULL, + "On some systems the C-compiler is restricted so not" + " everybody can run it. This parameter makes it possible" + " to add an extra group to the sandbox process which runs the" + " cc_command, in order to gain access to such a restricted" + " C-compiler.", + ONLY_ROOT, + "" }, + { NULL, NULL, NULL } +}; /*--------------------------------------------------------------------*/ @@ -105,11 +223,49 @@ mgt_sandbox_linux(enum sandbox_e who) /*--------------------------------------------------------------------*/ -mgt_sandbox_f *mgt_sandbox = +void +mgt_sandbox_init(void) +{ + struct passwd *pwd; + struct group *grp; + + + MCF_AddParams(mgt_parspec_sandbox); + + /* + * If we have nobody/nogroup, use them as defaults for sandboxes, + * else fall back to whoever we run as. + */ + if (getpwnam("nobody") != NULL) { + MCF_SetDefault("user", "nobody"); + } else { + pwd = getpwuid(getuid()); + if (pwd == NULL) + ARGV_ERR("Neither user 'nobody' or my uid (%jd)" + " found in password database.\n", + (intmax_t)getuid()); + MCF_SetDefault("user", pwd->pw_name); + } + endpwent(); + + if (getgrnam("nogroup") != NULL) { + MCF_SetDefault("group", "nogroup"); + } else { + grp = getgrgid(getgid()); + if (grp == NULL) + ARGV_ERR("Neither group 'nogroup' or my gid (%jd)" + " found in password database.\n", + (intmax_t)getgid()); + MCF_SetDefault("group", grp->gr_name); + } + endgrent(); + + #ifdef HAVE_SETPPRIV - mgt_sandbox_solaris; + mgt_sandbox = mgt_sandbox_solaris; #elif defined (__linux__) - mgt_sandbox_linux; + mgt_sandbox = mgt_sandbox_linux; #else - mgt_sandbox_unix; + mgt_sandbox = mgt_sandbox_unix; #endif +} From phk at FreeBSD.org Wed Feb 11 23:45:54 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Thu, 12 Feb 2015 00:45:54 +0100 Subject: [master] dadd797 Introduce a sandbox test early enough to affect default parameters. Message-ID: commit dadd7976db08d2110d1060332784b7f5d0dc9444 Author: Poul-Henning Kamp Date: Wed Feb 11 23:45:32 2015 +0000 Introduce a sandbox test early enough to affect default parameters. diff --git a/bin/varnishd/mgt/mgt.h b/bin/varnishd/mgt/mgt.h index 9c1c13d..3fe9176 100644 --- a/bin/varnishd/mgt/mgt.h +++ b/bin/varnishd/mgt/mgt.h @@ -88,10 +88,11 @@ void MCF_TcpParams(void); /* mgt_sandbox.c */ enum sandbox_e { - SANDBOX_VCC = 1, - SANDBOX_CC = 2, - SANDBOX_VCLLOAD = 3, - SANDBOX_WORKER = 4, + SANDBOX_TESTING, + SANDBOX_VCC, + SANDBOX_CC, + SANDBOX_VCLLOAD, + SANDBOX_WORKER, }; typedef void mgt_sandbox_f(enum sandbox_e); diff --git a/bin/varnishd/mgt/mgt_sandbox.c b/bin/varnishd/mgt/mgt_sandbox.c index a7b5abf..276fc73 100644 --- a/bin/varnishd/mgt/mgt_sandbox.c +++ b/bin/varnishd/mgt/mgt_sandbox.c @@ -60,6 +60,8 @@ #include "common/params.h" #include "mgt/mgt_param.h" +#include + mgt_sandbox_f *mgt_sandbox; /*-------------------------------------------------------------------- @@ -177,49 +179,77 @@ static struct parspec mgt_parspec_sandbox[] = { /*--------------------------------------------------------------------*/ +static void __match_proto__(mgt_sandbox_f) +mgt_sandbox_null(enum sandbox_e who) +{ + (void)who; +} + +/*--------------------------------------------------------------------*/ + #ifndef HAVE_SETPPRIV static void __match_proto__(mgt_sandbox_f) mgt_sandbox_unix(enum sandbox_e who) { #define NGID 2000 int i; - gid_t gid_list[NGID]; - - if (geteuid() != 0) { - REPORT0(LOG_INFO, "Not running as root, no priv-sep"); - return; + gid_t gid, gid_list[NGID]; + uid_t uid; + + if (who == SANDBOX_TESTING) { + /* + * Test if sandboxing is going to work. + * Do not assert on failure here, but simply exit non-zero. + */ + gid = getgid(); + gid += 1; + if (setgid(gid)) + exit(1); + uid = getuid(); + uid += 1; + if (setuid(uid)) + exit(2); + exit(0); } - XXXAZ(setgid(mgt_param.gid)); - XXXAZ(initgroups(mgt_param.user, mgt_param.gid)); + /* + * Do the real thing, assert if we fail + */ + + AZ(setgid(mgt_param.gid)); + AZ(initgroups(mgt_param.user, mgt_param.gid)); if (who == SANDBOX_CC && strlen(mgt_param.group_cc) > 0) { /* Add the optional extra group for the C-compiler access */ i = getgroups(NGID, gid_list); assert(i >= 0); gid_list[i++] = mgt_param.gid_cc; - XXXAZ(setgroups(i, gid_list)); + AZ(setgroups(i, gid_list)); } - XXXAZ(setuid(mgt_param.uid)); -} -#endif - -/*--------------------------------------------------------------------*/ + AZ(setuid(mgt_param.uid)); #ifdef __linux__ -static void __match_proto__(mgt_sandbox_f) -mgt_sandbox_linux(enum sandbox_e who) -{ - mgt_sandbox_unix(who); - + /* + * On linux mucking about with uid/gid disables core-dumps, * reenable them again. + */ if (prctl(PR_SET_DUMPABLE, 1) != 0) { REPORT0(LOG_INFO, "Could not set dumpable bit. Core dumps turned off\n"); } +#endif } #endif +/*--------------------------------------------------------------------*/ + +static void __match_proto__(sub_func_f) +run_sandbox_test(void *priv) +{ + + (void)priv; + mgt_sandbox(SANDBOX_TESTING); +} /*--------------------------------------------------------------------*/ @@ -228,7 +258,24 @@ mgt_sandbox_init(void) { struct passwd *pwd; struct group *grp; + struct vsb *sb; + unsigned subs; + + /* Pick a sandbox */ + +#ifdef HAVE_SETPPRIV + mgt_sandbox = mgt_sandbox_solaris; +#else + mgt_sandbox = mgt_sandbox_unix; +#endif + + /* Test it */ + sb = VSB_new_auto(); + subs = VSUB_run(sb, run_sandbox_test, NULL, "SANDBOX-test", 10); + VSB_delete(sb); + if (subs) + mgt_sandbox = mgt_sandbox_null; MCF_AddParams(mgt_parspec_sandbox); @@ -259,13 +306,4 @@ mgt_sandbox_init(void) MCF_SetDefault("group", grp->gr_name); } endgrent(); - - -#ifdef HAVE_SETPPRIV - mgt_sandbox = mgt_sandbox_solaris; -#elif defined (__linux__) - mgt_sandbox = mgt_sandbox_linux; -#else - mgt_sandbox = mgt_sandbox_unix; -#endif } From phk at FreeBSD.org Thu Feb 12 08:29:41 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Thu, 12 Feb 2015 09:29:41 +0100 Subject: [master] 70ec0a5 Fix two resource leaks found by Coverity, both insignificant and both introduced yesterday. Message-ID: commit 70ec0a57d6d696bc3be771056fbb428e1c47b27c Author: Poul-Henning Kamp Date: Thu Feb 12 08:28:37 2015 +0000 Fix two resource leaks found by Coverity, both insignificant and both introduced yesterday. diff --git a/bin/varnishd/mgt/mgt_vcc.c b/bin/varnishd/mgt/mgt_vcc.c index d6ddc30..34be631 100644 --- a/bin/varnishd/mgt/mgt_vcc.c +++ b/bin/varnishd/mgt/mgt_vcc.c @@ -323,6 +323,7 @@ mgt_vcc_compile(struct vcc_priv *vp, struct vsb *sb, int C_flag) csrc = VFIL_readfile(NULL, vp->srcfile, NULL); AN(csrc); VSB_cat(sb, csrc); + free(csrc); } subs = VSUB_run(sb, run_cc, vp, "C-compiler", 10); @@ -395,10 +396,12 @@ mgt_VccCompile(struct cli *cli, const char *vclname, const char *vclsrc, "vcl.load %s %s\n", vclname, vp.libfile)) { mgt_vcc_add(vclname, vp.libfile); free(vp.libfile); + free(p); return; } VCLI_Out(cli, "%s", p); + free(p); VCLI_SetResult(cli, CLIS_PARAM); (void)unlink(vp.libfile); free(vp.libfile); From nils.goroll at uplex.de Thu Feb 12 09:35:31 2015 From: nils.goroll at uplex.de (Nils Goroll) Date: Thu, 12 Feb 2015 10:35:31 +0100 Subject: [master] 6cb15bf emit a warning if sandboxing test failed Message-ID: commit 6cb15bfbe2bca915c018c4a1168288807d9bb5aa Author: Nils Goroll Date: Thu Feb 12 10:15:13 2015 +0100 emit a warning if sandboxing test failed diff --git a/bin/varnishd/mgt/mgt_sandbox.c b/bin/varnishd/mgt/mgt_sandbox.c index 276fc73..340a0bc 100644 --- a/bin/varnishd/mgt/mgt_sandbox.c +++ b/bin/varnishd/mgt/mgt_sandbox.c @@ -274,8 +274,13 @@ mgt_sandbox_init(void) sb = VSB_new_auto(); subs = VSUB_run(sb, run_sandbox_test, NULL, "SANDBOX-test", 10); VSB_delete(sb); - if (subs) + if (subs) { + REPORT0(LOG_INFO, "Warning: init of platform-specific sandbox " + "failed - sandboxing disabled"); + REPORT0(LOG_INFO, "Warning: Varnish might run with elevated " + "privileges"); mgt_sandbox = mgt_sandbox_null; + } MCF_AddParams(mgt_parspec_sandbox); From nils.goroll at uplex.de Thu Feb 12 09:35:31 2015 From: nils.goroll at uplex.de (Nils Goroll) Date: Thu, 12 Feb 2015 10:35:31 +0100 Subject: [master] 8736d67 we need to re-iterate over the semantics of SANDBOX_TESTING Message-ID: commit 8736d676f7b659f82412296af6c9eef97bf92628 Author: Nils Goroll Date: Thu Feb 12 10:35:27 2015 +0100 we need to re-iterate over the semantics of SANDBOX_TESTING diff --git a/bin/varnishd/mgt/mgt_sandbox_solaris.c b/bin/varnishd/mgt/mgt_sandbox_solaris.c index 1d1bb06..6e5b4ec 100644 --- a/bin/varnishd/mgt/mgt_sandbox_solaris.c +++ b/bin/varnishd/mgt/mgt_sandbox_solaris.c @@ -420,6 +420,15 @@ mgt_sandbox_solaris_waive(enum sandbox_e who) void __match_proto__(mgt_sandbox_f) mgt_sandbox_solaris(enum sandbox_e who) { + /* + * XXX - clarify with phk: + * there is no "all-or-nothing" for the solaris sandbox, even + * if we cant setuid, we can still do useful things and waive + * most privileges. + */ + if (who == SANDBOX_TESTING) + exit(0); + mgt_sandbox_solaris_init(who); mgt_sandbox_solaris_privsep(who); mgt_sandbox_solaris_waive(who); From arianna.aondio at varnish-software.com Thu Feb 12 10:07:36 2015 From: arianna.aondio at varnish-software.com (arianna-aondio) Date: Thu, 12 Feb 2015 11:07:36 +0100 Subject: [master] 8f3fe41 Regression test for ticket 1665: wrong behavior of timeout_req. Message-ID: commit 8f3fe41e838c72246a7f54af430fdf722b6d7581 Author: arianna-aondio Date: Thu Feb 12 10:51:51 2015 +0100 Regression test for ticket 1665: wrong behavior of timeout_req. Timeout_req was measured from t_idle(which could be either the moment the connection was accepted or the time of the last activity of the previous request on the same connection) Timeout_req, according to the definition(varnishd/mgt/mgt_param_tbl.c) is now measured starting from t_first(timestamp for the first byte received). diff --git a/bin/varnishtest/tests/r01665.vtc b/bin/varnishtest/tests/r01665.vtc new file mode 100644 index 0000000..8d473a8 --- /dev/null +++ b/bin/varnishtest/tests/r01665.vtc @@ -0,0 +1,21 @@ +varnishtest "Ticket 1665 regression test: wrong behavior of timeout_req" + +server s1 { + rxreq + txresp +} -start + +varnish v1 -vcl+backend { +} -start + +client c1 { + delay 0.1 + send "GET " + delay 2 + send "/bar\n\n " + delay 0.1 + send "GET" + rxresp +} -run + + From arianna.aondio at varnish-software.com Thu Feb 12 10:07:36 2015 From: arianna.aondio at varnish-software.com (arianna-aondio) Date: Thu, 12 Feb 2015 11:07:36 +0100 Subject: [master] df4adf7 Merge branch 'master' of git.varnish-cache.org:varnish-cache Message-ID: commit df4adf7c5918152672af331f2cbf5ff6eafed1f8 Merge: 8f3fe41 8736d67 Author: arianna-aondio Date: Thu Feb 12 11:07:22 2015 +0100 Merge branch 'master' of git.varnish-cache.org:varnish-cache From nils.goroll at uplex.de Thu Feb 12 12:10:37 2015 From: nils.goroll at uplex.de (Nils Goroll) Date: Thu, 12 Feb 2015 13:10:37 +0100 Subject: [master] 2847a0f improve comments on solaris sandboxing / SNOCD / least privileges Message-ID: commit 2847a0f5b6f4d881b0189750afdf4a84dd3ace86 Author: Nils Goroll Date: Thu Feb 12 13:10:34 2015 +0100 improve comments on solaris sandboxing / SNOCD / least privileges diff --git a/bin/varnishd/mgt/mgt_sandbox_solaris.c b/bin/varnishd/mgt/mgt_sandbox_solaris.c index 6e5b4ec..d44af10 100644 --- a/bin/varnishd/mgt/mgt_sandbox_solaris.c +++ b/bin/varnishd/mgt/mgt_sandbox_solaris.c @@ -28,29 +28,10 @@ * SUCH DAMAGE. * * Sandboxing child processes on Solaris + * ===================================== * - */ - -#include "config.h" - -#ifdef HAVE_SETPPRIV - -#ifdef HAVE_PRIV_H -#include -#endif -#include -#include -#include -#include -#include - -#include "mgt/mgt.h" - -#include "common/heritage.h" -#include "common/params.h" - -/*-------------------------------------------------------------------- - * SOLARIS PRIVILEGES: Note on use of symbolic PRIV_* constants + * Note on use of symbolic PRIV_* constants + * ---------------------------------------- * * We assume backwards compatibility only for Solaris Releases after the * OpenSolaris Launch. For privileges which existed at the time of the @@ -58,54 +39,86 @@ * that priv_addset must succeed. * * For privileges which have been added later, we need to use priv strings in - * order not to break builds of varnish on these platforms. To remain binary + * order not to break builds of varnish on older platforms. To remain binary * compatible, we can't assert that priv_addset succeeds, but we may assert that * it either succeeds or fails with EINVAL. - */ - -/* for priv_delset() and priv_addset() */ -static inline int -priv_setop_check(int a) { - if (a == 0) - return (1); - if (errno == EINVAL) - return (1); - return (0); -} - -#define priv_setop_assert(a) assert(priv_setop_check(a)) - -/* - * we try to add all possible privileges to waive them later. * - * when doing so, we need to expect EPERM - */ - -/* for setppriv */ -static inline int -setppriv_check(int a) { - if (a == 0) - return (1); - if (errno == EPERM) - return (1); - return (0); -} - -#define setppriv_assert(a) assert(setppriv_check(a)) - - -/* - * brief histroy of introduction of privileges since OpenSolaris Launch + * See priv_setop_check() + * + * Note on introduction of new privileges (or: lack of forward compatibility) + * -------------------------------------------------------------------------- + * + * For optimal build and binary forward comatibility, we could use subtractive + * set specs like + * + * basic,!file_link_any,!proc_exec,!proc_fork,!proc_info,!proc_session + * + * which would implicitly keep any privileges newly introduced to the 'basic' + * set. + * + * But we have a preference for making an informed decision about which + * privileges varnish sandboxes should have, so we prefer to risk breaking + * varnish temporarily on newer kernels and be notified of missing privileges + * through bug reports. + * + * Notes on the SNOCD flag + * ----------------------- + * + * On Solaris, any uid/gid fiddling which can be interpreted as 'waiving + * privileges' will lead to the processes' SNOCD flag being set, disabling core + * dumps unless explicitly allowed using coreadm (see below). There is no + * equivalent to Linux PR_SET_DUMPABLE. The only way to clear the flag is a call + * to some form of exec(). The presence of the SNOCD flag also prevents many + * process manipulations from other processes with the same uid/gid unless they + * have the proc_owner privilege. + * + * Thus, if we want to run sandboxes with a different uid/gid than the master + * process, we cannot avoid the SNOCD flag for those sandboxes not exec'ing + * (VCC, VCLLOAD, WORKER). + * + * + * We should, however, avoid to accidentally set the SNOCD flag when setting + * privileges (see https://www.varnish-cache.org/trac/ticket/671 ) + * + * When changing the logic herein, always check with mdb -k. Replace _PID_ with + * the pid of your varnish child, the result should be 0, otherwise a regression + * has been introduced. + * + * > 0t_PID_::pid2proc | ::print proc_t p_flag | >a + * > ( 0t_PID_::pid2proc | ::print proc_t p_flag | >a - * > ( +#endif +#include +#include +#include +#include +#include + +#include "mgt/mgt.h" + +#include "common/heritage.h" +#include "common/params.h" + +/*-------------------------------------------------------------------- + */ + +/* for priv_delset() and priv_addset() */ +static inline int +priv_setop_check(int a) { + if (a == 0) + return (1); + if (errno == EINVAL) + return (1); + return (0); +} + +#define priv_setop_assert(a) assert(priv_setop_check(a)) + +/* + * we try to add all possible privileges to waive them later. * + * when doing so, we need to expect EPERM */ +/* for setppriv */ +static inline int +setppriv_check(int a) { + if (a == 0) + return (1); + if (errno == EPERM) + return (1); + return (0); +} + +#define setppriv_assert(a) assert(setppriv_check(a)) + static void mgt_sandbox_solaris_add_inheritable(priv_set_t *pset, enum sandbox_e who) { From nils.goroll at uplex.de Thu Feb 12 13:30:18 2015 From: nils.goroll at uplex.de (Nils Goroll) Date: Thu, 12 Feb 2015 14:30:18 +0100 Subject: [master] 6c36547 typo Message-ID: commit 6c36547ce763b5a6ca73bf2a47da6d4a5e17012b Author: Nils Goroll Date: Thu Feb 12 14:30:15 2015 +0100 typo diff --git a/bin/varnishd/mgt/mgt_sandbox_solaris.c b/bin/varnishd/mgt/mgt_sandbox_solaris.c index d44af10..8f4497f 100644 --- a/bin/varnishd/mgt/mgt_sandbox_solaris.c +++ b/bin/varnishd/mgt/mgt_sandbox_solaris.c @@ -90,7 +90,7 @@ * * (a value of 0x10000000 indicates that SNOCD is set) * - * Hot to get core dumps of the worker process on Solaris + * How to get core dumps of the worker process on Solaris * ------------------------------------------------------ * * (see previous paragraph for explanation). From arianna.aondio at varnish-software.com Thu Feb 12 14:20:30 2015 From: arianna.aondio at varnish-software.com (Arianna Aondio) Date: Thu, 12 Feb 2015 15:20:30 +0100 Subject: [master] 17dae8e Timings more relaxed. Message-ID: commit 17dae8e80426401c3ae4fb958e38259a9dbd0fbe Author: Arianna Aondio Date: Thu Feb 12 15:18:24 2015 +0100 Timings more relaxed. diff --git a/bin/varnishtest/tests/r01665.vtc b/bin/varnishtest/tests/r01665.vtc index 8d473a8..6d645d2 100644 --- a/bin/varnishtest/tests/r01665.vtc +++ b/bin/varnishtest/tests/r01665.vtc @@ -9,9 +9,9 @@ varnish v1 -vcl+backend { } -start client c1 { - delay 0.1 + delay 1 send "GET " - delay 2 + delay 1.8 send "/bar\n\n " delay 0.1 send "GET" From phk at FreeBSD.org Mon Feb 16 09:21:20 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Mon, 16 Feb 2015 10:21:20 +0100 Subject: [master] bb52bd5 Add a -j argument and selection mechanism for configuring jailing. Message-ID: commit bb52bd56a8a86774c467bf5e86773b8b17739019 Author: Poul-Henning Kamp Date: Mon Feb 16 09:18:52 2015 +0000 Add a -j argument and selection mechanism for configuring jailing. Due to our somewhat spendthrift ways with argument letters, it is not realistic to repurpose -[sS]andbox or -[pP]rivsep argument letters, so the terminology ended up being "jail" because -j was free. Right now no jails are implemented, and the code does nothing. diff --git a/bin/varnishd/Makefile.am b/bin/varnishd/Makefile.am index b5aafb0..0982aec 100644 --- a/bin/varnishd/Makefile.am +++ b/bin/varnishd/Makefile.am @@ -64,6 +64,7 @@ varnishd_SOURCES = \ http1/cache_http1_vfp.c \ mgt/mgt_child.c \ mgt/mgt_cli.c \ + mgt/mgt_jail.c \ mgt/mgt_main.c \ mgt/mgt_param.c \ mgt/mgt_param_tbl.c \ diff --git a/bin/varnishd/mgt/mgt.h b/bin/varnishd/mgt/mgt.h index 3fe9176..f74678e 100644 --- a/bin/varnishd/mgt/mgt.h +++ b/bin/varnishd/mgt/mgt.h @@ -62,6 +62,38 @@ void mgt_cli_master(const char *M_arg); void mgt_cli_secret(const char *S_arg); void mgt_cli_close_all(void); +/* mgt_jail.c */ + +enum jail_subproc_e { + JAIL_SP_TESTING, + JAIL_SP_VCC, + JAIL_SP_CC, + JAIL_SP_VCLLOAD, + JAIL_SP_WORKER, +}; + +enum jail_master_e { + JAIL_MASTER_LOW, + JAIL_MASTER_HIGH, +}; + +typedef void jail_init_f(char **); +typedef void jail_master_f(enum jail_master_e); +typedef void jail_subproc_f(enum jail_subproc_e); + +struct jail_tech { + unsigned magic; +#define JAIL_TECH_MAGIC 0x4d00fa4d + const char *name; + jail_init_f *init; + jail_master_f *master; + jail_subproc_f *subproc; +}; + +void VJ_Init(const char *j_arg); +void VJ_master(enum jail_master_e jme); +void VJ_subproc(enum jail_subproc_e jse); + /* mgt_main.c */ extern struct VSC_C_mgt *VSC_C_mgt; extern struct VSC_C_mgt static_VSC_C_mgt; diff --git a/bin/varnishd/mgt/mgt_jail.c b/bin/varnishd/mgt/mgt_jail.c new file mode 100644 index 0000000..ddd4670 --- /dev/null +++ b/bin/varnishd/mgt/mgt_jail.c @@ -0,0 +1,120 @@ +/*- + * Copyright (c) 2015 Varnish Software AS + * All rights reserved. + * + * Author: Poul-Henning Kamp + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * Jailing + * + */ + +#include "config.h" + +#include +#include +#include +#include +#include + +#include "mgt/mgt.h" +#include "vav.h" + +/********************************************************************** + * A "none" jail implementation which doesn't do anything. + */ + +static void __match_proto__(jail_init_f) +vjn_init(char **args) +{ + if (*args != NULL) + ARGV_ERR("-Jnone takes no arguments.\n"); +} + +static void __match_proto__(jail_master_f) +vjn_master(enum jail_master_e jme) +{ + (void)jme; +} + +static void __match_proto__(jail_subproc_f) +vjn_subproc(enum jail_subproc_e jse) +{ + (void)jse; +} + +static const struct jail_tech jail_tech_none = { + .magic = JAIL_TECH_MAGIC, + .name = "none", + .init = vjn_init, + .master = vjn_master, + .subproc = vjn_subproc, +}; + +/**********************************************************************/ + +static const struct jail_tech *vjt; + +static const struct choice vj_choice[] = { + { "none", &jail_tech_none }, + { NULL, NULL }, +}; + +void +VJ_Init(const char *j_arg) +{ + char **av; + + if (j_arg != NULL) { + av = VAV_Parse(j_arg, NULL, ARGV_COMMA); + AN(av); + if (av[0] != NULL) + ARGV_ERR("-j argument: %s\n", av[0]); + if (av[1] == NULL) + ARGV_ERR("-j argument is emtpy\n"); + vjt = pick(vj_choice, av[1], "jail"); + CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC); + vjt->init(av + 2); + VAV_Free(av); + } else { + av = VAV_Parse("", NULL, ARGV_COMMA); + vjt = vj_choice[0].ptr; + CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC); + vjt->init(av + 1); + VAV_Free(av); + } +} + +void +VJ_master(enum jail_master_e jme) +{ + CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC); + vjt->master(jme); +} + +void +VJ_subproc(enum jail_subproc_e jse) +{ + CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC); + vjt->subproc(jse); +} diff --git a/bin/varnishd/mgt/mgt_main.c b/bin/varnishd/mgt/mgt_main.c index 52bb022..b8624bc 100644 --- a/bin/varnishd/mgt/mgt_main.c +++ b/bin/varnishd/mgt/mgt_main.c @@ -154,6 +154,8 @@ usage(void) fprintf(stderr, FMT, "", " -h classic"); fprintf(stderr, FMT, "", " -h classic,"); fprintf(stderr, FMT, "-i identity", "Identity of varnish instance"); + fprintf(stderr, FMT, "-j jail[,jailoptions]", "Jail specification"); + fprintf(stderr, FMT, "", " -j none"); fprintf(stderr, FMT, "-l shl,free,fill", "Size of shared memory file"); fprintf(stderr, FMT, "", " shl: space for SHL records [80m]"); fprintf(stderr, FMT, "", " free: space for other allocations [1m]"); @@ -382,6 +384,7 @@ main(int argc, char * const *argv) char *dirname; char **av; unsigned clilim; + int jailed = 0; /* Set up the mgt counters */ memset(&static_VSC_C_mgt, 0, sizeof static_VSC_C_mgt); @@ -447,7 +450,23 @@ main(int argc, char * const *argv) cli_check(cli); while ((o = getopt(argc, argv, - "a:b:Cdf:Fg:h:i:l:M:n:P:p:r:S:s:T:t:u:Vx:")) != -1) + "a:b:Cdf:Fg:h:i:j:l:M:n:P:p:r:S:s:T:t:u:Vx:")) != -1) { + /* + * -j must be the first argument if specified, because + * it (may) affect subsequent argument processing. + */ + if (!jailed) { + jailed++; + if (o == 'j') { + VJ_Init(optarg); + continue; + } + VJ_Init(NULL); + } else { + if (o == 'j') + ARGV_ERR("\t-j must be the first argument\n"); + } + switch (o) { case 'a': MCF_ParamSet(cli, "listen_address", optarg); @@ -552,6 +571,7 @@ main(int argc, char * const *argv) default: usage(); } + } argc -= optind; argv += optind; From phk at FreeBSD.org Mon Feb 16 09:30:16 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Mon, 16 Feb 2015 10:30:16 +0100 Subject: [master] dec92d3 Change my mind a bit: Message-ID: commit dec92d3e2213ea9fc4d97cb69fd267d3ddce7c38 Author: Poul-Henning Kamp Date: Mon Feb 16 09:26:49 2015 +0000 Change my mind a bit: When no -j argument is specified, walk the list to get the most capable jail technology which can run in the given circumstances. diff --git a/bin/varnishd/mgt/mgt.h b/bin/varnishd/mgt/mgt.h index f74678e..d045349 100644 --- a/bin/varnishd/mgt/mgt.h +++ b/bin/varnishd/mgt/mgt.h @@ -77,7 +77,7 @@ enum jail_master_e { JAIL_MASTER_HIGH, }; -typedef void jail_init_f(char **); +typedef int jail_init_f(char **); typedef void jail_master_f(enum jail_master_e); typedef void jail_subproc_f(enum jail_subproc_e); diff --git a/bin/varnishd/mgt/mgt_jail.c b/bin/varnishd/mgt/mgt_jail.c index ddd4670..4be41fc 100644 --- a/bin/varnishd/mgt/mgt_jail.c +++ b/bin/varnishd/mgt/mgt_jail.c @@ -44,11 +44,12 @@ * A "none" jail implementation which doesn't do anything. */ -static void __match_proto__(jail_init_f) +static int __match_proto__(jail_init_f) vjn_init(char **args) { if (*args != NULL) ARGV_ERR("-Jnone takes no arguments.\n"); + return (0); } static void __match_proto__(jail_master_f) @@ -84,6 +85,7 @@ void VJ_Init(const char *j_arg) { char **av; + int i; if (j_arg != NULL) { av = VAV_Parse(j_arg, NULL, ARGV_COMMA); @@ -97,10 +99,17 @@ VJ_Init(const char *j_arg) vjt->init(av + 2); VAV_Free(av); } else { + /* + * Go through list of jail technologies until one + * succeeds, falling back to "none". + */ av = VAV_Parse("", NULL, ARGV_COMMA); - vjt = vj_choice[0].ptr; - CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC); - vjt->init(av + 1); + for (i = 0; vj_choice[i].name != NULL; i++) { + vjt = vj_choice[i].ptr; + CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC); + if (!vjt->init(av + 1)) + break; + } VAV_Free(av); } } From phk at FreeBSD.org Mon Feb 16 09:30:16 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Mon, 16 Feb 2015 10:30:16 +0100 Subject: [master] 9398516 Coverage testing of -j options Message-ID: commit 93985169513620bd9f1d06ae9a99dabd42541a06 Author: Poul-Henning Kamp Date: Mon Feb 16 09:30:07 2015 +0000 Coverage testing of -j options diff --git a/bin/varnishtest/tests/a00009.vtc b/bin/varnishtest/tests/a00009.vtc index 73021ba..e5abeb7 100644 --- a/bin/varnishtest/tests/a00009.vtc +++ b/bin/varnishtest/tests/a00009.vtc @@ -4,3 +4,6 @@ shell "${varnishd} -b 127.0.0.1:80 -C -n ${tmpdir} > /dev/null 2>&1" shell "${varnishd} -x dumprstparam > /dev/null 2>&1" shell "${varnishd} -x dumprstvsl > /dev/null 2>&1" shell "! ${varnishd} -spersistent > /dev/null 2>&1" +shell "! ${varnishd} -jxyz > /dev/null 2>&1" +shell "! ${varnishd} -jnone -jxyz > /dev/null 2>&1" +shell "! ${varnishd} -d -jxyz > /dev/null 2>&1" From phk at FreeBSD.org Mon Feb 16 11:21:40 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Mon, 16 Feb 2015 12:21:40 +0100 Subject: [master] 45c8694 Convert (and retire) the sandbox code to the new jail framework. Message-ID: commit 45c8694e657539e7e86673f85a44d963001ab8dd Author: Poul-Henning Kamp Date: Mon Feb 16 11:17:43 2015 +0000 Convert (and retire) the sandbox code to the new jail framework. The retires the -u and -g arguments, and the user/group/group_cc parameters, so that the jail-setup cannot be manipulated from CLI at all. $user and group_cc are now sub-arguments to -junix, for instance: -junix,user=varnish1,ccgroup=ccowner There is no group= subargument, the group information is taken from the user id in question. If no -j argument is specified, attempt: -junix,user=varnish but fail silently if not possible. The "vident" now contains information about jail-config. Sandbox_solaris is not converted yet, (I'm hoping that Nils will help with that. diff --git a/bin/varnishd/Makefile.am b/bin/varnishd/Makefile.am index 0982aec..1aebc43 100644 --- a/bin/varnishd/Makefile.am +++ b/bin/varnishd/Makefile.am @@ -65,6 +65,7 @@ varnishd_SOURCES = \ mgt/mgt_child.c \ mgt/mgt_cli.c \ mgt/mgt_jail.c \ + mgt/mgt_jail_unix.c \ mgt/mgt_main.c \ mgt/mgt_param.c \ mgt/mgt_param_tbl.c \ @@ -72,8 +73,6 @@ varnishd_SOURCES = \ mgt/mgt_param_tcp.c \ mgt/mgt_param_tweak.c \ mgt/mgt_pool.c \ - mgt/mgt_sandbox.c \ - mgt/mgt_sandbox_solaris.c \ mgt/mgt_shmem.c \ mgt/mgt_vcc.c \ storage/stevedore.c \ diff --git a/bin/varnishd/mgt/mgt.h b/bin/varnishd/mgt/mgt.h index d045349..4aa707d 100644 --- a/bin/varnishd/mgt/mgt.h +++ b/bin/varnishd/mgt/mgt.h @@ -65,11 +65,10 @@ void mgt_cli_close_all(void); /* mgt_jail.c */ enum jail_subproc_e { - JAIL_SP_TESTING, - JAIL_SP_VCC, - JAIL_SP_CC, - JAIL_SP_VCLLOAD, - JAIL_SP_WORKER, + JAIL_SUBPROC_VCC, + JAIL_SUBPROC_CC, + JAIL_SUBPROC_VCLLOAD, + JAIL_SUBPROC_WORKER, }; enum jail_master_e { @@ -94,6 +93,8 @@ void VJ_Init(const char *j_arg); void VJ_master(enum jail_master_e jme); void VJ_subproc(enum jail_subproc_e jse); +extern const struct jail_tech jail_tech_unix; + /* mgt_main.c */ extern struct VSC_C_mgt *VSC_C_mgt; extern struct VSC_C_mgt static_VSC_C_mgt; @@ -118,24 +119,6 @@ extern struct params mgt_param; /* mgt_param_tcp.c */ void MCF_TcpParams(void); -/* mgt_sandbox.c */ -enum sandbox_e { - SANDBOX_TESTING, - SANDBOX_VCC, - SANDBOX_CC, - SANDBOX_VCLLOAD, - SANDBOX_WORKER, -}; - -typedef void mgt_sandbox_f(enum sandbox_e); -extern mgt_sandbox_f *mgt_sandbox; -void mgt_sandbox_init(void); - -/* mgt_sandbox_solaris.c */ -#ifdef HAVE_SETPPRIV -mgt_sandbox_f mgt_sandbox_solaris; -#endif - /* mgt_shmem.c */ void mgt_SHM_Init(void); void mgt_SHM_static_alloc(const void *, ssize_t size, diff --git a/bin/varnishd/mgt/mgt_child.c b/bin/varnishd/mgt/mgt_child.c index 7c777de..5a0220e 100644 --- a/bin/varnishd/mgt/mgt_child.c +++ b/bin/varnishd/mgt/mgt_child.c @@ -421,7 +421,7 @@ mgt_launch_child(struct cli *cli) (void)signal(SIGINT, SIG_DFL); (void)signal(SIGTERM, SIG_DFL); - mgt_sandbox(SANDBOX_WORKER); + VJ_subproc(JAIL_SUBPROC_WORKER); child_main(); diff --git a/bin/varnishd/mgt/mgt_jail.c b/bin/varnishd/mgt/mgt_jail.c index 4be41fc..00afa89 100644 --- a/bin/varnishd/mgt/mgt_jail.c +++ b/bin/varnishd/mgt/mgt_jail.c @@ -33,9 +33,6 @@ #include #include -#include -#include -#include #include "mgt/mgt.h" #include "vav.h" @@ -47,8 +44,8 @@ static int __match_proto__(jail_init_f) vjn_init(char **args) { - if (*args != NULL) - ARGV_ERR("-Jnone takes no arguments.\n"); + if (args != NULL && *args != NULL) + ARGV_ERR("-jnone takes no arguments.\n"); return (0); } @@ -77,6 +74,7 @@ static const struct jail_tech jail_tech_none = { static const struct jail_tech *vjt; static const struct choice vj_choice[] = { + { "unix", &jail_tech_unix }, { "none", &jail_tech_none }, { NULL, NULL }, }; @@ -96,22 +94,21 @@ VJ_Init(const char *j_arg) ARGV_ERR("-j argument is emtpy\n"); vjt = pick(vj_choice, av[1], "jail"); CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC); - vjt->init(av + 2); + (void)vjt->init(av + 2); VAV_Free(av); } else { /* * Go through list of jail technologies until one * succeeds, falling back to "none". */ - av = VAV_Parse("", NULL, ARGV_COMMA); for (i = 0; vj_choice[i].name != NULL; i++) { vjt = vj_choice[i].ptr; CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC); - if (!vjt->init(av + 1)) + if (!vjt->init(NULL)) break; } - VAV_Free(av); } + VSB_printf(vident, ",-j%s", vjt->name); } void diff --git a/bin/varnishd/mgt/mgt_jail_unix.c b/bin/varnishd/mgt/mgt_jail_unix.c new file mode 100644 index 0000000..49eb073 --- /dev/null +++ b/bin/varnishd/mgt/mgt_jail_unix.c @@ -0,0 +1,174 @@ +/*- + * Copyright (c) 2006-2015 Varnish Software AS + * All rights reserved. + * + * Author: Poul-Henning Kamp + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * Jailing processes the UNIX way, using setuid(2) etc. + */ + +#include "config.h" + +#include +#include +#include +#include +#include +#include + +#include "mgt/mgt.h" + +#ifdef __linux__ +#include +#endif + +static uid_t vju_uid; +static gid_t vju_gid; +static const char *vju_user; +static gid_t vju_cc_gid; +static int vju_cc_gid_set; + +#ifndef JAIL_USER +#define JAIL_USER "varnish" +#endif + +#ifndef NGID +#define NGID 2000 +#endif + +static int +vju_getuid(const char *arg) +{ + struct passwd *pw; + + pw = getpwnam(arg); + if (pw != NULL) { + vju_user = strdup(arg); + AN(vju_user); + vju_uid = pw->pw_uid; + vju_gid = pw->pw_gid; + } + endpwent(); + return (pw == NULL ? -1 : 0); +} + +static int +vju_getccgid(const char *arg) +{ + struct group *gr; + + gr = getgrnam(arg); + if (gr != NULL) { + vju_cc_gid_set = 1; + vju_cc_gid = gr->gr_gid; + } + endgrent(); + return (gr == NULL ? -1 : 0); +} + +/********************************************************************** + */ + +static int __match_proto__(jail_init_f) +vju_init(char **args) +{ + if (args == NULL) { + /* Autoconfig */ + if (geteuid() != 0) + return (1); + if (vju_getuid(JAIL_USER)) + return (1); + return (0); + } + + if (geteuid() != 0) + ARGV_ERR("Unix Jail: Must be root.\n"); + + for (;*args != NULL; args++) { + if (!strncmp(*args, "user=", 5)) { + if (vju_getuid((*args) + 5)) { + ARGV_ERR("Unix jail: %s user not found.\n", + (*args) + 5); + } + continue; + } + if (!strncmp(*args, "ccgroup=", 8)) { + if (vju_getccgid((*args) + 8)) { + ARGV_ERR("Unix jail: %s group not found.\n", + (*args) + 8); + } + continue; + } + ARGV_ERR("Unix jail: unknown sub-argument '%s'\n", *args); + } + + if (vju_user == NULL && vju_getuid(JAIL_USER)) + ARGV_ERR("Unix jail: %s user not found.\n", JAIL_USER); + + return (0); +} + +static void __match_proto__(jail_master_f) +vju_master(enum jail_master_e jme) +{ + (void)jme; +} + +static void __match_proto__(jail_subproc_f) +vju_subproc(enum jail_subproc_e jse) +{ + int i; + gid_t gid_list[NGID]; + + AZ(setgid(vju_gid)); + AZ(initgroups(vju_user, vju_gid)); + + if (jse == JAIL_SUBPROC_CC && vju_cc_gid_set) { + /* Add the optional extra group for the C-compiler access */ + i = getgroups(NGID, gid_list); + assert(i >= 0); + gid_list[i++] = vju_cc_gid; + AZ(setgroups(i, gid_list)); + } + + AZ(setuid(vju_uid)); + +#ifdef __linux__ + /* + * On linux mucking about with uid/gid disables core-dumps, * reenable them again. + */ + if (prctl(PR_SET_DUMPABLE, 1) != 0) { + REPORT0(LOG_INFO, + "Could not set dumpable bit. Core dumps turned off\n"); + } +#endif +} + +const struct jail_tech jail_tech_unix = { + .magic = JAIL_TECH_MAGIC, + .name = "unix", + .init = vju_init, + .master = vju_master, + .subproc = vju_subproc, +}; diff --git a/bin/varnishd/mgt/mgt_main.c b/bin/varnishd/mgt/mgt_main.c index b8624bc..f8d358b 100644 --- a/bin/varnishd/mgt/mgt_main.c +++ b/bin/varnishd/mgt/mgt_main.c @@ -147,7 +147,6 @@ usage(void) fprintf(stderr, FMT, "-d", "debug"); fprintf(stderr, FMT, "-f file", "VCL script"); fprintf(stderr, FMT, "-F", "Run in foreground"); - fprintf(stderr, FMT, "-g group", "Privilege separation group id"); fprintf(stderr, FMT, "-h kind[,hashoptions]", "Hash specification"); fprintf(stderr, FMT, "", " -h critbit [default]"); fprintf(stderr, FMT, "", " -h simple_list"); @@ -181,7 +180,6 @@ usage(void) fprintf(stderr, FMT, "-T address:port", "Telnet listen address and port"); fprintf(stderr, FMT, "-t", "Default TTL"); - fprintf(stderr, FMT, "-u user", "Privilege separation user id"); fprintf(stderr, FMT, "-V", "version"); #undef FMT exit(1); @@ -429,11 +427,6 @@ main(int argc, char * const *argv) SHA256_Test(); /* - * Find out if we can sandbox - */ - mgt_sandbox_init(); - - /* * Create a cli for convenience in otherwise CLI functions */ @@ -450,7 +443,7 @@ main(int argc, char * const *argv) cli_check(cli); while ((o = getopt(argc, argv, - "a:b:Cdf:Fg:h:i:j:l:M:n:P:p:r:S:s:T:t:u:Vx:")) != -1) { + "a:b:Cdf:Fh:i:j:l:M:n:P:p:r:S:s:T:t:Vx:")) != -1) { /* * -j must be the first argument if specified, because * it (may) affect subsequent argument processing. @@ -487,9 +480,6 @@ main(int argc, char * const *argv) case 'F': F_flag = 1 - F_flag; break; - case 'g': - MCF_ParamSet(cli, "group", optarg); - break; case 'h': h_arg = optarg; break; @@ -550,9 +540,6 @@ main(int argc, char * const *argv) else T_arg = NULL; break; - case 'u': - MCF_ParamSet(cli, "user", optarg); - break; case 'V': /* XXX: we should print the ident here */ VCS_Message("varnishd"); diff --git a/bin/varnishd/mgt/mgt_param.c b/bin/varnishd/mgt/mgt_param.c index c8b7fe9..4d33fcb 100644 --- a/bin/varnishd/mgt/mgt_param.c +++ b/bin/varnishd/mgt/mgt_param.c @@ -416,12 +416,12 @@ mcf_wash_param(struct cli *cli, const struct parspec *pp, const char **val, AN(*val); VSB_clear(vsb); - VSB_printf(vsb, "FAILED to set %s for param %s = %s\n", + VSB_printf(vsb, "FAILED to set %s for param %s:\n\t%s", name, pp->name, *val); err = pp->func(vsb, pp, *val); AZ(VSB_finish(vsb)); if (err) { - VCLI_Out(cli, "%s", VSB_data(vsb)); + VCLI_Out(cli, "%s\n", VSB_data(vsb)); VCLI_SetResult(cli, CLIS_CANT); return; } diff --git a/bin/varnishd/mgt/mgt_sandbox.c b/bin/varnishd/mgt/mgt_sandbox.c index 340a0bc..df7eadb 100644 --- a/bin/varnishd/mgt/mgt_sandbox.c +++ b/bin/varnishd/mgt/mgt_sandbox.c @@ -42,6 +42,8 @@ * FreeBSD: capsicum */ +#if 0 + #include "config.h" #ifdef __linux__ @@ -312,3 +314,5 @@ mgt_sandbox_init(void) } endgrent(); } + +#endif diff --git a/bin/varnishd/mgt/mgt_vcc.c b/bin/varnishd/mgt/mgt_vcc.c index 34be631..e181f74 100644 --- a/bin/varnishd/mgt/mgt_vcc.c +++ b/bin/varnishd/mgt/mgt_vcc.c @@ -155,7 +155,7 @@ run_vcc(void *priv) int fd, i, l; CAST_OBJ_NOTNULL(vp, priv, VCC_PRIV_MAGIC); - mgt_sandbox(SANDBOX_VCC); + VJ_subproc(JAIL_SUBPROC_VCC); sb = VSB_new_auto(); XXXAN(sb); VCC_VCL_dir(vcc, mgt_vcl_dir); @@ -199,7 +199,7 @@ run_cc(void *priv) int pct; char *p; - mgt_sandbox(SANDBOX_CC); + VJ_subproc(JAIL_SUBPROC_CC); CAST_OBJ_NOTNULL(vp, priv, VCC_PRIV_MAGIC); sb = VSB_new_auto(); @@ -248,7 +248,7 @@ run_dlopen(void *priv) struct VCL_conf const *cnf; struct vcc_priv *vp; - mgt_sandbox(SANDBOX_VCLLOAD); + VJ_subproc(JAIL_SUBPROC_VCLLOAD); CAST_OBJ_NOTNULL(vp, priv, VCC_PRIV_MAGIC); /* Try to load the object into this sub-process */ From fgsch at lodoss.net Mon Feb 16 12:43:20 2015 From: fgsch at lodoss.net (Federico G. Schwindt) Date: Mon, 16 Feb 2015 13:43:20 +0100 Subject: [master] 78d7a8c Fix compilation on linux Message-ID: commit 78d7a8c4cf5d2879a373ad8ade04d3dbb42eb836 Author: Federico G. Schwindt Date: Mon Feb 16 12:42:52 2015 +0000 Fix compilation on linux diff --git a/bin/varnishd/mgt/mgt_jail_unix.c b/bin/varnishd/mgt/mgt_jail_unix.c index 49eb073..bfb65dd 100644 --- a/bin/varnishd/mgt/mgt_jail_unix.c +++ b/bin/varnishd/mgt/mgt_jail_unix.c @@ -40,6 +40,7 @@ #include "mgt/mgt.h" #ifdef __linux__ +#include #include #endif From phk at FreeBSD.org Mon Feb 16 14:45:55 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Mon, 16 Feb 2015 15:45:55 +0100 Subject: [master] c483147 Minor repairs Message-ID: commit c48314787c9287a8ce607a134db6cc4c8a916ce8 Author: Poul-Henning Kamp Date: Mon Feb 16 14:45:39 2015 +0000 Minor repairs diff --git a/doc/sphinx/users-guide/run_security.rst b/doc/sphinx/users-guide/run_security.rst index 5fe3890..72f7bda 100644 --- a/doc/sphinx/users-guide/run_security.rst +++ b/doc/sphinx/users-guide/run_security.rst @@ -13,11 +13,11 @@ partitioned along administrative lines, you need to think about security. Varnish provides four levels of authority, roughly related to -how and where the command comes into Varnish: +how and where control comes into Varnish: - * the command line arguments, + * The command line arguments, - * the CLI interface, + * The CLI interface, * VCL programs, and @@ -26,7 +26,9 @@ how and where the command comes into Varnish: Command line arguments ---------------------- -The top level security decisions is decided and defined when starting Varnish in the form of command line arguments, we use this strategy in order to make them invulnerable to subsequent manipulation. +The top level security decisions is decided and defined when starting +Varnish in the form of command line arguments, we use this strategy +in order to make them invulnerable to subsequent manipulation. The important decisions to make are: @@ -38,6 +40,8 @@ The important decisions to make are: #. If/how VMODs will be restricted? +#. How child processes will be jailed? + CLI interface access ^^^^^^^^^^^^^^^^^^^^ @@ -152,8 +156,8 @@ interface. Pretty much any parameter can be used to totally mess up your HTTP service, but a few can do more damage than others: -:ref:`ref_param_user` and :ref:`ref_param_group` - Access to local system via VCL +.. XXX :ref:`ref_param_user` and :ref:`ref_param_group` +.. XXX Access to local system via VCL :ref:`ref_param_listen_address` Trojan other TCP sockets, like `ssh` From nils.goroll at uplex.de Mon Feb 16 14:48:51 2015 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 16 Feb 2015 15:48:51 +0100 Subject: [master] c19da9d minimal changes to the former solaris sandbox to use the new jail framework Message-ID: commit c19da9dad1fffa1cea5dca6ec389417d4d2c4c56 Author: Nils Goroll Date: Mon Feb 16 15:47:29 2015 +0100 minimal changes to the former solaris sandbox to use the new jail framework diff --git a/bin/varnishd/Makefile.am b/bin/varnishd/Makefile.am index 1aebc43..aeef7c1 100644 --- a/bin/varnishd/Makefile.am +++ b/bin/varnishd/Makefile.am @@ -66,6 +66,7 @@ varnishd_SOURCES = \ mgt/mgt_cli.c \ mgt/mgt_jail.c \ mgt/mgt_jail_unix.c \ + mgt/mgt_jail_solaris.c \ mgt/mgt_main.c \ mgt/mgt_param.c \ mgt/mgt_param_tbl.c \ diff --git a/bin/varnishd/mgt/mgt.h b/bin/varnishd/mgt/mgt.h index 4aa707d..718e6a4 100644 --- a/bin/varnishd/mgt/mgt.h +++ b/bin/varnishd/mgt/mgt.h @@ -94,6 +94,7 @@ void VJ_master(enum jail_master_e jme); void VJ_subproc(enum jail_subproc_e jse); extern const struct jail_tech jail_tech_unix; +extern const struct jail_tech jail_tech_solaris; /* mgt_main.c */ extern struct VSC_C_mgt *VSC_C_mgt; diff --git a/bin/varnishd/mgt/mgt_jail.c b/bin/varnishd/mgt/mgt_jail.c index 00afa89..081e9e8 100644 --- a/bin/varnishd/mgt/mgt_jail.c +++ b/bin/varnishd/mgt/mgt_jail.c @@ -74,6 +74,7 @@ static const struct jail_tech jail_tech_none = { static const struct jail_tech *vjt; static const struct choice vj_choice[] = { + { "solaris", &jail_tech_solaris }, { "unix", &jail_tech_unix }, { "none", &jail_tech_none }, { NULL, NULL }, diff --git a/bin/varnishd/mgt/mgt_jail_solaris.c b/bin/varnishd/mgt/mgt_jail_solaris.c new file mode 100644 index 0000000..ce610d1 --- /dev/null +++ b/bin/varnishd/mgt/mgt_jail_solaris.c @@ -0,0 +1,499 @@ +/*- + * Copyright (c) 2006-2011 Varnish Software AS + * Copyright (c) 2011-2012 UPLEX - Nils Goroll Systemoptimierung + * All rights reserved. + * + * Author: Poul-Henning Kamp + * Nils Goroll + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * Sandboxing child processes on Solaris + * ===================================== + * + * Note on use of symbolic PRIV_* constants + * ---------------------------------------- + * + * We assume backwards compatibility only for Solaris Releases after the + * OpenSolaris Launch. For privileges which existed at the time of the + * OpenSolaris Launch, we use the constants from sys/priv_names.h and assert + * that priv_addset must succeed. + * + * For privileges which have been added later, we need to use priv strings in + * order not to break builds of varnish on older platforms. To remain binary + * compatible, we can't assert that priv_addset succeeds, but we may assert that + * it either succeeds or fails with EINVAL. + * + * See priv_setop_check() + * + * Note on introduction of new privileges (or: lack of forward compatibility) + * -------------------------------------------------------------------------- + * + * For optimal build and binary forward comatibility, we could use subtractive + * set specs like + * + * basic,!file_link_any,!proc_exec,!proc_fork,!proc_info,!proc_session + * + * which would implicitly keep any privileges newly introduced to the 'basic' + * set. + * + * But we have a preference for making an informed decision about which + * privileges varnish sandboxes should have, so we prefer to risk breaking + * varnish temporarily on newer kernels and be notified of missing privileges + * through bug reports. + * + * Notes on the SNOCD flag + * ----------------------- + * + * On Solaris, any uid/gid fiddling which can be interpreted as 'waiving + * privileges' will lead to the processes' SNOCD flag being set, disabling core + * dumps unless explicitly allowed using coreadm (see below). There is no + * equivalent to Linux PR_SET_DUMPABLE. The only way to clear the flag is a call + * to some form of exec(). The presence of the SNOCD flag also prevents many + * process manipulations from other processes with the same uid/gid unless they + * have the proc_owner privilege. + * + * Thus, if we want to run sandboxes with a different uid/gid than the master + * process, we cannot avoid the SNOCD flag for those sandboxes not exec'ing + * (VCC, VCLLOAD, WORKER). + * + * + * We should, however, avoid to accidentally set the SNOCD flag when setting + * privileges (see https://www.varnish-cache.org/trac/ticket/671 ) + * + * When changing the logic herein, always check with mdb -k. Replace _PID_ with + * the pid of your varnish child, the result should be 0, otherwise a regression + * has been introduced. + * + * > 0t_PID_::pid2proc | ::print proc_t p_flag | >a + * > ( +#include +#include +#include +#include + +#include "mgt/mgt.h" + +#include "common/heritage.h" +#include "common/params.h" + +#ifndef HAVE_SETPPRIV + +/* ============================================================ + * on platforms without setppriv, fail the init to mark that + * this jail is unavailable + */ + +static int __match_proto__(jail_init_f) +vjs_init(char **args) +{ + (void) args; + return 1; +} + +const struct jail_tech jail_tech_solaris = { + .magic = JAIL_TECH_MAGIC, + .name = "solaris (unavailable)", + .init = vjs_init, +}; + +#else /* HAVE_SETPPRIV */ + +#ifdef HAVE_PRIV_H +#include +#endif + +/* ============================================================ + * the real thing + */ + +static int __match_proto__(jail_init_f) +vjs_init(char **args) +{ + (void) args; + return 0; +} + +/* for priv_delset() and priv_addset() */ +static inline int +priv_setop_check(int a) { + if (a == 0) + return (1); + if (errno == EINVAL) + return (1); + return (0); +} + +#define priv_setop_assert(a) assert(priv_setop_check(a)) + +/* + * we try to add all possible privileges to waive them later. + * + * when doing so, we need to expect EPERM + */ + +/* for setppriv */ +static inline int +setppriv_check(int a) { + if (a == 0) + return (1); + if (errno == EPERM) + return (1); + return (0); +} + +#define setppriv_assert(a) assert(setppriv_check(a)) + +static void +vjs_add_inheritable(priv_set_t *pset, enum jail_subproc_e jse) +{ + switch (jse) { + case JAIL_SUBPROC_VCC: + /* for /etc/resolv.conf and /etc/hosts */ + priv_setop_assert(priv_addset(pset, "file_read")); + break; + case JAIL_SUBPROC_CC: + priv_setop_assert(priv_addset(pset, PRIV_PROC_EXEC)); + priv_setop_assert(priv_addset(pset, PRIV_PROC_FORK)); + priv_setop_assert(priv_addset(pset, "file_read")); + priv_setop_assert(priv_addset(pset, "file_write")); + break; + case JAIL_SUBPROC_VCLLOAD: + break; + case JAIL_SUBPROC_WORKER: + break; + default: + INCOMPL(); + } +} + +/* + * effective is initialized from inheritable (see vjs_waive) + * so only additionally required privileges need to be added here + */ + +static void +vjs_add_effective(priv_set_t *pset, enum jail_subproc_e jse) +{ + switch (jse) { + case JAIL_SUBPROC_VCC: + priv_setop_assert(priv_addset(pset, "file_write")); + break; + case JAIL_SUBPROC_CC: + break; + case JAIL_SUBPROC_VCLLOAD: + priv_setop_assert(priv_addset(pset, "file_read")); + case JAIL_SUBPROC_WORKER: + priv_setop_assert(priv_addset(pset, "net_access")); + priv_setop_assert(priv_addset(pset, "file_read")); + priv_setop_assert(priv_addset(pset, "file_write")); + break; + default: + INCOMPL(); + } +} + +/* + * permitted is initialized from effective (see vjs_waive) + * so only additionally required privileges need to be added here + */ + +static void +vjs_add_permitted(priv_set_t *pset, enum jail_subproc_e jse) +{ + switch (jse) { + case JAIL_SUBPROC_VCC: + case JAIL_SUBPROC_CC: + case JAIL_SUBPROC_VCLLOAD: + break; + case JAIL_SUBPROC_WORKER: + /* for raising limits in cache_waiter_ports.c */ + AZ(priv_addset(pset, PRIV_SYS_RESOURCE)); + break; + default: + INCOMPL(); + } +} + +/* + * additional privileges needed by vjs_privsep - + * will get waived in vjs_waive + */ +static void +vjs_add_initial(priv_set_t *pset, enum jail_subproc_e jse) +{ + (void)jse; + + /* for setgid/setuid */ + AZ(priv_addset(pset, PRIV_PROC_SETID)); +} + +/* + * if we are not yet privilege-aware already (ie we have been started + * not-privilege aware with euid 0), we try to grab any privileges we + * will need later. + * We will reduce to least privileges in vjs_waive + * + * We need to become privilege-aware to avoid setuid resetting them. + */ + +static void +vjs_setup(enum jail_subproc_e jse) +{ + priv_set_t *priv_all; + + if (! (priv_all = priv_allocset())) { + REPORT(LOG_ERR, + "Sandbox warning: " + " vjs_setup - priv_allocset failed: errno=%d (%s)", + errno, strerror(errno)); + return; + } + + priv_emptyset(priv_all); + + vjs_add_inheritable(priv_all, jse); + vjs_add_effective(priv_all, jse); + vjs_add_permitted(priv_all, jse); + vjs_add_initial(priv_all, jse); + + /* try to get all possible privileges, expect EPERM here */ + setppriv_assert(setppriv(PRIV_ON, PRIV_PERMITTED, priv_all)); + setppriv_assert(setppriv(PRIV_ON, PRIV_EFFECTIVE, priv_all)); + setppriv_assert(setppriv(PRIV_ON, PRIV_INHERITABLE, priv_all)); + + priv_freeset(priv_all); +} + +static void +vjs_privsep(enum jail_subproc_e jse) +{ + (void)jse; + + if (priv_ineffect(PRIV_PROC_SETID)) { + if (getgid() != mgt_param.gid) + XXXAZ(setgid(mgt_param.gid)); + if (getuid() != mgt_param.uid) + XXXAZ(setuid(mgt_param.uid)); + } else { + REPORT(LOG_INFO, + "Privilege %s missing, will not change uid/gid", + PRIV_PROC_SETID); + } +} + +/* + * Waive most privileges in the child + * + * as of onnv_151a, we should end up with: + * + * > ppriv -v #pid of varnish child + * PID: .../varnishd ... + * flags = PRIV_AWARE + * E: file_read,file_write,net_access + * I: none + * P: file_read,file_write,net_access,sys_resource + * L: file_read,file_write,net_access,sys_resource + * + * We should keep sys_resource in P in order to adjust our limits if we need to + */ + +static void +vjs_waive(enum jail_subproc_e jse) +{ + priv_set_t *effective, *inheritable, *permitted; + + if (!(effective = priv_allocset()) || + !(inheritable = priv_allocset()) || + !(permitted = priv_allocset())) { + REPORT(LOG_ERR, + "Sandbox warning: " + " mgt_sandbox_waive - priv_allocset failed: errno=%d (%s)", + errno, strerror(errno)); + return; + } + + /* + * simple scheme: + * (inheritable subset-of effective) subset-of permitted + */ + + priv_emptyset(inheritable); + vjs_add_inheritable(inheritable, jse); + + priv_copyset(inheritable, effective); + vjs_add_effective(effective, jse); + + priv_copyset(effective, permitted); + vjs_add_permitted(permitted, jse); + + /* + * invert the sets and clear privileges such that setppriv will always + * succeed + */ + priv_inverse(inheritable); + priv_inverse(effective); + priv_inverse(permitted); + + AZ(setppriv(PRIV_OFF, PRIV_LIMIT, permitted)); + AZ(setppriv(PRIV_OFF, PRIV_PERMITTED, permitted)); + AZ(setppriv(PRIV_OFF, PRIV_EFFECTIVE, effective)); + AZ(setppriv(PRIV_OFF, PRIV_INHERITABLE, inheritable)); + + priv_freeset(inheritable); + priv_freeset(effective); + priv_freeset(permitted); +} + +static void __match_proto__(jail_subproc_f) +vjs_subproc(enum jail_subproc_e jse) +{ + vjs_setup(jse); + vjs_privsep(jse); + vjs_waive(jse); +} + +// XXX TODO +static void __match_proto__(jail_master_f) +vjs_master(enum jail_master_e jme) +{ + (void)jme; +} + +const struct jail_tech jail_tech_solaris = { + .magic = JAIL_TECH_MAGIC, + .name = "solaris", + .init = vjs_init, + .master = vjs_master, + .subproc = vjs_subproc, +}; + +#endif /* HAVE_SETPPRIV */ diff --git a/bin/varnishd/mgt/mgt_sandbox_solaris.c b/bin/varnishd/mgt/mgt_sandbox_solaris.c deleted file mode 100644 index 8f4497f..0000000 --- a/bin/varnishd/mgt/mgt_sandbox_solaris.c +++ /dev/null @@ -1,464 +0,0 @@ -/*- - * Copyright (c) 2006-2011 Varnish Software AS - * Copyright (c) 2011-2012 UPLEX - Nils Goroll Systemoptimierung - * All rights reserved. - * - * Author: Poul-Henning Kamp - * Nils Goroll - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * Sandboxing child processes on Solaris - * ===================================== - * - * Note on use of symbolic PRIV_* constants - * ---------------------------------------- - * - * We assume backwards compatibility only for Solaris Releases after the - * OpenSolaris Launch. For privileges which existed at the time of the - * OpenSolaris Launch, we use the constants from sys/priv_names.h and assert - * that priv_addset must succeed. - * - * For privileges which have been added later, we need to use priv strings in - * order not to break builds of varnish on older platforms. To remain binary - * compatible, we can't assert that priv_addset succeeds, but we may assert that - * it either succeeds or fails with EINVAL. - * - * See priv_setop_check() - * - * Note on introduction of new privileges (or: lack of forward compatibility) - * -------------------------------------------------------------------------- - * - * For optimal build and binary forward comatibility, we could use subtractive - * set specs like - * - * basic,!file_link_any,!proc_exec,!proc_fork,!proc_info,!proc_session - * - * which would implicitly keep any privileges newly introduced to the 'basic' - * set. - * - * But we have a preference for making an informed decision about which - * privileges varnish sandboxes should have, so we prefer to risk breaking - * varnish temporarily on newer kernels and be notified of missing privileges - * through bug reports. - * - * Notes on the SNOCD flag - * ----------------------- - * - * On Solaris, any uid/gid fiddling which can be interpreted as 'waiving - * privileges' will lead to the processes' SNOCD flag being set, disabling core - * dumps unless explicitly allowed using coreadm (see below). There is no - * equivalent to Linux PR_SET_DUMPABLE. The only way to clear the flag is a call - * to some form of exec(). The presence of the SNOCD flag also prevents many - * process manipulations from other processes with the same uid/gid unless they - * have the proc_owner privilege. - * - * Thus, if we want to run sandboxes with a different uid/gid than the master - * process, we cannot avoid the SNOCD flag for those sandboxes not exec'ing - * (VCC, VCLLOAD, WORKER). - * - * - * We should, however, avoid to accidentally set the SNOCD flag when setting - * privileges (see https://www.varnish-cache.org/trac/ticket/671 ) - * - * When changing the logic herein, always check with mdb -k. Replace _PID_ with - * the pid of your varnish child, the result should be 0, otherwise a regression - * has been introduced. - * - * > 0t_PID_::pid2proc | ::print proc_t p_flag | >a - * > ( -#endif -#include -#include -#include -#include -#include - -#include "mgt/mgt.h" - -#include "common/heritage.h" -#include "common/params.h" - -/*-------------------------------------------------------------------- - */ - -/* for priv_delset() and priv_addset() */ -static inline int -priv_setop_check(int a) { - if (a == 0) - return (1); - if (errno == EINVAL) - return (1); - return (0); -} - -#define priv_setop_assert(a) assert(priv_setop_check(a)) - -/* - * we try to add all possible privileges to waive them later. - * - * when doing so, we need to expect EPERM - */ - -/* for setppriv */ -static inline int -setppriv_check(int a) { - if (a == 0) - return (1); - if (errno == EPERM) - return (1); - return (0); -} - -#define setppriv_assert(a) assert(setppriv_check(a)) - -static void -mgt_sandbox_solaris_add_inheritable(priv_set_t *pset, enum sandbox_e who) -{ - switch (who) { - case SANDBOX_VCC: - /* for /etc/resolv.conf and /etc/hosts */ - priv_setop_assert(priv_addset(pset, "file_read")); - break; - case SANDBOX_CC: - priv_setop_assert(priv_addset(pset, PRIV_PROC_EXEC)); - priv_setop_assert(priv_addset(pset, PRIV_PROC_FORK)); - priv_setop_assert(priv_addset(pset, "file_read")); - priv_setop_assert(priv_addset(pset, "file_write")); - break; - case SANDBOX_VCLLOAD: - break; - case SANDBOX_WORKER: - break; - default: - INCOMPL(); - } -} - -/* - * effective is initialized from inheritable (see mgt_sandbox_solaris_waive) - * so only additionally required privileges need to be added here - */ - -static void -mgt_sandbox_solaris_add_effective(priv_set_t *pset, enum sandbox_e who) -{ - switch (who) { - case SANDBOX_VCC: - priv_setop_assert(priv_addset(pset, "file_write")); - break; - case SANDBOX_CC: - break; - case SANDBOX_VCLLOAD: - priv_setop_assert(priv_addset(pset, "file_read")); - case SANDBOX_WORKER: - priv_setop_assert(priv_addset(pset, "net_access")); - priv_setop_assert(priv_addset(pset, "file_read")); - priv_setop_assert(priv_addset(pset, "file_write")); - break; - default: - INCOMPL(); - } -} - -/* - * permitted is initialized from effective (see mgt_sandbox_solaris_waive) - * so only additionally required privileges need to be added here - */ - -static void -mgt_sandbox_solaris_add_permitted(priv_set_t *pset, enum sandbox_e who) -{ - switch (who) { - case SANDBOX_VCC: - case SANDBOX_CC: - case SANDBOX_VCLLOAD: - break; - case SANDBOX_WORKER: - /* for raising limits in cache_waiter_ports.c */ - AZ(priv_addset(pset, PRIV_SYS_RESOURCE)); - break; - default: - INCOMPL(); - } -} - -/* - * additional privileges needed by mgt_sandbox_solaris_privsep - - * will get waived in mgt_sandbox_solaris_waive - */ -static void -mgt_sandbox_solaris_add_initial(priv_set_t *pset, enum sandbox_e who) -{ - (void)who; - - /* for setgid/setuid */ - AZ(priv_addset(pset, PRIV_PROC_SETID)); -} - -/* - * if we are not yet privilege-aware already (ie we have been started - * not-privilege aware with euid 0), we try to grab any privileges we - * will need later. - * We will reduce to least privileges in mgt_sandbox_solaris_waive - * - * We need to become privilege-aware to avoid setuid resetting them. - */ - -static void -mgt_sandbox_solaris_init(enum sandbox_e who) -{ - priv_set_t *priv_all; - - if (! (priv_all = priv_allocset())) { - REPORT(LOG_ERR, - "Sandbox warning: " - " mgt_sandbox_init - priv_allocset failed: errno=%d (%s)", - errno, strerror(errno)); - return; - } - - priv_emptyset(priv_all); - - mgt_sandbox_solaris_add_inheritable(priv_all, who); - mgt_sandbox_solaris_add_effective(priv_all, who); - mgt_sandbox_solaris_add_permitted(priv_all, who); - mgt_sandbox_solaris_add_initial(priv_all, who); - - /* try to get all possible privileges, expect EPERM here */ - setppriv_assert(setppriv(PRIV_ON, PRIV_PERMITTED, priv_all)); - setppriv_assert(setppriv(PRIV_ON, PRIV_EFFECTIVE, priv_all)); - setppriv_assert(setppriv(PRIV_ON, PRIV_INHERITABLE, priv_all)); - - priv_freeset(priv_all); -} - -static void -mgt_sandbox_solaris_privsep(enum sandbox_e who) -{ - (void)who; - - if (priv_ineffect(PRIV_PROC_SETID)) { - if (getgid() != mgt_param.gid) - XXXAZ(setgid(mgt_param.gid)); - if (getuid() != mgt_param.uid) - XXXAZ(setuid(mgt_param.uid)); - } else { - REPORT(LOG_INFO, - "Privilege %s missing, will not change uid/gid", - PRIV_PROC_SETID); - } -} - -/* - * Waive most privileges in the child - * - * as of onnv_151a, we should end up with: - * - * > ppriv -v #pid of varnish child - * PID: .../varnishd ... - * flags = PRIV_AWARE - * E: file_read,file_write,net_access - * I: none - * P: file_read,file_write,net_access,sys_resource - * L: file_read,file_write,net_access,sys_resource - * - * We should keep sys_resource in P in order to adjust our limits if we need to - */ - -static void -mgt_sandbox_solaris_waive(enum sandbox_e who) -{ - priv_set_t *effective, *inheritable, *permitted; - - if (!(effective = priv_allocset()) || - !(inheritable = priv_allocset()) || - !(permitted = priv_allocset())) { - REPORT(LOG_ERR, - "Sandbox warning: " - " mgt_sandbox_waive - priv_allocset failed: errno=%d (%s)", - errno, strerror(errno)); - return; - } - - /* - * simple scheme: - * (inheritable subset-of effective) subset-of permitted - */ - - priv_emptyset(inheritable); - mgt_sandbox_solaris_add_inheritable(inheritable, who); - - priv_copyset(inheritable, effective); - mgt_sandbox_solaris_add_effective(effective, who); - - priv_copyset(effective, permitted); - mgt_sandbox_solaris_add_permitted(permitted, who); - - /* - * invert the sets and clear privileges such that setppriv will always - * succeed - */ - priv_inverse(inheritable); - priv_inverse(effective); - priv_inverse(permitted); - - AZ(setppriv(PRIV_OFF, PRIV_LIMIT, permitted)); - AZ(setppriv(PRIV_OFF, PRIV_PERMITTED, permitted)); - AZ(setppriv(PRIV_OFF, PRIV_EFFECTIVE, effective)); - AZ(setppriv(PRIV_OFF, PRIV_INHERITABLE, inheritable)); - - priv_freeset(inheritable); - priv_freeset(effective); - priv_freeset(permitted); -} - -void __match_proto__(mgt_sandbox_f) -mgt_sandbox_solaris(enum sandbox_e who) -{ - /* - * XXX - clarify with phk: - * there is no "all-or-nothing" for the solaris sandbox, even - * if we cant setuid, we can still do useful things and waive - * most privileges. - */ - if (who == SANDBOX_TESTING) - exit(0); - - mgt_sandbox_solaris_init(who); - mgt_sandbox_solaris_privsep(who); - mgt_sandbox_solaris_waive(who); -} -#endif /* HAVE_SETPPRIV */ From nils.goroll at uplex.de Mon Feb 16 15:09:14 2015 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 16 Feb 2015 16:09:14 +0100 Subject: [master] e83269d Fix typos, reword Message-ID: commit e83269dc29a4b658618d31ed43978bf5755330ce Author: Nils Goroll Date: Mon Feb 16 16:08:30 2015 +0100 Fix typos, reword Thanks to Dridi Boukelmoune for spotting typos diff --git a/bin/varnishd/mgt/mgt_jail_solaris.c b/bin/varnishd/mgt/mgt_jail_solaris.c index ce610d1..d5538a1 100644 --- a/bin/varnishd/mgt/mgt_jail_solaris.c +++ b/bin/varnishd/mgt/mgt_jail_solaris.c @@ -1,6 +1,6 @@ /*- * Copyright (c) 2006-2011 Varnish Software AS - * Copyright (c) 2011-2012 UPLEX - Nils Goroll Systemoptimierung + * Copyright (c) 2011-2015 UPLEX - Nils Goroll Systemoptimierung * All rights reserved. * * Author: Poul-Henning Kamp @@ -27,8 +27,17 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * Sandboxing child processes on Solaris - * ===================================== + * "Jailing" *1) child processes on Solaris and Solaris-derivates *2) + * ================================================================== + * + * *1) The name is motivated by the availability of the -j command line + * option. Jailing Varnish is not to be confused with BSD Jails or + * Solaris Zones. + * + * In Solaris parlour, jail == least privileges + * + * *2) e.g. illumos, SmartOS, OmniOS etc. + * * * Note on use of symbolic PRIV_* constants * ---------------------------------------- @@ -48,7 +57,7 @@ * Note on introduction of new privileges (or: lack of forward compatibility) * -------------------------------------------------------------------------- * - * For optimal build and binary forward comatibility, we could use subtractive + * For optimal build and binary forward compatibility, we could use subtractive * set specs like * * basic,!file_link_any,!proc_exec,!proc_fork,!proc_info,!proc_session @@ -57,7 +66,7 @@ * set. * * But we have a preference for making an informed decision about which - * privileges varnish sandboxes should have, so we prefer to risk breaking + * privileges varnish subprocesses should have, so we prefer to risk breaking * varnish temporarily on newer kernels and be notified of missing privileges * through bug reports. * @@ -69,11 +78,11 @@ * dumps unless explicitly allowed using coreadm (see below). There is no * equivalent to Linux PR_SET_DUMPABLE. The only way to clear the flag is a call * to some form of exec(). The presence of the SNOCD flag also prevents many - * process manipulations from other processes with the same uid/gid unless they - * have the proc_owner privilege. + * process manipulations from other processes with the same uid/gid unless the + * latter have the proc_owner privilege. * - * Thus, if we want to run sandboxes with a different uid/gid than the master - * process, we cannot avoid the SNOCD flag for those sandboxes not exec'ing + * Thus, if we want to run subprocesses with a different uid/gid than the master + * process, we cannot avoid the SNOCD flag for those subprocesses not exec'ing * (VCC, VCLLOAD, WORKER). * * @@ -101,13 +110,13 @@ * / -g command line option and elevated privileges but without proc_setid, * e.g.: * - * pfexec ppriv -e -s A=basic,net_privaddr,sys_resource varnish ... + * pfexec ppriv -e -s A=basic,net_privaddr,sys_resource varnishd ... * * - allow coredumps of setid processes (ignoring SNOCD) * * See coreadm(1M) - global-setid / proc-setid * - * brief histroy of privileges introduced since OpenSolaris Launch + * brief history of privileges introduced since OpenSolaris Launch * --------------------------------------------------------------- * * (from hg log -gp usr/src/uts/common/os/priv_defs @@ -117,7 +126,7 @@ * * privileges used here marked with * * - * ILlumos ticket + * Illumos ticket * ARC case hg/git commit first release * * PSARC/2006/155? 37f4a3e2bd99 onnv_37 @@ -372,7 +381,7 @@ vjs_setup(enum jail_subproc_e jse) if (! (priv_all = priv_allocset())) { REPORT(LOG_ERR, - "Sandbox warning: " + "Solaris Jail warning: " " vjs_setup - priv_allocset failed: errno=%d (%s)", errno, strerror(errno)); return; @@ -435,8 +444,8 @@ vjs_waive(enum jail_subproc_e jse) !(inheritable = priv_allocset()) || !(permitted = priv_allocset())) { REPORT(LOG_ERR, - "Sandbox warning: " - " mgt_sandbox_waive - priv_allocset failed: errno=%d (%s)", + "Solaris Jail warning: " + " vjs_waive - priv_allocset failed: errno=%d (%s)", errno, strerror(errno)); return; } From phk at FreeBSD.org Mon Feb 16 20:35:00 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Mon, 16 Feb 2015 21:35:00 +0100 Subject: [master] 6b3510c Minor nit-picking Message-ID: commit 6b3510c18f554a7eb41195860da45ae2d3bbb5bb Author: Poul-Henning Kamp Date: Mon Feb 16 20:34:46 2015 +0000 Minor nit-picking diff --git a/bin/varnishd/mgt/mgt_main.c b/bin/varnishd/mgt/mgt_main.c index f8d358b..1a6cf3b 100644 --- a/bin/varnishd/mgt/mgt_main.c +++ b/bin/varnishd/mgt/mgt_main.c @@ -562,10 +562,14 @@ main(int argc, char * const *argv) argc -= optind; argv += optind; - if (argc != 0) ARGV_ERR("Too many arguments (%s...)\n", argv[0]); + if (M_arg != NULL && *M_arg == '\0') + M_arg = NULL; + if (T_arg != NULL && *T_arg == '\0') + T_arg = NULL; + /* XXX: we can have multiple CLI actions above, is this enough ? */ if (cli[0].result != CLIS_OK) { AZ(VSB_finish(cli[0].sb)); @@ -584,10 +588,10 @@ main(int argc, char * const *argv) ARGV_ERR("At least one of -d, -b, -f, -M or -T " "must be specified\n"); - if (S_arg != NULL && *S_arg == '\0') + if (S_arg != NULL && *S_arg == '\0') { fprintf(stderr, "Warning: Empty -S argument, no CLI authentication.\n"); - else if (S_arg != NULL) { + } else if (S_arg != NULL) { o = open(S_arg, O_RDONLY, 0); if (o < 0) ARGV_ERR("Cannot open -S file (%s): %s\n", @@ -605,11 +609,11 @@ main(int argc, char * const *argv) if (VIN_N_Arg(n_arg, &heritage.name, &dirname, NULL) != 0) ARGV_ERR("Invalid instance (-n) name: %s\n", strerror(errno)); - if (i_arg != NULL && - snprintf(heritage.identity, sizeof heritage.identity, "%s", i_arg) - > sizeof heritage.identity) - ARGV_ERR("Invalid identity (-i) name: %s\n", - strerror(ENAMETOOLONG)); + if (i_arg != NULL) { + if (strlen(i_arg) + 1 > sizeof heritage.identity) + ARGV_ERR("Identity (-i) name too long.\n"); + strncpy(heritage.identity, i_arg, sizeof heritage.identity); + } if (n_arg != NULL) openlog(n_arg, LOG_PID, LOG_LOCAL0); /* XXX: i_arg ? */ @@ -658,8 +662,10 @@ main(int argc, char * const *argv) if (b_arg == NULL && f_arg == NULL) { fprintf(stderr, - "Warning: Neither -b nor -f given, won't start a worker child.\n" - " Master process started, use varnishadm to control it.\n"); + "Warning: Neither -b nor -f given," + " won't start a worker child.\n" + " Master process started," + " use varnishadm to control it.\n"); } } From fgsch at lodoss.net Mon Feb 16 22:31:05 2015 From: fgsch at lodoss.net (Federico G. Schwindt) Date: Mon, 16 Feb 2015 23:31:05 +0100 Subject: [master] 4898f68 Fix test Message-ID: commit 4898f68733cf0bc90d9e3aeecb342932d6f238f5 Author: Federico G. Schwindt Date: Mon Feb 16 22:29:43 2015 +0000 Fix test Spotted by xavier on irc. diff --git a/bin/varnishtest/tests/r00962.vtc b/bin/varnishtest/tests/r00962.vtc index 6d750cb..cc5168c 100644 --- a/bin/varnishtest/tests/r00962.vtc +++ b/bin/varnishtest/tests/r00962.vtc @@ -1,7 +1,7 @@ varnishtest "Test address remapping" # VM-remapping is to random on OSX -feature not-OSX +feature !OSX server s1 { rxreq @@ -16,7 +16,7 @@ varnish v1 \ -arg "-sdeprecated_persistent,${tmpdir}/_.per2,10m" \ -vcl+backend { sub vcl_backend_response { - set beresp.storage = "s0"; + set beresp.storage_hint = "s0"; } } -start @@ -53,7 +53,7 @@ client c1 -connect ${v2_sock} { rxresp expect resp.msg != "Persistent Object Not Found" expect resp.status == 200 - expect resp.http.X-Varnish == "1001" + expect resp.http.X-Varnish == "1001 1002" } -run # shell "rm -f /tmp/__v1/_.per" From nils.goroll at uplex.de Tue Feb 17 11:49:27 2015 From: nils.goroll at uplex.de (Nils Goroll) Date: Tue, 17 Feb 2015 12:49:27 +0100 Subject: [master] 1e026cf we should have graphviz to process dot files Message-ID: commit 1e026cf611a999c775ba813fc0c89b62a72aea6f Author: Nils Goroll Date: Tue Feb 17 12:49:23 2015 +0100 we should have graphviz to process dot files diff --git a/doc/sphinx/installation/install.rst b/doc/sphinx/installation/install.rst index bbae1e6..fca2b18 100644 --- a/doc/sphinx/installation/install.rst +++ b/doc/sphinx/installation/install.rst @@ -88,7 +88,7 @@ installed. On a Debian or Ubuntu system these are: * `pkg-config` * `python-docutils` * `python-sphinx` - +* `graphviz` Build dependencies on Red Hat / CentOS -------------------------------------- @@ -108,7 +108,7 @@ packages installed: * `pkgconfig` * `python-docutils` * `python-sphinx` - +* `graphviz` Compiling Varnish ----------------- From lkarsten at varnish-software.com Tue Feb 17 16:04:37 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Tue, 17 Feb 2015 17:04:37 +0100 Subject: [4.0] faee84e Increase VRT_MINOR_VERSION due to VRT_CTX macro. Message-ID: commit faee84e0a8738c5d8df5640065e156e26850f728 Author: Lasse Karstensen Date: Tue Feb 17 16:53:52 2015 +0100 Increase VRT_MINOR_VERSION due to VRT_CTX macro. Details in afbe27c. diff --git a/include/vrt.h b/include/vrt.h index e7939aa..c74e023 100644 --- a/include/vrt.h +++ b/include/vrt.h @@ -41,7 +41,7 @@ #define VRT_MAJOR_VERSION 1U -#define VRT_MINOR_VERSION 2U +#define VRT_MINOR_VERSION 3U /***********************************************************************/ From lkarsten at varnish-software.com Tue Feb 17 16:04:37 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Tue, 17 Feb 2015 17:04:37 +0100 Subject: [4.0] 1f88e91 Prepare for 4.0.3 final. Message-ID: commit 1f88e919d7a75cbaf4b36eca6587895dd7efd319 Author: Lasse Karstensen Date: Tue Feb 17 17:03:47 2015 +0100 Prepare for 4.0.3 final. diff --git a/configure.ac b/configure.ac index 78c6651..bbe9da2 100644 --- a/configure.ac +++ b/configure.ac @@ -2,7 +2,7 @@ AC_PREREQ(2.59) AC_COPYRIGHT([Copyright (c) 2006 Verdens Gang AS Copyright (c) 2006-2015 Varnish Software AS]) AC_REVISION([$Id$]) -AC_INIT([Varnish], [4.0.3-rc3], [varnish-dev at varnish-cache.org]) +AC_INIT([Varnish], [4.0.3], [varnish-dev at varnish-cache.org]) AC_CONFIG_SRCDIR(include/miniobj.h) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_MACRO_DIR([m4]) diff --git a/doc/changes.rst b/doc/changes.rst index 293a5db..bf3b04f 100644 --- a/doc/changes.rst +++ b/doc/changes.rst @@ -1,3 +1,10 @@ +============================================ +Changes from 4.0.3-rc3 to 4.0.3 (2015-02-17) +============================================ + +* Internal VRT_MINOR_VERSION increased due to new VRT_CTX macro. + + ================================================ Changes from 4.0.3-rc2 to 4.0.3-rc3 (2015-02-11) ================================================ diff --git a/redhat/varnish.spec b/redhat/varnish.spec index fc811d9..952994f 100644 --- a/redhat/varnish.spec +++ b/redhat/varnish.spec @@ -1,4 +1,4 @@ -%define v_rc rc3 +%define XXXv_rc rc3 %define vd_rc %{?v_rc:-%{?v_rc}} %define _use_internal_dependency_generator 0 %define __find_provides %{_builddir}/varnish-%{version}%{?v_rc:-%{?v_rc}}/redhat/find-provides From phk at FreeBSD.org Wed Feb 18 10:12:51 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 18 Feb 2015 11:12:51 +0100 Subject: [master] 01c4b27 Move creation of workdir to be a jail method. Message-ID: commit 01c4b2787f18e8c547055b77d6b9a243bda5a5cd Author: Poul-Henning Kamp Date: Wed Feb 18 10:12:15 2015 +0000 Move creation of workdir to be a jail method. Neuter solaris jail entirely on platforms which don't have it. diff --git a/bin/varnishd/mgt/mgt.h b/bin/varnishd/mgt/mgt.h index 718e6a4..b51be28 100644 --- a/bin/varnishd/mgt/mgt.h +++ b/bin/varnishd/mgt/mgt.h @@ -79,6 +79,7 @@ enum jail_master_e { typedef int jail_init_f(char **); typedef void jail_master_f(enum jail_master_e); typedef void jail_subproc_f(enum jail_subproc_e); +typedef void jail_make_workdir_f(const char *dname); struct jail_tech { unsigned magic; @@ -87,11 +88,13 @@ struct jail_tech { jail_init_f *init; jail_master_f *master; jail_subproc_f *subproc; + jail_make_workdir_f *make_workdir; }; void VJ_Init(const char *j_arg); void VJ_master(enum jail_master_e jme); void VJ_subproc(enum jail_subproc_e jse); +void VJ_make_workdir(const char *dname); extern const struct jail_tech jail_tech_unix; extern const struct jail_tech jail_tech_solaris; diff --git a/bin/varnishd/mgt/mgt_cli.c b/bin/varnishd/mgt/mgt_cli.c index c52b3cf..d35d42c 100644 --- a/bin/varnishd/mgt/mgt_cli.c +++ b/bin/varnishd/mgt/mgt_cli.c @@ -525,6 +525,7 @@ mgt_cli_telnet(const char *T_arg) char abuf[VTCP_ADDRBUFSIZE]; char pbuf[VTCP_PORTBUFSIZE]; + AN(T_arg); n = VSS_resolve(T_arg, NULL, &ta); if (n == 0) { REPORT(LOG_ERR, "-T %s Could not be resolved\n", T_arg); @@ -639,8 +640,8 @@ Marg_poker(const struct vev *e, int what) void mgt_cli_master(const char *M_arg) { - (void)M_arg; + AN(M_arg); M_nta = VSS_resolve(M_arg, NULL, &M_ta); if (M_nta <= 0) { fprintf(stderr, "Could resolve -M argument to address\n"); diff --git a/bin/varnishd/mgt/mgt_jail.c b/bin/varnishd/mgt/mgt_jail.c index 081e9e8..ac791ff 100644 --- a/bin/varnishd/mgt/mgt_jail.c +++ b/bin/varnishd/mgt/mgt_jail.c @@ -31,8 +31,13 @@ #include "config.h" +#include +#include #include #include +#include +#include +#include #include "mgt/mgt.h" #include "vav.h" @@ -74,7 +79,9 @@ static const struct jail_tech jail_tech_none = { static const struct jail_tech *vjt; static const struct choice vj_choice[] = { +#ifdef HAVE_SETPPRIV { "solaris", &jail_tech_solaris }, +#endif { "unix", &jail_tech_unix }, { "none", &jail_tech_none }, { NULL, NULL }, @@ -125,3 +132,32 @@ VJ_subproc(enum jail_subproc_e jse) CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC); vjt->subproc(jse); } + +void +VJ_make_workdir(const char *dname) +{ + int fd; + + AN(dname); + CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC); + if (vjt->make_workdir != NULL) { + vjt->make_workdir(dname); + return; + } + + if (mkdir(dname, 0755) < 0 && errno != EEXIST) + ARGV_ERR("Cannot create working directory '%s': %s\n", + dname, strerror(errno)); + + if (chdir(dname) < 0) + ARGV_ERR("Cannot change to working directory '%s': %s\n", + dname, strerror(errno)); + + fd = open("_.testfile", O_RDWR|O_CREAT|O_EXCL, 0600); + if (fd < 0) + ARGV_ERR("Error: Cannot create test-file in %s (%s)\n" + "Check permissions (or delete old directory)\n", + dname, strerror(errno)); + AZ(close(fd)); + AZ(unlink("_.testfile")); +} diff --git a/bin/varnishd/mgt/mgt_jail_solaris.c b/bin/varnishd/mgt/mgt_jail_solaris.c index d5538a1..a603359 100644 --- a/bin/varnishd/mgt/mgt_jail_solaris.c +++ b/bin/varnishd/mgt/mgt_jail_solaris.c @@ -203,6 +203,9 @@ */ #include "config.h" + +#ifdef HAVE_SETPPRIV + #include #include #include @@ -214,28 +217,6 @@ #include "common/heritage.h" #include "common/params.h" -#ifndef HAVE_SETPPRIV - -/* ============================================================ - * on platforms without setppriv, fail the init to mark that - * this jail is unavailable - */ - -static int __match_proto__(jail_init_f) -vjs_init(char **args) -{ - (void) args; - return 1; -} - -const struct jail_tech jail_tech_solaris = { - .magic = JAIL_TECH_MAGIC, - .name = "solaris (unavailable)", - .init = vjs_init, -}; - -#else /* HAVE_SETPPRIV */ - #ifdef HAVE_PRIV_H #include #endif diff --git a/bin/varnishd/mgt/mgt_main.c b/bin/varnishd/mgt/mgt_main.c index 1a6cf3b..a2e823b 100644 --- a/bin/varnishd/mgt/mgt_main.c +++ b/bin/varnishd/mgt/mgt_main.c @@ -31,7 +31,6 @@ #include "config.h" -#include #include #include @@ -362,7 +361,7 @@ init_params(struct cli *cli) int main(int argc, char * const *argv) { - int o, fd; + int o; unsigned C_flag = 0; unsigned F_flag = 0; const char *b_arg = NULL; @@ -535,10 +534,7 @@ main(int argc, char * const *argv) S_arg = optarg; break; case 'T': - if (*optarg != '\0') - T_arg = optarg; - else - T_arg = NULL; + T_arg = optarg; break; case 'V': /* XXX: we should print the ident here */ @@ -620,21 +616,7 @@ main(int argc, char * const *argv) else openlog("varnishd", LOG_PID, LOG_LOCAL0); - if (mkdir(dirname, 0755) < 0 && errno != EEXIST) - ARGV_ERR("Cannot create working directory '%s': %s\n", - dirname, strerror(errno)); - - if (chdir(dirname) < 0) - ARGV_ERR("Cannot change to working directory '%s': %s\n", - dirname, strerror(errno)); - - fd = open("_.testfile", O_RDWR|O_CREAT|O_EXCL, 0600); - if (fd < 0) - ARGV_ERR("Error: Cannot create test-file in %s (%s)\n" - "Check permissions (or delete old directory)\n", - dirname, strerror(errno)); - AZ(close(fd)); - AZ(unlink("_.testfile")); + VJ_make_workdir(dirname); /* XXX: should this be relative to the -n arg ? */ if (P_arg && (pfh = VPF_Open(P_arg, 0644, NULL)) == NULL) From lkarsten at varnish-software.com Wed Feb 18 13:38:40 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Wed, 18 Feb 2015 14:38:40 +0100 Subject: [4.0] 577a4dc Revert "Increase VRT_MINOR_VERSION due to VRT_CTX macro." Message-ID: commit 577a4dcdca1efd27ef09e877671ff7ab36b51230 Author: Lasse Karstensen Date: Wed Feb 18 14:36:04 2015 +0100 Revert "Increase VRT_MINOR_VERSION due to VRT_CTX macro." This reverts commit faee84e0a8738c5d8df5640065e156e26850f728. VRT_CTX is important at compile-time, not run-time, which this version marker is all about. diff --git a/include/vrt.h b/include/vrt.h index c74e023..e7939aa 100644 --- a/include/vrt.h +++ b/include/vrt.h @@ -41,7 +41,7 @@ #define VRT_MAJOR_VERSION 1U -#define VRT_MINOR_VERSION 3U +#define VRT_MINOR_VERSION 2U /***********************************************************************/ From lkarsten at varnish-software.com Wed Feb 18 13:38:40 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Wed, 18 Feb 2015 14:38:40 +0100 Subject: [4.0] e0eebbc Remove bulletpoint after reverting ABI version bump. Message-ID: commit e0eebbcb26af25522e1e40f5b72150d88bbed218 Author: Lasse Karstensen Date: Wed Feb 18 14:37:43 2015 +0100 Remove bulletpoint after reverting ABI version bump. diff --git a/doc/changes.rst b/doc/changes.rst index bf3b04f..bedf36a 100644 --- a/doc/changes.rst +++ b/doc/changes.rst @@ -2,8 +2,7 @@ Changes from 4.0.3-rc3 to 4.0.3 (2015-02-17) ============================================ -* Internal VRT_MINOR_VERSION increased due to new VRT_CTX macro. - +* No changes. ================================================ Changes from 4.0.3-rc2 to 4.0.3-rc3 (2015-02-11) From lkarsten at varnish-software.com Wed Feb 18 14:11:39 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Wed, 18 Feb 2015 15:11:39 +0100 Subject: [4.0] b8c4a34 Use HTTPS on all web URLs. Message-ID: commit b8c4a34f5d8aacb955d989a606a04ca52caf835e Author: Lasse Karstensen Date: Wed Feb 11 13:44:48 2015 +0100 Use HTTPS on all web URLs. diff --git a/redhat/varnish.spec b/redhat/varnish.spec index 952994f..0730497 100644 --- a/redhat/varnish.spec +++ b/redhat/varnish.spec @@ -9,7 +9,7 @@ Version: 4.0.3 Release: 1%{?v_rc}%{?dist} License: BSD Group: System Environment/Daemons -URL: http://www.varnish-cache.org/ +URL: https://www.varnish-cache.org/ #Source0: http://repo.varnish-cache.org/source/%{name}-%{version}.tar.gz Source0: %{name}-%{version}%{?vd_rc}.tar.gz #Source0: %{name}-trunk.tar.gz From phk at FreeBSD.org Wed Feb 18 18:09:49 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 18 Feb 2015 19:09:49 +0100 Subject: [master] ab37c41 Eliminate a pointless detour over VSS_parse() Message-ID: commit ab37c4187e3a0428085920b840ba702d688a04d4 Author: Poul-Henning Kamp Date: Wed Feb 18 18:04:45 2015 +0000 Eliminate a pointless detour over VSS_parse() diff --git a/bin/varnishtest/vtc_server.c b/bin/varnishtest/vtc_server.c index 396a869..0900756 100644 --- a/bin/varnishtest/vtc_server.c +++ b/bin/varnishtest/vtc_server.c @@ -125,8 +125,10 @@ server_new(const char *name) if (*s->name != 's') vtc_log(s->vl, 0, "Server name must start with 's'"); - bprintf(s->listen, "127.0.0.1:%d", 0); - AZ(VSS_parse(s->listen, &s->addr, &s->port)); + s->addr = strdup("127.0.0.1"); + AN(s->addr); + s->port = strdup("0"); + AN(s->port); s->repeat = 1; s->depth = 10; s->sock = -1; From phk at FreeBSD.org Wed Feb 18 19:10:32 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 18 Feb 2015 20:10:32 +0100 Subject: [master] 53bd4ae Move creation of workdir into jail code, and use the master HIGH/LOW around socket operations which may be on reserved ports. Message-ID: commit 53bd4aeb4889da3aa35f3adb6147aa7bfa789779 Author: Poul-Henning Kamp Date: Wed Feb 18 19:10:01 2015 +0000 Move creation of workdir into jail code, and use the master HIGH/LOW around socket operations which may be on reserved ports. diff --git a/bin/varnishd/mgt/mgt_child.c b/bin/varnishd/mgt/mgt_child.c index 5a0220e..c116c5f 100644 --- a/bin/varnishd/mgt/mgt_child.c +++ b/bin/varnishd/mgt/mgt_child.c @@ -229,6 +229,7 @@ MGT_open_sockets(void) struct listen_sock *ls; int good = 0; + VJ_master(JAIL_MASTER_HIGH); VTAILQ_FOREACH(ls, &heritage.socks, list) { if (ls->sock >= 0) { good++; @@ -242,6 +243,7 @@ MGT_open_sockets(void) good++; } + VJ_master(JAIL_MASTER_LOW); if (!good) return (1); return (0); diff --git a/bin/varnishd/mgt/mgt_cli.c b/bin/varnishd/mgt/mgt_cli.c index d35d42c..84446aa 100644 --- a/bin/varnishd/mgt/mgt_cli.c +++ b/bin/varnishd/mgt/mgt_cli.c @@ -535,7 +535,9 @@ mgt_cli_telnet(const char *T_arg) vsb = VSB_new_auto(); XXXAN(vsb); for (i = 0; i < n; ++i) { + VJ_master(JAIL_MASTER_HIGH); sock = VSS_listen(ta[i], 10); + VJ_master(JAIL_MASTER_LOW); if (sock < 0) continue; VTCP_myname(sock, abuf, sizeof abuf, pbuf, sizeof pbuf); diff --git a/bin/varnishd/mgt/mgt_jail_unix.c b/bin/varnishd/mgt/mgt_jail_unix.c index bfb65dd..11792af 100644 --- a/bin/varnishd/mgt/mgt_jail_unix.c +++ b/bin/varnishd/mgt/mgt_jail_unix.c @@ -31,11 +31,13 @@ #include "config.h" #include +#include #include #include #include #include #include +#include #include "mgt/mgt.h" @@ -100,6 +102,8 @@ vju_init(char **args) return (1); if (vju_getuid(JAIL_USER)) return (1); + AZ(setegid(vju_gid)); + AZ(seteuid(vju_uid)); return (0); } @@ -108,17 +112,15 @@ vju_init(char **args) for (;*args != NULL; args++) { if (!strncmp(*args, "user=", 5)) { - if (vju_getuid((*args) + 5)) { + if (vju_getuid((*args) + 5)) ARGV_ERR("Unix jail: %s user not found.\n", (*args) + 5); - } continue; } if (!strncmp(*args, "ccgroup=", 8)) { - if (vju_getccgid((*args) + 8)) { + if (vju_getccgid((*args) + 8)) ARGV_ERR("Unix jail: %s group not found.\n", (*args) + 8); - } continue; } ARGV_ERR("Unix jail: unknown sub-argument '%s'\n", *args); @@ -127,13 +129,19 @@ vju_init(char **args) if (vju_user == NULL && vju_getuid(JAIL_USER)) ARGV_ERR("Unix jail: %s user not found.\n", JAIL_USER); + /* Do an explicit JAIL_MASTER_LOW */ + AZ(setegid(vju_gid)); + AZ(seteuid(vju_uid)); return (0); } static void __match_proto__(jail_master_f) vju_master(enum jail_master_e jme) { - (void)jme; + if (jme == JAIL_MASTER_HIGH) + AZ(seteuid(0)); + else + AZ(seteuid(vju_uid)); } static void __match_proto__(jail_subproc_f) @@ -142,6 +150,7 @@ vju_subproc(enum jail_subproc_e jse) int i; gid_t gid_list[NGID]; + AZ(seteuid(0)); AZ(setgid(vju_gid)); AZ(initgroups(vju_user, vju_gid)); @@ -166,10 +175,42 @@ vju_subproc(enum jail_subproc_e jse) #endif } +static void +vju_make_workdir(const char *dname) +{ + int fd; + + AZ(seteuid(0)); + + if (mkdir(dname, 0755) < 0 && errno != EEXIST) + ARGV_ERR("Cannot create working directory '%s': %s\n", + dname, strerror(errno)); + + if (chown(dname, vju_uid, vju_gid) < 0) + ARGV_ERR( + "Cannot set owner/group on working directory '%s': %s\n", + dname, strerror(errno)); + + if (chdir(dname) < 0) + ARGV_ERR("Cannot change to working directory '%s': %s\n", + dname, strerror(errno)); + + AZ(seteuid(vju_uid)); + + fd = open("_.testfile", O_RDWR|O_CREAT|O_EXCL, 0600); + if (fd < 0) + ARGV_ERR("Error: Cannot create test-file in %s (%s)\n" + "Check permissions (or delete old directory)\n", + dname, strerror(errno)); + AZ(close(fd)); + AZ(unlink("_.testfile")); +} + const struct jail_tech jail_tech_unix = { .magic = JAIL_TECH_MAGIC, .name = "unix", .init = vju_init, .master = vju_master, + .make_workdir = vju_make_workdir, .subproc = vju_subproc, }; From phk at FreeBSD.org Wed Feb 18 22:04:46 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 18 Feb 2015 23:04:46 +0100 Subject: [master] d586282 Run STV_GetFile() in JAIL_MASTER_HIGH and give jails a chance to frob the file after open. Message-ID: commit d5862828f8c3fb6c09c8b9b554b85958a9a986d8 Author: Poul-Henning Kamp Date: Wed Feb 18 22:04:02 2015 +0000 Run STV_GetFile() in JAIL_MASTER_HIGH and give jails a chance to frob the file after open. jail_unix makes the file varnish:varnish 0600 diff --git a/bin/varnishd/mgt/mgt.h b/bin/varnishd/mgt/mgt.h index b51be28..dc28a00 100644 --- a/bin/varnishd/mgt/mgt.h +++ b/bin/varnishd/mgt/mgt.h @@ -80,6 +80,7 @@ typedef int jail_init_f(char **); typedef void jail_master_f(enum jail_master_e); typedef void jail_subproc_f(enum jail_subproc_e); typedef void jail_make_workdir_f(const char *dname); +typedef void jail_storage_file_f(int fd); struct jail_tech { unsigned magic; @@ -89,12 +90,14 @@ struct jail_tech { jail_master_f *master; jail_subproc_f *subproc; jail_make_workdir_f *make_workdir; + jail_storage_file_f *storage_file; }; void VJ_Init(const char *j_arg); void VJ_master(enum jail_master_e jme); void VJ_subproc(enum jail_subproc_e jse); void VJ_make_workdir(const char *dname); +void VJ_storage_file(int fd); extern const struct jail_tech jail_tech_unix; extern const struct jail_tech jail_tech_solaris; diff --git a/bin/varnishd/mgt/mgt_jail.c b/bin/varnishd/mgt/mgt_jail.c index ac791ff..f95bc81 100644 --- a/bin/varnishd/mgt/mgt_jail.c +++ b/bin/varnishd/mgt/mgt_jail.c @@ -161,3 +161,12 @@ VJ_make_workdir(const char *dname) AZ(close(fd)); AZ(unlink("_.testfile")); } + +void +VJ_storage_file(int fd) +{ + + CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC); + if (vjt->storage_file != NULL) + vjt->storage_file(fd); +} diff --git a/bin/varnishd/mgt/mgt_jail_unix.c b/bin/varnishd/mgt/mgt_jail_unix.c index 11792af..09d14f6 100644 --- a/bin/varnishd/mgt/mgt_jail_unix.c +++ b/bin/varnishd/mgt/mgt_jail_unix.c @@ -206,11 +206,21 @@ vju_make_workdir(const char *dname) AZ(unlink("_.testfile")); } +static void +vju_storage_file(int fd) +{ + /* Called under JAIL_MASTER_HIGH */ + + AZ(fchmod(fd, 0600)); + AZ(fchown(fd, vju_uid, vju_gid)); +} + const struct jail_tech jail_tech_unix = { .magic = JAIL_TECH_MAGIC, .name = "unix", .init = vju_init, .master = vju_master, .make_workdir = vju_make_workdir, + .storage_file = vju_storage_file, .subproc = vju_subproc, }; diff --git a/bin/varnishd/storage/stevedore_utils.c b/bin/varnishd/storage/stevedore_utils.c index 32a447f..c6ec487 100644 --- a/bin/varnishd/storage/stevedore_utils.c +++ b/bin/varnishd/storage/stevedore_utils.c @@ -91,10 +91,13 @@ STV_GetFile(const char *fn, int *fdp, const char **fnp, const char *ctx) *fdp = -1; /* try to create a new file of this name */ + VJ_master(JAIL_MASTER_HIGH); fd = open(fn, O_RDWR | O_CREAT | O_EXCL | O_LARGEFILE, 0600); if (fd >= 0) { + VJ_storage_file(fd); *fdp = fd; *fnp = fn; + VJ_master(JAIL_MASTER_LOW); return (retval); } @@ -130,6 +133,8 @@ STV_GetFile(const char *fn, int *fdp, const char **fnp, const char *ctx) ctx, fn); *fdp = fd; + VJ_storage_file(fd); + VJ_master(JAIL_MASTER_LOW); return (retval); } From fgsch at lodoss.net Fri Feb 20 17:02:02 2015 From: fgsch at lodoss.net (Federico G. Schwindt) Date: Fri, 20 Feb 2015 18:02:02 +0100 Subject: [master] 1095209 Add changes since 4.0.2 Message-ID: commit 1095209fb1d05816a1d9df55207c512cdd9b6ea5 Author: Federico G. Schwindt Date: Fri Feb 20 17:01:34 2015 +0000 Add changes since 4.0.2 diff --git a/doc/changes.rst b/doc/changes.rst index f890b90..3b19c53 100644 --- a/doc/changes.rst +++ b/doc/changes.rst @@ -1,4 +1,113 @@ ============================================ +Changes from 4.0.3-rc3 to 4.0.3 (2015-02-17) +============================================ + +* No changes. + +================================================ +Changes from 4.0.3-rc2 to 4.0.3-rc3 (2015-02-11) +================================================ + +- Superseded objects are now expired immediately. + +Bugs fixed +---------- + +- 1462_ - Use first/last log entry in varnishncsa. +- 1539_ - Avoid panic when expiry thread modifies a candidate object. +- 1637_ - Fail the fetch processing if the vep callback failed. +- 1665_ - Be more accurate when computing client RX_TIMEOUT. +- 1672_ - Do not panic on unsolicited 304 response to non-200 bereq. + +.. _1462: https://www.varnish-cache.org/trac/ticket/1462 +.. _1539: https://www.varnish-cache.org/trac/ticket/1539 +.. _1637: https://www.varnish-cache.org/trac/ticket/1637 +.. _1665: https://www.varnish-cache.org/trac/ticket/1665 +.. _1672: https://www.varnish-cache.org/trac/ticket/1672 + + +================================================ +Changes from 4.0.3-rc1 to 4.0.3-rc2 (2015-01-28) +================================================ + +Changes since 4.0.3-rc1: + +- Assorted documentation updates. + +Bugs fixed +---------- + +- 1479_ - Fix out-of-tree builds. +- 1566_ - Escape VCL string question marks. +- 1616_ - Correct header file placement. +- 1620_ - Fail miss properly if out of backend threads. (Also 1621_) +- 1628_ - Avoid dereferencing null in VBO_DerefBusyObj(). +- 1629_ - Ditch rest of waiting list on failure to reschedule. +- 1660_ - Don't attempt range delivery on a synth response + +.. _1479: https://www.varnish-cache.org/trac/ticket/1479 +.. _1566: https://www.varnish-cache.org/trac/ticket/1578 +.. _1616: https://www.varnish-cache.org/trac/ticket/1616 +.. _1620: https://www.varnish-cache.org/trac/ticket/1620 +.. _1621: https://www.varnish-cache.org/trac/ticket/1621 +.. _1628: https://www.varnish-cache.org/trac/ticket/1628 +.. _1629: https://www.varnish-cache.org/trac/ticket/1629 +.. _1660: https://www.varnish-cache.org/trac/ticket/1660 + + +============================================ +Changes from 4.0.2 to 4.0.3-rc1 (2015-01-15) +============================================ + +Changes since 4.0.2: + +- Support older autoconf (< 2.63b) (el5) +- A lot of minor documentation fixes. +- bereq.uncacheable is now read-only. +- obj.uncacheable is now readable in vcl_deliver. +- [varnishadm] Prefer exact matches for backend.set_healthy. Bug 1349_. +- Hard-coded -sfile default size is removed. +- [packaging] EL6 packages are once again built with -O2. +- [parameter] fetch_chunksize default is reduced to 16KB. (from 128KB) +- Added std.time() which converts strings to VCL_TIME. +- [packaging] packages now Provide strictABI (gitref) and ABI (VRT major/minor) for VMOD use. + +Bugs fixed +---------- + +* 1378_ - Properly escape non-printable characters in varnishncsa. +* 1596_ - Delay HSH_Complete() until the storage sanity functions has finished. +* 1506_ - Keep Content-Length from backend if we can. +* 1602_ - Fix a cornercase related to empty pass objects. +* 1607_ - Don't leak reqs on failure to revive from waitinglist. +* 1610_ - Update forgotten varnishlog example to 4.0 syntax. +* 1612_ - Fix a cornercase related to empty pass objects. +* 1623_ - Fix varnishhist -d segfault. +* 1636_ - Outdated paragraph in Vary: documentation +* 1638_ - Fix panic when retrying a failed backend fetch. +* 1639_ - Restore the default SIGSEGV handler during pan_ic +* 1647_ - Relax an assertion for the IMS update candidate object. +* 1648_ - Avoid partial IMS updates to replace old object. +* 1650_ - Collapse multiple X-Forwarded-For headers + +.. _1349: https://www.varnish-cache.org/trac/ticket/1349 +.. _1378: https://www.varnish-cache.org/trac/ticket/1378 +.. _1596: https://www.varnish-cache.org/trac/ticket/1596 +.. _1506: https://www.varnish-cache.org/trac/ticket/1506 +.. _1602: https://www.varnish-cache.org/trac/ticket/1602 +.. _1607: https://www.varnish-cache.org/trac/ticket/1607 +.. _1610: https://www.varnish-cache.org/trac/ticket/1610 +.. _1612: https://www.varnish-cache.org/trac/ticket/1612 +.. _1623: https://www.varnish-cache.org/trac/ticket/1623 +.. _1636: https://www.varnish-cache.org/trac/ticket/1636 +.. _1638: https://www.varnish-cache.org/trac/ticket/1638 +.. _1639: https://www.varnish-cache.org/trac/ticket/1639 +.. _1647: https://www.varnish-cache.org/trac/ticket/1647 +.. _1648: https://www.varnish-cache.org/trac/ticket/1648 +.. _1650: https://www.varnish-cache.org/trac/ticket/1650 + + +============================================ Changes from 4.0.2-rc1 to 4.0.2 (2014-10-08) ============================================ From fgsch at lodoss.net Fri Feb 20 18:28:40 2015 From: fgsch at lodoss.net (Federico G. Schwindt) Date: Fri, 20 Feb 2015 19:28:40 +0100 Subject: [master] c50bb6f Fix spelling and minor updates Message-ID: commit c50bb6f48d81da8068ee391dc9958d3582531902 Author: Federico G. Schwindt Date: Fri Feb 20 18:28:41 2015 +0000 Fix spelling and minor updates diff --git a/doc/sphinx/reference/varnish-cli.rst b/doc/sphinx/reference/varnish-cli.rst index 7f419ff..59e0c3a 100644 --- a/doc/sphinx/reference/varnish-cli.rst +++ b/doc/sphinx/reference/varnish-cli.rst @@ -31,7 +31,7 @@ bans process management You can stop and start the cache (child) process though the - CLI. You can also retrieve the lastst stack trace if the child + CLI. You can also retrieve the latest stack trace if the child process has crashed. If you invoke varnishd(1) with -T, -M or -d the CLI will be @@ -52,17 +52,17 @@ is:: here document word -*word* can be any continuous string choosen to make sure it doesn't +*word* can be any continuous string chosen to make sure it doesn't appear naturally in the following *here document*. When using the here document style of input there are no restrictions -on lenght. When using newline-terminated commands maximum lenght is +on length. When using newline-terminated commands maximum length is limited by the varnishd parameter *cli_buffer*. When commands are newline terminated they get *tokenized* before parsing so if you have significant spaces enclose your strings in double quotes. Within the quotes you can escape characters with -\\. The \n, \r and \t get translated to newlines, carrage returns and +\\. The \n, \r and \t get translated to newlines, carriage returns and tabs. Double quotes themselves can be escaped with a backslash. To enter characters in octals use the \\nnn syntax. Hexadecimals can @@ -71,17 +71,17 @@ be entered with the \\xnn syntax. Commands -------- -help [command] - Show command/protocol help +help [] + Show command/protocol help. -ping [timestamp] - Keep connection alive +ping [] + Keep connection alive. -auth response +auth Authenticate. quit - Close connection + Close connection. banner Print welcome banner. @@ -93,7 +93,7 @@ start Start the Varnish cache process. stop - Stop the Varnish cache process + Stop the Varnish cache process. vcl.load Compile and load the VCL file under the name provided. @@ -110,7 +110,7 @@ vcl.discard vcl.list List all loaded configuration. -vcl.show +vcl.show [-v] Display the source code for the specified configuration. param.show [-l] [] @@ -126,7 +126,7 @@ panic.clear Clear the last panic, if any. storage.list - List storage devices + List storage devices. backend.list [] List backends. @@ -135,7 +135,7 @@ backend.set_health Set health status on the backends. State is any of auto, healthy or sick values. -ban [&& ]... +ban [&& ...] All objects where the all the conditions match will be marked obsolete. ban.list @@ -159,7 +159,7 @@ ANDed together with "&&". A field can be any of the variables from VCL, for instance req.url, req.http.host or obj.http.set-cookie. -Operators are "==" for direct comparision, "~" for a regular +Operators are "==" for direct comparison, "~" for a regular expression match, and ">" or "<" for size comparisons. Prepending an operator with "!" negates the expression. @@ -218,7 +218,7 @@ An authenticated session looks like this:: Type 'start' to launch worker process. The CLI status of 107 indicates that authentication is necessary. The -first 32 characters of the reponse text is the challenge +first 32 characters of the response text is the challenge "ixsl...mpg". The challenge is randomly generated for each CLI connection, and changes each time a 107 is emitted. From fgsch at lodoss.net Sat Feb 21 10:08:18 2015 From: fgsch at lodoss.net (Federico G. Schwindt) Date: Sat, 21 Feb 2015 11:08:18 +0100 Subject: [master] cc694c1 Correct names Message-ID: commit cc694c17c33ea45d1e3b5c083f4704a003e9a606 Author: Federico G. Schwindt Date: Sat Feb 21 10:07:36 2015 +0000 Correct names Prompted by #1681 diff --git a/doc/sphinx/reference/varnish-cli.rst b/doc/sphinx/reference/varnish-cli.rst index 59e0c3a..2879dcd 100644 --- a/doc/sphinx/reference/varnish-cli.rst +++ b/doc/sphinx/reference/varnish-cli.rst @@ -1,5 +1,5 @@ =========== -Varnish CLI +varnish-cli =========== ------------------------------ diff --git a/doc/sphinx/reference/vsl-query.rst b/doc/sphinx/reference/vsl-query.rst index f188113..3569cbf 100644 --- a/doc/sphinx/reference/vsl-query.rst +++ b/doc/sphinx/reference/vsl-query.rst @@ -1,8 +1,12 @@ .. _ref-vsl-query: -============================= +========= +vsl-query +========= + +----------------------------- Varnish VSL Query Expressions -============================= +----------------------------- OVERVIEW ======== From fgsch at lodoss.net Sat Feb 21 10:31:50 2015 From: fgsch at lodoss.net (Federico G. Schwindt) Date: Sat, 21 Feb 2015 11:31:50 +0100 Subject: [master] 5fe64d6 Add manual sections Message-ID: commit 5fe64d62199b0c090eefcf3b823e996f7489533c Author: Federico G. Schwindt Date: Sat Feb 21 10:26:53 2015 +0000 Add manual sections While here also drop synopsis indentation. diff --git a/doc/sphinx/reference/varnish-cli.rst b/doc/sphinx/reference/varnish-cli.rst index 2879dcd..d6df5e3 100644 --- a/doc/sphinx/reference/varnish-cli.rst +++ b/doc/sphinx/reference/varnish-cli.rst @@ -6,6 +6,8 @@ varnish-cli Varnish Command Line Interface ------------------------------ +:Manual section: 7 + DESCRIPTION =========== diff --git a/doc/sphinx/reference/varnishadm.rst b/doc/sphinx/reference/varnishadm.rst index 8143abd..eedffbb 100644 --- a/doc/sphinx/reference/varnishadm.rst +++ b/doc/sphinx/reference/varnishadm.rst @@ -7,10 +7,12 @@ varnishadm Control a running Varnish instance ---------------------------------- +:Manual section: 1 + SYNOPSIS ======== - varnishadm [-t timeout] [-S secret_file] [-T address:port] [-n name] [command [...]] +varnishadm [-t timeout] [-S secret_file] [-T address:port] [-n name] [command [...]] DESCRIPTION =========== diff --git a/doc/sphinx/reference/varnishd.rst b/doc/sphinx/reference/varnishd.rst index 8372086..1856bcb 100644 --- a/doc/sphinx/reference/varnishd.rst +++ b/doc/sphinx/reference/varnishd.rst @@ -8,16 +8,12 @@ varnishd HTTP accelerator daemon ----------------------- +:Manual section: 1 SYNOPSIS ======== -varnishd [-a address[:port]] [-b host[:port]] [-C] [-d] [-f config] - [-F] [-g group] [-h type[,options]] [-i identity] - [-l shl[,free[,fill]]] [-M address:port] [-n name] - [-P file] [-p param=value] [-r param[,param...] - [-s [name=]kind[,options]] [-S secret-file] [-T address[:port]] - [-t ttl] [-u user] [-V] +varnishd [-a address[:port]] [-b host[:port]] [-C] [-d] [-f config] [-F] [-g group] [-h type[,options]] [-i identity] [-l shl[,free[,fill]]] [-M address:port] [-n name] [-P file] [-p param=value] [-r param[,param...] [-s [name=]kind[,options]] [-S secret-file] [-T address[:port]] [-t ttl] [-u user] [-V] DESCRIPTION =========== diff --git a/doc/sphinx/reference/varnishhist.rst b/doc/sphinx/reference/varnishhist.rst index 685aebe..7823421 100644 --- a/doc/sphinx/reference/varnishhist.rst +++ b/doc/sphinx/reference/varnishhist.rst @@ -8,6 +8,8 @@ varnishhist Varnish request histogram ------------------------- +:Manual section: 1 + SYNOPSIS ======== diff --git a/doc/sphinx/reference/varnishlog.rst b/doc/sphinx/reference/varnishlog.rst index 15a1446..5e22411 100644 --- a/doc/sphinx/reference/varnishlog.rst +++ b/doc/sphinx/reference/varnishlog.rst @@ -8,6 +8,8 @@ varnishlog Display Varnish logs -------------------- +:Manual section: 1 + SYNOPSIS ======== diff --git a/doc/sphinx/reference/varnishncsa.rst b/doc/sphinx/reference/varnishncsa.rst index 85906fc..c0ab61f 100644 --- a/doc/sphinx/reference/varnishncsa.rst +++ b/doc/sphinx/reference/varnishncsa.rst @@ -8,6 +8,8 @@ varnishncsa Display Varnish logs in Apache / NCSA combined log format --------------------------------------------------------- +:Manual section: 1 + SYNOPSIS ======== diff --git a/doc/sphinx/reference/varnishstat.rst b/doc/sphinx/reference/varnishstat.rst index 036b268..c3aa20e 100644 --- a/doc/sphinx/reference/varnishstat.rst +++ b/doc/sphinx/reference/varnishstat.rst @@ -8,6 +8,8 @@ varnishstat Varnish Cache statistics --------------------------- +:Manual section: 1 + SYNOPSIS ======== diff --git a/doc/sphinx/reference/varnishtest.rst b/doc/sphinx/reference/varnishtest.rst index 568d4e3..dd4aa83 100644 --- a/doc/sphinx/reference/varnishtest.rst +++ b/doc/sphinx/reference/varnishtest.rst @@ -8,10 +8,12 @@ varnishtest Test program for Varnish ------------------------ +:Manual section: 1 + SYNOPSIS ======== - varnishtest [-iklLqv] [-n iter] [-D name=val] [-j jobs] [-t duration] file [file ...] +varnishtest [-iklLqv] [-n iter] [-D name=val] [-j jobs] [-t duration] file [file ...] DESCRIPTION =========== diff --git a/doc/sphinx/reference/varnishtop.rst b/doc/sphinx/reference/varnishtop.rst index e1abbcb..9efce5b 100644 --- a/doc/sphinx/reference/varnishtop.rst +++ b/doc/sphinx/reference/varnishtop.rst @@ -8,6 +8,7 @@ varnishtop Varnish log entry ranking ------------------------- +:Manual section: 1 SYNOPSIS ======== diff --git a/doc/sphinx/reference/vcl.rst b/doc/sphinx/reference/vcl.rst index a621e4f..c2f5165 100644 --- a/doc/sphinx/reference/vcl.rst +++ b/doc/sphinx/reference/vcl.rst @@ -8,6 +8,8 @@ VCL Varnish Configuration Language ------------------------------ +:Manual section: 7 + DESCRIPTION =========== diff --git a/doc/sphinx/reference/vsl-query.rst b/doc/sphinx/reference/vsl-query.rst index 3569cbf..3315dd6 100644 --- a/doc/sphinx/reference/vsl-query.rst +++ b/doc/sphinx/reference/vsl-query.rst @@ -8,6 +8,8 @@ vsl-query Varnish VSL Query Expressions ----------------------------- +:Manual section: 7 + OVERVIEW ======== diff --git a/doc/sphinx/reference/vsl.rst b/doc/sphinx/reference/vsl.rst index deb8e42..af8ff14 100644 --- a/doc/sphinx/reference/vsl.rst +++ b/doc/sphinx/reference/vsl.rst @@ -8,6 +8,8 @@ VSL Shared Memory Logging --------------------- +:Manual section: 7 + OVERVIEW ======== diff --git a/man/vsc2rst.c b/man/vsc2rst.c index 4e62917..66aaa30 100644 --- a/man/vsc2rst.c +++ b/man/vsc2rst.c @@ -57,6 +57,9 @@ int main(int argc, char **argv) P("---------------------------------"); P(""); + P(":Manual section: 7"); + P(""); + P("COUNTER LEVELS"); P("=============="); P(""); From phk at FreeBSD.org Mon Feb 23 08:50:12 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Mon, 23 Feb 2015 09:50:12 +0100 Subject: [master] c048d79 Add a dedicated HTTP function to add a header with a timestamp, to avoid some pointless double-buffering. Message-ID: commit c048d79e1a35315b30e4a7699c302265950a93d0 Author: Poul-Henning Kamp Date: Mon Feb 23 08:49:43 2015 +0000 Add a dedicated HTTP function to add a header with a timestamp, to avoid some pointless double-buffering. diff --git a/bin/varnishd/cache/cache.h b/bin/varnishd/cache/cache.h index faaaf4f..44c302c 100644 --- a/bin/varnishd/cache/cache.h +++ b/bin/varnishd/cache/cache.h @@ -830,6 +830,7 @@ int HTTP_Decode(struct http *to, const uint8_t *fm); void http_ForceHeader(struct http *to, const char *hdr, const char *val); void http_PrintfHeader(struct http *to, const char *fmt, ...) __printflike(2, 3); +void http_TimeHeader(struct http *to, const char *fmt, double now); void http_SetHeader(struct http *to, const char *hdr); void http_SetH(const struct http *to, unsigned n, const char *fm); void http_ForceField(const struct http *to, unsigned n, const char *t); diff --git a/bin/varnishd/cache/cache_fetch.c b/bin/varnishd/cache/cache_fetch.c index 8f0ba2e..fbe19a6 100644 --- a/bin/varnishd/cache/cache_fetch.c +++ b/bin/varnishd/cache/cache_fetch.c @@ -262,7 +262,6 @@ vbf_stp_startfetch(struct worker *wrk, struct busyobj *bo) { int i, do_ims = 0; double now; - char time_str[VTIM_FORMAT_SIZE]; CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC); CHECK_OBJ_NOTNULL(bo, BUSYOBJ_MAGIC); @@ -313,8 +312,7 @@ vbf_stp_startfetch(struct worker *wrk, struct busyobj *bo) * * If we didn't get a Date header, we assign one here. */ - VTIM_format(now, time_str); - http_PrintfHeader(bo->beresp, "Date: %s", time_str); + http_TimeHeader(bo->beresp, "Date: ", now); } /* @@ -771,7 +769,6 @@ vbf_stp_error(struct worker *wrk, struct busyobj *bo) ssize_t l, ll, o; double now; uint8_t *ptr; - char time_str[VTIM_FORMAT_SIZE]; CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC); CHECK_OBJ_NOTNULL(bo, BUSYOBJ_MAGIC); @@ -790,8 +787,7 @@ vbf_stp_error(struct worker *wrk, struct busyobj *bo) HTTP_Setup(bo->beresp, bo->ws, bo->vsl, SLT_BerespMethod); http_PutResponse(bo->beresp, "HTTP/1.1", 503, "Backend fetch failed"); - VTIM_format(now, time_str); - http_PrintfHeader(bo->beresp, "Date: %s", time_str); + http_TimeHeader(bo->beresp, "Date: ", now); http_SetHeader(bo->beresp, "Server: Varnish"); bo->fetch_objcore->exp.t_origin = bo->t_prev; diff --git a/bin/varnishd/cache/cache_http.c b/bin/varnishd/cache/cache_http.c index 4dcf1f9..bd8d4b1 100644 --- a/bin/varnishd/cache/cache_http.c +++ b/bin/varnishd/cache/cache_http.c @@ -38,6 +38,7 @@ #include "vend.h" #include "vct.h" +#include "vtim.h" #define HTTPH(a, b, c) char b[] = "*" a ":"; #include "tbl/http_headers.h" @@ -1112,6 +1113,27 @@ http_PrintfHeader(struct http *to, const char *fmt, ...) to->nhd++; } +void +http_TimeHeader(struct http *to, const char *fmt, double now) +{ + char *p; + + CHECK_OBJ_NOTNULL(to, HTTP_MAGIC); + p = WS_Alloc(to->ws, strlen(fmt) + VTIM_FORMAT_SIZE); + if (p == NULL) { + http_fail(to); + VSLb(to->vsl, SLT_LostHeader, "%s", fmt); + return; + } + strcpy(p, fmt); + VTIM_format(now, strchr(p, '\0')); + to->hd[to->nhd].b = p; + to->hd[to->nhd].e = strchr(p, '\0'); + to->hdf[to->nhd] = 0; + http_VSLH(to, to->nhd); + to->nhd++; +} + /*--------------------------------------------------------------------*/ void diff --git a/bin/varnishd/cache/cache_req_fsm.c b/bin/varnishd/cache/cache_req_fsm.c index 0900fec..d78e24b 100644 --- a/bin/varnishd/cache/cache_req_fsm.c +++ b/bin/varnishd/cache/cache_req_fsm.c @@ -171,7 +171,6 @@ cnt_deliver(struct worker *wrk, struct req *req) static enum req_fsm_nxt cnt_synth(struct worker *wrk, struct req *req) { - char date[40]; struct http *h; double now; @@ -189,8 +188,7 @@ cnt_synth(struct worker *wrk, struct req *req) HTTP_Setup(req->resp, req->ws, req->vsl, SLT_RespMethod); h = req->resp; - VTIM_format(now, date); - http_PrintfHeader(h, "Date: %s", date); + http_TimeHeader(h, "Date: ", now); http_SetHeader(h, "Server: Varnish"); http_PrintfHeader(req->resp, "X-Varnish: %u", VXID(req->vsl->wid)); http_PutResponse(h, "HTTP/1.1", req->err_code, req->err_reason); From phk at FreeBSD.org Mon Feb 23 08:51:08 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Mon, 23 Feb 2015 09:51:08 +0100 Subject: [master] aec1b60 Fix VTIM test-code Message-ID: commit aec1b609cf9c467ba86f1e4ca3a433f74dfdadfe Author: Poul-Henning Kamp Date: Mon Feb 23 08:50:59 2015 +0000 Fix VTIM test-code diff --git a/lib/libvarnish/vtim.c b/lib/libvarnish/vtim.c index 28b5f13..f0f4d55 100644 --- a/lib/libvarnish/vtim.c +++ b/lib/libvarnish/vtim.c @@ -205,14 +205,14 @@ VTIM_timespec(double t) /* * Compile with: - * cc -o foo -DTEST_DRIVER -I../.. -I../../include time.c assert.c - * (Solaris) - * cc -o foo -DTEST_DRIVER -I../.. -I../../include -lm time.c assert.c + * cc -o foo -DTEST_DRIVER -I../.. -I../../include vtim.c vas.c -lm * Test with: * env TZ=UTC ./foo * env TZ=CET ./foo */ +#include + static void tst(const char *s, time_t good) { @@ -281,7 +281,7 @@ main(int argc, char **argv) time(&t); memset(buf, 0x55, sizeof buf); VTIM_format(t, buf); - printf("scan = %d <%s>\n", VTIM_parse(buf), buf); + printf("scan = %.3f <%s>\n", VTIM_parse(buf), buf); /* Examples from RFC2616 section 3.3.1 */ tst("Sun, 06 Nov 1994 08:49:37 GMT", 784111777); From phk at FreeBSD.org Mon Feb 23 12:56:48 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Mon, 23 Feb 2015 13:56:48 +0100 Subject: [master] 0fd615c Change our timestamp format/parsing functions to not use strftime(3)/strptime(3) to avoid getting tangled up in the LOCALE. Message-ID: commit 0fd615c3aa76d95914abdecfb033abef32c3c0e0 Author: Poul-Henning Kamp Date: Mon Feb 23 12:54:56 2015 +0000 Change our timestamp format/parsing functions to not use strftime(3)/strptime(3) to avoid getting tangled up in the LOCALE. We're not out of the LOCALE-tangle yet, but this was the big part. Inspired by patches from: Dridi Boukelmoune diff --git a/lib/libvarnish/vtim.c b/lib/libvarnish/vtim.c index f0f4d55..96691d0 100644 --- a/lib/libvarnish/vtim.c +++ b/lib/libvarnish/vtim.c @@ -29,9 +29,6 @@ * Semi-trivial functions to handle HTTP header timestamps according to * RFC 2616 section 3.3. * - * In the highly unlikely event of performance trouble, handbuilt versions - * would likely be faster than relying on the OS time functions. - * * We must parse four different formats: * 000000000011111111112222222222 * 012345678901234567890123456789 @@ -43,6 +40,16 @@ * * And always output the RFC1123 format. * + * So why are these functions hand-built ? + * + * Because the people behind POSIX were short-sighted morons who didn't think + * anybody would ever need to deal with timestamps in multiple different + * timezones at the same time -- for that matter, convert timestamps to + * broken down UTC/GMT time. + * + * We could, and used to, get by by smashing our TZ variable to "UTC" but + * that ruins the LOCALE for VMODs. + * */ #include "config.h" @@ -60,6 +67,27 @@ #include "vas.h" #include "vtim.h" +static const char * const weekday_name[] = { + "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" +}; + +static const char * const more_weekday[] = { + "day", "day", "sday", "nesday", "rsday", "day", "urday" +}; + +static const char * const month_name[] = { + "Jan", "Feb", "Mar", "Apr", "May", "Jun", + "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" +}; + +static const int days_in_month[] = { + 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31, +}; + +static const int days_before_month[] = { + 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334 +}; + /* * Note on Solaris: for some reason, clock_gettime(CLOCK_MONOTONIC, &ts) is not * implemented in assembly, but falls into a syscall, while gethrtime() doesn't, @@ -108,55 +136,215 @@ VTIM_format(double t, char *p) tt = (time_t) t; (void)gmtime_r(&tt, &tm); - AN(strftime(p, VTIM_FORMAT_SIZE, "%a, %d %b %Y %T GMT", &tm)); + AN(snprintf(p, VTIM_FORMAT_SIZE, "%s, %02d %s %4d %02d:%02d:%02d GMT", + weekday_name[tm.tm_wday], tm.tm_mday, month_name[tm.tm_mon], + tm.tm_year + 1900, tm.tm_hour, tm.tm_min, tm.tm_sec)); } -/* XXX: add statistics ? */ -static const char *fmts[] = { - "%a, %d %b %Y %T GMT", /* RFC 822 & RFC 1123 */ - "%A, %d-%b-%y %T GMT", /* RFC 850 */ - "%a %b %d %T %Y", /* ANSI-C asctime() */ - "%FT%T", /* ISO 8601 */ - NULL -}; +#ifdef TEST_DRIVER +#define FAIL() \ + do { printf("\nFAIL <<%d>>\n", __LINE__); return (0); } while (0) +#else +#define FAIL() \ + do { return (0); } while (0) +#endif + +#define DIGIT(mult, fld) \ + do { \ + if (*p < '0' || *p > '9') \ + FAIL(); \ + fld += (*p - '0') * mult; \ + p++; \ + } while(0) + +#define MUSTBE(chr) \ + do { \ + if (*p != chr) \ + FAIL(); \ + p++; \ + } while(0) + +#define WEEKDAY() \ + do { \ + int i; \ + for(i = 0; i < 7; i++) { \ + if (!memcmp(p, weekday_name[i], 3)) { \ + weekday = i; \ + break; \ + } \ + } \ + if (i == 7) \ + FAIL(); \ + p += 3; \ + } while(0) + + +#define MONTH() \ + do { \ + int i; \ + for(i = 0; i < 12; i++) { \ + if (!memcmp(p, month_name[i], 3)) { \ + month = i + 1; \ + break; \ + } \ + } \ + if (i == 12) \ + FAIL(); \ + p += 3; \ + } while(0) + +#define TIMESTAMP() \ + do { \ + DIGIT(10, hour); \ + DIGIT(1, hour); \ + MUSTBE(':'); \ + DIGIT(10, min); \ + DIGIT(1, min); \ + MUSTBE(':'); \ + DIGIT(10, sec); \ + DIGIT(1, sec); \ + } while(0) double VTIM_parse(const char *p) { double t; - struct tm tm; - const char **r; - - for (r = fmts; *r != NULL; r++) { - memset(&tm, 0, sizeof tm); - if (strptime(p, *r, &tm) != NULL) { - /* - * Make sure this is initialized on the off-chance - * that some raving loonie would apply DST to UTC. - */ - tm.tm_isdst = -1; -#if defined(HAVE_TIMEGM) - t = timegm(&tm); -#else - /* - * Ahh, another POSIX_STUPIDITY, how unexpected. - * Instead of, as would have been logical, to have - * tm_timezone element, mktime() is standardized as - * always working in localtime. This brilliant idea - * came from the same people who said "leap-seconds ? - * Naah, screw it!". - * - * On broken systems without a working timegm(), - * it is the responsibility of the calling program - * to set the timezone to UTC. We check that. - */ - t = mktime(&tm); - AZ(strcmp(tzname[0], "UTC")); -#endif - return (t); - } + int month = 0, year = 0, weekday = 0, mday = 0; + int hour = 0, min = 0, sec = 0; + int d, leap; + + while (*p == ' ') + p++; + + if (*p >= '0' && *p <= '9') { + /* ISO8601 -- "1994-11-06T08:49:37" */ + DIGIT(1000, year); + DIGIT(100, year); + DIGIT(10, year); + DIGIT(1, year); + MUSTBE('-'); + DIGIT(10, month); + DIGIT(1, month); + MUSTBE('-'); + DIGIT(10, mday); + DIGIT(1, mday); + MUSTBE('T'); + TIMESTAMP(); + } else { + WEEKDAY(); + if (*p == ',') { + /* RFC822 & RFC1123 - "Sun, 06 Nov 1994 08:49:37 GMT" */ + p++; + MUSTBE(' '); + DIGIT(10, mday); + DIGIT(1, mday); + MUSTBE(' '); + MONTH(); + MUSTBE(' '); + DIGIT(1000, year); + DIGIT(100, year); + DIGIT(10, year); + DIGIT(1, year); + MUSTBE(' '); + TIMESTAMP(); + MUSTBE(' '); + MUSTBE('G'); + MUSTBE('M'); + MUSTBE('T'); + } else if (*p == ' ') { + /* ANSI-C asctime() -- "Sun Nov 6 08:49:37 1994" */ + p++; + MONTH(); + MUSTBE(' '); + if (*p != ' ') + DIGIT(10, mday); + else + p++; + DIGIT(1, mday); + MUSTBE(' '); + TIMESTAMP(); + MUSTBE(' '); + DIGIT(1000, year); + DIGIT(100, year); + DIGIT(10, year); + DIGIT(1, year); + } else if (!memcmp(p, + more_weekday[weekday], + strlen(more_weekday[weekday]))) { + /* RFC850 -- "Sunday, 06-Nov-94 08:49:37 GMT" */ + p += strlen(more_weekday[weekday]); + MUSTBE(','); + MUSTBE(' '); + DIGIT(10, mday); + DIGIT(1, mday); + MUSTBE('-'); + MONTH(); + MUSTBE('-'); + DIGIT(10, year); + DIGIT(1, year); + year += 1900; + if (year < 1969) + year += 100; + MUSTBE(' '); + TIMESTAMP(); + MUSTBE(' '); + MUSTBE('G'); + MUSTBE('M'); + MUSTBE('T'); + } else + FAIL(); } - return (0); + + while (*p == ' ') + p++; + + if (*p != '\0') + FAIL(); + + if (sec < 0 || sec > 60) // Leapseconds! + FAIL(); + if (min < 0 || min > 59) + FAIL(); + if (hour < 0 || hour > 23) + FAIL(); + if (month < 1 || month > 12) + FAIL(); + if (mday < 1 || mday > days_in_month[month - 1]) + FAIL(); + if (year < 1899) + FAIL(); + + leap = + ((year) % 4) == 0 && (((year) % 100) != 0 || ((year) % 400) == 0); + + if (month == 2 && mday > 28 && !leap) + FAIL(); + + if (sec == 60) // Ignore Leapseconds + sec--; + + t = ((hour * 60.) + min) * 60. + sec; + + d = (mday - 1) + days_before_month[month - 1]; + + if (month > 2 && leap) + d++; + + d += (year % 100) * 365; /* There are 365 days in a year */ + + if ((year % 100) > 0) /* And a leap day every four years */ + d += (((year % 100) - 1)/4); + + d += ((year / 100) - 20) * /* Days relative to y2000 */ + (100 * 365 + 24); /* 24 leapdays per year in a century */ + + d += ((year-1) / 400) - 4; /* And one more every 400 years */ + + t += d * 86400.; + + t += 10957. * 86400.; /* 10957 days frm UNIX epoch to y2000 */ + + return (t); } void @@ -203,12 +391,11 @@ VTIM_timespec(double t) #ifdef TEST_DRIVER -/* +/********************************************************************** * Compile with: - * cc -o foo -DTEST_DRIVER -I../.. -I../../include vtim.c vas.c -lm + * cc -o foo -DTEST_DRIVER -I../.. -I../../include vtim.c vas.c -lm * Test with: - * env TZ=UTC ./foo - * env TZ=CET ./foo + * ./foo */ #include @@ -276,18 +463,69 @@ int main(int argc, char **argv) { time_t t; + struct tm tm; + double tt; char buf[BUFSIZ]; + char buf1[BUFSIZ]; + + AZ(setenv("TZ", "UTC", 1)); + assert(sizeof t >= 8); + + /* Brute force test against libc version */ + for (t = -2209852800; t < 20000000000; t += 3599) { + gmtime_r(&t, &tm); + strftime(buf1, sizeof buf1, "%a, %d %b %Y %T GMT", &tm); + VTIM_format(t, buf); + if (strcmp(buf, buf1)) { + printf("libc: <%s> Vtim <%s> %jd\n", + buf1, buf, (intmax_t)t); + exit(2); + } + tt = VTIM_parse(buf1); + if (tt != t) { + VTIM_format(tt, buf); + printf(" fm: %12jd <%s>\n", (intmax_t)t, buf1); + printf(" to: %12.0f <%s>\n", tt, buf); + exit(2); + } - time(&t); - memset(buf, 0x55, sizeof buf); - VTIM_format(t, buf); - printf("scan = %.3f <%s>\n", VTIM_parse(buf), buf); + strftime(buf1, sizeof buf1, "%a %b %e %T %Y", &tm); + tt = VTIM_parse(buf1); + if (tt != t) { + VTIM_format(tt, buf); + printf(" fm: %12jd <%s>\n", (intmax_t)t, buf1); + printf(" to: %12.0f <%s>\n", tt, buf); + exit(2); + } + + strftime(buf1, sizeof buf1, "%Y-%m-%dT%T", &tm); + tt = VTIM_parse(buf1); + if (tt != t) { + VTIM_format(tt, buf); + printf(" fm: %12jd <%s>\n", (intmax_t)t, buf1); + printf(" to: %12.0f <%s>\n", tt, buf); + exit(2); + } + + if (tm.tm_year >= 69 && tm.tm_year < 169) { + strftime(buf1, sizeof buf1, "%A, %d-%b-%y %T GMT", &tm); + tt = VTIM_parse(buf1); + if (tt != t) { + VTIM_format(tt, buf); + printf(" fm: %12jd <%s>\n", (intmax_t)t, buf1); + printf(" to: %12.0f <%s>\n", tt, buf); + exit(2); + } + } + } /* Examples from RFC2616 section 3.3.1 */ tst("Sun, 06 Nov 1994 08:49:37 GMT", 784111777); tst("Sunday, 06-Nov-94 08:49:37 GMT", 784111777); tst("Sun Nov 6 08:49:37 1994", 784111777); + tst("1994-11-06T08:49:37", 784111777); + tst_delta(); return (0); From phk at FreeBSD.org Mon Feb 23 13:16:19 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Mon, 23 Feb 2015 14:16:19 +0100 Subject: [master] 42d9fc6 Don't look for timegm(), we don't use it anymore. Message-ID: commit 42d9fc667d9f23c02eef08efe2d760f61042c900 Author: Poul-Henning Kamp Date: Mon Feb 23 13:15:49 2015 +0000 Don't look for timegm(), we don't use it anymore. Don't smash the TZ variable, we don't rely on it any more. diff --git a/bin/varnishd/mgt/mgt_main.c b/bin/varnishd/mgt/mgt_main.c index a2e823b..5a8d4ca 100644 --- a/bin/varnishd/mgt/mgt_main.c +++ b/bin/varnishd/mgt/mgt_main.c @@ -408,14 +408,6 @@ main(int argc, char * const *argv) /* for ASSERT_MGT() */ mgt_pid = getpid(); - /* - * Run in UTC timezone, on the off-chance that this operating - * system does not have a timegm() function, and translates - * timestamps on the local timescale. - * See lib/libvarnish/time.c - */ - AZ(setenv("TZ", "UTC", 1)); - tzset(); assert(VTIM_parse("Sun, 06 Nov 1994 08:49:37 GMT") == 784111777); assert(VTIM_parse("Sunday, 06-Nov-94 08:49:37 GMT") == 784111777); assert(VTIM_parse("Sun Nov 6 08:49:37 1994") == 784111777); diff --git a/configure.ac b/configure.ac index c2fefe7..ada83df 100644 --- a/configure.ac +++ b/configure.ac @@ -217,7 +217,6 @@ AC_CHECK_FUNCS([socket]) AC_CHECK_FUNCS([strptime]) AC_CHECK_FUNCS([fmtcheck]) AC_CHECK_FUNCS([getdtablesize]) -AC_CHECK_FUNCS([timegm]) AC_CHECK_FUNCS([nanosleep]) AC_CHECK_FUNCS([setppriv]) AC_CHECK_FUNCS([fallocate]) From phk at FreeBSD.org Mon Feb 23 15:48:39 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Mon, 23 Feb 2015 16:48:39 +0100 Subject: [master] 54800eb Also check weekdays in VTIM_parse(), once we have the day number it's just another division. Message-ID: commit 54800eb941e0f822aa6c8c136b9556094e2e0855 Author: Poul-Henning Kamp Date: Mon Feb 23 15:48:01 2015 +0000 Also check weekdays in VTIM_parse(), once we have the day number it's just another division. Fix m00020 to use valid weekdays diff --git a/bin/varnishtest/tests/m00020.vtc b/bin/varnishtest/tests/m00020.vtc index 3611cc4..2ac50f8 100644 --- a/bin/varnishtest/tests/m00020.vtc +++ b/bin/varnishtest/tests/m00020.vtc @@ -22,7 +22,7 @@ client c1 { txreq -hdr "X-Date: Mon, 20 Dec 2010 00:00:00 GMT" rxresp expect resp.http.x-past == 1 - txreq -hdr "X-Date: Monday, 20-Dec-30 00:00:00 GMT" + txreq -hdr "X-Date: Monday, 23-Dec-30 00:00:00 GMT" rxresp expect resp.http.x-future == 1 txreq -hdr "X-Date: Mon Dec 20 00:00:00 2010" diff --git a/bin/varnishtest/tests/r01665.vtc b/bin/varnishtest/tests/r01665.vtc index 6d645d2..3dc7530 100644 --- a/bin/varnishtest/tests/r01665.vtc +++ b/bin/varnishtest/tests/r01665.vtc @@ -1,21 +1,19 @@ varnishtest "Ticket 1665 regression test: wrong behavior of timeout_req" server s1 { - rxreq - txresp + rxreq + txresp } -start varnish v1 -vcl+backend { } -start client c1 { - delay 1 - send "GET " - delay 1.8 - send "/bar\n\n " - delay 0.1 - send "GET" - rxresp + delay 1 + send "GET " + delay 1.8 + send "/bar\n\n " + delay 0.1 + send "GET" + rxresp } -run - - diff --git a/lib/libvarnish/vtim.c b/lib/libvarnish/vtim.c index 96691d0..a7e4c6e 100644 --- a/lib/libvarnish/vtim.c +++ b/lib/libvarnish/vtim.c @@ -209,7 +209,7 @@ double VTIM_parse(const char *p) { double t; - int month = 0, year = 0, weekday = 0, mday = 0; + int month = 0, year = 0, weekday = -1, mday = 0; int hour = 0, min = 0, sec = 0; int d, leap; @@ -340,6 +340,14 @@ VTIM_parse(const char *p) d += ((year-1) / 400) - 4; /* And one more every 400 years */ + /* + * Now check weekday, if we have one. + * 6 is because 2000-01-01 was a saturday. + * 10000 is to make sure the modulus argument is always positive + */ + if (weekday != -1 && (d + 6 + 7 * 10000) % 7 != weekday) + FAIL(); + t += d * 86400.; t += 10957. * 86400.; /* 10957 days frm UNIX epoch to y2000 */ From fgsch at lodoss.net Mon Feb 23 16:17:52 2015 From: fgsch at lodoss.net (Federico G. Schwindt) Date: Mon, 23 Feb 2015 17:17:52 +0100 Subject: [master] 37c8a33 Fix remaining warning as per #1681 Message-ID: commit 37c8a3394ad4870ece7e4e4a3d0665a5b584e427 Author: Federico G. Schwindt Date: Mon Feb 23 14:09:44 2015 +0000 Fix remaining warning as per #1681 diff --git a/doc/sphinx/reference/vcl.rst b/doc/sphinx/reference/vcl.rst index c2f5165..6108d04 100644 --- a/doc/sphinx/reference/vcl.rst +++ b/doc/sphinx/reference/vcl.rst @@ -249,8 +249,8 @@ There are no mandatory options. These are the options you can set: request Specify a full HTTP request using multiple strings. .request will - have \r\n automatically inserted after every string. If specified, - .request will take precedence over .url. + have \\r\\n automatically inserted after every string. If + specified, .request will take precedence over .url. expected_response The expected HTTP response code. Defaults to 200. From fgsch at lodoss.net Mon Feb 23 16:17:52 2015 From: fgsch at lodoss.net (Federico G. Schwindt) Date: Mon, 23 Feb 2015 17:17:52 +0100 Subject: [master] 3ffdf2b Spelling Message-ID: commit 3ffdf2bc0f94f8001395c4551fb99a54dbce3960 Author: Federico G. Schwindt Date: Mon Feb 23 14:10:58 2015 +0000 Spelling diff --git a/bin/varnishd/storage/stevedore_utils.c b/bin/varnishd/storage/stevedore_utils.c index c6ec487..5d29080 100644 --- a/bin/varnishd/storage/stevedore_utils.c +++ b/bin/varnishd/storage/stevedore_utils.c @@ -141,7 +141,7 @@ STV_GetFile(const char *fn, int *fdp, const char **fnp, const char *ctx) /*-------------------------------------------------------------------- * Decide file size. * - * If the sizespecification is empty and the file exists with non-zero + * If the size specification is empty and the file exists with non-zero * size, use that, otherwise, interpret the specification. * * Handle off_t sizes and pointer width limitations. From fgsch at lodoss.net Mon Feb 23 16:17:53 2015 From: fgsch at lodoss.net (Federico G. Schwindt) Date: Mon, 23 Feb 2015 17:17:53 +0100 Subject: [master] 2c1a7c4 Fix formatting Message-ID: commit 2c1a7c4acd4f0da5dc8bc8b8fc59a19f9a049f48 Author: Federico G. Schwindt Date: Mon Feb 23 14:11:40 2015 +0000 Fix formatting One too many `:' will end up in the text. diff --git a/doc/sphinx/reference/vcl.rst b/doc/sphinx/reference/vcl.rst index 6108d04..7c5b57b 100644 --- a/doc/sphinx/reference/vcl.rst +++ b/doc/sphinx/reference/vcl.rst @@ -236,7 +236,7 @@ Probes ------ Probes will query the backend for status on a regular basis and mark -the backend as down it they fail. A probe is defined as this::: +the backend as down it they fail. A probe is defined as this:: probe name { .attribute = "value"; diff --git a/doc/sphinx/tutorial/backend_servers.rst b/doc/sphinx/tutorial/backend_servers.rst index cb5f087..ce39bc1 100644 --- a/doc/sphinx/tutorial/backend_servers.rst +++ b/doc/sphinx/tutorial/backend_servers.rst @@ -13,7 +13,7 @@ file. If you installed from source this is is probably `/etc/varnish/default.vcl`. If you've been following the tutorial there is probably a section of -the configuration that looks like this::: +the configuration that looks like this:: vcl 4.0; diff --git a/doc/sphinx/users-guide/vcl-backends.rst b/doc/sphinx/users-guide/vcl-backends.rst index 1a1f556..cd4b0d7 100644 --- a/doc/sphinx/users-guide/vcl-backends.rst +++ b/doc/sphinx/users-guide/vcl-backends.rst @@ -84,7 +84,7 @@ explicitly. You set up the routing of incoming HTTP requests in `vcl_recv`. If you want this routing to be done on the basis of virtual hosts you just need to inspect `req.http.host`. -You can have something like this::: +You can have something like this:: sub vcl_recv { if (req.http.host ~ "foo.com") { @@ -97,7 +97,7 @@ You can have something like this::: Note that the first regular expressions will match "foo.com", "www.foo.com", "zoop.foo.com" and any other host ending in "foo.com". In this example this is intentional but you might want it to be a bit -more tight, maybe relying on the ``==`` operator in stead, like this::: +more tight, maybe relying on the ``==`` operator in stead, like this:: sub vcl_recv { if (req.http.host == "foo.com" || req.http.host == "www.foo.com") { diff --git a/doc/sphinx/users-guide/vcl-grace.rst b/doc/sphinx/users-guide/vcl-grace.rst index e226ab6..dad7fd0 100644 --- a/doc/sphinx/users-guide/vcl-grace.rst +++ b/doc/sphinx/users-guide/vcl-grace.rst @@ -37,7 +37,7 @@ the object. This will happen asynchronously and the moment the new object is in it will replace the one we've already got. You can influence how this logic works by adding code in vcl_hit. The -default looks like this::: +default looks like this:: sub vcl_hit { if (obj.ttl >= 0s) { @@ -56,7 +56,7 @@ default looks like this::: The grace logic is pretty obvious here. If you have enabled :ref:`users-guide-advanced_backend_servers-health` you can check if the backend is sick and only serve graced object then. Replace the -second if-clause with something like this::: +second if-clause with something like this:: if (!std.healthy(req.backend_hint) && (obj.ttl + obj.grace > 0s)) { return (deliver); diff --git a/doc/sphinx/users-guide/vcl-syntax.rst b/doc/sphinx/users-guide/vcl-syntax.rst index d4acdd7..bc1a239 100644 --- a/doc/sphinx/users-guide/vcl-syntax.rst +++ b/doc/sphinx/users-guide/vcl-syntax.rst @@ -19,7 +19,7 @@ Strings Basic strings are enclosed in " ... ", and may not contain newlines. Backslash is not special, so for instance in `regsub()` you do not need -to do the "count-the-backslashes" polka::: +to do the "count-the-backslashes" polka:: regsub("barf", "(b)(a)(r)(f)", "\4\3\2p") -> "frap" diff --git a/lib/libvmod_directors/vmod.vcc b/lib/libvmod_directors/vmod.vcc index e660b07..78c3ff2 100644 --- a/lib/libvmod_directors/vmod.vcc +++ b/lib/libvmod_directors/vmod.vcc @@ -37,14 +37,14 @@ also serves as an example on how one could extend the load balancing capabilities of Varnish. To enable load balancing you must import this vmod (directors) in your -VCL::: +VCL:: import directors; Then you define your backends. Once you have the backends declared you can add them to a director. This happens in executed VCL code. If you want to emulate the previous behavior of Varnish 3.0 you can just -initialize the directors in vcl_init, like this::: +initialize the directors in vcl_init, like this:: sub vcl_init { new vdir = directors.round_robin(); From lkarsten at varnish-software.com Mon Feb 23 19:26:56 2015 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Mon, 23 Feb 2015 20:26:56 +0100 Subject: [master] 27fb74b Use multiarch-ignorant library (vmod) placement. Message-ID: commit 27fb74bb1eac169a93b7e21ae68a7bb4f1d5c9fd Author: Lasse Karstensen Date: Mon Feb 23 20:17:23 2015 +0100 Use multiarch-ignorant library (vmod) placement. Fixes: #1679 diff --git a/libvarnishapi-dev.install b/libvarnishapi-dev.install index f4466f5..dcfb93e 100644 --- a/libvarnishapi-dev.install +++ b/libvarnishapi-dev.install @@ -1,5 +1,5 @@ usr/include/varnish usr/share/aclocal usr/share/varnish/vmodtool.py -/usr/lib/*/libvarnishapi.so -/usr/lib/*/pkgconfig/*.pc +/usr/lib/libvarnishapi.so +/usr/lib/pkgconfig/*.pc diff --git a/libvarnishapi1.install b/libvarnishapi1.install index d6a64d3..eeaf559 100644 --- a/libvarnishapi1.install +++ b/libvarnishapi1.install @@ -1 +1 @@ -/usr/lib/*/lib*.so.* +/usr/lib/lib*.so.* diff --git a/rules b/rules index 386a809..1b6f800 100755 --- a/rules +++ b/rules @@ -11,7 +11,7 @@ DISABLE_JEMALLOC_ARCH_LIST := hppa m68k DEB_HOST_ARCH ?= $(shell dpkg-architecture -qDEB_HOST_ARCH) # Set local state dir for FHS -LOCAL_CONFIGURE_FLAGS = --localstatedir=/var/lib +LOCAL_CONFIGURE_FLAGS = --localstatedir=/var/lib --libdir=/usr/lib ifneq ($(filter $(DEB_HOST_ARCH),$(DISABLE_JEMALLOC_ARCH_LIST)),) LOCAL_CONFIGURE_FLAGS += --disable-jemalloc diff --git a/varnish.install b/varnish.install index 580430d..7b3521e 100644 --- a/varnish.install +++ b/varnish.install @@ -1,7 +1,7 @@ etc/varnish/default.vcl usr/bin/* usr/sbin/* -/usr/lib/*/varnish +/usr/lib/varnish usr/share/man debian/*.service lib/systemd/system/ usr/share/doc/varnish/*.vcl From phk at FreeBSD.org Mon Feb 23 21:48:37 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Mon, 23 Feb 2015 22:48:37 +0100 Subject: [master] 9b2e63c Inspired by Dridi Boukelmoune's submission, add a locale-independent VNUM() function which converts (all of!) a string to a floating point number. Message-ID: commit 9b2e63c9e9eb189eae1a455a27036009aee1b25a Author: Poul-Henning Kamp Date: Mon Feb 23 21:45:44 2015 +0000 Inspired by Dridi Boukelmoune's submission, add a locale-independent VNUM() function which converts (all of!) a string to a floating point number. I didn't use Dridi's version, because I wanted slightly different semantics (the NAN return) and I happen to be partial to the %e format, which his version did not support. diff --git a/lib/libvarnish/vnum.c b/lib/libvarnish/vnum.c index 7c27821..98451b3 100644 --- a/lib/libvarnish/vnum.c +++ b/lib/libvarnish/vnum.c @@ -30,6 +30,7 @@ #include "config.h" +#include #include #include #include @@ -42,6 +43,55 @@ static const char err_invalid_num[] = "Invalid number"; static const char err_abs_req[] = "Absolute number required"; static const char err_invalid_suff[] = "Invalid suffix"; +/********************************************************************** + * Convert (all of!) a string to a floating point number, and if we can + * not, return NAN. + */ + +double +VNUM(const char *p) +{ + intmax_t m = 0, ee = 0; + double ms = 1.0; + double es = 1.0, e = 1.0, ne = 0.0; + + while (isspace(*p)) + p++; + + if (*p == '-' || *p == '+') + ms = (*p++ == '-' ? -1.0 : 1.0); + + for (; *p != '\0'; p++) { + if (isdigit(*p)) { + m = m * 10 + *p - '0'; + e = ne; + if (e) + ne = e - 1.0; + } else if (*p == '.' && ne == 0.0) { + ne = -1.0; + } else + break; + } + if (e > 0.0) + return(nan("")); // No digits + if (*p == 'e' || *p == 'E') { + p++; + if (*p == '-' || *p == '+') + es = (*p++ == '-' ? -1.0 : 1.0); + if (!isdigit(*p)) + return (nan("")); + for (; isdigit(*p); p++) + ee = ee * 10 + *p - '0'; + } + while (isspace(*p)) + p++; + if (*p != '\0') + return (nan("")); + return (ms * m * pow(10., e + es * ee)); +} + +/**********************************************************************/ + const char * VNUM_2bytes(const char *p, uintmax_t *r, uintmax_t rel) { @@ -164,16 +214,65 @@ static struct test_case { { 0, 0, 0 }, }; +const char *vec[] = { + " 1", + " 12", + " 12.", + " 12.3", + " 12.34", + " 12.34e-3", + " 12.34e3", + " 12.34e+3", + " +12.34e-3", + " -12.34e3", + "N.", + "N.12.", + "N12..", + "N12.,", + "N12e,", + "N12e+,", + "N12ee,", + "N1..2", + "NA", + "N1A", + "Ne-3", + NULL +}; + int main(int argc, char *argv[]) { + int ec = 0; struct test_case *tc; uintmax_t val; - int ec; + const char **p; const char *e; + double d1, d2; (void)argc; - for (ec = 0, tc = test_cases; tc->str; ++tc) { + + for (p = vec; *p != NULL; p++) { + e = *p; + d1 = VNUM(e + 1); + if (*e == 'N') { + if (!isnan(d1)) { + ec++; + printf("VNUM(%s) not NAN (%g)\n", e + 1, d1); + } + } else { + d2 = atof(e + 1); + if (isnan(d1)) { + printf("VNUM(%s) is NAN (%g)\n", e + 1, d1); + ec++; + } else if (fabs((d1 - d2) / d2) > 1e-15) { + printf("VNUM(%s) differs from atof() (%g)\n", + e + 1, d1); + ec++; + } + } + } + + for (tc = test_cases; tc->str; ++tc) { e = VNUM_2bytes(tc->str, &val, tc->rel); if (e != tc->err) { printf("%s: VNUM_2bytes(\"%s\", %ju) (%s) != (%s)\n", From phk at FreeBSD.org Mon Feb 23 21:48:37 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Mon, 23 Feb 2015 22:48:37 +0100 Subject: [master] 88e494e Merge branch 'master' of git.varnish-cache.org:varnish-cache Message-ID: commit 88e494ebbc19b4184200540d63d2b152d02320b1 Merge: 9b2e63c 2c1a7c4 Author: Poul-Henning Kamp Date: Mon Feb 23 21:48:19 2015 +0000 Merge branch 'master' of git.varnish-cache.org:varnish-cache From phk at FreeBSD.org Mon Feb 23 21:52:32 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Mon, 23 Feb 2015 22:52:32 +0100 Subject: [master] 131ec87 Forgot the prototype in previous commit. Message-ID: commit 131ec87b78f9b5f767e6cfbbc55c42940da56984 Author: Poul-Henning Kamp Date: Mon Feb 23 21:52:20 2015 +0000 Forgot the prototype in previous commit. diff --git a/include/vnum.h b/include/vnum.h index cf55c9a..02ca517 100644 --- a/include/vnum.h +++ b/include/vnum.h @@ -29,4 +29,5 @@ */ /* from libvarnish/vnum.c */ +double VNUM(const char *p); const char *VNUM_2bytes(const char *p, uintmax_t *r, uintmax_t rel); From phk at FreeBSD.org Mon Feb 23 23:05:15 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Tue, 24 Feb 2015 00:05:15 +0100 Subject: [master] 7300ca4 Use the new VNUM() in the trivial cases Message-ID: commit 7300ca4c3cfc1ca3a8501a77481cf0221e05d0fb Author: Poul-Henning Kamp Date: Mon Feb 23 22:17:04 2015 +0000 Use the new VNUM() in the trivial cases diff --git a/bin/varnishd/mgt/mgt_param_tweak.c b/bin/varnishd/mgt/mgt_param_tweak.c index 7d4a13f..3fe28dc 100644 --- a/bin/varnishd/mgt/mgt_param_tweak.c +++ b/bin/varnishd/mgt/mgt_param_tweak.c @@ -58,29 +58,25 @@ tweak_generic_double(struct vsb *vsb, volatile double *dest, const char *arg, const char *min, const char *max, const char *fmt) { double u, minv = 0, maxv = 0; - char *p; if (arg != NULL) { if (min != NULL) { - p = NULL; - minv = strtod(min, &p); - if (*arg == '\0' || *p != '\0') { + minv = VNUM(min); + if (isnan(minv)) { VSB_printf(vsb, "Illegal Min: %s\n", min); return (-1); } } if (max != NULL) { - p = NULL; - maxv = strtod(max, &p); - if (*arg == '\0' || *p != '\0') { + maxv = VNUM(max); + if (isnan(maxv)) { VSB_printf(vsb, "Illegal Max: %s\n", max); return (-1); } } - p = NULL; - u = strtod(arg, &p); - if (*arg == '\0' || *p != '\0') { + u = VNUM(arg); + if (isnan(u)) { VSB_printf(vsb, "Not a number(%s)\n", arg); return (-1); } diff --git a/bin/varnishtest/vtc.c b/bin/varnishtest/vtc.c index c70b267..5759d38 100644 --- a/bin/varnishtest/vtc.c +++ b/bin/varnishtest/vtc.c @@ -43,6 +43,7 @@ #include "vtc.h" #include "vav.h" +#include "vnum.h" #include "vtim.h" #define MAX_TOKENS 200 @@ -433,7 +434,7 @@ cmd_delay(CMD_ARGS) return; AN(av[1]); AZ(av[2]); - f = strtod(av[1], NULL); + f = VNUM(av[1]); vtc_log(vl, 3, "delaying %g second(s)", f); VTIM_sleep(f); } diff --git a/bin/varnishtest/vtc_http.c b/bin/varnishtest/vtc_http.c index 85c3854..ba591ae 100644 --- a/bin/varnishtest/vtc_http.c +++ b/bin/varnishtest/vtc_http.c @@ -31,6 +31,7 @@ #include #include +#include #include #include #include @@ -41,6 +42,7 @@ #include "vct.h" #include "vgz.h" +#include "vnum.h" #include "vre.h" #include "vtcp.h" @@ -272,13 +274,13 @@ cmd_http_expect(CMD_ARGS) // fail inequality comparisons if either side is undef'ed retval = 0; } else if (!strcmp(cmp, "<")) { - retval = strtod(lhs, NULL) < strtod(rhs, NULL); + retval = isless(VNUM(lhs), VNUM(rhs)); } else if (!strcmp(cmp, ">")) { - retval = strtod(lhs, NULL) > strtod(rhs, NULL); + retval = isgreater(VNUM(lhs), VNUM(rhs)); } else if (!strcmp(cmp, "<=")) { - retval = strtod(lhs, NULL) <= strtod(rhs, NULL); + retval = islessequal(VNUM(lhs), VNUM(rhs)); } else if (!strcmp(cmp, ">=")) { - retval = strtod(lhs, NULL) >= strtod(rhs, NULL); + retval = isgreaterequal(VNUM(lhs), VNUM(rhs)); } if (retval == -1) @@ -1096,13 +1098,17 @@ static void cmd_http_timeout(CMD_ARGS) { struct http *hp; + double d; (void)cmd; (void)vl; CAST_OBJ_NOTNULL(hp, priv, HTTP_MAGIC); AN(av[1]); AZ(av[2]); - hp->timeout = (int)(strtod(av[1], NULL) * 1000.0); + d = VNUM(av[1]); + if (isnan(d)) + vtc_log(vl, 0, "timeout is not a number (%s)", av[1]); + hp->timeout = (int)(d * 1000.0); } /********************************************************************** From phk at FreeBSD.org Mon Feb 23 23:05:16 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Tue, 24 Feb 2015 00:05:16 +0100 Subject: [master] 7b04840 More strtod() -> VNUM() conversions. Message-ID: commit 7b0484025785acd664e1f260b1f43e631df5a08f Author: Poul-Henning Kamp Date: Mon Feb 23 23:04:40 2015 +0000 More strtod() -> VNUM() conversions. Add a VNUMpfx() variant which does not barf NAN on suffixes. diff --git a/include/vnum.h b/include/vnum.h index 02ca517..8446dae 100644 --- a/include/vnum.h +++ b/include/vnum.h @@ -30,4 +30,5 @@ /* from libvarnish/vnum.c */ double VNUM(const char *p); +double VNUMpfx(const char *p, const char **e); const char *VNUM_2bytes(const char *p, uintmax_t *r, uintmax_t rel); diff --git a/lib/libvarnish/Makefile.am b/lib/libvarnish/Makefile.am index 9275fd2..b592cff 100644 --- a/lib/libvarnish/Makefile.am +++ b/lib/libvarnish/Makefile.am @@ -44,7 +44,7 @@ TESTS = vnum_c_test noinst_PROGRAMS = ${TESTS} -vnum_c_test_SOURCES = vnum.c +vnum_c_test_SOURCES = vnum.c vas.c vnum_c_test_CFLAGS = -DNUM_C_TEST -include config.h vnum_c_test_LDADD = ${LIBM} diff --git a/lib/libvarnish/vnum.c b/lib/libvarnish/vnum.c index 98451b3..6d5d002 100644 --- a/lib/libvarnish/vnum.c +++ b/lib/libvarnish/vnum.c @@ -31,12 +31,14 @@ #include "config.h" #include +#include #include #include #include #include #include "vnum.h" +#include "vas.h" static const char err_miss_num[] = "Missing number"; static const char err_invalid_num[] = "Invalid number"; @@ -49,12 +51,15 @@ static const char err_invalid_suff[] = "Invalid suffix"; */ double -VNUM(const char *p) +VNUMpfx(const char *p, const char **t) { intmax_t m = 0, ee = 0; double ms = 1.0; double es = 1.0, e = 1.0, ne = 0.0; + AN(p); + AN(t); + *t = NULL; while (isspace(*p)) p++; @@ -86,26 +91,38 @@ VNUM(const char *p) while (isspace(*p)) p++; if (*p != '\0') - return (nan("")); + *t = p; return (ms * m * pow(10., e + es * ee)); } +double +VNUM(const char *p) +{ + const char *t; + double r; + + r = VNUMpfx(p, &t); + if (t != NULL) + r = nan(""); + return (r); +} + /**********************************************************************/ const char * VNUM_2bytes(const char *p, uintmax_t *r, uintmax_t rel) { double fval; - char *end; + const char *end; if (p == NULL || *p == '\0') return (err_miss_num); - fval = strtod(p, &end); - if (end == p || !isfinite(fval)) + fval = VNUMpfx(p, &end); + if (!isfinite(fval)) return (err_invalid_num); - if (*end == '\0') { + if (end == NULL) { *r = (uintmax_t)fval; return (NULL); } diff --git a/lib/libvmod_std/vmod_std_conversions.c b/lib/libvmod_std/vmod_std_conversions.c index d27ad44..e201eb9 100644 --- a/lib/libvmod_std/vmod_std_conversions.c +++ b/lib/libvmod_std/vmod_std_conversions.c @@ -39,6 +39,7 @@ #include "cache/cache.h" +#include "vnum.h" #include "vrt.h" #include "vsa.h" #include "vtim.h" @@ -47,7 +48,7 @@ VCL_DURATION __match_proto__(td_std_duration) vmod_duration(VRT_CTX, VCL_STRING p, VCL_DURATION d) { - char *e; + const char *e; double r; CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC); @@ -63,12 +64,9 @@ vmod_duration(VRT_CTX, VCL_STRING p, VCL_DURATION d) e = NULL; - r = strtod(p, &e); - - if (!isfinite(r)) - return (d); + r = VNUMpfx(p, &e); - if (e == NULL) + if (!isfinite(r) || e == NULL) return (d); while(isspace(*e)) @@ -170,7 +168,6 @@ vmod_ip(VRT_CTX, VCL_STRING s, VCL_IP d) VCL_REAL __match_proto__(td_std_real) vmod_real(VRT_CTX, VCL_STRING p, VCL_REAL d) { - char *e; double r; CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC); @@ -178,22 +175,11 @@ vmod_real(VRT_CTX, VCL_STRING p, VCL_REAL d) if (p == NULL) return (d); - while (isspace(*p)) - p++; - - if (*p != '+' && *p != '-' && !isdigit(*p)) - return (d); - - e = NULL; - - r = strtod(p, &e); + r = VNUM(p); if (!isfinite(r)) return (d); - if (e == NULL || *e != '\0') - return (d); - return (r); } From phk at FreeBSD.org Tue Feb 24 08:02:29 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Tue, 24 Feb 2015 09:02:29 +0100 Subject: [master] 65cc39a Add an assert to make flexelint happier Message-ID: commit 65cc39af875c938ce9ba604b8f9d30ca230b6156 Author: Poul-Henning Kamp Date: Tue Feb 24 08:01:02 2015 +0000 Add an assert to make flexelint happier diff --git a/lib/libvarnish/vtim.c b/lib/libvarnish/vtim.c index a7e4c6e..2b37816 100644 --- a/lib/libvarnish/vtim.c +++ b/lib/libvarnish/vtim.c @@ -232,6 +232,7 @@ VTIM_parse(const char *p) TIMESTAMP(); } else { WEEKDAY(); + assert(weekday >= 0 && weekday <= 6); if (*p == ',') { /* RFC822 & RFC1123 - "Sun, 06 Nov 1994 08:49:37 GMT" */ p++; From phk at FreeBSD.org Tue Feb 24 08:02:29 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Tue, 24 Feb 2015 09:02:29 +0100 Subject: [master] 6f51994 We are more worried about mantissa overrun than precision, so use doubles for the mantissa and exponent. This may increase the error by up to one bit in last position. Message-ID: commit 6f51994a0f8f4e9eceae4b1e804245d8efd8c620 Author: Poul-Henning Kamp Date: Tue Feb 24 08:01:17 2015 +0000 We are more worried about mantissa overrun than precision, so use doubles for the mantissa and exponent. This may increase the error by up to one bit in last position. diff --git a/lib/libvarnish/vnum.c b/lib/libvarnish/vnum.c index 6d5d002..5635e45 100644 --- a/lib/libvarnish/vnum.c +++ b/lib/libvarnish/vnum.c @@ -53,7 +53,7 @@ static const char err_invalid_suff[] = "Invalid suffix"; double VNUMpfx(const char *p, const char **t) { - intmax_t m = 0, ee = 0; + double m = 0., ee = 0.; double ms = 1.0; double es = 1.0, e = 1.0, ne = 0.0; @@ -68,7 +68,7 @@ VNUMpfx(const char *p, const char **t) for (; *p != '\0'; p++) { if (isdigit(*p)) { - m = m * 10 + *p - '0'; + m = m * 10. + *p - '0'; e = ne; if (e) ne = e - 1.0; @@ -86,7 +86,7 @@ VNUMpfx(const char *p, const char **t) if (!isdigit(*p)) return (nan("")); for (; isdigit(*p); p++) - ee = ee * 10 + *p - '0'; + ee = ee * 10. + *p - '0'; } while (isspace(*p)) p++; From phk at FreeBSD.org Tue Feb 24 08:53:08 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Tue, 24 Feb 2015 09:53:08 +0100 Subject: [master] da8f0f0 Use isnan() rather than !isfinite() Message-ID: commit da8f0f0122cf88e134f8b2b841ace62c14e8afd0 Author: Poul-Henning Kamp Date: Tue Feb 24 08:51:49 2015 +0000 Use isnan() rather than !isfinite() diff --git a/lib/libvarnish/vnum.c b/lib/libvarnish/vnum.c index 5635e45..e620223 100644 --- a/lib/libvarnish/vnum.c +++ b/lib/libvarnish/vnum.c @@ -119,7 +119,7 @@ VNUM_2bytes(const char *p, uintmax_t *r, uintmax_t rel) return (err_miss_num); fval = VNUMpfx(p, &end); - if (!isfinite(fval)) + if (isnan(fval)) return (err_invalid_num); if (end == NULL) { diff --git a/lib/libvmod_std/vmod_std_conversions.c b/lib/libvmod_std/vmod_std_conversions.c index e201eb9..57889b0 100644 --- a/lib/libvmod_std/vmod_std_conversions.c +++ b/lib/libvmod_std/vmod_std_conversions.c @@ -66,7 +66,7 @@ vmod_duration(VRT_CTX, VCL_STRING p, VCL_DURATION d) r = VNUMpfx(p, &e); - if (!isfinite(r) || e == NULL) + if (isnan(r) || e == NULL) return (d); while(isspace(*e)) @@ -177,7 +177,7 @@ vmod_real(VRT_CTX, VCL_STRING p, VCL_REAL d) r = VNUM(p); - if (!isfinite(r)) + if (isnan(r)) return (d); return (r); From phk at FreeBSD.org Tue Feb 24 08:53:08 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Tue, 24 Feb 2015 09:53:08 +0100 Subject: [master] 4f20b3d Add VNUM() to libvarnishapi Message-ID: commit 4f20b3dc860bf163734c18a2da2f59a3077694fa Author: Poul-Henning Kamp Date: Tue Feb 24 08:52:36 2015 +0000 Add VNUM() to libvarnishapi diff --git a/lib/libvarnishapi/Makefile.am b/lib/libvarnishapi/Makefile.am index 287472b..68a89bd 100644 --- a/lib/libvarnishapi/Makefile.am +++ b/lib/libvarnishapi/Makefile.am @@ -28,6 +28,7 @@ libvarnishapi_la_SOURCES = \ ../libvarnish/vre.c \ ../libvarnish/vsb.c \ ../libvarnish/vtim.c \ + ../libvarnish/vnum.c \ ../libvarnish/vsha256.c \ vsm.c \ vsl_arg.c \ diff --git a/lib/libvarnishapi/libvarnishapi.map b/lib/libvarnishapi/libvarnishapi.map index 0d9bb8d..0a9cd7d 100644 --- a/lib/libvarnishapi/libvarnishapi.map +++ b/lib/libvarnishapi/libvarnishapi.map @@ -124,3 +124,8 @@ LIBVARNISHAPI_1.3 { VSLQ_grouping; VSL_tagflags; } LIBVARNISHAPI_1.0; + +LIBVARNISHAPI_1.4 { + global: + VNUM; +} LIBVARNISHAPI_1.0; From phk at FreeBSD.org Tue Feb 24 08:53:09 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Tue, 24 Feb 2015 09:53:09 +0100 Subject: [master] 9bb8f96 Use VNUM() rather than strtod() Message-ID: commit 9bb8f96223d248beb5962961b493b16dcc8ecc2a Author: Poul-Henning Kamp Date: Tue Feb 24 08:52:54 2015 +0000 Use VNUM() rather than strtod() diff --git a/bin/varnishadm/varnishadm.c b/bin/varnishadm/varnishadm.c index a17961d..b498efc 100644 --- a/bin/varnishadm/varnishadm.c +++ b/bin/varnishadm/varnishadm.c @@ -50,6 +50,7 @@ #endif #include +#include #include #include #include @@ -61,6 +62,7 @@ #include "vapi/vsm.h" #include "vas.h" #include "vcli.h" +#include "vnum.h" #include "vss.h" #define RL_EXIT(status) \ @@ -464,7 +466,9 @@ main(int argc, char * const *argv) T_arg = optarg; break; case 't': - timeout = strtod(optarg, NULL); + timeout = VNUM(optarg); + if (isnan(timeout)) + usage(); break; default: usage(); diff --git a/bin/varnishncsa/varnishncsa.c b/bin/varnishncsa/varnishncsa.c index f6f9bc8..ce425eb 100644 --- a/bin/varnishncsa/varnishncsa.c +++ b/bin/varnishncsa/varnishncsa.c @@ -58,6 +58,7 @@ #include "vapi/voptget.h" #include "vas.h" #include "vcs.h" +#include "vnum.h" #include "vsb.h" #include "vut.h" #include "vqueue.h" @@ -283,16 +284,13 @@ static int __match_proto__(format_f) format_time(const struct format *format) { double t_start, t_end; - char *p; char buf[64]; time_t t; struct tm tm; CHECK_OBJ_NOTNULL(format, FORMAT_MAGIC); if (CTX.frag[F_tstart].gen == CTX.gen) { - t_start = strtod(CTX.frag[F_tstart].b, &p); - if (p != CTX.frag[F_tstart].e) - t_start = NAN; + t_start = VNUM(CTX.frag[F_tstart].b); } else t_start = NAN; if (isnan(t_start)) { @@ -305,8 +303,8 @@ format_time(const struct format *format) /* Missing t_end defaults to t_start */ if (CTX.frag[F_tend].gen == CTX.gen) { - t_end = strtod(CTX.frag[F_tend].b, &p); - if (p != CTX.frag[F_tend].e) + t_end = VNUM(CTX.frag[F_tend].b); + if (isnan(t_end)) t_end = t_start; } else t_end = t_start; diff --git a/lib/libvarnishapi/vsl_arg.c b/lib/libvarnishapi/vsl_arg.c index 376b056..4a9b897 100644 --- a/lib/libvarnishapi/vsl_arg.c +++ b/lib/libvarnishapi/vsl_arg.c @@ -36,6 +36,7 @@ #include #include #include +#include #include #include #include @@ -49,6 +50,7 @@ #include "vapi/vsl.h" #include "vapi/vsm.h" #include "vbm.h" +#include "vnum.h" #include "vre.h" #include "vsl_api.h" #include "vsm_api.h" @@ -343,13 +345,11 @@ VSL_Arg(struct VSL_data *vsl, int opt, const char *arg) vsl->L_opt = (int)l; return (1); case 'T': - d = strtod(arg, &p); - while (isspace(*p)) - p++; - if (*p != '\0') - return (vsl_diag(vsl, "-P: Syntax error")); + d = VNUM(arg); + if (!isnan(d)) + return (vsl_diag(vsl, "-T: Syntax error")); if (d < 0.) - return (vsl_diag(vsl, "-L: Range error")); + return (vsl_diag(vsl, "-T: Range error")); vsl->T_opt = d; return (1); case 'v': vsl->v_opt = 1; return (1); diff --git a/lib/libvarnishapi/vsl_query.c b/lib/libvarnishapi/vsl_query.c index 6136115..a271561 100644 --- a/lib/libvarnishapi/vsl_query.c +++ b/lib/libvarnishapi/vsl_query.c @@ -29,17 +29,19 @@ */ #include -#include -#include +#include +#include #include #include -#include +#include +#include -#include "vas.h" #include "miniobj.h" +#include "vas.h" +#include "vbm.h" +#include "vnum.h" #include "vre.h" #include "vsb.h" -#include "vbm.h" #include "vapi/vsl.h" #include "vsl_api.h" @@ -141,11 +143,10 @@ vslq_test_rec(const struct vex *vex, const struct VSLC_ptr *rec) /* Can't parse - no match */ return (0); case VEX_FLOAT: - lhs_float = strtod(b, &p); - if (*p == '\0' || isspace(*p)) - break; - /* Can't parse - no match */ - return (0); + lhs_float = VNUM(b); + if (isnan(lhs_float)) + return (0); + break; default: WRONG("Wrong RHS type"); } diff --git a/lib/libvarnishapi/vxp_parse.c b/lib/libvarnishapi/vxp_parse.c index 3b9e1d0..13472a2 100644 --- a/lib/libvarnishapi/vxp_parse.c +++ b/lib/libvarnishapi/vxp_parse.c @@ -30,18 +30,19 @@ #include "config.h" +#include +#include +#include #include #include -#include -#include #include -#include #include +#include "miniobj.h" #include "vas.h" -#include "vsb.h" #include "vbm.h" -#include "miniobj.h" +#include "vnum.h" +#include "vsb.h" #include "vapi/vsl.h" #include "vsl_api.h" @@ -191,10 +192,8 @@ vxp_expr_num(struct vxp *vxp, struct vex_rhs **prhs) AN(*prhs); if (strchr(vxp->t->dec, '.')) { (*prhs)->type = VEX_FLOAT; - (*prhs)->val_float = strtod(vxp->t->dec, &endptr); - while (isspace(*endptr)) - endptr++; - if (*endptr != '\0') { + (*prhs)->val_float = VNUM(vxp->t->dec); + if (isnan((*prhs)->val_float)) { VSB_printf(vxp->sb, "Floating point parse error "); vxp_ErrWhere(vxp, vxp->t, -1); return; From phk at FreeBSD.org Tue Feb 24 10:00:14 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Tue, 24 Feb 2015 11:00:14 +0100 Subject: [master] 90cb5eb Stabilize this test with syncvsl Message-ID: commit 90cb5eb4e00c58077588df24759e2f4938385e88 Author: Poul-Henning Kamp Date: Tue Feb 24 09:59:49 2015 +0000 Stabilize this test with syncvsl diff --git a/bin/varnishtest/tests/r01441.vtc b/bin/varnishtest/tests/r01441.vtc index ec9553d..455663c 100644 --- a/bin/varnishtest/tests/r01441.vtc +++ b/bin/varnishtest/tests/r01441.vtc @@ -16,7 +16,7 @@ varnish v1 -vcl+backend { set beresp.do_esi = true; } } -} -start +} -start -cliok "param.set debug +syncvsl" logexpect l1 -v v1 -g session { expect 0 1000 Begin sess 0 HTTP/1 From martin at varnish-software.com Tue Feb 24 10:53:12 2015 From: martin at varnish-software.com (Martin Blix Grydeland) Date: Tue, 24 Feb 2015 11:53:12 +0100 Subject: [4.0] d98c415 VFIL_fsinfo function to retrieve file system information Message-ID: commit d98c415dfc02df0002f9462c8311fc9eb9d117b3 Author: Martin Blix Grydeland Date: Tue Oct 7 13:27:57 2014 +0200 VFIL_fsinfo function to retrieve file system information diff --git a/include/vfil.h b/include/vfil.h index 533dfd8..32f2c78 100644 --- a/include/vfil.h +++ b/include/vfil.h @@ -34,3 +34,4 @@ int VFIL_tmpfile(char *); char *VFIL_readfile(const char *pfx, const char *fn, ssize_t *sz); char *VFIL_readfd(int fd, ssize_t *sz); int VFIL_nonblocking(int fd); +int VFIL_fsinfo(int fd, unsigned *pbs, uintmax_t *size, uintmax_t *space); diff --git a/lib/libvarnish/vfil.c b/lib/libvarnish/vfil.c index 920a06f..b3743f2 100644 --- a/lib/libvarnish/vfil.c +++ b/lib/libvarnish/vfil.c @@ -38,6 +38,18 @@ #include #include #include +#include +#include +#ifdef HAVE_SYS_MOUNT_H +# include +# include +#endif +#ifdef HAVE_SYS_STATVFS_H +# include +#endif +#ifdef HAVE_SYS_VFS_H +# include +#endif #include "vas.h" #include "vdef.h" @@ -136,3 +148,42 @@ VFIL_nonblocking(int fd) assert(i != -1); return (i); } + +/* + * Get file system information from an fd + * Returns block size, total size and space available in the passed pointers + * Returns 0 on success, or -1 on failure with errno set + */ +int +VFIL_fsinfo(int fd, unsigned *pbs, uintmax_t *psize, uintmax_t *pspace) +{ + unsigned bs; + uintmax_t size, space; +#if defined(HAVE_SYS_STATVFS_H) + struct statvfs fsst; + + if (fstatvfs(fd, &fsst)) + return (-1); + bs = fsst.f_frsize; + size = fsst.f_blocks * fsst.f_frsize; + space = fsst.f_bavail * fsst.f_frsize; +#elif defined(HAVE_SYS_MOUNT_H) || defined(HAVE_SYS_VFS_H) + struct statfs fsst; + + if (fstatfs(fd, &fsst)) + return (-1); + bs = fsst.f_bsize; + size = fsst.f_blocks * fsst.f_bsize; + space = fsst.f_bavail * fsst.f_bsize; +#else +#error no struct statfs / struct statvfs +#endif + + if (pbs) + *pbs = bs; + if (psize) + *psize = size; + if (pspace) + *pspace = space; + return (0); +} From martin at varnish-software.com Tue Feb 24 10:53:12 2015 From: martin at varnish-software.com (Martin Blix Grydeland) Date: Tue, 24 Feb 2015 11:53:12 +0100 Subject: [4.0] 9149a06 Use VFIL_fsinfo in STV_FileSize, and drop the old implementation Message-ID: commit 9149a0604e4584cd23d1e5719faf6189da9d69e9 Author: Martin Blix Grydeland Date: Tue Oct 7 13:46:57 2014 +0200 Use VFIL_fsinfo in STV_FileSize, and drop the old implementation diff --git a/bin/varnishd/storage/stevedore_utils.c b/bin/varnishd/storage/stevedore_utils.c index 9ce647f..32a447f 100644 --- a/bin/varnishd/storage/stevedore_utils.c +++ b/bin/varnishd/storage/stevedore_utils.c @@ -54,6 +54,7 @@ #include "storage/storage.h" #include "vnum.h" +#include "vfil.h" #ifndef O_LARGEFILE #define O_LARGEFILE 0 @@ -133,38 +134,6 @@ STV_GetFile(const char *fn, int *fdp, const char **fnp, const char *ctx) } /*-------------------------------------------------------------------- - * Figure out how much space is in a filesystem - */ - -static uintmax_t -stv_fsspace(int fd, unsigned *bs) -{ - uintmax_t bsize, bavail; -#if defined(HAVE_SYS_STATVFS_H) - struct statvfs fsst; - - AZ(fstatvfs(fd, &fsst)); - bsize = fsst.f_frsize; - bavail = fsst.f_bavail; -#elif defined(HAVE_SYS_MOUNT_H) || defined(HAVE_SYS_VFS_H) - struct statfs fsst; - - AZ(fstatfs(sc->fd, &fsst)); - bsize = fsst.f_bsize; - bavail = fsst.f_bavail; -#else -#error no struct statfs / struct statvfs -#endif - - /* We use units of the larger of filesystem blocksize and pagesize */ - if (*bs < bsize) - *bs = bsize; - XXXAZ(*bs % bsize); - return (bsize * bavail); -} - - -/*-------------------------------------------------------------------- * Decide file size. * * If the sizespecification is empty and the file exists with non-zero @@ -183,12 +152,16 @@ STV_FileSize(int fd, const char *size, unsigned *granularity, const char *ctx) off_t o; struct stat st; + AN(granularity); + AN(ctx); + AZ(fstat(fd, &st)); xxxassert(S_ISREG(st.st_mode)); - bs = *granularity; - fssize = stv_fsspace(fd, &bs); - XXXAZ(bs % *granularity); + AZ(VFIL_fsinfo(fd, &bs, &fssize, NULL)); + /* Increase granularity if it is lower than the filesystem block size */ + if (*granularity < bs) + *granularity = bs; if ((size == NULL || *size == '\0') && st.st_size != 0) { /* @@ -239,9 +212,8 @@ STV_FileSize(int fd, const char *size, unsigned *granularity, const char *ctx) l = INT32_MAX; } - /* round down to multiple of filesystem blocksize or pagesize */ - l -= (l % bs); + /* Round down */ + l -= (l % *granularity); - *granularity = bs; return(l); } From phk at FreeBSD.org Tue Feb 24 11:18:49 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Tue, 24 Feb 2015 12:18:49 +0100 Subject: [master] e98521d Eliminate a WRONG() which triggered when we recycle a backend connection in c00040. (Strictly speaking I think it is a buglet in the FreeBSD kqueue implementation but that's for Varnish to live with and me to pester somebody about.) Message-ID: commit e98521d0f61d9216dff0291f5b305c56efe3850c Author: Poul-Henning Kamp Date: Tue Feb 24 11:17:18 2015 +0000 Eliminate a WRONG() which triggered when we recycle a backend connection in c00040. (Strictly speaking I think it is a buglet in the FreeBSD kqueue implementation but that's for Varnish to live with and me to pester somebody about.) diff --git a/bin/varnishd/waiter/cache_waiter_kqueue.c b/bin/varnishd/waiter/cache_waiter_kqueue.c index 7fd8685..dfc8596 100644 --- a/bin/varnishd/waiter/cache_waiter_kqueue.c +++ b/bin/varnishd/waiter/cache_waiter_kqueue.c @@ -123,14 +123,19 @@ vwk_sess_ev(const struct vwk *vwk, const struct kevent *kp, double now) idle = now - *vwk->waiter->tmo; - if (kp->data > 0) { - Wait_Handle(vwk->waiter, sp, WAITER_ACTION, now); - } else if (sp->idle <= idle) { + VSL(SLT_Debug, 0, "KQR d %ju filter %d data %jd flags 0x%x idle %g", + kp->ident, kp->filter, kp->data, kp->flags, sp->idle - idle); + if (sp->idle <= idle) { Wait_Handle(vwk->waiter, sp, WAITER_TIMEOUT, now); } else if (kp->flags & EV_EOF) { Wait_Handle(vwk->waiter, sp, WAITER_REMCLOSE, now); } else { - WRONG("unknown kqueue state"); + if (kp->data == 0) + VSL(SLT_Debug, 0, + "KQR d %ju filter %d data %jd flags 0x%x idle %g", + kp->ident, kp->filter, kp->data, kp->flags, + sp->idle - idle); + Wait_Handle(vwk->waiter, sp, WAITER_ACTION, now); } } From phk at FreeBSD.org Tue Feb 24 16:32:28 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Tue, 24 Feb 2015 17:32:28 +0100 Subject: [master] 2a9fc5e constify Message-ID: commit 2a9fc5ee247251c9424eac0a856e711e25ca0f52 Author: Poul-Henning Kamp Date: Tue Feb 24 16:32:22 2015 +0000 constify diff --git a/bin/varnishd/cache/cache_backend.h b/bin/varnishd/cache/cache_backend.h index 339e19a..c7370a9 100644 --- a/bin/varnishd/cache/cache_backend.h +++ b/bin/varnishd/cache/cache_backend.h @@ -125,7 +125,7 @@ void VBP_Init(void); struct tcp_pool *VBT_Ref(const char *name, const struct suckaddr *ip4, const struct suckaddr *ip6); void VBT_Rel(struct tcp_pool **tpp); -int VBT_Open(struct tcp_pool *tp, double tmo, const struct suckaddr **sa); +int VBT_Open(const struct tcp_pool *tp, double tmo, const struct suckaddr **sa); void VBT_Recycle(struct tcp_pool *tp, struct vbc **vbc); void VBT_Close(struct tcp_pool *tp, struct vbc **vbc); struct vbc *VBT_Get(struct tcp_pool *tp, double tmo); diff --git a/bin/varnishd/cache/cache_backend_tcp.c b/bin/varnishd/cache/cache_backend_tcp.c index 70ae011..e82b27d 100644 --- a/bin/varnishd/cache/cache_backend_tcp.c +++ b/bin/varnishd/cache/cache_backend_tcp.c @@ -244,7 +244,7 @@ VBT_Rel(struct tcp_pool **tpp) */ int -VBT_Open(struct tcp_pool *tp, double tmo, const struct suckaddr **sa) +VBT_Open(const struct tcp_pool *tp, double tmo, const struct suckaddr **sa) { int s; int msec; From phk at FreeBSD.org Tue Feb 24 20:19:31 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Tue, 24 Feb 2015 21:19:31 +0100 Subject: [master] 5002303 Remove unsed VLU_Data() and VLU_File() functions. Message-ID: commit 5002303d2c3a0c9a03f5c5ad4b05f4afecd7ac39 Author: Poul-Henning Kamp Date: Tue Feb 24 20:18:38 2015 +0000 Remove unsed VLU_Data() and VLU_File() functions. diff --git a/include/vlu.h b/include/vlu.h index a9fe074..b7023cb 100644 --- a/include/vlu.h +++ b/include/vlu.h @@ -33,8 +33,6 @@ typedef int (vlu_f)(void *, const char *); struct vlu *VLU_New(void *priv, vlu_f *func, unsigned bufsize); int VLU_Fd(int fd, struct vlu *l); -int VLU_File(FILE *f, struct vlu *l); -int VLU_Data(const void *ptr, int len, struct vlu *l); void VLU_Destroy(struct vlu *l); void VLU_SetTelnet(struct vlu *l, int fd); diff --git a/lib/libvarnish/vlu.c b/lib/libvarnish/vlu.c index c983442..1aabc65 100644 --- a/lib/libvarnish/vlu.c +++ b/lib/libvarnish/vlu.c @@ -182,41 +182,3 @@ VLU_Fd(int fd, struct vlu *l) l->bufp += i; return (LineUpProcess(l)); } - -int -VLU_File(FILE *f, struct vlu *l) -{ - char *p; - - CHECK_OBJ_NOTNULL(l, LINEUP_MAGIC); - p = fgets(l->buf + l->bufp, l->bufl - l->bufp, f); - if (p == NULL) - return (-1); - l->bufp = strlen(l->buf); - return (LineUpProcess(l)); -} - -int -VLU_Data(const void *ptr, int len, struct vlu *l) -{ - const char *p; - int i = 0; - - p = ptr; - CHECK_OBJ_NOTNULL(l, LINEUP_MAGIC); - if (len < 0) - len = strlen(p); - while (len > 0) { - i = len; - if (i > l->bufl - l->bufp) - i = l->bufl - l->bufp; - memcpy(l->buf + l->bufp, p, i); - l->bufp += i; - p += i; - len -= i; - i = LineUpProcess(l); - if (i) - break; - } - return (i); -} From phk at FreeBSD.org Tue Feb 24 20:32:32 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Tue, 24 Feb 2015 21:32:32 +0100 Subject: [master] 0fdb149 It used to be that if you wanted to talk directly to a network service, you would TELNET to it, and *some* of the TELNET client programs were broken, and would send TELNET protocol magic sequences to the other end, even when not talking on port 23. Message-ID: commit 0fdb149d25dd4035b755111f8337d625371f5b67 Author: Poul-Henning Kamp Date: Tue Feb 24 20:29:01 2015 +0000 It used to be that if you wanted to talk directly to a network service, you would TELNET to it, and *some* of the TELNET client programs were broken, and would send TELNET protocol magic sequences to the other end, even when not talking on port 23. Now that we have varnishadm, and where netcat is widely available, that is simply not a problem we need to keep dead code around for any more. diff --git a/bin/varnishd/mgt/mgt_cli.c b/bin/varnishd/mgt/mgt_cli.c index 84446aa..5267065 100644 --- a/bin/varnishd/mgt/mgt_cli.c +++ b/bin/varnishd/mgt/mgt_cli.c @@ -51,7 +51,6 @@ #include "vcli_priv.h" #include "vcli_serve.h" #include "vev.h" -#include "vlu.h" #include "vrnd.h" #include "vss.h" #include "vtcp.h" @@ -388,10 +387,6 @@ mgt_cli_setup(int fdi, int fdo, int verbose, const char *ident, cli->ident = strdup(ident); - /* Deal with TELNET options */ - if (fdi != 0) - VLU_SetTelnet(cli->vlu, fdo); - if (fdi != 0 && secret_file != NULL) { cli->auth = MCF_NOAUTH; mgt_cli_challenge(cli); diff --git a/include/vlu.h b/include/vlu.h index b7023cb..b001523 100644 --- a/include/vlu.h +++ b/include/vlu.h @@ -34,6 +34,4 @@ typedef int (vlu_f)(void *, const char *); struct vlu *VLU_New(void *priv, vlu_f *func, unsigned bufsize); int VLU_Fd(int fd, struct vlu *l); void VLU_Destroy(struct vlu *l); -void VLU_SetTelnet(struct vlu *l, int fd); - #endif diff --git a/lib/libvarnish/vlu.c b/lib/libvarnish/vlu.c index 1aabc65..0673f10 100644 --- a/lib/libvarnish/vlu.c +++ b/lib/libvarnish/vlu.c @@ -47,7 +47,6 @@ struct vlu { unsigned bufl; unsigned bufp; void *priv; - int telnet; vlu_f *func; }; @@ -63,7 +62,6 @@ VLU_New(void *priv, vlu_f *func, unsigned bufsize) l->func = func; l->priv = priv; l->bufl = bufsize - 1; - l->telnet = -1; l->buf = malloc(l->bufl + 1L); if (l->buf == NULL) { FREE_OBJ(l); @@ -74,14 +72,6 @@ VLU_New(void *priv, vlu_f *func, unsigned bufsize) } void -VLU_SetTelnet(struct vlu *l, int fd) -{ - CHECK_OBJ_NOTNULL(l, LINEUP_MAGIC); - assert(fd >= 0); - l->telnet = fd; -} - -void VLU_Destroy(struct vlu *l) { @@ -91,52 +81,6 @@ VLU_Destroy(struct vlu *l) } static int -vlu_dotelnet(struct vlu *l, char *p) -{ - char *e; - char tno[3]; - int i; - - e = l->buf + l->bufp; - assert(p >= l->buf && p < e); - assert(*p == (char)255); - - /* We need at least two characters */ - if (p == e - 1) - return (1); - - /* And three for will/wont/do/dont */ - if (p[1] >= (char)251 && p[1] <= (char)254 && p == e - 2) - return (1); - - switch (p[1]) { - case (char)251: /* WILL */ - case (char)252: /* WONT */ - /* Ignore these */ - i = 3; - break; - case (char)253: /* DO */ - case (char)254: /* DONT */ - /* Return WONT for these */ - memcpy(tno, p, 3); - tno[1] = (char)252; - if (write(l->telnet, tno, 3) != 3) - return (1); - i = 3; - break; - default: - /* Ignore the rest */ - /* XXX: only p[1] >= 240 ? */ - i = 2; - } - - /* Remove telnet sequence from buffer */ - memmove(p, p + i, 1 + e - (p + i)); - l->bufp -= i; - return (0); -} - -static int LineUpProcess(struct vlu *l) { char *p, *q; @@ -146,9 +90,6 @@ LineUpProcess(struct vlu *l) for (p = l->buf; *p != '\0'; p = q) { /* Find first CR or NL */ for (q = p; *q != '\0'; q++) { - while (l->telnet >= 0 && *q == (char)255) - if (vlu_dotelnet(l, q)) - return (0); if (*q == '\n' || *q == '\r') break; } From phk at FreeBSD.org Tue Feb 24 21:40:38 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Tue, 24 Feb 2015 22:40:38 +0100 Subject: [master] 01b1967 Now that all VSL have descriptions, make the lack thereof an assert. Message-ID: commit 01b1967de9c25782f750d92cb1b17d9aa211f6eb Author: Poul-Henning Kamp Date: Tue Feb 24 20:53:55 2015 +0000 Now that all VSL have descriptions, make the lack thereof an assert. diff --git a/bin/varnishd/mgt/mgt_main.c b/bin/varnishd/mgt/mgt_main.c index 5a8d4ca..839cc6f 100644 --- a/bin/varnishd/mgt/mgt_main.c +++ b/bin/varnishd/mgt/mgt_main.c @@ -75,6 +75,7 @@ mgt_sltm(const char *tag, const char *sdesc, const char *ldesc) { int i; + assert(sdesc != NULL || ldesc != NULL); printf("\n%s\n", tag); i = strlen(tag); printf("%*.*s\n\n", i, i, "------------------------------------"); @@ -82,9 +83,6 @@ mgt_sltm(const char *tag, const char *sdesc, const char *ldesc) printf("%s\n", ldesc); else if (*sdesc != '\0') printf("%s\n", sdesc); - else - printf("%s\n", "(description not yet written)"); - } /*lint -e{506} constant value boolean */ From phk at FreeBSD.org Tue Feb 24 21:40:38 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Tue, 24 Feb 2015 22:40:38 +0100 Subject: [master] 0848a1f Weed out some unused functions which are surplus to our requirements. Message-ID: commit 0848a1fe471c40a49e77df941c8e2cc133170ff7 Author: Poul-Henning Kamp Date: Tue Feb 24 21:39:59 2015 +0000 Weed out some unused functions which are surplus to our requirements. diff --git a/include/vsa.h b/include/vsa.h index 996afde..185be03 100644 --- a/include/vsa.h +++ b/include/vsa.h @@ -34,7 +34,6 @@ struct suckaddr; extern const int vsa_suckaddr_len; int VSA_Sane(const struct suckaddr *); -socklen_t VSA_Len(const struct suckaddr *); unsigned VSA_Port(const struct suckaddr *); int VSA_Compare(const struct suckaddr *, const struct suckaddr *); struct suckaddr *VSA_Clone(const struct suckaddr *sua); diff --git a/include/vsb.h b/include/vsb.h index 3734361..0f1f2bd 100644 --- a/include/vsb.h +++ b/include/vsb.h @@ -62,11 +62,8 @@ struct vsb *VSB_new(struct vsb *, char *, int, int); #define VSB_new_auto() \ VSB_new(NULL, NULL, 0, VSB_AUTOEXTEND) void VSB_clear(struct vsb *); -int VSB_setpos(struct vsb *, ssize_t); int VSB_bcat(struct vsb *, const void *, size_t); -int VSB_bcpy(struct vsb *, const void *, size_t); int VSB_cat(struct vsb *, const char *); -int VSB_cpy(struct vsb *, const char *); int VSB_printf(struct vsb *, const char *, ...) __printflike(2, 3); #ifdef va_start @@ -74,15 +71,12 @@ int VSB_vprintf(struct vsb *, const char *, va_list) __printflike(2, 0); #endif int VSB_putc(struct vsb *, int); -int VSB_trim(struct vsb *); int VSB_error(const struct vsb *); int VSB_finish(struct vsb *); char *VSB_data(const struct vsb *); ssize_t VSB_len(const struct vsb *); -int VSB_done(const struct vsb *); void VSB_delete(struct vsb *); void VSB_quote(struct vsb *s, const char *p, int len, int how); -const char *VSB_unquote(struct vsb *s, const char *p, int len, int how); #ifdef __cplusplus }; #endif diff --git a/lib/libvarnish/vsa.c b/lib/libvarnish/vsa.c index 146a212..be0ebc4 100644 --- a/lib/libvarnish/vsa.c +++ b/lib/libvarnish/vsa.c @@ -307,21 +307,6 @@ VSA_Sane(const struct suckaddr *sua) } } -socklen_t -VSA_Len(const struct suckaddr *sua) -{ - CHECK_OBJ_NOTNULL(sua, SUCKADDR_MAGIC); - - switch(sua->sa.sa_family) { - case PF_INET: - return (sizeof(sua->sa4)); - case PF_INET6: - return (sizeof(sua->sa6)); - default: - return (0); - } -} - int VSA_Compare(const struct suckaddr *sua1, const struct suckaddr *sua2) { diff --git a/lib/libvarnish/vsb.c b/lib/libvarnish/vsb.c index 91a7fa2..7b17e0f 100644 --- a/lib/libvarnish/vsb.c +++ b/lib/libvarnish/vsb.c @@ -234,29 +234,6 @@ VSB_clear(struct vsb *s) } /* - * Set the vsb's end position to an arbitrary value. - * Effectively truncates the vsb at the new position. - */ -int -VSB_setpos(struct vsb *s, ssize_t pos) -{ - - assert_VSB_integrity(s); - assert_VSB_state(s, 0); - - KASSERT(pos >= 0, - ("attempt to seek to a negative position (%jd)", (intmax_t)pos)); - KASSERT(pos < s->s_size, - ("attempt to seek past end of vsb (%jd >= %jd)", - (intmax_t)pos, (intmax_t)s->s_size)); - - if (pos < 0 || pos > s->s_len) - return (-1); - s->s_len = pos; - return (0); -} - -/* * Append a byte to an vsb. This is the core function for appending * to an vsb and is the main place that deals with extending the * buffer and marking overflow. @@ -302,20 +279,6 @@ VSB_bcat(struct vsb *s, const void *buf, size_t len) } /* - * Copy a byte string into an vsb. - */ -int -VSB_bcpy(struct vsb *s, const void *buf, size_t len) -{ - - assert_VSB_integrity(s); - assert_VSB_state(s, 0); - - VSB_clear(s); - return (VSB_bcat(s, buf, len)); -} - -/* * Append a string to an vsb. */ int @@ -337,20 +300,6 @@ VSB_cat(struct vsb *s, const char *str) } /* - * Copy a string into an vsb. - */ -int -VSB_cpy(struct vsb *s, const char *str) -{ - - assert_VSB_integrity(s); - assert_VSB_state(s, 0); - - VSB_clear(s); - return (VSB_cat(s, str)); -} - -/* * Format the given argument list and append the resulting string to an vsb. */ int @@ -439,25 +388,6 @@ VSB_putc(struct vsb *s, int c) } /* - * Trim whitespace characters from end of an vsb. - */ -int -VSB_trim(struct vsb *s) -{ - - assert_VSB_integrity(s); - assert_VSB_state(s, 0); - - if (s->s_error != 0) - return (-1); - - while (s->s_len > 0 && isspace(s->s_buf[s->s_len-1])) - --s->s_len; - - return (0); -} - -/* * Check if an vsb has an error. */ int @@ -533,16 +463,6 @@ VSB_delete(struct vsb *s) } /* - * Check if an vsb has been finished. - */ -int -VSB_done(const struct vsb *s) -{ - - return(VSB_ISFINISHED(s)); -} - -/* * Quote a string */ void @@ -595,60 +515,3 @@ VSB_quote(struct vsb *s, const char *p, int len, int how) } (void)VSB_putc(s, '"'); } - -/* - * Unquote a string - */ -const char * -VSB_unquote(struct vsb *s, const char *p, int len, int how) -{ - const char *q; - char *r; - unsigned long u; - char c; - - (void)how; /* For future enhancements */ - - if (len == -1) - len = strlen(p); - - for (q = p; q < p + len; q++) { - if (*q != '\\') { - (void)VSB_bcat(s, q, 1); - continue; - } - if (++q >= p + len) - return ("Incomplete '\\'-sequence at end of string"); - - switch(*q) { - case 'n': - (void)VSB_bcat(s, "\n", 1); - continue; - case 'r': - (void)VSB_bcat(s, "\r", 1); - continue; - case 't': - (void)VSB_bcat(s, "\t", 1); - continue; - case '0': - case '1': - case '2': - case '3': - case '4': - case '5': - case '6': - case '7': - errno = 0; - u = strtoul(q, &r, 8); - if (errno != 0 || (u & ~0xff)) - return ("\\ooo sequence out of range"); - c = (char)u; - (void)VSB_bcat(s, &c, 1); - q = r - 1; - continue; - default: - (void)VSB_bcat(s, q, 1); - } - } - return (NULL); -} From phk at FreeBSD.org Wed Feb 25 09:06:06 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 25 Feb 2015 10:06:06 +0100 Subject: [master] ad24545 Improvements to std.time() tests from Dridi Boukelmoune and some additions from me to make it a comprehensive coverage test for vtim.c Message-ID: commit ad24545a6b396512ba8a89dbb0b4773d66baaf7d Author: Poul-Henning Kamp Date: Wed Feb 25 09:05:13 2015 +0000 Improvements to std.time() tests from Dridi Boukelmoune and some additions from me to make it a comprehensive coverage test for vtim.c diff --git a/bin/varnishtest/tests/m00020.vtc b/bin/varnishtest/tests/m00020.vtc index 2ac50f8..b75d997 100644 --- a/bin/varnishtest/tests/m00020.vtc +++ b/bin/varnishtest/tests/m00020.vtc @@ -9,6 +9,7 @@ varnish v1 -vcl+backend { import ${vmod_std}; sub vcl_deliver { + set resp.http.x-date = std.time(req.http.x-date, now); if (std.time(req.http.x-date, now) < now - 1y) { set resp.http.x-past = 1; } @@ -22,19 +23,90 @@ client c1 { txreq -hdr "X-Date: Mon, 20 Dec 2010 00:00:00 GMT" rxresp expect resp.http.x-past == 1 - txreq -hdr "X-Date: Monday, 23-Dec-30 00:00:00 GMT" + expect resp.http.x-date == "Mon, 20 Dec 2010 00:00:00 GMT" + + txreq -hdr "X-Date: Monday, 20-Dec-30 00:00:00 GMT" + rxresp + expect resp.http.x-past == + expect resp.http.x-future == + + txreq -hdr "X-Date: Monday, 30-Feb-15 00:00:00 GMT" + rxresp + expect resp.http.x-past == + expect resp.http.x-future == + + txreq -hdr "X-Date: Friday, 20-Dec-30 00:00:00 GMT" rxresp expect resp.http.x-future == 1 + expect resp.http.x-date == "Fri, 20 Dec 2030 00:00:00 GMT" + txreq -hdr "X-Date: Mon Dec 20 00:00:00 2010" rxresp expect resp.http.x-past == 1 + expect resp.http.x-date == "Mon, 20 Dec 2010 00:00:00 GMT" + txreq -hdr "X-Date: 2030-12-20T00:00:00" rxresp expect resp.http.x-future == 1 + expect resp.http.x-date == "Fri, 20 Dec 2030 00:00:00 GMT" + txreq -hdr "X-Date: 1292803200.00" rxresp expect resp.http.x-past == 1 + expect resp.http.x-date == "Mon, 20 Dec 2010 00:00:00 GMT" + txreq -hdr "X-Date: 1923955200" rxresp expect resp.http.x-future == 1 + expect resp.http.x-date == "Fri, 20 Dec 2030 00:00:00 GMT" + + delay .2 + + # Coverage tests of vtim.c + + # leapsecond + txreq -hdr "X-Date: Mon, 20 Dec 2010 00:00:60 GMT" + rxresp + expect resp.http.x-date == "Mon, 20 Dec 2010 00:00:59 GMT" + delay .1 + + txreq -hdr "X-Date: Mon, 20 Dec 2010 00:00:61 GMT" + rxresp + expect resp.http.x-date != "Mon, 20 Dec 2010 00:00:61 GMT" + delay .1 + + txreq -hdr "X-Date: Mon, 20 Dec 2010 00:60:00 GMT" + rxresp + expect resp.http.x-date != "Mon, 20 Dec 2010 00:60:00 GMT" + delay .1 + + txreq -hdr "X-Date: Mon, 20 Dec 2010 24:00:00 GMT" + rxresp + expect resp.http.x-date != "Mon, 20 Dec 2010 24:00:00 GMT" + delay .1 + + txreq -hdr "X-Date: Tue, 20 Dec 2010 00:00:00 GMT" + rxresp + expect resp.http.x-date != "Tue, 20 Dec 2010 00:00:00 GMT" + delay .1 + + txreq -hdr "X-Date: Mon, 29 Feb 2010 00:00:00 GMT" + rxresp + expect resp.http.x-date != "Mon, 29 Feb 2010 00:00:00 GMT" + delay .1 + + txreq -hdr "X-Date: Wed, 29 Feb 2012 00:00:00 GMT" + rxresp + expect resp.http.x-date == "Wed, 29 Feb 2012 00:00:00 GMT" + delay .1 + + txreq -hdr "X-Date: 2010-13-20T00:00:00" + rxresp + delay .1 + + txreq -hdr "X-Date: Wedx 29 Feb 2012 00:00:00 GMT" + rxresp + expect resp.http.x-date != "Wed, 29 Feb 2012 00:00:00 GMT" + delay .1 + } -run From phk at FreeBSD.org Wed Feb 25 09:10:59 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 25 Feb 2015 10:10:59 +0100 Subject: [master] 798ebde Printf format fixes for osx-i386 Message-ID: commit 798ebde4ba67b7c569ba0e8b47ef746fc0338529 Author: Poul-Henning Kamp Date: Wed Feb 25 09:10:35 2015 +0000 Printf format fixes for osx-i386 diff --git a/bin/varnishd/waiter/cache_waiter_kqueue.c b/bin/varnishd/waiter/cache_waiter_kqueue.c index dfc8596..52633e2 100644 --- a/bin/varnishd/waiter/cache_waiter_kqueue.c +++ b/bin/varnishd/waiter/cache_waiter_kqueue.c @@ -123,8 +123,6 @@ vwk_sess_ev(const struct vwk *vwk, const struct kevent *kp, double now) idle = now - *vwk->waiter->tmo; - VSL(SLT_Debug, 0, "KQR d %ju filter %d data %jd flags 0x%x idle %g", - kp->ident, kp->filter, kp->data, kp->flags, sp->idle - idle); if (sp->idle <= idle) { Wait_Handle(vwk->waiter, sp, WAITER_TIMEOUT, now); } else if (kp->flags & EV_EOF) { @@ -133,8 +131,8 @@ vwk_sess_ev(const struct vwk *vwk, const struct kevent *kp, double now) if (kp->data == 0) VSL(SLT_Debug, 0, "KQR d %ju filter %d data %jd flags 0x%x idle %g", - kp->ident, kp->filter, kp->data, kp->flags, - sp->idle - idle); + (uintmax_t)kp->ident, kp->filter, + (intmax_t)kp->data, kp->flags, sp->idle - idle); Wait_Handle(vwk->waiter, sp, WAITER_ACTION, now); } } From phk at FreeBSD.org Wed Feb 25 10:07:12 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 25 Feb 2015 11:07:12 +0100 Subject: [master] aedfa6e Get the last three lines in vtim.c tested also Message-ID: commit aedfa6eae192ff1a064efa63c81834006abbaa54 Author: Poul-Henning Kamp Date: Wed Feb 25 10:06:57 2015 +0000 Get the last three lines in vtim.c tested also diff --git a/bin/varnishtest/tests/m00020.vtc b/bin/varnishtest/tests/m00020.vtc index b75d997..4d76b40 100644 --- a/bin/varnishtest/tests/m00020.vtc +++ b/bin/varnishtest/tests/m00020.vtc @@ -9,7 +9,8 @@ varnish v1 -vcl+backend { import ${vmod_std}; sub vcl_deliver { - set resp.http.x-date = std.time(req.http.x-date, now); + set resp.http.x-date = std.time( + regsub(req.http.x-date, "z", " "), now); if (std.time(req.http.x-date, now) < now - 1y) { set resp.http.x-past = 1; } @@ -70,6 +71,7 @@ client c1 { expect resp.http.x-date == "Mon, 20 Dec 2010 00:00:59 GMT" delay .1 + # Range tests txreq -hdr "X-Date: Mon, 20 Dec 2010 00:00:61 GMT" rxresp expect resp.http.x-date != "Mon, 20 Dec 2010 00:00:61 GMT" @@ -104,9 +106,25 @@ client c1 { rxresp delay .1 + txreq -hdr "X-Date: Sun 31 Dec 1899 23:59:59 GMT" + rxresp + expect resp.http.x-date != "Sun 31 Dec 1899 23:59:59 GMT" + delay .1 + + # White space etc. + txreq -hdr "X-Date: z Wed, 29 Feb 2012 00:00:00 GMT" + rxresp + expect resp.http.x-date == "Wed, 29 Feb 2012 00:00:00 GMT" + delay .1 + txreq -hdr "X-Date: Wedx 29 Feb 2012 00:00:00 GMT" rxresp expect resp.http.x-date != "Wed, 29 Feb 2012 00:00:00 GMT" delay .1 + txreq -hdr "X-Date: Wed, 29 Feb 2012 00:00:00 GMT x" + rxresp + expect resp.http.x-date != "Wed, 29 Feb 2012 00:00:00 GMT" + delay .1 + } -run From phk at FreeBSD.org Wed Feb 25 10:37:34 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 25 Feb 2015 11:37:34 +0100 Subject: [master] 4aebfa9 Remove unused macro Message-ID: commit 4aebfa934f9f284d4ca5076a3b2e6c685509c841 Author: Poul-Henning Kamp Date: Wed Feb 25 10:18:35 2015 +0000 Remove unused macro diff --git a/lib/libvarnish/vsb.c b/lib/libvarnish/vsb.c index 7b17e0f..375a678 100644 --- a/lib/libvarnish/vsb.c +++ b/lib/libvarnish/vsb.c @@ -50,7 +50,6 @@ __FBSDID("$FreeBSD: head/sys/kern/subr_vsb.c 222004 2011-05-17 06:36:32Z phk $") */ #define VSB_ISDYNAMIC(s) ((s)->s_flags & VSB_DYNAMIC) #define VSB_ISDYNSTRUCT(s) ((s)->s_flags & VSB_DYNSTRUCT) -#define VSB_ISFINISHED(s) ((s)->s_flags & VSB_FINISHED) #define VSB_HASROOM(s) ((s)->s_len < (s)->s_size - 1) #define VSB_FREESPACE(s) ((s)->s_size - ((s)->s_len + 1)) #define VSB_CANEXTEND(s) ((s)->s_flags & VSB_AUTOEXTEND) From phk at FreeBSD.org Wed Feb 25 10:37:34 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 25 Feb 2015 11:37:34 +0100 Subject: [master] ef4557c Align backend/waiter debugs properly, they may be here for some time. Message-ID: commit ef4557c4c021afce51d9396e1c9da65d93d92d32 Author: Poul-Henning Kamp Date: Wed Feb 25 10:19:12 2015 +0000 Align backend/waiter debugs properly, they may be here for some time. diff --git a/bin/varnishd/cache/cache_backend_tcp.c b/bin/varnishd/cache/cache_backend_tcp.c index e82b27d..19a47a2 100644 --- a/bin/varnishd/cache/cache_backend_tcp.c +++ b/bin/varnishd/cache/cache_backend_tcp.c @@ -93,22 +93,28 @@ tcp_handle(struct waited *w, enum wait_event ev, double now) tp = vbc->backend->tcp_pool; // NB: Incestous Lck_Lock(&tp->mtx); + VSL(SLT_Debug, 0, + "------> Handler fd %d in_w %d state %d ev %d stolen %d", + vbc->fd, vbc->in_waiter, vbc->state, ev, vbc->stolen); AN(vbc->in_waiter); -VSL(SLT_Debug, 0, "------> Handler fd %d in_w %d state %d ev %d stolen %d", vbc->fd, vbc->in_waiter, vbc->state, ev, vbc->stolen); switch(vbc->state) { case VBC_STATE_AVAIL: if (ev != WAITER_ACTION || !vbc->stolen) { -VSL(SLT_Debug, 0, "------> Handler avail + !action -> close"); + VSL(SLT_Debug, + 0, "------> Handler avail + !action -> close"); VTCP_close(&vbc->fd); VTAILQ_REMOVE(&tp->connlist, vbc, list); tp->n_conn--; FREE_OBJ(vbc); } else { -VSL(SLT_Debug, 0, "------> Handler avail + action -> re-wait"); + VSL(SLT_Debug, 0, + "------> Handler avail + action -> re-wait"); vbc->stolen = 0; if (Wait_Enter(tp->waiter, vbc->waited)) { -VSL(SLT_Debug, 0, "------> Handler avail + !timeout -> re-wait failed"); + VSL(SLT_Debug, 0, + "------> Handler avail + " + "!timeout -> re-wait failed"); VTCP_close(&vbc->fd); VTAILQ_REMOVE(&tp->connlist, vbc, list); tp->n_conn--; @@ -117,11 +123,11 @@ VSL(SLT_Debug, 0, "------> Handler avail + !timeout -> re-wait failed"); } break; case VBC_STATE_USED: -VSL(SLT_Debug, 0, "------> Handler used"); + VSL(SLT_Debug, 0, "------> Handler used"); vbc->in_waiter = 0; break; case VBC_STATE_CLEANUP: -VSL(SLT_Debug, 0, "------> Handler cleanup"); + VSL(SLT_Debug, 0, "------> Handler cleanup"); VTCP_close(&vbc->fd); tp->n_kill--; VTAILQ_REMOVE(&tp->killlist, vbc, list); @@ -288,14 +294,15 @@ VBT_Recycle(struct tcp_pool *tp, struct vbc **vbcp) Lck_Lock(&tp->mtx); tp->n_used--; -VSL(SLT_Debug, 0, "------> Recycle fd %d in_w %d", vbc->fd, vbc->in_waiter); + VSL(SLT_Debug, 0, "------> Recycle fd %d in_w %d", + vbc->fd, vbc->in_waiter); if (!vbc->in_waiter) { vbc->in_waiter = 1; vbc->waited->ptr = vbc; vbc->waited->fd = vbc->fd; vbc->waited->idle = VTIM_real(); -VSL(SLT_Debug, 0, "------> Recycle fd %d Wait_Enter", vbc->fd); + VSL(SLT_Debug, 0, "------> Recycle fd %d Wait_Enter", vbc->fd); if (Wait_Enter(tp->waiter, vbc->waited)) { VTCP_close(&vbc->fd); FREE_OBJ(vbc); @@ -345,7 +352,8 @@ VBT_Close(struct tcp_pool *tp, struct vbc **vbcp) assert(vbc->state == VBC_STATE_USED); assert(vbc->fd > 0); -VSL(SLT_Debug, 0, "------> Close fd %d in_w %d", vbc->fd, vbc->in_waiter); + VSL(SLT_Debug, 0, "------> Close fd %d in_w %d", + vbc->fd, vbc->in_waiter); Lck_Lock(&tp->mtx); tp->n_used--; @@ -378,7 +386,7 @@ VBT_Get(struct tcp_pool *tp, double tmo) CHECK_OBJ_NOTNULL(vbc, VBC_MAGIC); assert(vbc->state == VBC_STATE_AVAIL); -VSL(SLT_Debug, 0, "------> Steal fd %d", vbc->fd); + VSL(SLT_Debug, 0, "------> Steal fd %d", vbc->fd); VTAILQ_REMOVE(&tp->connlist, vbc, list); tp->n_conn--; @@ -399,11 +407,11 @@ VSL(SLT_Debug, 0, "------> Steal fd %d", vbc->fd); if (vbc->fd < 0) FREE_OBJ(vbc); if (vbc == NULL) { -VSL(SLT_Debug, 0, "------> No new fd"); + VSL(SLT_Debug, 0, "------> No new fd"); Lck_Lock(&tp->mtx); tp->n_used--; // Nope, didn't work after all. Lck_Unlock(&tp->mtx); } else -VSL(SLT_Debug, 0, "------> New fd %d", vbc->fd); + VSL(SLT_Debug, 0, "------> New fd %d", vbc->fd); return (vbc); } diff --git a/bin/varnishd/waiter/cache_waiter_poll.c b/bin/varnishd/waiter/cache_waiter_poll.c index b604ca4..d3cbe4e 100644 --- a/bin/varnishd/waiter/cache_waiter_poll.c +++ b/bin/varnishd/waiter/cache_waiter_poll.c @@ -149,7 +149,8 @@ vwp_main(void *priv) break; CHECK_OBJ_NOTNULL(sp, WAITED_MAGIC); fd = sp->fd; -VSL(SLT_Debug, 0, "POLL Handle %d %x", fd, vwp->pollfd[fd].revents); + VSL(SLT_Debug, 0, + "POLL Handle %d %x", fd, vwp->pollfd[fd].revents); assert(fd >= 0); assert(fd <= vwp->hpoll); assert(fd < vwp->npoll); From phk at FreeBSD.org Wed Feb 25 10:37:34 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 25 Feb 2015 11:37:34 +0100 Subject: [master] 2ade6d4 Make the assert for VSL docs actually do what I wanted it to do. Message-ID: commit 2ade6d43897bb1b0fafc20a87657fa39420f5b27 Author: Poul-Henning Kamp Date: Wed Feb 25 10:23:53 2015 +0000 Make the assert for VSL docs actually do what I wanted it to do. diff --git a/bin/varnishd/mgt/mgt_main.c b/bin/varnishd/mgt/mgt_main.c index 839cc6f..896f2dd 100644 --- a/bin/varnishd/mgt/mgt_main.c +++ b/bin/varnishd/mgt/mgt_main.c @@ -75,7 +75,8 @@ mgt_sltm(const char *tag, const char *sdesc, const char *ldesc) { int i; - assert(sdesc != NULL || ldesc != NULL); + assert(sdesc != NULL && ldesc != NULL); + assert(*sdesc != '\0' || *ldesc != '\0'); printf("\n%s\n", tag); i = strlen(tag); printf("%*.*s\n\n", i, i, "------------------------------------"); From phk at FreeBSD.org Wed Feb 25 10:37:34 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 25 Feb 2015 11:37:34 +0100 Subject: [master] 1c8eb56 Get indentation (more) right. Message-ID: commit 1c8eb56cdf3b04453bb2bba4c2dbb44d6d5421e7 Author: Poul-Henning Kamp Date: Wed Feb 25 10:24:15 2015 +0000 Get indentation (more) right. diff --git a/bin/varnishd/cache/cache_backend_tcp.c b/bin/varnishd/cache/cache_backend_tcp.c index 19a47a2..93e2333 100644 --- a/bin/varnishd/cache/cache_backend_tcp.c +++ b/bin/varnishd/cache/cache_backend_tcp.c @@ -112,9 +112,9 @@ tcp_handle(struct waited *w, enum wait_event ev, double now) "------> Handler avail + action -> re-wait"); vbc->stolen = 0; if (Wait_Enter(tp->waiter, vbc->waited)) { - VSL(SLT_Debug, 0, - "------> Handler avail + " - "!timeout -> re-wait failed"); + VSL(SLT_Debug, 0, + "------> Handler avail + " + "!timeout -> re-wait failed"); VTCP_close(&vbc->fd); VTAILQ_REMOVE(&tp->connlist, vbc, list); tp->n_conn--; From phk at FreeBSD.org Wed Feb 25 10:37:34 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 25 Feb 2015 11:37:34 +0100 Subject: [master] f43b3ab Constify Message-ID: commit f43b3abaf0aa5cccb2f0880b684a30fdbd61d672 Author: Poul-Henning Kamp Date: Wed Feb 25 10:27:07 2015 +0000 Constify diff --git a/bin/varnishd/common/common.h b/bin/varnishd/common/common.h index 006df7a..de8d60c 100644 --- a/bin/varnishd/common/common.h +++ b/bin/varnishd/common/common.h @@ -121,7 +121,7 @@ void VSM_common_free(struct vsm_sc *sc, void *ptr); void VSM_common_delete(struct vsm_sc **sc); void VSM_common_copy(struct vsm_sc *to, const struct vsm_sc *from); void VSM_common_cleaner(struct vsm_sc *sc, struct VSC_C_main *stats); -void VSM_common_ageupdate(struct vsm_sc *sc); +void VSM_common_ageupdate(const struct vsm_sc *sc); /*--------------------------------------------------------------------- * Generic power-2 rounding macros diff --git a/bin/varnishd/common/common_vsm.c b/bin/varnishd/common/common_vsm.c index 90863c3..9d4863e 100644 --- a/bin/varnishd/common/common_vsm.c +++ b/bin/varnishd/common/common_vsm.c @@ -384,7 +384,7 @@ VSM_common_copy(struct vsm_sc *to, const struct vsm_sc *from) */ void -VSM_common_ageupdate(struct vsm_sc *sc) +VSM_common_ageupdate(const struct vsm_sc *sc) { CHECK_OBJ_NOTNULL(sc, VSM_SC_MAGIC); From phk at FreeBSD.org Wed Feb 25 10:37:34 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 25 Feb 2015 11:37:34 +0100 Subject: [master] 8f1c078 Some cache_vcl.c coverage Message-ID: commit 8f1c078bc6b901c2178c01ad2c24afa1cfaaf5d9 Author: Poul-Henning Kamp Date: Wed Feb 25 10:37:20 2015 +0000 Some cache_vcl.c coverage diff --git a/bin/varnishtest/tests/c00015.vtc b/bin/varnishtest/tests/c00015.vtc index 63edd3c..9725ead 100644 --- a/bin/varnishtest/tests/c00015.vtc +++ b/bin/varnishtest/tests/c00015.vtc @@ -53,3 +53,9 @@ varnish v1 -cli "vcl.show vcl2" varnish v1 -cli "vcl.show -v vcl2" varnish v1 -cli "vcl.discard vcl2" varnish v1 -cli "vcl.list" +varnish v1 -clierr 104 "vcl.show -v" +varnish v1 -clierr 106 "vcl.show -x nowhere" +varnish v1 -clierr 106 "vcl.show nothere" +varnish v1 -clierr 106 "vcl.use nothere" +varnish v1 -clierr 106 "vcl.discard nowhere" +varnish v1 -clierr 106 "vcl.discard vcl1" From phk at FreeBSD.org Wed Feb 25 10:38:29 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 25 Feb 2015 11:38:29 +0100 Subject: [master] 74f7e66 We should always have a "now" from either the req or bo Message-ID: commit 74f7e663b4334622b1f0733c5c810c71b69afa93 Author: Poul-Henning Kamp Date: Wed Feb 25 10:38:03 2015 +0000 We should always have a "now" from either the req or bo diff --git a/bin/varnishd/cache/cache_vcl.c b/bin/varnishd/cache/cache_vcl.c index d74e9b0..f096b60 100644 --- a/bin/varnishd/cache/cache_vcl.c +++ b/bin/varnishd/cache/cache_vcl.c @@ -461,8 +461,7 @@ vcl_call_method(struct worker *wrk, struct req *req, struct busyobj *bo, ctx.bo = bo; ctx.now = bo->t_prev; } - if (ctx.now == 0) - ctx.now = VTIM_real(); + assert(ctx.now != 0); ctx.ws = ws; ctx.vsl = vsl; ctx.method = method; From phk at FreeBSD.org Wed Feb 25 10:40:05 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 25 Feb 2015 11:40:05 +0100 Subject: [master] 4a0f8c7 Remove unused #include Message-ID: commit 4a0f8c72b4fbc962bae8fdfbdaeed40ffcbc0c29 Author: Poul-Henning Kamp Date: Wed Feb 25 10:39:53 2015 +0000 Remove unused #include diff --git a/bin/varnishd/cache/cache_vcl.c b/bin/varnishd/cache/cache_vcl.c index f096b60..6918ff9 100644 --- a/bin/varnishd/cache/cache_vcl.c +++ b/bin/varnishd/cache/cache_vcl.c @@ -43,7 +43,6 @@ #include "vrt.h" #include "vcli.h" #include "vcli_priv.h" -#include "vtim.h" struct vcls { unsigned magic; From phk at FreeBSD.org Wed Feb 25 10:56:43 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 25 Feb 2015 11:56:43 +0100 Subject: [master] d914104 Silence flexelint Message-ID: commit d9141042fa324d1e539cdb7e9c5cff2400bba388 Author: Poul-Henning Kamp Date: Wed Feb 25 10:56:01 2015 +0000 Silence flexelint diff --git a/bin/varnishd/flint.lnt b/bin/varnishd/flint.lnt index d394f75..408513a 100644 --- a/bin/varnishd/flint.lnt +++ b/bin/varnishd/flint.lnt @@ -148,6 +148,7 @@ -esym(525, __builtin_return_address) // Not defined // cache_vcl.c +-esym(528, vcl_call_method) // Not referenced -esym(528, vcl_handlingname) // Not referenced -e641 // Converting enum 'cli_status_e' to int From phk at FreeBSD.org Wed Feb 25 10:56:43 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 25 Feb 2015 11:56:43 +0100 Subject: [master] f24d649 Add back SLT_BackendOpen and give it both endpoints. Message-ID: commit f24d649b00b61199f452c845142392d14d2d5c52 Author: Poul-Henning Kamp Date: Wed Feb 25 10:56:22 2015 +0000 Add back SLT_BackendOpen and give it both endpoints. diff --git a/bin/varnishd/cache/cache_backend.c b/bin/varnishd/cache/cache_backend.c index 3e1b1bf..c2cf666 100644 --- a/bin/varnishd/cache/cache_backend.c +++ b/bin/varnishd/cache/cache_backend.c @@ -42,6 +42,7 @@ #include "cache_backend.h" #include "cache_director.h" #include "vrt.h" +#include "vtcp.h" #define FIND_TMO(tmx, dst, bo, be) \ do { \ @@ -85,6 +86,8 @@ vbe_dir_getfd(const struct director *d, struct busyobj *bo) struct backend *bp; double tmod; const struct vrt_backend *vrt; + char abuf1[VTCP_ADDRBUFSIZE], abuf2[VTCP_ADDRBUFSIZE]; + char pbuf1[VTCP_PORTBUFSIZE], pbuf2[VTCP_PORTBUFSIZE]; CHECK_OBJ_NOTNULL(bo, BUSYOBJ_MAGIC); CHECK_OBJ_NOTNULL(d, DIRECTOR_MAGIC); @@ -123,6 +126,11 @@ vbe_dir_getfd(const struct director *d, struct busyobj *bo) bp->vsc->conn++; Lck_Unlock(&bp->mtx); + VTCP_myname(vc->fd, abuf1, sizeof abuf1, pbuf1, sizeof pbuf1); + VTCP_hisname(vc->fd, abuf2, sizeof abuf2, pbuf2, sizeof pbuf2); + VSLb(bo->vsl, SLT_BackendOpen, "%d %s %s %s %s %s", + vc->fd, bp->display_name, abuf2, pbuf2, abuf1, pbuf1); + vc->backend->vsc->req++; if (bo->htc == NULL) bo->htc = WS_Alloc(bo->ws, sizeof *bo->htc); diff --git a/include/tbl/vsl_tags.h b/include/tbl/vsl_tags.h index 7dd918d..d8fc721 100644 --- a/include/tbl/vsl_tags.h +++ b/include/tbl/vsl_tags.h @@ -101,12 +101,14 @@ SLTM(SessClose, 0, "Client connection closed", SLTM(BackendOpen, 0, "Backend connection opened", "Logged when a new backend connection is opened.\n\n" "The format is::\n\n" - "\t%d %s %s %s\n" - "\t| | | |\n" - "\t| | | +- Remote port\n" - "\t| | +---- Remote address\n" - "\t| +------- Backend display name\n" - "\t+---------- Connection file descriptor\n" + "\t%d %s %s %s %s %s\n" + "\t| | | | | |\n" + "\t| | | | | +- Local port\n" + "\t| | | | +---- Local address\n" + "\t| | | +------- Remote port\n" + "\t| | +---------- Remote address\n" + "\t| +------------- Backend display name\n" + "\t+---------------- Connection file descriptor\n" "\n" ) From phk at FreeBSD.org Wed Feb 25 12:11:02 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 25 Feb 2015 13:11:02 +0100 Subject: [master] 4ea3958 Replace checks with the MGT process already did with asserts. Message-ID: commit 4ea395801de9b195df42b0ae1381d21955fd1130 Author: Poul-Henning Kamp Date: Wed Feb 25 12:10:39 2015 +0000 Replace checks with the MGT process already did with asserts. diff --git a/bin/varnishd/cache/cache_vcl.c b/bin/varnishd/cache/cache_vcl.c index 6918ff9..d152cb1 100644 --- a/bin/varnishd/cache/cache_vcl.c +++ b/bin/varnishd/cache/cache_vcl.c @@ -290,7 +290,7 @@ VCL_Poll(void) /*--------------------------------------------------------------------*/ -static void +static void __match_proto__(cli_func_t) ccf_config_list(struct cli *cli, const char * const *av, void *priv) { struct vcls *vcl; @@ -313,39 +313,29 @@ ccf_config_list(struct cli *cli, const char * const *av, void *priv) } } -static void +static void __match_proto__(cli_func_t) ccf_config_load(struct cli *cli, const char * const *av, void *priv) { - (void)av; - (void)priv; + AZ(priv); ASSERT_CLI(); if (VCL_Load(av[3], av[2], cli)) VCLI_SetResult(cli, CLIS_PARAM); return; } -static void +static void __match_proto__(cli_func_t) ccf_config_discard(struct cli *cli, const char * const *av, void *priv) { struct vcls *vcl; ASSERT_CLI(); + (void)cli; AZ(priv); - (void)priv; vcl = vcl_find(av[2]); - if (vcl == NULL) { - VCLI_SetResult(cli, CLIS_PARAM); - VCLI_Out(cli, "VCL '%s' unknown", av[2]); - return; - } + AN(vcl); // MGT ensures this Lck_Lock(&vcl_mtx); - if (vcl == vcl_active) { - Lck_Unlock(&vcl_mtx); - VCLI_SetResult(cli, CLIS_PARAM); - VCLI_Out(cli, "VCL %s is the active VCL", av[2]); - return; - } + assert (vcl != vcl_active); // MGT ensures this VSC_C_main->n_vcl_discard++; VSC_C_main->n_vcl_avail--; vcl->conf->discard = 1; @@ -355,22 +345,17 @@ ccf_config_discard(struct cli *cli, const char * const *av, void *priv) VCL_Nuke(vcl); } -static void +static void __match_proto__(cli_func_t) ccf_config_use(struct cli *cli, const char * const *av, void *priv) { struct vcls *vcl; struct vrt_ctx ctx; unsigned hand = 0; - (void)av; - (void)priv; + ASSERT_CLI(); + AZ(priv); vcl = vcl_find(av[2]); - if (vcl == NULL) { - VCLI_Out(cli, "No VCL named '%s'", av[2]); - VCLI_SetResult(cli, CLIS_PARAM); - return; - } - + AN(vcl); // MGT ensures this INIT_OBJ(&ctx, VRT_CTX_MAGIC); ctx.handling = &hand; ctx.cli = cli; @@ -385,14 +370,15 @@ ccf_config_use(struct cli *cli, const char * const *av, void *priv) Lck_Unlock(&vcl_mtx); } -static void +static void __match_proto__(cli_func_t) ccf_config_show(struct cli *cli, const char * const *av, void *priv) { struct vcls *vcl; int verbose = 0; int i; - (void)priv; + ASSERT_CLI(); + AZ(priv); if (!strcmp(av[2], "-v") && av[3] == NULL) { VCLI_Out(cli, "Too few parameters"); VCLI_SetResult(cli, CLIS_TOOFEW); From phk at FreeBSD.org Wed Feb 25 13:30:18 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 25 Feb 2015 14:30:18 +0100 Subject: [master] 076e077 Remove unused #includes and an unused function argument Message-ID: commit 076e0770c521661082be1f52a5101d82512eb933 Author: Poul-Henning Kamp Date: Wed Feb 25 13:30:01 2015 +0000 Remove unused #includes and an unused function argument diff --git a/bin/varnishd/cache/cache_backend.c b/bin/varnishd/cache/cache_backend.c index c2cf666..1d97950 100644 --- a/bin/varnishd/cache/cache_backend.c +++ b/bin/varnishd/cache/cache_backend.c @@ -279,7 +279,7 @@ VRT_init_vbe(VRT_CTX, struct director **dp, const struct vrt_backend *vrt) AZ(*dp); CHECK_OBJ_NOTNULL(vrt, VRT_BACKEND_MAGIC); - be = VBE_AddBackend(NULL, vrt); + be = VBE_AddBackend(vrt); AN(be); ALLOC_OBJ(d, DIRECTOR_MAGIC); XXXAN(d); diff --git a/bin/varnishd/cache/cache_backend.h b/bin/varnishd/cache/cache_backend.h index c7370a9..f07cad0 100644 --- a/bin/varnishd/cache/cache_backend.h +++ b/bin/varnishd/cache/cache_backend.h @@ -109,7 +109,7 @@ void VBE_DropRefVcl(struct backend *); void VBE_DropRefLocked(struct backend *b, const struct acct_bereq *); unsigned VBE_Healthy(const struct backend *b, double *changed); void VBE_InitCfg(void); -struct backend *VBE_AddBackend(struct cli *cli, const struct vrt_backend *vb); +struct backend *VBE_AddBackend(const struct vrt_backend *vb); void VBE_Poll(void); /* cache_backend_poll.c */ diff --git a/bin/varnishd/cache/cache_backend_cfg.c b/bin/varnishd/cache/cache_backend_cfg.c index 6f6e2e1..79968f9 100644 --- a/bin/varnishd/cache/cache_backend_cfg.c +++ b/bin/varnishd/cache/cache_backend_cfg.c @@ -152,15 +152,14 @@ VBE_DropRefConn(struct backend *b, const struct acct_bereq *acct_bereq) */ struct backend * -VBE_AddBackend(struct cli *cli, const struct vrt_backend *vb) +VBE_AddBackend(const struct vrt_backend *vb) { struct backend *b; char buf[128]; + ASSERT_CLI(); AN(vb->vcl_name); assert(vb->ipv4_suckaddr != NULL || vb->ipv6_suckaddr != NULL); - (void)cli; - ASSERT_CLI(); /* Run through the list and see if we already have this backend */ VTAILQ_FOREACH(b, &backends, list) { diff --git a/bin/varnishd/cache/cache_fetch_proc.c b/bin/varnishd/cache/cache_fetch_proc.c index 8030fe4..8e5be9f 100644 --- a/bin/varnishd/cache/cache_fetch_proc.c +++ b/bin/varnishd/cache/cache_fetch_proc.c @@ -39,7 +39,6 @@ #include "hash/hash_slinger.h" -#include "cache_backend.h" #include "vcli_priv.h" static unsigned fetchfrag; diff --git a/bin/varnishd/cache/cache_shmlog.c b/bin/varnishd/cache/cache_shmlog.c index 8554658..d48f776 100644 --- a/bin/varnishd/cache/cache_shmlog.c +++ b/bin/varnishd/cache/cache_shmlog.c @@ -35,8 +35,6 @@ #include "cache.h" #include "common/heritage.h" -#include "cache_backend.h" // For wrk->vbc - #include "vmb.h" #include "vtim.h" diff --git a/bin/varnishd/cache/cache_vcl.c b/bin/varnishd/cache/cache_vcl.c index d152cb1..2522b81 100644 --- a/bin/varnishd/cache/cache_vcl.c +++ b/bin/varnishd/cache/cache_vcl.c @@ -37,7 +37,6 @@ #include #include "cache.h" -#include "cache_backend.h" #include "vcl.h" #include "vrt.h" diff --git a/bin/varnishd/http1/cache_http1_fetch.c b/bin/varnishd/http1/cache_http1_fetch.c index 7e3215f..634bfe9 100644 --- a/bin/varnishd/http1/cache_http1_fetch.c +++ b/bin/varnishd/http1/cache_http1_fetch.c @@ -37,7 +37,6 @@ #include "hash/hash_slinger.h" -#include "cache/cache_backend.h" #include "cache/cache_director.h" #include "vcli_priv.h" #include "vtcp.h" From phk at FreeBSD.org Wed Feb 25 14:30:15 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 25 Feb 2015 15:30:15 +0100 Subject: [master] 4998fb2 Remove the debugging CLI commands to cache_panic.c where they belong Message-ID: commit 4998fb2e492e06b74ce2f9c0f1b66f8a843e356c Author: Poul-Henning Kamp Date: Wed Feb 25 13:57:38 2015 +0000 Remove the debugging CLI commands to cache_panic.c where they belong diff --git a/bin/varnishd/cache/cache_cli.c b/bin/varnishd/cache/cache_cli.c index c53d360..6bdf3f0 100644 --- a/bin/varnishd/cache/cache_cli.c +++ b/bin/varnishd/cache/cache_cli.c @@ -36,19 +36,14 @@ #include "config.h" -#include // offsetof - #include "cache.h" #include "common/heritage.h" #include "cache_backend.h" // struct vbc -#include "hash/hash_slinger.h" // struct objhead -#include "vsa.h" #include "vcli.h" #include "vcli_common.h" #include "vcli_priv.h" #include "vcli_serve.h" -#include "storage/storage.h" // struct storage pthread_t cli_thread; static struct lock cli_mtx; @@ -116,96 +111,9 @@ CLI_Run(void) /*--------------------------------------------------------------------*/ -static void -cli_debug_sizeof(struct cli *cli, const char * const *av, void *priv) -{ - (void)av; - (void)priv; - -#define SZOF(foo) VCLI_Out(cli, \ - "sizeof(%s) = %zd = 0x%zx\n", #foo, sizeof(foo), sizeof(foo)) - SZOF(struct ws); - SZOF(struct http); - SZOF(struct http_conn); - SZOF(struct acct_req); - SZOF(struct worker); - SZOF(struct wrk_accept); - SZOF(struct storage); - SZOF(struct busyobj); - SZOF(struct object); - SZOF(struct objcore); - SZOF(struct objhead); - SZOF(struct sess); - SZOF(struct req); - SZOF(struct vbc); - SZOF(struct VSC_C_main); - SZOF(struct lock); - SZOF(struct dstat); - VCLI_Out(cli, "sizeof(struct suckaddr) = %d = 0x%x\n", - vsa_suckaddr_len, vsa_suckaddr_len); -#if 0 -#define OFOF(foo, bar) { foo __foo; VCLI_Out(cli, \ - "%-30s = 0x%4zx @ 0x%4zx\n", \ - #foo "." #bar, sizeof(__foo.bar), offsetof(foo, bar)); } -#if 0 - OFOF(struct objhead, magic); - OFOF(struct objhead, refcnt); - OFOF(struct objhead, mtx); - OFOF(struct objhead, objcs); - OFOF(struct objhead, digest); - OFOF(struct objhead, waitinglist); - OFOF(struct objhead, _u); -#endif -#if 0 - OFOF(struct http, magic); - OFOF(struct http, logtag); - OFOF(struct http, ws); - OFOF(struct http, hd); - OFOF(struct http, hdf); - OFOF(struct http, shd); - OFOF(struct http, nhd); - OFOF(struct http, status); - OFOF(struct http, protover); - OFOF(struct http, conds); -#endif -#if 0 - OFOF(struct storage, magic); - OFOF(struct storage, fd); - OFOF(struct storage, where); - OFOF(struct storage, list); - OFOF(struct storage, stevedore); - OFOF(struct storage, priv); - OFOF(struct storage, ptr); - OFOF(struct storage, len); - OFOF(struct storage, space); -#endif -#undef OFOF -#endif -} - -/*--------------------------------------------------------------------*/ - -static void -ccf_panic(struct cli *cli, const char * const *av, void *priv) -{ - - (void)cli; - (void)av; - (void)priv; - AZ(strcmp("", "You asked for it")); -} - -/*--------------------------------------------------------------------*/ - -static struct cli_proto master_cmds[] = { +static struct cli_proto cli_cmds[] = { { CLI_PING, "i", VCLS_func_ping }, { CLI_HELP, "i", VCLS_func_help }, - { "debug.sizeof", "debug.sizeof", - "\tDump sizeof various data structures.", - 0, 0, "d", cli_debug_sizeof }, - { "debug.panic.worker", "debug.panic.worker", - "\tPanic the worker process.", - 0, 0, "d", ccf_panic }, { NULL } }; @@ -224,5 +132,5 @@ CLI_Init(void) &cache_param->cli_buffer, &cache_param->cli_limit); AN(cls); - CLI_AddFuncs(master_cmds); + CLI_AddFuncs(cli_cmds); } diff --git a/bin/varnishd/cache/cache_main.c b/bin/varnishd/cache/cache_main.c index 469134d..3e5ebb6 100644 --- a/bin/varnishd/cache/cache_main.c +++ b/bin/varnishd/cache/cache_main.c @@ -211,8 +211,8 @@ child_main(void) Lck_New(&vxid_lock, lck_vxid); - PAN_Init(); CLI_Init(); + PAN_Init(); VFP_Init(); Wait_Init(); diff --git a/bin/varnishd/cache/cache_panic.c b/bin/varnishd/cache/cache_panic.c index 193ac22..e04850b 100644 --- a/bin/varnishd/cache/cache_panic.c +++ b/bin/varnishd/cache/cache_panic.c @@ -36,18 +36,23 @@ #endif #include +#include // offsetof() #include #include #include "cache.h" #include "cache_filter.h" +#include "hash/hash_slinger.h" // struct objhead #include "vend.h" #include "common/heritage.h" #include "cache_backend.h" #include "storage/storage.h" #include "vcl.h" +#include "vcli.h" +#include "vcli_priv.h" #include "waiter/waiter.h" +#include "vsa.h" /* * The panic string is constructed in memory, then copied to the @@ -572,6 +577,99 @@ pan_ic(const char *func, const char *file, int line, const char *cond, /*--------------------------------------------------------------------*/ +static void __match_proto__(cli_func_t) +cli_debug_sizeof(struct cli *cli, const char * const *av, void *priv) +{ + (void)av; + AZ(priv); + +#define SZOF(foo) VCLI_Out(cli, \ + "sizeof(%s) = %zd = 0x%zx\n", #foo, sizeof(foo), sizeof(foo)) + SZOF(struct ws); + SZOF(struct http); + SZOF(struct http_conn); + SZOF(struct acct_req); + SZOF(struct worker); + SZOF(struct wrk_accept); + SZOF(struct storage); + SZOF(struct busyobj); + SZOF(struct object); + SZOF(struct objcore); + SZOF(struct objhead); + SZOF(struct sess); + SZOF(struct req); + SZOF(struct vbc); + SZOF(struct VSC_C_main); + SZOF(struct lock); + SZOF(struct dstat); + VCLI_Out(cli, "sizeof(struct suckaddr) = %d = 0x%x\n", + vsa_suckaddr_len, vsa_suckaddr_len); +#if 0 +#define OFOF(foo, bar) { foo __foo; VCLI_Out(cli, \ + "%-30s = 0x%4zx @ 0x%4zx\n", \ + #foo "." #bar, sizeof(__foo.bar), offsetof(foo, bar)); } +#if 0 + OFOF(struct objhead, magic); + OFOF(struct objhead, refcnt); + OFOF(struct objhead, mtx); + OFOF(struct objhead, objcs); + OFOF(struct objhead, digest); + OFOF(struct objhead, waitinglist); + OFOF(struct objhead, _u); +#endif +#if 0 + OFOF(struct http, magic); + OFOF(struct http, logtag); + OFOF(struct http, ws); + OFOF(struct http, hd); + OFOF(struct http, hdf); + OFOF(struct http, shd); + OFOF(struct http, nhd); + OFOF(struct http, status); + OFOF(struct http, protover); + OFOF(struct http, conds); +#endif +#if 0 + OFOF(struct storage, magic); + OFOF(struct storage, fd); + OFOF(struct storage, where); + OFOF(struct storage, list); + OFOF(struct storage, stevedore); + OFOF(struct storage, priv); + OFOF(struct storage, ptr); + OFOF(struct storage, len); + OFOF(struct storage, space); +#endif +#undef OFOF +#endif +} + +/*--------------------------------------------------------------------*/ + +static void __match_proto__(cli_func_t) +ccf_panic(struct cli *cli, const char * const *av, void *priv) +{ + + (void)cli; + (void)av; + AZ(priv); + AZ(strcmp("", "You asked for it")); +} + +/*--------------------------------------------------------------------*/ + +static struct cli_proto debug_cmds[] = { + { "debug.sizeof", "debug.sizeof", + "\tDump sizeof various data structures.", + 0, 0, "d", cli_debug_sizeof }, + { "debug.panic.worker", "debug.panic.worker", + "\tPanic the worker process.", + 0, 0, "d", ccf_panic }, + { NULL } +}; + +/*--------------------------------------------------------------------*/ + void PAN_Init(void) { @@ -582,4 +680,5 @@ PAN_Init(void) AN(heritage.panic_str_len); AN(VSB_new(pan_vsp, heritage.panic_str, heritage.panic_str_len, VSB_FIXEDLEN)); + CLI_AddFuncs(debug_cmds); } From phk at FreeBSD.org Wed Feb 25 14:30:15 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 25 Feb 2015 15:30:15 +0100 Subject: [master] 9454f7b Unneeded #include Message-ID: commit 9454f7b2949faa6dca006f3d0824592d8aed2bac Author: Poul-Henning Kamp Date: Wed Feb 25 14:19:17 2015 +0000 Unneeded #include diff --git a/bin/varnishd/cache/cache_panic.c b/bin/varnishd/cache/cache_panic.c index e04850b..bc88148 100644 --- a/bin/varnishd/cache/cache_panic.c +++ b/bin/varnishd/cache/cache_panic.c @@ -49,7 +49,6 @@ #include "cache_backend.h" #include "storage/storage.h" #include "vcl.h" -#include "vcli.h" #include "vcli_priv.h" #include "waiter/waiter.h" #include "vsa.h" From phk at FreeBSD.org Wed Feb 25 14:30:15 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 25 Feb 2015 15:30:15 +0100 Subject: [master] c095a4d Make getting a backend connections IP something we ask the director about, and return NULL if they won't tell us. Message-ID: commit c095a4d45030a961bf2916aa5fda97d743133e0a Author: Poul-Henning Kamp Date: Wed Feb 25 14:29:42 2015 +0000 Make getting a backend connections IP something we ask the director about, and return NULL if they won't tell us. diff --git a/bin/varnishd/cache/cache_backend.c b/bin/varnishd/cache/cache_backend.c index 1d97950..6d640b8 100644 --- a/bin/varnishd/cache/cache_backend.c +++ b/bin/varnishd/cache/cache_backend.c @@ -245,11 +245,27 @@ vbe_dir_getbody(const struct director *d, struct worker *wrk, CHECK_OBJ_NOTNULL(d, DIRECTOR_MAGIC); CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC); CHECK_OBJ_NOTNULL(bo, BUSYOBJ_MAGIC); + CHECK_OBJ_NOTNULL(bo->vfc, VFP_CTX_MAGIC); + CHECK_OBJ_NOTNULL(bo->htc, HTTP_CONN_MAGIC); V1F_Setup_Fetch(bo->vfc, bo->htc); return (0); } +static const struct suckaddr * __match_proto__(vdi_getip_f) +vbe_dir_getip(const struct director *d, struct worker *wrk, + struct busyobj *bo) +{ + + CHECK_OBJ_NOTNULL(d, DIRECTOR_MAGIC); + CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC); + CHECK_OBJ_NOTNULL(bo, BUSYOBJ_MAGIC); + CHECK_OBJ_NOTNULL(bo->htc, HTTP_CONN_MAGIC); + CHECK_OBJ_NOTNULL(bo->htc->vbc, VBC_MAGIC); + + return (bo->htc->vbc->addr); +} + /*--------------------------------------------------------------------*/ static void @@ -291,6 +307,7 @@ VRT_init_vbe(VRT_CTX, struct director **dp, const struct vrt_backend *vrt) d->healthy = vbe_dir_healthy; d->gethdrs = vbe_dir_gethdrs; d->getbody = vbe_dir_getbody; + d->getip = vbe_dir_getip; d->finish = vbe_dir_finish; if (vrt->probe != NULL) diff --git a/bin/varnishd/cache/cache_director.c b/bin/varnishd/cache/cache_director.c index 9f71aa7..49a0405 100644 --- a/bin/varnishd/cache/cache_director.c +++ b/bin/varnishd/cache/cache_director.c @@ -106,6 +106,26 @@ VDI_GetBody(struct worker *wrk, struct busyobj *bo) return (d->getbody(d, wrk, bo)); } +/* Get IP number (if any ) -------------------------------------------*/ + +const struct suckaddr * +VDI_GetIP(struct worker *wrk, struct busyobj *bo) +{ + const struct director *d; + + CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC); + CHECK_OBJ_NOTNULL(bo, BUSYOBJ_MAGIC); + + d = bo->director_resp; + CHECK_OBJ_NOTNULL(d, DIRECTOR_MAGIC); + assert(bo->director_state == DIR_S_HDRS || + bo->director_state == DIR_S_BODY); + AZ(d->resolve); + if (d->getip == NULL) + return (NULL); + return (d->getip(d, wrk, bo)); +} + /* Finish fetch ------------------------------------------------------*/ void diff --git a/bin/varnishd/cache/cache_director.h b/bin/varnishd/cache/cache_director.h index 6744ff1..cf7af4b 100644 --- a/bin/varnishd/cache/cache_director.h +++ b/bin/varnishd/cache/cache_director.h @@ -53,6 +53,8 @@ typedef int vdi_gethdrs_f(const struct director *, struct worker *, struct busyobj *); typedef int vdi_getbody_f(const struct director *, struct worker *, struct busyobj *); +typedef const struct suckaddr *vdi_getip_f(const struct director *, + struct worker *, struct busyobj *); typedef void vdi_finish_f(const struct director *, struct worker *, struct busyobj *); @@ -69,6 +71,7 @@ struct director { vdi_resolve_f *resolve; vdi_gethdrs_f *gethdrs; vdi_getbody_f *getbody; + vdi_getip_f *getip; vdi_finish_f *finish; void *priv; const void *priv2; @@ -76,8 +79,10 @@ struct director { /* cache_director.c */ -int VDI_GetHdr(struct worker *wrk, struct busyobj *bo); -int VDI_GetBody(struct worker *wrk, struct busyobj *bo); +int VDI_GetHdr(struct worker *, struct busyobj *); +int VDI_GetBody(struct worker *, struct busyobj *); +const struct suckaddr *VDI_GetIP(struct worker *, struct busyobj *); + void VDI_Finish(struct worker *wrk, struct busyobj *bo); int VDI_Http1Pipe(struct req *, struct busyobj *); diff --git a/bin/varnishd/cache/cache_vrt_var.c b/bin/varnishd/cache/cache_vrt_var.c index fdfe1de..96bbc65 100644 --- a/bin/varnishd/cache/cache_vrt_var.c +++ b/bin/varnishd/cache/cache_vrt_var.c @@ -38,7 +38,6 @@ #include "common/heritage.h" #include "hash/hash_slinger.h" -#include "cache_backend.h" #include "cache_director.h" #include "vrt.h" #include "vrt_obj.h" @@ -317,9 +316,7 @@ VRT_r_beresp_backend_ip(VRT_CTX) CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC); CHECK_OBJ_NOTNULL(ctx->bo, BUSYOBJ_MAGIC); - if (ctx->bo->htc != NULL && ctx->bo->htc->vbc != NULL) - return(ctx->bo->htc->vbc->addr); - return (NULL); + return (VDI_GetIP(ctx->bo->wrk, ctx->bo)); } /*--------------------------------------------------------------------*/ From phk at FreeBSD.org Wed Feb 25 14:33:31 2015 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 25 Feb 2015 15:33:31 +0100 Subject: [master] 36684de Move *_Init functions to cache.h to reduce #include pollution Message-ID: