=== modified file 'src/anyp/PortCfg.cc' --- src/anyp/PortCfg.cc 2013-06-03 14:05:16 +0000 +++ src/anyp/PortCfg.cc 2013-07-06 14:20:48 +0000 @@ -1,6 +1,7 @@ #include "squid.h" #include "anyp/PortCfg.h" #include "comm.h" +#include #if HAVE_LIMITS #include #endif @@ -15,7 +16,18 @@ AnyP::PortCfg::PortCfg(const char *aProtocol) : next(NULL), - protocol(xstrdup(aProtocol)), + name(NULL), + defaultsite(NULL) +#if USE_SSL + ,dynamicCertMemCacheSize(std::numeric_limits::max()) +#endif +{ + setTransport(aProtocol); +} + +AnyP::PortCfg::PortCfg(const AnyP::ProtocolVersion &ptv) : + next(NULL), + transport(ptv), name(NULL), defaultsite(NULL) #if USE_SSL @@ -32,7 +44,6 @@ safe_free(name); safe_free(defaultsite); - safe_free(protocol); #if USE_SSL safe_free(cert); @@ -50,7 +61,7 @@ AnyP::PortCfg * AnyP::PortCfg::clone() const { - AnyP::PortCfg *b = new AnyP::PortCfg(protocol); + AnyP::PortCfg *b = new AnyP::PortCfg(transport); b->s = s; if (name) @@ -99,18 +110,18 @@ if (!signingCert) { char buf[128]; - fatalf("No valid signing SSL certificate configured for %s_port %s", protocol, s.toUrl(buf, sizeof(buf))); + fatalf("No valid signing SSL certificate configured for %s_port %s", AnyP::ProtocolType_str[transport], s.toUrl(buf, sizeof(buf))); } if (!signPkey) - debugs(3, DBG_IMPORTANT, "No SSL private key configured for " << protocol << "_port " << s); + debugs(3, DBG_IMPORTANT, "No SSL private key configured for " << AnyP::ProtocolType_str[transport] << "_port " << s); Ssl::generateUntrustedCert(untrustedSigningCert, untrustedSignPkey, signingCert, signPkey); if (!untrustedSigningCert) { char buf[128]; - fatalf("Unable to generate signing SSL certificate for untrusted sites for %s_port %s", protocol, s.toUrl(buf, sizeof(buf))); + fatalf("Unable to generate signing SSL certificate for untrusted sites for %s_port %s", AnyP::ProtocolType_str[transport], s.toUrl(buf, sizeof(buf))); } if (crlfile) @@ -139,8 +150,20 @@ if (!staticSslContext) { char buf[128]; - fatalf("%s_port %s initialization error", protocol, s.toUrl(buf, sizeof(buf))); + fatalf("%s_port %s initialization error", AnyP::ProtocolType_str[transport], s.toUrl(buf, sizeof(buf))); } } #endif +void +AnyP::PortCfg::setTransport(const char *aProtocol) +{ + if (strcasecmp("http", aProtocol) != 0 || strcmp("HTTP/1.1", aProtocol) != 0) + transport = AnyP::ProtocolVersion(AnyP::PROTO_HTTP, 1,1); + + else if (strcasecmp("https", aProtocol) != 0 || strcmp("HTTPS/1.1", aProtocol) != 0) + transport = AnyP::ProtocolVersion(AnyP::PROTO_HTTPS, 1,1); + + else + debugs(3, DBG_PARSE_NOTE(DBG_IMPORTANT), "WARNING: http(s)_port protocol=" << aProtocol << " is not supported. Using " << transport); +} === modified file 'src/anyp/PortCfg.h' --- src/anyp/PortCfg.h 2013-06-13 11:08:58 +0000 +++ src/anyp/PortCfg.h 2013-07-06 13:43:15 +0000 @@ -2,6 +2,7 @@ #define SQUID_ANYP_PORTCFG_H #include "anyp/forward.h" +#include "anyp/ProtocolVersion.h" #include "anyp/TrafficMode.h" #include "comm/Connection.h" @@ -16,6 +17,7 @@ { public: PortCfg(const char *aProtocol); + PortCfg(const AnyP::ProtocolVersion &aProtocol); ~PortCfg(); AnyP::PortCfg *clone() const; #if USE_SSL @@ -23,10 +25,17 @@ void configureSslServerContext(); #endif + /** + * Set this ports transport type from a string representation. + * Unknown transport type representations are ignored. + * Supports: HTTP, HTTP/1.1, HTTPS, HTTPS/1.1. + */ + void setTransport(const char *aProtocol); + PortCfg *next; Ip::Address s; - char *protocol; /* protocol name */ + ProtocolVersion transport; ///< transport protocol and version received by this port char *name; /* visible name */ char *defaultsite; /* default web site */ === modified file 'src/cache_cf.cc' --- src/cache_cf.cc 2013-06-29 14:43:23 +0000 +++ src/cache_cf.cc 2013-07-06 09:12:56 +0000 @@ -79,6 +79,7 @@ #include "wordlist.h" #include "neighbors.h" #include "tools.h" +#include "URLScheme.h" /* wccp2 has its own conditional definitions */ #include "wccp2.h" #if USE_ADAPTATION @@ -3539,17 +3540,17 @@ host = token + 1; t = strchr(host, ']'); if (!t) { - debugs(3, DBG_CRITICAL, s->protocol << "_port: missing ']' on IPv6 address: " << token); + debugs(3, DBG_CRITICAL, "FATAL: " << URLScheme(s->transport.protocol).const_str() << "_port: missing ']' on IPv6 address: " << token); self_destruct(); } *t = '\0'; ++t; if (*t != ':') { - debugs(3, DBG_CRITICAL, s->protocol << "_port: missing Port in: " << token); + debugs(3, DBG_CRITICAL, "FATAL: " << URLScheme(s->transport.protocol).const_str() << "_port: missing Port in: " << token); self_destruct(); } if (!Ip::EnableIpv6) { - debugs(3, DBG_CRITICAL, "FATAL: " << s->protocol << "_port: IPv6 is not available."); + debugs(3, DBG_CRITICAL, "FATAL: " << URLScheme(s->transport.protocol).const_str() << "_port: IPv6 is not available."); self_destruct(); } port = xatos(t + 1); @@ -3562,14 +3563,14 @@ } else if (strtol(token, &junk, 10) && !*junk) { port = xatos(token); - debugs(3, 3, s->protocol << "_port: found Listen on Port: " << port); + debugs(3, 3, URLScheme(s->transport.protocol).const_str() << "_port: found Listen on Port: " << port); } else { - debugs(3, DBG_CRITICAL, s->protocol << "_port: missing Port: " << token); + debugs(3, DBG_CRITICAL, "FATAL: " << URLScheme(s->transport.protocol).const_str() << "_port: missing Port: " << token); self_destruct(); } if (port == 0 && host != NULL) { - debugs(3, DBG_CRITICAL, s->protocol << "_port: Port cannot be 0: " << token); + debugs(3, DBG_CRITICAL, "FATAL: " << URLScheme(s->transport.protocol).const_str() << "_port: Port cannot be 0: " << token); self_destruct(); } @@ -3578,21 +3579,21 @@ s->s.port(port); if (!Ip::EnableIpv6) s->s.setIPv4(); - debugs(3, 3, s->protocol << "_port: found Listen on wildcard address: *:" << s->s.port() ); + debugs(3, 3, URLScheme(s->transport.protocol).const_str() << "_port: found Listen on wildcard address: *:" << s->s.port()); } else if ( (s->s = host) ) { /* check/parse numeric IPA */ s->s.port(port); if (!Ip::EnableIpv6) s->s.setIPv4(); - debugs(3, 3, s->protocol << "_port: Listen on Host/IP: " << host << " --> " << s->s); + debugs(3, 3, URLScheme(s->transport.protocol).const_str() << "_port: Listen on Host/IP: " << host << " --> " << s->s); } else if ( s->s.GetHostByName(host) ) { /* check/parse for FQDN */ /* dont use ipcache */ s->defaultsite = xstrdup(host); s->s.port(port); if (!Ip::EnableIpv6) s->s.setIPv4(); - debugs(3, 3, s->protocol << "_port: found Listen as Host " << s->defaultsite << " on IP: " << s->s); + debugs(3, 3, URLScheme(s->transport.protocol).const_str() << "_port: found Listen as Host " << s->defaultsite << " on IP: " << s->s); } else { - debugs(3, DBG_CRITICAL, s->protocol << "_port: failed to resolve Host/IP: " << host); + debugs(3, DBG_CRITICAL, "FATAL: " << URLScheme(s->transport.protocol).const_str() << "_port: failed to resolve Host/IP: " << host); self_destruct(); } } @@ -3677,7 +3678,7 @@ debugs(3, DBG_CRITICAL, "FATAL: http(s)_port: protocol option requires Acceleration mode flag."); self_destruct(); } - s->protocol = xstrdup(token + 9); + s->setTransport(token + 9); } else if (strcmp(token, "allow-direct") == 0) { if (!s->flags.accelSurrogate) { debugs(3, DBG_CRITICAL, "FATAL: http(s)_port: allow-direct option requires Acceleration mode flag."); @@ -3839,7 +3840,7 @@ } #if USE_SSL - if (strcmp(protocol, "https") == 0) { + if (transport.protocol == AnyP::PROTO_HTTPS) { /* ssl-bump on https_port configuration requires either tproxy or intercept, and vice versa */ const bool hijacked = s->flags.isIntercepted(); if (s->flags.tunnelSslBumping && !hijacked) { @@ -3857,7 +3858,7 @@ // clone the port options from *s to *(s->next) s->next = cbdataReference(s->clone()); s->next->s.setIPv4(); - debugs(3, 3, protocol << "_port: clone wildcard address for split-stack: " << s->s << " and " << s->next->s); + debugs(3, 3, URLScheme(s->transport.protocol).const_str() << "_port: clone wildcard address for split-stack: " << s->s << " and " << s->next->s); } while (*head) @@ -3896,8 +3897,9 @@ if (s->defaultsite) storeAppendPrintf(e, " defaultsite=%s", s->defaultsite); - if (s->protocol && strcmp(s->protocol,"http") != 0) - storeAppendPrintf(e, " protocol=%s", s->protocol); + // TODO: compare against prefix of 'n' instead of assuming http_port + if (s->transport.protocol != AnyP::PROTO_HTTP) + storeAppendPrintf(e, " protocol=%s", URLScheme(s->transport.protocol).const_str()); if (s->allow_direct) storeAppendPrintf(e, " allow-direct"); === modified file 'src/cf.data.pre' --- src/cf.data.pre 2013-06-18 06:22:13 +0000 +++ src/cf.data.pre 2013-07-06 13:39:47 +0000 @@ -1614,9 +1614,10 @@ no-vhost Disable using HTTP/1.1 Host header for virtual domain support. - protocol= Protocol to reconstruct accelerated requests with. - Defaults to http for http_port and https for - https_port + protocol= Protocol to reconstruct accelerated and intercepted + requests with. Defaults to HTTP/1.1 for http_port and + HTTPS/1.1 for https_port. + Values: HTTP or HTTP/1.1, HTTPS or HTTPS/1.1 vport Virtual host port support. Using the http_port number instead of the port passed on Host: headers. === modified file 'src/client_side.cc' --- src/client_side.cc 2013-06-29 11:37:08 +0000 +++ src/client_side.cc 2013-07-06 13:32:20 +0000 @@ -2148,7 +2148,7 @@ strlen(host); http->uri = (char *)xcalloc(url_sz, 1); const char *protocol = switchedToHttps ? - "https" : conn->port->protocol; + "https" : URLScheme(conn->port->transport.protocol).const_str(); snprintf(http->uri, url_sz, "%s://%s%s", protocol, host, url); debugs(33, 5, "ACCEL VHOST REWRITE: '" << http->uri << "'"); } else if (conn->port->defaultsite /* && !vhost */) { @@ -2162,7 +2162,7 @@ snprintf(vportStr, sizeof(vportStr),":%d",vport); } snprintf(http->uri, url_sz, "%s://%s%s%s", - conn->port->protocol, conn->port->defaultsite, vportStr, url); + URLScheme(conn->port->transport.protocol).const_str(), conn->port->defaultsite, vportStr, url); debugs(33, 5, "ACCEL DEFAULTSITE REWRITE: '" << http->uri <<"'"); } else if (vport > 0 /* && (!vhost || no Host:) */) { debugs(33, 5, "ACCEL VPORT REWRITE: http_port IP + vport=" << vport); @@ -2171,7 +2171,7 @@ http->uri = (char *)xcalloc(url_sz, 1); http->getConn()->clientConnection->local.toHostStr(ipbuf,MAX_IPSTRLEN); snprintf(http->uri, url_sz, "%s://%s:%d%s", - http->getConn()->port->protocol, + URLScheme(conn->port->transport.protocol).const_str(), ipbuf, vport, url); debugs(33, 5, "ACCEL VPORT REWRITE: '" << http->uri << "'"); } @@ -2192,7 +2192,7 @@ int url_sz = strlen(url) + 32 + Config.appendDomainLen + strlen(host); http->uri = (char *)xcalloc(url_sz, 1); - snprintf(http->uri, url_sz, "%s://%s%s", conn->port->protocol, host, url); + snprintf(http->uri, url_sz, "%s://%s%s", URLScheme(conn->port->transport.protocol).const_str(), host, url); debugs(33, 5, "TRANSPARENT HOST REWRITE: '" << http->uri <<"'"); } else { /* Put the local socket IP address as the hostname. */ @@ -2200,7 +2200,7 @@ http->uri = (char *)xcalloc(url_sz, 1); http->getConn()->clientConnection->local.toHostStr(ipbuf,MAX_IPSTRLEN); snprintf(http->uri, url_sz, "%s://%s:%d%s", - http->getConn()->port->protocol, + URLScheme(http->getConn()->port->transport.protocol).const_str(), ipbuf, http->getConn()->clientConnection->local.port(), url); debugs(33, 5, "TRANSPARENT REWRITE: '" << http->uri << "'"); } @@ -2294,7 +2294,7 @@ /* deny CONNECT via accelerated ports */ if (*method_p == Http::METHOD_CONNECT && csd->port && csd->port->flags.accelSurrogate) { - debugs(33, DBG_IMPORTANT, "WARNING: CONNECT method received on " << csd->port->protocol << " Accelerator port " << csd->port->s.port() ); + debugs(33, DBG_IMPORTANT, "WARNING: CONNECT method received on " << csd->port->transport.protocol << " Accelerator port " << csd->port->s.port()); /* XXX need a way to say "this many character length string" */ debugs(33, DBG_IMPORTANT, "WARNING: for request: " << hp->buf); hp->request_parse_status = Http::scMethodNotAllowed;