--------------------- PatchSet 11347 Date: 2007/03/19 01:21:17 Author: swilton Branch: HEAD Tag: (none) Log: Use the client's DNS lookup if our DNS lookup fails on transparent requests This patch does not cache these objects deliberately to avoid cache poisining Members: src/client_side.c:1.716->1.717 src/comm.c:1.359->1.360 src/dns_internal.c:1.61->1.62 src/forward.c:1.125->1.126 src/ftp.c:1.345->1.346 src/ident.c:1.63->1.64 src/neighbors.c:1.316->1.317 src/protos.h:1.528->1.529 src/ssl.c:1.137->1.138 src/structs.h:1.511->1.512 Index: squid/src/client_side.c =================================================================== RCS file: /cvsroot/squid/squid/src/client_side.c,v retrieving revision 1.716 retrieving revision 1.717 diff -u -r1.716 -r1.717 --- squid/src/client_side.c 14 Mar 2007 22:43:25 -0000 1.716 +++ squid/src/client_side.c 19 Mar 2007 01:21:17 -0000 1.717 @@ -1,6 +1,6 @@ /* - * $Id: client_side.c,v 1.716 2007/03/14 22:43:25 hno Exp $ + * $Id: client_side.c,v 1.717 2007/03/19 01:21:17 swilton Exp $ * * DEBUG: section 33 Client-side Routines * AUTHOR: Duane Wessels @@ -609,7 +609,6 @@ #endif /* FOLLOW_X_FORWARDED_FOR */ new_request->my_addr = old_request->my_addr; new_request->my_port = old_request->my_port; - new_request->client_port = old_request->client_port; new_request->flags = old_request->flags; new_request->flags.redirected = 1; if (old_request->auth_user_request) { @@ -3530,7 +3529,7 @@ } #endif } - if (!host && !conn->transparent && clientNatLookup(conn) == 0) + if (conn->port->transparent && clientNatLookup(conn) == 0) conn->transparent = 1; if (!host && conn->transparent) { port = ntohs(conn->me.sin_port); @@ -3774,13 +3773,12 @@ HDR_CONTENT_LENGTH); request->flags.internal = http->flags.internal; request->client_addr = conn->peer.sin_addr; - request->client_port = conn->peer.sin_port; + request->client_port = ntohs(conn->peer.sin_port); #if FOLLOW_X_FORWARDED_FOR request->indirect_client_addr = request->client_addr; #endif /* FOLLOW_X_FORWARDED_FOR */ request->my_addr = conn->me.sin_addr; request->my_port = ntohs(conn->me.sin_port); - request->client_port = ntohs(conn->peer.sin_port); request->http_ver = http->http_ver; if (!urlCheckRequest(request) || httpHeaderHas(&request->header, HDR_TRANSFER_ENCODING)) { Index: squid/src/comm.c =================================================================== RCS file: /cvsroot/squid/squid/src/comm.c,v retrieving revision 1.359 retrieving revision 1.360 diff -u -r1.359 -r1.360 --- squid/src/comm.c 21 Jan 2007 12:53:58 -0000 1.359 +++ squid/src/comm.c 19 Mar 2007 01:21:17 -0000 1.360 @@ -1,6 +1,6 @@ /* - * $Id: comm.c,v 1.359 2007/01/21 12:53:58 adrian Exp $ + * $Id: comm.c,v 1.360 2007/03/19 01:21:17 swilton Exp $ * * DEBUG: section 5 Socket Functions * AUTHOR: Harvest Derived @@ -268,7 +268,7 @@ } void -commConnectStart(int fd, const char *host, u_short port, CNCB * callback, void *data) +commConnectStart(int fd, const char *host, u_short port, CNCB * callback, void *data, struct in_addr *addr) { ConnectStateData *cs; debug(5, 3) ("commConnectStart: FD %d, %s:%d\n", fd, host, (int) port); @@ -278,6 +278,12 @@ cs->port = port; cs->callback = callback; cs->data = data; + if (addr != NULL) { + cs->in_addr = *addr; + cs->addrcount = 1; + } else { + cs->addrcount = 0; + } cbdataLock(cs->data); comm_add_close_handler(fd, commConnectFree, cs); ipcache_nbgethostbyname(host, commConnectDnsHandle, cs); @@ -288,13 +294,20 @@ { ConnectStateData *cs = data; if (ia == NULL) { - debug(5, 3) ("commConnectDnsHandle: Unknown host: %s\n", cs->host); - if (!dns_error_message) { - dns_error_message = "Unknown DNS error"; - debug(5, 1) ("commConnectDnsHandle: Bad dns_error_message\n"); + /* If we've been given a default IP, use it */ + if (cs->addrcount > 0) { + fd_table[cs->fd].flags.dnsfailed = 1; + cs->connstart = squid_curtime; + commConnectHandle(cs->fd, cs); + } else { + debug(5, 3) ("commConnectDnsHandle: Unknown host: %s\n", cs->host); + if (!dns_error_message) { + dns_error_message = "Unknown DNS error"; + debug(5, 1) ("commConnectDnsHandle: Bad dns_error_message\n"); + } + assert(dns_error_message != NULL); + commConnectCallback(cs, COMM_ERR_DNS); } - assert(dns_error_message != NULL); - commConnectCallback(cs, COMM_ERR_DNS); return; } assert(ia->cur < ia->count); Index: squid/src/dns_internal.c =================================================================== RCS file: /cvsroot/squid/squid/src/dns_internal.c,v retrieving revision 1.61 retrieving revision 1.62 diff -u -r1.61 -r1.62 --- squid/src/dns_internal.c 17 Dec 2006 10:51:44 -0000 1.61 +++ squid/src/dns_internal.c 19 Mar 2007 01:21:17 -0000 1.62 @@ -1,6 +1,6 @@ /* - * $Id: dns_internal.c,v 1.61 2006/12/17 10:51:44 serassio Exp $ + * $Id: dns_internal.c,v 1.62 2007/03/19 01:21:17 swilton Exp $ * * DEBUG: section 78 DNS lookups; interacts with lib/rfc1035.c * AUTHOR: Duane Wessels @@ -742,7 +742,8 @@ inet_ntoa(nameservers[ns].S.sin_addr), ntohs(nameservers[ns].S.sin_port), idnsSendTcpQuery, - q + q, + NULL ); } Index: squid/src/forward.c =================================================================== RCS file: /cvsroot/squid/squid/src/forward.c,v retrieving revision 1.125 retrieving revision 1.126 diff -u -r1.125 -r1.126 --- squid/src/forward.c 15 Mar 2007 10:05:28 -0000 1.125 +++ squid/src/forward.c 19 Mar 2007 01:21:18 -0000 1.126 @@ -1,6 +1,6 @@ /* - * $Id: forward.c,v 1.125 2007/03/15 10:05:28 hno Exp $ + * $Id: forward.c,v 1.126 2007/03/19 01:21:18 swilton Exp $ * * DEBUG: section 17 Request Forwarding * AUTHOR: Duane Wessels @@ -338,8 +338,11 @@ * Only set the dont_retry flag if the DNS lookup fails on * a direct connection. If DNS lookup fails when trying * a neighbor cache, we may want to retry another option. + * + * If this is a transparent connection, we will retry using the client's + * DNS lookup */ - if (NULL == fs->peer) + if ((NULL == fs->peer) && !fwdState->request->flags.transparent) fwdState->flags.dont_retry = 1; debug(17, 4) ("fwdConnectDone: Unknown host: %s\n", request->host); @@ -518,6 +521,9 @@ if (fd == -1) fd = pconnPop(name, port, domain, NULL, 0); if (fd != -1) { + /* Don't cache if the returned fd does not have valid DNS */ + if (fd_table[fd].flags.dnsfailed) + storeRelease(fwdState->entry); if (fwdCheckRetriable(fwdState)) { debug(17, 3) ("fwdConnectStart: reusing pconn FD %d\n", fd); fwdState->server_fd = fd; @@ -614,7 +620,18 @@ #endif hierarchyNote(&fwdState->request->hier, fs->code, fwdState->request->host); } - commConnectStart(fd, host, port, fwdConnectDone, fwdState); + + /* + * If we are retrying a transparent connection that is not being sent to a + * peer, then don't cache, and use the IP that the client's DNS lookup + * returned + */ + if (fwdState->request->flags.transparent && fwdState->n_tries && (NULL == fs->peer)) { + storeRelease(fwdState->entry); + commConnectStart(fd, host, port, fwdConnectDone, fwdState, &fwdState->request->my_addr); + } else { + commConnectStart(fd, host, port, fwdConnectDone, fwdState, NULL); + } } static void Index: squid/src/ftp.c =================================================================== RCS file: /cvsroot/squid/squid/src/ftp.c,v retrieving revision 1.345 retrieving revision 1.346 diff -u -r1.345 -r1.346 --- squid/src/ftp.c 15 Mar 2007 10:03:15 -0000 1.345 +++ squid/src/ftp.c 19 Mar 2007 01:21:18 -0000 1.346 @@ -1,6 +1,6 @@ /* - * $Id: ftp.c,v 1.345 2007/03/15 10:03:15 hno Exp $ + * $Id: ftp.c,v 1.346 2007/03/19 01:21:18 swilton Exp $ * * DEBUG: section 9 File Transfer Protocol (FTP) * AUTHOR: Harvest Derived @@ -1847,7 +1847,7 @@ safe_free(ftpState->ctrl.last_reply); ftpState->ctrl.last_command = xstrdup("Connect to server data port"); debug(9, 5) ("ftpReadPasv: connecting to %s, port %d\n", ftpState->data.host, ftpState->data.port); - commConnectStart(fd, ipaddr, port, ftpPasvCallback, ftpState); + commConnectStart(fd, ipaddr, port, ftpPasvCallback, ftpState, NULL); } static void Index: squid/src/ident.c =================================================================== RCS file: /cvsroot/squid/squid/src/ident.c,v retrieving revision 1.63 retrieving revision 1.64 diff -u -r1.63 -r1.64 --- squid/src/ident.c 12 May 2006 22:08:37 -0000 1.63 +++ squid/src/ident.c 19 Mar 2007 01:21:18 -0000 1.64 @@ -1,6 +1,6 @@ /* - * $Id: ident.c,v 1.63 2006/05/12 22:08:37 hno Exp $ + * $Id: ident.c,v 1.64 2007/03/19 01:21:18 swilton Exp $ * * DEBUG: section 30 Ident (RFC 931) * AUTHOR: Duane Wessels @@ -232,7 +232,8 @@ inet_ntoa(state->my_peer.sin_addr), IDENT_PORT, identConnectDone, - state); + state, + NULL); } void Index: squid/src/neighbors.c =================================================================== RCS file: /cvsroot/squid/squid/src/neighbors.c,v retrieving revision 1.316 retrieving revision 1.317 diff -u -r1.316 -r1.317 --- squid/src/neighbors.c 14 Mar 2007 22:43:25 -0000 1.316 +++ squid/src/neighbors.c 19 Mar 2007 01:21:18 -0000 1.317 @@ -1,6 +1,6 @@ /* - * $Id: neighbors.c,v 1.316 2007/03/14 22:43:25 hno Exp $ + * $Id: neighbors.c,v 1.317 2007/03/19 01:21:18 swilton Exp $ * * DEBUG: section 15 Neighbor Routines * AUTHOR: Harvest Derived @@ -1107,7 +1107,8 @@ p->host, p->http_port, peerProbeConnectDone, - p); + p, + NULL); return ret; } Index: squid/src/protos.h =================================================================== RCS file: /cvsroot/squid/squid/src/protos.h,v retrieving revision 1.528 retrieving revision 1.529 diff -u -r1.528 -r1.529 --- squid/src/protos.h 15 Mar 2007 10:05:28 -0000 1.528 +++ squid/src/protos.h 19 Mar 2007 01:21:18 -0000 1.529 @@ -1,6 +1,6 @@ /* - * $Id: protos.h,v 1.528 2007/03/15 10:05:28 hno Exp $ + * $Id: protos.h,v 1.529 2007/03/19 01:21:18 swilton Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -157,7 +157,7 @@ #if LINGERING_CLOSE extern void comm_lingering_close(int fd); #endif -extern void commConnectStart(int fd, const char *, u_short, CNCB *, void *); +extern void commConnectStart(int fd, const char *, u_short, CNCB *, void *, struct in_addr *addr); extern int comm_connect_addr(int sock, const struct sockaddr_in *); extern void comm_init(void); extern int comm_listen(int sock); Index: squid/src/ssl.c =================================================================== RCS file: /cvsroot/squid/squid/src/ssl.c,v retrieving revision 1.137 retrieving revision 1.138 diff -u -r1.137 -r1.138 --- squid/src/ssl.c 14 Mar 2007 22:43:25 -0000 1.137 +++ squid/src/ssl.c 19 Mar 2007 01:21:18 -0000 1.138 @@ -1,6 +1,6 @@ /* - * $Id: ssl.c,v 1.137 2007/03/14 22:43:25 hno Exp $ + * $Id: ssl.c,v 1.138 2007/03/19 01:21:18 swilton Exp $ * * DEBUG: section 26 Secure Sockets Layer Proxy * AUTHOR: Duane Wessels @@ -646,5 +646,6 @@ sslState->host, sslState->port, sslConnectDone, - sslState); + sslState, + NULL); } Index: squid/src/structs.h =================================================================== RCS file: /cvsroot/squid/squid/src/structs.h,v retrieving revision 1.511 retrieving revision 1.512 diff -u -r1.511 -r1.512 --- squid/src/structs.h 27 Feb 2007 01:06:12 -0000 1.511 +++ squid/src/structs.h 19 Mar 2007 01:21:18 -0000 1.512 @@ -1,6 +1,6 @@ /* - * $Id: structs.h,v 1.511 2007/02/27 01:06:12 hno Exp $ + * $Id: structs.h,v 1.512 2007/03/19 01:21:18 swilton Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -882,6 +882,7 @@ unsigned int nodelay:1; unsigned int close_on_exec:1; unsigned int backoff:1; /* keep track of whether the fd is backed off */ + unsigned int dnsfailed:1; /* did the dns lookup fail */ } flags; comm_pending read_pending; comm_pending write_pending;