From nils.goroll at uplex.de Sat Apr 1 12:48:08 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Sat, 1 Apr 2023 12:48:08 +0000 (UTC) Subject: [master] 0d663a5e7 Fix structure of vcl-variables(7) Message-ID: <20230401124808.F266E11C955@lists.varnish-cache.org> commit 0d663a5e7b53f52e1a2c94be4081eb47e9d7be4f Author: Nils Goroll Date: Sat Apr 1 11:48:27 2023 +0200 Fix structure of vcl-variables(7) Previously, "HTTP response status" was rendered of a subsection of "storage", which is wrong, they should be on the same level, or at least not in that order. We now use the order = - ~ for section, subsection, subsubsection which we also use in other places like vcl(7) and which is in line with the example in https://docutils.sourceforge.io/docs/user/rst/quickstart.html#sections diff --git a/doc/sphinx/reference/vcl_var.rst b/doc/sphinx/reference/vcl_var.rst index 49ec33f66..024366a11 100644 --- a/doc/sphinx/reference/vcl_var.rst +++ b/doc/sphinx/reference/vcl_var.rst @@ -9,7 +9,7 @@ local, server, remote and client -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +-------------------------------- These variables describe the network connection between the client and varnishd. @@ -144,7 +144,7 @@ local.socket ``VCL >= 4.1`` req and req_top -~~~~~~~~~~~~~~~ +--------------- These variables describe the present request, and when ESI:include requests are being processed, req_top points to the request received @@ -497,7 +497,7 @@ req_top.url bereq -~~~~~ +----- This is the request we send to the backend, it is built from the clients ``req.*`` fields by filtering out "per-hop" fields which @@ -728,7 +728,7 @@ bereq.xid beresp -~~~~~~ +------ The response received from the backend, one cache misses, the store object is built from ``beresp``. @@ -1121,7 +1121,7 @@ beresp.was_304 obj -~~~ +--- This is the object we found in cache. It cannot be modified. @@ -1258,7 +1258,7 @@ obj.uncacheable resp -~~~~ +---- This is the response we send to the client, it is built from either ``beresp`` (pass/miss), ``obj`` (hits) or created from whole cloth (synth). @@ -1418,7 +1418,7 @@ resp.time Special variables -~~~~~~~~~~~~~~~~~ +----------------- now @@ -1444,7 +1444,7 @@ now :ref:`std.timed_call()` in :ref:`vmod_std(3)`. sess -~~~~ +---- A session corresponds to the "conversation" that Varnish has with a single client connection, over which one or more request/response @@ -1511,7 +1511,7 @@ sess.xid ``VCL >= 4.1`` storage -~~~~~~~ +------- storage..free_space From nils.goroll at uplex.de Sat Apr 1 12:48:09 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Sat, 1 Apr 2023 12:48:09 +0000 (UTC) Subject: [master] 10633ae0a Our RST is good enough for the strictest parsing \o/ Message-ID: <20230401124809.1519811C957@lists.varnish-cache.org> commit 10633ae0a4df8794759cb3d4f2b8f8bc23110fb7 Author: Nils Goroll Date: Sat Apr 1 12:34:20 2023 +0200 Our RST is good enough for the strictest parsing \o/ switch to --strict == --halt 1 ref: https://docutils.sourceforge.io/docs/user/config.html#report-level diff --git a/doc/Makefile.am b/doc/Makefile.am index f9f19ea27..a19bd74f2 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -1,6 +1,6 @@ # # -RST2ANY_FLAGS = --halt=2 +RST2ANY_FLAGS = --strict EXTRA_DIST = changes.rst changes.html From nils.goroll at uplex.de Sat Apr 1 12:48:09 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Sat, 1 Apr 2023 12:48:09 +0000 (UTC) Subject: [master] dc620277d Add individual hyperlink targets for vcl variables Message-ID: <20230401124809.3604311C95A@lists.varnish-cache.org> commit dc620277ddd49e53cdd486d6f0648f98b3b14f0d Author: Nils Goroll Date: Sat Apr 1 14:31:32 2023 +0200 Add individual hyperlink targets for vcl variables in order to improve references to the documentation. With this change, VCL variable documentation can be referenced externally by replacing the dot in the variable name with a hyphen and use that as a target, for example: https://varnish-cache.org/docs/trunk/reference/vcl-var.html#resp-filters Rules: - only current (VCL >= 4.1) variables gain a target - if there is a section by the same name as a target, do not change it - No .* for HEADERS like req.http.* Notes: This turned out to be more work than anticipated for presumably a minor change. First I tried to avoid adding target names by turning the definition list items into subsections, which, with a simple change to generate.py, worked ok for HTML, but looked terrible for the man page, which only has three section levels: The variables appeared on the same indentation level as the section headers. So next I tried writing code to perform the change automatically, but this also turned out to be tedious. So ultimately, I used an emacs macro with manual polishing and the work was done in minutes. Code is not always the answer... diff --git a/doc/sphinx/reference/vcl_var.rst b/doc/sphinx/reference/vcl_var.rst index 024366a11..edb9761bb 100644 --- a/doc/sphinx/reference/vcl_var.rst +++ b/doc/sphinx/reference/vcl_var.rst @@ -29,6 +29,8 @@ With PROXY protocol:: CLIENT ------------ PROXY ------------ VARNISHD +.. _client.identity: + client.identity Type: STRING @@ -46,6 +48,8 @@ client.identity header. +.. _client.ip: + client.ip Type: IP @@ -57,6 +61,8 @@ client.ip or what the PROXY protocol told us. +.. _server.hostname: + server.hostname Type: STRING @@ -67,6 +73,8 @@ server.hostname `gethostname(3)` system function. +.. _server.identity: + server.identity Type: STRING @@ -79,6 +87,8 @@ server.identity value from `gethostname(3)` system function will be used. +.. _server.ip: + server.ip Type: IP @@ -91,6 +101,8 @@ server.ip or what the PROXY protocol told us. +.. _remote.ip: + remote.ip Type: IP @@ -105,6 +117,8 @@ remote.ip will be ``0.0.0.0:0`` +.. _local.endpoint: + local.endpoint ``VCL >= 4.1`` Type: STRING @@ -116,6 +130,8 @@ local.endpoint ``VCL >= 4.1`` If the argument was ``-a foo=:81`` this would be ":81" +.. _local.ip: + local.ip Type: IP @@ -129,6 +145,8 @@ local.ip will be ``0.0.0.0:0`` +.. _local.socket: + local.socket ``VCL >= 4.1`` Type: STRING @@ -150,6 +168,8 @@ These variables describe the present request, and when ESI:include requests are being processed, req_top points to the request received from the client. +.. _req: + req Type: HTTP @@ -161,6 +181,8 @@ req Mostly useful for passing to VMODs. +.. _req.backend_hint: + req.backend_hint Type: BACKEND @@ -177,6 +199,8 @@ req.backend_hint or backend, respectively. +.. _req.can_gzip: + req.can_gzip Type: BOOL @@ -201,6 +225,8 @@ req.esi ``VCL <= 4.0`` in VCL 4.1. +.. _req.esi_level: + req.esi_level Type: INT @@ -210,6 +236,8 @@ req.esi_level A count of how many levels of ESI requests we're currently at. +.. _req.grace: + req.grace Type: DURATION @@ -225,6 +253,8 @@ req.grace grace value will be used as the object's grace. +.. _req.hash: + req.hash Type: BLOB @@ -237,6 +267,8 @@ req.hash for debugging hit/miss status. +.. _req.hash_always_miss: + req.hash_always_miss Type: BOOL @@ -254,6 +286,8 @@ req.hash_always_miss existing entries in case the fetch fails. +.. _req.hash_ignore_busy: + req.hash_ignore_busy Type: BOOL @@ -270,6 +304,8 @@ req.hash_ignore_busy up content sideways from each other to avoid deadlocks. +.. _req.hash_ignore_vary: + req.hash_ignore_vary Type: BOOL @@ -291,6 +327,8 @@ req.hash_ignore_vary Use with caution. +.. _req.http: + req.http.* Type: HEADER @@ -316,6 +354,8 @@ req.http.* quoted syntax is discouraged but available for interoperability. +.. _req.is_hitmiss: + req.is_hitmiss Type: BOOL @@ -325,6 +365,8 @@ req.is_hitmiss If this request resulted in a hitmiss +.. _req.is_hitpass: + req.is_hitpass Type: BOOL @@ -334,6 +376,8 @@ req.is_hitpass If this request resulted in a hitpass +.. _req.method: + req.method Type: STRING @@ -357,6 +401,8 @@ req.proto ``VCL <= 4.0`` The HTTP protocol version used by the client, usually "HTTP/1.1" or "HTTP/2.0". +.. _req.proto: + req.proto ``VCL >= 4.1`` Type: STRING @@ -367,6 +413,8 @@ req.proto ``VCL >= 4.1`` or "HTTP/2.0". +.. _req.restarts: + req.restarts Type: INT @@ -377,6 +425,8 @@ req.restarts A count of how many times this request has been restarted. +.. _req.storage: + req.storage Type: STEVEDORE @@ -389,6 +439,8 @@ req.storage The storage backend to use to save this request body. +.. _req.time: + req.time Type: TIME @@ -399,6 +451,8 @@ req.time across restarts. +.. _req.transport: + req.transport Type: STRING @@ -408,6 +462,8 @@ req.transport The transport protocol which brought this request. +.. _req.ttl: + req.ttl Type: DURATION @@ -420,6 +476,8 @@ req.ttl Upper limit on the object age for cache lookups to return hit. +.. _req.url: + req.url Type: STRING @@ -432,6 +490,8 @@ req.url The requested URL, for instance "/robots.txt". +.. _req.xid: + req.xid Type: INT @@ -441,6 +501,8 @@ req.xid Unique ID of this request. +.. _req_top.http: + req_top.http.* Type: HEADER @@ -453,6 +515,8 @@ req_top.http.* See ``req.http.*`` for general notes. +.. _req_top.method: + req_top.method Type: STRING @@ -464,6 +528,8 @@ req_top.method Identical to req.method in non-ESI requests. +.. _req_top.proto: + req_top.proto Type: STRING @@ -475,6 +541,8 @@ req_top.proto Identical to req.proto in non-ESI requests. +.. _req_top.time: + req_top.time Type: TIME @@ -485,6 +553,8 @@ req_top.time remains constant across restarts. +.. _req_top.url: + req_top.url Type: STRING @@ -516,6 +586,8 @@ bereq Mostly useful as argument to VMODs. +.. _bereq.backend: + bereq.backend Type: BACKEND @@ -532,6 +604,8 @@ bereq.backend or backend, respectively. +.. _bereq.between_bytes_timeout: + bereq.between_bytes_timeout Type: DURATION @@ -548,6 +622,8 @@ bereq.between_bytes_timeout backend. Not available in pipe mode. +.. _bereq.body: + bereq.body Type: BODY @@ -558,6 +634,8 @@ bereq.body Unset will also remove ``bereq.http.Content-Length``. +.. _bereq.connect_timeout: + bereq.connect_timeout Type: DURATION @@ -574,6 +652,8 @@ bereq.connect_timeout established. +.. _bereq.first_byte_timeout: + bereq.first_byte_timeout Type: DURATION @@ -590,6 +670,8 @@ bereq.first_byte_timeout from the backend. Not available in pipe mode. +.. _bereq.hash: + bereq.hash Type: BLOB @@ -599,6 +681,8 @@ bereq.hash The hash key of this request, a copy of ``req.hash``. +.. _bereq.http: + bereq.http.* Type: HEADER @@ -614,6 +698,8 @@ bereq.http.* See ``req.http.*`` for general notes. +.. _bereq.is_bgfetch: + bereq.is_bgfetch Type: BOOL @@ -625,6 +711,8 @@ bereq.is_bgfetch a fresh copy. +.. _bereq.is_hitmiss: + bereq.is_hitmiss Type: BOOL @@ -634,6 +722,8 @@ bereq.is_hitmiss If this backend request was caused by a hitmiss. +.. _bereq.is_hitpass: + bereq.is_hitpass Type: BOOL @@ -643,6 +733,8 @@ bereq.is_hitpass If this backend request was caused by a hitpass. +.. _bereq.method: + bereq.method Type: STRING @@ -667,6 +759,8 @@ bereq.proto ``VCL <= 4.0`` The HTTP protocol version, "HTTP/1.1" unless a pass or pipe request has "HTTP/1.0" in ``req.proto`` +.. _bereq.proto: + bereq.proto ``VCL >= 4.1`` Type: STRING @@ -677,6 +771,8 @@ bereq.proto ``VCL >= 4.1`` request has "HTTP/1.0" in ``req.proto`` +.. _bereq.retries: + bereq.retries Type: INT @@ -686,6 +782,8 @@ bereq.retries A count of how many times this request has been retried. +.. _bereq.time: + bereq.time Type: TIME @@ -696,6 +794,8 @@ bereq.time remains constant across retries. +.. _bereq.uncacheable: + bereq.uncacheable Type: BOOL @@ -707,6 +807,8 @@ bereq.uncacheable `pass` in the client side or a hit on an hit-for-pass object. +.. _bereq.url: + bereq.url Type: STRING @@ -718,6 +820,8 @@ bereq.url The requested URL, copied from ``req.url`` +.. _bereq.xid: + bereq.xid Type: INT @@ -742,6 +846,8 @@ beresp The entire backend response HTTP data structure, useful as argument to VMOD functions. +.. _beresp.age: + beresp.age Type: DURATION @@ -753,6 +859,8 @@ beresp.age The age of the object. +.. _beresp.backend: + beresp.backend Type: BACKEND @@ -774,6 +882,8 @@ beresp.backend.ip ``VCL <= 4.0`` IP of the backend this response was fetched from. +.. _beresp.backend.name: + beresp.backend.name Type: STRING @@ -784,6 +894,8 @@ beresp.backend.name Same as beresp.backend. +.. _beresp.body: + beresp.body Type: BODY @@ -793,6 +905,8 @@ beresp.body For producing a synthetic body. +.. _beresp.do_esi: + beresp.do_esi Type: BOOL @@ -812,6 +926,8 @@ beresp.do_esi It is a VCL error to use beresp.do_esi after setting beresp.filters. +.. _beresp.do_gunzip: + beresp.do_gunzip Type: BOOL @@ -831,6 +947,8 @@ beresp.do_gunzip It is a VCL error to use beresp.do_gunzip after setting beresp.filters. +.. _beresp.do_gzip: + beresp.do_gzip Type: BOOL @@ -849,6 +967,8 @@ beresp.do_gzip It is a VCL error to use beresp.do_gzip after setting beresp.filters. +.. _beresp.do_stream: + beresp.do_stream Type: BOOL @@ -870,6 +990,8 @@ beresp.do_stream the response body is empty. +.. _beresp.filters: + beresp.filters Type: STRING @@ -930,6 +1052,8 @@ beresp.filters ``beresp.do_*`` switches is a VCL error. +.. _beresp.grace: + beresp.grace Type: DURATION @@ -944,6 +1068,8 @@ beresp.grace Set to a period to enable grace. +.. _beresp.http: + beresp.http.* Type: HEADER @@ -959,6 +1085,8 @@ beresp.http.* See ``req.http.*`` for general notes. +.. _beresp.keep: + beresp.keep Type: DURATION @@ -989,6 +1117,8 @@ beresp.proto ``VCL <= 4.0`` The HTTP protocol version the backend replied with. +.. _beresp.proto: + beresp.proto ``VCL >= 4.1`` Type: STRING @@ -998,6 +1128,8 @@ beresp.proto ``VCL >= 4.1`` The HTTP protocol version the backend replied with. +.. _beresp.reason: + beresp.reason Type: STRING @@ -1009,6 +1141,8 @@ beresp.reason The HTTP status message returned by the server. +.. _beresp.status: + beresp.status Type: INT @@ -1022,6 +1156,8 @@ beresp.status More information in the `HTTP response status`_ section. +.. _beresp.storage: + beresp.storage Type: STEVEDORE @@ -1049,6 +1185,8 @@ beresp.storage_hint ``VCL <= 4.0`` particular storage backend. +.. _beresp.time: + beresp.time Type: TIME @@ -1059,6 +1197,8 @@ beresp.time ``vcl_backend_response {}`` was entered, or when ``vcl_backend_error {}`` was entered. +.. _beresp.transit_buffer: + beresp.transit_buffer Type: BYTES @@ -1075,6 +1215,8 @@ beresp.transit_buffer documentation in :ref:`varnishd(1)`. +.. _beresp.ttl: + beresp.ttl Type: DURATION @@ -1090,6 +1232,8 @@ beresp.ttl The object's remaining time to live, in seconds. +.. _beresp.uncacheable: + beresp.uncacheable Type: BOOL @@ -1108,6 +1252,8 @@ beresp.uncacheable "Ignoring attempt to reset beresp.uncacheable". +.. _beresp.was_304: + beresp.was_304 Type: BOOL @@ -1125,6 +1271,8 @@ obj This is the object we found in cache. It cannot be modified. +.. _obj.age: + obj.age Type: DURATION @@ -1134,6 +1282,8 @@ obj.age The age of the object. +.. _obj.can_esi: + obj.can_esi Type: BOOL @@ -1146,6 +1296,8 @@ obj.can_esi processed. +.. _obj.grace: + obj.grace Type: DURATION @@ -1155,6 +1307,8 @@ obj.grace The object's grace period in seconds. +.. _obj.hits: + obj.hits Type: INT @@ -1167,6 +1321,8 @@ obj.hits In `vcl_deliver` a value of 0 indicates a cache miss. +.. _obj.http: + obj.http.* Type: HEADER @@ -1178,6 +1334,8 @@ obj.http.* See ``req.http.*`` for general notes. +.. _obj.keep: + obj.keep Type: DURATION @@ -1187,6 +1345,8 @@ obj.keep The object's keep period in seconds. +.. _obj.proto: + obj.proto Type: STRING @@ -1196,6 +1356,8 @@ obj.proto The HTTP protocol version stored in the object. +.. _obj.reason: + obj.reason Type: STRING @@ -1206,6 +1368,8 @@ obj.reason The HTTP reason phrase stored in the object. +.. _obj.status: + obj.status Type: INT @@ -1218,6 +1382,8 @@ obj.status More information in the `HTTP response status`_ section. +.. _obj.storage: + obj.storage Type: STEVEDORE @@ -1227,6 +1393,8 @@ obj.storage The storage backend where this object is stored. +.. _obj.time: + obj.time Type: TIME @@ -1238,6 +1406,8 @@ obj.time ``now`` - ``obj.age``. +.. _obj.ttl: + obj.ttl Type: DURATION @@ -1247,6 +1417,8 @@ obj.ttl The object's remaining time to live, in seconds. +.. _obj.uncacheable: + obj.uncacheable Type: BOOL @@ -1276,6 +1448,8 @@ resp to VMODs. +.. _resp.body: + resp.body Type: BODY @@ -1285,6 +1459,8 @@ resp.body To produce a synthetic response body, for instance for errors. +.. _resp.do_esi: + resp.do_esi ``VCL >= 4.1`` Type: BOOL @@ -1302,6 +1478,8 @@ resp.do_esi ``VCL >= 4.1`` It is a VCL error to use resp.do_esi after setting resp.filters. +.. _resp.filters: + resp.filters Type: STRING @@ -1322,6 +1500,8 @@ resp.filters set. +.. _resp.http: + resp.http.* Type: HEADER @@ -1337,6 +1517,8 @@ resp.http.* See ``req.http.*`` for general notes. +.. _resp.is_streaming: + resp.is_streaming Type: BOOL @@ -1358,6 +1540,8 @@ resp.proto ``VCL <= 4.0`` The HTTP protocol version to use for the response. +.. _resp.proto: + resp.proto ``VCL >= 4.1`` Type: STRING @@ -1367,6 +1551,8 @@ resp.proto ``VCL >= 4.1`` The HTTP protocol version to use for the response. +.. _resp.reason: + resp.reason Type: STRING @@ -1378,6 +1564,8 @@ resp.reason The HTTP status message that will be returned. +.. _resp.status: + resp.status Type: INT @@ -1407,6 +1595,8 @@ resp.status modified based on that comparison, a 304 is sent. +.. _resp.time: + resp.time Type: TIME @@ -1420,6 +1610,8 @@ resp.time Special variables ----------------- +.. _now: + now Type: TIME @@ -1452,6 +1644,8 @@ transactions may take place. It may comprise the traffic over an HTTP/1 keep-alive connection, or the multiplexed traffic over an HTTP/2 connection. +.. _sess.idle_send_timeout: + sess.idle_send_timeout Type: DURATION @@ -1465,6 +1659,8 @@ sess.idle_send_timeout see :ref:`varnishd(1)` +.. _sess.send_timeout: + sess.send_timeout Type: DURATION @@ -1477,6 +1673,8 @@ sess.send_timeout ``send_timeout`` parameter, see :ref:`varnishd(1)` +.. _sess.timeout_idle: + sess.timeout_idle Type: DURATION @@ -1489,6 +1687,8 @@ sess.timeout_idle ``timeout_idle`` parameter, see :ref:`varnishd(1)` +.. _sess.timeout_linger: + sess.timeout_linger Type: DURATION @@ -1501,6 +1701,8 @@ sess.timeout_linger ``timeout_linger`` parameter, see :ref:`varnishd(1)` +.. _sess.xid: + sess.xid ``VCL >= 4.1`` Type: INT @@ -1513,6 +1715,8 @@ sess.xid ``VCL >= 4.1`` storage ------- +.. _storage.free_space: + storage..free_space Type: BYTES @@ -1524,6 +1728,8 @@ storage..free_space the malloc stevedore. +.. _storage.happy: + storage..happy Type: BOOL @@ -1535,6 +1741,8 @@ storage..happy current stevedores. +.. _storage.used_space: + storage..used_space Type: BYTES From nils.goroll at uplex.de Sat Apr 1 18:02:07 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Sat, 1 Apr 2023 18:02:07 +0000 (UTC) Subject: [master] 607e99aa8 Note a name clash which we might want to resolve with the next vrt bump Message-ID: <20230401180207.2E65F655E5@lists.varnish-cache.org> commit 607e99aa81db32412748a852192d73b8af55f053 Author: Nils Goroll Date: Sat Apr 1 19:59:36 2023 +0200 Note a name clash which we might want to resolve with the next vrt bump diff --git a/bin/varnishd/cache/cache_filter.h b/bin/varnishd/cache/cache_filter.h index 6ec82e0f4..7b1d8fa75 100644 --- a/bin/varnishd/cache/cache_filter.h +++ b/bin/varnishd/cache/cache_filter.h @@ -62,7 +62,7 @@ struct vfp_entry { #define VFP_ENTRY_MAGIC 0xbe32a027 enum vfp_status closed; const struct vfp *vfp; - void *priv1; + void *priv1; // XXX ambiguous with priv1 in struct vfp ssize_t priv2; VTAILQ_ENTRY(vfp_entry) list; uint64_t calls; From nils.goroll at uplex.de Tue Apr 4 12:23:07 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Tue, 4 Apr 2023 12:23:07 +0000 (UTC) Subject: [master] 2522748bb Revert "Our RST is good enough for the strictest parsing \o/" Message-ID: <20230404122307.8E0941072D4@lists.varnish-cache.org> commit 2522748bbb8f52e080503c5649097fc9341d1e47 Author: Nils Goroll Date: Tue Apr 4 14:20:31 2023 +0200 Revert "Our RST is good enough for the strictest parsing \o/" Dridi/dag tell me that changes.rst is not ready for it. This reverts commit 10633ae0a4df8794759cb3d4f2b8f8bc23110fb7. diff --git a/doc/Makefile.am b/doc/Makefile.am index a19bd74f2..f9f19ea27 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -1,6 +1,6 @@ # # -RST2ANY_FLAGS = --strict +RST2ANY_FLAGS = --halt=2 EXTRA_DIST = changes.rst changes.html From phk at FreeBSD.org Thu Apr 6 10:45:06 2023 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Thu, 6 Apr 2023 10:45:06 +0000 (UTC) Subject: [master] 331dbd4bb Use larger timeout margin for stability (s390) Message-ID: <20230406104506.A5DA21115AB@lists.varnish-cache.org> commit 331dbd4bb5230bf46bb8675cde0a8f5ae27e3aa4 Author: Poul-Henning Kamp Date: Thu Apr 6 10:43:52 2023 +0000 Use larger timeout margin for stability (s390) diff --git a/bin/varnishtest/tests/f00008.vtc b/bin/varnishtest/tests/f00008.vtc index 4d6161a35..ea4350261 100644 --- a/bin/varnishtest/tests/f00008.vtc +++ b/bin/varnishtest/tests/f00008.vtc @@ -27,7 +27,7 @@ client c2 { # Send 1 byte send a # Wait timeout_idle - delay 1.1 + delay 2 # Send 1 byte send b rxresp @@ -44,7 +44,7 @@ client c3 { # Send 1 byte send a # Wait timeout_idle - delay 1.1 + delay 2 # Send 1 byte send b rxresp From phk at FreeBSD.org Thu Apr 6 12:49:05 2023 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Thu, 6 Apr 2023 12:49:05 +0000 (UTC) Subject: [master] 8a2d3ab11 Move the child's birth announcement up before VEXT and VSTV init. Message-ID: <20230406124905.B547C115804@lists.varnish-cache.org> commit 8a2d3ab11dc6556b7d5006dff80db23026918597 Author: Poul-Henning Kamp Date: Thu Apr 6 12:47:58 2023 +0000 Move the child's birth announcement up before VEXT and VSTV init. diff --git a/bin/varnishd/cache/cache_main.c b/bin/varnishd/cache/cache_main.c index 370b8c741..2d8bd510d 100644 --- a/bin/varnishd/cache/cache_main.c +++ b/bin/varnishd/cache/cache_main.c @@ -377,9 +377,6 @@ child_main(int sigmagic, size_t altstksz) (void)signal(SIGINT, SIG_DFL); (void)signal(SIGTERM, SIG_DFL); - setbuf(stdout, NULL); - setbuf(stderr, NULL); - printf("Child starts\n"); #if defined(__FreeBSD__) && __FreeBSD_version >= 1000000 malloc_message = child_malloc_fail; #endif diff --git a/bin/varnishd/mgt/mgt_child.c b/bin/varnishd/mgt/mgt_child.c index 0bb82c51c..55259fe90 100644 --- a/bin/varnishd/mgt/mgt_child.c +++ b/bin/varnishd/mgt/mgt_child.c @@ -351,6 +351,10 @@ mgt_launch_child(struct cli *cli) assert(dup2(heritage.std_fd, STDOUT_FILENO) == STDOUT_FILENO); assert(dup2(heritage.std_fd, STDERR_FILENO) == STDERR_FILENO); + setbuf(stdout, NULL); + setbuf(stderr, NULL); + printf("Child starts\n"); + /* * Close all FDs the child shouldn't know about * From phk at FreeBSD.org Thu Apr 6 13:55:06 2023 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Thu, 6 Apr 2023 13:55:06 +0000 (UTC) Subject: [master] c29bd90c0 Loosen timeouts to stabilize test on s390 Message-ID: <20230406135506.10D95117A3B@lists.varnish-cache.org> commit c29bd90c0aec90313158db040bd96d331a9465d3 Author: Poul-Henning Kamp Date: Thu Apr 6 13:53:54 2023 +0000 Loosen timeouts to stabilize test on s390 diff --git a/bin/varnishtest/tests/b00068.vtc b/bin/varnishtest/tests/b00068.vtc index 0559f393e..57ab597ed 100644 --- a/bin/varnishtest/tests/b00068.vtc +++ b/bin/varnishtest/tests/b00068.vtc @@ -74,7 +74,7 @@ client c1 { delay 0.2 txreq rxresp - delay 1.2 + delay 2.0 txreq rxresp } -start @@ -85,7 +85,7 @@ client c1u -connect "${tmpdir}/v1.sock" { delay 0.2 txreq rxresp - delay 1.2 + delay 2.0 txreq rxresp } -start @@ -93,10 +93,10 @@ client c1u -connect "${tmpdir}/v1.sock" { client c2 { txreq -url /longer rxresp - delay 1.2 + delay 0.2 txreq -url /longer rxresp - delay 2.2 + delay 3.0 txreq -url /longer rxresp } -start @@ -104,10 +104,10 @@ client c2 { client c2u -connect "${tmpdir}/v1.sock" { txreq -url /longer rxresp - delay 1.2 + delay 0.2 txreq -url /longer rxresp - delay 2.2 + delay 3.0 txreq -url /longer rxresp } -start From phk at FreeBSD.org Thu Apr 6 15:32:05 2023 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Thu, 6 Apr 2023 15:32:05 +0000 (UTC) Subject: [master] 251ef931d Stabilize d00011 on s390 with a longer delay Message-ID: <20230406153205.B7AA911AAE9@lists.varnish-cache.org> commit 251ef931da007a706c4befb54a2ccb468f9050d2 Author: Poul-Henning Kamp Date: Thu Apr 6 15:31:09 2023 +0000 Stabilize d00011 on s390 with a longer delay diff --git a/bin/varnishtest/tests/d00011.vtc b/bin/varnishtest/tests/d00011.vtc index cecfbaf0c..14e7369b3 100644 --- a/bin/varnishtest/tests/d00011.vtc +++ b/bin/varnishtest/tests/d00011.vtc @@ -31,7 +31,7 @@ varnish v1 -vcl { sub vcl_backend_fetch { set bereq.backend = s1.backend(); # hot swap should happen while we sleep - vtc.sleep(2s); + vtc.sleep(3s); if (std.healthy(bereq.backend)) { return(abandon); } else { From phk at FreeBSD.org Fri Apr 7 09:43:06 2023 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Fri, 7 Apr 2023 09:43:06 +0000 (UTC) Subject: [master] 9f6b4f8e5 Use 2s timeouts to stabilize v00014 Message-ID: <20230407094306.4D2C211655B@lists.varnish-cache.org> commit 9f6b4f8e5b3d601a33052dee8705411b9395e9e4 Author: Poul-Henning Kamp Date: Fri Apr 7 09:42:44 2023 +0000 Use 2s timeouts to stabilize v00014 diff --git a/bin/varnishtest/tests/v00014.vtc b/bin/varnishtest/tests/v00014.vtc index ea4180273..ba25ff80b 100644 --- a/bin/varnishtest/tests/v00014.vtc +++ b/bin/varnishtest/tests/v00014.vtc @@ -26,8 +26,8 @@ varnish v1 -vcl { probe foo { .url = "/"; - .timeout = 1s; - .interval = 1s; + .timeout = 2s; + .interval = 2s; .window = 3; .threshold = 2; .initial = 0; @@ -42,9 +42,9 @@ varnish v1 -vcl { sub vcl_recv { if (std.healthy(default)) { - return(synth(200,"Backend healthy")); + return(synth(200,"Backend healthy " + req.url)); } else { - return(synth(500,"Backend sick")); + return(synth(500,"Backend sick " + req.url)); } } } -start From phk at FreeBSD.org Fri Apr 7 14:17:09 2023 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Fri, 7 Apr 2023 14:17:09 +0000 (UTC) Subject: [master] 4cdc6c717 Stabilize o00005 by stopping and starting v1 Message-ID: <20230407141709.1491211E7D6@lists.varnish-cache.org> commit 4cdc6c717190f902cbeae4d508bbd1243a1194f5 Author: Poul-Henning Kamp Date: Fri Apr 7 14:16:10 2023 +0000 Stabilize o00005 by stopping and starting v1 diff --git a/bin/varnishtest/tests/o00005.vtc b/bin/varnishtest/tests/o00005.vtc index d635dc09d..444edd8c6 100644 --- a/bin/varnishtest/tests/o00005.vtc +++ b/bin/varnishtest/tests/o00005.vtc @@ -154,37 +154,12 @@ logexpect l1 -wait varnish v1 -cliok "param.set workspace_session 384" -delay 1 - -# get rid of the surplus session mpl -client c10 -proxy1 "1.2.3.4:1111 5.6.7.8:5678" { - txreq - rxresp -} -start -client c11 -proxy1 "1.2.3.4:1111 5.6.7.8:5678" { - txreq - rxresp -} -start -client c12 -proxy1 "1.2.3.4:1111 5.6.7.8:5678" { - txreq - rxresp -} -start -client c13 -proxy1 "1.2.3.4:1111 5.6.7.8:5678" { - txreq - rxresp -} -start -client c14 -proxy1 "1.2.3.4:1111 5.6.7.8:5678" { - txreq - rxresp -} -start - -client c10 -wait -client c11 -wait -client c12 -wait -client c13 -wait -client c14 -wait +# get rid of the surplus session mpl & zero vsc +varnish v1 -stop varnish v1 -cliok "param.set pool_sess 1,1,1" +varnish v1 -start + client c2 { # PROXY2 with CRC32C TLV sendhex { From phk at FreeBSD.org Fri Apr 7 20:07:06 2023 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Fri, 7 Apr 2023 20:07:06 +0000 (UTC) Subject: [master] d84c56bd3 Stabilize directors_b00006 by draining vsl between stages. Message-ID: <20230407200706.9CF861024A6@lists.varnish-cache.org> commit d84c56bd356283738d79a0e630cf8099e12e152d Author: Poul-Henning Kamp Date: Fri Apr 7 20:05:36 2023 +0000 Stabilize directors_b00006 by draining vsl between stages. diff --git a/vmod/tests/directors_b00006.vtc b/vmod/tests/directors_b00006.vtc index fa11ee33c..72cfbf9e0 100644 --- a/vmod/tests/directors_b00006.vtc +++ b/vmod/tests/directors_b00006.vtc @@ -61,6 +61,8 @@ client c1 { expect resp.bodylen == 4 } -run +varnish v1 -vsl_catchup + server s1 -start server s2 -start @@ -74,6 +76,8 @@ client c2 { expect resp.bodylen == 2 } -run +varnish v1 -vsl_catchup + server s4 -start client c3 { From nils.goroll at uplex.de Sat Apr 8 05:13:05 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Sat, 8 Apr 2023 05:13:05 +0000 (UTC) Subject: [master] 8bc3ff038 Polish: Move assertion to V1L_Open() Message-ID: <20230408051305.59FA91144A5@lists.varnish-cache.org> commit 8bc3ff0384d09f90a35d95927f6350a8aef831e9 Author: Nils Goroll Date: Sat Apr 8 07:10:02 2023 +0200 Polish: Move assertion to V1L_Open() ... that there is no v1l open already for the worker. This enables the assertion also for use on the backend side. diff --git a/bin/varnishd/http1/cache_http1_deliver.c b/bin/varnishd/http1/cache_http1_deliver.c index 9d424b4d0..0d0b1bf39 100644 --- a/bin/varnishd/http1/cache_http1_deliver.c +++ b/bin/varnishd/http1/cache_http1_deliver.c @@ -138,7 +138,6 @@ V1D_Deliver(struct req *req, struct boc *boc, int sendbody) return; } - AZ(req->wrk->v1l); V1L_Open(req->wrk, req->wrk->aws, &req->sp->fd, req->vsl, req->t_prev + SESS_TMO(req->sp, send_timeout), cache_param->http1_iovs); diff --git a/bin/varnishd/http1/cache_http1_line.c b/bin/varnishd/http1/cache_http1_line.c index ac14d8cb7..c435fdd32 100644 --- a/bin/varnishd/http1/cache_http1_line.c +++ b/bin/varnishd/http1/cache_http1_line.c @@ -119,6 +119,8 @@ V1L_Open(struct worker *wrk, struct ws *ws, int *fd, struct vsl_log *vsl, v1l->deadline = deadline; v1l->vsl = vsl; v1l->werr = SC_NULL; + + AZ(wrk->v1l); wrk->v1l = v1l; WS_Release(ws, u * sizeof(struct iovec)); From nils.goroll at uplex.de Sat Apr 8 05:13:05 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Sat, 8 Apr 2023 05:13:05 +0000 (UTC) Subject: [master] 9269215fc Polish: Make v1l check consistent in V1D_Deliver() Message-ID: <20230408051305.425D51144A2@lists.varnish-cache.org> commit 9269215fc0060c5d0b9bc0e1fad3e7a9553eedc7 Author: Nils Goroll Date: Sat Apr 8 07:03:15 2023 +0200 Polish: Make v1l check consistent in V1D_Deliver() When we fail a HTTP1 connection via v1d_error(), we write directly to the file descriptor and thus should assert that there is no V1L (line handler) open. We had this check only for two out of the four early returns from V1D_Deliver(). diff --git a/bin/varnishd/http1/cache_http1_deliver.c b/bin/varnishd/http1/cache_http1_deliver.c index 46c663eb7..9d424b4d0 100644 --- a/bin/varnishd/http1/cache_http1_deliver.c +++ b/bin/varnishd/http1/cache_http1_deliver.c @@ -72,6 +72,8 @@ v1d_error(struct req *req, const char *msg) "Server: Varnish\r\n" "Connection: close\r\n\r\n"; + AZ(req->wrk->v1l); + VSLbs(req->vsl, SLT_Error, TOSTRAND(msg)); VSLb(req->vsl, SLT_RespProtocol, "HTTP/1.1"); VSLb(req->vsl, SLT_RespStatus, "500"); @@ -122,7 +124,6 @@ V1D_Deliver(struct req *req, struct boc *boc, int sendbody) VCL_Req2Ctx(ctx, req); if (VDP_Push(ctx, req->vdc, req->ws, &v1d_vdp, NULL)) { v1d_error(req, "workspace_thread overflow"); - AZ(req->wrk->v1l); return; } } @@ -144,7 +145,6 @@ V1D_Deliver(struct req *req, struct boc *boc, int sendbody) if (WS_Overflowed(req->wrk->aws)) { v1d_error(req, "workspace_thread overflow"); - AZ(req->wrk->v1l); return; } From phk at FreeBSD.org Sat Apr 8 08:48:05 2023 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Sat, 8 Apr 2023 08:48:05 +0000 (UTC) Subject: [master] 54d256cbe Make b00067 less aggressive on smaller Vtesters. Message-ID: <20230408084805.90A0011AFE9@lists.varnish-cache.org> commit 54d256cbe2464c5dd142593a9b72e6f9716b9beb Author: Poul-Henning Kamp Date: Sat Apr 8 08:46:47 2023 +0000 Make b00067 less aggressive on smaller Vtesters. diff --git a/bin/varnishtest/tests/b00067.vtc b/bin/varnishtest/tests/b00067.vtc index 786ddcd93..1b53348df 100644 --- a/bin/varnishtest/tests/b00067.vtc +++ b/bin/varnishtest/tests/b00067.vtc @@ -1,6 +1,6 @@ varnishtest "Check timeout_idle" -varnish v1 -arg "-p timeout_idle=1" \ +varnish v1 -arg "-p timeout_idle=2" \ -arg "-a ${listen_addr}" \ -arg "-a ${tmpdir}/v1.sock" \ -vcl { @@ -8,7 +8,7 @@ varnish v1 -arg "-p timeout_idle=1" \ sub vcl_deliver { if (req.url == "/sess") { - set sess.timeout_idle = 2s; + set sess.timeout_idle = 4s; } } sub vcl_backend_error { @@ -23,7 +23,6 @@ client c1 { delay 0.2 txreq rxresp - delay 1.2 expect_close } -start @@ -33,17 +32,15 @@ client c2 { delay 1.2 txreq rxresp - delay 2.2 expect_close } -start client c3 { loop 3 { # send a periodic CRLF - delay 0.3 + delay 0.5 sendhex 0d0a } - delay 0.3 expect_close } -start @@ -52,20 +49,23 @@ client c4 { rxresp loop 3 { # send a periodic CRLF - delay 0.3 + delay 0.5 sendhex 0d0a } - delay 0.3 expect_close } -start +client c1 -wait +client c2 -wait +client c3 -wait +client c4 -wait + client c1u -connect "${tmpdir}/v1.sock" { txreq rxresp delay 0.2 txreq rxresp - delay 1.2 expect_close } -start @@ -75,17 +75,15 @@ client c2u -connect "${tmpdir}/v1.sock" { delay 1.2 txreq rxresp - delay 2.2 expect_close } -start client c3u -connect "${tmpdir}/v1.sock" { loop 3 { # send a periodic CRLF - delay 0.2 + delay 0.5 sendhex 0d0a } - delay 0.4 expect_close } -start @@ -94,17 +92,12 @@ client c4u -connect "${tmpdir}/v1.sock" { rxresp loop 3 { # send a periodic CRLF - delay 0.2 + delay 0.5 sendhex 0d0a } - delay 0.4 expect_close } -start -client c1 -wait -client c2 -wait -client c3 -wait -client c4 -wait client c1u -wait client c2u -wait client c3u -wait From phk at FreeBSD.org Sun Apr 9 13:06:09 2023 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Sun, 9 Apr 2023 13:06:09 +0000 (UTC) Subject: [master] 21e7b1b87 Tweak things to make c00113 more robust Message-ID: <20230409130609.1AD01102090@lists.varnish-cache.org> commit 21e7b1b875fc703bb3ba902337154439421e76db Author: Poul-Henning Kamp Date: Sun Apr 9 13:05:27 2023 +0000 Tweak things to make c00113 more robust diff --git a/bin/varnishtest/tests/c00113.vtc b/bin/varnishtest/tests/c00113.vtc index 978eb8a88..96b7405ae 100644 --- a/bin/varnishtest/tests/c00113.vtc +++ b/bin/varnishtest/tests/c00113.vtc @@ -8,9 +8,9 @@ server s0 { varnish v1 -vcl+backend { probe default { - .window = 1; + .window = 3; .threshold = 1; - .timeout = 0.1s; + .timeout = 0.5s; .interval = 0.1s; .expect_close = true; } @@ -18,15 +18,15 @@ varnish v1 -vcl+backend { varnish v2 -vcl+backend { probe default { - .window = 1; + .window = 3; .threshold = 1; - .timeout = 0.1s; + .timeout = 0.5s; .interval = 0.1s; .expect_close = false; } } -start -delay 0.5 +delay 2.0 varnish v1 -cliexpect sick backend.list varnish v2 -cliexpect healthy backend.list From phk at FreeBSD.org Tue Apr 11 13:47:08 2023 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Tue, 11 Apr 2023 13:47:08 +0000 (UTC) Subject: [master] d4fdc9c32 White-space OCD Message-ID: <20230411134708.1663C112458@lists.varnish-cache.org> commit d4fdc9c32a1a7410ee6b55b3a7bf25bb67655ae1 Author: Poul-Henning Kamp Date: Tue Apr 11 13:28:48 2023 +0000 White-space OCD diff --git a/bin/varnishtest/vtc_http.h b/bin/varnishtest/vtc_http.h index a5d43001e..432c8bb02 100644 --- a/bin/varnishtest/vtc_http.h +++ b/bin/varnishtest/vtc_http.h @@ -43,8 +43,8 @@ struct vtc_sess { }; struct h2_window { - uint64_t init; - int64_t size; + uint64_t init; + int64_t size; }; struct http { From phk at FreeBSD.org Tue Apr 11 13:47:08 2023 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Tue, 11 Apr 2023 13:47:08 +0000 (UTC) Subject: [master] 214e5d58d Cherry-pick from SML_methods instead of taking all and NULL'ing out. Message-ID: <20230411134708.26A1E11245A@lists.varnish-cache.org> commit 214e5d58d30b983fcf03906337dcf79a16f68c9a Author: Poul-Henning Kamp Date: Tue Apr 11 13:29:42 2023 +0000 Cherry-pick from SML_methods instead of taking all and NULL'ing out. diff --git a/bin/varnishd/storage/storage_persistent.c b/bin/varnishd/storage/storage_persistent.c index dc494c5f5..a5e7b40f4 100644 --- a/bin/varnishd/storage/storage_persistent.c +++ b/bin/varnishd/storage/storage_persistent.c @@ -683,8 +683,14 @@ smp_init(void) { lck_smp = Lck_CreateClass(NULL, "smp"); CLI_AddFuncs(debug_cmds); - smp_oc_realmethods = SML_methods; - smp_oc_realmethods.objtouch = NULL; + smp_oc_realmethods.objfree = SML_methods.objfree; + smp_oc_realmethods.objiterator = SML_methods.objiterator; + smp_oc_realmethods.objgetspace = SML_methods.objgetspace; + smp_oc_realmethods.objextend = SML_methods.objextend; + smp_oc_realmethods.objbocdone = SML_methods.objbocdone; + smp_oc_realmethods.objgetattr = SML_methods.objgetattr; + smp_oc_realmethods.objsetattr = SML_methods.objsetattr; + smp_oc_realmethods.objtouch = LRU_Touch; smp_oc_realmethods.objfree = smp_oc_objfree; } From phk at FreeBSD.org Tue Apr 11 15:26:08 2023 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Tue, 11 Apr 2023 15:26:08 +0000 (UTC) Subject: [master] ed7616419 Do not truncate 64bit XID's in storage_simple. Message-ID: <20230411152608.632AA11581B@lists.varnish-cache.org> commit ed7616419cb33fb856992e3ec07c9eb53160a870 Author: Poul-Henning Kamp Date: Tue Apr 11 15:23:48 2023 +0000 Do not truncate 64bit XID's in storage_simple. diff --git a/bin/varnishd/cache/cache.h b/bin/varnishd/cache/cache.h index 55a86960a..21b44fbf2 100644 --- a/bin/varnishd/cache/cache.h +++ b/bin/varnishd/cache/cache.h @@ -752,10 +752,9 @@ typedef int objiterate_f(void *priv, unsigned flush, int ObjIterate(struct worker *, struct objcore *, void *priv, objiterate_f *func, int final); -unsigned ObjGetXID(struct worker *, struct objcore *); +vxid_t ObjGetXID(struct worker *, struct objcore *); uint64_t ObjGetLen(struct worker *, struct objcore *); int ObjGetDouble(struct worker *, struct objcore *, enum obj_attr, double *); -int ObjGetU32(struct worker *, struct objcore *, enum obj_attr, uint32_t *); int ObjGetU64(struct worker *, struct objcore *, enum obj_attr, uint64_t *); int ObjCheckFlag(struct worker *, struct objcore *, enum obj_flags of); diff --git a/bin/varnishd/cache/cache_ban.c b/bin/varnishd/cache/cache_ban.c index ab523cd6e..e13380e7d 100644 --- a/bin/varnishd/cache/cache_ban.c +++ b/bin/varnishd/cache/cache_ban.c @@ -706,7 +706,8 @@ BAN_CheckObject(struct worker *wrk, struct objcore *oc, struct req *req) ObjSendEvent(wrk, oc, OEV_BANCHG); return (0); } else { - VSLb(vsl, SLT_ExpBan, "%u banned lookup", ObjGetXID(wrk, oc)); + VSLb(vsl, SLT_ExpBan, + "%ju banned lookup", VXID(ObjGetXID(wrk, oc))); return (1); } } diff --git a/bin/varnishd/cache/cache_ban_lurker.c b/bin/varnishd/cache/cache_ban_lurker.c index ab5280e88..1c3b4088d 100644 --- a/bin/varnishd/cache/cache_ban_lurker.c +++ b/bin/varnishd/cache/cache_ban_lurker.c @@ -300,13 +300,13 @@ ban_lurker_test_ban(struct worker *wrk, struct vsl_log *vsl, struct ban *bt, if (i) { if (kill) { VSLb(vsl, SLT_ExpBan, - "%u killed for lurker cutoff", - ObjGetXID(wrk, oc)); + "%ju killed for lurker cutoff", + VXID(ObjGetXID(wrk, oc))); lokc++; } else { VSLb(vsl, SLT_ExpBan, - "%u banned by lurker", - ObjGetXID(wrk, oc)); + "%ju banned by lurker", + VXID(ObjGetXID(wrk, oc))); lok++; } HSH_Kill(oc); diff --git a/bin/varnishd/cache/cache_expire.c b/bin/varnishd/cache/cache_expire.c index 21a40a05f..33345ac86 100644 --- a/bin/varnishd/cache/cache_expire.c +++ b/bin/varnishd/cache/cache_expire.c @@ -354,8 +354,8 @@ exp_expire(struct exp_priv *ep, vtim_real now) assert(oc->timer_idx == VBH_NOIDX); CHECK_OBJ_NOTNULL(oc->objhead, OBJHEAD_MAGIC); - VSLb(&ep->vsl, SLT_ExpKill, "EXP_Expired x=%u t=%.0f", - ObjGetXID(ep->wrk, oc), EXP_Ttl(NULL, oc) - now); + VSLb(&ep->vsl, SLT_ExpKill, "EXP_Expired xid=%ju t=%.0f", + VXID(ObjGetXID(ep->wrk, oc)), EXP_Ttl(NULL, oc) - now); ObjSendEvent(ep->wrk, oc, OEV_EXPIRE); (void)HSH_DerefObjCore(ep->wrk, &oc, 0); } diff --git a/bin/varnishd/cache/cache_fetch.c b/bin/varnishd/cache/cache_fetch.c index 0af5c0d54..027b617f5 100644 --- a/bin/varnishd/cache/cache_fetch.c +++ b/bin/varnishd/cache/cache_fetch.c @@ -218,7 +218,7 @@ vbf_beresp2obj(struct busyobj *bo) VSB_destroy(&vary); } - AZ(ObjSetU32(bo->wrk, oc, OA_VXID, VXID(bo->vsl->wid))); + AZ(ObjSetXID(bo->wrk, oc, bo->vsl->wid)); /* for HTTP_Encode() VSLH call */ bo->beresp->logtag = SLT_ObjMethod; diff --git a/bin/varnishd/cache/cache_hash.c b/bin/varnishd/cache/cache_hash.c index 4a77e7ffd..4b3799888 100644 --- a/bin/varnishd/cache/cache_hash.c +++ b/bin/varnishd/cache/cache_hash.c @@ -499,7 +499,7 @@ HSH_Lookup(struct req *req, struct objcore **ocp, struct objcore **bocp) (void)req->vcf->func(req, &oc, &exp_oc, 1); if (oc != NULL && oc->flags & OC_F_HFP) { - xid = ObjGetXID(wrk, oc); + xid = VXID(ObjGetXID(wrk, oc)); dttl = EXP_Dttl(req, oc); AN(hsh_deref_objhead_unlock(wrk, &oh, HSH_RUSH_POLICY)); wrk->stats->cache_hitpass++; @@ -511,7 +511,7 @@ HSH_Lookup(struct req *req, struct objcore **ocp, struct objcore **bocp) *ocp = oc; oc->refcnt++; if (oc->flags & OC_F_HFM) { - xid = ObjGetXID(wrk, oc); + xid = VXID(ObjGetXID(wrk, oc)); dttl = EXP_Dttl(req, oc); *bocp = hsh_insert_busyobj(wrk, oh); Lck_Unlock(&oh->mtx); @@ -533,7 +533,7 @@ HSH_Lookup(struct req *req, struct objcore **ocp, struct objcore **bocp) * XXX should HFM objects actually have grace/keep ? * XXX also: why isn't *ocp = exp_oc ? */ - xid = ObjGetXID(wrk, exp_oc); + xid = VXID(ObjGetXID(wrk, exp_oc)); dttl = EXP_Dttl(req, exp_oc); *bocp = hsh_insert_busyobj(wrk, oh); Lck_Unlock(&oh->mtx); diff --git a/bin/varnishd/cache/cache_obj.c b/bin/varnishd/cache/cache_obj.c index b862d2c44..35a9635dd 100644 --- a/bin/varnishd/cache/cache_obj.c +++ b/bin/varnishd/cache/cache_obj.c @@ -536,12 +536,23 @@ ObjCopyAttr(struct worker *wrk, struct objcore *oc, struct objcore *ocs, return (0); } -unsigned +int +ObjSetXID(struct worker *wrk, struct objcore *oc, vxid_t xid) +{ + uint64_t u; + + u = VXID(xid); + AZ(ObjSetU64(wrk, oc, OA_VXID, u)); + return (0); +} + + +vxid_t ObjGetXID(struct worker *wrk, struct objcore *oc) { - uint32_t u; + vxid_t u; - AZ(ObjGetU32(wrk, oc, OA_VXID, &u)); + AZ(ObjGetU64(wrk, oc, OA_VXID, &u.vxid)); return (u); } @@ -616,32 +627,6 @@ ObjGetU64(struct worker *wrk, struct objcore *oc, enum obj_attr a, uint64_t *d) return (0); } -int -ObjSetU32(struct worker *wrk, struct objcore *oc, enum obj_attr a, uint32_t t) -{ - void *vp; - - vp = ObjSetAttr(wrk, oc, a, sizeof t, NULL); - if (vp == NULL) - return (-1); - vbe32enc(vp, t); - return (0); -} - -int -ObjGetU32(struct worker *wrk, struct objcore *oc, enum obj_attr a, uint32_t *d) -{ - const void *vp; - ssize_t l; - - vp = ObjGetAttr(wrk, oc, a, &l); - if (vp == NULL || l != sizeof *d) - return (-1); - if (d != NULL) - *d = vbe32dec(vp); - return (0); -} - /*-------------------------------------------------------------------- */ diff --git a/bin/varnishd/cache/cache_req.c b/bin/varnishd/cache/cache_req.c index 113f3a987..eb1700df1 100644 --- a/bin/varnishd/cache/cache_req.c +++ b/bin/varnishd/cache/cache_req.c @@ -88,13 +88,13 @@ Req_LogHit(struct worker *wrk, struct req *req, struct objcore *oc, clen = sep = ""; else sep = " "; - VSLb(req->vsl, SLT_Hit, "%u %.6f %.6f %.6f %jd%s%s", - ObjGetXID(wrk, oc), EXP_Dttl(req, oc), + VSLb(req->vsl, SLT_Hit, "%ju %.6f %.6f %.6f %jd%s%s", + VXID(ObjGetXID(wrk, oc)), EXP_Dttl(req, oc), oc->grace, oc->keep, fetch_progress, sep, clen); } else { - VSLb(req->vsl, SLT_Hit, "%u %.6f %.6f %.6f", - ObjGetXID(wrk, oc), EXP_Dttl(req, oc), + VSLb(req->vsl, SLT_Hit, "%ju %.6f %.6f %.6f", + VXID(ObjGetXID(wrk, oc)), EXP_Dttl(req, oc), oc->grace, oc->keep); } } diff --git a/bin/varnishd/cache/cache_req_fsm.c b/bin/varnishd/cache/cache_req_fsm.c index 3deb70e5a..f9c23d745 100644 --- a/bin/varnishd/cache/cache_req_fsm.c +++ b/bin/varnishd/cache/cache_req_fsm.c @@ -152,8 +152,8 @@ Resp_Setup_Deliver(struct req *req) http_ForceField(h, HTTP_HDR_PROTO, "HTTP/1.1"); if (req->is_hit) - http_PrintfHeader(h, "X-Varnish: %ju %u", VXID(req->vsl->wid), - ObjGetXID(req->wrk, oc)); + http_PrintfHeader(h, "X-Varnish: %ju %ju", VXID(req->vsl->wid), + VXID(ObjGetXID(req->wrk, oc))); else http_PrintfHeader(h, "X-Varnish: %ju", VXID(req->vsl->wid)); diff --git a/bin/varnishd/cache/cache_varnishd.h b/bin/varnishd/cache/cache_varnishd.h index e6dc7e697..08763874c 100644 --- a/bin/varnishd/cache/cache_varnishd.h +++ b/bin/varnishd/cache/cache_varnishd.h @@ -347,8 +347,8 @@ int ObjCopyAttr(struct worker *, struct objcore *, struct objcore *, void ObjBocDone(struct worker *, struct objcore *, struct boc **); int ObjSetDouble(struct worker *, struct objcore *, enum obj_attr, double); -int ObjSetU32(struct worker *, struct objcore *, enum obj_attr, uint32_t); int ObjSetU64(struct worker *, struct objcore *, enum obj_attr, uint64_t); +int ObjSetXID(struct worker *, struct objcore *, vxid_t); void ObjSetFlag(struct worker *, struct objcore *, enum obj_flags of, int val); diff --git a/bin/varnishd/storage/storage_lru.c b/bin/varnishd/storage/storage_lru.c index e14782e56..5e046e794 100644 --- a/bin/varnishd/storage/storage_lru.c +++ b/bin/varnishd/storage/storage_lru.c @@ -204,7 +204,7 @@ LRU_NukeOne(struct worker *wrk, struct lru *lru) /* XXX: We could grab and return one storage segment to our caller */ ObjSlim(wrk, oc); - VSLb(wrk->vsl, SLT_ExpKill, "LRU x=%u", ObjGetXID(wrk, oc)); + VSLb(wrk->vsl, SLT_ExpKill, "LRU xid=%ju", VXID(ObjGetXID(wrk, oc))); (void)HSH_DerefObjCore(wrk, &oc, 0); // Ref from HSH_Snipe return (1); } diff --git a/bin/varnishtest/tests/p00000.vtc b/bin/varnishtest/tests/p00000.vtc index ea803b524..874adcd96 100644 --- a/bin/varnishtest/tests/p00000.vtc +++ b/bin/varnishtest/tests/p00000.vtc @@ -13,7 +13,7 @@ process p1 -wait server s1 { rxreq - txresp + txresp -body FOO accept rxreq txresp -status 700 diff --git a/bin/varnishtest/tests/r01140.vtc b/bin/varnishtest/tests/r01140.vtc index 1c9bd4973..2c61bff60 100644 --- a/bin/varnishtest/tests/r01140.vtc +++ b/bin/varnishtest/tests/r01140.vtc @@ -4,7 +4,7 @@ server s1 { # This response should almost completely fill the storage rxreq expect req.url == /url1 - txresp -bodylen 1048408 + txresp -bodylen 1048400 # The next one should not fit in the storage, ending up in transient # with zero ttl (=shortlived) @@ -31,7 +31,7 @@ client c1 { txreq -url /url1 rxresp expect resp.status == 200 - expect resp.bodylen == 1048408 + expect resp.bodylen == 1048400 } -run delay .1 diff --git a/bin/varnishtest/tests/r02339.vtc b/bin/varnishtest/tests/r02339.vtc index 11f84fb27..d4d06e859 100644 --- a/bin/varnishtest/tests/r02339.vtc +++ b/bin/varnishtest/tests/r02339.vtc @@ -55,7 +55,7 @@ varnish v1 -vcl+backend { varnish v1 -cliok "param.set timeout_idle 2" logexpect l0 -v v1 -g raw { - expect * 0 ExpKill "EXP_Expired x=1002" + expect * 0 ExpKill "EXP_Expired xid=1002" } -start logexpect l2 -v v1 -g raw { diff --git a/bin/varnishtest/tests/t02022.vtc b/bin/varnishtest/tests/t02022.vtc index a646893be..e4cc543d1 100644 --- a/bin/varnishtest/tests/t02022.vtc +++ b/bin/varnishtest/tests/t02022.vtc @@ -72,7 +72,7 @@ varnish v1 -expect SM?.rxbuf.g_bytes >= 1048000 varnish v1 -expect MAIN.n_lru_nuked == 0 logexpect l1 -v v1 -g raw -q "Expkill ~ LRU" { - expect * * Expkill x=1005 + expect * * Expkill xid=1005 } -start client c3 { diff --git a/bin/varnishtest/tests/v00064.vtc b/bin/varnishtest/tests/v00064.vtc index 19544d686..63568bd62 100644 --- a/bin/varnishtest/tests/v00064.vtc +++ b/bin/varnishtest/tests/v00064.vtc @@ -7,7 +7,7 @@ server s1 { rxreq expect req.url == "/malloc" - txresp -hdr "Cache-Control: max-age=2" -hdr "Last-Modified: Fri, 03 Apr 2020 13:00:01 GMT" -bodylen 1048300 + txresp -hdr "Cache-Control: max-age=2" -hdr "Last-Modified: Fri, 03 Apr 2020 13:00:01 GMT" -bodylen 1048292 rxreq expect req.http.If-Modified-Since == "Fri, 03 Apr 2020 13:00:01 GMT" diff --git a/include/tbl/obj_attr.h b/include/tbl/obj_attr.h index 65c3ac0cc..f9441b17a 100644 --- a/include/tbl/obj_attr.h +++ b/include/tbl/obj_attr.h @@ -33,11 +33,11 @@ /* upper, lower, size */ #ifdef OBJ_FIXATTR - OBJ_FIXATTR(LEN, len, 8) - OBJ_FIXATTR(VXID, vxid, 4) + OBJ_FIXATTR(LEN, len, sizeof(uint64_t)) + OBJ_FIXATTR(VXID, vxid, sizeof(uint64_t)) OBJ_FIXATTR(FLAGS, flags, 1) OBJ_FIXATTR(GZIPBITS, gzipbits, 32) - OBJ_FIXATTR(LASTMODIFIED, lastmodified, 8) + OBJ_FIXATTR(LASTMODIFIED, lastmodified, sizeof(double)) #undef OBJ_FIXATTR #endif diff --git a/vmod/tests/purge_c00000.vtc b/vmod/tests/purge_c00000.vtc index 267f4b882..8cf199a12 100644 --- a/vmod/tests/purge_c00000.vtc +++ b/vmod/tests/purge_c00000.vtc @@ -68,7 +68,7 @@ logexpect l2 -v v1 -q "Begin ~ bgfetch" { } -start logexpect l3 -v v1 -g raw -q "vxid == 0" { - expect * * ExpKill x=1008 + expect * * ExpKill xid=1008 } -start client c1 { From nils.goroll at uplex.de Wed Apr 12 13:57:06 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Wed, 12 Apr 2023 13:57:06 +0000 (UTC) Subject: [master] 1a9beb31d vtest: Allow to inject varnishd arguments via VTEST_VARNISHD_ADD_ARGS Message-ID: <20230412135706.84FE811815E@lists.varnish-cache.org> commit 1a9beb31d7f164832e00185b4d2ba85671f93d29 Author: Nils Goroll Date: Tue Feb 28 15:13:33 2023 +0100 vtest: Allow to inject varnishd arguments via VTEST_VARNISHD_ADD_ARGS This is useful to test extensions with otherwise unaltered varnish test cases, for example: VTEST_VARNISHD_ADD_ARGS='-E/tmp/lib/varnish/vmods/libvmod_slash.so -sfellow=fellow,${tmpdir}/fellow.stv,100MB,1MB,64KB -sTransient=fellow,${tmpdir}/transient.stv,100MB,1MB,64KB' ./varnishtest -i ... These arguments are added and this injection method does not achieve its goal in all cases (e.g. for the example it breaks when other stevedore definitions conflict), but it still reduces the cases requiring manual intervention substantially. diff --git a/bin/varnishtest/vtc_varnish.c b/bin/varnishtest/vtc_varnish.c index f763fcce7..5c7fa3ce1 100644 --- a/bin/varnishtest/vtc_varnish.c +++ b/bin/varnishtest/vtc_varnish.c @@ -93,6 +93,8 @@ struct varnish { #define NONSENSE "%XJEIFLH|)Xspa8P" +#define VARNISHD_ADD_ARGS_ENV_VAR "VTEST_VARNISHD_ADD_ARGS" + static VTAILQ_HEAD(, varnish) varnishes = VTAILQ_HEAD_INITIALIZER(varnishes); @@ -389,7 +391,7 @@ varnish_launch(struct varnish *v) char abuf[128], pbuf[128]; struct pollfd fd[3]; enum VCLI_status_e u; - const char *err; + const char *err, *env_args; char *r = NULL; /* Create listener socket */ @@ -429,6 +431,9 @@ varnish_launch(struct varnish *v) VSB_printf(vsb, " -P %s/varnishd.pid", v->workdir); if (vmod_path != NULL) VSB_printf(vsb, " -p vmod_path=%s", vmod_path); + env_args = getenv(VARNISHD_ADD_ARGS_ENV_VAR); + if (env_args) + VSB_printf(vsb, " %s", env_args); VSB_printf(vsb, " %s", VSB_data(v->args)); AZ(VSB_finish(vsb)); vtc_log(v->vl, 3, "CMD: %s", VSB_data(vsb)); @@ -1068,6 +1073,9 @@ vsl_catchup(struct varnish *v) * \-arg STRING * Pass an argument to varnishd, for example "-h simple_list". * + * The environment variable VTEST_VARNISHD_ADD_ARGS can be used to + * inject additional arguments. + * * \-vcl STRING * Specify the VCL to load on this Varnish instance. You'll probably * want to use multi-lines strings for this ({...}). From phk at FreeBSD.org Wed Apr 12 21:05:11 2023 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 12 Apr 2023 21:05:11 +0000 (UTC) Subject: [master] 22f5e216f Teach the persistent stevedore to fix up pointers if the silo gets remapped a different place. Message-ID: <20230412210511.9A83463E18@lists.varnish-cache.org> commit 22f5e216fb22ef4ae17b877ed80a99dc090123ed Author: Poul-Henning Kamp Date: Wed Apr 12 21:03:01 2023 +0000 Teach the persistent stevedore to fix up pointers if the silo gets remapped a different place. (This would be horribly slow to run in production.) diff --git a/bin/varnishd/storage/mgt_storage_persistent.c b/bin/varnishd/storage/mgt_storage_persistent.c index e70c8414f..9bfcce676 100644 --- a/bin/varnishd/storage/mgt_storage_persistent.c +++ b/bin/varnishd/storage/mgt_storage_persistent.c @@ -141,7 +141,6 @@ void v_matchproto_(storage_init_f) smp_mgt_init(struct stevedore *parent, int ac, char * const *av) { struct smp_sc *sc; - struct smp_sign sgn; void *target; int i, mmap_flags; @@ -195,51 +194,20 @@ smp_mgt_init(struct stevedore *parent, int ac, char * const *av) AZ(ftruncate(sc->fd, sc->mediasize)); /* Try to determine correct mmap address */ - i = read(sc->fd, &sgn, sizeof sgn); - assert(i == sizeof sgn); - if (!memcmp(sgn.ident, "SILO", 5)) - target = (void*)(uintptr_t)sgn.mapped; - else - target = NULL; + target = NULL; mmap_flags = MAP_NOCORE | MAP_NOSYNC | MAP_SHARED; - if (target) { - mmap_flags |= MAP_FIXED; -#ifdef MAP_EXCL - mmap_flags |= MAP_EXCL; -#endif - } else { -#ifdef __FreeBSD__ - /* - * I guess the people who came up with ASLR never learned - * that virtual memory can have benficial uses, because they - * added no facility for realiably and portably allocing - * stable address-space. - * This stevedore is only for testing these days, so we - * can get away with just hacking something up: 16M below - * the break seems to work on FreeBSD. - */ - uintptr_t up; - up = (uintptr_t)sbrk(0); - up -= 1ULL<<24; - up -= sc->mediasize; - up &= ~(getpagesize() - 1ULL); - target = (void *)up; -#endif #ifdef MAP_ALIGNED_SUPER - mmap_flags |= MAP_ALIGNED_SUPER; + mmap_flags |= MAP_ALIGNED_SUPER; #endif - } + sc->base = (void*)mmap(target, sc->mediasize, PROT_READ|PROT_WRITE, mmap_flags, sc->fd, 0); if (sc->base == MAP_FAILED) ARGV_ERR("(-spersistent) failed to mmap (%s) @%p\n", VAS_errtxt(errno), target); - if (target != NULL && sc->base != target) - fprintf(stderr, "WARNING: Persistent silo lost to ASLR %s\n", - sc->filename); smp_def_sign(sc, &sc->idn, 0, "SILO"); sc->ident = SIGN_DATA(&sc->idn); diff --git a/bin/varnishd/storage/storage_persistent.c b/bin/varnishd/storage/storage_persistent.c index a5e7b40f4..47a0e4b12 100644 --- a/bin/varnishd/storage/storage_persistent.c +++ b/bin/varnishd/storage/storage_persistent.c @@ -494,7 +494,7 @@ smp_allocx(const struct stevedore *st, size_t min_size, size_t max_size, INIT_OBJ(ss, STORAGE_MAGIC); ss->ptr = PRNUP(sc, ss + 1); ss->space = max_size; - ss->priv = sc; + ss->priv = sc->base; if (ssg != NULL) *ssg = sg; return (ss); @@ -566,7 +566,7 @@ smp_allocobj(struct worker *wrk, const struct stevedore *stv, assert(sizeof so->hash == DIGEST_LEN); memcpy(so->hash, oc->objhead->digest, DIGEST_LEN); EXP_COPY(so, oc); - so->ptr = (uint8_t*)o - sc->base; + so->ptr = (uint8_t*)(o->objstore) - sc->base; so->ban = BAN_Time(oc->ban); smp_init_oc(oc, sg, objidx); diff --git a/bin/varnishd/storage/storage_persistent_silo.c b/bin/varnishd/storage/storage_persistent_silo.c index 942103d33..81c24b436 100644 --- a/bin/varnishd/storage/storage_persistent_silo.c +++ b/bin/varnishd/storage/storage_persistent_silo.c @@ -396,13 +396,27 @@ smp_loaded_st(const struct smp_sc *sc, const struct smp_seg *sg, * objcore methods for persistent objects */ +static void +fix_ptr(const struct smp_seg *sg, const struct storage *st, void **ptr) +{ + // See comment where used below + uintptr_t u; + + u = (uintptr_t)(*ptr); + if (u != 0) { + u -= (uintptr_t)st->priv; + u += (uintptr_t)sg->sc->base; + } + *ptr = (void *)u; +} + struct object * v_matchproto_(sml_getobj_f) smp_sml_getobj(struct worker *wrk, struct objcore *oc) { struct object *o; struct smp_seg *sg; struct smp_object *so; - struct storage *st; + struct storage *st, *st2; uint64_t l; int bad; @@ -413,7 +427,43 @@ smp_sml_getobj(struct worker *wrk, struct objcore *oc) CAST_OBJ_NOTNULL(sg, oc->stobj->priv, SMP_SEG_MAGIC); so = smp_find_so(sg, oc->stobj->priv2); - o = (void*)(sg->sc->base + so->ptr); + /************************************************************** + * The silo may have been remapped at a different address, + * because the people who came up with ASLR were unable + * imagine that there might be beneficial use-cases for + * always mapping a file at the same specific address. + * + * We store the silos base address in struct storage->priv + * and manually fix all the pointers in struct object and + * the list of struct storage objects which hold the body. + * When done, we update the storage->priv, so we can do the + * same trick next time. + * + * This is a prohibitively expensive workaround, but we can + * live with it, because the role of this stevedore is only + * to keep the internal stevedore API honest. + */ + + st = (void*)(sg->sc->base + so->ptr); + fix_ptr(sg, st, (void**)&st->ptr); + + o = (void*)st->ptr; + fix_ptr(sg, st, (void**)&o->objstore); + fix_ptr(sg, st, (void**)&o->va_vary); + fix_ptr(sg, st, (void**)&o->va_headers); + fix_ptr(sg, st, (void**)&o->list.vtqh_first); + fix_ptr(sg, st, (void**)&o->list.vtqh_last); + st->priv = (void*)(sg->sc->base); + + st2 = o->list.vtqh_first; + while (st2 != NULL) { + fix_ptr(sg, st2, (void**)&st2->list.vtqe_next); + fix_ptr(sg, st2, (void**)&st2->list.vtqe_prev); + fix_ptr(sg, st2, (void**)&st2->ptr); + st2->priv = (void*)(sg->sc->base); + st2 = st2->list.vtqe_next; + } + /* * The object may not be in this segment since we allocate it * In a separate operation than the smp_object. We could check diff --git a/bin/varnishd/storage/storage_persistent_subr.c b/bin/varnishd/storage/storage_persistent_subr.c index 0506c57eb..09acea821 100644 --- a/bin/varnishd/storage/storage_persistent_subr.c +++ b/bin/varnishd/storage/storage_persistent_subr.c @@ -95,7 +95,7 @@ smp_chk_sign(struct smp_signctx *ctx) r = 1; else if (ctx->unique != ctx->ss->unique) r = 2; - else if ((uintptr_t)ctx->ss != ctx->ss->mapped) + else if (!ctx->ss->mapped) r = 3; else { VSHA256_Init(&ctx->ctx); diff --git a/bin/varnishtest/tests/p00000.vtc b/bin/varnishtest/tests/p00000.vtc index 874adcd96..8b4b6493d 100644 --- a/bin/varnishtest/tests/p00000.vtc +++ b/bin/varnishtest/tests/p00000.vtc @@ -37,6 +37,8 @@ client c1 { expect resp.http.X-Varnish == "1001" } -run +varnish v1 -vsl_catchup + varnish v1 -cliok "storage.list" varnish v1 -cliok "debug.persistent s0 dump" varnish v1 -cliok "debug.persistent s0 sync" diff --git a/bin/varnishtest/tests/p00008.vtc b/bin/varnishtest/tests/p00008.vtc index a1dab907c..cde88be53 100644 --- a/bin/varnishtest/tests/p00008.vtc +++ b/bin/varnishtest/tests/p00008.vtc @@ -2,9 +2,6 @@ varnishtest "Ban list sync across silos" feature persistent_storage -# VM-remapping is too random on OSX -feature cmd {test $(uname) != "Darwin"} - shell "rm -f ${tmpdir}/_.per[12]" # Silo 1 & 2 diff --git a/bin/varnishtest/tests/r00962.vtc b/bin/varnishtest/tests/r00962.vtc index 91c093075..9f28a6e9e 100644 --- a/bin/varnishtest/tests/r00962.vtc +++ b/bin/varnishtest/tests/r00962.vtc @@ -2,8 +2,6 @@ varnishtest "Test address remapping" feature persistent_storage -feature disable_aslr - # VM-remapping is too random on OSX feature cmd {test $(uname) != "Darwin"} # Same on some hardened Linux From dridi.boukelmoune at gmail.com Fri Apr 14 11:38:08 2023 From: dridi.boukelmoune at gmail.com (Dridi Boukelmoune) Date: Fri, 14 Apr 2023 11:38:08 +0000 (UTC) Subject: [stv_allocobj_error] 887d5c63b SQUASHME: fix test case Message-ID: <20230414113808.A0EF711F8DE@lists.varnish-cache.org> commit 887d5c63be9e630ce7d9272326e0b292dc2c0924 Author: Dridi Boukelmoune Date: Fri Apr 14 13:36:52 2023 +0200 SQUASHME: fix test case diff --git a/bin/varnishtest/tests/r03502.vtc b/bin/varnishtest/tests/r03502.vtc index 88b56e2ec..db9e0a97f 100644 --- a/bin/varnishtest/tests/r03502.vtc +++ b/bin/varnishtest/tests/r03502.vtc @@ -41,6 +41,7 @@ logexpect l1 -v v1 -g vxid -q "vxid == 1004" { # Ensure the FetchError is in vbf_beresp2obj() # not later in the VFP. Otherwise we have too much free_space fail add = Storage + expect 0 = Error {^Failed to create object object from .+ Transient} expect 0 = FetchError {^Could not get storage} fail clear } -start From dridi at varni.sh Fri Apr 14 12:40:13 2023 From: dridi at varni.sh (Dridi Boukelmoune) Date: Fri, 14 Apr 2023 12:40:13 +0000 Subject: [stv_allocobj_error] 887d5c63b SQUASHME: fix test case In-Reply-To: <20230414113808.A0EF711F8DE@lists.varnish-cache.org> References: <20230414113808.A0EF711F8DE@lists.varnish-cache.org> Message-ID: On Fri, Apr 14, 2023 at 11:38?AM Dridi Boukelmoune wrote: > > > commit 887d5c63be9e630ce7d9272326e0b292dc2c0924 > Author: Dridi Boukelmoune > Date: Fri Apr 14 13:36:52 2023 +0200 > > SQUASHME: fix test case I opened two pull requests today, and somehow one of the two branches landed here instead of my own repository. Apologies, I didn't even realize it. From dridi.boukelmoune at gmail.com Mon Apr 17 20:12:07 2023 From: dridi.boukelmoune at gmail.com (Dridi Boukelmoune) Date: Mon, 17 Apr 2023 20:12:07 +0000 (UTC) Subject: [master] c73b1b40d Revert "vtest: Allow to inject varnishd arguments via VTEST_VARNISHD_ADD_ARGS" Message-ID: <20230417201207.3AB646479E@lists.varnish-cache.org> commit c73b1b40de8380e46562ebbefed7fcecf5d73c89 Author: Dridi Boukelmoune Date: Fri Apr 14 15:09:54 2023 +0200 Revert "vtest: Allow to inject varnishd arguments via VTEST_VARNISHD_ADD_ARGS" This reverts commit 1a9beb31d7f164832e00185b4d2ba85671f93d29. See discussion from #3897. diff --git a/bin/varnishtest/vtc_varnish.c b/bin/varnishtest/vtc_varnish.c index 5c7fa3ce1..f763fcce7 100644 --- a/bin/varnishtest/vtc_varnish.c +++ b/bin/varnishtest/vtc_varnish.c @@ -93,8 +93,6 @@ struct varnish { #define NONSENSE "%XJEIFLH|)Xspa8P" -#define VARNISHD_ADD_ARGS_ENV_VAR "VTEST_VARNISHD_ADD_ARGS" - static VTAILQ_HEAD(, varnish) varnishes = VTAILQ_HEAD_INITIALIZER(varnishes); @@ -391,7 +389,7 @@ varnish_launch(struct varnish *v) char abuf[128], pbuf[128]; struct pollfd fd[3]; enum VCLI_status_e u; - const char *err, *env_args; + const char *err; char *r = NULL; /* Create listener socket */ @@ -431,9 +429,6 @@ varnish_launch(struct varnish *v) VSB_printf(vsb, " -P %s/varnishd.pid", v->workdir); if (vmod_path != NULL) VSB_printf(vsb, " -p vmod_path=%s", vmod_path); - env_args = getenv(VARNISHD_ADD_ARGS_ENV_VAR); - if (env_args) - VSB_printf(vsb, " %s", env_args); VSB_printf(vsb, " %s", VSB_data(v->args)); AZ(VSB_finish(vsb)); vtc_log(v->vl, 3, "CMD: %s", VSB_data(vsb)); @@ -1073,9 +1068,6 @@ vsl_catchup(struct varnish *v) * \-arg STRING * Pass an argument to varnishd, for example "-h simple_list". * - * The environment variable VTEST_VARNISHD_ADD_ARGS can be used to - * inject additional arguments. - * * \-vcl STRING * Specify the VCL to load on this Varnish instance. You'll probably * want to use multi-lines strings for this ({...}). From dridi.boukelmoune at gmail.com Mon Apr 17 20:12:07 2023 From: dridi.boukelmoune at gmail.com (Dridi Boukelmoune) Date: Mon, 17 Apr 2023 20:12:07 +0000 (UTC) Subject: [master] f74d821ad varnishtest: New macro_isdef() function Message-ID: <20230417201207.93090647A2@lists.varnish-cache.org> commit f74d821ad6cf770a4726b16af58e80594bca187e Author: Dridi Boukelmoune Date: Fri Apr 14 15:22:30 2023 +0200 varnishtest: New macro_isdef() function diff --git a/bin/varnishtest/vtc.c b/bin/varnishtest/vtc.c index f4ffeedcc..12647c6ee 100644 --- a/bin/varnishtest/vtc.c +++ b/bin/varnishtest/vtc.c @@ -216,6 +216,26 @@ macro_undef(struct vtclog *vl, const char *instance, const char *name) AZ(pthread_mutex_unlock(¯o_mtx)); } +unsigned +macro_isdef(const char *instance, const char *name) +{ + char buf1[256]; + struct macro *m; + + if (instance != NULL) { + bprintf(buf1, "%s_%s", instance, name); + name = buf1; + } + + AZ(pthread_mutex_lock(¯o_mtx)); + VTAILQ_FOREACH(m, ¯o_list, list) + if (!strcmp(name, m->name)) + break; + AZ(pthread_mutex_unlock(¯o_mtx)); + + return (m != NULL); +} + void macro_cat(struct vtclog *vl, struct vsb *vsb, const char *b, const char *e) { diff --git a/bin/varnishtest/vtc.h b/bin/varnishtest/vtc.h index 0c33f1adf..ab0b8031a 100644 --- a/bin/varnishtest/vtc.h +++ b/bin/varnishtest/vtc.h @@ -132,8 +132,8 @@ int exec_file(const char *fn, const char *script, const char *tmpdir, void macro_undef(struct vtclog *vl, const char *instance, const char *name); void macro_def(struct vtclog *vl, const char *instance, const char *name, - const char *fmt, ...) - v_printflike_(4, 5); + const char *fmt, ...) v_printflike_(4, 5); +unsigned macro_isdef(const char *instance, const char *name); void macro_cat(struct vtclog *, struct vsb *, const char *, const char *); struct vsb *macro_expand(struct vtclog *vl, const char *text); struct vsb *macro_expandf(struct vtclog *vl, const char *, ...) From dridi.boukelmoune at gmail.com Mon Apr 17 20:12:07 2023 From: dridi.boukelmoune at gmail.com (Dridi Boukelmoune) Date: Mon, 17 Apr 2023 20:12:07 +0000 (UTC) Subject: [master] dca6658ae varnishtest: Introduce a ${varnishd_args} macro Message-ID: <20230417201208.1B08B647AD@lists.varnish-cache.org> commit dca6658ae75fd7dbca6e0696a3f554c0f74aced0 Author: Dridi Boukelmoune Date: Fri Apr 14 15:29:11 2023 +0200 varnishtest: Introduce a ${varnishd_args} macro Refs #3897 diff --git a/bin/varnishtest/vtc_varnish.c b/bin/varnishtest/vtc_varnish.c index f763fcce7..c8b6bba15 100644 --- a/bin/varnishtest/vtc_varnish.c +++ b/bin/varnishtest/vtc_varnish.c @@ -430,6 +430,10 @@ varnish_launch(struct varnish *v) if (vmod_path != NULL) VSB_printf(vsb, " -p vmod_path=%s", vmod_path); VSB_printf(vsb, " %s", VSB_data(v->args)); + if (macro_isdef(NULL, "varnishd_args")) { + VSB_putc(vsb, ' '); + macro_cat(v->vl, vsb, "varnishd_args", NULL); + } AZ(VSB_finish(vsb)); vtc_log(v->vl, 3, "CMD: %s", VSB_data(vsb)); vsb1 = macro_expand(v->vl, VSB_data(vsb)); @@ -1068,6 +1072,12 @@ vsl_catchup(struct varnish *v) * \-arg STRING * Pass an argument to varnishd, for example "-h simple_list". * + * If the ${varnishd_args} macro is defined, it is expanded and + * appended to the varnishd command line, before the command line + * itself is expanded. This enables tweaks to the varnishd command + * line without editing test cases. This macro can be defined using + * the ``-D`` option for varnishtest. + * * \-vcl STRING * Specify the VCL to load on this Varnish instance. You'll probably * want to use multi-lines strings for this ({...}). From dridi.boukelmoune at gmail.com Tue Apr 18 09:11:08 2023 From: dridi.boukelmoune at gmail.com (Dridi Boukelmoune) Date: Tue, 18 Apr 2023 09:11:08 +0000 (UTC) Subject: [master] 537b74f55 cache: It's time for the big quit Message-ID: <20230418091108.CB065118441@lists.varnish-cache.org> commit 537b74f559cb7cc5672305383d739e7310511277 Author: Dridi Boukelmoune Date: Wed Apr 12 20:55:34 2023 +0200 cache: It's time for the big quit When mgt sends a command to the cache process, whether it is a period ping or an actual operation, it must complete within cli_timeout. When the cache fails to meet this requirement, mgt sends a SIGQUIT signal to the cache process. As a result the cache process MAY dump a core file for post-mortem analysis. When the core file is missing we are left to our own devices. To mitigate this, a new signal handler is added for SIGQUIT, but since we can't (or don't even try to) guarantee delivery on the CLI thread, we make a last-ditch effort to forward SIGQUIT signals to properly panic from the CLI thread. With a regular panic we may get both a panic report and a core dump. I didn't add test coverage for this, since we try to avoid intentional core dumps in test cases with the `no_coredump` feature flag that turns SIGQUIT into a SIGKILL signal. diff --git a/bin/varnishd/cache/cache.h b/bin/varnishd/cache/cache.h index 21b44fbf2..6e73158f8 100644 --- a/bin/varnishd/cache/cache.h +++ b/bin/varnishd/cache/cache.h @@ -605,7 +605,8 @@ void BAN_Abandon(struct ban_proto *b); /* cache_cli.c [CLI] */ extern pthread_t cli_thread; -#define ASSERT_CLI() do {assert(pthread_equal(pthread_self(), cli_thread));} while (0) +#define IS_CLI() (pthread_equal(pthread_self(), cli_thread)) +#define ASSERT_CLI() do {assert(IS_CLI());} while (0) /* cache_http.c */ unsigned HTTP_estimate(unsigned nhttp); diff --git a/bin/varnishd/cache/cache_main.c b/bin/varnishd/cache/cache_main.c index 2d8bd510d..2cf82fd95 100644 --- a/bin/varnishd/cache/cache_main.c +++ b/bin/varnishd/cache/cache_main.c @@ -330,7 +330,7 @@ child_signal_handler(int s, siginfo_t *si, void *c) } /*===================================================================== - * Magic for panicing properly on signals + * Magic for panicking properly on signals */ static void @@ -363,6 +363,17 @@ child_sigmagic(size_t altstksz) (void)sigaction(SIGSEGV, &sa, NULL); } +static void +cli_quit(int sig) +{ + + if (!IS_CLI()) { + AZ(pthread_kill(cli_thread, sig)); + return; + } + + WRONG("It's time for the big quit"); +} /*===================================================================== * Run the child process @@ -376,6 +387,7 @@ child_main(int sigmagic, size_t altstksz) child_sigmagic(altstksz); (void)signal(SIGINT, SIG_DFL); (void)signal(SIGTERM, SIG_DFL); + (void)signal(SIGQUIT, cli_quit); #if defined(__FreeBSD__) && __FreeBSD_version >= 1000000 malloc_message = child_malloc_fail; From dridi.boukelmoune at gmail.com Tue Apr 18 10:19:06 2023 From: dridi.boukelmoune at gmail.com (Dridi Boukelmoune) Date: Tue, 18 Apr 2023 10:19:06 +0000 (UTC) Subject: [master] 5335cf6a7 stevedore: Log failures to create objects Message-ID: <20230418101906.31FBA11A649@lists.varnish-cache.org> commit 5335cf6a7ca488cc9a8cce7208b3d23b7e21b18f Author: Dridi Boukelmoune Date: Thu Apr 13 11:40:44 2023 +0200 stevedore: Log failures to create objects We only log a Storage record when we successfully create an object, but there may be no clue regarding which storage backend failed to allocate. We can infer from stevedore VSCs where allocation failures happened, but knowing from a VCL transaction which one failed will give a definitive answer. This is logged as an Error record, and the existing FetchError record from VFPs ("Could not get storage") is left alone. diff --git a/bin/varnishd/storage/stevedore.c b/bin/varnishd/storage/stevedore.c index ccacac33c..002fcf627 100644 --- a/bin/varnishd/storage/stevedore.c +++ b/bin/varnishd/storage/stevedore.c @@ -88,8 +88,12 @@ STV_NewObject(struct worker *wrk, struct objcore *oc, wrk->strangelove = cache_param->nuke_limit; AN(stv->allocobj); - if (stv->allocobj(wrk, stv, oc, wsl) == 0) + if (stv->allocobj(wrk, stv, oc, wsl) == 0) { + VSLb(wrk->vsl, SLT_Error, + "Failed to create object object from %s %s", + stv->name, stv->ident); return (0); + } oc->oa_present = 0; wrk->stats->n_object++; VSLb(wrk->vsl, SLT_Storage, "%s %s", diff --git a/bin/varnishtest/tests/r03502.vtc b/bin/varnishtest/tests/r03502.vtc index 88b56e2ec..db9e0a97f 100644 --- a/bin/varnishtest/tests/r03502.vtc +++ b/bin/varnishtest/tests/r03502.vtc @@ -41,6 +41,7 @@ logexpect l1 -v v1 -g vxid -q "vxid == 1004" { # Ensure the FetchError is in vbf_beresp2obj() # not later in the VFP. Otherwise we have too much free_space fail add = Storage + expect 0 = Error {^Failed to create object object from .+ Transient} expect 0 = FetchError {^Could not get storage} fail clear } -start From nils.goroll at uplex.de Sun Apr 23 08:46:10 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Sun, 23 Apr 2023 08:46:10 +0000 (UTC) Subject: [master] b8e277ba7 Fix error message when pushing v1d fails Message-ID: <20230423084610.A88D770BA@lists.varnish-cache.org> commit b8e277ba7a9e0b0588377605887384005fa50c2e Author: Nils Goroll Date: Sun Apr 23 09:55:33 2023 +0200 Fix error message when pushing v1d fails Currently the only possible cause is a workspace_client overflow, but should v1d ever gain an init callback, that could change. At any rate the cause is never a workspace_thread overflow. diff --git a/bin/varnishd/http1/cache_http1_deliver.c b/bin/varnishd/http1/cache_http1_deliver.c index 0d0b1bf39..00331091e 100644 --- a/bin/varnishd/http1/cache_http1_deliver.c +++ b/bin/varnishd/http1/cache_http1_deliver.c @@ -123,7 +123,7 @@ V1D_Deliver(struct req *req, struct boc *boc, int sendbody) INIT_OBJ(ctx, VRT_CTX_MAGIC); VCL_Req2Ctx(ctx, req); if (VDP_Push(ctx, req->vdc, req->ws, &v1d_vdp, NULL)) { - v1d_error(req, "workspace_thread overflow"); + v1d_error(req, "Failure to push v1d processor"); return; } } From nils.goroll at uplex.de Sun Apr 23 08:46:10 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Sun, 23 Apr 2023 08:46:10 +0000 (UTC) Subject: [master] 4abf7d80f r02618.vtc: Reduce the amount of logging Message-ID: <20230423084610.C86A570BE@lists.varnish-cache.org> commit 4abf7d80f6a10e0c51d059462fa6e53a13b6e6f2 Author: Nils Goroll Date: Sun Apr 23 10:20:30 2023 +0200 r02618.vtc: Reduce the amount of logging Preparing to extend the test with the default vtc log buffer size. diff --git a/bin/varnishtest/tests/r02618.vtc b/bin/varnishtest/tests/r02618.vtc index 2b8dba60b..6dd69930b 100644 --- a/bin/varnishtest/tests/r02618.vtc +++ b/bin/varnishtest/tests/r02618.vtc @@ -15,6 +15,13 @@ varnish v1 -vcl+backend { } } -start +varnish v1 -cliok "param.set vsl_mask -ReqHeader,-ReqUnset" +varnish v1 -cliok "param.set vsl_mask -ReqProtocol" +varnish v1 -cliok "param.set vsl_mask -RespHeader,-RespUnset" +varnish v1 -cliok "param.set vsl_mask -RespReason,-RespProtocol" +varnish v1 -cliok "param.set vsl_mask -Timestamp,-Debug" +varnish v1 -cliok "param.set vsl_mask -VCL_call,-VCL_return,-Hit" + client c1 -repeat 100 { txreq -url "/" # some responses will fail (503), some won't. All we care From nils.goroll at uplex.de Sun Apr 23 08:46:10 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Sun, 23 Apr 2023 08:46:10 +0000 (UTC) Subject: [master] e091bcc71 r02618.vtc: Exercise over UDS Message-ID: <20230423084610.E96CB70C6@lists.varnish-cache.org> commit e091bcc7106f706a7dad8a10049c68538d0bb9bd Author: Nils Goroll Date: Sun Apr 23 10:25:03 2023 +0200 r02618.vtc: Exercise over UDS to keep down the number of ephemeral TCP ports used. diff --git a/bin/varnishtest/tests/r02618.vtc b/bin/varnishtest/tests/r02618.vtc index 6dd69930b..99ebe8206 100644 --- a/bin/varnishtest/tests/r02618.vtc +++ b/bin/varnishtest/tests/r02618.vtc @@ -5,7 +5,7 @@ server s1 { txresp -hdr "Cache-Control: mag-age=3600" -bodylen 1024 } -start -varnish v1 -vcl+backend { +varnish v1 -arg "-a ${tmpdir}/v1.sock" -vcl+backend { import vtc; sub vcl_recv { return (hash); @@ -22,7 +22,7 @@ varnish v1 -cliok "param.set vsl_mask -RespReason,-RespProtocol" varnish v1 -cliok "param.set vsl_mask -Timestamp,-Debug" varnish v1 -cliok "param.set vsl_mask -VCL_call,-VCL_return,-Hit" -client c1 -repeat 100 { +client c1 -connect "${tmpdir}/v1.sock" -repeat 100 { txreq -url "/" # some responses will fail (503), some won't. All we care # about here is the fact that we don't panic From nils.goroll at uplex.de Sun Apr 23 08:46:11 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Sun, 23 Apr 2023 08:46:11 +0000 (UTC) Subject: [master] 28580edfe r02618.vtc: Improve tight client workspace sweep test Message-ID: <20230423084611.1601470CC@lists.varnish-cache.org> commit 28580edfe2fd348baa5b98949c84255ec59dd171 Author: Nils Goroll Date: Sun Apr 23 10:42:26 2023 +0200 r02618.vtc: Improve tight client workspace sweep test also cover the case without a response body and check that we actually hit the error conditions which we intent to test. diff --git a/bin/varnishtest/tests/r02618.vtc b/bin/varnishtest/tests/r02618.vtc index 99ebe8206..f3c80e272 100644 --- a/bin/varnishtest/tests/r02618.vtc +++ b/bin/varnishtest/tests/r02618.vtc @@ -11,7 +11,11 @@ varnish v1 -arg "-a ${tmpdir}/v1.sock" -vcl+backend { return (hash); } sub vcl_deliver { - vtc.workspace_alloc(client, -4 * (req.xid - 1001) / 2); + if (req.method == "GET") { + vtc.workspace_alloc(client, -2 * (req.xid - 1001)); + } else if (req.method == "HEAD") { + vtc.workspace_alloc(client, -2 * (req.xid - 1202)); + } } } -start @@ -22,9 +26,22 @@ varnish v1 -cliok "param.set vsl_mask -RespReason,-RespProtocol" varnish v1 -cliok "param.set vsl_mask -Timestamp,-Debug" varnish v1 -cliok "param.set vsl_mask -VCL_call,-VCL_return,-Hit" +logexpect l1 -v v1 -g raw { + expect * * VCL_Error "Attempted negative WS allocation" + expect * * Error "Failure to push v1d processor" + expect * * VCL_Error "Attempted negative WS allocation" + expect * * Error "workspace_client overflow" +} -start + +# some responses will fail (503), some won't. All we care +# about here is the fact that we don't panic client c1 -connect "${tmpdir}/v1.sock" -repeat 100 { txreq -url "/" - # some responses will fail (503), some won't. All we care - # about here is the fact that we don't panic rxresp } -run +client c1 -connect "${tmpdir}/v1.sock" -repeat 100 { + txreq -url "/" -method "HEAD" + rxresp +} -run + +logexpect l1 -wait \ No newline at end of file From nils.goroll at uplex.de Sun Apr 23 09:06:05 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Sun, 23 Apr 2023 09:06:05 +0000 (UTC) Subject: [master] 0c9ec844a r02618.vtc: halve the sweep step Message-ID: <20230423090605.A2E7F63271@lists.varnish-cache.org> commit 0c9ec844a64f32e3371999ea464782d1b96a54b9 Author: Nils Goroll Date: Sun Apr 23 11:05:05 2023 +0200 r02618.vtc: halve the sweep step the 32bit vtesters did not hit all error paths diff --git a/bin/varnishtest/tests/r02618.vtc b/bin/varnishtest/tests/r02618.vtc index f3c80e272..e97d64eae 100644 --- a/bin/varnishtest/tests/r02618.vtc +++ b/bin/varnishtest/tests/r02618.vtc @@ -12,9 +12,9 @@ varnish v1 -arg "-a ${tmpdir}/v1.sock" -vcl+backend { } sub vcl_deliver { if (req.method == "GET") { - vtc.workspace_alloc(client, -2 * (req.xid - 1001)); + vtc.workspace_alloc(client, -1 * (req.xid - 1001)); } else if (req.method == "HEAD") { - vtc.workspace_alloc(client, -2 * (req.xid - 1202)); + vtc.workspace_alloc(client, -1 * (req.xid - 1202)); } } } -start From nils.goroll at uplex.de Mon Apr 24 13:43:06 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 24 Apr 2023 13:43:06 +0000 (UTC) Subject: [master] c9d7a13d6 Use issue form. ref: https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms Message-ID: <20230424134306.B9DFA10FE2E@lists.varnish-cache.org> commit c9d7a13d6c34cb7959154f8a589cf6230e11da45 Author: Shohei Tanaka(@xcir) Date: Wed Apr 19 01:15:17 2023 +0000 Use issue form. ref: https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index 2e578a7f5..d5dda4693 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -1,69 +1,7 @@ - - - -## Expected Behavior - - - - - - -## Current Behavior - - +Bug report is here. +https://github.com/varnishcache/varnish-cache/issues/new?assignees=&labels=&template=bug-report.yml -## Possible Solution - - - -## Steps to Reproduce (for bugs) - - -1. -2. -3. -4. - -## Context - - - -## Your Environment - -* Version used: -* Operating System and version: -* Source of binary packages used (if any) +Questions or need help is here +https://varnish-cache.org/support/index.html +--> diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml new file mode 100644 index 000000000..540332faf --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -0,0 +1,64 @@ +name: Bug report +description: Create a report to help us improve +body: +- type: markdown + attributes: + value: |+ + Did you check that there are no similar bug reports or pull requests? + + If your panic happens in the child_sigsegv_handler function, look at the backtrace to determine whether it is similar to another issue. When in doubt, open a new one and it will be closed as a duplicate if needed. + + If it's a packaging bug (including sysv or systemd services bugs) please open an issue on [varnishcache/pkg-varnish-cache](https://github.com/varnishcache/pkg-varnish-cache) instead. + + If it's a feature request, please start a thread on the [varnish-misc](https://varnish-cache.org/support/index.html#mailing-lists) list instead. + +- type: textarea + attributes: + label: Expected Behavior + placeholder: |+ + If you're describing a bug, tell us what should happen. + If you're suggesting a change/improvement, tell us how it should work. + validations: + required: true +- type: textarea + attributes: + label: Current Behavior + placeholder: |+ + If describing a bug, tell us what happens instead of the expected behavior. + If suggesting a change/improvement, explain the difference from current behavior. + validations: + required: true +- type: textarea + attributes: + label: Possible Solution + placeholder: |+ + Not obligatory, but suggest a fix/reason for the bug, or ideas how to implement the addition or change +- type: textarea + attributes: + label: Steps to Reproduce (for bugs) + placeholder: |+ + Provide a link to a live example, or an unambiguous set of steps to reproduce this bug. Include code to reproduce, if relevant. + 1. + 2. + 3. + 4. +- type: textarea + attributes: + label: Context + placeholder: |+ + How has this issue affected you? What are you trying to accomplish? + Providing context helps us come up with a solution that is most useful in the real world. + validations: + required: true +- type: input + attributes: + label: Varnish Cache version(varnishd -V output) + placeholder: "varnishd (varnish-7.3.0 revision 84d79120b6d17b11819a663a93160743f293e63f)" +- type: input + attributes: + placeholder: Ubuntu22.04 + label: Operating system +- type: input + attributes: + label: Source of binary packages used (if any) + placeholder: https://packagecloud.io/varnishcache/ diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 000000000..3c41b4b1e --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,8 @@ +blank_issues_enabled: false +contact_links: + - name: Getting Help + url: https://varnish-cache.org/support/index.html + about: If you have questions or need help, please click here. + - name: Report a security vulnerability + url: https://varnish-cache.org/security/index.html#i-have-found-a-security-hole + about: Report a security vulnerability. From nils.goroll at uplex.de Mon Apr 24 13:43:06 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 24 Apr 2023 13:43:06 +0000 (UTC) Subject: [master] 240bfc846 Changed from placeholder to use description Message-ID: <20230424134306.CE8E810FE31@lists.varnish-cache.org> commit 240bfc846566f3cdda2e794fa7aaea6b5792d65b Author: Shohei Tanaka Date: Wed Apr 19 17:33:57 2023 +0900 Changed from placeholder to use description diff --git a/.github/ISSUE_TEMPLATE/bug-report.yml b/.github/ISSUE_TEMPLATE/bug-report.yml index 540332faf..eed7e9784 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.yml +++ b/.github/ISSUE_TEMPLATE/bug-report.yml @@ -15,7 +15,7 @@ body: - type: textarea attributes: label: Expected Behavior - placeholder: |+ + description: |+ If you're describing a bug, tell us what should happen. If you're suggesting a change/improvement, tell us how it should work. validations: @@ -23,7 +23,7 @@ body: - type: textarea attributes: label: Current Behavior - placeholder: |+ + description: |+ If describing a bug, tell us what happens instead of the expected behavior. If suggesting a change/improvement, explain the difference from current behavior. validations: @@ -31,13 +31,14 @@ body: - type: textarea attributes: label: Possible Solution - placeholder: |+ + description: |+ Not obligatory, but suggest a fix/reason for the bug, or ideas how to implement the addition or change - type: textarea attributes: label: Steps to Reproduce (for bugs) - placeholder: |+ + description: |+ Provide a link to a live example, or an unambiguous set of steps to reproduce this bug. Include code to reproduce, if relevant. + placeholder: |+ 1. 2. 3. @@ -45,14 +46,16 @@ body: - type: textarea attributes: label: Context - placeholder: |+ + description: |+ How has this issue affected you? What are you trying to accomplish? Providing context helps us come up with a solution that is most useful in the real world. validations: required: true - type: input attributes: - label: Varnish Cache version(varnishd -V output) + label: Varnish Cache version + description: |+ + The version can be obtained by "varnishd -V". placeholder: "varnishd (varnish-7.3.0 revision 84d79120b6d17b11819a663a93160743f293e63f)" - type: input attributes: From nils.goroll at uplex.de Mon Apr 24 13:46:08 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 24 Apr 2023 13:46:08 +0000 (UTC) Subject: [master] 33d09811d vcc_vmod: implement $Restrict feature Message-ID: <20230424134608.A1C7D110330@lists.varnish-cache.org> commit 33d09811dfe3cc597bf9207abc9af7b4dca36a79 Author: Walid Boudebouda Date: Fri Mar 17 17:39:18 2023 +0100 vcc_vmod: implement $Restrict feature This commit implements the $Restrict feature described in https://github.com/varnishcache/varnish-cache/wiki/VIP4%3A-Restrict-VMOD-function-call-sites it offers the ability to restrict vmod functions and methods scope so that they can only be called from limited VCL call sites diff --git a/.gitignore b/.gitignore index 7432b1b94..5762b8a9e 100644 --- a/.gitignore +++ b/.gitignore @@ -58,6 +58,7 @@ cscope.*out /include/vmod_abi.h /include/tbl/vcl_returns.h /include/tbl/vrt_stv_var.h +/include/tbl/vcl_context.h /include/vcs_version.h /lib/libvcc/vcc_fixed_token.c /lib/libvcc/vcc_obj.c diff --git a/bin/varnishtest/tests/m00055.vtc b/bin/varnishtest/tests/m00055.vtc new file mode 100644 index 000000000..39172c16c --- /dev/null +++ b/bin/varnishtest/tests/m00055.vtc @@ -0,0 +1,59 @@ +varnishtest "Test $Restrict scope" + +feature topbuild + +server s1 { + rxreq + txresp +} -start + + +varnish v1 -arg "-pvmod_path=${tmpdir}" -vcl+backend {} -start + + +filewrite ${tmpdir}/libvmod_wrong.so "VMOD_JSON_SPEC\x02" +filewrite -a ${tmpdir}/libvmod_wrong.so { +[ + [ + "$VMOD", + "1.0", + "wrong", + "Vmod_vmod_wrong_Func", + "0000000000000000000000000000000000000000000000000000000000000000", + "0000000000000000000000000000000000000000000000000000000000000000", + "17", + "0" + ], + [ + "$CPROTO", + "struct Vmod_vmod_wrong_Func {", + "", + "}" + ], + [ + "$FUNC", + "test", + [ + [ + "VOID" + ], + "Vmod_vmod_wrong_Func.test", + "" + ] + ], + [ + "$RESTRICT", + [ + "vcl_recv", + "foo", + "deliver" + ] + ] +] +} + +filewrite -a ${tmpdir}/libvmod_wrong.so "\x03" + +varnish v1 -errvcl {invalid scope for $Restrict: foo} { import wrong; } + +shell "rm -f ${tmpdir}/libvmod_wrong.so ${tmpdir}wrong.vcl" diff --git a/doc/sphinx/reference/vmod.rst b/doc/sphinx/reference/vmod.rst index a4437396d..1273277b2 100644 --- a/doc/sphinx/reference/vmod.rst +++ b/doc/sphinx/reference/vmod.rst @@ -264,6 +264,19 @@ managing instances, in particular their memory management. As the lifetime of object instances is the vcl, they will usually be allocated from the heap. +Functions and Methods scope restriction +--------------------------------------- + +The ``$Restrict`` stanza offers a way to limit the scope of the preceding vmod function +or method, so that they can only be called from restricted vcl call sites. +It must only appear after a ``$Method`` or ``$Function`` and has the following syntax:: + + $Restrict scope1 [scope2 ...] + +Possible scope values are: +backend, client, housekeeping, recv, pipe, pass, hash, purge, miss, hit, +deliver, synth, backend_fetch, backend_response, backend_error, init, fini + Deprecated Aliases ------------------ diff --git a/include/Makefile.am b/include/Makefile.am index 0db210f5b..0fa196b39 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -35,6 +35,7 @@ nobase_pkginclude_HEADERS = \ tbl/symbol_kind.h \ tbl/vcc_feature_bits.h \ tbl/vcl_returns.h \ + tbl/vcl_context.h \ tbl/vcl_states.h \ tbl/vhd_fsm.h \ tbl/vhd_fsm_funcs.h \ diff --git a/lib/libvcc/generate.py b/lib/libvcc/generate.py index 2199f6a07..84790e347 100755 --- a/lib/libvcc/generate.py +++ b/lib/libvcc/generate.py @@ -708,6 +708,20 @@ fo.close() ####################################################################### +fo = open(join(buildroot, "include/tbl/vcl_context.h"), "w") +file_header(fo) + +for i in returns: + fo.write("\nVCL_CTX(vcl_%s,%s)" % (i[0],i[0].upper())) +fo.write("\nVCL_CTX(backend, TASK_B)") +fo.write("\nVCL_CTX(client, TASK_C)") +fo.write("\nVCL_CTX(housekeeping, TASK_H)") +fo.write("\n") +fo.write("\n#undef VCL_CTX") +fo.write("\n") +fo.close() + +####################################################################### def restrict(fo, spec): d = dict() diff --git a/lib/libvcc/vcc_vmod.c b/lib/libvcc/vcc_vmod.c index b4804cfff..e998da061 100644 --- a/lib/libvcc/vcc_vmod.c +++ b/lib/libvcc/vcc_vmod.c @@ -547,6 +547,7 @@ vcc_ParseImport(struct vcc *tl) msym->import = vsym->import; msym->vmod_name = vsym->vmod_name; vcc_VmodSymbols(tl, msym); + AZ(tl->err); // XXX: insert msym in sideways ? vcc_vim_destroy(&vim); return; @@ -559,6 +560,7 @@ vcc_ParseImport(struct vcc *tl) msym->import = vim; msym->vmod_name = TlDup(tl, vim->name); vcc_VmodSymbols(tl, msym); + ERRCHK(tl); vcc_emit_setup(tl, vim); } diff --git a/lib/libvcc/vcc_vmod.h b/lib/libvcc/vcc_vmod.h index 1fe6e5360..a1084c2f5 100644 --- a/lib/libvcc/vcc_vmod.h +++ b/lib/libvcc/vcc_vmod.h @@ -35,6 +35,7 @@ STANZA(FUNC, func, SYM_FUNC) \ STANZA(METHOD, method, SYM_METHOD) \ STANZA(OBJ, obj, SYM_OBJECT) \ - STANZA(VMOD, vmod, SYM_NONE) + STANZA(VMOD, vmod, SYM_NONE) \ + STANZA(RESTRICT, restrict, SYM_NONE) void vcc_VmodSymbols(struct vcc *tl, const struct symbol *sym); diff --git a/lib/libvcc/vcc_vmod_sym.c b/lib/libvcc/vcc_vmod_sym.c index ee30197b9..2b585ef00 100644 --- a/lib/libvcc/vcc_vmod_sym.c +++ b/lib/libvcc/vcc_vmod_sym.c @@ -107,9 +107,49 @@ alias_sym(struct vcc *tl, const struct symbol *psym, const struct vjsn_val *v) free(func); } +static void +func_restrict(struct vcc *tl, struct symbol *sym, vcc_kind_t kind, const struct vjsn_val *v) +{ + struct vjsn_val *vv; + + AN(v); + AN(sym); + + if (kind != SYM_FUNC && kind != SYM_METHOD) + return; + + v = VTAILQ_NEXT(v, list); + if (!v || !vjsn_is_array(v)) + return; + vv = VTAILQ_FIRST(&v->children); + AN(vv); + assert(vjsn_is_string(vv)); + if (strcmp(vv->value, "$RESTRICT")) + return; + vv = VTAILQ_NEXT(vv, list); + AN(vv); + assert(vjsn_is_array(vv)); + sym->r_methods = 0; + vv = VTAILQ_FIRST(&vv->children); + unsigned s; + while (vv) { + s = 0; + #define VCL_CTX(l,H) \ + if (strcmp(vv->value,#l) == 0) s = VCL_MET_##H; + #include "tbl/vcl_context.h" + if (!s) { + VSB_printf(tl->sb, "Error in vmod \"%s\", invalid scope for $Restrict: %s\n",sym->vmod_name, vv->value); + tl->err = 1; + break; + } + sym->r_methods |= s; + vv = VTAILQ_NEXT(vv,list); + } +} + static void func_sym(struct vcc *tl, vcc_kind_t kind, const struct symbol *psym, - const struct vjsn_val *v) + const struct vjsn_val *v, const struct vjsn_val *vv) { struct symbol *sym; struct vsb *buf; @@ -155,6 +195,7 @@ func_sym(struct vcc *tl, vcc_kind_t kind, const struct symbol *psym, sym->type = VCC_Type(v->value); AN(sym->type); sym->r_methods = VCL_MET_TASK_ALL; + func_restrict(tl, sym, kind, vv); } void @@ -188,8 +229,10 @@ vcc_VmodSymbols(struct vcc *tl, const struct symbol *sym) #define STANZA(UU, ll, ss) if (!strcmp(vv1->value, "$" #UU)) kind = ss; STANZA_TBL #undef STANZA - if (kind != SYM_NONE) - func_sym(tl, kind, sym, vv2); + if (kind != SYM_NONE) { + func_sym(tl, kind, sym, vv2, vv); + ERRCHK(tl); + } } } diff --git a/lib/libvcc/vmodtool.py b/lib/libvcc/vmodtool.py index 8f102d2cd..270e64cb5 100755 --- a/lib/libvcc/vmodtool.py +++ b/lib/libvcc/vmodtool.py @@ -714,6 +714,7 @@ class FunctionStanza(Stanza): self.proto = ProtoType(self) self.rstlbl = '%s.%s()' % (self.vcc.modname, self.proto.name) self.vcc.contents.append(self) + self.restrict = None def cstuff(self, fo, where): fo.write(self.proto.cproto(['VRT_CTX'], where)) @@ -721,9 +722,17 @@ class FunctionStanza(Stanza): def cstruct(self, fo, define): self.fmt_cstruct_proto(fo, self.proto, define) + def rstdoc(self, fo, unused_man): + super().rstdoc(fo,unused_man) + if (self.restrict is not None): + fo.write("\nRestricted to: ``%s``\n\n" % ', '.join(self.restrict.restrict_toks)) + self.restrict.rstdoc(fo, unused_man) + def json(self, jl): jl.append(["$FUNC", "%s" % self.proto.name]) self.proto.jsonproto(jl[-1], self.proto.cname()) + if (self.restrict is not None): + self.restrict.json(jl) class ObjectStanza(Stanza): @@ -830,13 +839,47 @@ class MethodStanza(Stanza): self.proto.obj = "x" + self.pfx self.rstlbl = 'x%s()' % self.proto.name p.methods.append(self) + self.restrict = None def cstruct(self, fo, define): self.fmt_cstruct_proto(fo, self.proto, define) + def rstdoc(self, fo, unused_man): + super().rstdoc(fo,unused_man) + if (self.restrict is not None): + fo.write("\nRestricted to: ``%s``\n\n" % ', '.join(self.restrict.restrict_toks)) + self.restrict.rstdoc(fo, unused_man) + def json(self, jl): jl.append(["$METHOD", self.proto.name[len(self.pfx)+1:]]) self.proto.jsonproto(jl[-1], self.proto.cname()) + if (self.restrict is not None): + self.restrict.json(jl) + + +class RestrictStanza(Stanza): + + ''' $Restrict scope1 [scope2 ..] ''' + + def parse(self): + if len(self.toks) < 2: + self.syntax() + p = self.vcc.contents[-1] + if (isinstance(p, ObjectStanza)): + if(p.methods): + p.methods[-1].restrict = self + else: + err("$Restrict should be after $Method or $Function", False) + elif (isinstance(p, FunctionStanza)): + p.restrict = self + else : + err("$Restrict should be after $Method or $Function", False) + self.restrict_toks = self.toks[1:] + + def json(self, jl): + tab = ["$RESTRICT"] + tab.append(self.restrict_toks) + jl.append(tab) class AliasStanza(Stanza): @@ -898,6 +941,7 @@ DISPATCH = { "Method": MethodStanza, "Synopsis": SynopsisStanza, "Alias": AliasStanza, + "Restrict": RestrictStanza, } From nils.goroll at uplex.de Mon Apr 24 13:46:08 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 24 Apr 2023 13:46:08 +0000 (UTC) Subject: [master] 0ad2601bd vmod_debug: use $Restrict where relevant and add tests Message-ID: <20230424134608.C986B110333@lists.varnish-cache.org> commit 0ad2601bd252b354eecb8512bb3376fd21f29716 Author: Walid Boudebouda Date: Fri Mar 17 18:03:11 2023 +0100 vmod_debug: use $Restrict where relevant and add tests diff --git a/bin/varnishtest/tests/v00043.vtc b/bin/varnishtest/tests/v00043.vtc index 1a3d9e0e7..49edc6b1a 100644 --- a/bin/varnishtest/tests/v00043.vtc +++ b/bin/varnishtest/tests/v00043.vtc @@ -98,10 +98,7 @@ varnish v1 -cliok "param.set debug +syncvsl" -vcl+backend { } sub vcl_backend_fetch { - if (bereq.url == "/fail") { - # dynamic priv not checked at compile time - o2.test_priv_top("only works on client side"); - } + } sub vcl_backend_response { @@ -126,8 +123,3 @@ client c1 { varnish v1 -expect client_req == 2 -client c2 { - txreq -url /fail - rxresp - expect resp.status == 503 -} -run diff --git a/bin/varnishtest/tests/v00051.vtc b/bin/varnishtest/tests/v00051.vtc index db7d2e887..d081a1f60 100644 --- a/bin/varnishtest/tests/v00051.vtc +++ b/bin/varnishtest/tests/v00051.vtc @@ -538,3 +538,30 @@ logexpect l1 -v v1 -g raw { varnish v1 -cliok "vcl.discard vcl10" logexpect l1 -wait + +####################################################################### +# Fail vcl - debug.client_ip function restricted to client and backend + +varnish v1 -errvcl {Not available in subroutine 'vcl_init'} { + import debug; + + sub vcl_init { + debug.client_ip(); + } +} + +####################################################################### +# Fail vcl - obj.test_priv_top method restricted to client + +varnish v1 -errvcl {Not available in subroutine 'vcl_backend_response'} { + import debug; + + sub vcl_init { + new test_obj = debug.obj("bar"); + } + + sub vcl_backend_response { + set beresp.http.foo = test_obj.test_priv_top(); + } +} + diff --git a/vmod/vmod_debug.vcc b/vmod/vmod_debug.vcc index fbeebd214..f9427a62f 100644 --- a/vmod/vmod_debug.vcc +++ b/vmod/vmod_debug.vcc @@ -123,6 +123,8 @@ $Method STRING .test_priv_top(STRING s="") Test per-object priv_top via VRT_priv_top() +$Restrict client + $Function VOID rot104() Try to register the rot52 filter again. This should always fail @@ -285,6 +287,8 @@ $Function VOID catflap(ENUM {miss, first, last} type) Test the HSH_Lookup catflap +$Restrict client + $Function BYTES stk() Return an approximation of the amount of stack used. @@ -294,6 +298,8 @@ should now only be used for diagnostic purposes. 0B is returned if no sensible value can be determined. +$Restrict client + $Function VOID vcl_prevent_cold(PRIV_VCL) Prevent VCL from going cold. @@ -316,6 +322,8 @@ Set the client socket' send buffer size to *sndbuf*. The previous, desired and actual values appear in the logs. Not currently implemented for backend transactions. +$Restrict client backend + $Function VOID store_ip(IP) Store an IP address to be later found by ``debug.get_ip()`` in the same @@ -336,10 +344,14 @@ $Function STRING client_ip() Get the stringified client ip from the session attr +$Restrict client backend + $Function STRING client_port() Get the stringified client port from the session attr +$Restrict client backend + $Function VOID fail_task_fini() fail any task fini before ok_task_fini() is called From nils.goroll at uplex.de Mon Apr 24 13:46:08 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 24 Apr 2023 13:46:08 +0000 (UTC) Subject: [master] 0d2fe019f vmod_unix: restrict all $Functions to client and backend Message-ID: <20230424134608.F38D111033B@lists.varnish-cache.org> commit 0d2fe019f9bf65a3283325425539d46d4466f8e0 Author: Walid Boudebouda Date: Thu Mar 9 09:48:23 2023 +0100 vmod_unix: restrict all $Functions to client and backend diff --git a/vmod/tests/unix_c00000.vtc b/vmod/tests/unix_c00000.vtc index 9298f9d7a..723ee99e1 100644 --- a/vmod/tests/unix_c00000.vtc +++ b/vmod/tests/unix_c00000.vtc @@ -58,7 +58,7 @@ logexpect l1 -v v1 -d 1 -c { } -run -varnish v1 -errvcl {vmod unix failure: may not be called in vcl_init or vcl_fini} { +varnish v1 -errvcl {Not available in subroutine 'vcl_init'} { import unix; import std; backend b None; @@ -68,7 +68,7 @@ varnish v1 -errvcl {vmod unix failure: may not be called in vcl_init or vcl_fini } } -varnish v1 -errvcl {vmod unix failure: may not be called in vcl_init or vcl_fini} { +varnish v1 -errvcl {Not available in subroutine 'vcl_init'} { import unix; import std; backend b None; @@ -78,7 +78,7 @@ varnish v1 -errvcl {vmod unix failure: may not be called in vcl_init or vcl_fini } } -varnish v1 -errvcl {vmod unix failure: may not be called in vcl_init or vcl_fini} { +varnish v1 -errvcl {Not available in subroutine 'vcl_init'} { import unix; import std; backend b None; @@ -88,7 +88,7 @@ varnish v1 -errvcl {vmod unix failure: may not be called in vcl_init or vcl_fini } } -varnish v1 -errvcl {vmod unix failure: may not be called in vcl_init or vcl_fini} { +varnish v1 -errvcl {Not available in subroutine 'vcl_init'} { import unix; import std; backend b None; diff --git a/vmod/vmod_unix.c b/vmod/vmod_unix.c index 1edfca9d5..18b1d70ce 100644 --- a/vmod/vmod_unix.c +++ b/vmod/vmod_unix.c @@ -49,9 +49,6 @@ #define VERR(ctx, fmt, ...) \ VSLb((ctx)->vsl, SLT_VCL_Error, "vmod unix error: " fmt, __VA_ARGS__) -#define FAILNOINIT(ctx) \ - FAIL((ctx), "may not be called in vcl_init or vcl_fini") - #define ERRNOTUDS(ctx) \ ERR((ctx), "not listening on a Unix domain socket") @@ -93,10 +90,7 @@ vmod_##func(VRT_CTX) \ int ret; \ \ CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC); \ - if ((ctx->method & VCL_MET_TASK_H) != 0) { \ - FAILNOINIT(ctx); \ - return (-1); \ - } \ + AZ(ctx->method & VCL_MET_TASK_H); \ \ sp = get_sp(ctx); \ if (!sp->listen_sock->uds) { \ diff --git a/vmod/vmod_unix.vcc b/vmod/vmod_unix.vcc index a7e6de913..b88c2326e 100644 --- a/vmod/vmod_unix.vcc +++ b/vmod/vmod_unix.vcc @@ -67,18 +67,26 @@ $Function STRING user() Return the user name of the peer process owner. +$Restrict client backend + $Function STRING group() Return the group name of the peer process owner. +$Restrict client backend + $Function INT uid() Return the numeric user id of the peer process owner. +$Restrict client backend + $Function INT gid() Return the numeric group id of the peer process owner. +$Restrict client backend + ERRORS ====== From nils.goroll at uplex.de Mon Apr 24 13:46:09 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 24 Apr 2023 13:46:09 +0000 (UTC) Subject: [master] 7cd8cca07 vmod_proxy: restrict all $Functions to client context Message-ID: <20230424134609.2005D110348@lists.varnish-cache.org> commit 7cd8cca07743def39ca16bd47bd86a362eada819 Author: Walid Boudebouda Date: Thu Mar 9 09:51:25 2023 +0100 vmod_proxy: restrict all $Functions to client context Since all functions of vmod_proxy use ctx->req, they should then be restricted to client context only diff --git a/vmod/vmod_proxy.vcc b/vmod/vmod_proxy.vcc index 603456e1c..46787dc06 100644 --- a/vmod/vmod_proxy.vcc +++ b/vmod/vmod_proxy.vcc @@ -45,6 +45,8 @@ Example:: set req.http.alpn = proxy.alpn(); +$Restrict client + $Function STRING authority() Extract authority attribute. This corresponds to SNI from a TLS @@ -54,6 +56,8 @@ Example:: set req.http.authority = proxy.authority(); +$Restrict client + $Function BOOL is_ssl() Report if proxy-protocol-v2 has SSL TLV. @@ -64,16 +68,22 @@ Example:: set req.http.ssl-version = proxy.ssl_version(); } +$Restrict client + $Function BOOL client_has_cert_sess() Report if the client provided a certificate at least once over the TLS session this connection belongs to. +$Restrict client + $Function BOOL client_has_cert_conn() Report if the client provided a certificate over the current connection. +$Restrict client + $Function INT ssl_verify_result() Report the SSL_get_verify_result from a TLS session. It only matters @@ -86,6 +96,8 @@ Example:: set req.http.ssl-verify = "ok"; } +$Restrict client + $Function STRING ssl_version() Extract SSL version attribute. @@ -94,6 +106,8 @@ Example:: set req.http.ssl-version = proxy.ssl_version(); +$Restrict client + $Function STRING client_cert_cn() Extract the common name attribute of the client certificate's. @@ -101,6 +115,8 @@ Extract the common name attribute of the client certificate's. Example:: set req.http.cert-cn = proxy.client_cert_cn(); +$Restrict client + $Function STRING ssl_cipher() Extract the SSL cipher attribute. @@ -109,6 +125,8 @@ Example:: set req.http.ssl-cipher = proxy.ssl_cipher(); +$Restrict client + $Function STRING cert_sign() Extract the certificate signature algorithm attribute. @@ -117,6 +135,8 @@ Example:: set req.http.cert-sign = proxy.cert_sign(); +$Restrict client + $Function STRING cert_key() Extract the certificate key algorithm attribute. @@ -125,6 +145,8 @@ Example:: set req.http.cert-key = proxy.cert_key(); +$Restrict client + SEE ALSO ======== From nils.goroll at uplex.de Mon Apr 24 13:46:09 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 24 Apr 2023 13:46:09 +0000 (UTC) Subject: [master] acf3b946e vmod_purge: restrict to hit and miss Message-ID: <20230424134609.43F41110373@lists.varnish-cache.org> commit acf3b946e7f287cde86075d02c9e84b767226370 Author: Walid Boudebouda Date: Thu Mar 9 11:31:33 2023 +0100 vmod_purge: restrict to hit and miss Both $Functions call VRT_purge which fails if not called from vcl_hit or vcl_miss diff --git a/bin/varnishtest/tests/r02339.vtc b/bin/varnishtest/tests/r02339.vtc index d4d06e859..60848137d 100644 --- a/bin/varnishtest/tests/r02339.vtc +++ b/bin/varnishtest/tests/r02339.vtc @@ -9,47 +9,13 @@ varnish v1 -cliok "param.set thread_pools 1" varnish v1 -cliok "param.set vsl_mask +ExpKill" varnish v1 -vcl+backend { import purge; - import vtc; - sub vcl_recv { - if (req.url == "recv") { purge.hard(); } - if (req.url == "pass") { return (pass); } - if (req.url == "purge") { return (purge); } - if (req.url == "synth") { return (synth(200)); } - } - sub vcl_hash { - if (req.url == "hash") { purge.hard(); } - } sub vcl_miss { if (req.url == "miss") { purge.hard(); } } sub vcl_hit { if (req.url == "hit") { purge.hard(); } } - sub vcl_purge { - if (req.url == "purge") { purge.hard(); } - } - sub vcl_pass { - if (req.url == "pass") { purge.hard(); } - } - sub vcl_deliver { - if (req.url == "deliver") { purge.hard(); } - } - sub vcl_synth { - if (req.url == "synth") { purge.hard(); } - } - sub vcl_backend_fetch { - if (bereq.url == "fetch") { purge.hard(); } - if (bereq.url == "error") { - set bereq.backend = vtc.no_backend(); - } - } - sub vcl_backend_error { - if (bereq.url == "error") { purge.hard(); } - } - sub vcl_backend_response { - if (bereq.url == "response") { purge.hard(); } - } } -start varnish v1 -cliok "param.set timeout_idle 2" @@ -70,34 +36,6 @@ logexpect l1 -v v1 { expect * 1004 VCL_call MISS expect 0 = VCL_return fetch - expect * 1007 VCL_call RECV - expect 0 = VCL_Error purge - expect 0 = VCL_return fail - - expect * 1009 VCL_call HASH - expect 0 = VCL_Error purge - expect 0 = VCL_return fail - - expect * 1011 VCL_call PURGE - expect 0 = VCL_Error purge - - expect * 1013 VCL_call PASS - expect 0 = VCL_Error purge - - expect * 1015 VCL_call DELIVER - expect 0 = VCL_Error purge - - expect * 1018 VCL_call SYNTH - expect 0 = VCL_Error purge - - expect * 1021 VCL_call BACKEND_FETCH - expect 0 = VCL_Error purge - - expect * 1024 VCL_call BACKEND_ERROR - expect 0 = VCL_Error purge - - expect * 1027 VCL_call BACKEND_RESPONSE - expect 0 = VCL_Error purge } -start client c1 { @@ -117,67 +55,58 @@ client c1 { logexpect l0 -wait logexpect l2 -wait -client c1 { - txreq -url recv - rxresp - expect resp.status == 503 - expect_close -} -run +varnish v1 -errvcl "Not available in subroutine 'vcl_purge'" { + import purge; -client c1 { - txreq -url hash - rxresp - expect resp.status == 503 - expect_close -} -run + sub vcl_purge { + if (req.url == "purge") { purge.hard(); } + } +} -client c1 { - txreq -url purge - rxresp - expect resp.status == 503 - expect_close -} -run +varnish v1 -errvcl "Not available in subroutine 'vcl_pass'" { + import purge; -client c1 { - txreq -url pass - rxresp - expect resp.status == 503 - expect_close -} -run + sub vcl_pass { + if (req.url == "pass") { purge.hard(); } + } +} -client c1 { - txreq -url deliver - rxresp - expect resp.status == 503 - expect_close -} -run +varnish v1 -errvcl "Not available in subroutine 'vcl_deliver'" { + import purge; -client c1 { - txreq -url synth - rxresp - expect resp.status == 500 - expect_close -} -run + sub vcl_deliver { + if (req.url == "deliver") { purge.hard(); } + } +} -client c1 { - txreq -url fetch - rxresp - expect resp.status == 503 - expect_close -} -run +varnish v1 -errvcl "Not available in subroutine 'vcl_synth'" { + import purge; -client c1 { - txreq -url error - rxresp - expect resp.status == 503 - expect_close -} -run + sub vcl_synth { + if (req.url == "synth") { purge.hard(); } + } +} -client c1 { - txreq -url response - rxresp - expect resp.status == 503 - expect_close -} -run +varnish v1 -errvcl "Not available in subroutine 'vcl_backend_fetch'" { + import purge; + + sub vcl_backend_fetch { + if (bereq.url == "fetch") { purge.hard(); } + } +} -logexpect l1 -wait +varnish v1 -errvcl "Not available in subroutine 'vcl_backend_error'" { + import purge; + + sub vcl_backend_error { + if (bereq.url == "error") { purge.hard(); } + } +} + +varnish v1 -errvcl "Not available in subroutine 'vcl_backend_response'" { + import purge; + + sub vcl_backend_response { + if (bereq.url == "response") { purge.hard(); } + } +} \ No newline at end of file diff --git a/vmod/vmod_purge.vcc b/vmod/vmod_purge.vcc index fd320f816..dc55a7f30 100644 --- a/vmod/vmod_purge.vcc +++ b/vmod/vmod_purge.vcc @@ -94,6 +94,8 @@ Example:: set req.http.purged = purge.hard(); +$Restrict vcl_hit vcl_miss + $Function INT soft(DURATION ttl = 0, DURATION grace = -1, DURATION keep = -1) Sets the *ttl*, *grace* and *keep*. @@ -101,9 +103,9 @@ Sets the *ttl*, *grace* and *keep*. By default, *ttl* is set to 0 with *grace* and *keep* periods left untouched. Setting a negative value for *grace* or *keep* periods leaves them untouched. Setting all three parameters to ``0`` is -equivalent to a hard purge. It can only be called from ``vcl_hit{}`` -or ``vcl_miss{}``. It returns the number of soft-purged objects. +equivalent to a hard purge. It returns the number of soft-purged objects. +$Restrict vcl_hit vcl_miss SEE ALSO ======== From nils.goroll at uplex.de Mon Apr 24 13:46:09 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 24 Apr 2023 13:46:09 +0000 (UTC) Subject: [master] 0073245e1 vmod_directors: restrict methods and functions Message-ID: <20230424134609.792601103A4@lists.varnish-cache.org> commit 0073245e1fc8c5e7f8336a8112984c4c8bc80138 Author: Walid Boudebouda Date: Thu Mar 9 14:53:21 2023 +0100 vmod_directors: restrict methods and functions diff --git a/bin/varnishtest/tests/b00016.vtc b/bin/varnishtest/tests/b00016.vtc index af3627f52..c7ea39939 100644 --- a/bin/varnishtest/tests/b00016.vtc +++ b/bin/varnishtest/tests/b00016.vtc @@ -9,9 +9,6 @@ varnish v1 -vcl+backend { import directors; sub vcl_recv { - if (req.url == "/lookup") { - set req.http.foo = directors.lookup("s1"); - } return (pass); } @@ -24,10 +21,6 @@ client c1 { txreq -url "/" rxresp expect resp.http.X-Backend-Name == "s1" - txreq -url "/lookup" - rxresp - expect resp.status == 503 - expect resp.reason == "VCL failed" } -run varnish v1 -vcl+backend { @@ -55,3 +48,17 @@ client c1 { expect resp.http.X-Director-Name == "bar" expect resp.http.X-Backend-Name == "s1" } -run + +varnish v1 -errvcl "Not available in subroutine 'vcl_recv'" { + import directors; + + backend dummy None; + + sub vcl_recv { + if (req.url == "/lookup") { + set req.http.foo = directors.lookup("s1"); + } + return (pass); + } + +} diff --git a/vmod/tests/directors_c00015.vtc b/vmod/tests/directors_c00015.vtc index 9238f83c0..12af48d03 100644 --- a/vmod/tests/directors_c00015.vtc +++ b/vmod/tests/directors_c00015.vtc @@ -16,8 +16,6 @@ varnish v1 -vcl { if (req.url == "/1") { set req.backend_hint = shard.backend( param=blob.decode(HEX, encoded="")); - } else if (req.url == "/2") { - p.set(by=HASH); } } } -start @@ -30,9 +28,6 @@ logexpect l1 -v v1 -g raw -d 1 { logexpect l2 -v v1 -g raw { expect * 1001 VCL_Error {vmod_directors: shard shard: .backend.key_blob. param invalid} } -start -logexpect l3 -v v1 -g raw { - expect * 1003 VCL_Error {vmod_directors: shard p: shard_param.set.. may only be used in vcl_init and in backend/pipe context} -} -start client c1 { txreq -url "/1" @@ -41,15 +36,8 @@ client c1 { expect_close } -run -client c1 { - txreq -url "/2" - rxresp - expect resp.status == 503 - expect_close -} -run logexpect l2 -wait -logexpect l3 -wait varnish v1 -errvcl {shard .associate param invalid} { import directors; @@ -206,3 +194,22 @@ varnish v1 -errvcl {vmod_directors: shard shard: .remove_backend(): either backe shard.remove_backend(); } } + +varnish v1 -errvcl "Not available in subroutine 'vcl_recv'" { + import directors; + import blob; + + backend dummy None; + + sub vcl_init { + new shard = directors.shard(); + new p = directors.shard_param(); + p.set(by=BLOB, key_blob=blob.decode(HEX, encoded="")); + } + + sub vcl_recv { + if (req.url == "/2") { + p.set(by=HASH); + } + } +} diff --git a/vmod/vmod_directors.c b/vmod/vmod_directors.c index 7f429c9cc..6488ff7ba 100644 --- a/vmod/vmod_directors.c +++ b/vmod/vmod_directors.c @@ -48,12 +48,7 @@ VCL_BACKEND VPFX(lookup)(VRT_CTX, VCL_STRING name) { - if ((ctx->method & VCL_MET_TASK_H) == 0) { - VRT_fail(ctx, - "lookup() may only be called from vcl_init / vcl_fini"); - return (NULL); - } - + AN(ctx->method & VCL_MET_TASK_H); return (VRT_LookupDirector(ctx, name)); } diff --git a/vmod/vmod_directors.vcc b/vmod/vmod_directors.vcc index 70474cdc0..d51f9535e 100644 --- a/vmod/vmod_directors.vcc +++ b/vmod/vmod_directors.vcc @@ -650,7 +650,7 @@ Reset the parameter set to default values as documented for * backend context and in ``vcl_pipe {}``, resets the parameter set for this backend request to the VCL defaults -This method may not be used in client context other than ``vcl_pipe {}``. +$Restrict vcl_pipe backend housekeeping $Method VOID .set( [ ENUM {HASH, URL, KEY, BLOB} by ], @@ -670,7 +670,7 @@ Change the given parameters of a parameter set as documented for for this backend request, keeping the defaults set for this VCL for unspecified arguments. -This method may not be used in client context other than ``vcl_pipe {}``. +$Restrict vcl_pipe backend housekeeping $Method STRING .get_by() @@ -706,16 +706,16 @@ shard director using this parameter object would use. See $Method BLOB .use() -This method may only be used in backend context and in ``vcl_pipe {}``. - For use with the *param* argument of `xshard.backend()`_ to associate this shard parameter set with a shard director. +$Restrict vcl_pipe backend housekeeping + $Function BACKEND lookup(STRING) Lookup a backend by its name. -This function can only be used from ``vcl_init{}`` and ``vcl_fini{}``. +$Restrict housekeeping ACKNOWLEDGEMENTS ================ From nils.goroll at uplex.de Mon Apr 24 13:46:09 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 24 Apr 2023 13:46:09 +0000 (UTC) Subject: [master] 478e310a7 vmod_std: use $Restrict where relevant Message-ID: <20230424134609.A19341103B8@lists.varnish-cache.org> commit 478e310a7d2c168e1c361d6f34291177cbc2a889 Author: Walid Boudebouda Date: Fri Mar 17 17:11:39 2023 +0100 vmod_std: use $Restrict where relevant diff --git a/bin/varnishtest/tests/c00055.vtc b/bin/varnishtest/tests/c00055.vtc index e5609f35d..048421967 100644 --- a/bin/varnishtest/tests/c00055.vtc +++ b/bin/varnishtest/tests/c00055.vtc @@ -17,9 +17,7 @@ varnish v1 -vcl+backend { import std; sub vcl_recv { - if (req.url != "/wrong-sub") { - set req.http.stored = std.cache_req_body(1KB); - } + set req.http.stored = std.cache_req_body(1KB); return (pass); } @@ -30,15 +28,6 @@ varnish v1 -vcl+backend { set resp.http.stored = req.http.stored; } - sub vcl_backend_fetch { - if (bereq.url == "/wrong-sub") { - if (std.cache_req_body(1KB)) { - return (error(200)); - } else { - return (error(503)); - } - } - } } -start varnish v1 -cliok "param.set debug +syncvsl" @@ -63,13 +52,6 @@ client c2 { logexpect l1 -wait -# wrong calling context -client c3 { - txreq -url "/wrong-sub" - rxresp - expect resp.status == 503 -} -run - delay .1 varnish v1 -expect MGT.child_died == 0 @@ -92,13 +74,3 @@ client c5 { txreq -req POST -hdr "Content-Length: 1025" expect_close } -run - -varnish v1 -errvcl {req.body can only be cached in vcl_recv} { - import std; - backend none none; - sub vcl_init { - if (! std.cache_req_body(1KB)) { - return (fail); - } - } -} diff --git a/vmod/tests/std_c00001.vtc b/vmod/tests/std_c00001.vtc index 57158b020..66d931b25 100644 --- a/vmod/tests/std_c00001.vtc +++ b/vmod/tests/std_c00001.vtc @@ -358,7 +358,7 @@ varnish v1 -errvcl {Not available in subroutine 'vcl_pipe'} { # We would want to remove req from vcl_pipe, but that could break # vmods, so we fail specifically at runtime -varnish v1 -vcl { +varnish v1 -errvcl {Not available in subroutine 'vcl_pipe'} { import std; backend proforma None; @@ -371,9 +371,3 @@ varnish v1 -vcl { } } -client c7 { - txreq -url / - rxresp - expect resp.status == 503 - expect resp.reason == "VCL failed" -} -run diff --git a/vmod/vmod_std.c b/vmod/vmod_std.c index 14932b0ef..72f84e9ef 100644 --- a/vmod/vmod_std.c +++ b/vmod/vmod_std.c @@ -270,12 +270,7 @@ VCL_VOID v_matchproto_(td_std_late_100_continue) vmod_late_100_continue(VRT_CTX, VCL_BOOL late) { CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC); - if (ctx->method != VCL_MET_RECV) { - VSLb(ctx->vsl, SLT_VCL_Error, - "std.late_100_continue() only valid in vcl_recv{}"); - return; - } - + AN(ctx->method & VCL_MET_RECV); CHECK_OBJ_NOTNULL(ctx->req, REQ_MAGIC); if (ctx->req->want100cont) ctx->req->late100cont = late; diff --git a/vmod/vmod_std.vcc b/vmod/vmod_std.vcc index 04130136d..47f319b4d 100644 --- a/vmod/vmod_std.vcc +++ b/vmod/vmod_std.vcc @@ -521,6 +521,8 @@ Example:: ... } +$Restrict vcl_recv + $Function VOID late_100_continue(BOOL late) Controls when varnish reacts to an ``Expect: 100-continue`` client @@ -555,6 +557,8 @@ Example:: ... } +$Restrict vcl_recv + $Function VOID set_ip_tos(INT tos) Sets the Differentiated Services Codepoint (DSCP) / IPv4 Type of @@ -572,6 +576,8 @@ Example:: std.set_ip_tos(0); } +$Restrict client + $Function VOID rollback(HTTP h) Restores the *h* HTTP headers to their original state. @@ -580,6 +586,8 @@ Example:: std.rollback(bereq); +$Restrict backend vcl_recv vcl_pass vcl_hash vcl_purge vcl_miss vcl_hit vcl_deliver vcl_synth + $Function BOOL ban(STRING) Invalidates all objects in cache that match the given expression with From nils.goroll at uplex.de Mon Apr 24 13:55:07 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 24 Apr 2023 13:55:07 +0000 (UTC) Subject: [master] de11d7d9e h2: Relax "no //" URLs requirement Message-ID: <20230424135507.26541111258@lists.varnish-cache.org> commit de11d7d9e898a5668d3d5dc9e7eb55fc826b40da Author: Dag Haavi Finstad Date: Mon Apr 3 10:26:51 2023 +0200 h2: Relax "no //" URLs requirement This requirement was dropped in the updated rfc 9113. Fixes: #3911 diff --git a/bin/varnishd/http2/cache_http2_hpack.c b/bin/varnishd/http2/cache_http2_hpack.c index 36570a751..8384856dd 100644 --- a/bin/varnishd/http2/cache_http2_hpack.c +++ b/bin/varnishd/http2/cache_http2_hpack.c @@ -135,10 +135,9 @@ h2h_addhdr(struct http *hp, char *b, size_t namelen, size_t len) n = HTTP_HDR_URL; disallow_empty = 1; - // rfc7540,l,3060,3071 - if (((len > 0 && *b != '/') || - (len > 1 && *(b+1) == '/')) && - (strncmp(b, "*", len) != 0)) { + // rfc9113,l,2693,2705 + if (len > 0 && *b != '/' && + strncmp(b, "*", len) != 0) { VSLb(hp->vsl, SLT_BogoHeader, "Illegal :path pseudo-header %.*s", (int)len, b); diff --git a/bin/varnishtest/tests/a02027.vtc b/bin/varnishtest/tests/a02027.vtc index ff34b0071..e9dcf6619 100644 --- a/bin/varnishtest/tests/a02027.vtc +++ b/bin/varnishtest/tests/a02027.vtc @@ -22,8 +22,8 @@ client c1 { client c1 { stream 1 { txreq -noadd -hdr ":authority" "foo.com" -hdr ":path" "//foo" -hdr ":scheme" "http" -hdr ":method" "GET" - rxrst - expect rst.err == PROTOCOL_ERROR + rxresp + expect resp.status == 200 } -run } -run From nils.goroll at uplex.de Mon Apr 24 14:02:06 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 24 Apr 2023 14:02:06 +0000 (UTC) Subject: [master] 654da21eb Add a private pointer to struct vdp Message-ID: <20230424140206.69B6E11176D@lists.varnish-cache.org> commit 654da21eb030f269bdfbcc1fd2ca55e2e782e9a4 Author: Nils Goroll Date: Sat Apr 1 20:00:16 2023 +0200 Add a private pointer to struct vdp to facilitate custom filter parametrization diff --git a/bin/varnishd/cache/cache_filter.h b/bin/varnishd/cache/cache_filter.h index 7b1d8fa75..18241ff63 100644 --- a/bin/varnishd/cache/cache_filter.h +++ b/bin/varnishd/cache/cache_filter.h @@ -122,6 +122,7 @@ struct vdp { vdp_init_f *init; vdp_bytes_f *bytes; vdp_fini_f *fini; + const void *priv1; }; struct vdp_entry { diff --git a/include/vrt.h b/include/vrt.h index 4f922d265..68a2ff5a5 100644 --- a/include/vrt.h +++ b/include/vrt.h @@ -58,6 +58,7 @@ * binary/load-time compatible, increment MAJOR version * * NEXT (2023-09-15) + * [cache_filter.h] struct vdp gained priv1 member * 17.0 (2023-03-15) * VXID is 64 bit * [cache.h] http_GetRange() changed From nils.goroll at uplex.de Mon Apr 24 14:11:05 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 24 Apr 2023 14:11:05 +0000 (UTC) Subject: [master] 12609b138 Very minor nitpick Message-ID: <20230424141105.34E44111E07@lists.varnish-cache.org> commit 12609b138573a7257972d858ec36e74b2232610d Author: Nils Goroll Date: Mon Apr 24 16:03:56 2023 +0200 Very minor nitpick When asserting that the context is a specific sub, we can compare equal. Ref 478e310a7d2c168e1c361d6f34291177cbc2a889 diff --git a/vmod/vmod_std.c b/vmod/vmod_std.c index 72f84e9ef..dde572fae 100644 --- a/vmod/vmod_std.c +++ b/vmod/vmod_std.c @@ -270,7 +270,7 @@ VCL_VOID v_matchproto_(td_std_late_100_continue) vmod_late_100_continue(VRT_CTX, VCL_BOOL late) { CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC); - AN(ctx->method & VCL_MET_RECV); + assert(ctx->method == VCL_MET_RECV); CHECK_OBJ_NOTNULL(ctx->req, REQ_MAGIC); if (ctx->req->want100cont) ctx->req->late100cont = late; From nils.goroll at uplex.de Mon Apr 24 14:14:06 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 24 Apr 2023 14:14:06 +0000 (UTC) Subject: [master] c6cc66b2b Flexelint: polish 525: Negative indentation Message-ID: <20230424141406.5E9CC112116@lists.varnish-cache.org> commit c6cc66b2b4ca19708dcb7973af994104455d1e61 Author: Nils Goroll Date: Mon Apr 24 16:12:17 2023 +0200 Flexelint: polish 525: Negative indentation diff --git a/lib/libvcc/vcc_vmod_sym.c b/lib/libvcc/vcc_vmod_sym.c index 2b585ef00..ad2631f5f 100644 --- a/lib/libvcc/vcc_vmod_sym.c +++ b/lib/libvcc/vcc_vmod_sym.c @@ -134,9 +134,9 @@ func_restrict(struct vcc *tl, struct symbol *sym, vcc_kind_t kind, const struct unsigned s; while (vv) { s = 0; - #define VCL_CTX(l,H) \ - if (strcmp(vv->value,#l) == 0) s = VCL_MET_##H; - #include "tbl/vcl_context.h" +#define VCL_CTX(l,H) \ + if (strcmp(vv->value, #l) == 0) s = VCL_MET_##H; +#include "tbl/vcl_context.h" if (!s) { VSB_printf(tl->sb, "Error in vmod \"%s\", invalid scope for $Restrict: %s\n",sym->vmod_name, vv->value); tl->err = 1; From nils.goroll at uplex.de Mon Apr 24 14:16:03 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 24 Apr 2023 14:16:03 +0000 (UTC) Subject: [master] 91db80fd8 Extend VDP pedantic to also assert that the _fini method gets called Message-ID: <20230424141603.510AE112375@lists.varnish-cache.org> commit 91db80fd88527d8c7c403e81f9fb312f4654c77d Author: Nils Goroll Date: Fri Apr 21 23:12:35 2023 +0200 Extend VDP pedantic to also assert that the _fini method gets called The VDP now registers a PRIV_TASK to ensure that. The VDP fini method is to be called before the task ends, so the priv_task fini method checks that it ran. diff --git a/vmod/vmod_debug.c b/vmod/vmod_debug.c index 8d400256e..ab1055671 100644 --- a/vmod/vmod_debug.c +++ b/vmod/vmod_debug.c @@ -171,36 +171,113 @@ static const struct vdp xyzzy_vdp_rot13 = { }; /********************************************************************** - * assert that we see a VDP_END + * pendantic tests of the VDP API: + * - assert that we see a VDP_END + * - assert that _fini gets called before the task ends * * note: * we could lookup our own vdpe in _fini and check for vdpe->end == VDP_END * yet that would cross the API */ -static void * end_marker = &end_marker; +enum vdp_state_e { + VDPS_NULL = 0, + VDPS_INIT, // _init called + VDPS_BYTES, // _bytes called act != VDP_END + VDPS_END, // _bytes called act == VDP_END + VDPS_FINI // _fini called +}; + +struct vdp_state_s { + unsigned magic; +#define VDP_STATE_MAGIC 0x57c8d309 + enum vdp_state_e state; +}; + +static void v_matchproto_(vmod_priv_fini_f) +priv_pedantic_fini(VRT_CTX, void *priv) +{ + struct vdp_state_s *vdps; + + CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC); + CAST_OBJ_NOTNULL(vdps, priv, VDP_STATE_MAGIC); + + assert(vdps->state == VDPS_FINI); +} + +static const struct vmod_priv_methods priv_pedantic_methods[1] = {{ + .magic = VMOD_PRIV_METHODS_MAGIC, + .type = "debug_vdp_pedantic", + .fini = priv_pedantic_fini +}}; + +static int v_matchproto_(vdp_init_f) +xyzzy_pedantic_init(VRT_CTX, struct vdp_ctx *vdx, void **priv, + struct objcore *oc) +{ + struct vdp_state_s *vdps; + struct vmod_priv *p; + + (void)oc; + + CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC); + WS_TASK_ALLOC_OBJ(ctx, vdps, VDP_STATE_MAGIC); + if (vdps == NULL) + return (-1); + assert(vdps->state == VDPS_NULL); + + p = VRT_priv_task(ctx, (void *)vdx); + if (p == NULL) + return (-1); + p->priv = vdps; + p->methods = priv_pedantic_methods; + + AN(priv); + *priv = vdps; + + vdps->state = VDPS_INIT; + + return (0); +} static int v_matchproto_(vdp_bytes_f) xyzzy_pedantic_bytes(struct vdp_ctx *vdx, enum vdp_action act, void **priv, const void *ptr, ssize_t len) { - AZ(*priv); + struct vdp_state_s *vdps; + + CAST_OBJ_NOTNULL(vdps, *priv, VDP_STATE_MAGIC); + assert(vdps->state >= VDPS_INIT); + assert(vdps->state < VDPS_END); + if (act == VDP_END) - *priv = end_marker; + vdps->state = VDPS_END; + else + vdps->state = VDPS_BYTES; + return (VDP_bytes(vdx, act, ptr, len)); } static int v_matchproto_(vdp_fini_f) -xyzzy_pedantic_fini(struct vdp_ctx *vdc, void **priv) +xyzzy_pedantic_fini(struct vdp_ctx *vdx, void **priv) { - (void) vdc; - assert (*priv == end_marker); + struct vdp_state_s *vdps; + + (void) vdx; + AN(priv); + if (*priv == NULL) + return (0); + CAST_OBJ_NOTNULL(vdps, *priv, VDP_STATE_MAGIC); + assert(vdps->state == VDPS_INIT || vdps->state == VDPS_END); + vdps->state = VDPS_FINI; + *priv = NULL; return (0); } static const struct vdp xyzzy_vdp_pedantic = { .name = "debug.pedantic", + .init = xyzzy_pedantic_init, .bytes = xyzzy_pedantic_bytes, .fini = xyzzy_pedantic_fini, }; From nils.goroll at uplex.de Mon Apr 24 14:16:03 2023 From: nils.goroll at uplex.de (Nils Goroll) Date: Mon, 24 Apr 2023 14:16:03 +0000 (UTC) Subject: [master] 6d423aa5c Close VDPs for error conditions in cnt_transmit() Message-ID: <20230424141603.6765F112379@lists.varnish-cache.org> commit 6d423aa5c60940ebde76c91f0a482767346df405 Author: Nils Goroll Date: Sun Apr 23 11:01:43 2023 +0200 Close VDPs for error conditions in cnt_transmit() ... and use the pedantic VDP to test that we do. This should plug some less relevant memory leaks from VDPs which allocate heap memory. Note that we should not close VDPs for the happy path to allow transports to keep them open until after cnt_transmit returns (e.g. in vmod_pesi). Calling VDP_Close() from cnt_transmit() avoids repetition for error handling in transports. diff --git a/bin/varnishd/cache/cache_req_fsm.c b/bin/varnishd/cache/cache_req_fsm.c index f9c23d745..5313268b3 100644 --- a/bin/varnishd/cache/cache_req_fsm.c +++ b/bin/varnishd/cache/cache_req_fsm.c @@ -496,6 +496,9 @@ cnt_transmit(struct worker *wrk, struct req *req) req->doclose = SC_TX_ERROR; } + if (req->doclose != SC_NULL) + req->acct.resp_bodybytes += VDP_Close(req->vdc); + if (boc != NULL) HSH_DerefBoc(wrk, req->objcore); diff --git a/bin/varnishtest/tests/r02618.vtc b/bin/varnishtest/tests/r02618.vtc index e97d64eae..5caeccf90 100644 --- a/bin/varnishtest/tests/r02618.vtc +++ b/bin/varnishtest/tests/r02618.vtc @@ -6,11 +6,13 @@ server s1 { } -start varnish v1 -arg "-a ${tmpdir}/v1.sock" -vcl+backend { + import debug; import vtc; sub vcl_recv { return (hash); } sub vcl_deliver { + set resp.filters += " debug.pedantic"; if (req.method == "GET") { vtc.workspace_alloc(client, -1 * (req.xid - 1001)); } else if (req.method == "HEAD") { @@ -28,18 +30,25 @@ varnish v1 -cliok "param.set vsl_mask -VCL_call,-VCL_return,-Hit" logexpect l1 -v v1 -g raw { expect * * VCL_Error "Attempted negative WS allocation" + expect * * Error "Failure to push processors" + expect * * VCL_Error "Out of workspace for VDP_STATE_MAGIC" + expect * * Error "Failure to push processors" expect * * Error "Failure to push v1d processor" expect * * VCL_Error "Attempted negative WS allocation" - expect * * Error "workspace_client overflow" + expect * * Error "Failure to push processors" + expect * * VCL_Error "Out of workspace for VDP_STATE_MAGIC" + expect * * Error "Failure to push processors" } -start # some responses will fail (503), some won't. All we care # about here is the fact that we don't panic client c1 -connect "${tmpdir}/v1.sock" -repeat 100 { + non_fatal txreq -url "/" rxresp } -run client c1 -connect "${tmpdir}/v1.sock" -repeat 100 { + non_fatal txreq -url "/" -method "HEAD" rxresp } -run From phk at FreeBSD.org Wed Apr 26 05:14:08 2023 From: phk at FreeBSD.org (Poul-Henning Kamp) Date: Wed, 26 Apr 2023 05:14:08 +0000 (UTC) Subject: [master] 65caea99d Silence Flexelint Message-ID: <20230426051408.8102A10AAE8@lists.varnish-cache.org> commit 65caea99de02019aa86bf99731343e19af25c4c8 Author: Poul-Henning Kamp Date: Wed Apr 26 05:12:52 2023 +0000 Silence Flexelint diff --git a/bin/varnishd/flint.lnt b/bin/varnishd/flint.lnt index c40188132..cc0a3c909 100644 --- a/bin/varnishd/flint.lnt +++ b/bin/varnishd/flint.lnt @@ -59,6 +59,7 @@ -esym(768, vrt_ref::*) -esym(768, vcf_return::name) -esym(768, VCL_conf::*) +-esym(768, vdp::priv1) // FLINT Bug20090910_838 -efunc(838, VRT_purge) diff --git a/lib/libvcc/generate.py b/lib/libvcc/generate.py index 84790e347..08187174e 100755 --- a/lib/libvcc/generate.py +++ b/lib/libvcc/generate.py @@ -711,11 +711,13 @@ fo.close() fo = open(join(buildroot, "include/tbl/vcl_context.h"), "w") file_header(fo) +fo.write("/*lint -save -e525 -e539 */\n") for i in returns: fo.write("\nVCL_CTX(vcl_%s,%s)" % (i[0],i[0].upper())) fo.write("\nVCL_CTX(backend, TASK_B)") fo.write("\nVCL_CTX(client, TASK_C)") fo.write("\nVCL_CTX(housekeeping, TASK_H)") +fo.write("/*lint -restore */\n") fo.write("\n") fo.write("\n#undef VCL_CTX") fo.write("\n")