From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: [PATCH] squid 5.4: Latest patch - Bug #5055 - from upstream Date: Fri, 11 Feb 2022 10:09:32 +0000 Message-ID: In-Reply-To: <20220211083435.1605-1-matthias.fischer@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6418012213838856182==" List-Id: --===============6418012213838856182== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Reviewed-by: Peter M=C3=BCller > Please note: > One day after squid 5.4 was released, this extensive patch followed which > I publish separately. It seems to be important - perhaps we should > consider taking this one in account. >=20 > Building and testing was ok - so far no problems or crashes occurred. > Running normal. >=20 > Signed-off-by: Matthias Fischer > --- > lfs/squid | 1 + > ...estinationsEnd_exception_opening_967.patch | 3825 +++++++++++++++++ > 2 files changed, 3826 insertions(+) > create mode 100644 src/patches/squid/02_Bug_5055_FATAL_FwdState_noteDestin= ationsEnd_exception_opening_967.patch >=20 > diff --git a/lfs/squid b/lfs/squid > index 034f4a3e9..6762a0218 100644 > --- a/lfs/squid > +++ b/lfs/squid > @@ -78,6 +78,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) > @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE) > =20 > cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squid/01_squid-gcc11= .patch > + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/squid/02_Bug_5055_FA= TAL_FwdState_noteDestinationsEnd_exception_opening_967.patch > =20 > cd $(DIR_APP) && autoreconf -vfi > cd $(DIR_APP)/libltdl && autoreconf -vfi > diff --git a/src/patches/squid/02_Bug_5055_FATAL_FwdState_noteDestinationsE= nd_exception_opening_967.patch b/src/patches/squid/02_Bug_5055_FATAL_FwdState= _noteDestinationsEnd_exception_opening_967.patch > new file mode 100644 > index 000000000..9f592c7e8 > --- /dev/null > +++ b/src/patches/squid/02_Bug_5055_FATAL_FwdState_noteDestinationsEnd_exce= ption_opening_967.patch > @@ -0,0 +1,3825 @@ > +commit 1332f8d606485b5a2f57277634c2f6f7855bd9a6 (refs/remotes/origin/v5, r= efs/remotes/github/v5, refs/heads/v5) > +Author: Alex Rousskov > +Date: 2022-02-08 03:56:43 -0500 > + > + Bug 5055: FATAL FwdState::noteDestinationsEnd exception: opening (#967) > + =20 > + * Bug 5055: FATAL FwdState::noteDestinationsEnd exception: opening > + =20 > + The bug was caused by commit 25b0ce4. Other known symptoms are: > + =20 > + assertion failed: store.cc:1793: "isEmpty()" > + assertion failed: FwdState.cc:501: "serverConnection() =3D=3D conn" > + assertion failed: FwdState.cc:1037: "!opening()" > + =20 > + This change has several overlapping parts. Unfortunately, merging > + individual parts is both difficult and likely to cause crashes. > + =20 > + ## Part 1: Bug 5055. > + =20 > + FwdState used to check serverConn to decide whether to open a connecti= on > + to forward the request. Since commit 25b0ce4, a nil serverConn pointer > + no longer implies that a new connection should be opened: FwdState > + helper jobs may already be working on preparing an existing open > + connection (e.g., sending a CONNECT request or negotiating encryption). > + =20 > + Bad serverConn checks in both FwdState::noteDestination() and > + FwdState::noteDestinationsEnd() methods led to extra connectStart() > + calls creating two conflicting concurrent helper jobs. > + =20 > + To fix this, we replaced direct serverConn inspection with a > + usingDestination() call which also checks whether we are waiting for a > + helper job. Testing that fix exposed another set of bugs: The helper j= ob > + pointers or in-job connections left stale/set after forwarding failure= s. > + The changes described below addressed (most of) those problems. > + =20 > + ## Part 2: Connection establishing helper jobs and their callbacks > + =20 > + A proper fix for Bug 5055 required answering a difficult question: When > + should a dying job call its callbacks? We only found one answer which > + required cooperation from the job creator and led to the following > + rules: > + =20 > + * AsyncJob destructors must not call any callbacks. > + =20 > + * AsyncJob::swanSong() is responsible for async-calling any remaining > + (i.e. set, uncalled, and uncancelled) callbacks. > + =20 > + * AsyncJob::swanSong() is called (only) for started jobs. > + =20 > + * AsyncJob destructing sequence should validate that no callbacks rema= in > + uncalled for started jobs. > + =20 > + ... where an AsyncJob x is considered "started" if AsyncJob::Start(x) > + has returned without throwing. > + =20 > + A new JobWait class helps job creators follow these rules while keeping > + track on in-progress helper jobs and killing no-longer-needed helpers. > + =20 > + Also fixed very similar bugs in tunnel.cc code. > + =20 > + ## Part 3: ConnOpener fixes > + =20 > + 1. Many ConnOpener users are written to keep a ConnectionPointer to the > + destination given to ConnOpener. This means that their connection > + magically opens when ConnOpener successfully connects, before > + ConnOpener has a chance to notify the user about the changes. Having > + multiple concurrent connection owners is always dangerous, and the > + user cannot even have a close handler registered for its now-open > + connection. When something happens to ConnOpener or its answer, the > + user job may be in trouble. Now, ConnOpener callers no longer pass > + Connection objects they own, cloning them as needed. That adjustment > + required adjustment 2: > + =20 > + 2. Refactored ConnOpener users to stop assuming that the answer contai= ns > + a pointer to their connection object. After adjustment 1 above, it > + does not. HappyConnOpener relied on that assumption quite a bit so = we > + had to refactor to use two custom callback methods instead of one > + with a complicated if-statement distinguishing prime from spare > + attempts. This refactoring is an overall improvement because it > + simplifies the code. Other ConnOpener users just needed to remove a > + few no longer valid paranoid assertions/Musts. > + =20 > + 3. ConnOpener users were forced to remember to close params.conn when > + processing negative answers. Some, naturally, forgot, triggering > + warnings about orphaned connections (e.g., Ident and TcpLogger). > + ConnOpener now closes its open connection before sending a negative > + answer. > + =20 > + 4. ConnOpener would trigger orphan connection warnings if the job ended > + after opening the connection but without supplying the connection to > + the requestor (e.g., because the requestor has gone away). Now, > + ConnOpener explicitly closes its open connection if it has not been > + sent to the requestor. > + =20 > + Also fixed Comm::ConnOpener::cleanFd() debugging that was incorrectly > + saying that the method closes the temporary descriptor. > + =20 > + Also fixed ConnOpener callback's syncWithComm(): The stale > + CommConnectCbParams override was testing unused (i.e. always negative) > + CommConnectCbParams::fd and was trying to cancel the callback that most > + (possibly all) recipients rely on: ConnOpener users expect a negative > + answer rather than no answer at all. > + =20 > + Also, after comparing the needs of two old/existing and a temporary > + added ("clone everything") Connection cloning method callers, we decid= ed > + there is no need to maintain three different methods. All existing > + callers should be fine with a single method because none of them suffe= rs > + from "extra" copying of members that others need. Right now, the new > + cloneProfile() method copies everything except FD and a few > + special-purpose members (with documented reasons for not copying). > + =20 > + Also added Comm::Connection::cloneDestinationDetails() debugging to > + simplify tracking dependencies between half-baked Connection objects > + carrying destination/flags/other metadata and open Connection objects > + created by ConnOpener using that metadata (which are later delivered to > + ConnOpener users and, in some cases, replace those half-baked > + connections mentioned earlier. Long-term, we need to find a better way > + to express these and other Connection states/stages than comments and > + debugging messages. > + =20 > + ## Part 4: Comm::Connection closure callbacks > + =20 > + We improved many closure callbacks to make sure (to the extent possibl= e) > + that Connection and other objects are in sync with Comm. There are lots > + of small bugs, inconsistencies, and other problems in Connection closu= re > + handlers. It is not clear whether any of those problems could result in > + serious runtime errors or leaks. In theory, the rest of the code could > + neutralize their negative side effects. However, even in that case, it > + was just a matter of time before the next bug will bite us due to stale > + Connection::fd and such. These changes themselves carry elevated risk, > + but they get us closer to reliable code as far as Connection maintenan= ce > + is concerned; otherwise, we will keep chasing their deadly side effect= s. > + =20 > + Long-term, all these manual efforts to keep things in sync should beco= me > + unnecessary with the introduction of appropriate Connection ownership > + APIs that automatically maintain the corresponding environments (TODO). > + =20 > + ## Part 5: Other notable improvements in the adjusted code > + =20 > + Improved Security::PeerConnector::serverConn and > + Http::Tunneler::connection management, especially when sending negative > + answers. When sending a negative answer, we would set answer().conn to > + an open connection, async-send that answer, and then hurry to close the > + connection using our pointer to the shared Connection object. If > + everything went according to the plan, the recipient would get a non-n= il > + but closed Connection object. Now, a negative answer simply means no > + connection at all. Same for a tunneled answer. > + =20 > + Refactored ICAP connection-establishing code to to delay Connection > + ownership until the ICAP connection is fully ready. This change > + addresses primary Connection ownership concerns (as they apply to this > + ICAP code) except orphaning of the temporary Connection object by help= er > + job start exceptions (now an explicit XXX). For example, the transacti= on > + no longer shares a Connection object with ConnOpener and > + IcapPeerConnector jobs. > + =20 > + Probably fixed a bug where PeerConnector::negotiate() assumed that a > + sslFinalized() does not return true after callBack(). It may (e.g., wh= en > + CertValidationHelper::Submit() throws). Same for > + PeekingPeerConnector::checkForPeekAndSpliceMatched(). > + =20 > + Fixed FwdState::advanceDestination() bug that did not save > + ERR_GATEWAY_FAILURE details and "lost" the address of that failed > + destination, making it unavailable to future retries (if any). > + =20 > + Polished PeerPoolMgr, Ident, and Gopher code to be able to fix similar > + job callback and connection management issues. > + =20 > + Polished AsyncJob::Start() API. Start() used to return a job pointer, > + but that was a bad idea: > + =20 > + * It implies that a failed Start() will return a nil pointer, and that > + the caller should check the result. Neither is true. > + =20 > + * It encourages callers to dereference the returned pointer to further > + adjust the job. That technically works (today) but violates the rules > + of communicating with an async job. The Start() method is the bounda= ry > + after which the job is deemed asynchronous. > + =20 > + Also removed old "and wait for..." post-Start() comments because the > + code itself became clear enough, and those comments were becoming > + increasingly stale (because they duplicated the callback names above > + them). > + =20 > + Fix Tunneler and PeerConnector handling of last-resort callback > + requirements. Events like handleStopRequest() and callException() stop > + the job but should not be reported as a BUG (e.g., it would be up to t= he > + callException() to decide how to report the caught exception). There > + might (or there will) be other, similar cases where the job is stopped > + prematurely for some non-BUG reason beyond swanSong() knowledge. The > + existence of non-bug cases does not mean there could be no bugs worth > + reporting here, but until they can be identified more reliably than all > + these benign/irrelevant cases, reporting no BUGs is a (much) lesser > + evil. > + =20 > + TODO: Revise AsyncJob::doneAll(). Many of its overrides are written to > + check for both positive (i.e. mission accomplished) and negative (i.e. > + mission cancelled or cannot be accomplished) conditions, but the latter > + is usually unnecessary, especially after we added handleStopRequest() > + API to properly support external job cancellation events. Many doneAll= () > + overrides can probably be greatly simplified. > + =20 > + ---- > + =20 > + Cherry picked SQUID-568-premature-serverconn-use-v5 commit 22b5f78. > + =20 > + * fixup: Cherry-picked SQUID-568-premature-serverconn-use PR-time fixes > + =20 > + In git log order: > + * e64a6c1: Undone an out-of-scope change and added a missing 'auto' > + * aeaf83d: Fixed an 'unused parameter' error > + * f49d009: fixup: No explicit destructors with implicit copying methods > + * c30c37f: Removed an unnecessary explicit copy constructor > + * 012f5ec: Excluded Connection::rfc931 from cloning > + * 366c78a: ICAP: do not set connect_timeout on the established conn... > + =20 > + This branch is now in sync with SQUID-568-premature-serverconn-use (S) > + commit e64a6c1 (except for official changes merged from master/v6 into= S > + closer to the end of PR 877 work (i.e. S' merge commit 0a7432a). > + =20 > + * Fix FATAL ServiceRep::putConnection exception: theBusyConns > 0 > + =20 > + FATAL: check failed: theBusyConns > 0 > + exception location: ServiceRep.cc(163) putConnection > + =20 > + Since master/v6 commit 2b6b1bc, a timeout on a ready-to-shovel > + Squid-service ICAP connection was decrementing theBusyConns level one > + extra time because Adaptation::Icap::Xaction::noteCommTimedout() start= ed > + calling both noteConnectionFailed() and closeConnection(). Depending on > + the actual theBusyConns level, the extra decrement could result in FAT= AL > + errors later, when putConnection() was called (for a different ICAP > + transaction) with zero theBusyConns in an exception-unprotected contex= t. > + =20 > + Throughout these changes, Xaction still counts the above timeouts as a > + service failure. That is done by calling ServiceRep::noteFailure() from > + Xaction::callException(), including in timeout cases described above. > + =20 > + ---- > + =20 > + Cherry-picked master/v6 commit a8ac892. > + > +diff --git a/src/BodyPipe.cc b/src/BodyPipe.cc > +index 9abe7d48b..37a3b32cd 100644 > +--- a/src/BodyPipe.cc > ++++ b/src/BodyPipe.cc > +@@ -335,6 +335,7 @@ BodyPipe::startAutoConsumptionIfNeeded() > + return; > +=20 > + theConsumer =3D new BodySink(this); > ++ AsyncJob::Start(theConsumer); > + debugs(91,7, HERE << "starting auto consumption" << status()); > + scheduleBodyDataNotification(); > + } > +diff --git a/src/CommCalls.cc b/src/CommCalls.cc > +index 4cd503dcb..cca23f6e3 100644 > +--- a/src/CommCalls.cc > ++++ b/src/CommCalls.cc > +@@ -53,6 +53,9 @@ CommAcceptCbParams::CommAcceptCbParams(void *aData): > + { > + } > +=20 > ++// XXX: Add CommAcceptCbParams::syncWithComm(). Adjust syncWithComm() API= if all > ++// implementations always return true. > ++ > + void > + CommAcceptCbParams::print(std::ostream &os) const > + { > +@@ -72,13 +75,24 @@ CommConnectCbParams::CommConnectCbParams(void *aData): > + bool > + CommConnectCbParams::syncWithComm() > + { > +- // drop the call if the call was scheduled before comm_close but > +- // is being fired after comm_close > +- if (fd >=3D 0 && fd_table[fd].closing()) { > +- debugs(5, 3, HERE << "dropping late connect call: FD " << fd); > +- return false; > ++ assert(conn); > ++ > ++ // change parameters if this is a successful callback that was schedu= led > ++ // after its Comm-registered connection started to close > ++ > ++ if (flag !=3D Comm::OK) { > ++ assert(!conn->isOpen()); > ++ return true; // not a successful callback; cannot go out of sync > + } > +- return true; // now we are in sync and can handle the call > ++ > ++ assert(conn->isOpen()); > ++ if (!fd_table[conn->fd].closing()) > ++ return true; // no closing in progress; in sync (for now) > ++ > ++ debugs(5, 3, "converting to Comm::ERR_CLOSING: " << conn); > ++ conn->noteClosure(); > ++ flag =3D Comm::ERR_CLOSING; > ++ return true; // now the callback is in sync with Comm again > + } > +=20 > + /* CommIoCbParams */ > +diff --git a/src/Downloader.cc b/src/Downloader.cc > +index 298c3a836..012387fb8 100644 > +--- a/src/Downloader.cc > ++++ b/src/Downloader.cc > +@@ -81,6 +81,10 @@ void > + Downloader::swanSong() > + { > + debugs(33, 6, this); > ++ > ++ if (callback_) // job-ending emergencies like handleStopRequest() or = callException() > ++ callBack(Http::scInternalServerError); > ++ > + if (context_) { > + context_->finished(); > + context_ =3D nullptr; > +@@ -251,6 +255,7 @@ Downloader::downloadFinished() > + void > + Downloader::callBack(Http::StatusCode const statusCode) > + { > ++ assert(callback_); > + CbDialer *dialer =3D dynamic_cast(callback_->getDialer()); > + Must(dialer); > + dialer->status =3D statusCode; > +diff --git a/src/FwdState.cc b/src/FwdState.cc > +index b721017c3..b69e60c7c 100644 > +--- a/src/FwdState.cc > ++++ b/src/FwdState.cc > +@@ -207,26 +207,22 @@ FwdState::stopAndDestroy(const char *reason) > + { > + debugs(17, 3, "for " << reason); > +=20 > +- if (opening()) > +- cancelOpening(reason); > ++ cancelStep(reason); > +=20 > + PeerSelectionInitiator::subscribed =3D false; // may already be false > + self =3D nullptr; // we hope refcounting destroys us soon; may alread= y be nil > + /* do not place any code here as this object may be gone by now */ > + } > +=20 > +-/// Notify connOpener that we no longer need connections. We do not have = to do > +-/// this -- connOpener would eventually notice on its own, but notifying = reduces > +-/// waste and speeds up spare connection opening for other transactions (= that > +-/// could otherwise wait for this transaction to use its spare allowance). > ++/// Notify a pending subtask, if any, that we no longer need its help. We= do not > ++/// have to do this -- the subtask job will eventually end -- but ending = it > ++/// earlier reduces waste and may reduce DoS attack surface. > + void > +-FwdState::cancelOpening(const char *reason) > ++FwdState::cancelStep(const char *reason) > + { > +- assert(calls.connector); > +- calls.connector->cancel(reason); > +- calls.connector =3D nullptr; > +- notifyConnOpener(); > +- connOpener.clear(); > ++ transportWait.cancel(reason); > ++ encryptionWait.cancel(reason); > ++ peerWait.cancel(reason); > + } > +=20 > + #if STRICT_ORIGINAL_DST > +@@ -348,8 +344,7 @@ FwdState::~FwdState() > +=20 > + entry =3D NULL; > +=20 > +- if (opening()) > +- cancelOpening("~FwdState"); > ++ cancelStep("~FwdState"); > +=20 > + if (Comm::IsConnOpen(serverConn)) > + closeServerConnection("~FwdState"); > +@@ -501,8 +496,17 @@ FwdState::fail(ErrorState * errorState) > + if (!errorState->request) > + errorState->request =3D request; > +=20 > +- if (err->type !=3D ERR_ZERO_SIZE_OBJECT) > +- return; > ++ if (err->type =3D=3D ERR_ZERO_SIZE_OBJECT) > ++ reactToZeroSizeObject(); > ++ > ++ destinationReceipt =3D nullptr; // may already be nil > ++} > ++ > ++/// ERR_ZERO_SIZE_OBJECT requires special adjustments > ++void > ++FwdState::reactToZeroSizeObject() > ++{ > ++ assert(err->type =3D=3D ERR_ZERO_SIZE_OBJECT); > +=20 > + if (pconnRace =3D=3D racePossible) { > + debugs(17, 5, HERE << "pconn race happened"); > +@@ -566,6 +570,8 @@ FwdState::complete() > +=20 > + if (Comm::IsConnOpen(serverConn)) > + unregister(serverConn); > ++ serverConn =3D nullptr; > ++ destinationReceipt =3D nullptr; > +=20 > + storedWholeReply_ =3D nullptr; > + entry->reset(); > +@@ -584,6 +590,12 @@ FwdState::complete() > + } > + } > +=20 > ++bool > ++FwdState::usingDestination() const > ++{ > ++ return encryptionWait || peerWait || Comm::IsConnOpen(serverConn); > ++} > ++ > + void > + FwdState::markStoredReplyAsWhole(const char * const whyWeAreSure) > + { > +@@ -613,19 +625,19 @@ FwdState::noteDestination(Comm::ConnectionPointer pa= th) > +=20 > + destinations->addPath(path); > +=20 > +- if (Comm::IsConnOpen(serverConn)) { > ++ if (usingDestination()) { > + // We are already using a previously opened connection, so we can= not be > +- // waiting for connOpener. We still receive destinations for back= up. > +- Must(!opening()); > ++ // waiting for it. We still receive destinations for backup. > ++ Must(!transportWait); > + return; > + } > +=20 > +- if (opening()) { > ++ if (transportWait) { > + notifyConnOpener(); > + return; // and continue to wait for FwdState::noteConnection() ca= llback > + } > +=20 > +- // This is the first path candidate we have seen. Create connOpener. > ++ // This is the first path candidate we have seen. Use it. > + useDestinations(); > + } > +=20 > +@@ -653,19 +665,19 @@ FwdState::noteDestinationsEnd(ErrorState *selectionE= rror) > + // if all of them fail, forwarding as whole will fail > + Must(!selectionError); // finding at least one path means selection s= ucceeded > +=20 > +- if (Comm::IsConnOpen(serverConn)) { > ++ if (usingDestination()) { > + // We are already using a previously opened connection, so we can= not be > +- // waiting for connOpener. We were receiving destinations for bac= kup. > +- Must(!opening()); > ++ // waiting for it. We were receiving destinations for backup. > ++ Must(!transportWait); > + return; > + } > +=20 > +- Must(opening()); // or we would be stuck with nothing to do or wait f= or > ++ Must(transportWait); // or we would be stuck with nothing to do or wa= it for > + notifyConnOpener(); > + // and continue to wait for FwdState::noteConnection() callback > + } > +=20 > +-/// makes sure connOpener knows that destinations have changed > ++/// makes sure connection opener knows that the destinations have changed > + void > + FwdState::notifyConnOpener() > + { > +@@ -674,7 +686,7 @@ FwdState::notifyConnOpener() > + } else { > + debugs(17, 7, "notifying about " << *destinations); > + destinations->notificationPending =3D true; > +- CallJobHere(17, 5, connOpener, HappyConnOpener, noteCandidatesCha= nge); > ++ CallJobHere(17, 5, transportWait.job(), HappyConnOpener, noteCand= idatesChange); > + } > + } > +=20 > +@@ -684,7 +696,7 @@ static void > + fwdServerClosedWrapper(const CommCloseCbParams ¶ms) > + { > + FwdState *fwd =3D (FwdState *)params.data; > +- fwd->serverClosed(params.fd); > ++ fwd->serverClosed(); > + } > +=20 > + /**** PRIVATE ***********************************************************= ******/ > +@@ -754,13 +766,23 @@ FwdState::checkRetriable() > + } > +=20 > + void > +-FwdState::serverClosed(int fd) > ++FwdState::serverClosed() > + { > +- // XXX: fd is often -1 here > +- debugs(17, 2, "FD " << fd << " " << entry->url() << " after " << > +- (fd >=3D 0 ? fd_table[fd].pconn.uses : -1) << " requests"); > +- if (fd >=3D 0 && serverConnection()->fd =3D=3D fd) > +- fwdPconnPool->noteUses(fd_table[fd].pconn.uses); > ++ // XXX: This method logic attempts to tolerate Connection::close() ca= lled > ++ // for serverConn earlier, by one of our dispatch()ed jobs. If that h= appens, > ++ // serverConn will already be closed here or, worse, it will already = be open > ++ // for the next forwarding attempt. The current code prevents us gett= ing > ++ // stuck, but the long term solution is to stop sharing serverConn. > ++ debugs(17, 2, serverConn); > ++ if (Comm::IsConnOpen(serverConn)) { > ++ const auto uses =3D fd_table[serverConn->fd].pconn.uses; > ++ debugs(17, 3, "prior uses: " << uses); > ++ fwdPconnPool->noteUses(uses); // XXX: May not have come from fwdP= connPool > ++ serverConn->noteClosure(); > ++ } > ++ serverConn =3D nullptr; > ++ closeHandler =3D nullptr; > ++ destinationReceipt =3D nullptr; > + retryOrBail(); > + } > +=20 > +@@ -802,6 +824,8 @@ FwdState::handleUnregisteredServerEnd() > + { > + debugs(17, 2, HERE << "self=3D" << self << " err=3D" << err << ' ' <<= entry->url()); > + assert(!Comm::IsConnOpen(serverConn)); > ++ serverConn =3D nullptr; > ++ destinationReceipt =3D nullptr; > + retryOrBail(); > + } > +=20 > +@@ -819,6 +843,8 @@ FwdState::advanceDestination(const char *stepDescripti= on, const Comm::Connection > + } catch (...) { > + debugs (17, 2, "exception while trying to " << stepDescription <<= ": " << CurrentException); > + closePendingConnection(conn, "connection preparation exception"); > ++ if (!err) > ++ fail(new ErrorState(ERR_GATEWAY_FAILURE, Http::scInternalServ= erError, request, al)); > + retryOrBail(); > + } > + } > +@@ -830,8 +856,7 @@ FwdState::noteConnection(HappyConnOpener::Answer &answ= er) > + { > + assert(!destinationReceipt); > +=20 > +- calls.connector =3D nullptr; > +- connOpener.clear(); > ++ transportWait.finish(); > +=20 > + Must(n_tries <=3D answer.n_tries); // n_tries cannot decrease > + n_tries =3D answer.n_tries; > +@@ -843,6 +868,8 @@ FwdState::noteConnection(HappyConnOpener::Answer &answ= er) > + Must(!Comm::IsConnOpen(answer.conn)); > + answer.error.clear(); // preserve error for errorSendComplete() > + } else if (!Comm::IsConnOpen(answer.conn) || fd_table[answer.conn->fd= ].closing()) { > ++ // The socket could get closed while our callback was queued. Sync > ++ // Connection. XXX: Connection::fd may already be stale/invalid h= ere. > + // We do not know exactly why the connection got closed, so we pl= ay it > + // safe, allowing retries only for persistent (reused) connections > + if (answer.reused) { > +@@ -912,23 +939,24 @@ FwdState::establishTunnelThruProxy(const Comm::Conne= ctionPointer &conn) > + if (!conn->getPeer()->options.no_delay) > + tunneler->setDelayId(entry->mem_obj->mostBytesAllowed()); > + #endif > +- AsyncJob::Start(tunneler); > +- // and wait for the tunnelEstablishmentDone() call > ++ peerWait.start(tunneler, callback); > + } > +=20 > + /// resumes operations after the (possibly failed) HTTP CONNECT exchange > + void > + FwdState::tunnelEstablishmentDone(Http::TunnelerAnswer &answer) > + { > ++ peerWait.finish(); > ++ > + ErrorState *error =3D nullptr; > + if (!answer.positive()) { > +- Must(!Comm::IsConnOpen(answer.conn)); > ++ Must(!answer.conn); > + error =3D answer.squidError.get(); > + Must(error); > + answer.squidError.clear(); // preserve error for fail() > + } else if (!Comm::IsConnOpen(answer.conn) || fd_table[answer.conn->fd= ].closing()) { > +- // The socket could get closed while our callback was queued. > +- // We close Connection here to sync Connection::fd. > ++ // The socket could get closed while our callback was queued. Sync > ++ // Connection. XXX: Connection::fd may already be stale/invalid h= ere. > + closePendingConnection(answer.conn, "conn was closed while waitin= g for tunnelEstablishmentDone"); > + error =3D new ErrorState(ERR_CANNOT_FORWARD, Http::scServiceUnava= ilable, request, al); > + } else if (!answer.leftovers.isEmpty()) { > +@@ -998,18 +1026,21 @@ FwdState::secureConnectionToPeer(const Comm::Connec= tionPointer &conn) > + #endif > + connector =3D new Security::BlindPeerConnector(requestPointer, co= nn, callback, al, sslNegotiationTimeout); > + connector->noteFwdPconnUse =3D true; > +- AsyncJob::Start(connector); // will call our callback > ++ encryptionWait.start(connector, callback); > + } > +=20 > + /// called when all negotiations with the TLS-speaking peer have been com= pleted > + void > + FwdState::connectedToPeer(Security::EncryptorAnswer &answer) > + { > ++ encryptionWait.finish(); > ++ > + ErrorState *error =3D nullptr; > + if ((error =3D answer.error.get())) { > +- Must(!Comm::IsConnOpen(answer.conn)); > ++ assert(!answer.conn); > + answer.error.clear(); // preserve error for errorSendComplete() > + } else if (answer.tunneled) { > ++ assert(!answer.conn); > + // TODO: When ConnStateData establishes tunnels, its state changes > + // [in ways that may affect logging?]. Consider informing > + // ConnStateData about our tunnel or otherwise unifying tunnel > +@@ -1019,6 +1050,8 @@ FwdState::connectedToPeer(Security::EncryptorAnswer = &answer) > + complete(); // destroys us > + return; > + } else if (!Comm::IsConnOpen(answer.conn) || fd_table[answer.conn->fd= ].closing()) { > ++ // The socket could get closed while our callback was queued. Sync > ++ // Connection. XXX: Connection::fd may already be stale/invalid h= ere. > + closePendingConnection(answer.conn, "conn was closed while waitin= g for connectedToPeer"); > + error =3D new ErrorState(ERR_CANNOT_FORWARD, Http::scServiceUnava= ilable, request, al); > + } > +@@ -1091,22 +1124,20 @@ FwdState::connectStart() > + Must(!request->pinnedConnection()); > +=20 > + assert(!destinations->empty()); > +- assert(!opening()); > ++ assert(!usingDestination()); > +=20 > + // Ditch error page if it was created before. > + // A new one will be created if there's another problem > + delete err; > + err =3D nullptr; > + request->clearError(); > +- serverConn =3D nullptr; > +- destinationReceipt =3D nullptr; > +=20 > + request->hier.startPeerClock(); > +=20 > +- calls.connector =3D asyncCall(17, 5, "FwdState::noteConnection", Happ= yConnOpener::CbDialer(&FwdState::noteConnection, this)); > ++ AsyncCall::Pointer callback =3D asyncCall(17, 5, "FwdState::noteConne= ction", HappyConnOpener::CbDialer(&FwdState::noteConnection, this)); > +=20 > + HttpRequest::Pointer cause =3D request; > +- const auto cs =3D new HappyConnOpener(destinations, calls.connector, = cause, start_t, n_tries, al); > ++ const auto cs =3D new HappyConnOpener(destinations, callback, cause, = start_t, n_tries, al); > + cs->setHost(request->url.host()); > + bool retriable =3D checkRetriable(); > + if (!retriable && Config.accessList.serverPconnForNonretriable) { > +@@ -1118,8 +1149,7 @@ FwdState::connectStart() > + cs->setRetriable(retriable); > + cs->allowPersistent(pconnRace !=3D raceHappened); > + destinations->notificationPending =3D true; // start() is async > +- connOpener =3D cs; > +- AsyncJob::Start(cs); > ++ transportWait.start(cs, callback); > + } > +=20 > + /// send request on an existing connection dedicated to the requesting cl= ient > +diff --git a/src/FwdState.h b/src/FwdState.h > +index de75f33cc..ebf5f82b1 100644 > +--- a/src/FwdState.h > ++++ b/src/FwdState.h > +@@ -9,13 +9,12 @@ > + #ifndef SQUID_FORWARD_H > + #define SQUID_FORWARD_H > +=20 > +-#include "base/CbcPointer.h" > + #include "base/forward.h" > ++#include "base/JobWait.h" > + #include "base/RefCount.h" > + #include "clients/forward.h" > + #include "comm.h" > + #include "comm/Connection.h" > +-#include "comm/ConnOpener.h" > + #include "error/forward.h" > + #include "fde.h" > + #include "http/StatusCode.h" > +@@ -38,7 +37,6 @@ class ResolvedPeers; > + typedef RefCount ResolvedPeersPointer; > +=20 > + class HappyConnOpener; > +-typedef CbcPointer HappyConnOpenerPointer; > + class HappyConnOpenerAnswer; > +=20 > + /// Sets initial TOS value and Netfilter for the future outgoing connecti= on. > +@@ -87,7 +85,7 @@ public: > + void handleUnregisteredServerEnd(); > + int reforward(); > + bool reforwardableStatus(const Http::StatusCode s) const; > +- void serverClosed(int fd); > ++ void serverClosed(); > + void connectStart(); > + void connectDone(const Comm::ConnectionPointer & conn, Comm::Flag sta= tus, int xerrno); > + bool checkRetry(); > +@@ -115,6 +113,9 @@ private: > + /* PeerSelectionInitiator API */ > + virtual void noteDestination(Comm::ConnectionPointer conn) override; > + virtual void noteDestinationsEnd(ErrorState *selectionError) override; > ++ /// whether the successfully selected path destination or the establi= shed > ++ /// server connection is still in use > ++ bool usingDestination() const; > +=20 > + void noteConnection(HappyConnOpenerAnswer &); > +=20 > +@@ -157,13 +158,10 @@ private: > + /// \returns the time left for this connection to become connected or= 1 second if it is less than one second left > + time_t connectingTimeout(const Comm::ConnectionPointer &conn) const; > +=20 > +- /// whether we are waiting for HappyConnOpener > +- /// same as calls.connector but may differ from connOpener.valid() > +- bool opening() const { return connOpener.set(); } > +- > +- void cancelOpening(const char *reason); > ++ void cancelStep(const char *reason); > +=20 > + void notifyConnOpener(); > ++ void reactToZeroSizeObject(); > +=20 > + void updateAleWithFinalError(); > +=20 > +@@ -182,11 +180,6 @@ private: > + time_t start_t; > + int n_tries; ///< the number of forwarding attempts so far > +=20 > +- // AsyncCalls which we set and may need cancelling. > +- struct { > +- AsyncCall::Pointer connector; ///< a call linking us to the Conn= Opener producing serverConn. > +- } calls; > +- > + struct { > + bool connected_okay; ///< TCP link ever opened properly. This aff= ects retry of POST,PUT,CONNECT,etc > + bool dont_retry; > +@@ -194,7 +187,16 @@ private: > + bool destinationsFound; ///< at least one candidate path found > + } flags; > +=20 > +- HappyConnOpenerPointer connOpener; ///< current connection opening job > ++ /// waits for a transport connection to the peer to be established/op= ened > ++ JobWait transportWait; > ++ > ++ /// waits for the established transport connection to be secured/encr= ypted > ++ JobWait encryptionWait; > ++ > ++ /// waits for an HTTP CONNECT tunnel through a cache_peer to be negot= iated > ++ /// over the (encrypted, if needed) transport connection to that cach= e_peer > ++ JobWait peerWait; > ++ > + ResolvedPeersPointer destinations; ///< paths for forwarding the requ= est > + Comm::ConnectionPointer serverConn; ///< a successfully opened connec= tion to a server. > + PeerConnectionPointer destinationReceipt; ///< peer selection result = (or nil) > +diff --git a/src/HappyConnOpener.cc b/src/HappyConnOpener.cc > +index 6e0872506..6d83ff14f 100644 > +--- a/src/HappyConnOpener.cc > ++++ b/src/HappyConnOpener.cc > +@@ -18,6 +18,7 @@ > + #include "neighbors.h" > + #include "pconn.h" > + #include "PeerPoolMgr.h" > ++#include "sbuf/Stream.h" > + #include "SquidConfig.h" > +=20 > + CBDATA_CLASS_INIT(HappyConnOpener); > +@@ -330,6 +331,8 @@ HappyConnOpener::HappyConnOpener(const ResolvedPeers::= Pointer &dests, const Asyn > + fwdStart(aFwdStart), > + callback_(aCall), > + destinations(dests), > ++ prime(&HappyConnOpener::notePrimeConnectDone, "HappyConnOpener::noteP= rimeConnectDone"), > ++ spare(&HappyConnOpener::noteSpareConnectDone, "HappyConnOpener::noteS= pareConnectDone"), > + ale(anAle), > + cause(request), > + n_tries(tries) > +@@ -410,33 +413,43 @@ HappyConnOpener::swanSong() > + AsyncJob::swanSong(); > + } > +=20 > ++/// HappyConnOpener::Attempt printer for debugging > ++std::ostream & > ++operator <<(std::ostream &os, const HappyConnOpener::Attempt &attempt) > ++{ > ++ if (!attempt.path) > ++ os << '-'; > ++ else if (attempt.path->isOpen()) > ++ os << "FD " << attempt.path->fd; > ++ else if (attempt.connWait) > ++ os << attempt.connWait; > ++ else // destination is known; connection closed (and we are not openi= ng any) > ++ os << attempt.path->id; > ++ return os; > ++} > ++ > + const char * > + HappyConnOpener::status() const > + { > +- static MemBuf buf; > +- buf.reset(); > ++ // TODO: In a redesigned status() API, the caller may mimic this appr= oach. > ++ static SBuf buf; > ++ buf.clear(); > +=20 > +- buf.append(" [", 2); > ++ SBufStream os(buf); > ++ > ++ os.write(" [", 2); > + if (stopReason) > +- buf.appendf("Stopped, reason:%s", stopReason); > +- if (prime) { > +- if (prime.path && prime.path->isOpen()) > +- buf.appendf(" prime FD %d", prime.path->fd); > +- else if (prime.connector) > +- buf.appendf(" prime call%ud", prime.connector->id.value); > +- } > +- if (spare) { > +- if (spare.path && spare.path->isOpen()) > +- buf.appendf(" spare FD %d", spare.path->fd); > +- else if (spare.connector) > +- buf.appendf(" spare call%ud", spare.connector->id.value); > +- } > ++ os << "Stopped:" << stopReason; > ++ if (prime) > ++ os << "prime:" << prime; > ++ if (spare) > ++ os << "spare:" << spare; > + if (n_tries) > +- buf.appendf(" tries %d", n_tries); > +- buf.appendf(" %s%u]", id.prefix(), id.value); > +- buf.terminate(); > ++ os << " tries:" << n_tries; > ++ os << ' ' << id << ']'; > +=20 > +- return buf.content(); > ++ buf =3D os.buf(); > ++ return buf.c_str(); > + } > +=20 > + /// Create "503 Service Unavailable" or "504 Gateway Timeout" error depen= ding > +@@ -516,7 +529,7 @@ void > + HappyConnOpener::startConnecting(Attempt &attempt, PeerConnectionPointer = &dest) > + { > + Must(!attempt.path); > +- Must(!attempt.connector); > ++ Must(!attempt.connWait); > + Must(dest); > +=20 > + const auto bumpThroughPeer =3D cause->flags.sslBumped && dest->getPee= r(); > +@@ -552,51 +565,52 @@ HappyConnOpener::openFreshConnection(Attempt &attemp= t, PeerConnectionPointer &de > + entry->mem_obj->checkUrlChecksum(); > + #endif > +=20 > +- GetMarkingsToServer(cause.getRaw(), *dest); > ++ const auto conn =3D dest->cloneProfile(); > ++ GetMarkingsToServer(cause.getRaw(), *conn); > +=20 > +- // ConnOpener modifies its destination argument so we reset the sourc= e port > +- // in case we are reusing the destination already used by our predece= ssor. > +- dest->local.port(0); > + ++n_tries; > +=20 > + typedef CommCbMemFunT Dialer; > +- AsyncCall::Pointer callConnect =3D JobCallback(48, 5, Dialer, this, H= appyConnOpener::connectDone); > ++ AsyncCall::Pointer callConnect =3D asyncCall(48, 5, attempt.callbackM= ethodName, > ++ Dialer(this, attempt.callbackMethod)= ); > + const time_t connTimeout =3D dest->connectTimeout(fwdStart); > +- Comm::ConnOpener *cs =3D new Comm::ConnOpener(dest, callConnect, conn= Timeout); > +- if (!dest->getPeer()) > ++ auto cs =3D new Comm::ConnOpener(conn, callConnect, connTimeout); > ++ if (!conn->getPeer()) > + cs->setHost(host_); > +=20 > +- attempt.path =3D dest; > +- attempt.connector =3D callConnect; > +- attempt.opener =3D cs; > ++ attempt.path =3D dest; // but not the being-opened conn! > ++ attempt.connWait.start(cs, callConnect); > ++} > +=20 > +- AsyncJob::Start(cs); > ++/// Comm::ConnOpener callback for the prime connection attempt > ++void > ++HappyConnOpener::notePrimeConnectDone(const CommConnectCbParams ¶ms) > ++{ > ++ handleConnOpenerAnswer(prime, params, "new prime connection"); > + } > +=20 > +-/// called by Comm::ConnOpener objects after a prime or spare connection = attempt > +-/// completes (successfully or not) > ++/// Comm::ConnOpener callback for the spare connection attempt > + void > +-HappyConnOpener::connectDone(const CommConnectCbParams ¶ms) > ++HappyConnOpener::noteSpareConnectDone(const CommConnectCbParams ¶ms) > + { > +- Must(params.conn); > +- const bool itWasPrime =3D (params.conn =3D=3D prime.path); > +- const bool itWasSpare =3D (params.conn =3D=3D spare.path); > +- Must(itWasPrime !=3D itWasSpare); > +- > +- PeerConnectionPointer handledPath; > +- if (itWasPrime) { > +- handledPath =3D prime.path; > +- prime.finish(); > +- } else { > +- handledPath =3D spare.path; > +- spare.finish(); > +- if (gotSpareAllowance) { > +- TheSpareAllowanceGiver.jobUsedAllowance(); > +- gotSpareAllowance =3D false; > +- } > ++ if (gotSpareAllowance) { > ++ TheSpareAllowanceGiver.jobUsedAllowance(); > ++ gotSpareAllowance =3D false; > + } > ++ handleConnOpenerAnswer(spare, params, "new spare connection"); > ++} > ++ > ++/// prime/spare-agnostic processing of a Comm::ConnOpener result > ++void > ++HappyConnOpener::handleConnOpenerAnswer(Attempt &attempt, const CommConne= ctCbParams ¶ms, const char *what) > ++{ > ++ Must(params.conn); > ++ > ++ // finalize the previously selected path before attempt.finish() forg= ets it > ++ auto handledPath =3D attempt.path; > ++ handledPath.finalize(params.conn); // closed on errors > ++ attempt.finish(); > +=20 > +- const char *what =3D itWasPrime ? "new prime connection" : "new spare= connection"; > + if (params.flag =3D=3D Comm::OK) { > + sendSuccess(handledPath, false, what); > + return; > +@@ -605,7 +619,6 @@ HappyConnOpener::connectDone(const CommConnectCbParams= ¶ms) > + debugs(17, 8, what << " failed: " << params.conn); > + if (const auto peer =3D params.conn->getPeer()) > + peerConnectFailed(peer); > +- params.conn->close(); // TODO: Comm::ConnOpener should do this instea= d. > +=20 > + // remember the last failure (we forward it if we cannot connect anyw= here) > + lastFailedConnection =3D handledPath; > +@@ -881,13 +894,23 @@ HappyConnOpener::ranOutOfTimeOrAttempts() const > + return false; > + } > +=20 > ++HappyConnOpener::Attempt::Attempt(const CallbackMethod method, const char= *methodName): > ++ callbackMethod(method), > ++ callbackMethodName(methodName) > ++{ > ++} > ++ > ++void > ++HappyConnOpener::Attempt::finish() > ++{ > ++ connWait.finish(); > ++ path =3D nullptr; > ++} > ++ > + void > + HappyConnOpener::Attempt::cancel(const char *reason) > + { > +- if (connector) { > +- connector->cancel(reason); > +- CallJobHere(17, 3, opener, Comm::ConnOpener, noteAbort); > +- } > +- clear(); > ++ connWait.cancel(reason); > ++ path =3D nullptr; > + } > +=20 > +diff --git a/src/HappyConnOpener.h b/src/HappyConnOpener.h > +index 4f3135c60..c57c431ad 100644 > +--- a/src/HappyConnOpener.h > ++++ b/src/HappyConnOpener.h > +@@ -156,22 +156,28 @@ private: > + /// a connection opening attempt in progress (or falsy) > + class Attempt { > + public: > ++ /// HappyConnOpener method implementing a ConnOpener callback > ++ using CallbackMethod =3D void (HappyConnOpener::*)(const CommConn= ectCbParams &); > ++ > ++ Attempt(const CallbackMethod method, const char *methodName); > ++ > + explicit operator bool() const { return static_cast(path); } > +=20 > + /// reacts to a natural attempt completion (successful or otherwi= se) > +- void finish() { clear(); } > ++ void finish(); > +=20 > + /// aborts an in-progress attempt > + void cancel(const char *reason); > +=20 > + PeerConnectionPointer path; ///< the destination we are connectin= g to > +- AsyncCall::Pointer connector; ///< our opener callback > +- Comm::ConnOpener::Pointer opener; ///< connects to path and calls= us > +=20 > +- private: > +- /// cleans up after the attempt ends (successfully or otherwise) > +- void clear() { path =3D nullptr; connector =3D nullptr; opener = =3D nullptr; } > ++ /// waits for a connection to the peer to be established/opened > ++ JobWait connWait; > ++ > ++ const CallbackMethod callbackMethod; ///< ConnOpener calls this m= ethod > ++ const char * const callbackMethodName; ///< for callbackMethod de= bugging > + }; > ++ friend std::ostream &operator <<(std::ostream &, const Attempt &); > +=20 > + /* AsyncJob API */ > + virtual void start() override; > +@@ -190,7 +196,9 @@ private: > + void openFreshConnection(Attempt &, PeerConnectionPointer &); > + bool reuseOldConnection(PeerConnectionPointer &); > +=20 > +- void connectDone(const CommConnectCbParams &); > ++ void notePrimeConnectDone(const CommConnectCbParams &); > ++ void noteSpareConnectDone(const CommConnectCbParams &); > ++ void handleConnOpenerAnswer(Attempt &, const CommConnectCbParams &, c= onst char *connDescription); > +=20 > + void checkForNewConnection(); > +=20 > +diff --git a/src/PeerPoolMgr.cc b/src/PeerPoolMgr.cc > +index 2caa09f44..7423dd669 100644 > +--- a/src/PeerPoolMgr.cc > ++++ b/src/PeerPoolMgr.cc > +@@ -43,9 +43,8 @@ public: > + PeerPoolMgr::PeerPoolMgr(CachePeer *aPeer): AsyncJob("PeerPoolMgr"), > + peer(cbdataReference(aPeer)), > + request(), > +- opener(), > +- securer(), > +- closer(), > ++ transportWait(), > ++ encryptionWait(), > + addrUsed(0) > + { > + } > +@@ -90,7 +89,7 @@ PeerPoolMgr::doneAll() const > + void > + PeerPoolMgr::handleOpenedConnection(const CommConnectCbParams ¶ms) > + { > +- opener =3D NULL; > ++ transportWait.finish(); > +=20 > + if (!validPeer()) { > + debugs(48, 3, "peer gone"); > +@@ -100,9 +99,6 @@ PeerPoolMgr::handleOpenedConnection(const CommConnectCb= Params ¶ms) > + } > +=20 > + if (params.flag !=3D Comm::OK) { > +- /* it might have been a timeout with a partially open link */ > +- if (params.conn !=3D NULL) > +- params.conn->close(); > + peerConnectFailed(peer); > + checkpoint("conn opening failure"); // may retry > + return; > +@@ -112,20 +108,16 @@ PeerPoolMgr::handleOpenedConnection(const CommConnec= tCbParams ¶ms) > +=20 > + // Handle TLS peers. > + if (peer->secure.encryptTransport) { > +- typedef CommCbMemFunT CloserDiale= r; > +- closer =3D JobCallback(48, 3, CloserDialer, this, > +- PeerPoolMgr::handleSecureClosure); > +- comm_add_close_handler(params.conn->fd, closer); > +- > +- securer =3D asyncCall(48, 4, "PeerPoolMgr::handleSecuredPeer", > +- MyAnswerDialer(this, &PeerPoolMgr::handleSecu= redPeer)); > ++ // XXX: Exceptions orphan params.conn > ++ AsyncCall::Pointer callback =3D asyncCall(48, 4, "PeerPoolMgr::ha= ndleSecuredPeer", > ++ MyAnswerDialer(this, &Pee= rPoolMgr::handleSecuredPeer)); > +=20 > + const int peerTimeout =3D peerConnectTimeout(peer); > + const int timeUsed =3D squid_curtime - params.conn->startTime(); > + // Use positive timeout when less than one second is left for con= n. > + const int timeLeft =3D positiveTimeout(peerTimeout - timeUsed); > +- auto *connector =3D new Security::BlindPeerConnector(request, par= ams.conn, securer, nullptr, timeLeft); > +- AsyncJob::Start(connector); // will call our callback > ++ const auto connector =3D new Security::BlindPeerConnector(request= , params.conn, callback, nullptr, timeLeft); > ++ encryptionWait.start(connector, callback); > + return; > + } > +=20 > +@@ -144,16 +136,7 @@ PeerPoolMgr::pushNewConnection(const Comm::Connection= Pointer &conn) > + void > + PeerPoolMgr::handleSecuredPeer(Security::EncryptorAnswer &answer) > + { > +- Must(securer !=3D NULL); > +- securer =3D NULL; > +- > +- if (closer !=3D NULL) { > +- if (answer.conn !=3D NULL) > +- comm_remove_close_handler(answer.conn->fd, closer); > +- else > +- closer->cancel("securing completed"); > +- closer =3D NULL; > +- } > ++ encryptionWait.finish(); > +=20 > + if (!validPeer()) { > + debugs(48, 3, "peer gone"); > +@@ -162,35 +145,33 @@ PeerPoolMgr::handleSecuredPeer(Security::EncryptorAn= swer &answer) > + return; > + } > +=20 > ++ assert(!answer.tunneled); > + if (answer.error.get()) { > +- if (answer.conn !=3D NULL) > +- answer.conn->close(); > ++ assert(!answer.conn); > + // PeerConnector calls peerConnectFailed() for us; > + checkpoint("conn securing failure"); // may retry > + return; > + } > +=20 > +- pushNewConnection(answer.conn); > +-} > ++ assert(answer.conn); > +=20 > +-void > +-PeerPoolMgr::handleSecureClosure(const CommCloseCbParams ¶ms) > +-{ > +- Must(closer !=3D NULL); > +- Must(securer !=3D NULL); > +- securer->cancel("conn closed by a 3rd party"); > +- securer =3D NULL; > +- closer =3D NULL; > +- // allow the closing connection to fully close before we check again > +- Checkpoint(this, "conn closure while securing"); > ++ // The socket could get closed while our callback was queued. Sync > ++ // Connection. XXX: Connection::fd may already be stale/invalid here. > ++ if (answer.conn->isOpen() && fd_table[answer.conn->fd].closing()) { > ++ answer.conn->noteClosure(); > ++ checkpoint("external connection closure"); // may retry > ++ return; > ++ } > ++ > ++ pushNewConnection(answer.conn); > + } > +=20 > + void > + PeerPoolMgr::openNewConnection() > + { > + // KISS: Do nothing else when we are already doing something. > +- if (opener !=3D NULL || securer !=3D NULL || shutting_down) { > +- debugs(48, 7, "busy: " << opener << '|' << securer << '|' << shut= ting_down); > ++ if (transportWait || encryptionWait || shutting_down) { > ++ debugs(48, 7, "busy: " << transportWait << '|' << encryptionWait = << '|' << shutting_down); > + return; // there will be another checkpoint when we are done open= ing/securing > + } > +=20 > +@@ -227,9 +208,9 @@ PeerPoolMgr::openNewConnection() > +=20 > + const int ctimeout =3D peerConnectTimeout(peer); > + typedef CommCbMemFunT Dialer; > +- opener =3D JobCallback(48, 5, Dialer, this, PeerPoolMgr::handleOpened= Connection); > +- Comm::ConnOpener *cs =3D new Comm::ConnOpener(conn, opener, ctimeout); > +- AsyncJob::Start(cs); > ++ AsyncCall::Pointer callback =3D JobCallback(48, 5, Dialer, this, Peer= PoolMgr::handleOpenedConnection); > ++ const auto cs =3D new Comm::ConnOpener(conn, callback, ctimeout); > ++ transportWait.start(cs, callback); > + } > +=20 > + void > +diff --git a/src/PeerPoolMgr.h b/src/PeerPoolMgr.h > +index 217994393..6da61b10b 100644 > +--- a/src/PeerPoolMgr.h > ++++ b/src/PeerPoolMgr.h > +@@ -10,6 +10,7 @@ > + #define SQUID_PEERPOOLMGR_H > +=20 > + #include "base/AsyncJob.h" > ++#include "base/JobWait.h" > + #include "comm/forward.h" > + #include "security/forward.h" > +=20 > +@@ -54,18 +55,19 @@ protected: > + /// Security::PeerConnector callback > + void handleSecuredPeer(Security::EncryptorAnswer &answer); > +=20 > +- /// called when the connection we are trying to secure is closed by a= 3rd party > +- void handleSecureClosure(const CommCloseCbParams ¶ms); > +- > + /// the final step in connection opening (and, optionally, securing) = sequence > + void pushNewConnection(const Comm::ConnectionPointer &conn); > +=20 > + private: > + CachePeer *peer; ///< the owner of the pool we manage > + RefCount request; ///< fake HTTP request for conn openin= g code > +- AsyncCall::Pointer opener; ///< whether we are opening a connection > +- AsyncCall::Pointer securer; ///< whether we are securing a connection > +- AsyncCall::Pointer closer; ///< monitors conn while we are securing it > ++ > ++ /// waits for a transport connection to the peer to be established/op= ened > ++ JobWait transportWait; > ++ > ++ /// waits for the established transport connection to be secured/encr= ypted > ++ JobWait encryptionWait; > ++ > + unsigned int addrUsed; ///< counter for cycling through peer addresses > + }; > +=20 > +diff --git a/src/ResolvedPeers.cc b/src/ResolvedPeers.cc > +index 5b2c6740d..06ab02d23 100644 > +--- a/src/ResolvedPeers.cc > ++++ b/src/ResolvedPeers.cc > +@@ -151,7 +151,7 @@ ResolvedPeers::extractFound(const char *description, c= onst Paths::iterator &foun > + while (++pathsToSkip < paths_.size() && !paths_[pathsToSkip].avai= lable) {} > + } > +=20 > +- const auto cleanPath =3D path.connection->cloneDestinationDetails(); > ++ const auto cleanPath =3D path.connection->cloneProfile(); > + return PeerConnectionPointer(cleanPath, found - paths_.begin()); > + } > +=20 > +diff --git a/src/adaptation/icap/ModXact.cc b/src/adaptation/icap/ModXact.= cc > +index bbeebdbb5..982f38f8d 100644 > +--- a/src/adaptation/icap/ModXact.cc > ++++ b/src/adaptation/icap/ModXact.cc > +@@ -187,8 +187,7 @@ void Adaptation::Icap::ModXact::startWriting() > + openConnection(); > + } > +=20 > +-// connection with the ICAP service established > +-void Adaptation::Icap::ModXact::handleCommConnected() > ++void Adaptation::Icap::ModXact::startShoveling() > + { > + Must(state.writing =3D=3D State::writingConnect); > +=20 > +diff --git a/src/adaptation/icap/ModXact.h b/src/adaptation/icap/ModXact.h > +index f8988ac29..2fda1318b 100644 > +--- a/src/adaptation/icap/ModXact.h > ++++ b/src/adaptation/icap/ModXact.h > +@@ -155,10 +155,11 @@ public: > + virtual void noteBodyProductionEnded(BodyPipe::Pointer); > + virtual void noteBodyProducerAborted(BodyPipe::Pointer); > +=20 > +- // comm handlers > +- virtual void handleCommConnected(); > ++ /* Xaction API */ > ++ virtual void startShoveling(); > + virtual void handleCommWrote(size_t size); > + virtual void handleCommRead(size_t size); > ++ > + void handleCommWroteHeaders(); > + void handleCommWroteBody(); > +=20 > +diff --git a/src/adaptation/icap/OptXact.cc b/src/adaptation/icap/OptXact.= cc > +index 5ed4fbfbb..2464ea533 100644 > +--- a/src/adaptation/icap/OptXact.cc > ++++ b/src/adaptation/icap/OptXact.cc > +@@ -37,7 +37,7 @@ void Adaptation::Icap::OptXact::start() > + openConnection(); > + } > +=20 > +-void Adaptation::Icap::OptXact::handleCommConnected() > ++void Adaptation::Icap::OptXact::startShoveling() > + { > + scheduleRead(); > +=20 > +diff --git a/src/adaptation/icap/OptXact.h b/src/adaptation/icap/OptXact.h > +index 3811ab48f..725cd6225 100644 > +--- a/src/adaptation/icap/OptXact.h > ++++ b/src/adaptation/icap/OptXact.h > +@@ -30,8 +30,9 @@ public: > + OptXact(ServiceRep::Pointer &aService); > +=20 > + protected: > ++ /* Xaction API */ > + virtual void start(); > +- virtual void handleCommConnected(); > ++ virtual void startShoveling(); > + virtual void handleCommWrote(size_t size); > + virtual void handleCommRead(size_t size); > +=20 > +diff --git a/src/adaptation/icap/ServiceRep.cc b/src/adaptation/icap/Servi= ceRep.cc > +index 6df475712..fbd896888 100644 > +--- a/src/adaptation/icap/ServiceRep.cc > ++++ b/src/adaptation/icap/ServiceRep.cc > +@@ -112,9 +112,10 @@ void Adaptation::Icap::ServiceRep::noteFailure() > + // should be configurable. > + } > +=20 > +-// returns a persistent or brand new connection; negative int on failures > ++// TODO: getIdleConnection() and putConnection()/noteConnectionFailed() m= anage a > ++// "used connection slot" resource. Automate that resource tracking (RAII= /etc.). > + Comm::ConnectionPointer > +-Adaptation::Icap::ServiceRep::getConnection(bool retriableXact, bool &reu= sed) > ++Adaptation::Icap::ServiceRep::getIdleConnection(const bool retriableXact) > + { > + Comm::ConnectionPointer connection; > +=20 > +@@ -137,7 +138,6 @@ Adaptation::Icap::ServiceRep::getConnection(bool retri= ableXact, bool &reused) > + else > + theIdleConns->closeN(1); > +=20 > +- reused =3D Comm::IsConnOpen(connection); > + ++theBusyConns; > + debugs(93,3, HERE << "got connection: " << connection); > + return connection; > +@@ -150,7 +150,6 @@ void Adaptation::Icap::ServiceRep::putConnection(const= Comm::ConnectionPointer & > + // do not pool an idle connection if we owe connections > + if (isReusable && excessConnections() =3D=3D 0) { > + debugs(93, 3, HERE << "pushing pconn" << comment); > +- commUnsetConnTimeout(conn); > + theIdleConns->push(conn); > + } else { > + debugs(93, 3, HERE << (sendReset ? "RST" : "FIN") << "-closing " = << > +diff --git a/src/adaptation/icap/ServiceRep.h b/src/adaptation/icap/Servic= eRep.h > +index f2e893244..cca2df4ab 100644 > +--- a/src/adaptation/icap/ServiceRep.h > ++++ b/src/adaptation/icap/ServiceRep.h > +@@ -85,7 +85,8 @@ public: > + bool wantsPreview(const SBuf &urlPath, size_t &wantedSize) const; > + bool allows204() const; > + bool allows206() const; > +- Comm::ConnectionPointer getConnection(bool isRetriable, bool &isReuse= d); > ++ /// \returns an idle persistent ICAP connection or nil > ++ Comm::ConnectionPointer getIdleConnection(bool isRetriable); > + void putConnection(const Comm::ConnectionPointer &conn, bool isReusab= le, bool sendReset, const char *comment); > + void noteConnectionUse(const Comm::ConnectionPointer &conn); > + void noteConnectionFailed(const char *comment); > +diff --git a/src/adaptation/icap/Xaction.cc b/src/adaptation/icap/Xaction.= cc > +index 9aacf2e1b..962ed1703 100644 > +--- a/src/adaptation/icap/Xaction.cc > ++++ b/src/adaptation/icap/Xaction.cc > +@@ -13,6 +13,7 @@ > + #include "adaptation/icap/Config.h" > + #include "adaptation/icap/Launcher.h" > + #include "adaptation/icap/Xaction.h" > ++#include "base/JobWait.h" > + #include "base/TextException.h" > + #include "comm.h" > + #include "comm/Connection.h" > +@@ -79,7 +80,6 @@ Adaptation::Icap::Xaction::Xaction(const char *aTypeName= , Adaptation::Icap::Serv > + icapRequest(NULL), > + icapReply(NULL), > + attempts(0), > +- connection(NULL), > + theService(aService), > + commEof(false), > + reuseConnection(true), > +@@ -87,14 +87,8 @@ Adaptation::Icap::Xaction::Xaction(const char *aTypeNam= e, Adaptation::Icap::Serv > + isRepeatable(true), > + ignoreLastWrite(false), > + waitingForDns(false), > +- stopReason(NULL), > +- connector(NULL), > +- reader(NULL), > +- writer(NULL), > +- closer(NULL), > + alep(new AccessLogEntry), > +- al(*alep), > +- cs(NULL) > ++ al(*alep) > + { > + debugs(93,3, typeName << " constructed, this=3D" << this << > + " [icapx" << id << ']'); // we should not call virtual status(= ) here > +@@ -150,6 +144,8 @@ static void > + icapLookupDnsResults(const ipcache_addrs *ia, const Dns::LookupDetails &,= void *data) > + { > + Adaptation::Icap::Xaction *xa =3D static_cast(data); > ++ /// TODO: refactor with CallJobHere1, passing either std::optional (a= fter upgrading to C++17) > ++ /// or Optional (when it can take non-trivial types) > + xa->dnsLookupDone(ia); > + } > +=20 > +@@ -164,21 +160,8 @@ Adaptation::Icap::Xaction::openConnection() > + if (!TheConfig.reuse_connections) > + disableRetries(); // this will also safely drain pconn pool > +=20 > +- bool wasReused =3D false; > +- connection =3D s.getConnection(isRetriable, wasReused); > +- > +- if (wasReused && Comm::IsConnOpen(connection)) { > +- // Set comm Close handler > +- // fake the connect callback > +- // TODO: can we sync call Adaptation::Icap::Xaction::noteCommConn= ected here instead? > +- typedef CommCbMemFunT Dialer; > +- CbcPointer self(this); > +- Dialer dialer(self, &Adaptation::Icap::Xaction::noteCommConnected= ); > +- dialer.params.conn =3D connection; > +- dialer.params.flag =3D Comm::OK; > +- // fake other parameters by copying from the existing connection > +- connector =3D asyncCall(93,3, "Adaptation::Icap::Xaction::noteCom= mConnected", dialer); > +- ScheduleCallHere(connector); > ++ if (const auto pconn =3D s.getIdleConnection(isRetriable)) { > ++ useTransportConnection(pconn); > + return; > + } > +=20 > +@@ -207,30 +190,22 @@ Adaptation::Icap::Xaction::dnsLookupDone(const ipcac= he_addrs *ia) > + #if WHEN_IPCACHE_NBGETHOSTBYNAME_USES_ASYNC_CALLS > + dieOnConnectionFailure(); // throws > + #else // take a step back into protected Async call dialing. > +- // fake the connect callback > +- typedef CommCbMemFunT Dialer; > +- CbcPointer self(this); > +- Dialer dialer(self, &Adaptation::Icap::Xaction::noteCommConnected= ); > +- dialer.params.conn =3D connection; > +- dialer.params.flag =3D Comm::COMM_ERROR; > +- // fake other parameters by copying from the existing connection > +- connector =3D asyncCall(93,3, "Adaptation::Icap::Xaction::noteCom= mConnected", dialer); > +- ScheduleCallHere(connector); > ++ CallJobHere(93, 3, this, Xaction, Xaction::dieOnConnectionFailure= ); > + #endif > + return; > + } > +=20 > +- connection =3D new Comm::Connection; > +- connection->remote =3D ia->current(); > +- connection->remote.port(s.cfg().port); > +- getOutgoingAddress(NULL, connection); > ++ const Comm::ConnectionPointer conn =3D new Comm::Connection(); > ++ conn->remote =3D ia->current(); > ++ conn->remote.port(s.cfg().port); > ++ getOutgoingAddress(nullptr, conn); > +=20 > + // TODO: service bypass status may differ from that of a transaction > + typedef CommCbMemFunT= ConnectDialer; > +- connector =3D JobCallback(93,3, ConnectDialer, this, Adaptation::Icap= ::Xaction::noteCommConnected); > +- cs =3D new Comm::ConnOpener(connection, connector, TheConfig.connect_= timeout(service().cfg().bypass)); > ++ AsyncCall::Pointer callback =3D JobCallback(93, 3, ConnectDialer, thi= s, Adaptation::Icap::Xaction::noteCommConnected); > ++ const auto cs =3D new Comm::ConnOpener(conn, callback, TheConfig.conn= ect_timeout(service().cfg().bypass)); > + cs->setHost(s.cfg().host.termedBuf()); > +- AsyncJob::Start(cs.get()); > ++ transportWait.start(cs, callback); > + } > +=20 > + /* > +@@ -256,6 +231,8 @@ void Adaptation::Icap::Xaction::closeConnection() > + closer =3D NULL; > + } > +=20 > ++ commUnsetConnTimeout(connection); > ++ > + cancelRead(); // may not work > +=20 > + if (reuseConnection && !doneWithIo()) { > +@@ -275,54 +252,65 @@ void Adaptation::Icap::Xaction::closeConnection() > +=20 > + writer =3D NULL; > + reader =3D NULL; > +- connector =3D NULL; > + connection =3D NULL; > + } > + } > +=20 > +-// connection with the ICAP service established > ++/// called when the connection attempt to an ICAP service completes (succ= essfully or not) > + void Adaptation::Icap::Xaction::noteCommConnected(const CommConnectCbPara= ms &io) > + { > +- cs =3D NULL; > ++ transportWait.finish(); > +=20 > +- if (io.flag =3D=3D Comm::TIMEOUT) { > +- handleCommTimedout(); > ++ if (io.flag !=3D Comm::OK) { > ++ dieOnConnectionFailure(); // throws > + return; > + } > +=20 > +- Must(connector !=3D NULL); > +- connector =3D NULL; > +- > +- if (io.flag !=3D Comm::OK) > +- dieOnConnectionFailure(); // throws > +- > +- typedef CommCbMemFunT= TimeoutDialer; > +- AsyncCall::Pointer timeoutCall =3D asyncCall(93, 5, "Adaptation::Ica= p::Xaction::noteCommTimedout", > +- TimeoutDialer(this,&Adaptation::Ica= p::Xaction::noteCommTimedout)); > +- commSetConnTimeout(io.conn, TheConfig.connect_timeout(service().cfg()= .bypass), timeoutCall); > ++ useTransportConnection(io.conn); > ++} > +=20 > +- typedef CommCbMemFunT C= loseDialer; > +- closer =3D asyncCall(93, 5, "Adaptation::Icap::Xaction::noteCommClos= ed", > +- CloseDialer(this,&Adaptation::Icap::Xaction::note= CommClosed)); > +- comm_add_close_handler(io.conn->fd, closer); > ++/// React to the availability of a transport connection to the ICAP servi= ce. > ++/// The given connection may (or may not) be secured already. > ++void > ++Adaptation::Icap::Xaction::useTransportConnection(const Comm::ConnectionP= ointer &conn) > ++{ > ++ assert(Comm::IsConnOpen(conn)); > ++ assert(!connection); > +=20 > + // If it is a reused connection and the TLS object is built > + // we should not negotiate new TLS session > +- const auto &ssl =3D fd_table[io.conn->fd].ssl; > ++ const auto &ssl =3D fd_table[conn->fd].ssl; > + if (!ssl && service().cfg().secure.encryptTransport) { > ++ // XXX: Exceptions orphan conn. > + CbcPointer me(this); > +- securer =3D asyncCall(93, 4, "Adaptation::Icap::Xaction::handleSe= curedPeer", > +- MyIcapAnswerDialer(me, &Adaptation::Icap::Xac= tion::handleSecuredPeer)); > ++ AsyncCall::Pointer callback =3D asyncCall(93, 4, "Adaptation::Ica= p::Xaction::handleSecuredPeer", > ++ MyIcapAnswerDialer(me, &A= daptation::Icap::Xaction::handleSecuredPeer)); > +=20 > +- auto *sslConnector =3D new Ssl::IcapPeerConnector(theService, io.= conn, securer, masterLogEntry(), TheConfig.connect_timeout(service().cfg().by= pass)); > +- AsyncJob::Start(sslConnector); // will call our callback > ++ const auto sslConnector =3D new Ssl::IcapPeerConnector(theService= , conn, callback, masterLogEntry(), TheConfig.connect_timeout(service().cfg()= .bypass)); > ++ > ++ encryptionWait.start(sslConnector, callback); > + return; > + } > +=20 > +-// ?? fd_table[io.conn->fd].noteUse(icapPconnPool); > ++ useIcapConnection(conn); > ++} > ++ > ++/// react to the availability of a fully-ready ICAP connection > ++void > ++Adaptation::Icap::Xaction::useIcapConnection(const Comm::ConnectionPointe= r &conn) > ++{ > ++ assert(!connection); > ++ assert(conn); > ++ assert(Comm::IsConnOpen(conn)); > ++ connection =3D conn; > + service().noteConnectionUse(connection); > +=20 > +- handleCommConnected(); > ++ typedef CommCbMemFunT C= loseDialer; > ++ closer =3D asyncCall(93, 5, "Adaptation::Icap::Xaction::noteCommClos= ed", > ++ CloseDialer(this,&Adaptation::Icap::Xaction::note= CommClosed)); > ++ comm_add_close_handler(connection->fd, closer); > ++ > ++ startShoveling(); > + } > +=20 > + void Adaptation::Icap::Xaction::dieOnConnectionFailure() > +@@ -367,40 +355,25 @@ void Adaptation::Icap::Xaction::noteCommWrote(const = CommIoCbParams &io) > +=20 > + // communication timeout with the ICAP service > + void Adaptation::Icap::Xaction::noteCommTimedout(const CommTimeoutCbParam= s &) > +-{ > +- handleCommTimedout(); > +-} > +- > +-void Adaptation::Icap::Xaction::handleCommTimedout() > + { > + debugs(93, 2, HERE << typeName << " failed: timeout with " << > + theService->cfg().methodStr() << " " << > + theService->cfg().uri << status()); > + reuseConnection =3D false; > +- const bool whileConnecting =3D connector !=3D NULL; > +- if (whileConnecting) { > +- assert(!haveConnection()); > +- theService->noteConnectionFailed("timedout"); > +- } else > +- closeConnection(); // so that late Comm callbacks do not disturb = bypass > +- throw TexcHere(whileConnecting ? > +- "timed out while connecting to the ICAP service" : > +- "timed out while talking to the ICAP service"); > ++ assert(haveConnection()); > ++ closeConnection(); > ++ throw TextException("timed out while talking to the ICAP service", He= re()); > + } > +=20 > + // unexpected connection close while talking to the ICAP service > + void Adaptation::Icap::Xaction::noteCommClosed(const CommCloseCbParams &) > + { > +- if (securer !=3D NULL) { > +- securer->cancel("Connection closed before SSL negotiation finishe= d"); > +- securer =3D NULL; > ++ if (connection) { > ++ connection->noteClosure(); > ++ connection =3D nullptr; > + } > + closer =3D NULL; > +- handleCommClosed(); > +-} > +=20 > +-void Adaptation::Icap::Xaction::handleCommClosed() > +-{ > + static const auto d =3D MakeNamedErrorDetail("ICAP_XACT_CLOSE"); > + detailError(d); > + mustStop("ICAP service connection externally closed"); > +@@ -424,7 +397,8 @@ void Adaptation::Icap::Xaction::callEnd() > +=20 > + bool Adaptation::Icap::Xaction::doneAll() const > + { > +- return !waitingForDns && !connector && !securer && !reader && !writer= && > ++ return !waitingForDns && !transportWait && !encryptionWait && > ++ !reader && !writer && > + Adaptation::Initiate::doneAll(); > + } > +=20 > +@@ -568,7 +542,7 @@ bool Adaptation::Icap::Xaction::doneWriting() const > + bool Adaptation::Icap::Xaction::doneWithIo() const > + { > + return haveConnection() && > +- !connector && !reader && !writer && // fast checks, some redun= dant > ++ !transportWait && !reader && !writer && // fast checks, some r= edundant > + doneReading() && doneWriting(); > + } > +=20 > +@@ -608,10 +582,7 @@ void Adaptation::Icap::Xaction::setOutcome(const Adap= tation::Icap::XactOutcome & > + void Adaptation::Icap::Xaction::swanSong() > + { > + // kids should sing first and then call the parent method. > +- if (cs.valid()) { > +- debugs(93,6, HERE << id << " about to notify ConnOpener!"); > +- CallJobHere(93, 3, cs, Comm::ConnOpener, noteAbort); > +- cs =3D NULL; > ++ if (transportWait || encryptionWait) { > + service().noteConnectionFailed("abort"); > + } > +=20 > +@@ -750,20 +721,12 @@ Ssl::IcapPeerConnector::noteNegotiationDone(ErrorSta= te *error) > + void > + Adaptation::Icap::Xaction::handleSecuredPeer(Security::EncryptorAnswer &a= nswer) > + { > +- Must(securer !=3D NULL); > +- securer =3D NULL; > +- > +- if (closer !=3D NULL) { > +- if (Comm::IsConnOpen(answer.conn)) > +- comm_remove_close_handler(answer.conn->fd, closer); > +- else > +- closer->cancel("securing completed"); > +- closer =3D NULL; > +- } > ++ encryptionWait.finish(); > +=20 > ++ assert(!answer.tunneled); > + if (answer.error.get()) { > +- if (answer.conn !=3D NULL) > +- answer.conn->close(); > ++ assert(!answer.conn); > ++ // TODO: Refactor dieOnConnectionFailure() to be usable here as w= ell. > + debugs(93, 2, typeName << > + " TLS negotiation to " << service().cfg().uri << " failed"= ); > + service().noteConnectionFailed("failure"); > +@@ -774,8 +737,18 @@ Adaptation::Icap::Xaction::handleSecuredPeer(Security= ::EncryptorAnswer &answer) > +=20 > + debugs(93, 5, "TLS negotiation to " << service().cfg().uri << " compl= ete"); > +=20 > +- service().noteConnectionUse(answer.conn); > ++ assert(answer.conn); > ++ > ++ // The socket could get closed while our callback was queued. Sync > ++ // Connection. XXX: Connection::fd may already be stale/invalid here. > ++ if (answer.conn->isOpen() && fd_table[answer.conn->fd].closing()) { > ++ answer.conn->noteClosure(); > ++ service().noteConnectionFailed("external TLS connection closure"); > ++ static const auto d =3D MakeNamedErrorDetail("ICAP_XACT_SSL_CLOSE= "); > ++ detailError(d); > ++ throw TexcHere("external closure of the TLS ICAP service connecti= on"); > ++ } > +=20 > +- handleCommConnected(); > ++ useIcapConnection(answer.conn); > + } > +=20 > +diff --git a/src/adaptation/icap/Xaction.h b/src/adaptation/icap/Xaction.h > +index b66044594..31a6e22fc 100644 > +--- a/src/adaptation/icap/Xaction.h > ++++ b/src/adaptation/icap/Xaction.h > +@@ -12,6 +12,7 @@ > + #include "AccessLogEntry.h" > + #include "adaptation/icap/ServiceRep.h" > + #include "adaptation/Initiate.h" > ++#include "base/JobWait.h" > + #include "comm/ConnOpener.h" > + #include "error/forward.h" > + #include "HttpReply.h" > +@@ -20,6 +21,10 @@ > +=20 > + class MemBuf; > +=20 > ++namespace Ssl { > ++class IcapPeerConnector; > ++} > ++ > + namespace Adaptation > + { > + namespace Icap > +@@ -65,12 +70,12 @@ protected: > + virtual void start(); > + virtual void noteInitiatorAborted(); // TODO: move to Adaptation::Ini= tiate > +=20 > ++ /// starts sending/receiving ICAP messages > ++ virtual void startShoveling() =3D 0; > ++ > + // comm hanndlers; called by comm handler wrappers > +- virtual void handleCommConnected() =3D 0; > + virtual void handleCommWrote(size_t sz) =3D 0; > + virtual void handleCommRead(size_t sz) =3D 0; > +- virtual void handleCommTimedout(); > +- virtual void handleCommClosed(); > +=20 > + void handleSecuredPeer(Security::EncryptorAnswer &answer); > + /// record error detail if possible > +@@ -78,7 +83,6 @@ protected: > +=20 > + void openConnection(); > + void closeConnection(); > +- void dieOnConnectionFailure(); > + bool haveConnection() const; > +=20 > + void scheduleRead(); > +@@ -124,11 +128,13 @@ public: > + ServiceRep &service(); > +=20 > + private: > ++ void useTransportConnection(const Comm::ConnectionPointer &); > ++ void useIcapConnection(const Comm::ConnectionPointer &); > ++ void dieOnConnectionFailure(); > + void tellQueryAborted(); > + void maybeLog(); > +=20 > + protected: > +- Comm::ConnectionPointer connection; ///< ICAP server connection > + Adaptation::Icap::ServiceRep::Pointer theService; > +=20 > + SBuf readBuf; > +@@ -139,13 +145,8 @@ protected: > + bool ignoreLastWrite; > + bool waitingForDns; ///< expecting a ipcache_nbgethostbyname() callba= ck > +=20 > +- const char *stopReason; > +- > +- // active (pending) comm callbacks for the ICAP server connection > +- AsyncCall::Pointer connector; > + AsyncCall::Pointer reader; > + AsyncCall::Pointer writer; > +- AsyncCall::Pointer closer; > +=20 > + AccessLogEntry::Pointer alep; ///< icap.log entry > + AccessLogEntry &al; ///< short for *alep > +@@ -155,8 +156,16 @@ protected: > + timeval icap_tio_finish; /*time when the last byte of the ICAP resp= onsewas received*/ > +=20 > + private: > +- Comm::ConnOpener::Pointer cs; > +- AsyncCall::Pointer securer; ///< whether we are securing a connection > ++ /// waits for a transport connection to the ICAP server to be establi= shed/opened > ++ JobWait transportWait; > ++ > ++ /// waits for the established transport connection to be secured/encr= ypted > ++ JobWait encryptionWait; > ++ > ++ /// open and, if necessary, secured connection to the ICAP server (or= nil) > ++ Comm::ConnectionPointer connection; > ++ > ++ AsyncCall::Pointer closer; > + }; > +=20 > + } // namespace Icap > +diff --git a/src/base/AsyncJob.cc b/src/base/AsyncJob.cc > +index 3b9161e4a..111667d5d 100644 > +--- a/src/base/AsyncJob.cc > ++++ b/src/base/AsyncJob.cc > +@@ -20,11 +20,11 @@ > +=20 > + InstanceIdDefinitions(AsyncJob, "job"); > +=20 > +-AsyncJob::Pointer AsyncJob::Start(AsyncJob *j) > ++void > ++AsyncJob::Start(const Pointer &job) > + { > +- AsyncJob::Pointer job(j); > + CallJobHere(93, 5, job, AsyncJob, start); > +- return job; > ++ job->started_ =3D true; // it is the attempt that counts > + } > +=20 > + AsyncJob::AsyncJob(const char *aTypeName) : > +@@ -38,6 +38,7 @@ AsyncJob::~AsyncJob() > + { > + debugs(93,5, "AsyncJob destructed, this=3D" << this << > + " type=3D" << typeName << " [" << id << ']'); > ++ assert(!started_ || swanSang_); > + } > +=20 > + void AsyncJob::start() > +@@ -141,9 +142,16 @@ void AsyncJob::callEnd() > + AsyncCall::Pointer inCallSaved =3D inCall; > + void *thisSaved =3D this; > +=20 > ++ // TODO: Swallow swanSong() exceptions to reduce memory leaks. > ++ > ++ // Job callback invariant: swanSong() is (only) called for starte= d jobs. > ++ // Here to detect violations in kids that forgot to call our swan= Song(). > ++ assert(started_); > ++ > ++ swanSang_ =3D true; // it is the attempt that counts > + swanSong(); > +=20 > +- delete this; // this is the only place where the object is deleted > ++ delete this; // this is the only place where a started job is del= eted > +=20 > + // careful: this object does not exist any more > + debugs(93, 6, HERE << *inCallSaved << " ended " << thisSaved); > +diff --git a/src/base/AsyncJob.h b/src/base/AsyncJob.h > +index 4d685dff5..a46e30071 100644 > +--- a/src/base/AsyncJob.h > ++++ b/src/base/AsyncJob.h > +@@ -36,8 +36,13 @@ public: > + public: > + AsyncJob(const char *aTypeName); > +=20 > +- /// starts a freshly created job (i.e., makes the job asynchronous) > +- static Pointer Start(AsyncJob *job); > ++ /// Promises to start the configured job (eventually). The job is dee= med to > ++ /// be running asynchronously beyond this point, so the caller should= only > ++ /// access the job object via AsyncCalls rather than directly. > ++ /// > ++ /// swanSong() is only called for jobs for which this method has retu= rned > ++ /// successfully (i.e. without throwing). > ++ static void Start(const Pointer &job); > +=20 > + protected: > + // XXX: temporary method to replace "delete this" in jobs-in-transiti= on. > +@@ -62,6 +67,11 @@ public: > + /// called when the job throws during an async call > + virtual void callException(const std::exception &e); > +=20 > ++ /// process external request to terminate now (i.e. during this async= call) > ++ void handleStopRequest() { mustStop("externally aborted"); } > ++ > ++ const InstanceId id; ///< job identifier > ++ > + protected: > + // external destruction prohibited to ensure swanSong() is called > + virtual ~AsyncJob(); > +@@ -69,7 +79,9 @@ protected: > + const char *stopReason; ///< reason for forcing done() to be true > + const char *typeName; ///< kid (leaf) class name, for debugging > + AsyncCall::Pointer inCall; ///< the asynchronous call being handled, = if any > +- const InstanceId id; ///< job identifier > ++ > ++ bool started_ =3D false; ///< Start() has finished successfully > ++ bool swanSang_ =3D false; ///< swanSong() was called > + }; > +=20 > + #endif /* SQUID_ASYNC_JOB_H */ > +diff --git a/src/base/JobWait.cc b/src/base/JobWait.cc > +new file mode 100644 > +index 000000000..ba6832415 > +--- /dev/null > ++++ b/src/base/JobWait.cc > +@@ -0,0 +1,81 @@ > ++/* > ++ * Copyright (C) 1996-2020 The Squid Software Foundation and contributors > ++ * > ++ * Squid software is distributed under GPLv2+ license and includes > ++ * contributions from numerous individuals and organizations. > ++ * Please see the COPYING and CONTRIBUTORS files for details. > ++ */ > ++ > ++#include "squid.h" > ++#include "base/AsyncJobCalls.h" > ++#include "base/JobWait.h" > ++ > ++#include > ++#include > ++ > ++JobWaitBase::JobWaitBase() =3D default; > ++ > ++JobWaitBase::~JobWaitBase() > ++{ > ++ cancel("owner gone"); > ++} > ++ > ++void > ++JobWaitBase::start_(const AsyncJob::Pointer aJob, const AsyncCall::Pointe= r aCall) > ++{ > ++ // Invariant: The wait will be over. We cannot guarantee that the job= will > ++ // call the callback, of course, but we can check these prerequisites. > ++ assert(aCall); > ++ assert(aJob.valid()); > ++ > ++ // "Double" waiting state leads to conflicting/mismatching callbacks > ++ // detailed in finish(). Detect that bug ASAP. > ++ assert(!waiting()); > ++ > ++ assert(!callback_); > ++ assert(!job_); > ++ callback_ =3D aCall; > ++ job_ =3D aJob; > ++ > ++ AsyncJob::Start(job_.get()); > ++} > ++ > ++void > ++JobWaitBase::finish() > ++{ > ++ // Unexpected callbacks might result in disasters like secrets exposu= re, > ++ // data corruption, or expensive message routing mistakes when the ca= llback > ++ // info is applied to the wrong message part or acted upon prematurel= y. > ++ assert(waiting()); > ++ clear(); > ++} > ++ > ++void > ++JobWaitBase::cancel(const char *reason) > ++{ > ++ if (callback_) { > ++ callback_->cancel(reason); > ++ > ++ // Instead of AsyncJob, the class parameter could be Job. That wo= uld > ++ // avoid runtime child-to-parent CbcPointer conversion overheads,= but > ++ // complicate support for Jobs with virtual AsyncJob bases (GCC e= rror: > ++ // "pointer to member conversion via virtual base AsyncJob") and = also > ++ // cache-log "Job::handleStopRequest()" with a non-existent class= name. > ++ CallJobHere(callback_->debugSection, callback_->debugLevel, job_,= AsyncJob, handleStopRequest); > ++ > ++ clear(); > ++ } > ++} > ++ > ++void > ++JobWaitBase::print(std::ostream &os) const > ++{ > ++ // use a backarrow to emphasize that this is a callback: call24<-job6 > ++ if (callback_) > ++ os << callback_->id << "<-"; > ++ if (const auto rawJob =3D job_.get()) > ++ os << rawJob->id; > ++ else > ++ os << job_; // raw pointer of a gone job may still be useful for = triage > ++} > ++ > +diff --git a/src/base/JobWait.h b/src/base/JobWait.h > +new file mode 100644 > +index 000000000..6b1131331 > +--- /dev/null > ++++ b/src/base/JobWait.h > +@@ -0,0 +1,91 @@ > ++/* > ++ * Copyright (C) 1996-2021 The Squid Software Foundation and contributors > ++ * > ++ * Squid software is distributed under GPLv2+ license and includes > ++ * contributions from numerous individuals and organizations. > ++ * Please see the COPYING and CONTRIBUTORS files for details. > ++ */ > ++ > ++#ifndef SQUID_BASE_JOBWAIT_H > ++#define SQUID_BASE_JOBWAIT_H > ++ > ++#include "base/AsyncJob.h" > ++#include "base/CbcPointer.h" > ++ > ++#include > ++ > ++/// Manages waiting for an AsyncJob callback. Use type-safe JobWait inste= ad. > ++/// This base class does not contain code specific to the actual Job type. > ++class JobWaitBase > ++{ > ++public: > ++ JobWaitBase(); > ++ ~JobWaitBase(); > ++ > ++ /// no copying of any kind: each waiting context needs a dedicated As= yncCall > ++ JobWaitBase(JobWaitBase &&) =3D delete; > ++ > ++ explicit operator bool() const { return waiting(); } > ++ > ++ /// whether we are currently waiting for the job to call us back > ++ /// the job itself may be gone even if this returns true > ++ bool waiting() const { return bool(callback_); } > ++ > ++ /// ends wait (after receiving the call back) > ++ /// forgets the job which is likely to be gone by now > ++ void finish(); > ++ > ++ /// aborts wait (if any) before receiving the call back > ++ /// does nothing if we are not waiting > ++ void cancel(const char *reason); > ++ > ++ /// summarizes what we are waiting for (for debugging) > ++ void print(std::ostream &) const; > ++ > ++protected: > ++ /// starts waiting for the given job to call the given callback > ++ void start_(AsyncJob::Pointer, AsyncCall::Pointer); > ++ > ++private: > ++ /// the common part of finish() and cancel() > ++ void clear() { job_.clear(); callback_ =3D nullptr; } > ++ > ++ /// the job that we are waiting to call us back (or nil) > ++ AsyncJob::Pointer job_; > ++ > ++ /// the call we are waiting for the job_ to make (or nil) > ++ AsyncCall::Pointer callback_; > ++}; > ++ > ++/// Manages waiting for an AsyncJob callback. > ++/// Completes JobWaitBase by providing Job type-specific members. > ++template > ++class JobWait: public JobWaitBase > ++{ > ++public: > ++ typedef CbcPointer JobPointer; > ++ > ++ /// starts waiting for the given job to call the given callback > ++ void start(const JobPointer &aJob, const AsyncCall::Pointer &aCallbac= k) { > ++ start_(aJob, aCallback); > ++ typedJob_ =3D aJob; > ++ } > ++ > ++ /// \returns a cbdata pointer to the job we are waiting for (or nil) > ++ /// the returned pointer may be falsy, even if we are still waiting() > ++ JobPointer job() const { return waiting() ? typedJob_ : nullptr; } > ++ > ++private: > ++ /// nearly duplicates JobWaitBase::job_ but exposes the actual job ty= pe > ++ JobPointer typedJob_; > ++}; > ++ > ++inline > ++std::ostream &operator <<(std::ostream &os, const JobWaitBase &wait) > ++{ > ++ wait.print(os); > ++ return os; > ++} > ++ > ++#endif /* SQUID_BASE_JOBWAIT_H */ > ++ > +diff --git a/src/base/Makefile.am b/src/base/Makefile.am > +index c9564d755..374ea8798 100644 > +--- a/src/base/Makefile.am > ++++ b/src/base/Makefile.am > +@@ -34,6 +34,8 @@ libbase_la_SOURCES =3D \ > + Here.h \ > + InstanceId.cc \ > + InstanceId.h \ > ++ JobWait.cc \ > ++ JobWait.h \ > + Lock.h \ > + LookupTable.h \ > + LruMap.h \ > +diff --git a/src/base/forward.h b/src/base/forward.h > +index 3803e1ea0..46de97c8d 100644 > +--- a/src/base/forward.h > ++++ b/src/base/forward.h > +@@ -17,6 +17,7 @@ class ScopedId; > +=20 > + template class CbcPointer; > + template class RefCount; > ++template class JobWait; > +=20 > + typedef CbcPointer AsyncJobPointer; > + typedef RefCount CodeContextPointer; > +diff --git a/src/client_side.cc b/src/client_side.cc > +index b8d786423..4eb697696 100644 > +--- a/src/client_side.cc > ++++ b/src/client_side.cc > +@@ -503,6 +503,10 @@ httpRequestFree(void *data) > + /* This is a handler normally called by comm_close() */ > + void ConnStateData::connStateClosed(const CommCloseCbParams &) > + { > ++ if (clientConnection) { > ++ clientConnection->noteClosure(); > ++ // keep closed clientConnection for logging, clientdb cleanup, et= c. > ++ } > + deleteThis("ConnStateData::connStateClosed"); > + } > +=20 > +diff --git a/src/clients/FtpClient.cc b/src/clients/FtpClient.cc > +index 7874db121..afe7827dc 100644 > +--- a/src/clients/FtpClient.cc > ++++ b/src/clients/FtpClient.cc > +@@ -201,10 +201,6 @@ Ftp::Client::Client(FwdState *fwdState): > +=20 > + Ftp::Client::~Client() > + { > +- if (data.opener !=3D NULL) { > +- data.opener->cancel("Ftp::Client destructed"); > +- data.opener =3D NULL; > +- } > + data.close(); > +=20 > + safe_free(old_request); > +@@ -786,10 +782,10 @@ Ftp::Client::connectDataChannel() > + debugs(9, 3, "connecting to " << conn->remote); > +=20 > + typedef CommCbMemFunT Dialer; > +- data.opener =3D JobCallback(9, 3, Dialer, this, Ftp::Client::dataChan= nelConnected); > +- Comm::ConnOpener *cs =3D new Comm::ConnOpener(conn, data.opener, Conf= ig.Timeout.connect); > ++ AsyncCall::Pointer callback =3D JobCallback(9, 3, Dialer, this, Ftp::= Client::dataChannelConnected); > ++ const auto cs =3D new Comm::ConnOpener(conn, callback, Config.Timeout= .connect); > + cs->setHost(data.host); > +- AsyncJob::Start(cs); > ++ dataConnWait.start(cs, callback); > + } > +=20 > + bool > +@@ -811,10 +807,11 @@ void > + Ftp::Client::dataClosed(const CommCloseCbParams &) > + { > + debugs(9, 4, status()); > ++ if (data.conn) > ++ data.conn->noteClosure(); > + if (data.listenConn !=3D NULL) { > + data.listenConn->close(); > + data.listenConn =3D NULL; > +- // NP clear() does the: data.fd =3D -1; > + } > + data.clear(); > + } > +@@ -879,6 +876,8 @@ void > + Ftp::Client::ctrlClosed(const CommCloseCbParams &) > + { > + debugs(9, 4, status()); > ++ if (ctrl.conn) > ++ ctrl.conn->noteClosure(); > + ctrl.clear(); > + doneWithFwd =3D "ctrlClosed()"; // assume FwdState is monitoring too > + mustStop("Ftp::Client::ctrlClosed"); > +diff --git a/src/clients/FtpClient.h b/src/clients/FtpClient.h > +index ac8d22e18..4b2dd61d5 100644 > +--- a/src/clients/FtpClient.h > ++++ b/src/clients/FtpClient.h > +@@ -64,7 +64,6 @@ public: > + */ > + Comm::ConnectionPointer listenConn; > +=20 > +- AsyncCall::Pointer opener; ///< Comm opener handler callback. > + private: > + AsyncCall::Pointer closer; ///< Comm close handler callback > + }; > +@@ -205,6 +204,10 @@ protected: > + virtual void sentRequestBody(const CommIoCbParams &io); > + virtual void doneSendingRequestBody(); > +=20 > ++ /// Waits for an FTP data connection to the server to be established/= opened. > ++ /// This wait only happens in FTP passive mode (via PASV or EPSV). > ++ JobWait dataConnWait; > ++ > + private: > + bool parseControlReply(size_t &bytesUsed); > +=20 > +diff --git a/src/clients/FtpGateway.cc b/src/clients/FtpGateway.cc > +index 6a7d139ca..aeeaedb48 100644 > +--- a/src/clients/FtpGateway.cc > ++++ b/src/clients/FtpGateway.cc > +@@ -486,11 +486,9 @@ Ftp::Gateway::timeout(const CommTimeoutCbParams &io) > + flags.pasv_supported =3D false; > + debugs(9, DBG_IMPORTANT, "FTP Gateway timeout in SENT_PASV state"= ); > +=20 > +- // cancel the data connection setup. > +- if (data.opener !=3D NULL) { > +- data.opener->cancel("timeout"); > +- data.opener =3D NULL; > +- } > ++ // cancel the data connection setup, if any > ++ dataConnWait.cancel("timeout"); > ++ > + data.close(); > + } > +=20 > +@@ -1723,7 +1721,7 @@ void > + Ftp::Gateway::dataChannelConnected(const CommConnectCbParams &io) > + { > + debugs(9, 3, HERE); > +- data.opener =3D NULL; > ++ dataConnWait.finish(); > +=20 > + if (io.flag !=3D Comm::OK) { > + debugs(9, 2, HERE << "Failed to connect. Retrying via another met= hod."); > +@@ -2727,9 +2725,9 @@ Ftp::Gateway::mayReadVirginReplyBody() const > + return !doneWithServer(); > + } > +=20 > +-AsyncJob::Pointer > ++void > + Ftp::StartGateway(FwdState *const fwdState) > + { > +- return AsyncJob::Start(new Ftp::Gateway(fwdState)); > ++ AsyncJob::Start(new Ftp::Gateway(fwdState)); > + } > +=20 > +diff --git a/src/clients/FtpRelay.cc b/src/clients/FtpRelay.cc > +index 8796a74c8..ce6ba3ba6 100644 > +--- a/src/clients/FtpRelay.cc > ++++ b/src/clients/FtpRelay.cc > +@@ -739,7 +739,7 @@ void > + Ftp::Relay::dataChannelConnected(const CommConnectCbParams &io) > + { > + debugs(9, 3, status()); > +- data.opener =3D NULL; > ++ dataConnWait.finish(); > +=20 > + if (io.flag !=3D Comm::OK) { > + debugs(9, 2, "failed to connect FTP server data channel"); > +@@ -804,9 +804,9 @@ Ftp::Relay::HandleStoreAbort(Relay *ftpClient) > + ftpClient->dataComplete(); > + } > +=20 > +-AsyncJob::Pointer > ++void > + Ftp::StartRelay(FwdState *const fwdState) > + { > +- return AsyncJob::Start(new Ftp::Relay(fwdState)); > ++ AsyncJob::Start(new Ftp::Relay(fwdState)); > + } > +=20 > +diff --git a/src/clients/HttpTunneler.cc b/src/clients/HttpTunneler.cc > +index 023a8586c..67a52e662 100644 > +--- a/src/clients/HttpTunneler.cc > ++++ b/src/clients/HttpTunneler.cc > +@@ -101,6 +101,11 @@ void > + Http::Tunneler::handleConnectionClosure(const CommCloseCbParams ¶ms) > + { > + closer =3D nullptr; > ++ if (connection) { > ++ countFailingConnection(); > ++ connection->noteClosure(); > ++ connection =3D nullptr; > ++ } > + bailWith(new ErrorState(ERR_CONNECT_FAIL, Http::scBadGateway, request= .getRaw(), al)); > + } > +=20 > +@@ -360,50 +365,64 @@ Http::Tunneler::bailWith(ErrorState *error) > + Must(error); > + answer().squidError =3D error; > +=20 > +- if (const auto p =3D connection->getPeer()) > +- peerConnectFailed(p); > ++ if (const auto failingConnection =3D connection) { > ++ // TODO: Reuse to-peer connections after a CONNECT error response. > ++ countFailingConnection(); > ++ disconnect(); > ++ failingConnection->close(); > ++ } > +=20 > + callBack(); > +- disconnect(); > +- > +- if (noteFwdPconnUse) > +- fwdPconnPool->noteUses(fd_table[connection->fd].pconn.uses); > +- // TODO: Reuse to-peer connections after a CONNECT error response. > +- connection->close(); > +- connection =3D nullptr; > + } > +=20 > + void > + Http::Tunneler::sendSuccess() > + { > + assert(answer().positive()); > +- callBack(); > ++ assert(Comm::IsConnOpen(connection)); > ++ answer().conn =3D connection; > + disconnect(); > ++ callBack(); > ++} > ++ > ++void > ++Http::Tunneler::countFailingConnection() > ++{ > ++ assert(connection); > ++ if (const auto p =3D connection->getPeer()) > ++ peerConnectFailed(p); > ++ if (noteFwdPconnUse && connection->isOpen()) > ++ fwdPconnPool->noteUses(fd_table[connection->fd].pconn.uses); > + } > +=20 > + void > + Http::Tunneler::disconnect() > + { > ++ const auto stillOpen =3D Comm::IsConnOpen(connection); > ++ > + if (closer) { > +- comm_remove_close_handler(connection->fd, closer); > ++ if (stillOpen) > ++ comm_remove_close_handler(connection->fd, closer); > + closer =3D nullptr; > + } > +=20 > + if (reader) { > +- Comm::ReadCancel(connection->fd, reader); > ++ if (stillOpen) > ++ Comm::ReadCancel(connection->fd, reader); > + reader =3D nullptr; > + } > +=20 > +- // remove connection timeout handler > +- commUnsetConnTimeout(connection); > ++ if (stillOpen) > ++ commUnsetConnTimeout(connection); > ++ > ++ connection =3D nullptr; // may still be open > + } > +=20 > + void > + Http::Tunneler::callBack() > + { > +- debugs(83, 5, connection << status()); > +- if (answer().positive()) > +- answer().conn =3D connection; > ++ debugs(83, 5, answer().conn << status()); > ++ assert(!connection); // returned inside answer() or gone > + auto cb =3D callback; > + callback =3D nullptr; > + ScheduleCallHere(cb); > +@@ -415,11 +434,10 @@ Http::Tunneler::swanSong() > + AsyncJob::swanSong(); > +=20 > + if (callback) { > +- if (requestWritten && tunnelEstablished) { > ++ if (requestWritten && tunnelEstablished && Comm::IsConnOpen(conne= ction)) { > + sendSuccess(); > + } else { > +- // we should have bailed when we discovered the job-killing p= roblem > +- debugs(83, DBG_IMPORTANT, "BUG: Unexpected state while establ= ishing a CONNECT tunnel " << connection << status()); > ++ // job-ending emergencies like handleStopRequest() or callExc= eption() > + bailWith(new ErrorState(ERR_GATEWAY_FAILURE, Http::scInternal= ServerError, request.getRaw(), al)); > + } > + assert(!callback); > +diff --git a/src/clients/HttpTunneler.h b/src/clients/HttpTunneler.h > +index c4c096fe7..e88d17610 100644 > +--- a/src/clients/HttpTunneler.h > ++++ b/src/clients/HttpTunneler.h > +@@ -87,6 +87,7 @@ protected: > + void handleResponse(const bool eof); > + void bailOnResponseError(const char *error, HttpReply *); > +=20 > ++private: > + /// sends the given error to the initiator > + void bailWith(ErrorState*); > +=20 > +@@ -96,12 +97,14 @@ protected: > + /// a bailWith(), sendSuccess() helper: sends results to the initiator > + void callBack(); > +=20 > +- /// a bailWith(), sendSuccess() helper: stops monitoring the connecti= on > ++ /// stops monitoring the connection > + void disconnect(); > +=20 > ++ /// updates connection usage history before the connection is closed > ++ void countFailingConnection(); > ++ > + TunnelerAnswer &answer(); > +=20 > +-private: > + AsyncCall::Pointer writer; ///< called when the request has been writ= ten > + AsyncCall::Pointer reader; ///< called when the response should be re= ad > + AsyncCall::Pointer closer; ///< called when the connection is being c= losed > +diff --git a/src/clients/forward.h b/src/clients/forward.h > +index 0351557da..82e5eb9bd 100644 > +--- a/src/clients/forward.h > ++++ b/src/clients/forward.h > +@@ -28,10 +28,10 @@ namespace Ftp > + { > +=20 > + /// A new FTP Gateway job > +-AsyncJobPointer StartGateway(FwdState *const fwdState); > ++void StartGateway(FwdState *const fwdState); > +=20 > + /// A new FTP Relay job > +-AsyncJobPointer StartRelay(FwdState *const fwdState); > ++void StartRelay(FwdState *const fwdState); > +=20 > + /** Construct an URI with leading / in PATH portion for use by CWD command > + * possibly others. FTP encodes absolute paths as beginning with '/' > +diff --git a/src/comm.cc b/src/comm.cc > +index 54ba16271..a0913f324 100644 > +--- a/src/comm.cc > ++++ b/src/comm.cc > +@@ -743,6 +743,10 @@ commCallCloseHandlers(int fd) > + // If call is not canceled schedule it for execution else ignore = it > + if (!call->canceled()) { > + debugs(5, 5, "commCallCloseHandlers: ch->handler=3D" << call); > ++ // XXX: Without the following code, callback fd may be -1. > ++ // typedef CommCloseCbParams Params; > ++ // auto ¶ms =3D GetCommParams(call); > ++ // params.fd =3D fd; > + ScheduleCallHere(call); > + } > + } > +@@ -1787,6 +1791,10 @@ DeferredReadManager::CloseHandler(const CommCloseCb= Params ¶ms) > + CbDataList *temp =3D (CbDataList *)params= .data; > +=20 > + temp->element.closer =3D NULL; > ++ if (temp->element.theRead.conn) { > ++ temp->element.theRead.conn->noteClosure(); > ++ temp->element.theRead.conn =3D nullptr; > ++ } > + temp->element.markCancelled(); > + } > +=20 > +@@ -1860,6 +1868,11 @@ DeferredReadManager::kickARead(DeferredRead const &= aRead) > + if (aRead.cancelled) > + return; > +=20 > ++ // TODO: This check still allows theReader call with a closed theRead= .conn. > ++ // If a delayRead() caller has a close connection handler, then such = a call > ++ // would be useless and dangerous. If a delayRead() caller does not h= ave it, > ++ // then the caller will get stuck when an external connection closure= makes > ++ // aRead.cancelled (checked above) true. > + if (Comm::IsConnOpen(aRead.theRead.conn) && fd_table[aRead.theRead.co= nn->fd].closing()) > + return; > +=20 > +diff --git a/src/comm/ConnOpener.cc b/src/comm/ConnOpener.cc > +index dc376b778..19c1237ae 100644 > +--- a/src/comm/ConnOpener.cc > ++++ b/src/comm/ConnOpener.cc > +@@ -41,6 +41,14 @@ Comm::ConnOpener::ConnOpener(const Comm::ConnectionPoin= ter &c, const AsyncCall:: > + deadline_(squid_curtime + static_cast(ctimeout)) > + { > + debugs(5, 3, "will connect to " << c << " with " << ctimeout << " tim= eout"); > ++ assert(conn_); // we know where to go > ++ > ++ // Sharing a being-modified Connection object with the caller is dang= erous, > ++ // but we cannot ban (or even check for) that using existing APIs. We= do not > ++ // want to clone "just in case" because cloning is a bit expensive, a= nd most > ++ // callers already have a non-owned Connection object to give us. Unt= il the > ++ // APIs improve, we can only check that the connection is not open. > ++ assert(!conn_->isOpen()); > + } > +=20 > + Comm::ConnOpener::~ConnOpener() > +@@ -78,6 +86,10 @@ Comm::ConnOpener::swanSong() > + if (temporaryFd_ >=3D 0) > + closeFd(); > +=20 > ++ // did we abort while owning an open connection? > ++ if (conn_ && conn_->isOpen()) > ++ conn_->close(); > ++ > + // did we abort while waiting between retries? > + if (calls_.sleep_) > + cancelSleep(); > +@@ -131,9 +143,18 @@ Comm::ConnOpener::sendAnswer(Comm::Flag errFlag, int = xerrno, const char *why) > + " [" << callback_->id << ']' ); > + // TODO save the pconn to the pconnPool ? > + } else { > ++ assert(conn_); > ++ > ++ // free resources earlier and simplify recipients > ++ if (errFlag !=3D Comm::OK) > ++ conn_->close(); // may not be opened > ++ else > ++ assert(conn_->isOpen()); > ++ > + typedef CommConnectCbParams Params; > + Params ¶ms =3D GetCommParams(callback_); > + params.conn =3D conn_; > ++ conn_ =3D nullptr; // release ownership; prevent closure by us > + params.flag =3D errFlag; > + params.xerrno =3D xerrno; > + ScheduleCallHere(callback_); > +@@ -152,7 +173,7 @@ Comm::ConnOpener::sendAnswer(Comm::Flag errFlag, int x= errno, const char *why) > + void > + Comm::ConnOpener::cleanFd() > + { > +- debugs(5, 4, HERE << conn_ << " closing temp FD " << temporaryFd_); > ++ debugs(5, 4, conn_ << "; temp FD " << temporaryFd_); > +=20 > + Must(temporaryFd_ >=3D 0); > + fde &f =3D fd_table[temporaryFd_]; > +@@ -258,6 +279,7 @@ bool > + Comm::ConnOpener::createFd() > + { > + Must(temporaryFd_ < 0); > ++ assert(conn_); > +=20 > + // our initators signal abort by cancelling their callbacks > + if (callback_ =3D=3D NULL || callback_->canceled()) > +diff --git a/src/comm/ConnOpener.h b/src/comm/ConnOpener.h > +index 329d8a3c8..e1e60649d 100644 > +--- a/src/comm/ConnOpener.h > ++++ b/src/comm/ConnOpener.h > +@@ -19,16 +19,13 @@ > + namespace Comm > + { > +=20 > +-/** > +- * Async-opener of a Comm connection. > +- */ > ++/// Asynchronously opens a TCP connection. Returns CommConnectCbParams: e= ither > ++/// Comm::OK with an open connection or another Comm::Flag with a closed = one. > + class ConnOpener : public AsyncJob > + { > + CBDATA_CLASS(ConnOpener); > +=20 > + public: > +- void noteAbort() { mustStop("externally aborted"); } > +- > + typedef CbcPointer Pointer; > +=20 > + virtual bool doneAll() const; > +diff --git a/src/comm/Connection.cc b/src/comm/Connection.cc > +index 4e9719a01..9bc08da05 100644 > +--- a/src/comm/Connection.cc > ++++ b/src/comm/Connection.cc > +@@ -7,6 +7,7 @@ > + */ > +=20 > + #include "squid.h" > ++#include "base/JobWait.h" > + #include "CachePeer.h" > + #include "cbdata.h" > + #include "comm.h" > +@@ -60,26 +61,44 @@ Comm::Connection::~Connection() > + } > +=20 > + Comm::ConnectionPointer > +-Comm::Connection::cloneDestinationDetails() const > ++Comm::Connection::cloneProfile() const > + { > +- const ConnectionPointer c =3D new Comm::Connection; > +- c->setAddrs(local, remote); > +- c->peerType =3D peerType; > +- c->flags =3D flags; > +- c->peer_ =3D cbdataReference(getPeer()); > +- assert(!c->isOpen()); > +- return c; > +-} > ++ const ConnectionPointer clone =3D new Comm::Connection; > ++ auto &c =3D *clone; // optimization > ++ > ++ /* > ++ * Copy or excuse each data member. Excused members do not belong to a > ++ * Connection configuration profile because their values cannot be re= used > ++ * across (co-existing) Connection objects and/or are tied to their o= wn > ++ * object lifetime. > ++ */ > ++ > ++ c.setAddrs(local, remote); > ++ c.peerType =3D peerType; > ++ // fd excused > ++ c.tos =3D tos; > ++ c.nfmark =3D nfmark; > ++ c.nfConnmark =3D nfConnmark; > ++ // COMM_ORPHANED is not a part of connection opening instructions > ++ c.flags =3D flags & ~COMM_ORPHANED; > ++ // rfc931 is excused > ++ > ++#if USE_SQUID_EUI > ++ // These are currently only set when accepting connections and never = used > ++ // for establishing new ones, so this copying is currently in vain, b= ut, > ++ // technically, they can be a part of connection opening instructions. > ++ c.remoteEui48 =3D remoteEui48; > ++ c.remoteEui64 =3D remoteEui64; > ++#endif > +=20 > +-Comm::ConnectionPointer > +-Comm::Connection::cloneIdentDetails() const > +-{ > +- auto c =3D cloneDestinationDetails(); > +- c->tos =3D tos; > +- c->nfmark =3D nfmark; > +- c->nfConnmark =3D nfConnmark; > +- c->startTime_ =3D startTime_; > +- return c; > ++ // id excused > ++ c.peer_ =3D cbdataReference(getPeer()); > ++ // startTime_ excused > ++ // tlsHistory excused > ++ > ++ debugs(5, 5, this << " made " << c); > ++ assert(!c.isOpen()); > ++ return clone; > + } > +=20 > + void > +diff --git a/src/comm/Connection.h b/src/comm/Connection.h > +index 5b66943ba..40c22491d 100644 > +--- a/src/comm/Connection.h > ++++ b/src/comm/Connection.h > +@@ -77,13 +77,12 @@ public: > + /** Clear the connection properties and close any open socket. */ > + virtual ~Connection(); > +=20 > +- /// Create a new (closed) IDENT Connection object based on our from-S= quid > +- /// connection properties. > +- ConnectionPointer cloneIdentDetails() const; > ++ /// To prevent accidental copying of Connection objects that we start= ed to > ++ /// open or that are open, use cloneProfile() instead. > ++ Connection(const Connection &&) =3D delete; > +=20 > +- /// Create a new (closed) Connection object pointing to the same dest= ination > +- /// as this from-Squid connection. > +- ConnectionPointer cloneDestinationDetails() const; > ++ /// Create a new closed Connection with the same configuration as thi= s one. > ++ ConnectionPointer cloneProfile() const; > +=20 > + /// close the still-open connection when its last reference is gone > + void enterOrphanage() { flags |=3D COMM_ORPHANED; } > +@@ -140,17 +139,6 @@ public: > + virtual ScopedId codeContextGist() const override; > + virtual std::ostream &detailCodeContext(std::ostream &os) const overr= ide; > +=20 > +-private: > +- /** These objects may not be exactly duplicated. Use cloneIdentDetail= s() or > +- * cloneDestinationDetails() instead. > +- */ > +- Connection(const Connection &c); > +- > +- /** These objects may not be exactly duplicated. Use cloneIdentDetail= s() or > +- * cloneDestinationDetails() instead. > +- */ > +- Connection & operator =3D(const Connection &c); > +- > + public: > + /** Address/Port for the Squid end of a TCP link. */ > + Ip::Address local; > +diff --git a/src/comm/TcpAcceptor.cc b/src/comm/TcpAcceptor.cc > +index 341622e0f..510efa94f 100644 > +--- a/src/comm/TcpAcceptor.cc > ++++ b/src/comm/TcpAcceptor.cc > +@@ -206,7 +206,10 @@ void > + Comm::TcpAcceptor::handleClosure(const CommCloseCbParams &) > + { > + closer_ =3D NULL; > +- conn =3D NULL; > ++ if (conn) { > ++ conn->noteClosure(); > ++ conn =3D nullptr; > ++ } > + Must(done()); > + } > +=20 > +diff --git a/src/dns_internal.cc b/src/dns_internal.cc > +index e1f4d3ee7..72078c64e 100644 > +--- a/src/dns_internal.cc > ++++ b/src/dns_internal.cc > +@@ -872,6 +872,10 @@ static void > + idnsVCClosed(const CommCloseCbParams ¶ms) > + { > + nsvc * vc =3D (nsvc *)params.data; > ++ if (vc->conn) { > ++ vc->conn->noteClosure(); > ++ vc->conn =3D nullptr; > ++ } > + delete vc; > + } > +=20 > +diff --git a/src/eui/Eui48.h b/src/eui/Eui48.h > +index 11f4e51b1..9aab5bbb7 100644 > +--- a/src/eui/Eui48.h > ++++ b/src/eui/Eui48.h > +@@ -29,10 +29,8 @@ class Eui48 > +=20 > + public: > + Eui48() { clear(); } > +- Eui48(const Eui48 &t) { memcpy(this, &t, sizeof(Eui48)); } > + bool operator=3D=3D (const Eui48 &t) const { return memcmp(eui, t.eui= , SZ_EUI48_BUF) =3D=3D 0; } > + bool operator< (const Eui48 &t) const { return memcmp(eui, t.eui, SZ_= EUI48_BUF) < 0; } > +- ~Eui48() {} > +=20 > + const unsigned char *get(void); > +=20 > +diff --git a/src/gopher.cc b/src/gopher.cc > +index 455220c2e..576a3f7b1 100644 > +--- a/src/gopher.cc > ++++ b/src/gopher.cc > +@@ -98,11 +98,8 @@ public: > + entry->lock("gopherState"); > + *replybuf =3D 0; > + } > +- ~GopherStateData() {if(buf) swanSong();} > +=20 > +- /* AsyncJob API emulated */ > +- void deleteThis(const char *aReason); > +- void swanSong(); > ++ ~GopherStateData(); > +=20 > + public: > + StoreEntry *entry; > +@@ -156,30 +153,18 @@ static void > + gopherStateFree(const CommCloseCbParams ¶ms) > + { > + GopherStateData *gopherState =3D (GopherStateData *)params.data; > +- > +- if (gopherState =3D=3D NULL) > +- return; > +- > +- gopherState->deleteThis("gopherStateFree"); > ++ // Assume that FwdState is monitoring and calls noteClosure(). See XX= X about > ++ // Connection sharing with FwdState in gopherStart(). > ++ delete gopherState; > + } > +=20 > +-void > +-GopherStateData::deleteThis(const char *) > +-{ > +- swanSong(); > +- delete this; > +-} > +- > +-void > +-GopherStateData::swanSong() > ++GopherStateData::~GopherStateData() > + { > + if (entry) > + entry->unlock("gopherState"); > +=20 > +- if (buf) { > ++ if (buf) > + memFree(buf, MEM_4K_BUF); > +- buf =3D nullptr; > +- } > + } > +=20 > + /** > +@@ -986,6 +971,7 @@ gopherStart(FwdState * fwd) > + return; > + } > +=20 > ++ // XXX: Sharing open Connection with FwdState that has its own handle= rs/etc. > + gopherState->serverConn =3D fwd->serverConnection(); > + gopherSendRequest(fwd->serverConnection()->fd, gopherState); > + AsyncCall::Pointer timeoutCall =3D commCbCall(5, 4, "gopherTimeout", > +diff --git a/src/ident/Ident.cc b/src/ident/Ident.cc > +index 50dc6baeb..3c3ae5e2f 100644 > +--- a/src/ident/Ident.cc > ++++ b/src/ident/Ident.cc > +@@ -11,6 +11,7 @@ > + #include "squid.h" > +=20 > + #if USE_IDENT > ++#include "base/JobWait.h" > + #include "comm.h" > + #include "comm/Connection.h" > + #include "comm/ConnOpener.h" > +@@ -53,8 +54,15 @@ public: > +=20 > + Comm::ConnectionPointer conn; > + MemBuf queryMsg; ///< the lookup message sent to IDENT server > +- IdentClient *clients; > ++ IdentClient *clients =3D nullptr; > + char buf[IDENT_BUFSIZE]; > ++ > ++ /// waits for a connection to the IDENT server to be established/open= ed > ++ JobWait connWait; > ++ > ++private: > ++ // use deleteThis() to destroy > ++ ~IdentStateData(); > + }; > +=20 > + CBDATA_CLASS_INIT(IdentStateData); > +@@ -73,8 +81,9 @@ static void ClientAdd(IdentStateData * state, IDCB * cal= lback, void *callback_da > + Ident::IdentConfig Ident::TheConfig; > +=20 > + void > +-Ident::IdentStateData::deleteThis(const char *) > ++Ident::IdentStateData::deleteThis(const char *reason) > + { > ++ debugs(30, 3, reason); > + swanSong(); > + delete this; > + } > +@@ -84,6 +93,10 @@ Ident::IdentStateData::swanSong() > + { > + if (clients !=3D NULL) > + notify(NULL); > ++} > ++ > ++Ident::IdentStateData::~IdentStateData() { > ++ assert(!clients); > +=20 > + if (Comm::IsConnOpen(conn)) { > + comm_remove_close_handler(conn->fd, Ident::Close, this); > +@@ -112,6 +125,10 @@ void > + Ident::Close(const CommCloseCbParams ¶ms) > + { > + IdentStateData *state =3D (IdentStateData *)params.data; > ++ if (state->conn) { > ++ state->conn->noteClosure(); > ++ state->conn =3D nullptr; > ++ } > + state->deleteThis("connection closed"); > + } > +=20 > +@@ -127,6 +144,16 @@ void > + Ident::ConnectDone(const Comm::ConnectionPointer &conn, Comm::Flag status= , int, void *data) > + { > + IdentStateData *state =3D (IdentStateData *)data; > ++ state->connWait.finish(); > ++ > ++ // Start owning the supplied connection (so that it is not orphaned i= f this > ++ // function bails early). As a (tiny) optimization or perhaps just di= ff > ++ // minimization, the close handler is added later, when we know we ar= e not > ++ // bailing. This delay is safe because comm_remove_close_handler() fo= rgives > ++ // missing handlers. > ++ assert(conn); // but may be closed > ++ assert(!state->conn); > ++ state->conn =3D conn; > +=20 > + if (status !=3D Comm::OK) { > + if (status =3D=3D Comm::TIMEOUT) > +@@ -149,8 +176,8 @@ Ident::ConnectDone(const Comm::ConnectionPointer &conn= , Comm::Flag status, int, > + return; > + } > +=20 > +- assert(conn !=3D NULL && conn =3D=3D state->conn); > +- comm_add_close_handler(conn->fd, Ident::Close, state); > ++ assert(state->conn->isOpen()); > ++ comm_add_close_handler(state->conn->fd, Ident::Close, state); > +=20 > + AsyncCall::Pointer writeCall =3D commCbCall(5,4, "Ident::WriteFeedbac= k", > + CommIoCbPtrFun(Ident::WriteFeedback, s= tate)); > +@@ -259,10 +286,10 @@ Ident::Start(const Comm::ConnectionPointer &conn, ID= CB * callback, void *data) > + state->hash.key =3D xstrdup(key); > +=20 > + // copy the conn details. We do not want the original FD to be re-use= d by IDENT. > +- state->conn =3D conn->cloneIdentDetails(); > ++ const auto identConn =3D conn->cloneProfile(); > + // NP: use random port for secure outbound to IDENT_PORT > +- state->conn->local.port(0); > +- state->conn->remote.port(IDENT_PORT); > ++ identConn->local.port(0); > ++ identConn->remote.port(IDENT_PORT); > +=20 > + // build our query from the original connection details > + state->queryMsg.init(); > +@@ -272,7 +299,8 @@ Ident::Start(const Comm::ConnectionPointer &conn, IDCB= * callback, void *data) > + hash_join(ident_hash, &state->hash); > +=20 > + AsyncCall::Pointer call =3D commCbCall(30,3, "Ident::ConnectDone", Co= mmConnectCbPtrFun(Ident::ConnectDone, state)); > +- AsyncJob::Start(new Comm::ConnOpener(state->conn, call, Ident::TheCon= fig.timeout)); > ++ const auto connOpener =3D new Comm::ConnOpener(identConn, call, Ident= ::TheConfig.timeout); > ++ state->connWait.start(connOpener, call); > + } > +=20 > + void > +diff --git a/src/log/TcpLogger.cc b/src/log/TcpLogger.cc > +index 2be2f6aea..3be1cc5db 100644 > +--- a/src/log/TcpLogger.cc > ++++ b/src/log/TcpLogger.cc > +@@ -256,13 +256,16 @@ Log::TcpLogger::doConnect() > +=20 > + typedef CommCbMemFunT Dialer; > + AsyncCall::Pointer call =3D JobCallback(MY_DEBUG_SECTION, 5, Dialer, = this, Log::TcpLogger::connectDone); > +- AsyncJob::Start(new Comm::ConnOpener(futureConn, call, 2)); > ++ const auto cs =3D new Comm::ConnOpener(futureConn, call, 2); > ++ connWait.start(cs, call); > + } > +=20 > + /// Comm::ConnOpener callback > + void > + Log::TcpLogger::connectDone(const CommConnectCbParams ¶ms) > + { > ++ connWait.finish(); > ++ > + if (params.flag !=3D Comm::OK) { > + const double delay =3D 0.5; // seconds > + if (connectFailures++ % 100 =3D=3D 0) { > +@@ -367,7 +370,10 @@ Log::TcpLogger::handleClosure(const CommCloseCbParams= &) > + { > + assert(inCall !=3D NULL); > + closer =3D NULL; > +- conn =3D NULL; > ++ if (conn) { > ++ conn->noteClosure(); > ++ conn =3D nullptr; > ++ } > + // in all current use cases, we should not try to reconnect > + mustStop("Log::TcpLogger::handleClosure"); > + } > +diff --git a/src/log/TcpLogger.h b/src/log/TcpLogger.h > +index 1be2113fe..ec7ca5f7b 100644 > +--- a/src/log/TcpLogger.h > ++++ b/src/log/TcpLogger.h > +@@ -10,6 +10,8 @@ > + #define _SQUID_SRC_LOG_TCPLOGGER_H > +=20 > + #include "base/AsyncJob.h" > ++#include "base/JobWait.h" > ++#include "comm/forward.h" > + #include "ip/Address.h" > +=20 > + #include > +@@ -103,6 +105,9 @@ private: > + Ip::Address remote; ///< where the remote logger expects our records > + AsyncCall::Pointer closer; ///< handles unexpected/external conn clos= ures > +=20 > ++ /// waits for a connection to the remote logger to be established/ope= ned > ++ JobWait connWait; > ++ > + uint64_t connectFailures; ///< number of sequential connection failur= es > + uint64_t drops; ///< number of records dropped during the current out= age > + }; > +diff --git a/src/mgr/Forwarder.cc b/src/mgr/Forwarder.cc > +index 8edba1d78..e4da4ca08 100644 > +--- a/src/mgr/Forwarder.cc > ++++ b/src/mgr/Forwarder.cc > +@@ -100,7 +100,11 @@ void > + Mgr::Forwarder::noteCommClosed(const CommCloseCbParams &) > + { > + debugs(16, 5, HERE); > +- conn =3D NULL; // needed? > ++ closer =3D nullptr; > ++ if (conn) { > ++ conn->noteClosure(); > ++ conn =3D nullptr; > ++ } > + mustStop("commClosed"); > + } > +=20 > +diff --git a/src/mgr/Inquirer.cc b/src/mgr/Inquirer.cc > +index ba41d7aa6..dea0452de 100644 > +--- a/src/mgr/Inquirer.cc > ++++ b/src/mgr/Inquirer.cc > +@@ -107,11 +107,14 @@ Mgr::Inquirer::noteWroteHeader(const CommIoCbParams&= params) > +=20 > + /// called when the HTTP client or some external force closed our socket > + void > +-Mgr::Inquirer::noteCommClosed(const CommCloseCbParams& params) > ++Mgr::Inquirer::noteCommClosed(const CommCloseCbParams &) > + { > + debugs(16, 5, HERE); > +- Must(!Comm::IsConnOpen(conn) && params.conn.getRaw() =3D=3D conn.getR= aw()); > +- conn =3D NULL; > ++ closer =3D nullptr; > ++ if (conn) { > ++ conn->noteClosure(); > ++ conn =3D nullptr; > ++ } > + mustStop("commClosed"); > + } > +=20 > +diff --git a/src/mgr/StoreToCommWriter.cc b/src/mgr/StoreToCommWriter.cc > +index e2cccec2f..d3cf73888 100644 > +--- a/src/mgr/StoreToCommWriter.cc > ++++ b/src/mgr/StoreToCommWriter.cc > +@@ -131,7 +131,11 @@ void > + Mgr::StoreToCommWriter::noteCommClosed(const CommCloseCbParams &) > + { > + debugs(16, 6, HERE); > +- Must(!Comm::IsConnOpen(clientConnection)); > ++ if (clientConnection) { > ++ clientConnection->noteClosure(); > ++ clientConnection =3D nullptr; > ++ } > ++ closer =3D nullptr; > + mustStop("commClosed"); > + } > +=20 > +diff --git a/src/security/PeerConnector.cc b/src/security/PeerConnector.cc > +index 4c1401f6e..494edabb8 100644 > +--- a/src/security/PeerConnector.cc > ++++ b/src/security/PeerConnector.cc > +@@ -89,9 +89,15 @@ Security::PeerConnector::start() > + void > + Security::PeerConnector::commCloseHandler(const CommCloseCbParams ¶ms) > + { > ++ debugs(83, 5, "FD " << params.fd << ", Security::PeerConnector=3D" <<= params.data); > ++ > + closeHandler =3D nullptr; > ++ if (serverConn) { > ++ countFailingConnection(); > ++ serverConn->noteClosure(); > ++ serverConn =3D nullptr; > ++ } > +=20 > +- debugs(83, 5, "FD " << params.fd << ", Security::PeerConnector=3D" <<= params.data); > + const auto err =3D new ErrorState(ERR_SECURE_CONNECT_FAIL, Http::scSe= rviceUnavailable, request.getRaw(), al); > + static const auto d =3D MakeNamedErrorDetail("TLS_CONNECT_CLOSE"); > + err->detailError(d); > +@@ -111,6 +117,8 @@ Security::PeerConnector::commTimeoutHandler(const Comm= TimeoutCbParams &) > + bool > + Security::PeerConnector::initialize(Security::SessionPointer &serverSessi= on) > + { > ++ Must(Comm::IsConnOpen(serverConnection())); > ++ > + Security::ContextPointer ctx(getTlsContext()); > + debugs(83, 5, serverConnection() << ", ctx=3D" << (void*)ctx.get()); > +=20 > +@@ -162,6 +170,8 @@ Security::PeerConnector::initialize(Security::SessionP= ointer &serverSession) > + void > + Security::PeerConnector::recordNegotiationDetails() > + { > ++ Must(Comm::IsConnOpen(serverConnection())); > ++ > + const int fd =3D serverConnection()->fd; > + Security::SessionPointer session(fd_table[fd].ssl); > +=20 > +@@ -180,6 +190,8 @@ Security::PeerConnector::recordNegotiationDetails() > + void > + Security::PeerConnector::negotiate() > + { > ++ Must(Comm::IsConnOpen(serverConnection())); > ++ > + const int fd =3D serverConnection()->fd; > + if (fd_table[fd].closing()) > + return; > +@@ -224,7 +236,7 @@ Security::PeerConnector::handleNegotiationResult(const= Security::IoResult &resul > + switch (result.category) { > + case Security::IoResult::ioSuccess: > + recordNegotiationDetails(); > +- if (sslFinalized()) > ++ if (sslFinalized() && callback) > + sendSuccess(); > + return; // we may be gone by now > +=20 > +@@ -252,6 +264,7 @@ Security::PeerConnector::sslFinalized() > + { > + #if USE_OPENSSL > + if (Ssl::TheConfig.ssl_crt_validator && useCertValidator_) { > ++ Must(Comm::IsConnOpen(serverConnection())); > + const int fd =3D serverConnection()->fd; > + Security::SessionPointer session(fd_table[fd].ssl); > +=20 > +@@ -295,6 +308,7 @@ void > + Security::PeerConnector::sslCrtvdHandleReply(Ssl::CertValidationResponse:= :Pointer validationResponse) > + { > + Must(validationResponse !=3D NULL); > ++ Must(Comm::IsConnOpen(serverConnection())); > +=20 > + ErrorDetail::Pointer errDetails; > + bool validatorFailed =3D false; > +@@ -317,7 +331,8 @@ Security::PeerConnector::sslCrtvdHandleReply(Ssl::Cert= ValidationResponse::Pointe > +=20 > + if (!errDetails && !validatorFailed) { > + noteNegotiationDone(NULL); > +- sendSuccess(); > ++ if (callback) > ++ sendSuccess(); > + return; > + } > +=20 > +@@ -343,6 +358,8 @@ Security::PeerConnector::sslCrtvdHandleReply(Ssl::Cert= ValidationResponse::Pointe > + Security::CertErrors * > + Security::PeerConnector::sslCrtvdCheckForErrors(Ssl::CertValidationRespon= se const &resp, ErrorDetail::Pointer &errDetails) > + { > ++ Must(Comm::IsConnOpen(serverConnection())); > ++ > + ACLFilledChecklist *check =3D NULL; > + Security::SessionPointer session(fd_table[serverConnection()->fd].ssl= ); > +=20 > +@@ -418,9 +435,11 @@ Security::PeerConnector::negotiateSsl() > + void > + Security::PeerConnector::noteWantRead() > + { > +- const int fd =3D serverConnection()->fd; > + debugs(83, 5, serverConnection()); > +=20 > ++ Must(Comm::IsConnOpen(serverConnection())); > ++ const int fd =3D serverConnection()->fd; > ++ > + // read timeout to avoid getting stuck while reading from a silent se= rver > + typedef CommCbMemFunT T= imeoutDialer; > + AsyncCall::Pointer timeoutCall =3D JobCallback(83, 5, > +@@ -434,8 +453,10 @@ Security::PeerConnector::noteWantRead() > + void > + Security::PeerConnector::noteWantWrite() > + { > +- const int fd =3D serverConnection()->fd; > + debugs(83, 5, serverConnection()); > ++ Must(Comm::IsConnOpen(serverConnection())); > ++ > ++ const int fd =3D serverConnection()->fd; > + Comm::SetSelect(fd, COMM_SELECT_WRITE, &NegotiateSsl, new Pointer(thi= s), 0); > + return; > + } > +@@ -452,57 +473,76 @@ Security::PeerConnector::noteNegotiationError(const = Security::ErrorDetailPointer > + bail(anErr); > + } > +=20 > ++Security::EncryptorAnswer & > ++Security::PeerConnector::answer() > ++{ > ++ assert(callback); > ++ const auto dialer =3D dynamic_cast(callback->getDialer()); > ++ assert(dialer); > ++ return dialer->answer(); > ++} > ++ > + void > + Security::PeerConnector::bail(ErrorState *error) > + { > + Must(error); // or the recepient will not know there was a problem > +- Must(callback !=3D NULL); > +- CbDialer *dialer =3D dynamic_cast(callback->getDialer()); > +- Must(dialer); > +- dialer->answer().error =3D error; > ++ answer().error =3D error; > +=20 > +- if (const auto p =3D serverConnection()->getPeer()) > +- peerConnectFailed(p); > ++ if (const auto failingConnection =3D serverConn) { > ++ countFailingConnection(); > ++ disconnect(); > ++ failingConnection->close(); > ++ } > +=20 > + callBack(); > +- disconnect(); > +- > +- if (noteFwdPconnUse) > +- fwdPconnPool->noteUses(fd_table[serverConn->fd].pconn.uses); > +- serverConn->close(); > +- serverConn =3D nullptr; > + } > +=20 > + void > + Security::PeerConnector::sendSuccess() > + { > +- callBack(); > ++ assert(Comm::IsConnOpen(serverConn)); > ++ answer().conn =3D serverConn; > + disconnect(); > ++ callBack(); > ++} > ++ > ++void > ++Security::PeerConnector::countFailingConnection() > ++{ > ++ assert(serverConn); > ++ if (const auto p =3D serverConn->getPeer()) > ++ peerConnectFailed(p); > ++ // TODO: Calling PconnPool::noteUses() should not be our responsibili= ty. > ++ if (noteFwdPconnUse && serverConn->isOpen()) > ++ fwdPconnPool->noteUses(fd_table[serverConn->fd].pconn.uses); > + } > +=20 > + void > + Security::PeerConnector::disconnect() > + { > ++ const auto stillOpen =3D Comm::IsConnOpen(serverConn); > ++ > + if (closeHandler) { > +- comm_remove_close_handler(serverConnection()->fd, closeHandler); > ++ if (stillOpen) > ++ comm_remove_close_handler(serverConn->fd, closeHandler); > + closeHandler =3D nullptr; > + } > +=20 > +- commUnsetConnTimeout(serverConnection()); > ++ if (stillOpen) > ++ commUnsetConnTimeout(serverConn); > ++ > ++ serverConn =3D nullptr; > + } > +=20 > + void > + Security::PeerConnector::callBack() > + { > +- debugs(83, 5, "TLS setup ended for " << serverConnection()); > ++ debugs(83, 5, "TLS setup ended for " << answer().conn); > +=20 > + AsyncCall::Pointer cb =3D callback; > + // Do this now so that if we throw below, swanSong() assert that we _= tried_ > + // to call back holds. > + callback =3D NULL; // this should make done() true > +- CbDialer *dialer =3D dynamic_cast(cb->getDialer()); > +- Must(dialer); > +- dialer->answer().conn =3D serverConnection(); > + ScheduleCallHere(cb); > + } > +=20 > +@@ -511,8 +551,9 @@ Security::PeerConnector::swanSong() > + { > + // XXX: unregister fd-closure monitoring and CommSetSelect interest, = if any > + AsyncJob::swanSong(); > +- if (callback !=3D NULL) { // paranoid: we have left the caller waiting > +- debugs(83, DBG_IMPORTANT, "BUG: Unexpected state while connecting= to a cache_peer or origin server"); > ++ > ++ if (callback) { > ++ // job-ending emergencies like handleStopRequest() or callExcepti= on() > + const auto anErr =3D new ErrorState(ERR_GATEWAY_FAILURE, Http::sc= InternalServerError, request.getRaw(), al); > + bail(anErr); > + assert(!callback); > +@@ -533,7 +574,7 @@ Security::PeerConnector::status() const > + buf.append("Stopped, reason:", 16); > + buf.appendf("%s",stopReason); > + } > +- if (serverConn !=3D NULL) > ++ if (Comm::IsConnOpen(serverConn)) > + buf.appendf(" FD %d", serverConn->fd); > + buf.appendf(" %s%u]", id.prefix(), id.value); > + buf.terminate(); > +@@ -581,15 +622,18 @@ Security::PeerConnector::startCertDownloading(SBuf &= url) > + PeerConnectorCertDownloaderDialer(&= Security::PeerConnector::certDownloadingDone, this)); > +=20 > + const auto dl =3D new Downloader(url, certCallback, XactionInitiator:= :initCertFetcher, certDownloadNestingLevel() + 1); > +- AsyncJob::Start(dl); > ++ certDownloadWait.start(dl, certCallback); > + } > +=20 > + void > + Security::PeerConnector::certDownloadingDone(SBuf &obj, int downloadStatu= s) > + { > ++ certDownloadWait.finish(); > ++ > + ++certsDownloads; > + debugs(81, 5, "Certificate downloading status: " << downloadStatus <<= " certificate size: " << obj.length()); > +=20 > ++ Must(Comm::IsConnOpen(serverConnection())); > + const auto &sconn =3D *fd_table[serverConnection()->fd].ssl; > +=20 > + // Parse Certificate. Assume that it is in DER format. > +@@ -642,6 +686,7 @@ Security::PeerConnector::certDownloadingDone(SBuf &obj= , int downloadStatus) > + void > + Security::PeerConnector::handleMissingCertificates(const Security::IoResu= lt &ioResult) > + { > ++ Must(Comm::IsConnOpen(serverConnection())); > + auto &sconn =3D *fd_table[serverConnection()->fd].ssl; > +=20 > + // We download the missing certificate(s) once. We would prefer to cl= ear > +diff --git a/src/security/PeerConnector.h b/src/security/PeerConnector.h > +index 942f8627a..10700d796 100644 > +--- a/src/security/PeerConnector.h > ++++ b/src/security/PeerConnector.h > +@@ -12,6 +12,7 @@ > + #include "acl/Acl.h" > + #include "base/AsyncCbdataCalls.h" > + #include "base/AsyncJob.h" > ++#include "base/JobWait.h" > + #include "CommCalls.h" > + #include "http/forward.h" > + #include "security/EncryptorAnswer.h" > +@@ -24,6 +25,7 @@ > + #include > +=20 > + class ErrorState; > ++class Downloader; > + class AccessLogEntry; > + typedef RefCount AccessLogEntryPointer; > +=20 > +@@ -152,6 +154,9 @@ protected: > + /// a bail(), sendSuccess() helper: stops monitoring the connection > + void disconnect(); > +=20 > ++ /// updates connection usage history before the connection is closed > ++ void countFailingConnection(); > ++ > + /// If called the certificates validator will not used > + void bypassCertValidator() {useCertValidator_ =3D false;} > +=20 > +@@ -159,6 +164,9 @@ protected: > + /// logging > + void recordNegotiationDetails(); > +=20 > ++ /// convenience method to get to the answer fields > ++ EncryptorAnswer &answer(); > ++ > + HttpRequestPointer request; ///< peer connection trigger or cause > + Comm::ConnectionPointer serverConn; ///< TCP connection to the peer > + AccessLogEntryPointer al; ///< info for the future access.log entry > +@@ -203,6 +211,8 @@ private: > +=20 > + /// outcome of the last (failed and) suspended negotiation attempt (o= r nil) > + Security::IoResultPointer suspendedError_; > ++ > ++ JobWait certDownloadWait; ///< waits for the missing cert= ificate to be downloaded > + }; > +=20 > + } // namespace Security > +diff --git a/src/security/forward.h b/src/security/forward.h > +index dce66e397..26225aae0 100644 > +--- a/src/security/forward.h > ++++ b/src/security/forward.h > +@@ -172,6 +172,7 @@ class ParsedOptions {}; // we never parse/use TLS opti= ons in this case > + typedef long ParsedPortFlags; > +=20 > + class PeerConnector; > ++class BlindPeerConnector; > + class PeerOptions; > +=20 > + #if USE_OPENSSL > +diff --git a/src/servers/FtpServer.cc b/src/servers/FtpServer.cc > +index 53f822d2f..e0a10b6b5 100644 > +--- a/src/servers/FtpServer.cc > ++++ b/src/servers/FtpServer.cc > +@@ -61,7 +61,7 @@ Ftp::Server::Server(const MasterXaction::Pointer &xact): > + dataConn(), > + uploadAvailSize(0), > + listener(), > +- connector(), > ++ dataConnWait(), > + reader(), > + waitingForOrigin(false), > + originDataDownloadAbortedOnError(false) > +@@ -1676,11 +1676,11 @@ Ftp::Server::checkDataConnPre() > +=20 > + // active transfer: open a data connection from Squid to client > + typedef CommCbMemFunT Dialer; > +- connector =3D JobCallback(17, 3, Dialer, this, Ftp::Server::connected= ForData); > +- Comm::ConnOpener *cs =3D new Comm::ConnOpener(dataConn, connector, > +- Config.Timeout.connect); > +- AsyncJob::Start(cs); > +- return false; // ConnStateData::processFtpRequest waits handleConnect= Done > ++ AsyncCall::Pointer callback =3D JobCallback(17, 3, Dialer, this, Ftp:= :Server::connectedForData); > ++ const auto cs =3D new Comm::ConnOpener(dataConn->cloneProfile(), call= back, > ++ Config.Timeout.connect); > ++ dataConnWait.start(cs, callback); > ++ return false; > + } > +=20 > + /// Check that client data connection is ready for immediate I/O. > +@@ -1698,18 +1698,22 @@ Ftp::Server::checkDataConnPost() const > + void > + Ftp::Server::connectedForData(const CommConnectCbParams ¶ms) > + { > +- connector =3D NULL; > ++ dataConnWait.finish(); > +=20 > + if (params.flag !=3D Comm::OK) { > +- /* it might have been a timeout with a partially open link */ > +- if (params.conn !=3D NULL) > +- params.conn->close(); > + setReply(425, "Cannot open data connection."); > + Http::StreamPointer context =3D pipeline.front(); > + Must(context->http); > + Must(context->http->storeEntry() !=3D NULL); > ++ // TODO: call closeDataConnection() to reset data conn processing? > + } else { > +- Must(dataConn =3D=3D params.conn); > ++ // Finalize the details and start owning the supplied connection. > ++ assert(params.conn); > ++ assert(dataConn); > ++ assert(!dataConn->isOpen()); > ++ dataConn =3D params.conn; > ++ // XXX: Missing comm_add_close_handler() to track external closur= es. > ++ > + Must(Comm::IsConnOpen(params.conn)); > + fd_note(params.conn->fd, "active client ftp data"); > + } > +diff --git a/src/servers/FtpServer.h b/src/servers/FtpServer.h > +index fb9ef9081..d67799827 100644 > +--- a/src/servers/FtpServer.h > ++++ b/src/servers/FtpServer.h > +@@ -11,8 +11,10 @@ > + #ifndef SQUID_SERVERS_FTP_SERVER_H > + #define SQUID_SERVERS_FTP_SERVER_H > +=20 > ++#include "base/JobWait.h" > + #include "base/Lock.h" > + #include "client_side.h" > ++#include "comm/forward.h" > +=20 > + namespace Ftp > + { > +@@ -188,7 +190,11 @@ private: > + size_t uploadAvailSize; ///< number of yet unused uploadBuf bytes > +=20 > + AsyncCall::Pointer listener; ///< set when we are passively listening > +- AsyncCall::Pointer connector; ///< set when we are actively connecting > ++ > ++ /// Waits for an FTP data connection to the client to be established/= opened. > ++ /// This wait only happens in FTP active mode (via PORT or EPRT). > ++ JobWait dataConnWait; > ++ > + AsyncCall::Pointer reader; ///< set when we are reading FTP data > +=20 > + /// whether we wait for the origin data transfer to end > +diff --git a/src/snmp/Forwarder.cc b/src/snmp/Forwarder.cc > +index 836eb5772..259bb0441 100644 > +--- a/src/snmp/Forwarder.cc > ++++ b/src/snmp/Forwarder.cc > +@@ -53,6 +53,7 @@ Snmp::Forwarder::noteCommClosed(const CommCloseCbParams&= params) > + { > + debugs(49, 5, HERE); > + Must(fd =3D=3D params.fd); > ++ closer =3D nullptr; > + fd =3D -1; > + mustStop("commClosed"); > + } > +@@ -68,8 +69,7 @@ void > + Snmp::Forwarder::handleException(const std::exception& e) > + { > + debugs(49, 3, HERE << e.what()); > +- if (fd >=3D 0) > +- sendError(SNMP_ERR_GENERR); > ++ sendError(SNMP_ERR_GENERR); > + Ipc::Forwarder::handleException(e); > + } > +=20 > +@@ -78,6 +78,10 @@ void > + Snmp::Forwarder::sendError(int error) > + { > + debugs(49, 3, HERE); > ++ > ++ if (fd < 0) > ++ return; // client gone > ++ > + Snmp::Request& req =3D static_cast(*request); > + req.pdu.command =3D SNMP_PDU_RESPONSE; > + req.pdu.errstat =3D error; > +diff --git a/src/snmp/Inquirer.cc b/src/snmp/Inquirer.cc > +index 9b6e34405..82f8c4475 100644 > +--- a/src/snmp/Inquirer.cc > ++++ b/src/snmp/Inquirer.cc > +@@ -88,7 +88,11 @@ Snmp::Inquirer::noteCommClosed(const CommCloseCbParams&= params) > + { > + debugs(49, 5, HERE); > + Must(!Comm::IsConnOpen(conn) || conn->fd =3D=3D params.conn->fd); > +- conn =3D NULL; > ++ closer =3D nullptr; > ++ if (conn) { > ++ conn->noteClosure(); > ++ conn =3D nullptr; > ++ } > + mustStop("commClosed"); > + } > +=20 > +@@ -102,6 +106,10 @@ void > + Snmp::Inquirer::sendResponse() > + { > + debugs(49, 5, HERE); > ++ > ++ if (!Comm::IsConnOpen(conn)) > ++ return; // client gone > ++ > + aggrPdu.fixAggregate(); > + aggrPdu.command =3D SNMP_PDU_RESPONSE; > + u_char buffer[SNMP_REQUEST_SIZE]; > +diff --git a/src/ssl/PeekingPeerConnector.cc b/src/ssl/PeekingPeerConnecto= r.cc > +index 9a4055355..89e45435b 100644 > +--- a/src/ssl/PeekingPeerConnector.cc > ++++ b/src/ssl/PeekingPeerConnector.cc > +@@ -27,18 +27,18 @@ CBDATA_NAMESPACED_CLASS_INIT(Ssl, PeekingPeerConnector= ); > + void switchToTunnel(HttpRequest *request, const Comm::ConnectionPointer &= clientConn, const Comm::ConnectionPointer &srvConn, const SBuf &preReadServer= Data); > +=20 > + void > +-Ssl::PeekingPeerConnector::cbCheckForPeekAndSpliceDone(Acl::Answer answer= , void *data) > ++Ssl::PeekingPeerConnector::cbCheckForPeekAndSpliceDone(const Acl::Answer = aclAnswer, void *data) > + { > + Ssl::PeekingPeerConnector *peerConnect =3D (Ssl::PeekingPeerConnector= *) data; > + // Use job calls to add done() checks and other job logic/protections. > +- CallJobHere1(83, 7, CbcPointer(peerConnect), Ss= l::PeekingPeerConnector, checkForPeekAndSpliceDone, answer); > ++ CallJobHere1(83, 7, CbcPointer(peerConnect), Ss= l::PeekingPeerConnector, checkForPeekAndSpliceDone, aclAnswer); > + } > +=20 > + void > +-Ssl::PeekingPeerConnector::checkForPeekAndSpliceDone(Acl::Answer answer) > ++Ssl::PeekingPeerConnector::checkForPeekAndSpliceDone(const Acl::Answer ac= lAnswer) > + { > +- const Ssl::BumpMode finalAction =3D answer.allowed() ? > +- static_cast(answer.k= ind): > ++ const Ssl::BumpMode finalAction =3D aclAnswer.allowed() ? > ++ static_cast(aclAnswe= r.kind): > + checkForPeekAndSpliceGuess(); > + checkForPeekAndSpliceMatched(finalAction); > + } > +@@ -106,10 +106,8 @@ Ssl::PeekingPeerConnector::checkForPeekAndSpliceMatch= ed(const Ssl::BumpMode acti > + splice =3D true; > + // Ssl Negotiation stops here. Last SSL checks for valid certific= ates > + // and if done, switch to tunnel mode > +- if (sslFinalized()) { > +- debugs(83,5, "Abort NegotiateSSL on FD " << serverConn->fd <<= " and splice the connection"); > ++ if (sslFinalized() && callback) > + callBack(); > +- } > + } > + } > +=20 > +@@ -272,8 +270,11 @@ Ssl::PeekingPeerConnector::startTunneling() > + auto b =3D SSL_get_rbio(session.get()); > + auto srvBio =3D static_cast(BIO_get_data(b)); > +=20 > ++ debugs(83, 5, "will tunnel instead of negotiating TLS"); > + switchToTunnel(request.getRaw(), clientConn, serverConn, srvBio->rBuf= Data()); > +- tunnelInsteadOfNegotiating(); > ++ answer().tunneled =3D true; > ++ disconnect(); > ++ callBack(); > + } > +=20 > + void > +@@ -397,13 +398,3 @@ Ssl::PeekingPeerConnector::serverCertificateVerified() > + } > + } > +=20 > +-void > +-Ssl::PeekingPeerConnector::tunnelInsteadOfNegotiating() > +-{ > +- Must(callback !=3D NULL); > +- CbDialer *dialer =3D dynamic_cast(callback->getDialer()); > +- Must(dialer); > +- dialer->answer().tunneled =3D true; > +- debugs(83, 5, "The SSL negotiation with server aborted"); > +-} > +- > +diff --git a/src/ssl/PeekingPeerConnector.h b/src/ssl/PeekingPeerConnector= .h > +index 3c86b887d..0145e77f9 100644 > +--- a/src/ssl/PeekingPeerConnector.h > ++++ b/src/ssl/PeekingPeerConnector.h > +@@ -51,7 +51,7 @@ public: > + void checkForPeekAndSplice(); > +=20 > + /// Callback function for ssl_bump acl check in step3 SSL bump step. > +- void checkForPeekAndSpliceDone(Acl::Answer answer); > ++ void checkForPeekAndSpliceDone(Acl::Answer); > +=20 > + /// Handles the final bumping decision. > + void checkForPeekAndSpliceMatched(const Ssl::BumpMode finalMode); > +@@ -67,7 +67,7 @@ public: > + void startTunneling(); > +=20 > + /// A wrapper function for checkForPeekAndSpliceDone for use with acl > +- static void cbCheckForPeekAndSpliceDone(Acl::Answer answer, void *dat= a); > ++ static void cbCheckForPeekAndSpliceDone(Acl::Answer, void *data); > +=20 > + private: > +=20 > +diff --git a/src/tests/stub_libcomm.cc b/src/tests/stub_libcomm.cc > +index 45aa6deb2..8fdb40bbd 100644 > +--- a/src/tests/stub_libcomm.cc > ++++ b/src/tests/stub_libcomm.cc > +@@ -22,9 +22,9 @@ void Comm::AcceptLimiter::kick() STUB > + #include "comm/Connection.h" > + Comm::Connection::Connection() STUB > + Comm::Connection::~Connection() STUB > +-Comm::ConnectionPointer Comm::Connection::cloneIdentDetails() const STUB_= RETVAL(nullptr) > +-Comm::ConnectionPointer Comm::Connection::cloneDestinationDetails() const= STUB_RETVAL(nullptr) > ++Comm::ConnectionPointer Comm::Connection::cloneProfile() const STUB_RETVA= L(nullptr) > + void Comm::Connection::close() STUB > ++void Comm::Connection::noteClosure() STUB > + CachePeer * Comm::Connection::getPeer() const STUB_RETVAL(NULL) > + void Comm::Connection::setPeer(CachePeer * p) STUB > + ScopedId Comm::Connection::codeContextGist() const STUB_RETVAL(id.detach(= )) > +diff --git a/src/tests/stub_libsecurity.cc b/src/tests/stub_libsecurity.cc > +index aa9cf0b36..176cf337e 100644 > +--- a/src/tests/stub_libsecurity.cc > ++++ b/src/tests/stub_libsecurity.cc > +@@ -9,6 +9,7 @@ > + #include "squid.h" > + #include "AccessLogEntry.h" > + #include "comm/Connection.h" > ++#include "Downloader.h" > + #include "HttpRequest.h" > +=20 > + #define STUB_API "security/libsecurity.la" > +@@ -88,7 +89,9 @@ void PeerConnector::bail(ErrorState *) STUB > + void PeerConnector::sendSuccess() STUB > + void PeerConnector::callBack() STUB > + void PeerConnector::disconnect() STUB > ++void PeerConnector::countFailingConnection() STUB > + void PeerConnector::recordNegotiationDetails() STUB > ++EncryptorAnswer &PeerConnector::answer() STUB_RETREF(EncryptorAnswer) > + } > +=20 > + #include "security/PeerOptions.h" > +diff --git a/src/tunnel.cc b/src/tunnel.cc > +index 386a0ecd6..4fc5abdef 100644 > +--- a/src/tunnel.cc > ++++ b/src/tunnel.cc > +@@ -11,6 +11,7 @@ > + #include "squid.h" > + #include "acl/FilledChecklist.h" > + #include "base/CbcPointer.h" > ++#include "base/JobWait.h" > + #include "CachePeer.h" > + #include "cbdata.h" > + #include "client_side.h" > +@@ -180,9 +181,6 @@ public: > + SBuf preReadClientData; > + SBuf preReadServerData; > + time_t startTime; ///< object creation time, before any peer selectio= n/connection attempts > +- /// Whether we are waiting for the CONNECT request/response exchange = with the peer. > +- bool waitingForConnectExchange; > +- HappyConnOpenerPointer connOpener; ///< current connection opening job > + ResolvedPeersPointer destinations; ///< paths for forwarding the requ= est > + bool destinationsFound; ///< At least one candidate path found > + /// whether another destination may be still attempted if the TCP con= nection > +@@ -191,10 +189,15 @@ public: > + // TODO: remove after fixing deferred reads in TunnelStateData::copyR= ead() > + CodeContext::Pointer codeContext; ///< our creator context > +=20 > +- // AsyncCalls which we set and may need cancelling. > +- struct { > +- AsyncCall::Pointer connector; ///< a call linking us to the Conn= Opener producing serverConn. > +- } calls; > ++ /// waits for a transport connection to the peer to be established/op= ened > ++ JobWait transportWait; > ++ > ++ /// waits for the established transport connection to be secured/encr= ypted > ++ JobWait encryptionWait; > ++ > ++ /// waits for an HTTP CONNECT tunnel through a cache_peer to be negot= iated > ++ /// over the (encrypted, if needed) transport connection to that cach= e_peer > ++ JobWait peerWait; > +=20 > + void copyRead(Connection &from, IOCB *completion); > +=20 > +@@ -212,12 +215,6 @@ public: > + /// when all candidate destinations have been tried and all have fail= ed > + void noteConnection(HappyConnOpenerAnswer &); > +=20 > +- /// whether we are waiting for HappyConnOpener > +- /// same as calls.connector but may differ from connOpener.valid() > +- bool opening() const { return connOpener.set(); } > +- > +- void cancelOpening(const char *reason); > +- > + /// Start using an established connection > + void connectDone(const Comm::ConnectionPointer &conn, const char *ori= gin, const bool reused); > +=20 > +@@ -266,6 +263,9 @@ private: > +=20 > + /// \returns whether the request should be retried (nil) or the descr= iption why it should not > + const char *checkRetry(); > ++ /// whether the successfully selected path destination or the establi= shed > ++ /// server connection is still in use > ++ bool usingDestination() const; > +=20 > + /// details of the "last tunneling attempt" failure (if it failed) > + ErrorState *savedError =3D nullptr; > +@@ -275,6 +275,8 @@ private: > +=20 > + void deleteThis(); > +=20 > ++ void cancelStep(const char *reason); > ++ > + public: > + bool keepGoingAfterRead(size_t len, Comm::Flag errcode, int xerrno, C= onnection &from, Connection &to); > + void copy(size_t len, Connection &from, Connection &to, IOCB *); > +@@ -357,7 +359,6 @@ TunnelStateData::deleteThis() > +=20 > + TunnelStateData::TunnelStateData(ClientHttpRequest *clientRequest) : > + startTime(squid_curtime), > +- waitingForConnectExchange(false), > + destinations(new ResolvedPeers()), > + destinationsFound(false), > + retriable(true), > +@@ -390,8 +391,7 @@ TunnelStateData::~TunnelStateData() > + debugs(26, 3, "TunnelStateData destructed this=3D" << this); > + assert(noConnections()); > + xfree(url); > +- if (opening()) > +- cancelOpening("~TunnelStateData"); > ++ cancelStep("~TunnelStateData"); > + delete savedError; > + } > +=20 > +@@ -904,7 +904,10 @@ TunnelStateData::copyServerBytes() > + static void > + tunnelStartShoveling(TunnelStateData *tunnelState) > + { > +- assert(!tunnelState->waitingForConnectExchange); > ++ assert(!tunnelState->transportWait); > ++ assert(!tunnelState->encryptionWait); > ++ assert(!tunnelState->peerWait); > ++ > + assert(tunnelState->server.conn); > + AsyncCall::Pointer timeoutCall =3D commCbCall(5, 4, "tunnelTimeout", > + CommTimeoutCbPtrFun(tunnelTimeout, t= unnelState)); > +@@ -962,6 +965,7 @@ tunnelConnectedWriteDone(const Comm::ConnectionPointer= &conn, char *, size_t len > + void > + TunnelStateData::tunnelEstablishmentDone(Http::TunnelerAnswer &answer) > + { > ++ peerWait.finish(); > + server.len =3D 0; > +=20 > + if (logTag_ptr) > +@@ -970,13 +974,11 @@ TunnelStateData::tunnelEstablishmentDone(Http::Tunne= lerAnswer &answer) > + if (answer.peerResponseStatus !=3D Http::scNone) > + *status_ptr =3D answer.peerResponseStatus; > +=20 > +- waitingForConnectExchange =3D false; > +- > + auto sawProblem =3D false; > +=20 > + if (!answer.positive()) { > + sawProblem =3D true; > +- Must(!Comm::IsConnOpen(answer.conn)); > ++ assert(!answer.conn); > + } else if (!Comm::IsConnOpen(answer.conn) || fd_table[answer.conn->fd= ].closing()) { > + sawProblem =3D true; > + closePendingConnection(answer.conn, "conn was closed while waitin= g for tunnelEstablishmentDone"); > +@@ -1042,8 +1044,7 @@ tunnelErrorComplete(int fd/*const Comm::ConnectionPo= inter &*/, void *data, size_ > + void > + TunnelStateData::noteConnection(HappyConnOpener::Answer &answer) > + { > +- calls.connector =3D nullptr; > +- connOpener.clear(); > ++ transportWait.finish(); > +=20 > + ErrorState *error =3D nullptr; > + if ((error =3D answer.error.get())) { > +@@ -1167,7 +1168,7 @@ TunnelStateData::secureConnectionToPeer(const Comm::= ConnectionPointer &conn) > + AsyncCall::Pointer callback =3D asyncCall(5,4, "TunnelStateData::note= SecurityPeerConnectorAnswer", > + MyAnswerDialer(&TunnelStateDa= ta::noteSecurityPeerConnectorAnswer, this)); > + const auto connector =3D new Security::BlindPeerConnector(request, co= nn, callback, al); > +- AsyncJob::Start(connector); // will call our callback > ++ encryptionWait.start(connector, callback); > + } > +=20 > + /// starts a preparation step for an established connection; retries on f= ailures > +@@ -1194,9 +1195,12 @@ TunnelStateData::advanceDestination(const char *ste= pDescription, const Comm::Con > + void > + TunnelStateData::noteSecurityPeerConnectorAnswer(Security::EncryptorAnswe= r &answer) > + { > ++ encryptionWait.finish(); > ++ > + ErrorState *error =3D nullptr; > ++ assert(!answer.tunneled); > + if ((error =3D answer.error.get())) { > +- Must(!Comm::IsConnOpen(answer.conn)); > ++ assert(!answer.conn); > + answer.error.clear(); > + } else if (!Comm::IsConnOpen(answer.conn) || fd_table[answer.conn->fd= ].closing()) { > + error =3D new ErrorState(ERR_CANNOT_FORWARD, Http::scServiceUnava= ilable, request.getRaw(), al); > +@@ -1223,8 +1227,6 @@ TunnelStateData::connectedToPeer(const Comm::Connect= ionPointer &conn) > + void > + TunnelStateData::establishTunnelThruProxy(const Comm::ConnectionPointer &= conn) > + { > +- assert(!waitingForConnectExchange); > +- > + AsyncCall::Pointer callback =3D asyncCall(5,4, > + "TunnelStateData::tunnelEstab= lishmentDone", > + Http::Tunneler::CbDialer(&TunnelStateData::tunnelEstablishmentDone, this)); > +@@ -1232,9 +1234,7 @@ TunnelStateData::establishTunnelThruProxy(const Comm= ::ConnectionPointer &conn) > + #if USE_DELAY_POOLS > + tunneler->setDelayId(server.delayId); > + #endif > +- AsyncJob::Start(tunneler); > +- waitingForConnectExchange =3D true; > +- // and wait for the tunnelEstablishmentDone() call > ++ peerWait.start(tunneler, callback); > + } > +=20 > + void > +@@ -1252,14 +1252,14 @@ TunnelStateData::noteDestination(Comm::ConnectionP= ointer path) > +=20 > + destinations->addPath(path); > +=20 > +- if (Comm::IsConnOpen(server.conn)) { > ++ if (usingDestination()) { > + // We are already using a previously opened connection but also > + // receiving destinations in case we need to re-forward. > +- Must(!opening()); > ++ Must(!transportWait); > + return; > + } > +=20 > +- if (opening()) { > ++ if (transportWait) { > + notifyConnOpener(); > + return; // and continue to wait for tunnelConnectDone() callback > + } > +@@ -1289,17 +1289,23 @@ TunnelStateData::noteDestinationsEnd(ErrorState *s= electionError) > + // if all of them fail, tunneling as whole will fail > + Must(!selectionError); // finding at least one path means selection s= ucceeded > +=20 > +- if (Comm::IsConnOpen(server.conn)) { > ++ if (usingDestination()) { > + // We are already using a previously opened connection but also > + // receiving destinations in case we need to re-forward. > +- Must(!opening()); > ++ Must(!transportWait); > + return; > + } > +=20 > +- Must(opening()); // or we would be stuck with nothing to do or wait f= or > ++ Must(transportWait); // or we would be stuck with nothing to do or wa= it for > + notifyConnOpener(); > + } > +=20 > ++bool > ++TunnelStateData::usingDestination() const > ++{ > ++ return encryptionWait || peerWait || Comm::IsConnOpen(server.conn); > ++} > ++ > + /// remembers an error to be used if there will be no more connection att= empts > + void > + TunnelStateData::saveError(ErrorState *error) > +@@ -1320,8 +1326,7 @@ TunnelStateData::sendError(ErrorState *finalError, c= onst char *reason) > + if (request) > + request->hier.stopPeerClock(false); > +=20 > +- if (opening()) > +- cancelOpening(reason); > ++ cancelStep(reason); > +=20 > + assert(finalError); > +=20 > +@@ -1339,18 +1344,15 @@ TunnelStateData::sendError(ErrorState *finalError,= const char *reason) > + errorSend(client.conn, finalError); > + } > +=20 > +-/// Notify connOpener that we no longer need connections. We do not have = to do > +-/// this -- connOpener would eventually notice on its own, but notifying = reduces > +-/// waste and speeds up spare connection opening for other transactions (= that > +-/// could otherwise wait for this transaction to use its spare allowance). > ++/// Notify a pending subtask, if any, that we no longer need its help. We= do not > ++/// have to do this -- the subtask job will eventually end -- but ending = it > ++/// earlier reduces waste and may reduce DoS attack surface. > + void > +-TunnelStateData::cancelOpening(const char *reason) > ++TunnelStateData::cancelStep(const char *reason) > + { > +- assert(calls.connector); > +- calls.connector->cancel(reason); > +- calls.connector =3D nullptr; > +- notifyConnOpener(); > +- connOpener.clear(); > ++ transportWait.cancel(reason); > ++ encryptionWait.cancel(reason); > ++ peerWait.cancel(reason); > + } > +=20 > + void > +@@ -1360,15 +1362,14 @@ TunnelStateData::startConnecting() > + request->hier.startPeerClock(); > +=20 > + assert(!destinations->empty()); > +- assert(!opening()); > +- calls.connector =3D asyncCall(17, 5, "TunnelStateData::noteConnection= ", HappyConnOpener::CbDialer(&TunnelStateData::noteConnectio= n, this)); > +- const auto cs =3D new HappyConnOpener(destinations, calls.connector, = request, startTime, 0, al); > ++ assert(!usingDestination()); > ++ AsyncCall::Pointer callback =3D asyncCall(17, 5, "TunnelStateData::no= teConnection", HappyConnOpener::CbDialer(&TunnelStateData::n= oteConnection, this)); > ++ const auto cs =3D new HappyConnOpener(destinations, callback, request= , startTime, 0, al); > + cs->setHost(request->url.host()); > + cs->setRetriable(false); > + cs->allowPersistent(false); > + destinations->notificationPending =3D true; // start() is async > +- connOpener =3D cs; > +- AsyncJob::Start(cs); > ++ transportWait.start(cs, callback); > + } > +=20 > + /// send request on an existing connection dedicated to the requesting cl= ient > +@@ -1417,7 +1418,7 @@ TunnelStateData::Connection::setDelayId(DelayId cons= t &newDelay) > +=20 > + #endif > +=20 > +-/// makes sure connOpener knows that destinations have changed > ++/// makes sure connection opener knows that the destinations have changed > + void > + TunnelStateData::notifyConnOpener() > + { > +@@ -1425,7 +1426,7 @@ TunnelStateData::notifyConnOpener() > + debugs(17, 7, "reusing pending notification"); > + } else { > + destinations->notificationPending =3D true; > +- CallJobHere(17, 5, connOpener, HappyConnOpener, noteCandidatesCha= nge); > ++ CallJobHere(17, 5, transportWait.job(), HappyConnOpener, noteCand= idatesChange); > + } > + } > +=20 > +diff --git a/src/whois.cc b/src/whois.cc > +index 38dfbacde..306ea5c62 100644 > +--- a/src/whois.cc > ++++ b/src/whois.cc > +@@ -182,6 +182,7 @@ whoisClose(const CommCloseCbParams ¶ms) > + { > + WhoisState *p =3D (WhoisState *)params.data; > + debugs(75, 3, "whoisClose: FD " << params.fd); > ++ // We do not own a Connection. Assume that FwdState is also monitorin= g. > + p->entry->unlock("whoisClose"); > + delete p; > + } --===============6418012213838856182==--