@@ -1,3 +1,8 @@

+Fri Apr  3 15:30:34 CEST 2009 (tk)

+----------------------------------

+ * freshclam: short-term blacklisting of faulty mirrors;

+	      better handling of 404 errors (bb#1516)

+

 Fri Apr  3 13:05:44 CEST 2009 (acab)

 ------------------------------------

  * shared/optparser.c, docs: limit options expressing sizes to

@@ -271,9 +271,9 @@ static int wwwconnect(const char *server, const char *proxy, int pport, char *ip

 	if(mdat && (ret = mirman_check(addr, rp->ai_family, mdat, &md))) {

 	    if(ret == 1)

-		logg("Ignoring mirror %s (due to previous errors)\n", ipaddr);

+		logg("*Ignoring mirror %s (due to previous errors)\n", ipaddr);

 	    else

-		logg("Ignoring mirror %s (has connected too many times with an outdated version)\n", ipaddr);

+		logg("*Ignoring mirror %s (has connected too many times with an outdated version)\n", ipaddr);

 	    ignored++;

 	    if(!loadbal || rp->ai_next)

@@ -364,9 +364,9 @@ static int wwwconnect(const char *server, const char *proxy, int pport, char *ip

 	ips++;

 	if(mdat && (ret = mirman_check(&((struct in_addr *) ia)->s_addr, AF_INET, mdat, NULL))) {

 	    if(ret == 1)

-		logg("Ignoring mirror %s (due to previous errors)\n", ipaddr);

+		logg("*Ignoring mirror %s (due to previous errors)\n", ipaddr);

 	    else

-		logg("Ignoring mirror %s (has connected too many times with an outdated version)\n", ipaddr);

+		logg("*Ignoring mirror %s (has connected too many times with an outdated version)\n", ipaddr);

 	    ignored++;

 	    continue;

 	}

@@ -405,7 +405,7 @@ static int wwwconnect(const char *server, const char *proxy, int pport, char *ip

 #endif

     if(mdat && can_whitelist && ips && (ips == ignored))

-	mirman_whitelist(mdat);

+	mirman_whitelist(mdat, 1);

     return -2;

 }

@@ -925,7 +925,7 @@ static struct cl_cvd *remote_cvdhead(const char *cvdfile, const char *localfile,

     if((strstr(buffer, "HTTP/1.1 404")) != NULL || (strstr(buffer, "HTTP/1.0 404")) != NULL) { 

 	logg("%cCVD file not found on remote server\n", logerr ? '!' : '^');

-	/* mirman_update(mdat->currip, mdat, 1); */

+	mirman_update(mdat->currip, mdat->af, mdat, 2);

 	return NULL;

     }

@@ -1085,7 +1085,7 @@ static int getfile(const char *srcfile, const char *destfile, const char *hostna

     /* check whether the resource actually existed or not */

     if((strstr(buffer, "HTTP/1.1 404")) != NULL || (strstr(buffer, "HTTP/1.0 404")) != NULL) { 

 	logg("^getfile: %s not found on remote server (IP: %s)\n", srcfile, ipaddr);

-	/* mirman_update(mdat->currip, mdat, 1); */

+	mirman_update(mdat->currip, mdat->af, mdat, 2);

 	closesocket(sd);

 	return 58;

     }

@@ -1192,6 +1192,7 @@ static int getcvd(const char *cvdfile, const char *newfile, const char *hostname

     if(cvd->version < newver) {

 	logg("^Mirror %s is not synchronized.\n", ip);

+	mirman_update(mdat->currip, mdat->af, mdat, 2);

     	cl_cvdfree(cvd);

 	unlink(newfile);

 	return 59;

@@ -1648,6 +1649,7 @@ static int updatedb(const char *dbname, const char *hostname, char *ip, int *sig

 	    cli_rmdirs(tmpdir);

 	    free(tmpdir);

 	    logg("^Incremental update failed, trying to download %s\n", cvdfile);

+	    mirman_whitelist(mdat, 2);

 	    ret = getcvd(cvdfile, newfile, hostname, ip, localip, proxy, port, user, pass, uas, newver, ctimeout, rtimeout, mdat, logerr, can_whitelist);

 	    if(ret) {

 		free(newfile);

@@ -62,7 +62,8 @@

 #endif

 #endif

-#define IGNTIME 3 * 86400

+#define IGNORE_LONG	3 * 86400

+#define IGNORE_SHORT	1800

 void mirman_free(struct mirdat *mdat)

 {

@@ -125,7 +126,7 @@ int mirman_check(uint32_t *ip, int af, struct mirdat *mdat, struct mirdat_ip **m

 	if((af == AF_INET && mdat->mirtab[i].ip4 == *ip) || (af == AF_INET6 && !memcmp(mdat->mirtab[i].ip6, ip, 4 * sizeof(uint32_t)))) {

-	    if(!mdat->mirtab[i].atime) {

+	    if(!mdat->mirtab[i].atime && !mdat->mirtab[i].ignore) {

 		if(md)

 		    *md = &mdat->mirtab[i];

 		return 0;

@@ -136,12 +137,20 @@ int mirman_check(uint32_t *ip, int af, struct mirdat *mdat, struct mirdat_ip **m

 		    return 2;

 	    if(mdat->mirtab[i].ignore) {

-		if(time(NULL) - mdat->mirtab[i].atime > IGNTIME) {

+		if(!mdat->mirtab[i].atime)

+		    return 1;

+

+		if(time(NULL) - mdat->mirtab[i].atime > IGNORE_LONG) {

 		    mdat->mirtab[i].ignore = 0;

 		    if(md)

 			*md = &mdat->mirtab[i];

 		    return 0;

 		} else {

+		    if(mdat->mirtab[i].ignore == 2 && (time(NULL) - mdat->mirtab[i].atime > IGNORE_SHORT)) {

+			if(md)

+			    *md = &mdat->mirtab[i];

+			return 0;

+		    }

 		    return 1;

 		}

 	    }

@@ -177,14 +186,18 @@ int mirman_update(uint32_t *ip, int af, struct mirdat *mdat, uint8_t broken)

 	else

 	    mdat->mirtab[i].succ++;

-	/*

-	 * If the total number of failures is less than 3 then never

-	 * enable the ignore flag, in other case use the real status.

-	 */

-	if(mdat->mirtab[i].fail < 3)

-	    mdat->mirtab[i].ignore = 0;

-	else

-	    mdat->mirtab[i].ignore = broken;

+	if(broken == 2) {

+	    mdat->mirtab[i].ignore = 2;

+	} else {

+	    /*

+	     * If the total number of failures is less than 3 then never

+	     * mark a permanent failure, in other case use the real status.

+	     */

+	    if(mdat->mirtab[i].fail < 3)

+		mdat->mirtab[i].ignore = 0;

+	    else

+		mdat->mirtab[i].ignore = broken;

+	}

     } else {

 	mdat->mirtab = (struct mirdat_ip *) realloc(mdat->mirtab, (mdat->num + 1) * sizeof(struct mirdat_ip));

@@ -201,7 +214,7 @@ int mirman_update(uint32_t *ip, int af, struct mirdat *mdat, uint8_t broken)

 	mdat->mirtab[mdat->num].atime = 0;

 	mdat->mirtab[mdat->num].succ = 0;

 	mdat->mirtab[mdat->num].fail = 0;

-	mdat->mirtab[mdat->num].ignore = 0;

+	mdat->mirtab[mdat->num].ignore = (broken == 2) ? 2 : 0;

 	memset(&mdat->mirtab[mdat->num].res, 0xff, sizeof(mdat->mirtab[mdat->num].res));

 	if(broken)

 	    mdat->mirtab[mdat->num].fail++;

@@ -241,13 +254,14 @@ void mirman_list(const struct mirdat *mdat)

     }

 }

-void mirman_whitelist(struct mirdat *mdat)

+void mirman_whitelist(struct mirdat *mdat, unsigned int mode)

 {

 	unsigned int i;

-    logg("Whitelisting all mirrors\n");

+    logg("*Whitelisting %s blacklisted mirrors\n", mode == 1 ? "all" : "short-term");

     for(i = 0; i < mdat->num; i++)

-	mdat->mirtab[i].ignore = 0;

+	if(mode == 1 || (mode == 2 && mdat->mirtab[i].ignore == 2))

+	    mdat->mirtab[i].ignore = 0;

 }

 int mirman_write(const char *file, struct mirdat *mdat)

@@ -44,7 +44,7 @@ int mirman_read(const char *file, struct mirdat *mdat, uint8_t active);

 int mirman_check(uint32_t *ip, int af, struct mirdat *mdat, struct mirdat_ip **md);

 int mirman_update(uint32_t *ip, int af, struct mirdat *mdat, uint8_t broken);

 void mirman_list(const struct mirdat *mdat);

-void mirman_whitelist(struct mirdat *mdat);

+void mirman_whitelist(struct mirdat *mdat, unsigned int mode);

 int mirman_write(const char *file, struct mirdat *mdat);

 void mirman_free(struct mirdat *mdat);