Some status codes are illegal and will cause VRT_fail() when executed as
normal set instructions in VCL. But this test is bypassed when status is
set as a side effect of a `return (synth(code))` statement.

This patch applies the same rules as when executing a set-instruction to
the return(synth()) handling.

Fixes second part of: #3301

The compound statement doing return() in VCL may have failed for some
reason, for example running out of workspace while putting together the
reason field. The fail handling would be overwritten by the forced
handling at the end of the generated code for a return statement.

This patch adds a test for the failure condition before forcing the
handling to the result of the return statement.

Conflicts:
    lib/libvcc/vcc_action.c

In VCL we allow status codes larger then 999, and do modulo 1000 when
sending it to the client. But the code to apply the modulo was missing in
H/2.

This issue was uncovered and reported by @Francois-v3.

Fixes first case of: #3301

Conflicts:
    bin/varnishd/http2/cache_http2_deliver.c

Fixes: #3266

Fixes: #3273

Automated with Coccinelle, so the semantic patch could be reused in the
vtest project.

Closes #3238

Conflicts:
    lib/libvcc/vcc_compile.c
    bin/varnishd/proxy/cache_proxy_proto.c

Closes #3238

Conflicts:
    lib/libvarnishapi/libvarnishapi.map

it is not before we have parsed parameters

Conflicts:
    bin/varnishd/mgt/mgt_main.c

mgt_cli_askchild() as opposed to directly through mcf_askchild()),
a truncated CLI response is not a failure.

Fixes #3038

Conflicts:
    bin/varnishd/common/common_vsmw.c

Two new paramters allow the limit and than handling (ignore, warn, fail)
to be configured.

Fixes #2713

Wait for the stale object to become fully fetched, so that we can catch
fetch errors, before we unbusy the new object. This serves two
purposes. First it helps with request coalescing, and stops long chains of
IMS-updated short-TTL objects all streaming from a single slow body
fetch. Second it makes sure that all the object attributes are complete
when we copy them (this would be an issue for ie OA_GZIPBITS).

This patch OBE's r01646.vtc, and slightly patches r01648.vtc to expect a
503 instead of a 200 and a broken connection on the failing client.

Fixes: #3089

Conflicts:
    bin/varnishd/cache/cache_fetch.c

This VSL tag will be used for informational messages related to
exceptional handling of requests.

Conflicts:
    doc/sphinx/reference/vsl.rst

Log a notice message when delaying a conditional fetch and the stale
template object is still streaming.

Conflicts:
    bin/varnishd/cache/cache_fetch.c
    doc/sphinx/reference/vsl.rst

When doing a pass, we would remove the Age header from the backend, and
create a new one based on the time the fetch was initiated. This creates
problems when calculating the time to live in downstream caches (browser
cache or layered varnishes).

With this patch, the RFC_2616_Ttl calculation routine is run also for
passes, where the t_origin field of the object is adjusted for an incoming
Age header. This makes sure that the Age header generated during delivery
is correct. The rest of the Ttl calculation is skipped for passes,
including the logging of SLT_TTL "RFC".

Fixes: varnishcache/varnish-cache#3221

One time element function to rule and parse them all.

Change the return value to unsigned, to match with the expected data type
where it is used.

Handle very large numbers consistently. Currently it was converting from
unsigned long to int, which would throw away the most significant
bits. Now overly large integers will be capped at UINT_MAX.

Implement the "allow and ignore decimal point" behaviour that the Age
header parsing incorporated in rfc2616_time(). This way we will allow a
decimal points also in max-age and stale-while-revalidate parsing of
Cache-Control directives.

The change in u00011.vtc is the result of having two commands starting
with "pi", breaking auto-completion. Fortunately "pin\t" still does the
trick.

The assert on WS_ReserveSize() in ses_handle() can not trip because
sizeof (struct pool_task) is less than sizeof (struct waited). But to safe
guard against future problems if that were to change, this patch makes
sure that the session workspace can hold the largest of them before
entering the waiter, erroring out if not.

Currently, with the 505b7bd9 patch, when
calling WS_ReserveSize with bytes equal to the amount of workspace that is
currently available, it will return zero and mark overflow.

This patch redoes the patch, and changes it to return zero and overflow
only when the requested number of bytes is larger than what is available.

(cherry picked from commit 7da6220d)

Proxy TLVs claiming to have PP2_TYPE_SSL sub-TLVs without complete payload
would cause a Varnish assert. This patch fixes the parsing of the TLVs.

h2_init_sess can only be reached through H1 with either previous knowledge
or opportunistic upgrade. Because of this the proto_priv session attribute
will always be set before entry. This patch simplifies and removes dead
code containing a call to SES_Reserve_proto_priv.

Note: Better diff with the --ignore-all-space option

In h2_init_sess, an extra call was always made to SES_Reseve_proto_priv(),
even though it was already reserved. This wasted a pointer worth of
session workspace. This patch removes the extra call.

If proxy protocol is in use, it is possible to fill the session workspace
exactly before entering http1_new_session(), which will cause it to assert
when calling SES_Reserve_proto_priv().

with this patch we will close the session gracefully.

Ref varnishcache/varnish-cache#3145 / 287dc4a6

(cherry picked from commit d6dec031)

Ref varnishcache/varnish-cache#3145 / 287dc4a6

(cherry picked from commit e1a57eb7)

Patch by @ehocdet, commit message edited by @nigoroll:

The root cause of #3131 was misdiagnosed to the extent that, while this
change had prevented it, the root cause was a bug in WS_ReserveSize()
fixed in 505b7bd9

The previous tlv_string() code was correct except for the
fact that error handling should have checked for WS_ReserveSize(ctx->ws,
len+1) <= len (also spotted by @ehocdet).

Someone had mentioned at some point that we would not want to VRT_fail(),
but I think this must have been related to the proxy transport code, not
the proxy vmod.

Ref varnishcache/varnish-cache#3131

(cherry picked from commit e74f9e87)

Notes:

* for the acceptor, I think it makes sense to keep AN assertion (pun!)
  because varnish is not viable if the session workspace is too small
  to even hold the attributes initialized in the acceptor.

  If this was an issue, we should rather revisit the minimum values for
  the session workspace

* for h1 and h2 session setup, I have used XXXAN() because I am not sure
  how we should best handle allocation failures.

* The relevant bit, for now, is the proxy code which may allocate
  arbitrarily long TLV attributes, so this is the code for which we now
  actually handle errors and test that we do

On the vtc: I added the test to o00005.vtc because there existed a
previous overflow test from 267504b8,
but that only tested for the one case of a WS overflow which was already
handled.

Fixes varnishcache/varnish-cache#3145

(cherry picked from commit 287dc4a6)

(cherry picked from commit 815331b3)

This originates from a3d47c25, but
was overlooked in 4e333597:

When there is insufficient space to fulfil the reservation request, we
must not leave the workspace reserved.

Fixes varnishcache/varnish-cache#3131

(cherry picked from commit 505b7bd9)

(cherry picked from commit ed3b095c)

WS_ReserveSize() does not leave the workspace reserved when the
reservation fails, so WS_Release() must be called for retval > 0 only.

Besides the debug string, it is identical to WS_Reserve() except for

	assert(bytes > 0);

Follow-up varnishcache/varnish-cache#2967

Note: The WS_Reserve() function has not been deprecated as that can
potentially create problems for the build process of VMODs.

(cherry picked from commit 4e333597)

This works with gcc 6.3.0 and clang 3.8.1-24

The test for __GNUC__ is deliberately simple and might not catch all
compilers which would potentially support deprecation marks. While more
specifics could be added, the aim is to raise awareness with developers
and we consider it quite unlikely that anyone does not compile with one
of the main stream compilers at all.

(cherry picked from commit 1594037c)

... to un-confuse the interface

Notes on changes from WS_Reserve():

* Removed the first WS_Assert because all we change is ws->r and we got
  a specific assert on it.

* it follows from PAOK(ws->e) && PAOK(ws->f) in WS_Assert() that
  PAOK(ws->r) && PAOK(b), so we remove the PRNDDN()

Ref: varnishcache/varnish-cache#2967

(cherry picked from commit d001cdd2)