There is no actual logic change to this patch.
* Document what the myip/myport actually match and use the clearer
names of localip / localport.
* Cleanly upgrade the ACL types when old versions are seen.
* Rename all relevant code symbols to match the new names.
<p>New format <em>referrer</em> to log with the format prevously used by referer_log directive.
<p>New format <em>useragent</em> to log with the format prevously used by useragent_log directive.
- <tag>acl random</tag>
+ <tag>acl : random, localip, localport</tag>
<p>New type <em>random</em>. Pseudo-randomly match requests based on a configured probability.
+ <p>Renamed <em>myip</em> to <em>localip</em>. It matches the IP which the client connected to.
+ <p>Renamed <em>myport</em> to <em>localport</em>. It matches the port which the client connected to.
+ <p>The <em>localip</em>/<em>localport</em> differ from earlier releases where they matched a mix of
+ of an invalid IP and port 0, the client destination IP/port or the Squid listening IP/port.
+ This definition is now consistent across all modes of traffic received by Squid.
<tag>auth_param</tag>
<p>New options for Basic, Digest, NTLM, Negotiate <em>children</em> settings.
#include "acl/HttpStatus.h"
#include "acl/IntRange.h"
#include "acl/Ip.h"
+#include "acl/LocalIp.h"
+#include "acl/LocalPort.h"
#include "acl/MaxConnection.h"
#include "acl/MethodData.h"
#include "acl/Method.h"
-#include "acl/MyIp.h"
-#include "acl/MyPort.h"
#include "acl/MyPortName.h"
#include "acl/PeerName.h"
#include "acl/ProtocolData.h"
ACLMaxConnection ACLMaxConnection::RegistryEntry_("maxconn");
ACL::Prototype ACLMethod::RegistryProtoype(&ACLMethod::RegistryEntry_, "method");
ACLStrategised<HttpRequestMethod> ACLMethod::RegistryEntry_(new ACLMethodData, ACLMethodStrategy::Instance(), "method");
-ACL::Prototype ACLMyIP::RegistryProtoype(&ACLMyIP::RegistryEntry_, "myip");
-ACLMyIP ACLMyIP::RegistryEntry_;
-ACL::Prototype ACLMyPort::RegistryProtoype(&ACLMyPort::RegistryEntry_, "myport");
-ACLStrategised<int> ACLMyPort::RegistryEntry_(new ACLIntRange, ACLMyPortStrategy::Instance(), "myport");
+ACL::Prototype ACLLocatIP::RegistryProtoype(&ACLLocalIP::RegistryEntry_, "localip");
+ACLLocalIP ACLLocalIP::RegistryEntry_;
+ACL::Prototype ACLLocalPort::RegistryProtoype(&ACLLocalPort::RegistryEntry_, "localport");
+ACLStrategised<int> ACLLocalPort::RegistryEntry_(new ACLIntRange, ACLLocalPortStrategy::Instance(), "localport");
ACL::Prototype ACLMyPortName::RegistryProtoype(&ACLMyPortName::RegistryEntry_, "myportname");
ACLStrategised<const char *> ACLMyPortName::RegistryEntry_(new ACLStringData, ACLMyPortNameStrategy::Instance(), "myportname");
ACL::Prototype ACLPeerName::RegistryProtoype(&ACLPeerName::RegistryEntry_, "peername");
return;
}
- if (!Prototype::Registered (theType)) {
- debugs(28, 0, "aclParseAclLine: Invalid ACL type '" << theType << "'");
- parser.destruct();
- return;
- }
-
// Is this ACL going to work?
if (strcmp(theType, "myip") != 0) {
http_port_list *p = Config.Sockaddr.http;
debugs(28, DBG_CRITICAL, "WARNING: 'myip' ACL is not reliable for interception proxies. Please use 'myportname' instead.");
p = p->next;
}
+ debugs(28, DBG_WARNING, "UPGRADE: ACL 'myip' type is has been renamed to 'localip' and matches the IP the client connected to.");
+ theType = "localip";
} else if (strcmp(theType, "myport") != 0) {
http_port_list *p = Config.Sockaddr.http;
while (p) {
debugs(28, DBG_CRITICAL, "WARNING: 'myport' ACL is not reliable for interception proxies. Please use 'myportname' instead.");
p = p->next;
}
+ theType = "localport";
+ debugs(28, DBG_WARNING, "UPGRADE: ACL 'myport' type is has been renamed to 'localport' and matches the port the client connected to.");
+ }
+
+ if (!Prototype::Registered(theType)) {
+ debugs(28, DBG_CRITICAL, "FATAL: Invalid ACL type '" << theType << "'");
+ // XXX: make this an ERROR and skip the ACL creation. We *may* die later when its use is attempted. Or may not.
+ parser.destruct();
+ return;
}
if ((A = FindByName(aclname)) == NULL) {
*/
#include "squid.h"
-#include "acl/MyIp.h"
+#include "acl/LocalIp.h"
#include "acl/FilledChecklist.h"
char const *
-ACLMyIP::typeString() const
+ACLLocalIP::typeString() const
{
- return "myip";
+ return "localip";
}
int
-ACLMyIP::match(ACLChecklist *checklist)
+ACLLocalIP::match(ACLChecklist *checklist)
{
return ACLIP::match (Filled(checklist)->my_addr);
}
ACL *
-ACLMyIP::clone() const
+ACLLocalIP::clone() const
{
- return new ACLMyIP(*this);
+ return new ACLocalIP(*this);
}
* Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
*/
-#ifndef SQUID_ACLMYIP_H
-#define SQUID_ACLMYIP_H
+#ifndef SQUID_ACLLOCALIP_H
+#define SQUID_ACLLOCALIP_H
#include "acl/Ip.h"
/// \ingroup ACLAPI
-class ACLMyIP : public ACLIP
+class ACLLocalIP : public ACLIP
{
public:
- MEMPROXY_CLASS(ACLMyIP);
- static ACLMyIP const &RegistryEntry();
+ MEMPROXY_CLASS(ACLLocalIP);
+ static ACLLocalIP const &RegistryEntry();
virtual char const *typeString() const;
virtual int match(ACLChecklist *checklist);
private:
static Prototype RegistryProtoype;
- static ACLMyIP RegistryEntry_;
+ static ACLLocalIP RegistryEntry_;
};
-MEMPROXY_CLASS_INLINE(ACLMyIP);
+MEMPROXY_CLASS_INLINE(ACLLocalIP);
-#endif /* SQUID_ACLMYIP_H */
+#endif /* SQUID_ACLLOCALIP_H */
*/
#include "squid.h"
-#include "acl/MyPort.h"
+#include "acl/LocalPort.h"
#include "acl/IntRange.h"
#include "acl/Checklist.h"
int
-ACLMyPortStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+ACLLocalPortStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
{
return data->match (checklist->my_addr.GetPort());
}
-ACLMyPortStrategy *
-ACLMyPortStrategy::Instance()
+ACLLocalPortStrategy *
+ACLLocalPortStrategy::Instance()
{
return &Instance_;
}
-ACLMyPortStrategy ACLMyPortStrategy::Instance_;
+ACLLocalPortStrategy ACLLocalPortStrategy::Instance_;
* Copyright (c) 2003, Robert Collins <robertc@squid-cache.org>
*/
-#ifndef SQUID_ACLMYPORT_H
-#define SQUID_ACLMYPORT_H
+#ifndef SQUID_ACLLOCALPORT_H
+#define SQUID_ACLLOCALPORT_H
#include "acl/Strategy.h"
#include "acl/Strategised.h"
/// \ingroup ACLAPI
-class ACLMyPortStrategy : public ACLStrategy<int>
+class ACLLocalPortStrategy : public ACLStrategy<int>
{
public:
virtual int match (ACLData<MatchType> * &, ACLFilledChecklist *);
- static ACLMyPortStrategy *Instance();
+ static ACLLocalPortStrategy *Instance();
/**
* Not implemented to prevent copies of the instance.
\par
* Not private to prevent brain dead g+++ warnings about
* private constructors with no friends
*/
- ACLMyPortStrategy(ACLMyPortStrategy const &);
+ ACLLocalPortStrategy(ACLLocalPortStrategy const &);
private:
- static ACLMyPortStrategy Instance_;
- ACLMyPortStrategy() {}
+ static ACLLocalPortStrategy Instance_;
+ ACLLocalPortStrategy() {}
- ACLMyPortStrategy&operator=(ACLMyPortStrategy const &);
+ ACLLocalPortStrategy&operator=(ACLLocalPortStrategy const &);
};
/// \ingroup ACLAPI
-class ACLMyPort
+class ACLLocalPort
{
private:
static ACLStrategised<int> RegistryEntry_;
};
-#endif /* SQUID_ACLMYPORT_H */
+#endif /* SQUID_ACLLOCALPORT_H */
HttpStatus.h \
Ip.cc \
Ip.h \
+ LocalIp.cc \
+ LocalIp.h \
+ LocalPort.cc \
+ LocalPort.h \
MaxConnection.cc \
MaxConnection.h \
Method.cc \
MethodData.cc \
MethodData.h \
Method.h \
- MyIp.cc \
- MyIp.h \
- MyPort.cc \
- MyPort.h \
MyPortName.cc \
MyPortName.h \
PeerName.cc \
/* ACLMyPortName + ACLMyPeerName + ACLBrowser */
template class ACLStrategised<const char *>;
-/* ACLMyPort + ACLSslError */
+/* ACLLocalPort + ACLSslError */
template class ACLStrategised<int>;
***** ACL TYPES AVAILABLE *****
- acl aclname src ip-address/netmask ... # clients IP address [fast]
- acl aclname src addr1-addr2/netmask ... # range of addresses [fast]
- acl aclname dst ip-address/netmask ... # URL host's IP address [slow]
- acl aclname myip ip-address/netmask ... # local socket IP address [fast]
+ acl aclname src ip-address/mask ... # clients IP address [fast]
+ acl aclname src addr1-addr2/mask ... # range of addresses [fast]
+ acl aclname dst ip-address/mask ... # URL host's IP address [slow]
+ acl aclname localip ip-address/mask ... # IP address the client connected to [fast]
acl aclname arp mac-address ... (xx:xx:xx:xx:xx:xx notation)
# The arp ACL requires the special configure option --enable-arp-acl.
acl aclname port 80 70 21 0-1024... # destination TCP port [fast]
# ranges are alloed
- acl aclname myport 3128 ... # local socket TCP port [fast]
+ acl aclname localport 3128 ... # TCP port the client connected to [fast]
+ # NP: for interception mode this is usually '80'
+
acl aclname myportname 3128 ... # http(s)_port name [fast]
acl aclname proto HTTP FTP ... # request protocol [fast]
projects / thirdparty / squid.git / commitdiff
