Identical functionality is provided through cache_peer_access.
While this check appears at face value to be simpler than ACLs, the
reality is that:
* the difference is simply the time it takes to initialize and destruct
an on-stack Checklist,
* processing the checks may take longer than ACLs (linked-list of string
comparisons vs single tree lookup),
* ACLs are the common case due to their extra flexibility, and
* extra work is being done per-transaction just to check which of the
two features is in use.
By removing we gain less code and configuration directives to work
around in the long term.
<sect1>Removed tags<label id="removedtags">
<p>
<descrip>
+ <tag>cache_peer_domain</tag>
+ <p>Superceded by <em>cache_peer_access</em>. Use dstdomain ACL
+ in the access control list to restrict domains requested.
+
<tag>refresh_pattern</tag>
<p>Option <em>ignore-auth</em> removed. Its original intent was
to improve caching. HTTP/1.1 permits caching of authenticated
#include "squid.h"
#include "acl/Gadgets.h"
#include "CachePeer.h"
-#include "CachePeerDomainList.h"
#include "defines.h"
#include "NeighborTypeDomainList.h"
#include "pconn.h"
host(NULL),
type(PEER_NONE),
http_port(CACHE_HTTP_PORT),
- peer_domain(NULL),
typelist(NULL),
access(NULL),
weight(1),
xfree(name);
xfree(host);
- while (CachePeerDomainList *l = peer_domain) {
- peer_domain = l->next;
- xfree(l->domain);
- xfree(l);
- }
-
while (NeighborTypeDomainList *l = typelist) {
typelist = l->next;
xfree(l->domain);
#include <openssl/ssl.h>
#endif
-class CachePeerDomainList;
class NeighborTypeDomainList;
class PconnPool;
class PeerDigest;
#endif
unsigned short http_port;
- CachePeerDomainList *peer_domain;
NeighborTypeDomainList *typelist;
acl_access *access;
+++ /dev/null
-/*
- * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
- *
- * Squid software is distributed under GPLv2+ license and includes
- * contributions from numerous individuals and organizations.
- * Please see the COPYING and CONTRIBUTORS files for details.
- */
-
-#ifndef SQUID_CACHEPEERDOMAINLIST_H_
-#define SQUID_CACHEPEERDOMAINLIST_H_
-
-/// representation of the cache_peer_domain list. POD.
-class CachePeerDomainList
-{
-public:
- char *domain;
- bool do_ping;
- CachePeerDomainList *next;
-};
-
-#endif /* SQUID_CACHEPEERDOMAINLIST_H_ */
-
CacheDigest.cc \
cache_manager.cc \
NeighborTypeDomainList.h \
- CachePeerDomainList.h \
CachePeer.cc \
CachePeer.h \
CacheManager.h \
#include "base/RunnersRegistry.h"
#include "cache_cf.h"
#include "CachePeer.h"
-#include "CachePeerDomainList.h"
#include "ConfigParser.h"
#include "CpuAffinityMap.h"
#include "DiskIO/DiskIOModule.h"
static void
dump_peer(StoreEntry * entry, const char *name, CachePeer * p)
{
- CachePeerDomainList *d;
NeighborTypeDomainList *t;
LOCAL_ARRAY(char, xname, 128);
p->name);
dump_peer_options(entry, p);
- for (d = p->peer_domain; d; d = d->next) {
- storeAppendPrintf(entry, "cache_peer_domain %s %s%s\n",
- p->host,
- d->do_ping ? null_string : "!",
- d->domain);
- }
-
if (p->access) {
snprintf(xname, 128, "cache_peer_access %s", p->name);
dump_acl_access(entry, xname, p->access);
aclParseAccessLine(directive.c_str(), LegacyParser, &p->access);
}
-static void
-parse_hostdomain(void)
-{
- char *host = NULL;
- char *domain = NULL;
-
- if (!(host = ConfigParser::NextToken()))
- self_destruct();
-
- while ((domain = ConfigParser::NextToken())) {
- CachePeerDomainList *l = NULL;
- CachePeerDomainList **L = NULL;
- CachePeer *p;
-
- if ((p = peerFindByName(host)) == NULL) {
- debugs(15, DBG_CRITICAL, "" << cfg_filename << ", line " << config_lineno << ": No cache_peer '" << host << "'");
- continue;
- }
-
- l = static_cast<CachePeerDomainList *>(xcalloc(1, sizeof(CachePeerDomainList)));
- l->do_ping = true;
-
- if (*domain == '!') { /* check for !.edu */
- l->do_ping = false;
- ++domain;
- }
-
- l->domain = xstrdup(domain);
-
- for (L = &(p->peer_domain); *L; L = &((*L)->next));
- *L = l;
- }
-}
-
static void
parse_hostdomaintype(void)
{
This option is not yet supported by Squid-3.
DOC_END
+# Options removed in 3.6
+NAME: cache_peer_domain cache_host_domain
+TYPE: obsolete
+DOC_START
+ Replace with dstdomain ACLs and cache_peer_access.
+DOC_END
+
# Options removed in 3.5
NAME: hierarchy_stoplist
TYPE: obsolete
DOC_END
-NAME: cache_peer_domain cache_host_domain
-TYPE: hostdomain
-DEFAULT: none
-LOC: none
-DOC_START
- Use to limit the domains for which a neighbor cache will be
- queried.
-
- Usage:
- cache_peer_domain cache-host domain [domain ...]
- cache_peer_domain cache-host !domain
-
- For example, specifying
-
- cache_peer_domain parent.foo.net .edu
-
- has the effect such that UDP query packets are sent to
- 'bigserver' only when the requested object exists on a
- server in the .edu domain. Prefixing the domainname
- with '!' means the cache will be queried for objects
- NOT in that domain.
-
- NOTE: * Any number of domains may be given for a cache-host,
- either on the same or separate lines.
- * When multiple domains are given for a particular
- cache-host, the first matched domain is applied.
- * Cache hosts with no domain restrictions are queried
- for all requests.
- * There are no defaults.
- * There is also a 'cache_peer_access' tag in the ACL
- section.
-DOC_END
-
NAME: cache_peer_access
TYPE: peer_access
DEFAULT: none
LOC: none
DOC_START
- Similar to 'cache_peer_domain' but provides more flexibility by
- using ACL elements.
+ Use to limit the requests for which a neighbor proxy will be
+ queried. Peers with no restrictions are queried for all requests.
Usage:
cache_peer_access cache-host allow|deny [!]aclname ...
The syntax is identical to 'http_access' and the other lists of
- ACL elements. See the comments for 'http_access' below, or
- the Squid FAQ (http://wiki.squid-cache.org/SquidFaq/SquidAcl).
+ ACL elements. See the comments for 'http_access', or the
+ Squid FAQ (http://wiki.squid-cache.org/SquidFaq/SquidAcl).
DOC_END
NAME: neighbor_type_domain
#include "anyp/PortCfg.h"
#include "CacheDigest.h"
#include "CachePeer.h"
-#include "CachePeerDomainList.h"
#include "comm/Connection.h"
#include "comm/ConnOpener.h"
#include "event.h"
peerAllowedToUse(const CachePeer * p, HttpRequest * request)
{
- const CachePeerDomainList *d = NULL;
assert(request != NULL);
if (neighborType(p, request) == PEER_SIBLING) {
if (p->options.originserver && request->method == Http::METHOD_CONNECT && request->port != p->in_addr.port())
return false;
- if (p->peer_domain == NULL && p->access == NULL)
- return true;
-
- bool do_ping = false;
- for (d = p->peer_domain; d; d = d->next) {
- if (0 == matchDomainName(request->GetHost(), d->domain)) {
- do_ping = d->do_ping;
- break;
- }
-
- do_ping = !d->do_ping;
- }
-
- if (p->peer_domain && !do_ping)
- return false;
-
if (p->access == NULL)
- return do_ping;
+ return true;
ACLFilledChecklist checklist(p->access, request, NULL);
static void
dump_peers(StoreEntry * sentry, CachePeer * peers)
{
- CachePeer *e = NULL;
char ntoabuf[MAX_IPSTRLEN];
- CachePeerDomainList *d = NULL;
icp_opcode op;
int i;
if (peers == NULL)
storeAppendPrintf(sentry, "There are no neighbors installed.\n");
- for (e = peers; e; e = e->next) {
+ for (CachePeer *e = peers; e; e = e->next) {
assert(e->host != NULL);
storeAppendPrintf(sentry, "\n%-11.11s: %s\n",
neighborTypeStr(e),
Time::FormatHttpd(e->stats.last_connect_failure));
}
- if (e->peer_domain != NULL) {
- storeAppendPrintf(sentry, "DOMAIN LIST: ");
-
- for (d = e->peer_domain; d; d = d->next) {
- storeAppendPrintf(sentry, "%s%s ",
- d->do_ping ? null_string : "!", d->domain);
- }
-
- storeAppendPrintf(sentry, "\n");
- }
-
storeAppendPrintf(sentry, "keep-alive ratio: %d%%\n", Math::intPercent(e->stats.n_keepalives_recv, e->stats.n_keepalives_sent));
}
}
projects / thirdparty / squid.git / commitdiff
