From: wessels <>
Date: Tue, 10 Jul 2007 01:54:13 +0000 (+0000)
Subject: Added support for FreeBSD accept filters
X-Git-Tag: SQUID_3_0_PRE7~166
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cc9f92d4cf0d1a370d2b1ecda6fd20a261c4f6a7;p=thirdparty%2Fsquid.git

Added support for FreeBSD accept filters

ported from squid-2

Accept filters support will be enabled if the system defines the
SO_ACCEPTFILTER socket option.   A filter will be applied to Squid's
listen socket(s) if set with the 'accept_filter' directive in
squid.conf.

Typical use will be to apply the 'httpready' filter, which requires
loading the 'accf_http' kernel module.  The 'httpready' filter delays
passing new connection descriptors to Squid until a full HTTP request
is received.
---

diff --git a/src/cf.data.pre b/src/cf.data.pre
index df9e62bf09..e76a997f07 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.443 2007/06/27 04:26:12 hno Exp $
+# $Id: cf.data.pre,v 1.444 2007/07/09 19:54:13 wessels Exp $
 #
 # SQUID Web Proxy Cache		http://www.squid-cache.org/
 # ----------------------------------------------------------
@@ -5166,4 +5166,22 @@ Example:
 icap_access class_1 allow all
 DOC_END
 
+NAME: accept_filter
+IFDEF: SO_ACCEPTFILTER
+TYPE: string
+DEFAULT: none
+LOC: Config.accept_filter
+DOC_START
+	The name of an accept(2) filter to install on Squid's
+	listen socket(s).  This feature is perhaps specific to
+	FreeBSD and requires support in the kernel.
+
+	The 'httpready' filter delays delivering new connections
+	to Squid until a full HTTP request has been recieved.
+	See the accf_http(9) man page.
+
+EXAMPLE:
+accept_filter httpready
+DOC_END
+
 EOF
diff --git a/src/comm.cc b/src/comm.cc
index 2dd4a58a33..ce9767f486 100644
--- a/src/comm.cc
+++ b/src/comm.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: comm.cc,v 1.431 2007/05/26 06:38:04 wessels Exp $
+ * $Id: comm.cc,v 1.432 2007/07/09 19:54:13 wessels Exp $
  *
  * DEBUG: section 5     Socket Functions
  * AUTHOR: Harvest Derived
@@ -2050,6 +2050,19 @@ comm_listen(int sock) {
         return x;
     }
 
+#ifdef SO_ACCEPTFILTER
+    if (Config.accept_filter) {
+	struct accept_filter_arg afa;
+	bzero(&afa, sizeof(afa));
+	debug(5, 0) ("Installing accept filter '%s' on FD %d\n",
+	Config.accept_filter, sock);
+	xstrncpy(afa.af_name, Config.accept_filter, sizeof(afa.af_name));
+	x = setsockopt(sock, SOL_SOCKET, SO_ACCEPTFILTER, &afa, sizeof(afa));
+	if (x < 0)
+	    debug(5, 0) ("SO_ACCEPTFILTER '%s': %s\n", Config.accept_filter, xstrerror());
+    }
+#endif
+
     return sock;
 }
 
diff --git a/src/structs.h b/src/structs.h
index 9413663f4c..ddc23c1aae 100644
--- a/src/structs.h
+++ b/src/structs.h
@@ -1,6 +1,6 @@
 
 /*
- * $Id: structs.h,v 1.558 2007/05/29 13:31:41 amosjeffries Exp $
+ * $Id: structs.h,v 1.559 2007/07/09 19:54:13 wessels Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -737,6 +737,10 @@ struct _SquidConfig
 
     ssl_client;
 #endif
+
+#ifdef SO_ACCEPTFILTER
+    char *accept_filter;
+#endif
 };
 
 struct _SquidConfig2