Fixes/changes from 1.1, mostly clientdbCutoffDenied().

diff --git a/src/acl.cc b/src/acl.cc
index 36bf7540dd45d9d114ef19f214ce0602ed8c1836..249ab66ffea2acd7f9113a3b9b5407d9bf9f72bc 100644 (file)
--- a/src/acl.cc
+++ b/src/acl.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: acl.cc,v 1.145 1998/03/04 22:07:54 wessels Exp $
+ * $Id: acl.cc,v 1.146 1998/03/06 21:05:47 wessels Exp $
  *
  * DEBUG: section 28    Access Control
  * AUTHOR: Duane Wessels
@@ -399,10 +399,10 @@ aclParseIpData(const char *t)
        Q = &q;
        for (x = hp->h_addr_list; x != NULL && *x != NULL; x++) {
            if ((r = *Q) == NULL)
-               *Q = r = xcalloc(1, sizeof(struct _acl_ip_data));
+               r = *Q = xcalloc(1, sizeof(struct _acl_ip_data));
            xmemcpy(&r->addr1.s_addr, *x, sizeof(r->addr1.s_addr));
            r->addr2.s_addr = 0;
-           r->mask.s_addr = 0;
+           r->mask.s_addr = no_addr.s_addr;    /* 255.255.255.255 */
            Q = &r->next;
            debug(28, 3) ("%s --> %s\n", addr1, inet_ntoa(r->addr1));
        }

diff --git a/src/client_db.cc b/src/client_db.cc
index 2559ec7367a5bb6dd4f224d3f1a6f27977cff480..65887ac0e33e9a584d8c23acb9aae7072be69e83 100644 (file)
--- a/src/client_db.cc
+++ b/src/client_db.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_db.cc,v 1.21 1998/02/19 23:09:49 wessels Exp $
+ * $Id: client_db.cc,v 1.22 1998/03/06 21:05:48 wessels Exp $
  *
  * DEBUG: section 0     Client Database
  * AUTHOR: Duane Wessels
@@ -39,6 +39,11 @@ typedef struct _client_info {
        int result_hist[LOG_TYPE_MAX];
        int n_requests;
     } Http, Icp;
+    struct {
+       time_t time;
+       int n_req;
+       int n_denied;
+    } cutoff;
 } ClientInfo;
 
 static hash_table *client_table = NULL;
@@ -91,23 +96,48 @@ clientdbUpdate(struct in_addr addr, log_type log_type, protocol_t p)
     }
 }
 
+#define CUTOFF_SECONDS 3600
 int
-clientdbDeniedPercent(struct in_addr addr)
+clientdbCutoffDenied(struct in_addr addr)
 {
     char *key;
-    int n = 100;
+    int NR;
+    int ND;
+    double p;
     ClientInfo *c;
-    if (!Config.onoff.client_db)
+    if (!Config.Options.client_db)
        return 0;
     key = inet_ntoa(addr);
     c = (ClientInfo *) hash_lookup(client_table, key);
     if (c == NULL)
        return 0;
-    if (c->Icp.n_requests > 100)
-       n = c->Icp.n_requests;
-    return 100 * c->Icp.result_hist[LOG_UDP_DENIED] / n;
+    /*
+     * If we are in a cutoff window, we don't send a reply
+     */
+    if (squid_curtime - c->cutoff.time < CUTOFF_SECONDS)
+       return 1;
+    /*
+     * Calculate the percent of DENIED replies since the last
+     * cutoff time.
+     */
+    NR = c->Icp.n_requests - c->cutoff.n_req;
+    if (NR < 150)
+       NR = 150;
+    ND = c->Icp.result_hist[LOG_UDP_DENIED] - c->cutoff.n_denied;
+    p = 100.0 * ND / NR;
+    if (p < 95.0)
+       return 0;
+    debug(1, 0, "WARNING: Probable misconfigured neighbor at %s\n", key);
+    debug(1, 0, "WARNING: %d of the last %d ICP replies are DENIED\n", ND, NR);
+    debug(1, 0, "WARNING: No replies will be sent for the next %d seconds\n",
+       CUTOFF_SECONDS);
+    c->cutoff.time = squid_curtime;
+    c->cutoff.n_req = c->Icp.n_requests;
+    c->cutoff.n_denied = c->Icp.result_hist[LOG_UDP_DENIED];
+    return 1;
 }
 
+
 void
 clientdbDump(StoreEntry * sentry)
 {

diff --git a/src/icp_v2.cc b/src/icp_v2.cc
index c5f94bb8f1982061fea6be65fe1a1de641c5367b..aa95c75d86d23369b11ca7bbe46826172de3a596 100644 (file)
--- a/src/icp_v2.cc
+++ b/src/icp_v2.cc
@@ -167,17 +167,15 @@ icpHandleIcpV2(int fd, struct sockaddr_in from, char *buf, int len)
        if (!allow) {
            debug(12, 2) ("icpHandleIcpV2: Access Denied for %s by %s.\n",
                inet_ntoa(from.sin_addr), AclMatchedName);
-           if (clientdbDeniedPercent(from.sin_addr) < 95) {
-               reply = icpCreateMessage(ICP_DENIED, 0, url, header.reqnum, 0);
-               icpUdpSend(fd, &from, reply, LOG_UDP_DENIED, icp_request->protocol);
-           } else {
+           if (clientdbCutoffDenied(from.sin_addr)) {
                /*
                 * count this DENIED query in the clientdb, even though
                 * we're not sending an ICP reply...
                 */
-               clientdbUpdate(from.sin_addr,
-                   LOG_UDP_DENIED,
-                   Config.Port.icp);
+               clientdbUpdate(from.sin_addr, LOG_UDP_DENIED, Config.Port.icp);
+           } else {
+               reply = icpCreateMessage(ICP_DENIED, 0, url, header.reqnum, 0);
+               icpUdpSend(fd, &from, reply, LOG_UDP_DENIED, icp_request->protocol);
            }
            break;
        }

diff --git a/src/icp_v3.cc b/src/icp_v3.cc
index cbb9d5da495e84a7198e121a463914d4669fc6ea..f8dde47aa69d278cb8402bc245d26b15ea7fb664 100644 (file)
--- a/src/icp_v3.cc
+++ b/src/icp_v3.cc
@@ -36,17 +36,15 @@ icpHandleIcpV3(int fd, struct sockaddr_in from, char *buf, int len)
        if (!allow) {
            debug(12, 2) ("icpHandleIcpV3: Access Denied for %s by %s.\n",
                inet_ntoa(from.sin_addr), AclMatchedName);
-           if (clientdbDeniedPercent(from.sin_addr) < 95) {
-               reply = icpCreateMessage(ICP_DENIED, 0, url, header.reqnum, 0);
-               icpUdpSend(fd, &from, reply, LOG_UDP_DENIED, icp_request->protocol);
-           } else {
+           if (clientdbCutoffDenied(from.sin_addr)) {
                /*
                 * count this DENIED query in the clientdb, even though
                 * we're not sending an ICP reply...
                 */
-               clientdbUpdate(from.sin_addr,
-                   LOG_UDP_DENIED,
-                   Config.Port.icp);
+               clientdbUpdate(from.sin_addr, LOG_UDP_DENIED, Config.Port.icp);
+           } else {
+               reply = icpCreateMessage(ICP_DENIED, 0, url, header.reqnum, 0);
+               icpUdpSend(fd, &from, reply, LOG_UDP_DENIED, icp_request->protocol);
            }
            break;
        }

diff --git a/src/ipcache.cc b/src/ipcache.cc
index 266fdb6ee30624e8acbe9c14e98b0f183234b015..bc9b55a987eb0bbc8e7648acb4b8f3497c287b0a 100644 (file)
--- a/src/ipcache.cc
+++ b/src/ipcache.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: ipcache.cc,v 1.165 1998/03/05 00:42:57 wessels Exp $
+ * $Id: ipcache.cc,v 1.166 1998/03/06 21:05:50 wessels Exp $
  *
  * DEBUG: section 14    IP Cache
  * AUTHOR: Harvest Derived
@@ -316,8 +316,6 @@ static ipcache_entry *
 ipcache_create(const char *name)
 {
     static ipcache_entry *i;
-    if (meta_data.ipcache_count > ipcache_high)
-       ipcache_purgelru(NULL);
     meta_data.ipcache_count++;
     i = xcalloc(1, sizeof(ipcache_entry));
     i->name = xstrdup(name);

diff --git a/src/protos.h b/src/protos.h
index ad7d2cf87be7aa5ab5da211d2da15513a50b426b..bc9178ea17c4b098974d4c2c6da7c0e1093abf9a 100644 (file)
--- a/src/protos.h
+++ b/src/protos.h
@@ -70,7 +70,7 @@ extern void cbdataDump(StoreEntry *);
 
 extern void clientdbInit(void);
 extern void clientdbUpdate(struct in_addr, log_type, protocol_t);
-extern int clientdbDeniedPercent(struct in_addr);
+extern int clientdbCutoffDenied(struct in_addr);
 extern void clientdbDump(StoreEntry *);
 
 extern void clientAccessCheck(void *);