<article>
<title>Squid 3.0 release notes</title>
<author>Squid Developers</author>
-<date>$Id: release-3.0.sgml,v 1.2 2003/05/10 10:16:57 robertc Exp $</date>
+<date>$Id: release-3.0.sgml,v 1.3 2003/05/17 17:35:03 hno Exp $</date>
<abstract>
This document contains the release notes for version 3.0 of Squid.
<tag>header_replace</tag>This is now dependent on --disable-http-violations (Henrik Nordstrom)
<tag>email_err_data</tag>Allow disabling the data now embedded in the mailto links on Squid's ERR pages.
<tag>refresh_pattern</tag>Make the default refresh_pattern merely a suggested default. This is consistent with older Squid versions due to a bug in the "DEFAULT-IF-NONE" processing of refresh_pattern. (Henrik)
+<tag>reply_body_max_size</tag>No longer uses allow/deny. Instead it is specified as a size followed by acl elements. The size "none" can be used for no limit (the default)
</descrip>
<sect>Known limitations
/*
- * $Id: ACLChecklist.cc,v 1.10 2003/03/04 01:40:25 robertc Exp $
+ * $Id: ACLChecklist.cc,v 1.11 2003/05/17 17:35:03 hno Exp $
*
* DEBUG: section 28 Access Control
* AUTHOR: Duane Wessels
/* what is our result on a match? */
currentAnswer(accessList->allow);
/* does the current AND clause match */
- matchAclList(accessList->aclList);
+ matchAclListSlow(accessList->aclList);
}
void
{
checking_ = newValue;
}
+
+#ifndef _USE_INLINE_
+#include "ACLChecklist.cci"
+#endif
--- /dev/null
+/*
+ * $Id: ACLChecklist.cci,v 1.1 2003/05/17 17:35:03 hno Exp $
+ *
+ * DEBUG: none
+ * AUTHOR: Henrik Nordstrom
+ *
+ * SQUID Web Proxy Cache http://www.squid-cache.org/
+ * ----------------------------------------------------------
+ *
+ * Squid is the result of efforts by numerous individuals from
+ * the Internet community; see the CONTRIBUTORS file for full
+ * details. Many organizations have provided support for Squid's
+ * development; see the SPONSORS file for full details. Squid is
+ * Copyrighted (C) 2001 by the Regents of the University of
+ * California; see the COPYRIGHT file for full details. Squid
+ * incorporates software developed and/or copyrighted by other
+ * sources; see the CREDITS file for full details.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
+ *
+ */
+
+inline void matchAclListFast(const acl_list * list)
+{
+ matchAclList(list, true);
+ inline void matchAclListSlow(const acl_list * list) {
+ matchAclList(list, false);
/*
- * $Id: ACLChecklist.h,v 1.8 2003/02/25 12:22:33 robertc Exp $
+ * $Id: ACLChecklist.h,v 1.9 2003/05/17 17:35:03 hno Exp $
*
*
* SQUID Web Proxy Cache http://www.squid-cache.org/
void nonBlockingCheck(PF * callback, void *callback_data);
void checkCallback(allow_t answer);
- void matchAclList(const acl_list * list, bool const fast = false);
+ void matchAclListFast(const acl_list * list);
+ void matchAclListSlow(const acl_list * list);
ConnStateData *conn();
void conn(ConnStateData *);
int authenticated();
void markSourceDomainChecked();
private:
+ void matchAclList(const acl_list * list, bool const fast);
CBDATA_CLASS(ACLChecklist);
ConnStateData *conn_; /* hack for ident and NTLM */
bool async_;
#
# Makefile for the Squid Object Cache server
#
-# $Id: Makefile.am,v 1.73 2003/05/01 22:19:47 hno Exp $
+# $Id: Makefile.am,v 1.74 2003/05/17 17:35:03 hno Exp $
#
# Uncomment and customize the following to suit your needs:
#
acl.cc \
ACL.h \
ACLChecklist.cc \
+ ACLChecklist.cci \
ACLChecklist.h \
$(squid_ACLSOURCES) \
asn.cc \
/*
- * $Id: acl.cc,v 1.306 2003/02/25 12:24:33 robertc Exp $
+ * $Id: acl.cc,v 1.307 2003/05/17 17:35:05 hno Exp $
*
* DEBUG: section 28 Access Control
* AUTHOR: Duane Wessels
while (A) {
allow = A->allow;
- checklist->matchAclList(A->aclList, true);
+ checklist->matchAclListFast(A->aclList);
if (checklist->finished()) {
PROF_stop(aclCheckFast);
aclChecklistCreate(const acl_access * A, request_t * request, const char *ident)
{
ACLChecklist *checklist = new ACLChecklist;
- checklist->accessList = cbdataReference(A);
+
+ if (A)
+ checklist->accessList = cbdataReference(A);
if (request != NULL) {
checklist->request = requestLink(request);
/*
- * $Id: cache_cf.cc,v 1.440 2003/04/24 06:35:04 hno Exp $
+ * $Id: cache_cf.cc,v 1.441 2003/05/17 17:35:05 hno Exp $
*
* DEBUG: section 3 Configuration File Parsing
* AUTHOR: Harvest Derived
static int check_null_https_port_list(const https_port_list *);
#endif
#endif /* USE_SSL */
+static void parse_b_size_t(size_t * var);
void
self_destruct(void)
if ((token = strtok(NULL, w_space)) == NULL)
self_destruct();
+ if (strcmp(token, "none")) {
+ *bptr = static_cast<size_t>(1);
+ return;
+ }
+
d = xatof(token);
m = u; /* default to 'units' if none specified */
}
}
+CBDATA_TYPE(acl_size_t);
+
+static void
+dump_acl_b_size_t(StoreEntry * entry, const char *name, acl_size_t * head)
+{
+ acl_size_t *l;
+
+ for (l = head; l; l = l->next) {
+ if (l->size != static_cast<size_t>(-1))
+ storeAppendPrintf(entry, "%s %d %s\n", name, (int) l->size, B_BYTES_STR);
+ else
+ storeAppendPrintf(entry, "%s none", name);
+
+ dump_acl_list(entry, l->aclList);
+
+ storeAppendPrintf(entry, "\n");
+ }
+}
+
+static void
+freed_acl_b_size_t(void *data)
+{
+ acl_size_t *l = static_cast<acl_size_t *>(data);
+ aclDestroyAclList(&l->aclList);
+}
+
+static void
+parse_acl_b_size_t(acl_size_t ** head)
+{
+ acl_size_t *l;
+ acl_size_t **tail = head; /* sane name below */
+
+ CBDATA_INIT_TYPE_FREECB(acl_size_t, freed_acl_b_size_t);
+
+ l = cbdataAlloc(acl_size_t);
+
+ parse_b_size_t(&l->size);
+
+ aclParseAclList(&l->aclList);
+
+ while (*tail)
+ tail = &(*tail)->next;
+
+ *tail = l;
+}
+
+static void
+free_acl_b_size_t(acl_size_t ** head)
+{
+ while (*head) {
+ acl_size_t *l = *head;
+ *head = l->next;
+ l->next = NULL;
+ cbdataFree(l);
+ }
+}
+
#if DELAY_POOLS
#include "DelayPools.h"
parseBytesLine(var, B_BYTES_STR);
}
-CBDATA_TYPE(body_size);
-
-static void
-parse_body_size_t(dlink_list * bodylist)
-{
- body_size *bs;
- CBDATA_INIT_TYPE(body_size);
- bs = cbdataAlloc(body_size);
- parse_size_t(&bs->maxsize);
- aclParseAccessLine(&bs->access_list);
-
- dlinkAddTail(bs, &bs->node, bodylist);
-}
-
-static void
-dump_body_size_t(StoreEntry * entry, const char *name, dlink_list bodylist)
-{
- body_size *bs;
- bs = (body_size *) bodylist.head;
-
- while (bs) {
- acl_list *l;
- acl_access *head = bs->access_list;
-
- while (head != NULL) {
- storeAppendPrintf(entry, "%s %ld %s", name, (long int) bs->maxsize,
- head->allow ? "Allow" : "Deny");
-
- for (l = head->aclList; l != NULL; l = l->next) {
- storeAppendPrintf(entry, " %s%s",
- l->op ? null_string : "!",
- l->_acl->name);
- }
-
- storeAppendPrintf(entry, "\n");
- head = head->next;
- }
-
- bs = (body_size *) bs->node.next;
- }
-}
-
-static void
-free_body_size_t(dlink_list * bodylist)
-{
- body_size *bs, *tempnode;
- bs = (body_size *) bodylist->head;
-
- while (bs) {
- bs->maxsize = 0;
- aclDestroyAccessList(&bs->access_list);
- tempnode = (body_size *) bs->node.next;
- dlinkDelete(&bs->node, bodylist);
- cbdataFree(bs);
- bs = tempnode;
- }
-}
-
-static int
-check_null_body_size_t(dlink_list bodylist)
-{
- return bodylist.head == NULL;
-}
-
-
static void
parse_kb_size_t(size_t * var)
{
#
-# $Id: cf.data.pre,v 1.312 2003/04/27 00:34:12 hno Exp $
+# $Id: cf.data.pre,v 1.313 2003/05/17 17:35:06 hno Exp $
#
#
# SQUID Web Proxy Cache http://www.squid-cache.org/
COMMENT: (bytes)
TYPE: b_size_t
LOC: Config.rangeOffsetLimit
-DEFAULT: 0 KB
+DEFAULT: none
DOC_START
Sets a upper limit on how far into the the file a Range request
may be to cause Squid to prefetch the whole file. If beyond this
DOC_END
NAME: reply_body_max_size
-COMMENT: bytes allow|deny acl acl...
-TYPE: body_size_t
+COMMENT: size [acl acl...]
+TYPE: acl_b_size_t
DEFAULT: none
-DEFAULT_IF_NONE: 0 allow all
LOC: Config.ReplyBodySize
DOC_START
- This option specifies the maximum size of a reply body in bytes.
- It can be used to prevent users from downloading very large files,
- such as MP3's and movies. When the reply headers are recieved,
- the reply_body_max_size lines are processed, and the first line with
- a result of "allow" is used as the maximum body size for this reply.
+ This option specifies the maximum size of a reply body. It can be
+ used to prevent users from downloading very large files, such as
+ MP3's and movies. When the reply headers are recieved, the
+ reply_body_max_size lines are processed, and the first line where
+ all (if any) listed acls are true is used as the maximum body size
+ for this reply.
+
This size is then checked twice. First when we get the reply headers,
we check the content-length value. If the content length value exists
and is larger than the allowed size, the request is denied and the
non-zero value you use is greater that the maximum header size plus
the size of your largest error page.
- If you set this parameter to zero (the default), there will be
+ If you set this parameter none (the default), there will be
no limit imposed.
DOC_END
/*
- * $Id: client_side_reply.cc,v 1.50 2003/05/11 13:53:03 hno Exp $
+ * $Id: client_side_reply.cc,v 1.51 2003/05/17 17:35:06 hno Exp $
*
* DEBUG: section 88 Client-side Reply Routines
* AUTHOR: Robert Collins (Originally Duane Wessels in client_side.c)
void
clientReplyContext::buildMaxBodySize(HttpReply * reply)
{
- body_size *bs;
- ACLChecklist *checklist;
- bs = (body_size *) Config.ReplyBodySize.head;
+ acl_size_t *l = Config.ReplyBodySize;
+ ACLChecklist *ch;
- while (bs) {
- checklist = clientAclChecklistCreate(bs->access_list, http);
- checklist->reply = reply;
+ ch = clientAclChecklistCreate(NULL, http);
+ ch->reply = reply;
+
+ for (l = Config.ReplyBodySize; l; l = l -> next) {
+ ch->matchAclListFast(l->aclList);
+
+ if (ch->finished()) {
+ if (l->size != static_cast<size_t>(-1))
+ http->maxReplyBodySize(l->size);
- if (1 != aclCheckFast(bs->access_list, checklist)) {
- /* deny - skip this entry */
- bs = (body_size *) bs->node.next;
- } else {
- /* Allow - use this entry */
- http->maxReplyBodySize(bs->maxsize);
- bs = NULL;
debug(58, 3) ("httpReplyBodyBuildSize: Setting maxBodySize to %ld\n", (long int) http->maxReplyBodySize());
- }
- delete checklist;
+ break;
+ }
}
+
+ delete ch;
}
void
/*
- * $Id: forward.cc,v 1.101 2003/03/19 18:06:45 hno Exp $
+ * $Id: forward.cc,v 1.102 2003/05/17 17:35:06 hno Exp $
*
* DEBUG: section 17 Request Forwarding
* AUTHOR: Duane Wessels
for (l = head; l; l = l->next)
{
- ch->matchAclList(l->aclList);
+ ch->matchAclListFast(l->aclList);
if (ch->finished())
return l->addr;
acl_tos *l;
for (l = head; l; l = l->next) {
- ch->matchAclList(l->aclList);
+ ch->matchAclListFast(l->aclList);
if (ch->finished())
return l->tos;
/*
- * $Id: structs.h,v 1.462 2003/05/11 13:53:03 hno Exp $
+ * $Id: structs.h,v 1.463 2003/05/17 17:35:06 hno Exp $
*
*
* SQUID Web Proxy Cache http://www.squid-cache.org/
int tos;
};
+struct _acl_size_t
+{
+ acl_size_t *next;
+ acl_list *aclList;
+ size_t size;
+};
+
struct _wordlist
{
char *key;
Timeout;
size_t maxRequestHeaderSize;
size_t maxRequestBodySize;
- dlink_list ReplyBodySize;
+ acl_size_t *ReplyBodySize;
struct
{
/*
- * $Id: typedefs.h,v 1.160 2003/03/11 23:05:23 hno Exp $
+ * $Id: typedefs.h,v 1.161 2003/05/17 17:35:06 hno Exp $
*
*
* SQUID Web Proxy Cache http://www.squid-cache.org/
typedef struct _acl_tos acl_tos;
+typedef struct _acl_size_t acl_size_t;
+
class ACLChecklist;
typedef struct _wordlist wordlist;
projects / thirdparty / squid.git / commitdiff
