From: wessels <> Date: Sat, 7 Mar 1998 04:05:47 +0000 (+0000) Subject: Fixes/changes from 1.1, mostly clientdbCutoffDenied(). X-Git-Tag: SQUID_3_0_PRE1~3899 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e711a2ff2949010da8ca54fac8eea81ee636c667;p=thirdparty%2Fsquid.git Fixes/changes from 1.1, mostly clientdbCutoffDenied(). --- diff --git a/src/acl.cc b/src/acl.cc index 36bf7540dd..249ab66ffe 100644 --- a/src/acl.cc +++ b/src/acl.cc @@ -1,6 +1,6 @@ /* - * $Id: acl.cc,v 1.145 1998/03/04 22:07:54 wessels Exp $ + * $Id: acl.cc,v 1.146 1998/03/06 21:05:47 wessels Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -399,10 +399,10 @@ aclParseIpData(const char *t) Q = &q; for (x = hp->h_addr_list; x != NULL && *x != NULL; x++) { if ((r = *Q) == NULL) - *Q = r = xcalloc(1, sizeof(struct _acl_ip_data)); + r = *Q = xcalloc(1, sizeof(struct _acl_ip_data)); xmemcpy(&r->addr1.s_addr, *x, sizeof(r->addr1.s_addr)); r->addr2.s_addr = 0; - r->mask.s_addr = 0; + r->mask.s_addr = no_addr.s_addr; /* 255.255.255.255 */ Q = &r->next; debug(28, 3) ("%s --> %s\n", addr1, inet_ntoa(r->addr1)); } diff --git a/src/client_db.cc b/src/client_db.cc index 2559ec7367..65887ac0e3 100644 --- a/src/client_db.cc +++ b/src/client_db.cc @@ -1,6 +1,6 @@ /* - * $Id: client_db.cc,v 1.21 1998/02/19 23:09:49 wessels Exp $ + * $Id: client_db.cc,v 1.22 1998/03/06 21:05:48 wessels Exp $ * * DEBUG: section 0 Client Database * AUTHOR: Duane Wessels @@ -39,6 +39,11 @@ typedef struct _client_info { int result_hist[LOG_TYPE_MAX]; int n_requests; } Http, Icp; + struct { + time_t time; + int n_req; + int n_denied; + } cutoff; } ClientInfo; static hash_table *client_table = NULL; @@ -91,23 +96,48 @@ clientdbUpdate(struct in_addr addr, log_type log_type, protocol_t p) } } +#define CUTOFF_SECONDS 3600 int -clientdbDeniedPercent(struct in_addr addr) +clientdbCutoffDenied(struct in_addr addr) { char *key; - int n = 100; + int NR; + int ND; + double p; ClientInfo *c; - if (!Config.onoff.client_db) + if (!Config.Options.client_db) return 0; key = inet_ntoa(addr); c = (ClientInfo *) hash_lookup(client_table, key); if (c == NULL) return 0; - if (c->Icp.n_requests > 100) - n = c->Icp.n_requests; - return 100 * c->Icp.result_hist[LOG_UDP_DENIED] / n; + /* + * If we are in a cutoff window, we don't send a reply + */ + if (squid_curtime - c->cutoff.time < CUTOFF_SECONDS) + return 1; + /* + * Calculate the percent of DENIED replies since the last + * cutoff time. + */ + NR = c->Icp.n_requests - c->cutoff.n_req; + if (NR < 150) + NR = 150; + ND = c->Icp.result_hist[LOG_UDP_DENIED] - c->cutoff.n_denied; + p = 100.0 * ND / NR; + if (p < 95.0) + return 0; + debug(1, 0, "WARNING: Probable misconfigured neighbor at %s\n", key); + debug(1, 0, "WARNING: %d of the last %d ICP replies are DENIED\n", ND, NR); + debug(1, 0, "WARNING: No replies will be sent for the next %d seconds\n", + CUTOFF_SECONDS); + c->cutoff.time = squid_curtime; + c->cutoff.n_req = c->Icp.n_requests; + c->cutoff.n_denied = c->Icp.result_hist[LOG_UDP_DENIED]; + return 1; } + void clientdbDump(StoreEntry * sentry) { diff --git a/src/icp_v2.cc b/src/icp_v2.cc index c5f94bb8f1..aa95c75d86 100644 --- a/src/icp_v2.cc +++ b/src/icp_v2.cc @@ -167,17 +167,15 @@ icpHandleIcpV2(int fd, struct sockaddr_in from, char *buf, int len) if (!allow) { debug(12, 2) ("icpHandleIcpV2: Access Denied for %s by %s.\n", inet_ntoa(from.sin_addr), AclMatchedName); - if (clientdbDeniedPercent(from.sin_addr) < 95) { - reply = icpCreateMessage(ICP_DENIED, 0, url, header.reqnum, 0); - icpUdpSend(fd, &from, reply, LOG_UDP_DENIED, icp_request->protocol); - } else { + if (clientdbCutoffDenied(from.sin_addr)) { /* * count this DENIED query in the clientdb, even though * we're not sending an ICP reply... */ - clientdbUpdate(from.sin_addr, - LOG_UDP_DENIED, - Config.Port.icp); + clientdbUpdate(from.sin_addr, LOG_UDP_DENIED, Config.Port.icp); + } else { + reply = icpCreateMessage(ICP_DENIED, 0, url, header.reqnum, 0); + icpUdpSend(fd, &from, reply, LOG_UDP_DENIED, icp_request->protocol); } break; } diff --git a/src/icp_v3.cc b/src/icp_v3.cc index cbb9d5da49..f8dde47aa6 100644 --- a/src/icp_v3.cc +++ b/src/icp_v3.cc @@ -36,17 +36,15 @@ icpHandleIcpV3(int fd, struct sockaddr_in from, char *buf, int len) if (!allow) { debug(12, 2) ("icpHandleIcpV3: Access Denied for %s by %s.\n", inet_ntoa(from.sin_addr), AclMatchedName); - if (clientdbDeniedPercent(from.sin_addr) < 95) { - reply = icpCreateMessage(ICP_DENIED, 0, url, header.reqnum, 0); - icpUdpSend(fd, &from, reply, LOG_UDP_DENIED, icp_request->protocol); - } else { + if (clientdbCutoffDenied(from.sin_addr)) { /* * count this DENIED query in the clientdb, even though * we're not sending an ICP reply... */ - clientdbUpdate(from.sin_addr, - LOG_UDP_DENIED, - Config.Port.icp); + clientdbUpdate(from.sin_addr, LOG_UDP_DENIED, Config.Port.icp); + } else { + reply = icpCreateMessage(ICP_DENIED, 0, url, header.reqnum, 0); + icpUdpSend(fd, &from, reply, LOG_UDP_DENIED, icp_request->protocol); } break; } diff --git a/src/ipcache.cc b/src/ipcache.cc index 266fdb6ee3..bc9b55a987 100644 --- a/src/ipcache.cc +++ b/src/ipcache.cc @@ -1,6 +1,6 @@ /* - * $Id: ipcache.cc,v 1.165 1998/03/05 00:42:57 wessels Exp $ + * $Id: ipcache.cc,v 1.166 1998/03/06 21:05:50 wessels Exp $ * * DEBUG: section 14 IP Cache * AUTHOR: Harvest Derived @@ -316,8 +316,6 @@ static ipcache_entry * ipcache_create(const char *name) { static ipcache_entry *i; - if (meta_data.ipcache_count > ipcache_high) - ipcache_purgelru(NULL); meta_data.ipcache_count++; i = xcalloc(1, sizeof(ipcache_entry)); i->name = xstrdup(name); diff --git a/src/protos.h b/src/protos.h index ad7d2cf87b..bc9178ea17 100644 --- a/src/protos.h +++ b/src/protos.h @@ -70,7 +70,7 @@ extern void cbdataDump(StoreEntry *); extern void clientdbInit(void); extern void clientdbUpdate(struct in_addr, log_type, protocol_t); -extern int clientdbDeniedPercent(struct in_addr); +extern int clientdbCutoffDenied(struct in_addr); extern void clientdbDump(StoreEntry *); extern void clientAccessCheck(void *);