From: hno <> Date: Sat, 17 May 2003 23:35:03 +0000 (+0000) Subject: Syntax change of reply_body_max_size X-Git-Tag: SQUID_3_0_PRE1~187 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ef1955a503dbd88548d5517e3d453a6bfe6f4333;p=thirdparty%2Fsquid.git Syntax change of reply_body_max_size reply_body_max_size 40 KB [acl...] reply_body_max_size none [acl...] This also includes a redefiniton of acl matching methods to make sure there is no mismatches between fast/slow acl matches, and fixes tcp_outgoing_* for the same.. For next version we should probably create a acl base class which all the acl driven matches can use to limit the amount of duplicated code in these acl driven types allow/deny tos address size [direct/auto/peer/...] (to replace always_direct/never_direct/cache_peer_access) --- diff --git a/doc/release-notes/release-3.0.sgml b/doc/release-notes/release-3.0.sgml index ba05c4f4e2..375536a3b1 100644 --- a/doc/release-notes/release-3.0.sgml +++ b/doc/release-notes/release-3.0.sgml @@ -2,7 +2,7 @@
Squid 3.0 release notes Squid Developers -$Id: release-3.0.sgml,v 1.2 2003/05/10 10:16:57 robertc Exp $ +$Id: release-3.0.sgml,v 1.3 2003/05/17 17:35:03 hno Exp $ This document contains the release notes for version 3.0 of Squid. @@ -126,6 +126,7 @@ This fixes two issues:Transparently intercepted requests is no lo header_replaceThis is now dependent on --disable-http-violations (Henrik Nordstrom) email_err_dataAllow disabling the data now embedded in the mailto links on Squid's ERR pages. refresh_patternMake the default refresh_pattern merely a suggested default. This is consistent with older Squid versions due to a bug in the "DEFAULT-IF-NONE" processing of refresh_pattern. (Henrik) +reply_body_max_sizeNo longer uses allow/deny. Instead it is specified as a size followed by acl elements. The size "none" can be used for no limit (the default) Known limitations diff --git a/src/ACLChecklist.cc b/src/ACLChecklist.cc index 608dcd7cf7..38f88b5a03 100644 --- a/src/ACLChecklist.cc +++ b/src/ACLChecklist.cc @@ -1,5 +1,5 @@ /* - * $Id: ACLChecklist.cc,v 1.10 2003/03/04 01:40:25 robertc Exp $ + * $Id: ACLChecklist.cc,v 1.11 2003/05/17 17:35:03 hno Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -198,7 +198,7 @@ ACLChecklist::checkAccessList() /* what is our result on a match? */ currentAnswer(accessList->allow); /* does the current AND clause match */ - matchAclList(accessList->aclList); + matchAclListSlow(accessList->aclList); } void @@ -431,3 +431,7 @@ ACLChecklist::checking (bool const newValue) { checking_ = newValue; } + +#ifndef _USE_INLINE_ +#include "ACLChecklist.cci" +#endif diff --git a/src/ACLChecklist.cci b/src/ACLChecklist.cci new file mode 100644 index 0000000000..25fb0341d6 --- /dev/null +++ b/src/ACLChecklist.cci @@ -0,0 +1,39 @@ +/* + * $Id: ACLChecklist.cci,v 1.1 2003/05/17 17:35:03 hno Exp $ + * + * DEBUG: none + * AUTHOR: Henrik Nordstrom + * + * SQUID Web Proxy Cache http://www.squid-cache.org/ + * ---------------------------------------------------------- + * + * Squid is the result of efforts by numerous individuals from + * the Internet community; see the CONTRIBUTORS file for full + * details. Many organizations have provided support for Squid's + * development; see the SPONSORS file for full details. Squid is + * Copyrighted (C) 2001 by the Regents of the University of + * California; see the COPYRIGHT file for full details. Squid + * incorporates software developed and/or copyrighted by other + * sources; see the CREDITS file for full details. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA. + * + */ + +inline void matchAclListFast(const acl_list * list) +{ + matchAclList(list, true); + inline void matchAclListSlow(const acl_list * list) { + matchAclList(list, false); diff --git a/src/ACLChecklist.h b/src/ACLChecklist.h index 7524843827..d195cf513e 100644 --- a/src/ACLChecklist.h +++ b/src/ACLChecklist.h @@ -1,6 +1,6 @@ /* - * $Id: ACLChecklist.h,v 1.8 2003/02/25 12:22:33 robertc Exp $ + * $Id: ACLChecklist.h,v 1.9 2003/05/17 17:35:03 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -88,7 +88,8 @@ class NullState : public AsyncState void nonBlockingCheck(PF * callback, void *callback_data); void checkCallback(allow_t answer); - void matchAclList(const acl_list * list, bool const fast = false); + void matchAclListFast(const acl_list * list); + void matchAclListSlow(const acl_list * list); ConnStateData *conn(); void conn(ConnStateData *); int authenticated(); @@ -132,6 +133,7 @@ class NullState : public AsyncState void markSourceDomainChecked(); private: + void matchAclList(const acl_list * list, bool const fast); CBDATA_CLASS(ACLChecklist); ConnStateData *conn_; /* hack for ident and NTLM */ bool async_; diff --git a/src/Makefile.am b/src/Makefile.am index 626f56cf1c..5fe2bbf3b2 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,7 +1,7 @@ # # Makefile for the Squid Object Cache server # -# $Id: Makefile.am,v 1.73 2003/05/01 22:19:47 hno Exp $ +# $Id: Makefile.am,v 1.74 2003/05/17 17:35:03 hno Exp $ # # Uncomment and customize the following to suit your needs: # @@ -266,6 +266,7 @@ squid_SOURCES = \ acl.cc \ ACL.h \ ACLChecklist.cc \ + ACLChecklist.cci \ ACLChecklist.h \ $(squid_ACLSOURCES) \ asn.cc \ diff --git a/src/acl.cc b/src/acl.cc index dccef22cec..f487e0ce02 100644 --- a/src/acl.cc +++ b/src/acl.cc @@ -1,5 +1,5 @@ /* - * $Id: acl.cc,v 1.306 2003/02/25 12:24:33 robertc Exp $ + * $Id: acl.cc,v 1.307 2003/05/17 17:35:05 hno Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -488,7 +488,7 @@ aclCheckFast(const acl_access * A, ACLChecklist * checklist) while (A) { allow = A->allow; - checklist->matchAclList(A->aclList, true); + checklist->matchAclListFast(A->aclList); if (checklist->finished()) { PROF_stop(aclCheckFast); @@ -526,7 +526,9 @@ ACLChecklist * aclChecklistCreate(const acl_access * A, request_t * request, const char *ident) { ACLChecklist *checklist = new ACLChecklist; - checklist->accessList = cbdataReference(A); + + if (A) + checklist->accessList = cbdataReference(A); if (request != NULL) { checklist->request = requestLink(request); diff --git a/src/cache_cf.cc b/src/cache_cf.cc index d9129be259..fe59d3c591 100644 --- a/src/cache_cf.cc +++ b/src/cache_cf.cc @@ -1,6 +1,6 @@ /* - * $Id: cache_cf.cc,v 1.440 2003/04/24 06:35:04 hno Exp $ + * $Id: cache_cf.cc,v 1.441 2003/05/17 17:35:05 hno Exp $ * * DEBUG: section 3 Configuration File Parsing * AUTHOR: Harvest Derived @@ -124,6 +124,7 @@ static void free_https_port_list(https_port_list **); static int check_null_https_port_list(const https_port_list *); #endif #endif /* USE_SSL */ +static void parse_b_size_t(size_t * var); void self_destruct(void) @@ -667,6 +668,11 @@ parseBytesLine(size_t * bptr, const char *units) if ((token = strtok(NULL, w_space)) == NULL) self_destruct(); + if (strcmp(token, "none")) { + *bptr = static_cast(1); + return; + } + d = xatof(token); m = u; /* default to 'units' if none specified */ @@ -937,6 +943,63 @@ free_acl_tos(acl_tos ** head) } } +CBDATA_TYPE(acl_size_t); + +static void +dump_acl_b_size_t(StoreEntry * entry, const char *name, acl_size_t * head) +{ + acl_size_t *l; + + for (l = head; l; l = l->next) { + if (l->size != static_cast(-1)) + storeAppendPrintf(entry, "%s %d %s\n", name, (int) l->size, B_BYTES_STR); + else + storeAppendPrintf(entry, "%s none", name); + + dump_acl_list(entry, l->aclList); + + storeAppendPrintf(entry, "\n"); + } +} + +static void +freed_acl_b_size_t(void *data) +{ + acl_size_t *l = static_cast(data); + aclDestroyAclList(&l->aclList); +} + +static void +parse_acl_b_size_t(acl_size_t ** head) +{ + acl_size_t *l; + acl_size_t **tail = head; /* sane name below */ + + CBDATA_INIT_TYPE_FREECB(acl_size_t, freed_acl_b_size_t); + + l = cbdataAlloc(acl_size_t); + + parse_b_size_t(&l->size); + + aclParseAclList(&l->aclList); + + while (*tail) + tail = &(*tail)->next; + + *tail = l; +} + +static void +free_acl_b_size_t(acl_size_t ** head) +{ + while (*head) { + acl_size_t *l = *head; + *head = l->next; + l->next = NULL; + cbdataFree(l); + } +} + #if DELAY_POOLS #include "DelayPools.h" @@ -2331,71 +2394,6 @@ parse_b_size_t(size_t * var) parseBytesLine(var, B_BYTES_STR); } -CBDATA_TYPE(body_size); - -static void -parse_body_size_t(dlink_list * bodylist) -{ - body_size *bs; - CBDATA_INIT_TYPE(body_size); - bs = cbdataAlloc(body_size); - parse_size_t(&bs->maxsize); - aclParseAccessLine(&bs->access_list); - - dlinkAddTail(bs, &bs->node, bodylist); -} - -static void -dump_body_size_t(StoreEntry * entry, const char *name, dlink_list bodylist) -{ - body_size *bs; - bs = (body_size *) bodylist.head; - - while (bs) { - acl_list *l; - acl_access *head = bs->access_list; - - while (head != NULL) { - storeAppendPrintf(entry, "%s %ld %s", name, (long int) bs->maxsize, - head->allow ? "Allow" : "Deny"); - - for (l = head->aclList; l != NULL; l = l->next) { - storeAppendPrintf(entry, " %s%s", - l->op ? null_string : "!", - l->_acl->name); - } - - storeAppendPrintf(entry, "\n"); - head = head->next; - } - - bs = (body_size *) bs->node.next; - } -} - -static void -free_body_size_t(dlink_list * bodylist) -{ - body_size *bs, *tempnode; - bs = (body_size *) bodylist->head; - - while (bs) { - bs->maxsize = 0; - aclDestroyAccessList(&bs->access_list); - tempnode = (body_size *) bs->node.next; - dlinkDelete(&bs->node, bodylist); - cbdataFree(bs); - bs = tempnode; - } -} - -static int -check_null_body_size_t(dlink_list bodylist) -{ - return bodylist.head == NULL; -} - - static void parse_kb_size_t(size_t * var) { diff --git a/src/cf.data.pre b/src/cf.data.pre index 433d862025..4ac0a6ba64 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -1,6 +1,6 @@ # -# $Id: cf.data.pre,v 1.312 2003/04/27 00:34:12 hno Exp $ +# $Id: cf.data.pre,v 1.313 2003/05/17 17:35:06 hno Exp $ # # # SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -1991,7 +1991,7 @@ NAME: range_offset_limit COMMENT: (bytes) TYPE: b_size_t LOC: Config.rangeOffsetLimit -DEFAULT: 0 KB +DEFAULT: none DOC_START Sets a upper limit on how far into the the file a Range request may be to cause Squid to prefetch the whole file. If beyond this @@ -2535,17 +2535,18 @@ DOC_START DOC_END NAME: reply_body_max_size -COMMENT: bytes allow|deny acl acl... -TYPE: body_size_t +COMMENT: size [acl acl...] +TYPE: acl_b_size_t DEFAULT: none -DEFAULT_IF_NONE: 0 allow all LOC: Config.ReplyBodySize DOC_START - This option specifies the maximum size of a reply body in bytes. - It can be used to prevent users from downloading very large files, - such as MP3's and movies. When the reply headers are recieved, - the reply_body_max_size lines are processed, and the first line with - a result of "allow" is used as the maximum body size for this reply. + This option specifies the maximum size of a reply body. It can be + used to prevent users from downloading very large files, such as + MP3's and movies. When the reply headers are recieved, the + reply_body_max_size lines are processed, and the first line where + all (if any) listed acls are true is used as the maximum body size + for this reply. + This size is then checked twice. First when we get the reply headers, we check the content-length value. If the content length value exists and is larger than the allowed size, the request is denied and the @@ -2564,7 +2565,7 @@ DOC_START non-zero value you use is greater that the maximum header size plus the size of your largest error page. - If you set this parameter to zero (the default), there will be + If you set this parameter none (the default), there will be no limit imposed. DOC_END diff --git a/src/client_side_reply.cc b/src/client_side_reply.cc index 8bd31f9c56..4815c9d58c 100644 --- a/src/client_side_reply.cc +++ b/src/client_side_reply.cc @@ -1,6 +1,6 @@ /* - * $Id: client_side_reply.cc,v 1.50 2003/05/11 13:53:03 hno Exp $ + * $Id: client_side_reply.cc,v 1.51 2003/05/17 17:35:06 hno Exp $ * * DEBUG: section 88 Client-side Reply Routines * AUTHOR: Robert Collins (Originally Duane Wessels in client_side.c) @@ -1813,26 +1813,26 @@ clientReplyContext::holdReply(HttpReply *aReply) void clientReplyContext::buildMaxBodySize(HttpReply * reply) { - body_size *bs; - ACLChecklist *checklist; - bs = (body_size *) Config.ReplyBodySize.head; + acl_size_t *l = Config.ReplyBodySize; + ACLChecklist *ch; - while (bs) { - checklist = clientAclChecklistCreate(bs->access_list, http); - checklist->reply = reply; + ch = clientAclChecklistCreate(NULL, http); + ch->reply = reply; + + for (l = Config.ReplyBodySize; l; l = l -> next) { + ch->matchAclListFast(l->aclList); + + if (ch->finished()) { + if (l->size != static_cast(-1)) + http->maxReplyBodySize(l->size); - if (1 != aclCheckFast(bs->access_list, checklist)) { - /* deny - skip this entry */ - bs = (body_size *) bs->node.next; - } else { - /* Allow - use this entry */ - http->maxReplyBodySize(bs->maxsize); - bs = NULL; debug(58, 3) ("httpReplyBodyBuildSize: Setting maxBodySize to %ld\n", (long int) http->maxReplyBodySize()); - } - delete checklist; + break; + } } + + delete ch; } void diff --git a/src/forward.cc b/src/forward.cc index 2fa9669a3d..653700477c 100644 --- a/src/forward.cc +++ b/src/forward.cc @@ -1,6 +1,6 @@ /* - * $Id: forward.cc,v 1.101 2003/03/19 18:06:45 hno Exp $ + * $Id: forward.cc,v 1.102 2003/05/17 17:35:06 hno Exp $ * * DEBUG: section 17 Request Forwarding * AUTHOR: Duane Wessels @@ -487,7 +487,7 @@ static struct in_addr for (l = head; l; l = l->next) { - ch->matchAclList(l->aclList); + ch->matchAclListFast(l->aclList); if (ch->finished()) return l->addr; @@ -503,7 +503,7 @@ aclMapTOS(acl_tos * head, ACLChecklist * ch) acl_tos *l; for (l = head; l; l = l->next) { - ch->matchAclList(l->aclList); + ch->matchAclListFast(l->aclList); if (ch->finished()) return l->tos; diff --git a/src/structs.h b/src/structs.h index fe3b92679e..da61d6a49f 100644 --- a/src/structs.h +++ b/src/structs.h @@ -1,6 +1,6 @@ /* - * $Id: structs.h,v 1.462 2003/05/11 13:53:03 hno Exp $ + * $Id: structs.h,v 1.463 2003/05/17 17:35:06 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -134,6 +134,13 @@ struct _acl_tos int tos; }; +struct _acl_size_t +{ + acl_size_t *next; + acl_list *aclList; + size_t size; +}; + struct _wordlist { char *key; @@ -288,7 +295,7 @@ struct _SquidConfig Timeout; size_t maxRequestHeaderSize; size_t maxRequestBodySize; - dlink_list ReplyBodySize; + acl_size_t *ReplyBodySize; struct { diff --git a/src/typedefs.h b/src/typedefs.h index 5f0db0abd5..1e9435f6ca 100644 --- a/src/typedefs.h +++ b/src/typedefs.h @@ -1,6 +1,6 @@ /* - * $Id: typedefs.h,v 1.160 2003/03/11 23:05:23 hno Exp $ + * $Id: typedefs.h,v 1.161 2003/05/17 17:35:06 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -79,6 +79,8 @@ typedef struct _acl_address acl_address; typedef struct _acl_tos acl_tos; +typedef struct _acl_size_t acl_size_t; + class ACLChecklist; typedef struct _wordlist wordlist;