From: Amos Jeffries Date: Tue, 27 Oct 2009 05:37:33 +0000 (+1300) Subject: Author: Henrik Nordstrom X-Git-Tag: SQUID_3_1_0_15~58 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4f7b02e904002473bb068cb19787bf7220312647;p=thirdparty%2Fsquid.git Author: Henrik Nordstrom Generate squid.conf.default with just the configuration data & comments forward-port from squid-2 --- diff --git a/src/Makefile.am b/src/Makefile.am index 6b2ba23f14..3fbfe7e144 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -745,12 +745,9 @@ test_cache_digest: test_cache_digest.o CacheDigest.o debug.o globals.o store_key cache_cf.o: cf_parser.h # squid.conf.default is built by cf_gen when making cf_parser.h -squid.conf.documented: cf_parser.h +squid.conf.default squid.conf.documented: cf_parser.h true -squid.conf.default: squid.conf.documented - $(EGREP) -v "^[#\ ]" squid.conf.documented | $(EGREP) . >squid.conf.default - cf_parser.h: cf.data cf_gen$(EXEEXT) ./cf_gen cf.data $(srcdir)/cf.data.depend diff --git a/src/cf.data.pre b/src/cf.data.pre index 5ebf10ad0a..db8d34121e 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -307,25 +307,29 @@ DOC_START auth_param negotiate keep_alive on -NOCOMMENT_START + + Examples: + #Recommended minimum configuration per scheme: #auth_param negotiate program #auth_param negotiate children 5 #auth_param negotiate keep_alive on +# #auth_param ntlm program #auth_param ntlm children 5 #auth_param ntlm keep_alive on +# #auth_param digest program #auth_param digest children 5 #auth_param digest realm Squid proxy-caching web server #auth_param digest nonce_garbage_interval 5 minutes #auth_param digest nonce_max_duration 30 minutes #auth_param digest nonce_max_count 50 +# #auth_param basic program #auth_param basic children 5 #auth_param basic realm Squid proxy-caching web server #auth_param basic credentialsttl 2 hours -NOCOMMENT_END DOC_END NAME: authenticate_cache_garbage_interval @@ -677,26 +681,28 @@ DOC_START acl aclname tag tagvalue ... # string match on tag returned by external acl helper [slow] -Examples: -acl macaddress arp 09:00:2b:23:45:67 -acl myexample dst_as 1241 -acl password proxy_auth REQUIRED -acl fileupload req_mime_type -i ^multipart/form-data$ -acl javascript rep_mime_type -i ^application/x-javascript$ + Examples: + acl macaddress arp 09:00:2b:23:45:67 + acl myexample dst_as 1241 + acl password proxy_auth REQUIRED + acl fileupload req_mime_type -i ^multipart/form-data$ + acl javascript rep_mime_type -i ^application/x-javascript$ NOCOMMENT_START -#Recommended minimum configuration: +# +# Recommended minimum configuration: +# acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 -# + # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network -# + acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp @@ -828,22 +834,28 @@ DOC_START See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details. NOCOMMENT_START -#Recommended minimum configuration: + +# +# Recommended minimum Access Permission configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager -# Deny requests to unknown ports + +# Deny requests to certain unsafe ports http_access deny !Safe_ports -# Deny CONNECT to other than SSL ports + +# Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports -# + # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost + # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS +# # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks @@ -891,11 +903,10 @@ DOC_START This clause only supports fast acl types. See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details. -NOCOMMENT_START -#Allow ICP queries from local networks only + +# Allow ICP queries from local networks only #icp_access allow localnet #icp_access deny all -NOCOMMENT_END DOC_END NAME: htcp_access @@ -918,11 +929,10 @@ DOC_START This clause only supports fast acl types. See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details. -NOCOMMENT_START -#Allow HTCP queries from local networks only + +# Allow HTCP queries from local networks only #htcp_access allow localnet #htcp_access deny all -NOCOMMENT_END DOC_END NAME: htcp_clr_access @@ -941,7 +951,8 @@ DOC_START This clause only supports fast acl types. See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details. -#Allow HTCP CLR requests from trusted peers + +# Allow HTCP CLR requests from trusted peers acl htcp_clr_peer src 172.16.1.2 htcp_clr_access allow htcp_clr_peer DOC_END @@ -1162,6 +1173,7 @@ DOC_START visible on the internal address. NOCOMMENT_START + # Squid normally listens to port 3128 http_port @DEFAULT_HTTP_PORT@ NOCOMMENT_END @@ -1539,17 +1551,17 @@ DOC_START This clause only supports fast acl types. See http://wiki.squid-cache.org/SquidFaq/SquidAcl for details. -NOCOMMENT_START -# Example: Bump all requests except those originating from localhost and -# those going to webax.com or example.com sites. -# -# acl localhost src 127.0.0.1/32 -# acl broken_sites dstdomain .webax.com -# acl broken_sites dstdomain .example.com -# ssl_bump deny localhost -# ssl_bump deny broken_sites -# ssl_bump allow all -NOCOMMENT_END + + + # Example: Bump all requests except those originating from localhost and + # those going to webax.com or example.com sites. + + acl localhost src 127.0.0.1/32 + acl broken_sites dstdomain .webax.com + acl broken_sites dstdomain .example.com + ssl_bump deny localhost + ssl_bump deny broken_sites + ssl_bump allow all DOC_END NAME: sslproxy_flags @@ -1593,10 +1605,7 @@ DOC_START See also: sslproxy_flags and DONT_VERIFY_PEER. -NOCOMMENT_START -#Default setting: -# sslproxy_cert_error deny all -NOCOMMENT_END + Default setting: sslproxy_cert_error deny all DOC_END @@ -2034,7 +2043,8 @@ DOC_START list this option multiple times. Note: never_direct overrides this option. NOCOMMENT_START -#We recommend you to use at least the following line. + +# We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? NOCOMMENT_END DOC_END @@ -2257,7 +2267,9 @@ DOC_START which can be changed with the --with-coss-membuf-size=N configure option. NOCOMMENT_START -# cache_dir ufs @DEFAULT_SWAP_DIR@ 100 16 256 + +# Uncomment and adjust the following to add a disk cache directory. +#cache_dir ufs @DEFAULT_SWAP_DIR@ 100 16 256 NOCOMMENT_END DOC_END @@ -2624,9 +2636,9 @@ DOC_START saved and for how long. To disable, enter "none" or remove the line. There are not really utilities to analyze this data, so you can safely disable it. -NOCOMMENT_START -# cache_store_log @DEFAULT_STORE_LOG@ -NOCOMMENT_END + + Example: + cache_store_log @DEFAULT_STORE_LOG@ DOC_END NAME: cache_swap_state cache_swap_log @@ -2879,6 +2891,7 @@ DOC_START and coredump files will be left there. NOCOMMENT_START + # Leave coredumps in the first cache dir coredump_dir @DEFAULT_SWAP_DIR@ NOCOMMENT_END @@ -3272,8 +3285,9 @@ DOC_START to change one. The default setting is only active if none is used. -Suggested default: NOCOMMENT_START + +# Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 @@ -4099,13 +4113,10 @@ DOC_START default is `0' which disables sending the announcement messages. - To enable announcing your cache, just uncomment the line - below. + To enable announcing your cache, just set an announce period. -NOCOMMENT_START -#To enable announcing your cache, just uncomment the line below. -#announce_period 1 day -NOCOMMENT_END + Example: + announce_period 1 day DOC_END NAME: announce_host @@ -4704,9 +4715,9 @@ DOC_START SNMP support set this to a suitable port number. Port number 3401 is often used for the Squid SNMP agent. By default it's set to "0" (disabled) -NOCOMMENT_START -#snmp_port 3401 -NOCOMMENT_END + + Example: + snmp_port 3401 DOC_END NAME: snmp_access @@ -4775,9 +4786,9 @@ DOC_START The port number where Squid sends and receives ICP queries to and from neighbor caches. The standard UDP port for ICP is 3130. Default is disabled (0). -NOCOMMENT_START -#icp_port @DEFAULT_ICP_PORT@ -NOCOMMENT_END + + Example: + icp_port @DEFAULT_ICP_PORT@ DOC_END NAME: htcp_port @@ -4789,9 +4800,9 @@ DOC_START The port number where Squid sends and receives HTCP queries to and from neighbor caches. To turn it on you want to set it to 4827. By default it is set to "0" (disabled). -NOCOMMENT_START -#htcp_port 4827 -NOCOMMENT_END + + Example: + htcp_port 4827 DOC_END NAME: log_icp_queries diff --git a/src/cf_gen.cc b/src/cf_gen.cc index 0180906a27..c3da2d7434 100644 --- a/src/cf_gen.cc +++ b/src/cf_gen.cc @@ -61,6 +61,7 @@ #define MAX_LINE 1024 /* longest configuration line */ #define _PATH_PARSER "cf_parser.h" #define _PATH_SQUID_CONF "squid.conf.documented" +#define _PATH_SQUID_CONF_SHORT "squid.conf.default" #define _PATH_CF_DEPEND "cf.data.depend" enum State { @@ -119,7 +120,7 @@ static void gen_parse_entry(Entry *entry, FILE *fp); static void gen_parse_alias(char *, EntryAlias *, Entry *, FILE *); static void gen_dump(Entry *, FILE *); static void gen_free(Entry *, FILE *); -static void gen_conf(Entry *, FILE *); +static void gen_conf(Entry *, FILE *, bool verbose_output); static void gen_default_if_none(Entry *, FILE *); @@ -159,14 +160,22 @@ checkDepend(const char *directive, const char *name, const Type *types, const En exit(1); } +static void +usage(const char *program_name) +{ + fprintf(stderr, "Usage: %s cf.data cf.data.depend\n", program_name); + exit(1); +} + int main(int argc, char *argv[]) { FILE *fp; - char *input_filename = argv[1]; + char *input_filename; const char *output_filename = _PATH_PARSER; const char *conf_filename = _PATH_SQUID_CONF; - const char *type_depend = argv[2]; + const char *conf_filename_short = _PATH_SQUID_CONF_SHORT; + const char *type_depend; int linenum = 0; Entry *entries = NULL; Entry *curr = NULL; @@ -183,6 +192,11 @@ main(int argc, char *argv[]) #endif char buff[MAX_LINE]; + if (argc != 3) + usage(argv[0]); + + input_filename = argv[1]; + type_depend = argv[2]; /*-------------------------------------------------------------------* * Parse type dependencies @@ -486,10 +500,20 @@ main(int argc, char *argv[]) #endif - gen_conf(entries, fp); + gen_conf(entries, fp, 1); fclose(fp); + if ((fp = fopen(conf_filename_short, "w")) == NULL) { + perror(conf_filename_short); + exit(1); + } +#ifdef _SQUID_WIN32_ + setmode(fileno(fp), O_TEXT); +#endif + gen_conf(entries, fp, 0); + fclose(fp); + return (rc); } @@ -773,7 +797,7 @@ available_if(char *name) } static void -gen_conf(Entry * head, FILE * fp) +gen_conf(Entry * head, FILE * fp, bool verbose_output) { Entry *entry; char buf[8192]; @@ -781,27 +805,31 @@ gen_conf(Entry * head, FILE * fp) for (entry = head; entry != NULL; entry = entry->next) { Line *line; - int blank = 1; int enabled = 1; if (!strcmp(entry->name, "comment")) (void) 0; - else + else if (verbose_output) { fprintf(fp, "# TAG: %s", entry->name); - if (entry->comment) - fprintf(fp, "\t%s", entry->comment); + if (entry->comment) + fprintf(fp, "\t%s", entry->comment); - fprintf(fp, "\n"); + fprintf(fp, "\n"); + } if (!defined(entry->ifdef)) { - fprintf(fp, "# Note: This option is only available if Squid is rebuilt with the\n"); - fprintf(fp, "# %s\n#\n", available_if(entry->ifdef)); + if (verbose_output) { + fprintf(fp, "# Note: This option is only available if Squid is rebuilt with the\n"); + fprintf(fp, "# %s\n#\n", available_if(entry->ifdef)); + } enabled = 0; } - for (line = entry->doc; line != NULL; line = line->next) { - fprintf(fp, "#%s\n", line->data); + if (verbose_output) { + for (line = entry->doc; line != NULL; line = line->next) { + fprintf(fp, "#%s\n", line->data); + } } if (entry->default_value && strcmp(entry->default_value, "none") != 0) { @@ -816,19 +844,12 @@ gen_conf(Entry * head, FILE * fp) } } - if (entry->nocomment) - blank = 0; - if (!def && entry->doc && !entry->nocomment && strcmp(entry->name, "comment") != 0) lineAdd(&def, "none"); - if (def && (entry->doc || entry->nocomment)) { - if (blank) - fprintf(fp, "#\n"); - + if (verbose_output && def && (entry->doc || entry->nocomment)) { fprintf(fp, "#Default:\n"); - while (def != NULL) { line = def; def = line->next; @@ -836,21 +857,21 @@ gen_conf(Entry * head, FILE * fp) xfree(line->data); xfree(line); } - - blank = 1; } - if (entry->nocomment && blank) + if (verbose_output && entry->nocomment) fprintf(fp, "#\n"); - for (line = entry->nocomment; line != NULL; line = line->next) { - if (!enabled && line->data[0] != '#') - fprintf(fp, "#%s\n", line->data); - else - fprintf(fp, "%s\n", line->data); + if (enabled || verbose_output) { + for (line = entry->nocomment; line != NULL; line = line->next) { + if (!enabled && line->data[0] != '#') + fprintf(fp, "#%s\n", line->data); + else + fprintf(fp, "%s\n", line->data); + } } - if (entry->doc != NULL) { + if (verbose_output && entry->doc != NULL) { fprintf(fp, "\n"); } }