From: Amos Jeffries <squid3@treenet.co.nz>
Date: Mon, 6 Apr 2009 12:59:32 +0000 (+1200)
Subject: Quiet cache.log when TPROXY and NAT both active
X-Git-Tag: SQUID_3_2_0_1~1079
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f32581fd08c7eb98c6463db87f71db5e472d1d0d;p=thirdparty%2Fsquid.git

Quiet cache.log when TPROXY and NAT both active
---

diff --git a/squid3.dox b/squid3.dox
index 7da906f020..41f1753dad 100644
--- a/squid3.dox
+++ b/squid3.dox
@@ -470,7 +470,7 @@ SHOW_USED_FILES        = YES
 # then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy 
 # in the documentation. The default is NO.
 
-SHOW_DIRECTORIES       = NO
+SHOW_DIRECTORIES       = YES
 
 # Set the SHOW_FILES tag to NO to disable the generation of the Files page. 
 # This will remove the Files entry from the Quick Index and from the 
diff --git a/src/acl/MethodData.cc b/src/acl/MethodData.cc
index b502f7be48..ad6cf3c903 100644
--- a/src/acl/MethodData.cc
+++ b/src/acl/MethodData.cc
@@ -89,6 +89,10 @@ ACLMethodData::parse()
 
     for (Tail = &values; *Tail; Tail = &((*Tail)->next));
     while ((t = strtokFile())) {
+        if(strcmp(t, "PURGE") == 0) {
+            // we need to use PURGE, can't just blanket-deny it.
+            Config2.onoff.enable_purge = 1;
+        }
         CbDataList<HttpRequestMethod> *q = new CbDataList<HttpRequestMethod> (HttpRequestMethod(t, NULL));
         *(Tail) = q;
         Tail = &q->next;
diff --git a/src/cache_cf.cc b/src/cache_cf.cc
index b2c60bb37c..4b7c78b732 100644
--- a/src/cache_cf.cc
+++ b/src/cache_cf.cc
@@ -611,8 +611,10 @@ configDoConfigure(void)
 
 #endif
 
-    if (aclPurgeMethodInUse(Config.accessList.http))
-        Config2.onoff.enable_purge = 1;
+    // we have reconfigured and in the process disabled any need for PURGE.
+    // turn it off now.
+    if(Config2.onoff.enable_purge == 2)
+        Config2.onoff.enable_purge = 0;
 
     Config2.onoff.mangle_request_headers = httpReqHdrManglersConfigured();
 
diff --git a/src/ip/IpIntercept.cc b/src/ip/IpIntercept.cc
index 1ff03d4e7f..a7ff6fe40c 100644
--- a/src/ip/IpIntercept.cc
+++ b/src/ip/IpIntercept.cc
@@ -378,6 +378,11 @@ IpIntercept::NatLookup(int fd, const IpAddress &me, const IpAddress &peer, IpAdd
     debugs(89, 5, HERE << "address BEGIN: me= " << me << ", client= " << client <<
            ", dst= " << dst << ", peer= " << peer);
 
+    /* NP: try TPROXY first, its much quieter than NAT when non-matching */
+    if (transparent_active) {
+        if ( NetfilterTransparent(fd, me, dst, silent) == 0) return 0;
+    }
+
     if (intercept_active) {
         /* NAT methods that use sock-opts to return client address */
         if ( NetfilterInterception(fd, me, client, silent) == 0) return 0;
@@ -387,9 +392,6 @@ IpIntercept::NatLookup(int fd, const IpAddress &me, const IpAddress &peer, IpAdd
         if ( PfInterception(fd, me, client, dst, silent) == 0) return 0;
         if ( IpfInterception(fd, me, client, dst, silent) == 0) return 0;
     }
-    if (transparent_active) {
-        if ( NetfilterTransparent(fd, me, dst, silent) == 0) return 0;
-    }
 
 #else /* none of the transparent options configured */
     debugs(89, DBG_IMPORTANT, "WARNING: transparent proxying not supported");
diff --git a/src/main.cc b/src/main.cc
index e9f1bfa197..22add79f94 100644
--- a/src/main.cc
+++ b/src/main.cc
@@ -711,7 +711,13 @@ mainReconfigureFinish(void *)
 
     errorClean();
     enter_suid();		/* root to read config file */
+
+    // we may have disabled the need for PURGE
+    if(Config2.onoff.enable_purge)
+        Config2.onoff.enable_purge = 2;
+
     parseConfigFile(ConfigFile);
+
     setUmask(Config.umask);
     Mem::Report();
     setEffectiveUser();