Re: [squid-dev] [PATCH] A new 'has' ACL
Thanks. Applied to Squid-5 as r15139 Amos ___ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev
Re: [squid-dev] [PATCH] A new 'has' ACL
I did this change a bit differently, making these static SBufs ACLHasComponentData class const members so that I could reuse them in two methods, instead of duplicating C strings. Reattaching the patch. Eduard. On 15.05.2017 14:38, Amos Jeffries wrote: On 15/05/17 20:47, Eduard Bagdasaryan wrote: Just a reminder: any remarks before this feature can be applied? The SBuf in dump() should be static locals for performance. Otherwise +1. A new 'has' ACL was implemented. This ACL detects presence of request, response or ALE transaction components. Since many ACLs require some of these components, lack of them in a transaction may spoil the check and confuse admin with warnings like "... ACL is used in context without an HTTP request". Using 'has' ACL should help dealing with these problems caused by component-less transactions. Also: addressed TODO in item #3 of trunk revision 14752. === modified file 'src/AclRegs.cc' --- src/AclRegs.cc 2017-01-30 12:46:15 + +++ src/AclRegs.cc 2017-05-15 19:04:56 + @@ -17,60 +17,62 @@ #include "acl/AdaptationService.h" #include "acl/AdaptationServiceData.h" #endif #include "acl/AllOf.h" #include "acl/AnnotateClient.h" #include "acl/AnnotateTransaction.h" #include "acl/AnnotationData.h" #include "acl/AnyOf.h" #if USE_SQUID_EUI #include "acl/Arp.h" #include "acl/Eui64.h" #endif #if USE_OPENSSL #include "acl/AtStep.h" #include "acl/AtStepData.h" #endif #include "acl/Asn.h" #include "acl/Browser.h" #include "acl/Checklist.h" #include "acl/ConnectionsEncrypted.h" #include "acl/Data.h" #include "acl/DestinationAsn.h" #include "acl/DestinationDomain.h" #include "acl/DestinationIp.h" #include "acl/DomainData.h" #if USE_AUTH #include "acl/ExtUser.h" #endif #include "acl/FilledChecklist.h" #include "acl/Gadgets.h" +#include "acl/HasComponent.h" +#include "acl/HasComponentData.h" #include "acl/HierCode.h" #include "acl/HierCodeData.h" #include "acl/HttpHeaderData.h" #include "acl/HttpRepHeader.h" #include "acl/HttpReqHeader.h" #include "acl/HttpStatus.h" #include "acl/IntRange.h" #include "acl/Ip.h" #include "acl/LocalIp.h" #include "acl/LocalPort.h" #include "acl/MaxConnection.h" #include "acl/Method.h" #include "acl/MethodData.h" #include "acl/MyPortName.h" #include "acl/Note.h" #include "acl/NoteData.h" #include "acl/PeerName.h" #include "acl/Protocol.h" #include "acl/ProtocolData.h" #include "acl/Random.h" #include "acl/Referer.h" #include "acl/RegexData.h" #include "acl/ReplyHeaderStrategy.h" #include "acl/ReplyMimeType.h" #include "acl/RequestHeaderStrategy.h" #include "acl/RequestMimeType.h" #include "acl/SourceAsn.h" #include "acl/SourceDomain.h" #include "acl/SourceIp.h" #include "acl/SquidError.h" @@ -217,30 +219,33 @@ ACLMaxUserIP ACLMaxUserIP::RegistryEntry ACL::Prototype ACLTag::RegistryProtoype(::RegistryEntry_, "tag"); ACLStrategised ACLTag::RegistryEntry_(new ACLStringData, ACLTagStrategy::Instance(), "tag"); ACL::Prototype Acl::AnyOf::RegistryProtoype(::AnyOf::RegistryEntry_, "any-of"); Acl::AnyOf Acl::AnyOf::RegistryEntry_; ACL::Prototype Acl::AllOf::RegistryProtoype(::AllOf::RegistryEntry_, "all-of"); Acl::AllOf Acl::AllOf::RegistryEntry_; ACL::Prototype ACLNote::RegistryProtoype(::RegistryEntry_, "note"); ACLStrategised ACLNote::RegistryEntry_(new ACLNoteData, ACLNoteStrategy::Instance(), "note"); ACL::Prototype ACLAnnotateClient::RegistryProtoype(::RegistryEntry_, "annotate_client"); ACLStrategised ACLAnnotateClient::RegistryEntry_(new ACLAnnotationData, ACLAnnotateClientStrategy::Instance(), "annotate_client"); ACL::Prototype ACLAnnotateTransaction::RegistryProtoype(::RegistryEntry_, "annotate_transaction"); ACLStrategised ACLAnnotateTransaction::RegistryEntry_(new ACLAnnotationData, ACLAnnotateTransactionStrategy::Instance(), "annotate_transaction"); #if USE_ADAPTATION ACL::Prototype ACLAdaptationService::RegistryProtoype(::RegistryEntry_, "adaptation_service"); ACLStrategised ACLAdaptationService::RegistryEntry_(new ACLAdaptationServiceData, ACLAdaptationServiceStrategy::Instance(), "adaptation_service"); #endif ACL::Prototype ACLSquidError::RegistryProtoype(::RegistryEntry_, "squid_error"); ACLStrategised ACLSquidError::RegistryEntry_(new ACLSquidErrorData, ACLSquidErrorStrategy::Instance(), "squid_error"); ACL::Prototype Acl::ConnectionsEncrypted::RegistryProtoype(::ConnectionsEncrypted::RegistryEntry_, "connections_encrypted"); Acl::ConnectionsEncrypted Acl::ConnectionsEncrypted::RegistryEntry_("connections_encrypted"); +ACL::Prototype ACLHasComponent::RegistryProtoype(::RegistryEntry_, "has"); +ACLStrategised ACLHasComponent::RegistryEntry_(new ACLHasComponentData, ACLHasComponentStrategy::Instance(), "has"); + === added file 'src/acl/HasComponent.cc' --- src/acl/HasComponent.cc 1970-01-01 00:00:00 + +++ src/acl/HasComponent.cc 2017-05-15 19:04:56 + @@ -0,0 +1,28 @@ +/* + * Copyright (C) 1996-2017 The Squid Software Foundation and
[squid-dev] [PATCH] A new 'has' ACL
Hello, This patch implements a new 'has' ACL. This ACL detects presence of request, response or ALE transaction components. The feature specification and related discussion can be found at: http://lists.squid-cache.org/pipermail/squid-dev/2017-May/008559.html Regards, Eduard. A new 'has' ACL was implemented. This ACL detects presence of request, response or ALE transaction components. Since many ACLs require some of these components, lack of them in a transaction may spoil the check and confuse admin with warnings like "... ACL is used in context without an HTTP request". Using 'has' ACL should help dealing with these problems caused by component-less transactions. Also: addressed TODO in item #3 of trunk revision 14752. === modified file 'src/AclRegs.cc' --- src/AclRegs.cc 2017-01-30 12:46:15 + +++ src/AclRegs.cc 2017-04-30 11:11:06 + @@ -17,60 +17,62 @@ #include "acl/AdaptationService.h" #include "acl/AdaptationServiceData.h" #endif #include "acl/AllOf.h" #include "acl/AnnotateClient.h" #include "acl/AnnotateTransaction.h" #include "acl/AnnotationData.h" #include "acl/AnyOf.h" #if USE_SQUID_EUI #include "acl/Arp.h" #include "acl/Eui64.h" #endif #if USE_OPENSSL #include "acl/AtStep.h" #include "acl/AtStepData.h" #endif #include "acl/Asn.h" #include "acl/Browser.h" #include "acl/Checklist.h" #include "acl/ConnectionsEncrypted.h" #include "acl/Data.h" #include "acl/DestinationAsn.h" #include "acl/DestinationDomain.h" #include "acl/DestinationIp.h" #include "acl/DomainData.h" #if USE_AUTH #include "acl/ExtUser.h" #endif #include "acl/FilledChecklist.h" #include "acl/Gadgets.h" +#include "acl/HasComponent.h" +#include "acl/HasComponentData.h" #include "acl/HierCode.h" #include "acl/HierCodeData.h" #include "acl/HttpHeaderData.h" #include "acl/HttpRepHeader.h" #include "acl/HttpReqHeader.h" #include "acl/HttpStatus.h" #include "acl/IntRange.h" #include "acl/Ip.h" #include "acl/LocalIp.h" #include "acl/LocalPort.h" #include "acl/MaxConnection.h" #include "acl/Method.h" #include "acl/MethodData.h" #include "acl/MyPortName.h" #include "acl/Note.h" #include "acl/NoteData.h" #include "acl/PeerName.h" #include "acl/Protocol.h" #include "acl/ProtocolData.h" #include "acl/Random.h" #include "acl/Referer.h" #include "acl/RegexData.h" #include "acl/ReplyHeaderStrategy.h" #include "acl/ReplyMimeType.h" #include "acl/RequestHeaderStrategy.h" #include "acl/RequestMimeType.h" #include "acl/SourceAsn.h" #include "acl/SourceDomain.h" #include "acl/SourceIp.h" #include "acl/SquidError.h" @@ -217,30 +219,33 @@ ACLMaxUserIP ACLMaxUserIP::RegistryEntry ACL::Prototype ACLTag::RegistryProtoype(::RegistryEntry_, "tag"); ACLStrategised ACLTag::RegistryEntry_(new ACLStringData, ACLTagStrategy::Instance(), "tag"); ACL::Prototype Acl::AnyOf::RegistryProtoype(::AnyOf::RegistryEntry_, "any-of"); Acl::AnyOf Acl::AnyOf::RegistryEntry_; ACL::Prototype Acl::AllOf::RegistryProtoype(::AllOf::RegistryEntry_, "all-of"); Acl::AllOf Acl::AllOf::RegistryEntry_; ACL::Prototype ACLNote::RegistryProtoype(::RegistryEntry_, "note"); ACLStrategised ACLNote::RegistryEntry_(new ACLNoteData, ACLNoteStrategy::Instance(), "note"); ACL::Prototype ACLAnnotateClient::RegistryProtoype(::RegistryEntry_, "annotate_client"); ACLStrategised ACLAnnotateClient::RegistryEntry_(new ACLAnnotationData, ACLAnnotateClientStrategy::Instance(), "annotate_client"); ACL::Prototype ACLAnnotateTransaction::RegistryProtoype(::RegistryEntry_, "annotate_transaction"); ACLStrategised ACLAnnotateTransaction::RegistryEntry_(new ACLAnnotationData, ACLAnnotateTransactionStrategy::Instance(), "annotate_transaction"); #if USE_ADAPTATION ACL::Prototype ACLAdaptationService::RegistryProtoype(::RegistryEntry_, "adaptation_service"); ACLStrategised ACLAdaptationService::RegistryEntry_(new ACLAdaptationServiceData, ACLAdaptationServiceStrategy::Instance(), "adaptation_service"); #endif ACL::Prototype ACLSquidError::RegistryProtoype(::RegistryEntry_, "squid_error"); ACLStrategised ACLSquidError::RegistryEntry_(new ACLSquidErrorData, ACLSquidErrorStrategy::Instance(), "squid_error"); ACL::Prototype Acl::ConnectionsEncrypted::RegistryProtoype(::ConnectionsEncrypted::RegistryEntry_, "connections_encrypted"); Acl::ConnectionsEncrypted Acl::ConnectionsEncrypted::RegistryEntry_("connections_encrypted"); +ACL::Prototype ACLHasComponent::RegistryProtoype(::RegistryEntry_, "has"); +ACLStrategised ACLHasComponent::RegistryEntry_(new ACLHasComponentData, ACLHasComponentStrategy::Instance(), "has"); + === added file 'src/acl/HasComponent.cc' --- src/acl/HasComponent.cc 1970-01-01 00:00:00 + +++ src/acl/HasComponent.cc 2017-05-04 14:28:12 + @@ -0,0 +1,28 @@ +/* + * Copyright (C) 1996-2017 The Squid Software Foundation and contributors + * + * Squid software is distributed under GPLv2+ license and includes + * contributions from numerous individuals and organizations. + * Please see