--------------------- PatchSet 11660 Date: 2007/09/10 04:19:49 Author: hno Branch: HEAD Tag: (none) Log: http_port allow-direct option to allow direct forwarding in accelerator mode normally direct forwarding is disabled in accelerator mode unless overridden by always_direct, to avoid unintentional security loops. But there is setups where it makes sense to not have this restriction as this has effects on peer selection as well. Members: src/cache_cf.c:1.472->1.473 src/cf.data.pre:1.419->1.420 src/client_side.c:1.737->1.738 src/peer_select.c:1.133->1.134 src/structs.h:1.522->1.523 Index: squid/src/cache_cf.c =================================================================== RCS file: /cvsroot/squid/squid/src/cache_cf.c,v retrieving revision 1.472 retrieving revision 1.473 diff -u -r1.472 -r1.473 --- squid/src/cache_cf.c 3 Sep 2007 04:41:23 -0000 1.472 +++ squid/src/cache_cf.c 10 Sep 2007 04:19:49 -0000 1.473 @@ -1,6 +1,6 @@ /* - * $Id: cache_cf.c,v 1.472 2007/09/03 04:41:23 hno Exp $ + * $Id: cache_cf.c,v 1.473 2007/09/10 04:19:49 hno Exp $ * * DEBUG: section 3 Configuration File Parsing * AUTHOR: Harvest Derived @@ -2782,6 +2782,8 @@ } else if (strcmp(token, "act-as-origin") == 0) { s->act_as_origin = 1; s->accel = 1; + } else if (strcmp(token, "allow-direct") == 0) { + s->allow_direct = 1; } else { self_destruct(); } Index: squid/src/cf.data.pre =================================================================== RCS file: /cvsroot/squid/squid/src/cf.data.pre,v retrieving revision 1.419 retrieving revision 1.420 diff -u -r1.419 -r1.420 --- squid/src/cf.data.pre 5 Sep 2007 21:48:01 -0000 1.419 +++ squid/src/cf.data.pre 10 Sep 2007 04:19:49 -0000 1.420 @@ -1,6 +1,6 @@ # -# $Id: cf.data.pre,v 1.419 2007/09/05 21:48:01 hno Exp $ +# $Id: cf.data.pre,v 1.420 2007/09/10 04:19:49 hno Exp $ # # SQUID Web Proxy Cache http://www.squid-cache.org/ # ---------------------------------------------------------- @@ -1022,6 +1022,10 @@ vport=NN As above, but uses specified port number rather than the http_port number. Implies accel. + allow-direct Allow direct forwarding in accelerator mode. Normally + accelerated requests is denied direct forwarding as it + never_direct was used. + urlgroup= Default urlgroup to mark requests with (see also acl urlgroup and url_rewrite_program) Index: squid/src/client_side.c =================================================================== RCS file: /cvsroot/squid/squid/src/client_side.c,v retrieving revision 1.737 retrieving revision 1.738 diff -u -r1.737 -r1.738 --- squid/src/client_side.c 3 Sep 2007 13:09:47 -0000 1.737 +++ squid/src/client_side.c 10 Sep 2007 04:19:49 -0000 1.738 @@ -1,6 +1,6 @@ /* - * $Id: client_side.c,v 1.737 2007/09/03 13:09:47 hno Exp $ + * $Id: client_side.c,v 1.738 2007/09/10 04:19:49 hno Exp $ * * DEBUG: section 33 Client-side Routines * AUTHOR: Duane Wessels @@ -3800,6 +3800,7 @@ request->flags.tproxy = conn->port->tproxy && need_linux_tproxy; #endif request->flags.accelerated = http->flags.accel; + request->flags.no_direct = request->flags.accelerated ? !conn->port->allow_direct : 0; request->flags.transparent = http->flags.transparent; /* * cache the Content-length value in request_t. Index: squid/src/peer_select.c =================================================================== RCS file: /cvsroot/squid/squid/src/peer_select.c,v retrieving revision 1.133 retrieving revision 1.134 diff -u -r1.133 -r1.134 --- squid/src/peer_select.c 25 Feb 2007 11:09:19 -0000 1.133 +++ squid/src/peer_select.c 10 Sep 2007 04:19:49 -0000 1.134 @@ -1,6 +1,6 @@ /* - * $Id: peer_select.c,v 1.133 2007/02/25 11:09:19 hno Exp $ + * $Id: peer_select.c,v 1.134 2007/09/10 04:19:49 hno Exp $ * * DEBUG: section 44 Peer Selection Algorithm * AUTHOR: Duane Wessels @@ -266,7 +266,7 @@ return; } else if (ps->never_direct > 0) { ps->direct = DIRECT_NO; - } else if (request->flags.accelerated) { + } else if (request->flags.no_direct) { ps->direct = DIRECT_NO; } else if (request->flags.loopdetect) { ps->direct = DIRECT_YES; Index: squid/src/structs.h =================================================================== RCS file: /cvsroot/squid/squid/src/structs.h,v retrieving revision 1.522 retrieving revision 1.523 diff -u -r1.522 -r1.523 --- squid/src/structs.h 5 Sep 2007 20:03:08 -0000 1.522 +++ squid/src/structs.h 10 Sep 2007 04:19:50 -0000 1.523 @@ -1,6 +1,6 @@ /* - * $Id: structs.h,v 1.522 2007/09/05 20:03:08 hno Exp $ + * $Id: structs.h,v 1.523 2007/09/10 04:19:50 hno Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -374,6 +374,7 @@ unsigned int tproxy; #endif unsigned int act_as_origin; /* Fake Date: headers in accelerator mode */ + unsigned int allow_direct:1; /* Allow direct forwarding in accelerator mode */ }; #if USE_SSL @@ -1847,6 +1848,7 @@ #endif unsigned int collapsed:1; /* This request was collapsed. Don't trust the store entry to be valid */ unsigned int cache_validation:1; /* This request is an internal cache validation */ + unsigned int no_direct:1; /* Deny direct forwarding unless overriden by always_direct. Used in accelerator mode */ }; struct _link_list {