mån 2006-05-22 klockan 11:46 -0300 skrev Gonzalo Arana: > Reordering and combining perhaps? Allowing combining would raise the > number of cached entries invalidations from N-2 to (2**N)-2 (I am not > counting current reply as an invalidation).
The big problem is the lookup, which we want to keep quick..
Invalidation is not strictly needed, depending on the lookup order. As
long as the lookup gives less detail higher priority there is no
conflict (only unneeded entries in the extacl cache).
To be able to make sane lookup structures it is very beneficial if the
data can be structured in a path like structure. This worked out quite
okay except that there is acl types where the acl arguments (the data in
the acl statement) is more important than some request details
(external_acl_type format tags)...
> The format tag should expand to some string we are sure is not present
> in any other tags, which is something difficult to assure since we
> have %{Header:member} tag. Adding 'level' support for external acl
> cache implies the request/reply pair need some higher level structure
> (say XML, or HTTP-alike), unless I am missing something.
I am not sure I see the problem you refer to. Can you eloberate a bit on
what kind of problem you see?
Draft patch attached. This patch adds %DATA expanding into the acl
arguments (and %ACL expanding into the acl name for completeness).
Problem: %DATA have a slight problem with whitespace characters if the
helper is to handle arguments with whitespace AND multiple arguments in
the same acl type.. as currently written they both looks the same in the
%DATA expansion.. (a space character, appropriately encoded per the
helper protocol).
Which reminds me.. external acl helper protocol should be switched by
detault to the 3.0 format for 2.6. The "shell escaped" format used in
2.5 was a bit of mistake.. (looks pleasing to humans, but is quite ugly
to computers)
The "level" adds structure to the requests by allowing it to be
structured in a path like manner when needed by introducing the level
separators in the request format.
%DST %| %PATH
Problems:
The helper is assumed to know the key levels defined in
external_acl_type. These are not reflected in the request data. Not sure
this actually is a problem, but results may be odd if the admin
configures his external_acl_type differently than expected by the
helper..
With the lack of %DATA above this approach fails if the data from the
acl is more important than some request details.
Another approach would be to mark the arguments per their key detail
level. With this approach %DATA is not needed as the request parameters
do not need to be sorted on their detail level and could even be
extended into alternate priorities. However it shares the first problem
above (if it is a problem..).
The key detail level markup provides the most flexible solution ofthe .
But may be too complex for the admin.. but I suppose nothing stops using
a combination to provide the best of both as the first is a subset of
the detail level markup, with the level increasing per level marker..
Regards
Henrik
? q
? src/q
Index: src/acl.c
===================================================================
RCS file: /cvsroot/squid/squid/src/acl.c,v
retrieving revision 1.295
diff -u -p -r1.295 acl.c
--- src/acl.c 17 May 2006 23:17:03 -0000 1.295
+++ src/acl.c 20 May 2006 15:40:33 -0000
@@ -1061,7 +1061,7 @@ aclParseAclLine(acl ** head)
break;
#endif
case ACL_EXTERNAL:
- aclParseExternal(&A->data);
+ aclParseExternal(&A->data, A->name);
break;
case ACL_URLGROUP:
aclParseWordList(&A->data);
Index: src/cf.data.pre
===================================================================
RCS file: /cvsroot/squid/squid/src/cf.data.pre,v
retrieving revision 1.313
diff -u -p -r1.313 cf.data.pre
--- src/cf.data.pre 18 May 2006 23:11:12 -0000 1.313
+++ src/cf.data.pre 20 May 2006 15:40:33 -0000
@@ -2031,6 +2031,9 @@ DOC_START
HTTP request header list member using ; as
list separator. ; can be any non-alphanumeric
character.
+ %ACL The ACL name
+ %DATA The ACL arguments. If not used then any arguments
+ is automatically added at the end
In addition, any string specified in the referencing acl will
also be included in the helper request line, after the specified
Index: src/external_acl.c
===================================================================
RCS file: /cvsroot/squid/squid/src/external_acl.c,v
retrieving revision 1.21
diff -u -p -r1.21 external_acl.c
--- src/external_acl.c 17 May 2006 23:17:04 -0000 1.21
+++ src/external_acl.c 20 May 2006 15:40:33 -0000
@@ -120,6 +120,8 @@ struct _external_acl_format {
EXT_ACL_USER_CERT_RAW,
EXT_ACL_USER_CERTCHAIN_RAW,
#endif
+ EXT_ACL_ACL,
+ EXT_ACL_DATA,
EXT_ACL_END
} type;
external_acl_format *next;
@@ -292,7 +294,11 @@ parse_externalAclHelper(external_acl **
format->header = xstrdup(token + 9);
}
#endif
- else {
+ else if (strcmp(token, "%ACL") == 0) {
+ format->type = EXT_ACL_ACL;
+ } else if (strcmp(token, "%DATA") == 0) {
+ format->type = EXT_ACL_DATA;
+ } else {
self_destruct();
}
*p = format;
@@ -371,6 +377,8 @@ dump_externalAclHelper(StoreEntry * sent
storeAppendPrintf(sentry, " %%CA_CERT_%s", format->header);
break;
#endif
+ DUMP_EXT_ACL_TYPE(ACL);
+ DUMP_EXT_ACL_TYPE(DATA);
case EXT_ACL_UNKNOWN:
case EXT_ACL_END:
fatal("unknown external_acl format error");
@@ -413,6 +421,7 @@ find_externalAclHelper(const char *name)
struct _external_acl_data {
external_acl *def;
+ const char *name;
wordlist *arguments;
};
@@ -427,7 +436,7 @@ free_external_acl_data(void *data)
}
void
-aclParseExternal(void *dataptr)
+aclParseExternal(void *dataptr, const char *name)
{
external_acl_data **datap = dataptr;
external_acl_data *data;
@@ -439,6 +448,7 @@ aclParseExternal(void *dataptr)
token = strtok(NULL, w_space);
if (!token)
self_destruct();
+ data->name = name;
data->def = find_externalAclHelper(token);
cbdataLock(data->def);
if (!data->def)
@@ -567,6 +577,7 @@ makeExternalAclKey(aclCheck_t * ch, exte
request_t *request = ch->request;
String sb = StringNull;
memBufReset(&mb);
+ int data_used = 0;
for (format = acl_data->def->format; format; format = format->next) {
const char *str = NULL;
switch (format->type) {
@@ -647,6 +658,29 @@ makeExternalAclKey(aclCheck_t * ch, exte
}
break;
#endif
+ case EXT_ACL_DATA:
+ data_used = 1;
+ for (arg = acl_data->arguments; arg; arg = arg->next) {
+ if (arg != acl_data->arguments)
+ stringAppend(&sb, " ", 1);
+ if (acl_data->def->quote == QUOTE_METHOD_URL) {
+ const char *quoted = rfc1738_escape(arg->key);
+ stringAppend(&sb, quoted, strlen(quoted));
+ } else {
+ static MemBuf mb2 = MemBufNULL;
+ strwordquote(&mb2, arg->key);
+ stringAppend(&sb, mb2.buf, mb2.size);
+ memBufClean(&mb2);
+ }
+ first = 0;
+ }
+ str = strBuf(sb);
+ break;
+
+ case EXT_ACL_ACL:
+ str = acl_data->name;
+ break;
+
case EXT_ACL_UNKNOWN:
case EXT_ACL_END:
fatal("unknown external_acl format error");
@@ -668,16 +702,18 @@ makeExternalAclKey(aclCheck_t * ch, exte
stringClean(&sb);
first = 0;
}
- for (arg = acl_data->arguments; arg; arg = arg->next) {
- if (!first)
- memBufAppend(&mb, " ", 1);
- if (acl_data->def->quote == QUOTE_METHOD_URL) {
- const char *quoted = rfc1738_escape(arg->key);
- memBufAppend(&mb, quoted, strlen(quoted));
- } else {
- strwordquote(&mb, arg->key);
+ if (!data_used) {
+ for (arg = acl_data->arguments; arg; arg = arg->next) {
+ if (!first)
+ memBufAppend(&mb, " ", 1);
+ if (acl_data->def->quote == QUOTE_METHOD_URL) {
+ const char *quoted = rfc1738_escape(arg->key);
+ memBufAppend(&mb, quoted, strlen(quoted));
+ } else {
+ strwordquote(&mb, arg->key);
+ }
+ first = 0;
}
- first = 0;
}
return mb.buf;
}
Index: src/protos.h
===================================================================
RCS file: /cvsroot/squid/squid/src/protos.h,v
retrieving revision 1.464
diff -u -p -r1.464 protos.h
--- src/protos.h 18 May 2006 23:11:12 -0000 1.464
+++ src/protos.h 20 May 2006 15:40:33 -0000
@@ -1359,7 +1359,7 @@ extern void WIN32_Exit(void);
extern void parse_externalAclHelper(external_acl **);
extern void dump_externalAclHelper(StoreEntry * sentry, const char *name, const external_acl *);
extern void free_externalAclHelper(external_acl **);
-extern void aclParseExternal(void *curlist);
+extern void aclParseExternal(void *curlist, const char *name);
extern void aclDestroyExternal(void **curlust);
extern int aclMatchExternal(void *dataptr, aclCheck_t * ch);
extern wordlist *aclDumpExternal(void *dataptr);
signature.asc
Description: Detta är en digitalt signerad meddelandedel
