aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorScott Ullrich <sullrich@pfsense.org>2008-08-18 18:12:16 +0000
committerScott Ullrich <sullrich@pfsense.org>2008-08-18 18:12:16 +0000
commitd3c2c35087e544c22a4f2defa4fbc54544ceabcf (patch)
treebf230d4b929241b46d351bbb75ea803b973a472c
parenteb61ec56bc64b2087fff50eaef08480c2ad4c066 (diff)
downloadpfsense-packages-d3c2c35087e544c22a4f2defa4fbc54544ceabcf.tar.gz
pfsense-packages-d3c2c35087e544c22a4f2defa4fbc54544ceabcf.tar.bz2
pfsense-packages-d3c2c35087e544c22a4f2defa4fbc54544ceabcf.zip
Update package with latest
-rw-r--r--packages/squid3/squid.inc68
-rw-r--r--packages/squid3/squid.xml11
-rw-r--r--packages/squid3/squid_cache.xml14
-rw-r--r--packages/squid3/squid_traffic.xml21
4 files changed, 106 insertions, 8 deletions
diff --git a/packages/squid3/squid.inc b/packages/squid3/squid.inc
index 33be0fa9..2c62b5f3 100644
--- a/packages/squid3/squid.inc
+++ b/packages/squid3/squid.inc
@@ -309,9 +309,18 @@ function squid_validate_general($post, $input_errors) {
}
if (($post['transparent_proxy'] != 'on') && ($post['private_subnet_proxy_off'] == 'on')) {
- $input_errors[] = "You can not disable forwarding traffic to private subnets to the proxy server without using the transparent proxy.";
+ $input_errors[] = "You can not enable forwarding traffic to private subnets to the proxy server without using the transparent proxy.";
}
+ if(!empty($post['dns_nameservers'])) {
+ $altdns = explode(";", ($post['dns_nameservers']));
+// $conf .= "# Custom options\n";
+ foreach ($altdns as $dnssrv) {
+// $conf .= $custopt."\n";
+ if (!is_ipaddr($dnssrv))
+ $input_errors[] = 'You must enter a valid IP address in the \'Alternate DNS servers\' field';
+ }}
+
}
function squid_validate_upstream($post, $input_errors) {
@@ -351,6 +360,18 @@ function squid_validate_cache($post, $input_errors) {
if (!is_numeric($value) || ($value < 0))
$input_errors[] = 'You must enter a valid value for \'Minimum object size\'';
+ if (!empty($post['cache_swap_low'])) {
+ $value = trim($post['cache_swap_low']);
+ if (!is_numeric($value) || ($value > 100))
+ $input_errors[] = 'You must enter a valid value for \'Low-water-mark\'';
+ }
+
+ if (!empty($post['cache_swap_high'])) {
+ $value = trim($post['cache_swap_high']);
+ if (!is_numeric($value) || ($value > 100))
+ $input_errors[] = 'You must enter a valid value for \'High-water-mark\'';
+ }
+
if ($post['donotcache'] != "") {
foreach (split("\n", $post['donotcache']) as $host) {
$host = trim($host);
@@ -405,6 +426,25 @@ function squid_validate_traffic($post, $input_errors) {
if (!is_numeric($value) || ($value < 0))
$input_errors[] = "The field '$name' must contain a positive number";
}
+
+ if (!empty($post['quick_abort_min'])) {
+ $value = trim($post['quick_abort_min']);
+ if (!is_numeric($value))
+ $input_errors[] = "The field 'Finish when remaining KB' must contain a positive number";
+ }
+
+ if (!empty($post['quick_abort_max'])) {
+ $value = trim($post['quick_abort_max']);
+ if (!is_numeric($value))
+ $input_errors[] = "The field 'Abort when remaining KB' must contain a positive number";
+ }
+
+ if (!empty($post['quick_abort_pct'])) {
+ $value = trim($post['quick_abort_pct']);
+ if (!is_numeric($value) || ($value > 100))
+ $input_errors[] = "The field 'Finish when remaining %' must contain a percentaged value";
+ }
+
}
function squid_validate_auth($post, $input_errors) {
@@ -500,7 +540,6 @@ cache_effective_group proxy
error_directory $errordir
visible_hostname $hostname
cache_mgr $email
-
access_log $logdir_access
cache_log $logdir_cache
cache_store_log none
@@ -521,11 +560,21 @@ EOD;
}
if ($settings['disable_xforward']) $conf .= "forwarded_for off\n";
if ($settings['disable_via']) $conf .= "via off\n";
- if (!empty($settings['uri_whitespace'])) $conf .= "uri_whitespace {$settings['uri_whitespace']}\n";
+ $conf .= "uri_whitespace {$settings['uri_whitespace']}\n";
+
+ if(!empty($settings['dns_nameservers'])) {
+ $altdns = explode(";", ($settings['dns_nameservers']));
+ $conf .= "dns_nameservers ";
+ foreach ($altdns as $dnssrv) {
+ $conf .= $dnssrv." ";
+ }
+// $conf .= "\n";
+ }
return $conf;
}
+
function squid_resync_cache() {
global $config;
@@ -552,11 +601,14 @@ offline_mode $offline_mode
EOD;
+ if (!empty($settings['cache_swap_low'])) $conf .= "cache_swap_low {$settings['cache_swap_low']}\n";
+ if (!empty($settings['cache_swap_high'])) $conf .= "cache_swap_high {$settings['cache_swap_high']}\n";
+
$donotcache = base64_decode($settings['donotcache']);
if (!empty($donotcache)) {
file_put_contents(SQUID_ACLDIR . '/donotcache.acl', $donotcache);
$conf .= 'acl donotcache dstdomain "' . SQUID_ACLDIR . "/donotcache.acl\"\n";
- $conf .= 'no_cache deny donotcache';
+ $conf .= 'cache deny donotcache';
}
return $conf;
@@ -600,8 +652,8 @@ function squid_resync_nac() {
$conf = <<<EOD
# Setup some default acls
-acl all src 0.0.0.0/0
-acl localhost src 127.0.0.1
+acl all src 0.0.0.0/0.0.0.0
+acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 $webgui_port 1025-65535
acl sslports port 443 563 $webgui_port
acl manager proto cache_object
@@ -662,6 +714,10 @@ function squid_resync_traffic() {
$settings = $config['installedpackages']['squidtraffic']['config'][0];
$conf = '';
+ if (!empty($settings['quick_abort_min']) || ($settings['quick_abort_min']) == "0") $conf .= "quick_abort_min {$settings['quick_abort_min']} KB\n";
+ if (!empty($settings['quick_abort_max']) || ($settings['quick_abort_max']) == "0") $conf .= "quick_abort_max {$settings['quick_abort_max']} KB\n";
+ if (!empty($settings['quick_abort_pct'])) $conf .= "quick_abort_pct {$settings['quick_abort_pct']}\n";
+
$up_limit = ($settings['max_upload_size'] ? $settings['max_upload_size'] : 0);
$down_limit = ($settings['max_download_size'] ? $settings['max_download_size'] : 0);
$conf .= "request_body_max_size $up_limit KB\n";
diff --git a/packages/squid3/squid.xml b/packages/squid3/squid.xml
index 5c19d96f..b05a2e62 100644
--- a/packages/squid3/squid.xml
+++ b/packages/squid3/squid.xml
@@ -238,11 +238,11 @@
<field>
<fielddescr>Disable VIA</fielddescr>
<fieldname>disable_via</fieldname>
- <description>If not set, Squid will include a Via header in requests and replies.</description>
+ <description>If not set, Squid will include a Via header in requests and replies as required by RFC2616.</description>
<type>checkbox</type>
</field>
<field>
- <fielddescr>What to do with requests that have whitespace characters in the URI.</fielddescr>
+ <fielddescr>What to do with requests that have whitespace characters in the URI</fielddescr>
<fieldname>uri_whitespace</fieldname>
<description>&lt;b&gt; strip:&lt;/b&gt; The whitespace characters are stripped out of the URL. This is the behavior recommended by RFC2396. &lt;p&gt; &lt;b&gt; deny:&lt;/b&gt; The request is denied. The user receives an "Invalid Request" message.&lt;p&gt; &lt;b&gt; allow:&lt;/b&gt; The request is allowed and the URI is not changed. The whitespace characters remain in the URI.&lt;p&gt; &lt;b&gt; encode:&lt;/b&gt; The request is allowed and the whitespace characters are encoded according to RFC1738.&lt;p&gt; &lt;b&gt; chop:&lt;/b&gt; The request is allowed and the URI is chopped at the first whitespace.</description>
<type>select</type>
@@ -271,6 +271,13 @@
</options>
</field>
<field>
+ <fielddescr>Use alternate DNS-servers for the proxy-server</fielddescr>
+ <fieldname>dns_nameservers</fieldname>
+ <description>If you want to use other DNS-servers than the DNS-forwarder, enter the IPs here, separated by semi-colons (;).</description>
+ <type>input</type>
+ <size>60</size>
+ </field>
+ <field>
<fielddescr>Custom Options</fielddescr>
<fieldname>custom_options</fieldname>
<description>You can put your own custom options here, separated by semi-colons (;). They'll be added to the configuration. They need to be squid.conf native options, otherwise squid will NOT work.</description>
diff --git a/packages/squid3/squid_cache.xml b/packages/squid3/squid_cache.xml
index 861f96b8..6f6c0388 100644
--- a/packages/squid3/squid_cache.xml
+++ b/packages/squid3/squid_cache.xml
@@ -165,6 +165,20 @@
</options>
</field>
<field>
+ <fielddescr>Low-water-mark in %</fielddescr>
+ <fieldname>cache_swap_low</fieldname>
+ <description>Cache replacement begins when the swap usage is above the low-low-water mark and attempts to maintain utilisation near the low-water-mark.</description>
+ <type>input</type>
+ <default_value>90</default_value>
+ </field>
+ <field>
+ <fielddescr>High-water-mark in %</fielddescr>
+ <fieldname>cache_swap_high</fieldname>
+ <description>As swap utilisation gets close to the high-water-mark object eviction becomes more aggressive.</description>
+ <type>input</type>
+ <default_value>95</default_value>
+ </field>
+ <field>
<fielddescr>Do not cache</fielddescr>
<fieldname>donotcache</fieldname>
<description>Enter each domain or IP address on a new line that should never be cached.</description>
diff --git a/packages/squid3/squid_traffic.xml b/packages/squid3/squid_traffic.xml
index 1556be66..1330cac9 100644
--- a/packages/squid3/squid_traffic.xml
+++ b/packages/squid3/squid_traffic.xml
@@ -146,6 +146,27 @@
<type>input</type>
<size>60</size>
</field>
+ <field>
+ <fielddescr>Finish transfer if less than x KB remaining</fielddescr>
+ <fieldname>quick_abort_min</fieldname>
+ <description>If the transfer has less than x KB remaining, it will finish the retrieval. Set to 0 to abort the transfer immediately.</description>
+ <type>input</type>
+ <default_value>0</default_value>
+ </field>
+ <field>
+ <fielddescr>Abort transfer if more than x KB remaining</fielddescr>
+ <fieldname>quick_abort_max</fieldname>
+ <description>If the transfer has more than x KB remaining, it will abort the retrieval. Set to 0 to abort the transfer immediately.</description>
+ <type>input</type>
+ <default_value>0</default_value>
+ </field>
+ <field>
+ <fielddescr>Finish transfer if more than x % finished</fielddescr>
+ <fieldname>quick_abort_pct</fieldname>
+ <description>If more than x % of the transfer has completed, it will finish the retrieval.</description>
+ <type>input</type>
+ <default_value>0</default_value>
+ </field>
</fields>
<custom_php_validation_command>
squid_validate_traffic($_POST, &amp;$input_errors);