RE: acl bug/question

> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@hem.passagen.se]
> Sent: Sunday, April 29, 2001 10:59 AM
> To: Robert Collins
> Cc: squid-dev@squid-cache.org
> Subject: Re: acl bug/question
>
>
> Actually I think it is the proxy_auth ACL doing the inconsistent thing
> here.. but sure what you propose makes sense and would simplify
> aclCheck() a bit (no need to investigate if lookups are
> required unless
> aclMatchAclList() said it is)

*grin* The reason that question came up is I needed to remove all the
ACL type enums from acl.c to allow truely modular ACL's. Thus the
callbacks to call etc needed to be abstracted. Thanks for confirming
that the current code isn't quite right... I will now finish up the
modularisation of acl.c (we should be able to build a proxy_auth-less
squid (like you tried to when auth_rewrite first got merged in) very
shortly).

Rob
 
> --
> Henrik
>
> Robert Collins wrote:
> >
> > Some of the ACL tests that need lookups - such as dst ip
> tests, where we
> > need to do the name->ip lookup, return 0 for no match,
> rather than -1
> > for can't compare.
> >
> > Is this correct? It means that we will get false
> passes/misses on the
> > first test.
> >
> > Any objection to these pausing the request until the lookup
> is done? It
> > will make some of the modular code a little easier (because
> we won't be
> > overloading the meaning of the response codes).
> >
> > (The response codes are basically
> > 0 - no match
> > 1 - match
> > -1 - can't test.
> >
> > -1 is currently only used by the auth code, IMO it should
> be used by any
> > acl match routine that needs to do a lookup.
> >
> > Rob
>
>
Received on Sun Apr 29 2001 - 02:45:57 MDT