as suggested in #212, it seems the majority of people don't understand
that input was expected to be in regex format and people were using
filter lists containing plain hostnames, e.g. `www.google.com`.
apart from that, using fnmatch() for matching is actually a lot less
computationally expensive and allows to use big blacklists without
incurring a huge performance hit.
the config file now understands a new option `FilterType` which can
be one of `bre`, `ere` and `fnmatch`.
The `FilterExtended` option was deprecated in favor of it.
It still works, but will be removed in the release after the next.
Try all the addresses specified with Bind in order. This is necessary
e.g. for maintaining IPv4+6 connectivity while still being restricted to
one interface.
the file docs/filter-howto.txt was removed, as it contained misleading
information since it was first checked in.
it suggests the syntax for filter rules is fnmatch()-like, when in
fact they need to be specified as posix regular expressions.
additionally it contained a lot of utterly unrelated and irrelevant/
outdated text.
a few examples with the correct syntax have now been added to
tinyproxy.conf.5 manpage.
closes#212
it turned out that the upstream section in tinyproxy.conf.5 wasn't rendered
properly, because in asciidoc items following a list item are always explicitly
appended to the last list item.
after several hours of finding a workaround, it was decided to change the
manpage generator to pod2man instead.
as pod2man ships together with any perl base install, it should be available
on almost every UNIX system, unlike asciidoc which requires installation
of a huge set of dependencies (more than 1.3 GB on Ubuntu 16.04), and the
replacement asciidoctor requires a ruby installation plus a "gem" (which is
by far better than asciidoc, but still more effort than using the already
available pod2man).
tinyproxy's hard requirement of a2x (asciidoctor) for building from source
caused rivers of tears (and dozens of support emails/issues) in the past, but
finally we get rid of it. a tool such as a2x with its XML based bloat-
technology isn't really suited to go along with a supposedly lightweight
C program.
if it ever turns out that even pod2man is too heavy a dependency, we could
still write our own replacement in less than 50 lines of awk, as the pod
syntax is very low level and easy to parse.
using --disable-manpage-support it's finally possibly to disable
the formerly obligatory use of a2x to generate the manpage
documentation.
this is the final solution to the decade old problem that users need
to install the enormous asciidoc package to compile TINYproxy from
source, or otherwise get a build error, even though the vast majority
is only interested in the program itself.
solution was inspired by PR #179.
closes#179closes#111
note that since 1.10.0 release the generated release tarball includes
the generated manpages too; in which case neither the use of a2x
nor --disable-manpage-support is required.
according to https://www.gnu.org/prep/standards/html_node/Standard-Targets.html#Standard-Targets
`maintainer-clean` is the proper make target for files that are distributed
in a release tarball:
> The ‘maintainer-clean’ target is intended to be used by a maintainer of the
> package, not by ordinary users.
> You may need special tools to reconstruct some of the files that
> ‘make maintainer-clean’ deletes.
this prevents users without a2x or asciidoctor from losing their ability to
recompile tinyproxy after `make clean`, but it also means that users wanting
to regenerate the documentation need to run `make maintainer-clean`.
asciidoctor is a modern replacement for asciidoc and much more lightweight,
issuing "apt-get install asciidoc" on ubuntu 16.04 results in an attempt to
install more than 1.3 GB of dependencies.
tinyproxy used to do a full hostname resolution whenever a new client
connection happened, which could cause very long delays (as reported in #198).
there's only a single place/scenario that actually requires a hostname, and
that is when an Allow/Deny rule exists for a hostname or domain, rather than
a raw IP address. since it is very likely this feature is not very widely used,
it makes absolute sense to only do the costly resolution when it is unavoidable.
the existing codebase used an elaborate and complex approach for
its parallelism:
5 different config file options, namely
- MaxClients
- MinSpareServers
- MaxSpareServers
- StartServers
- MaxRequestsPerChild
were used to steer how (and how many) parallel processes tinyproxy
would spin up at start, how many processes at each point needed to
be idle, etc.
it seems all preforked processes would listen on the server port
and compete with each other about who would get assigned the new
incoming connections.
since some data needs to be shared across those processes, a half-
baked "shared memory" implementation was provided for this purpose.
that implementation used to use files in the filesystem, and since
it had a big FIXME comment, the author was well aware of how hackish
that approach was.
this entire complexity is now removed. the main thread enters
a loop which polls on the listening fds, then spins up a new
thread per connection, until the maximum number of connections
(MaxClients) is hit. this is the only of the 5 config options
left after this cleanup. since threads share the same address space,
the code necessary for shared memory access has been removed.
this means that the other 4 mentioned config option will now
produce a parse error, when encountered.
currently each thread uses a hardcoded default of 256KB per thread
for the thread stack size, which is quite lavish and should be
sufficient for even the worst C libraries, but people may want
to tweak this value to the bare minimum, thus we may provide a new
config option for this purpose in the future.
i suspect that on heavily optimized C libraries such a musl, a
stack size of 8-16 KB per thread could be sufficient.
since the existing list implementation in vector.c did not provide
a way to remove a single item from an existing list, i added my
own list implementation from my libulz library which offers this
functionality, rather than trying to add an ad-hoc, and perhaps
buggy implementation to the vector_t list code. the sblist
code is contained in an 80 line C file and as simple as it can get,
while offering good performance and is proven bugfree due to years
of use in other projects.
I.e., add a tinyproxy subdirectory.
This is meant to ease running tinyproxy as non-root user.
The subdirectory can be used to give the tinyproxy user
write permission.
Michael
i.e. add a tinyproxy subdirectory.
This is meant to ease running tinyproxy as non-root user
the subdirectory can be used to give the tinyproxy user
write permission.
Michael
asciidoc is necessary as the version number is added during
configure into the asciidoc manpage sources. So simply bundling
a pre-generated manpage won't do.
