--- access_log.c.orig	Tue Jun 13 16:19:57 2000
+++ access_log.c	Mon May  7 23:27:29 2001
@@ -192,7 +192,7 @@ accessLogSquid(AccessLogEntry * al, MemB
 	client = fqdncache_gethostbyaddr(al->cache.caddr, FQDN_LOOKUP_IF_MISS);
     if (client == NULL)
 	client = inet_ntoa(al->cache.caddr);
-    memBufPrintf(mb, "%9d.%03d %6d %s %s/%03d %d %s %s %s %s%s/%s %s",
+    memBufPrintf(mb, "%9d.%03d %6d %s %s/%03d %d %s %s %s#%c %s%s/%s %s",
 	(int) current_time.tv_sec,
 	(int) current_time.tv_usec / 1000,
 	al->cache.msec,
@@ -203,6 +203,8 @@ accessLogSquid(AccessLogEntry * al, MemB
 	al->private.method_str,
 	al->url,
 	al->cache.ident,
+	al->acl_mark,		/* acl_mark char , trying to save compatibility 
+				   with old log format ident userid can use '#' RFC1413*/
 	al->hier.ping.timedout ? "TIMEOUT_" : "",
 	hier_strings[al->hier.code],
 	al->hier.host,
--- acl.c.orig	Tue Jun 13 16:19:57 2000
+++ acl.c	Mon May  7 22:58:50 2001
@@ -1,4 +1,3 @@
-
 /*
  * $Id: acl.c,v 1.205.2.17 2000/03/02 17:29:14 wessels Exp $
  *
@@ -642,6 +641,11 @@ aclParseAclLine(acl ** head)
     LOCAL_ARRAY(char, aclname, ACL_NAME_SZ);
     squid_acl acltype;
     int new_acl = 0;
+	/* mark stuff values  */
+    char *aclmark = NULL;
+    char mark_state;	/* ACL mark state [-/+] */
+    char mark_char;	/* marking charaster */
+    int mark_flag = 0;	/* 0 inactive(def), 1 - onlymark, 2 - mark + pass acl */
 
     /* snarf the ACL name */
     if ((t = strtok(NULL, w_space)) == NULL) {
@@ -651,6 +655,34 @@ aclParseAclLine(acl ** head)
 	return;
     }
     xstrncpy(aclname, t, ACL_NAME_SZ);
+
+   /* **************************************************
+      provide mark functionality , check ACLNAME for -/+ marks 
+      marking format acl name+mark:C , where C marking char 
+      name+mark , just mark if acl match ,
+      name-mark mark if acl and applay ACL.
+      added by sysman@sysman.net
+    */
+
+    if( (aclmark = (char *) strchr((char *) t,'+')) != NULL  ||
+        (aclmark = (char *) strchr((char *) t,'-')) != NULL ) 
+     {
+      xmemcpy(&mark_state, (char *) aclmark, 1);
+      (void) *aclmark++;
+
+     if( strncmp(aclmark,"mark",4) == 0 ) 
+      if(  (aclmark=(char *) strrchr((char *) t,':')) != NULL )
+        {
+         (void) *aclmark++; 
+         if( aclmark != NULL )
+	    { xmemcpy(&mark_char, (char *) aclmark, 1);
+              if(mark_state=='-') mark_flag = 1; /* just mark  */
+              if(mark_state=='+') mark_flag = 2; /* mark + acl */
+	    }
+	
+        }
+     } 			/* End acl marking parse  */
+
     /* snarf the ACL type */
     if ((t = strtok(NULL, w_space)) == NULL) {
 	debug(28, 0) ("%s line %d: %s\n",
@@ -671,6 +703,13 @@ aclParseAclLine(acl ** head)
 	A->type = acltype;
 	A->cfgline = xstrdup(config_input_line);
 	new_acl = 1;
+	if (mark_flag!=0)	/* of marking active */
+	{
+	 A->mark_flag=mark_flag;
+	 A->mark_char=mark_char;
+	 debug(28, 3) ("aclParseAclLine: acl_mark %c, marking by character [%c]\n",
+	                  mark_state,mark_char);
+	}
     } else {
 	if (acltype != A->type) {
 	    debug(28, 0) ("aclParseAclLine: ACL '%s' already exists with different type, skipping.\n", A->name);
@@ -1274,12 +1313,29 @@ aclMatchAcl(acl * ae, aclCheck_t * check
     const char *header;
     const char *browser;
     int k;
+    int aclresult=0;
+
     if (!ae)
 	return 0;
     debug(28, 3) ("aclMatchAcl: checking '%s'\n", ae->cfgline);
     switch (ae->type) {
     case ACL_SRC_IP:
-	return aclMatchIp(&ae->data, checklist->src_addr);
+	aclresult=aclMatchIp(&ae->data, checklist->src_addr);
+
+	if(ae->mark_flag==0)	/* if no marking, then work just like always */
+	 return aclresult;
+
+			/* make acl marking */
+ 	 if(aclresult) { 
+			 checklist->request->acl_mark = ae->mark_char;
+	 		 debug(28, 3) ("aclMatchAcl: SRC acl marked '%c'\n",ae->mark_char);
+
+	 		 if(ae->mark_flag==1) aclresult=0; 	
+			    /* if just mark+ , then SRC ACL always deny,
+			       else lets the ACL working like always */
+		       }
+
+	 return aclresult;
 	/* NOTREACHED */
     case ACL_MY_IP:
 	return aclMatchIp(&ae->data, checklist->my_addr);
@@ -1288,8 +1344,19 @@ aclMatchAcl(acl * ae, aclCheck_t * check
 	ia = ipcache_gethostbyname(r->host, IP_LOOKUP_IF_MISS);
 	if (ia) {
 	    for (k = 0; k < (int) ia->count; k++) {
-		if (aclMatchIp(&ae->data, ia->in_addrs[k]))
-		    return 1;
+
+		aclresult=aclMatchIp(&ae->data, ia->in_addrs[k]);
+		if (ae->mark_flag==0) 
+		      return aclresult;		/* like always */
+		
+		else { if(aclresult)
+			{
+			 checklist->request->acl_mark = ae->mark_char;
+	 	         debug(28, 3) ("aclMatchAcl: DST acl marked '%c'\n",ae->mark_char);
+			}
+		         if(ae->mark_flag==2) return aclresult; 
+			/* if mark+acl then true, else look more for acls */
+		     }
 	    }
 	    return 0;
 	} else if (checklist->state[ACL_DST_IP] == ACL_LOOKUP_NONE) {
--- cf.data.pre.orig	Tue Jun 13 16:19:57 2000
+++ cf.data.pre	Mon May  7 23:58:23 2001
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.159.2.40 2000/06/13 14:19:57 wessels Exp $
+# $Id: cf.data.pre,v 1.159.2.40 2001/09/13 22:23:14 sysman Exp $
 #
 #
 # SQUID Internet Object Cache  http://squid.nlanr.net/Squid/
@@ -1618,6 +1618,11 @@ DOC_START
 	acl aclname src      addr1-addr2/netmask ... (range of addresses)
 	acl aclname dst      ip-address/netmask ... (URL host's IP address)
 	acl aclname myip     ip-address/netmask ... (local socket IP address)
+	  # acl mark feature.
+	  # allow to add char mark in access.log if REUQEST pass some acl
+	  # read more in README.mark
+	acl aclname+mark:c src/dst ip-address/netmask # if pass acl mark request by letter 'c'
+	acl aclname-mark:c src/dst ip-address/netmask # if match acl just mark, and ignore acl
 
 	acl aclname srcdomain   .foo.com ...    # reverse lookup, client IP
 	acl aclname dstdomain   .foo.com ...    # Destination server from URL
--- client_side.c.orig	Mon May  7 23:36:25 2001
+++ client_side.c	Mon May  7 23:36:25 2001
@@ -1,4 +1,3 @@
-
 /*
  * $Id: client_side.c,v 1.459.2.45 2000/07/18 02:28:33 wessels Exp $
  *
@@ -151,6 +150,8 @@ clientAccessCheck(void *data)
     http->acl_checklist = aclChecklistCreate(Config.accessList.http,
 	http->request,
 	conn->ident);
+    debug(33, 5) ("clientAccessCheck: acl_mark = 0\n");
+    http->request->acl_mark=0;
 #if USE_IDENT
     /*
      * hack for ident ACL. It needs to get full addresses, and a
@@ -160,6 +161,7 @@ clientAccessCheck(void *data)
     cbdataLock(http->acl_checklist->conn);
 #endif
     aclNBCheck(http->acl_checklist, clientAccessCheckDone, http);
+/*    debug(33, 2) ("clientAccessCheck: acl_mark char [%d]\n",http->request->acl_mark); */
 }
 
 /*
@@ -678,6 +680,9 @@ httpRequestFree(void *data)
 	    http->al.http.version = request->http_ver;
 	    http->al.headers.request = xstrdup(mb.buf);
 	    http->al.hier = request->hier;
+	     debug(33, 5) ("httpRequestFree: acl_mark = %d\n",request->acl_mark);
+	     http->al.acl_mark = ( request->acl_mark==0 ? '-' : request->acl_mark );
+
 	    if (request->user_ident[0])
 		http->al.cache.ident = request->user_ident;
 	    else
--- structs.h.orig	Thu Mar 30 00:56:57 2000
+++ structs.h	Mon May  7 23:22:17 2001
@@ -123,6 +123,8 @@ struct _acl {
     squid_acl type;
     void *data;
     char *cfgline;
+    char mark_char;	// marking added by SysMan
+    int mark_flag;	// marking
     acl *next;
 };
 
@@ -157,6 +159,7 @@ struct _aclCheck_t {
 #endif
     PF *callback;
     void *callback_data;
+    char acl_mark;		/* mark by SysMan */
 };
 
 struct _aio_result_t {
@@ -818,6 +821,7 @@ struct _HierarchyLogEntry {
 
 struct _AccessLogEntry {
     const char *url;
+    char acl_mark;	// added by SysMan
     struct {
 	method_t method;
 	int code;
@@ -1429,6 +1433,7 @@ struct _request_t {
     char login[MAX_LOGIN_SZ];
     char host[SQUIDHOSTNAMELEN + 1];
     char user_ident[USER_IDENT_SZ];	/* from proxy auth or ident server */
+    char acl_mark;			/* acl mark */
     u_short port;
     String urlpath;
     char *canonical;
--- /dev/null	Mon Jul 18 02:46:18 1994
+++ ../README.aclmark	Mon May  7 23:59:25 2001
@@ -0,0 +1,42 @@
+Marking ACL's for SQUID Internet Object Cache
+http://squid.nlanr.net/Squid/
+Writed by Alex Petrov , sysman@sysman.net
+--------------------------------------------------------------------------
+General propose is to add marking in squid access.log for some
+destination/source ip/subnets on-the-fly, if they pass thru some acls.
+For example my proxy used for accessing INET,Intranet, and
+some neighbors-nets (local ISP zone with many different subnets,
+low cost subnets & etc...) and I want just to see in logs
+some marking for what zones.
+	It much faster instead of dns backward resolving during
+access.log parse and more effective to keep knowledge about 
+'which ip-zone it belongs to' after month time,
+then some hosts are deleted, or dns downed.
+This solutions just mark for me all that I need at once.
+For example 'O' is our intranet, 'V' branch intranet,
+'L' latvian subnets,'C' no-costs neighbors and soo on.
+My acl look like.  
+
+squid.conf
+acl dst OUR_subnet-mark:O "outnet.acl"
+acl dst VN_net-mark:V 192.168.0.0/16
+acl dst LV_only+mark:L "lvsquid.acl"
+acl dst regions+mark:C 10.1.1.0/24 10.2.2.0/24 10.3.3.0/24 172.16.14.0/24
+
+my access.log
+
+
+Marking acl samples:
+acl src name+mark:C ip ip ip
+#
+# mark if keyword in acl name
+# name+mark:c or name-mark:c 
+# where:
+# '-'  just mark if match acl.
+# '+'  mark & accept acl.
+#  c   marking charaster.
+#
+acl dst name+mark:L lvonly.ips
+acl dst name-mark:I intranet.ips
+#
+http://10.0.0.10/proxy/stat/