1 \input texinfo @c -*-texinfo-*-
3 @setfilename polipo.info
4 @settitle The Polipo Manual
8 @dircategory Network Applications
10 * Polipo: (polipo). The Polipo caching web proxy.
14 Copyright @copyright{} 2003 -- 2006 by Juliusz Chroboczek.
18 @title The Polipo Manual
19 @author Juliusz Chroboczek
22 Polipo is a caching web proxy designed to be used as a personal
23 cache or a cache shared among a few users.
33 @node Top, Background, (dir), (dir)
36 Polipo is a caching web proxy designed to be used as a personal
37 cache or a cache shared among a few users.
40 The latest version of Polipo can be found on
41 @uref{http://www.pps.jussieu.fr/~jch/software/polipo/,the Polipo web page}.
44 This manual was written by
45 @uref{http://www.pps.jussieu.fr/~jch/,,Juliusz Chroboczek}.
50 * Background:: Background information.
51 * Running:: Running Polipo
52 * Network:: Polipo and the network.
54 * Memory usage:: Limiting Polipo's memory usage.
55 * Copying:: Your rights and mine.
56 * Variable index:: Variable index.
57 * Concept index:: Concept index.
60 @node Background, Running, Top, Top
64 * The web:: The web and HTTP.
65 * Proxies and caches:: Proxies and caches.
66 * Latency and throughput:: Optimise latency, not throughput.
67 * Network traffic:: Be nice to the net.
68 * Partial instances:: Don't discard data.
69 * POST and PUT:: Other requests
70 * Other HTTP proxies:: Why did I write Polipo from scratch?
73 @node The web, Proxies and caches, Background, Background
74 @section The web and HTTP
81 The web is a wide-scale decentralised distributed hypertext system,
82 something that's obviously impossible to achieve reliably.
84 The web is a collection of @dfn{resources} which are identified by
85 @dfn{URLs}, strings starting with @code{http://}. At any point in
86 time, a resource has a certain value, which is called an
87 @dfn{instance} of the resource.
89 The fundamental protocol of the web is HTTP, a simple request/response
90 protocol. With HTTP, a client can make a request for a resource to a
91 server, and the server replies with an @dfn{entity}, which is an
92 on-the-wire representation of an instance or of a fragment thereof.
94 @node Proxies and caches, Latency and throughput, The web, Background
95 @section Proxies and caches
99 A proxy is a program that acts as both a client and a server. It
100 listens for client requests and forwards them to servers, and forwards
101 the servers' replies to clients.
103 An HTTP proxy can optimise web traffic away by @dfn{caching} server
104 replies, storing them in memory in case they are needed again. If a
105 reply has been cached, a later client request may, under some
106 conditions, be satisfied without going to the source again.
108 In addition to taking the shortcuts made possible by caching, proxies
109 can improve performance by generating better network traffic than the
110 client applications would do.
112 Proxies are also useful in ways unrelated to raw performance. A proxy
113 can be used to contact a server that are not visible to the browser,
114 for example because there is a firewall in the way (@pxref{Parent
115 proxies}), or because the client and the server use different lower
116 layer protocols (for example IPv4 and IPv6). Another common
117 application of proxies is to modify the data sent to servers and
118 returned to clients, for example by censoring headers that expose too
119 much about the client's identity (@pxref{Censoring headers}) or
120 removing advertisements from the data returned by the server
123 Polipo is a caching HTTP proxy that was originally designed as a
124 @dfn{personal} proxy, i.e. a proxy that is used by a single user or a
125 small group of users.
127 @node Latency and throughput, Network traffic, Proxies and caches, Background
128 @section Latency and throughput
132 Most network benchmarks consider @dfn{throughput}, or the average
133 amount of data being pushed around per unit of time. While important
134 for batch applications (for example benchmarks), average throughput is
135 mostly irrelevant when it comes to interactive web usage. What is more
136 important is a transaction's median @dfn{latency}, or whether the data
137 starts to trickle down before the user gets annoyed.
139 Typical web caches optimise for throughput --- for example, by
140 consulting sibling caches before accessing a remote resource. By
141 doing so, they significantly add to the median latency, and therefore
142 to the average user frustration.
144 Polipo was designed to minimise latency.
146 @node Network traffic, Partial instances, Latency and throughput, Background
147 @section Network traffic
149 The web was developed by people who were interested in text processing
150 rather than in networking and, accordingly, the first versions of the
151 HTTP protocol did not make very good use of network resources. The
152 main problem in HTTP/0.9 and early versions of HTTP/1.0 was that a
153 separate TCP connection (``virtual circuit'' for them telecom people)
154 was created for every entity transferred.
156 Opening multiple TCP connections has significant performance
157 implications. Most obviously, connection setup and teardown require
158 additional packet exchanges which increase network usage and, more
159 importantly, latency.
161 Less obviously, TCP is not optimised for that sort of usage. TCP aims
162 to avoid network @dfn{congestion}, a situation in which the network
163 becomes unusable due to overly aggressive traffic patterns. Thus, a
164 correct TCP implementation will very carefully probe the network at
165 the beginning of every connection. A TCP connection is therefore very
166 slow during the first couple of kilobytes transferred, and only gets
167 up to speed later. Because most HTTP entities are small (in the 1 to
168 10 kilobytes range), HTTP/0.9 uses TCP where it is most inefficient.
171 * Persistent connections:: Don't shut connections down.
172 * Pipelining:: Send a bunch of requests at once.
173 * Poor Mans Multiplexing:: Split requests.
176 @node Persistent connections, Pipelining, Network traffic, Network traffic
177 @subsection Persistent connections
178 @cindex Persistent connection
179 @cindex keep-alive connection
181 Later HTTP versions allow the transfer of multiple entities on a
182 single connection. A connection that carries multiple entities is
183 said to be @dfn{persistent} (or sometimes @dfn{keep-alive}).
184 Unfortunately, persistent connections are an optional feature of HTTP,
187 Polipo will attempt to use persistent connections on the server side,
188 and will honour persistent connection requests from clients.
190 @node Pipelining, Poor Mans Multiplexing, Persistent connections, Network traffic
191 @subsection Pipelining
194 With persistent connections it becomes possible to @dfn{pipeline} or
195 @dfn{stream} requests, i.e. to send multiple requests on a single
196 connection without waiting for the replies to come back. Because this
197 technique gets the requests to the server faster, it reduces latency.
198 Additionally, because multiple requests can often be sent in a single
199 packet, pipelining reduces network traffic.
201 Pipelining is a fairly common technique@footnote{The X11 protocol
202 fundamentally relies on pipelining. NNTP does support pipelining.
203 SMTP doesn't support pipelining, and ESMTP makes it an option. FTP
204 does support pipelining on the control connection.}, but it is not
205 supported by HTTP/1.0. HTTP/1.1 makes pipelining support compulsory
206 in every server implementation that can use persistent connections,
207 but there are a number of buggy servers that claim to implement
208 HTTP/1.1 but don't support pipelining.
210 Polipo carefully probes for pipelining support in a server and uses
211 pipelining if it believes that it is reliable.
213 Polipo also deeply enjoys being pipelined at by a
214 client@footnote{Other client-side implementations of HTTP that make
215 use of pipelining include @uref{http://www.opera.com/,,Opera}, recent
216 versions of @uref{http://www.mozilla.org,,Mozilla}, APT (the package
217 downloader used by @uref{http://www.debian.org,,Debian} GNU/Linux)
220 @node Poor Mans Multiplexing, , Pipelining, Network traffic
221 @subsection Poor Man's Multiplexing
222 @cindex Poor Man's Multiplexing
225 A major weakness of the HTTP protocol is its inability to share a
226 single connection between multiple simultaneous transactions --- to
227 @dfn{multiplex} a number of transactions over a single connection. In
228 HTTP, a client can either request all instances sequentially, which
229 significantly increases latency, or else open multiple concurrent
230 connections, with all the problems that this implies
231 (@pxref{Persistent connections}).
233 Poor Man's Multiplexing (PMM) is a technique that simulates
234 multiplexing by requesting an instance in multiple segments; because
235 the segments are fetched in independent transactions, they can be
236 interleaved with requests for other resources.
238 Obviously, PMM only makes sense in the presence of persistent
239 connections; additionally, it is only effective in the presence of
240 pipelining (@pxref{Pipelining}).
242 PMM poses a number of reliability issues. If the resource being
243 fetched is dynamic, it is quite possible that it will change between
244 segments; thus, an implementation making use of PMM needs to be able
245 to switch to full-resource retrieval when it detects a dynamic
248 Polipo supports PMM, but disables it by default (@pxref{PMM}).
250 @node Partial instances, POST and PUT, Network traffic, Background
251 @section Caching partial instances
252 @cindex partial instance
253 @cindex range request
255 A partial instance is an instance that is being cached but only part
256 of which is available in the local cache. There are three ways in
257 which partial instances can arise: client applications requesting only
258 part of an instance (Adobe's Acrobat Reader plugin is famous for
259 that), a server dropping a connection mid-transfer (because it is
260 short on resources, or, surprisingly often, because it is buggy), a
261 client dropping a connection (usually because the user pressed
264 When an instance is requested that is only partially cached, it is
265 possible to request just the missing data by using a feature of HTTP
266 known as a @dfn{range} request. While support for range requests is
267 optional, most servers honour them in case of static data (data that
268 are stored on disk, rather then being generated on the fly e.g.@: by a
271 Caching partial instances has a number of positive effects. Obviously,
272 it reduces the amount of data transmitted as the available data
273 needn't be fetched again. Because it prevents partial data from being
274 discarded, it makes it reasonable for a proxy to unconditionally abort
275 a download when requested by the user, and therefore reduces network
278 Polipo caches arbitrary partial instances in its in-memory cache. It
279 will only store the initial segment of a partial instance (from its
280 beginning up to its first hole) in its on-disk cache, though. In
281 either case, it will attempt to use range requests to fetch the
284 @node POST and PUT, Other HTTP proxies, Partial instances, Background
285 @section Other requests
290 @cindex OPTIONS request
291 @cindex PROPFIND request
293 The previous sections pretend that there is only one kind of request
294 in HTTP --- the @samp{GET} request. In fact, there are some others.
296 The @samp{HEAD} request method retrieves data about an resource. Polipo
297 does not normally use @samp{HEAD}, but will fall back to using it for
298 validation it if finds that a given server fails to cooperate with its
299 standard validation methods (@pxref{Cache transparency}). Polipo will
300 correctly reply to a client's @samp{HEAD} request.
302 The @samp{POST} method is used to request that the server should do
303 something rather than merely sending an entity; it is usually used
304 with HTML forms that have an effect@footnote{HTML forms should use the
305 @samp{GET} method when the form has no side-effect as this makes the
308 The @samp{PUT} method is used to replace an resource with a different
309 instance; it is typically used by web publishing applications.
311 @samp{POST} and @samp{PUT} requests are handled pretty much like
312 @samp{GET} and @samp{HEAD}; however, for various reasons, some
313 precautions must be taken. In particular, any cached data for the
314 resource they refer to must be discarded, and they can never be
317 Finally, HTTP/1.1 includes a convenient backdoor with the
318 @samp{CONNECT} method. For more information, please see
319 @ref{Tunnelling connections}.
321 Polipo does not currently handle the more exotic methods such as
322 @samp{OPTIONS} and @samp{PROPFIND}.
324 @node Other HTTP proxies, , POST and PUT, Background
325 @section Other HTTP proxies
328 I started writing Polipo because the weather was bad. But also
329 because I wanted to implement some features that other web proxies
333 * Harvest and Squid:: Historic proxies.
334 * Apache:: The web server has a proxy.
335 * WWWOFFLE:: A personal proxy.
336 * Junkbuster:: Get rid of ads.
337 * Privoxy:: Junkbuster on speed.
338 * Oops:: A multithreaded cache.
341 @node Harvest and Squid, Apache, Other HTTP proxies, Other HTTP proxies
342 @subsection Harvest and Squid
346 Harvest, the grandfather of all web caches, has since evolved into
347 @uref{http://www.squid-cache.org/,,Squid}.
349 Squid sports an elegant single-threaded non-blocking architecture and
350 multiplexes multiple clients in a single process. It also features
351 almost complete support for HTTP/1.1, although for some reason it
352 doesn't currently advertise it.
354 Squid is designed as a large-scale shared proxy running on a dedicated
355 machine, and therefore embodies certain design decisions which make it
356 difficult to use as a personal proxy. Because Squid keeps all
357 resource meta-data in memory, it requires a fair amount of RAM in
358 order to manipulate a reasonably sized cache.
360 Squid doesn't cache partial instances, and has trouble with instances
361 larger than available memory@footnote{Recent versions of Squid support
362 instances larger than available memory by using a hack that the
363 authors call a ``sliding window algorithm''.}. If a client connection
364 is interrupted, Squid has to decide whether to continue fetching the
365 resource (and possibly waste bandwidth) or discard what it already has
366 (and possibly waste bandwidth).
368 Some versions of squid would, under some circumstances, pipeline up to
369 two outgoing requests on a single connection. At the time of writing,
370 this feature appears to have been disabled in the latest version.
372 Squid's developers have decided to re-write it in C++.
374 @node Apache, WWWOFFLE, Harvest and Squid, Other HTTP proxies
375 @subsection The Apache proxy
378 The @uref{http://www.apache.org/,,Apache web server} includes a
379 complete HTTP/1.1 proxy.
381 The Apache web server was designed to maximise ease of programming ---
382 a decision which makes Apache immensely popular for deploying
383 web-based applications. Of course, this ease of programming comes at
384 a cost, and Apache is not the most lightweight proxy available.
386 As cheaper caching proxies are available, Apache is not useful as a
387 standalone proxy. The main application of Apache's proxy is to join
388 multiple web servers' trees into a single hierarchy.
390 The Apache proxy doesn't cache partial instances and doesn't pipeline
391 multiple outgoing requests.
393 @node WWWOFFLE, Junkbuster, Apache, Other HTTP proxies
397 @uref{http://www.gedanken.demon.co.uk/wwwoffle/,,WWWOFFLE}, an elegant
398 personal proxy, is the primary model for Polipo.
400 WWWOFFLE has more features than can be described here. It will censor
401 banner ads, clean your HTML, decorate it with random colours, schedule
402 fetches for off-peak hours.
404 Unfortunately, the HTTP traffic that WWWOFFLE generates is disgusting.
405 It will open a connection for every fetch, and forces the client to do
408 WWWOFFLE only caches complete instances.
410 I used WWWOFFLE for many years, and frustration with WWWOFFLE's
411 limitations was the main reason why I started Polipo in the first
414 @node Junkbuster, Privoxy, WWWOFFLE, Other HTTP proxies
415 @subsection Junkbuster
418 @uref{http://internet.junkbuster.com/,,Junkbuster} is a simple
419 non-caching web proxy designed to remove banner ads and cookies. It
420 was the main model for WWWOFFLE's (and therefore Polipo's) header and
421 ad-removing features.
423 Junkbuster's HTTP support is very simple (some would say broken): it
424 doesn't do persistent connections, and it breaks horribly if the
425 client tries pipelining. Junkbuster is no longer being maintained,
426 and has evolved into Privoxy.
428 @node Privoxy, Oops, Junkbuster, Other HTTP proxies
432 @uref{http://www.privoxy.org/,,Privoxy} is the current incarnation of
433 Junkbuster. Privoxy has the ability to randomly modify web pages
434 before sending them to the browser --- for example, remove
435 @samp{<blink>} or @samp{<img>} tags.
437 Just like its parent, Privoxy cannot do persistent connections. Under
438 some circumstances, it will also buffer whole pages before sending
439 them to the client, which significantly adds to its latency. However,
440 this is difficult to avoid given the kinds of rewriting it attempts to
443 @node Oops, , Privoxy, Other HTTP proxies
447 @uref{http://zipper.paco.net/~igor/oops.eng/,,Oops} is a caching web
448 proxy that uses one thread (lightweight process) for every connection.
449 This technique does cost additional memory, but allows good
450 concurrency of requests while avoiding the need for complex
451 non-blocking programming. Oops was apparently designed as a
452 wide-scale shared proxy.
454 Although Oops' programming model makes it easy to implement persistent
455 connections, Oops insists on opening a separate connection to the
456 server for every single resource fetch, which disqualifies it from
459 @node Running, Network, Background, Top
460 @chapter Running Polipo
463 * Polipo Invocation:: Starting Polipo.
464 * Browser configuration:: Configuring your browser.
465 * Stopping:: Stopping and refreshing Polipo.
466 * Local server:: The local web server and web interface.
469 @node Polipo Invocation, Browser configuration, Running, Running
470 @section Starting Polipo
473 By default, Polipo runs as a normal foreground job in a terminal in
474 which it can log random ``How do you do?'' messages. With the right
475 configuration options, Polipo can run as a daemon.
477 Polipo is run with the following command line:
479 $ polipo [ -h ] [ -v ] [ -x ] [ -c @var{config} ] [ @var{var}=@var{val}... ]
481 All flags are optional. The flag @option{-h} causes Polipo to print a
482 short help message and to quit. The flag @option{-v} causes Polipo to
483 list all of its configuration variables and quit. The flag
484 @option{-x} causes Polipo to purge its on-disk cache and then quit
485 (@pxref{Purging}). The flag @option{-c} specifies the configuration
486 file to use (by default @file{~/.polipo} or
487 @file{/etc/polipo/config}). Finally, Polipo's configuration can be
488 changed on the command line by assigning values to given configuration
492 * Configuring Polipo:: Plenty of options.
493 * Daemon:: Running in the background.
494 * Logging:: Funnelling status messages.
497 @node Configuring Polipo, Daemon, Polipo Invocation, Polipo Invocation
498 @subsection Configuration
499 @cindex runtime configuration
501 @cindex configuration file
503 There is a number of variables that you can tweak in order to
504 configure Polipo, and most are described in this manual
505 (@pxref{Variable index}). You can display the complete, most
506 up-to-date list of configuration variables by using the @option{-v}
507 command line flag or by accessing the ``current configuration'' page
508 of Polipo's web interface (@pxref{Web interface}). Configuration
509 variables can be set either on the command line or else in the
510 configuration file given by the @option{-c} command-line flag.
512 Configuration variables are typed, and @option{-v} will display their
513 types. The type can be of one of the following:
516 @samp{integer} or @samp{float}: a numeric value;
519 @samp{boolean}: a truth value, one of @samp{true} or @samp{false};
522 @samp{tristate}: one of @samp{false}, @samp{maybe} or @samp{true};
525 @samp{4-state}, one of @samp{false}, @samp{reluctantly},
526 @samp{happily} or @samp{true};
529 @samp{5-state}, one of @samp{false}, @samp{reluctantly}, @samp{maybe},
530 @samp{happily} or @samp{true};
533 @samp{atom}, a string written within double quotes @samp{"});
536 @samp{list}, a comma-separated list of strings;
539 @samp{intlist}, a comma-separated list of integers and ranges of
540 integers (of the form `@var{n}--@var{m}').
543 The configuration file has a very simple syntax. All blank lines are
544 ignored, as are lines starting with a hash sign @samp{#}. Other lines
547 @var{var} = @var{val}
549 where @var{var} is a variable to set and @var{val} is the value to set
552 It is currently not possible to change the configuration of a running
553 Polipo without restarting it.
555 @node Daemon, Logging, Configuring Polipo, Polipo Invocation
556 @subsection Running as a daemon
564 If the configuration variable @code{daemonise} is set to true, Polipo
565 will run as a daemon: it will fork and detach from its controlling
566 terminal (if any). The variable @code{daemonise} defaults to false.
568 When Polipo is run as a daemon, it can be useful to get it to
569 atomically write its @emph{pid} to a file. If the variable
570 @code{pidFile} is defined, it should be the name of a file where
571 Polipo will write its @emph{pid}. If the file already exists when it
572 is started, Polipo will refuse to run.
574 @node Logging, , Daemon, Polipo Invocation
579 When it encounters a difficulty, Polipo will print a friendly message.
580 The location where these messages go is controlled by the
581 configuration variable @code{logFile}. If it is empty, messages go to
582 the error output of the process (normally the terminal); otherwise, it
583 is the name of a file where all output will accumulate.
585 The variable @code{logFile} defaults to empty if @code{daemonise} is
586 false, and to @samp{/var/log/polipo} otherwise.
588 The amount of logging is controlled by the variable @code{logLevel}.
589 Please see the file @samp{log.h} in the Polipo sources for the
590 possible values of @code{logLevel}.
592 @node Browser configuration, Stopping, Polipo Invocation, Running
593 @section Configuring your browser
594 @cindex browser configuration
595 @cindex user-agent configuration
597 Telling your user-agent (browser) to use Polipo is an operation that
598 depends on the browser. Many user-agents will transparently use
599 Polipo if the environment variable @samp{http_proxy} points at it;
602 $ export http_proxy=http://localhost:8123/
604 Netscape Navigator, Mozilla and probably other browsers require that
605 you configure them manually through their @emph{Preferences} menu.
607 If your user-agent sports such options, tell it to use persistent
608 connections when speaking to proxies, to speak HTTP/1.1 and to use
611 @node Stopping, Local server, Browser configuration, Running
612 @section Stopping Polipo and getting it to reload
614 @cindex shutting down
617 Polipo will shut down cleanly if it receives @code{SIGHUP},
618 @code{SIGTERM} or @code{SIGINT} signals; this will normally happen
619 when a Polipo in the foreground receives a @code{^C} key press, when
620 your system shuts down, or when you use the @code{kill} command with
621 no flags. Polipo will then write-out all its in-memory data to disk
624 If Polipo receives the @code{SIGUSR1} signal, it will write out all
625 the in-memory data to disk (but won't discard them), reopen the log
626 file, and then reload the forbidden URLs file (@pxref{Forbidden}).
628 Finally, if Polipo receives the @code{SIGUSR2} signal, it will write
629 out all the in-memory data to disk and discard as much of the memory
630 cache as possible. It will then reopen the log file and reload the
633 @node Local server, , Stopping, Running
634 @section The local web server
635 @vindex localDocumentRoot
637 @vindex disableLocalInterface
641 Polipo includes a local web server, which is accessible on the same
642 port as the one the proxy listens to. Therefore, by default you can
643 access Polipo's local web server as @samp{http://localhost:8123/}.
645 The data for the local web server can be configured by setting
646 @code{localDocumentRoot}, which defaults to
647 @file{/usr/share/polipo/www/}. Setting this variable to @samp{""}
648 will disable the local server.
650 Polipo assumes that the local web tree doesn't change behind its back.
651 If you change any of the local files, you will need to notify Polipo
652 by sending it a @code{SIGUSR2} signal (@pxref{Stopping}).
654 If you use polipo as a publicly accessible web server, you might want
655 to set the variable @code{disableProxy}, which will prevent it from
656 acting as a web proxy. (You will also want to set
657 @code{disableLocalInterface} (@pxref{Web interface}) and run Polipo in
658 a @emph{chroot} jail.)
661 * Web interface:: The web interface.
664 @node Web interface, , Local server, Local server
665 @subsection The web interface
666 @cindex runtime configuration
667 @cindex web interface
668 @vindex disableLocalInterface
670 The subtree of the local web space rooted at
671 @samp{http://localhost:8123/polipo/} is treated specially: URLs under
672 this root do not correspond to on-disk files, but are generated by
673 Polipo on-the-fly. We call this subtree Polipo's @dfn{local web
676 The page @samp{http://localhost:8123/polipo/config?} contains the
677 values of all configuration variables, and allows setting many of
680 The page @samp{http://localhost:8123/polipo/status?} provides a summary
681 status report about the running Polipo, and allows performing a number
682 of actions on the proxy, notably flushing the in-memory cache.
684 The page @samp{http://localhost:8123/polipo/servers?} contains the list
685 of known servers, and the statistics maintained about them
686 (@pxref{Server statistics}).
688 The pages starting with @samp{http://localhost:8123/polipo/index?}
689 contain indices of the disk cache. For example, the following page
690 contains the index of the cached pages from the server of some random
693 http://localhost:8123/polipo/index?http://www.microsoft.com/
696 The pages starting with
697 @samp{http://localhost:8123/polipo/recursive-index?} contain recursive
698 indices of various servers.
700 The local interface is disabled if the variable
701 @code{disableLocalInterface} is true.
703 @node Network, Caching, Running, Top
704 @chapter Polipo and the network
707 * Client connections:: Speaking to clients
708 * Contacting servers:: Contacting servers.
709 * HTTP tuning:: Tuning at the HTTP level.
710 * Offline browsing:: Browsing with poor connectivity.
711 * Server statistics:: Polipo keeps statistics about servers.
712 * Server-side behaviour:: Tuning the server-side behaviour.
713 * PMM:: Poor Man's Multiplexing.
714 * Forbidden:: You can forbid some URLs.
715 * DNS:: How Polipo finds hosts.
716 * Parent proxies:: Fetching data from other proxies.
717 * Tuning POST and PUT:: Tuning POST and PUT requests.
718 * Tunnelling connections:: Tunnelling foreign protocols and https.
721 @node Client connections, Contacting servers, Network, Network
722 @section Client connections
734 @cindex loopback address
737 There are three fundamental values that control how Polipo speaks to
738 clients. The variable @code{proxyAddress}, defines the IP address on
739 which Polipo will listen; by default, its value is the @dfn{loopback
740 address} @code{"127.0.0.1"}, meaning that Polipo will listen on the
741 IPv4 loopback interface (the local host) only. By setting this
742 variable to a global IP address or to one of the special values
743 @code{"::"} or @code{"0.0.0.0"}, it is possible to allow Polipo to
744 serve remote clients. This is likely to be a security hole unless you
745 set @code{allowedClients} to a reasonable value (@pxref{Access control}).
747 Note that the type of address that you specify for @code{proxyAddress}
748 will determine whether Polipo listens to IPv4 or IPv6. Currently, the
749 only way to have Polipo listen to both protocols is to specify the
750 IPv6 unspecified address (@code{"::"}) for @code{proxyAddress}.
752 The variable @code{proxyPort}, by default 8123, defines the TCP port
753 on which Polipo will listen.
755 The variable @code{proxyName}, which defaults to the host name of the
756 machine on which Polipo is running, defines the @dfn{name} of the
757 proxy. This can be an arbitrary string that should be unique among
758 all instances of Polipo that you are running. Polipo uses it in error
759 messages and optionally for detecting proxy loops (by using the
760 @samp{Via} HTTP header, @pxref{Censoring headers}).
763 * Access control:: Deciding who can connect.
766 @node Access control, , Client connections, Client connections
767 @subsection Access control
769 @vindex authCredentials
771 @vindex allowedClients
772 @cindex access control
773 @cindex authentication
774 @cindex loopback address
779 By making it possible to have Polipo listen on a non-routable address
780 (for example the loopback address @samp{127.0.0.1}), the variable
781 @code{proxyAddress} provides a very crude form of @dfn{access
782 control}: the ability to decide which hosts are allowed to connect.
784 A finer form of access control can be implemented by specifying
785 explicitly a number of client addresses or ranges of addresses
786 (networks) that a client is allowed to connect from. This is done
787 by setting the variable @code{allowedClients}.
789 Every entry in @code{allowedClients} can be an IP address, for example
790 @samp{134.157.168.57} or @samp{::1}. It can also be a network
791 address, i.e.@: an IP address and the number of bits in the network
792 prefix, for example @samp{134.157.168.0/24} or
793 @samp{2001:660:116::/48}. Typical uses of @samp{allowedClients}
796 allowedClients = 127.0.0.1, ::1, 134.157.168.0/24, 2001:660:116::/48
798 or, for an IPv4-only version of Polipo,
800 allowedClients = 127.0.0.1, 134.157.168.0/24
803 A different form of access control can be implemented by requiring
804 each client to @dfn{authenticate}, i.e.@: to prove its identity before
805 connecting. Polipo currently only implements the most insecure form
806 of authentication, @dfn{HTTP basic authentication}, which sends
807 usernames and passwords in clear over the network. HTTP basic
808 authentication is required when the variable @code{authCredentials} is
809 not null; its value should be of the form @samp{username:password}.
811 Note that both IP-based authentication and HTTP basic authentication
812 are insecure: the former is vulnerable to IP address spoofing, the
813 latter to replay attacks. If you need to access Polipo over the
814 public Internet, the only secure option is to have it listen over the
815 loopback interface only and use an ssh tunnel (@pxref{Parent
816 proxies})@footnote{It is not quite clear to me whether HTTP digest
817 authentication is worth implementing. On the one hand, if implemented
818 correctly, it appears to provide secure authentication; on the other
819 hand, and unlike ssh, it doesn't make any attempt at ensuring privacy,
820 and its optional integrity guarantees are impossible to implement
821 without significantly impairing latency.}.
823 @node Contacting servers, HTTP tuning, Client connections, Network
824 @section Contacting servers
826 @cindex multiple addresses
829 A server can have multiple addresses, for example if it is
830 @dfn{multihomed} (connected to multiple networks) or if it can speak
831 both IPv4 and IPv6. Polipo will try all of a hosts addresses in turn;
832 once it has found one that works, it will stick to that address until
836 * Allowed ports:: Where the proxy is allowed to connect.
839 @node Allowed ports, , Contacting servers, Contacting servers
840 @subsection Allowed ports
842 @cindex Allowed ports
843 @cindex Forbidden ports
847 A TCP service is identified not only by the IP address of the machine
848 it is running on, but also by a small integer, the TCP @dfn{port} it
849 is @dfn{listening} on. Normally, web servers listen on port 80, but
850 it is not uncommon to have them listen on different ports; Polipo's
851 internal web server, for example, listens on port 8123 by default.
853 The variable @code{allowedPorts} contains the list of ports that
854 Polipo will accept to connect to on behalf of clients; it defaults to
855 @samp{80-100, 1024-65535}. Set this variable to @samp{1-65535} if your
856 clients (and the web pages they consult!) are fully trusted. (The
857 variable @code{allowedPorts} is not considered for tunnelled
858 connections; @pxref{Tunnelling connections}).
860 @node HTTP tuning, Offline browsing, Contacting servers, Network
861 @section Tuning at the HTTP level
866 * Tuning the HTTP parser:: Tuning parsing of HTTP headers.
867 * Censoring headers:: Censoring HTTP headers.
870 @node Tuning the HTTP parser, Censoring headers, HTTP tuning, HTTP tuning
871 @subsection Tuning the HTTP parser
872 @vindex laxHttpParser
873 @vindex bigBufferSize
875 As a number of HTTP servers and CGI scripts serve incorrect HTTP
876 headers, Polipo uses a @emph{lax} parser, meaning that incorrect HTTP
877 headers will be ignored (with a warning). If the variable
878 @code{laxHttpParser} is not set (it is set by default), Polipo will
879 use a @emph{strict} parser, and refuse to serve an instance unless it
880 could parse all the headers.
882 When the amount of headers exceeds one chunk's worth (@pxref{Chunk
883 memory}), Polipo will allocate a @dfn{big buffer} in order to store
884 the headers. The size of big buffers, and therefore the maximum
885 amount of headers Polipo can parse, is specified by the variable
886 @code{bigBufferSize} (32@dmn{kB} by default).
888 @node Censoring headers, , Tuning the HTTP parser, HTTP tuning
889 @subsection Censoring headers
894 @vindex censorReferer
895 @vindex censoredHeaders
899 Polipo offers the option to censor given HTTP headers in both client
900 requests and server replies. The main application of this feature is
901 to very slightly improve the user's privacy by eliminating cookies and
902 some content-negotiation headers.
904 It is important to understand that these features merely make it
905 slightly more difficult to gather statistics about the user's
906 behaviour. While they do not actually prevent such statistics from
907 being collected, they might make it less cost-effective to do so.
909 The general mechanism is controlled by the variable
910 @code{censoredHeaders}, the value of which is a case-insensitive list
911 of headers to unconditionally censor. By default, it is empty, but I
912 recommend that you set it to the list consisting of @samp{From} and
913 @samp{Accept-Language}. Adding headers such as @samp{Set-Cookie},
914 @samp{Set-Cookie2}, @samp{Cookie}, @samp{Cookie2} or @samp{User-Agent}
915 to this list will probably break many web sites.
917 The case of the @samp{Referer}@footnote{HTTP contains many mistakes
918 and even one spelling error.} header is treated specially because many
919 sites will refuse to serve pages when it is not provided. If
920 @code{censorReferer} is @code{false} (the default), @samp{Referer}
921 headers are passed unchanged to the server. If @code{censorReferer}
922 is @code{maybe}, @samp{Referer} headers are passed to the server only
923 when they refer to the same host as the resource being fetched. If
924 @code{censorReferer} is @code{true}, all @samp{Referer} headers are
925 censored. I recommend setting @code{censorReferer} to @code{maybe}.
927 Another header that can have privacy implications is the @samp{Via}
928 header; by default, Polipo does not use it. In order to enable its
929 use, set the variable @code{disableVia} @code{false}, in which case
930 you may want to set the @code{proxyName} variable to some innocuous
931 string (@pxref{Client connections}).
934 * Censor Accept-Language:: Why Accept-Language is evil.
937 @node Censor Accept-Language, , Censoring headers, Censoring headers
938 @subsubsection Why censor Accept-Language
940 @cindex content negotiation
941 @cindex Accept-Language
943 Recent versions of HTTP include a mechanism known as @dfn{content
944 negotiation} which allows a user-agent and a server to negotiate the
945 best representation (instance) for a given resource. For example, a
946 server that provides both PNG and GIF versions of an image will serve
947 the PNG version to user-agents that support PNG, and the GIF version
948 to Internet Explorer.
950 Content negotiation requires that a client should send with every
951 single request a number of headers specifying the user's cultural and
952 technical preferences. Most of these headers do not expose sensitive
953 information (who cares whether your browser supports PNG?). The
954 @samp{Accept-Language} header, however, is meant to convey the user's
955 linguistic preferences; in some cases, this information is sufficient
956 to pinpoint with great precision the user's origins and even her
957 political or religious opinions; think, for example, of the
958 implications of sending @samp{Accept-Language: yi} or @samp{ar_PS}.
960 At any rate, @samp{Accept-Language} is not useful. Its design is
961 based on the assumption that language is merely another representation
962 for the same information, and @samp{Accept-Language} simply carries a
963 prioritised list of languages, which is not enough to usefully
964 describe a literate user's preferences. A typical French user, for
965 example, will prefer an English-language original to a French
966 (mis-)translation, while still wanting to see French language texts
967 when they are original. Such a situation cannot be described by the
968 @samp{Accept-Language} header.
970 @node Offline browsing, Server statistics, HTTP tuning, Network
971 @section Offline browsing
973 @cindex offline browsing
974 @cindex browsing offline
979 In an ideal world, all machines would have perfect connectivity to the
980 network at all times and servers would never crash. In the real
981 world, it may be necessary to avoid hitting the network and having
982 Polipo serve stale objects from its cache.
984 Setting @code{proxyOffline} to @code{true}, prevents Polipo from
985 contacting remote servers, no matter what. This setting is suitable
986 when you have no network connection whatsoever.
988 If @code{proxyOffline} is false, Polipo's caching behaviour is
989 controlled by a number of variables documented in @ref{Tweaking validation}.
991 @node Server statistics, Server-side behaviour, Offline browsing, Network
992 @section Server statistics
993 @vindex serverExpireTime
994 @cindex server statistics
995 @cindex round-trip time
996 @cindex transfer rate
998 In order to decide when to pipeline requests (@pxref{Pipelining}) and
999 whether to perform Poor Man's Multiplexing
1000 (@pxref{Poor Mans Multiplexing}), Polipo needs to keep statistics
1001 about servers. These include the server's ability to handle
1002 persistent connections, the server's ability to handle pipelined
1003 requests, the round-trip time to the server, and the server's transfer
1004 rate. The statistics are accessible from Polipo's web interface
1005 (@pxref{Web interface}).
1007 The variable @samp{serverExpireTime} (default 1 day) specifies how
1008 long such information remains valid. If a server has not been
1009 accessed for a time interval of at least @code{serverExpireTime},
1010 information about it will be discarded.
1012 As Polipo will eventually recover from incorrect information about a
1013 server, this value can be made fairly large. The reason why it exists
1014 at all is to limit the amount of memory used up by information about
1017 @node Server-side behaviour, PMM, Server statistics, Network
1018 @section Tweaking server-side behaviour
1020 @vindex serverMaxSlots
1021 @vindex smallRequestTime
1022 @vindex replyUnpipelineTime
1023 @vindex replyUnpipelineSize
1024 @vindex maxPipelineTrain
1025 @vindex pipelineAdditionalRequests
1026 @cindex small request
1027 @cindex large request
1028 @cindex breaking pipelines
1030 The most important piece of information about a server is whether it
1031 supports persistent connections. If this is the case, Polipo will
1032 open at most @code{serverSlots} connections to that server, and
1033 attempt to pipeline; if not, Polipo will hit the server harder,
1034 opening up to @code{maxServerSlots} connections.
1036 Another use of server information is to decide whether to pipeline
1037 additional requests on a connection that already has in-flight
1038 requests. This is controlled by the variable
1039 @code{pipelineAdditionalRequests}; if it is @code{false}, no
1040 additional requests will be pipelined. If it is @code{true},
1041 additional requests will be pipelined whenever possible. If it is
1042 @code{maybe} (the default), additional requests will only be pipelined
1043 following @dfn{small} requests, where a small request one whose
1044 download is estimated to take no more than @code{smallRequestTime}
1047 Sometimes, a request has been pipelined after a request that prompts a
1048 very large reply from the server; when that happens, the pipeline
1049 needs be broken in order to reduce latency. A reply is @dfn{large}
1050 and will cause a pipeline to be broken if either its size is at least
1051 @code{replyUnpipelineSize} (default one megabyte) or else the server's
1052 transfer rate is known and the body is expected to take at least
1053 @code{replyUnpipelineTime} to download (default 15@dmn{s}).
1055 The variable @code{maxPipelineTrain} defines the maximum number of
1056 requests that will be pipelined in a single write (default 10).
1057 Setting this variable to a very low value might (or might not) fix
1058 interaction with some unreliable servers that the normal heuristics
1059 are unable to detect.
1061 @node PMM, Forbidden, Server-side behaviour, Network
1062 @section Poor Man's Multiplexing
1063 @cindex Poor Man's Multiplexing
1064 @cindex multiplexing
1066 @vindex pmmFirstSize
1068 By default, Polipo does not use Poor Man's Multiplexing (@pxref{Poor
1069 Mans Multiplexing}). If the variable @code{pmmSize} is set to a
1070 positive value, Polipo will use PMM when speaking to servers that are
1071 known to support pipelining. It will request resources by segments of
1072 @code{pmmSize} bytes. The first segment requested has a size of
1073 @code{pmmFirstSize}, which defaults to twice @code{pmmSize}.
1075 PMM is an intrinsically unreliable technique. Polipo makes heroic
1076 efforts to make it at least usable, requesting that the server disable
1077 PMM when not useful (by using the @samp{If-Range} header) and
1078 disabling it on its own if a resource turns out to be dynamic.
1079 Notwithstanding these precautions, unless the server
1080 cooperates@footnote{More precisely, unless CGI scripts cooperate.},
1081 you will see failures when using PMM, which will usually result in
1082 blank pages and broken image icons; hitting @emph{Reload} on your
1083 browser will usually cause Polipo to notice that something went wrong
1084 and correct the problem.
1086 @node Forbidden, DNS, PMM, Network
1087 @section Forbidden and redirected URLs
1094 @cindex advertisement
1098 The web contains advertisements that a user-agent is supposed to
1099 download together with the requested pages. Not only do
1100 advertisements pollute the user's brain, pushing them around takes
1101 time and uses up network bandwidth.
1103 Many so-called content providers also track user activities by using
1104 @dfn{web bugs}, tiny embedded images that cause a server to log where
1105 they are requested from. Such images can be detected because they are
1106 usually uncacheable (@pxref{Cache transparency}) and therefore logged
1107 by Polipo by default.
1109 Polipo can be configured to prevent certain URLs from reaching the
1110 browser, either by returning a @emph{forbidden} error message to the
1111 user, or by @emph{redirecting} such URLs to some other URL.
1114 * Internal forbidden list:: Specifying forbidden URLs.
1115 * External redirectors:: Using an external redirector.
1118 @node Internal forbidden list, External redirectors, Forbidden, Forbidden
1119 @subsection Internal forbidden list
1122 @vindex forbiddenFile
1123 @vindex forbiddenUrl
1124 @vindex forbiddenRedirectCode
1126 The file pointed at by the variable @code{forbiddenFile} (defaults to
1127 @file{~/.polipo-forbidden} or @file{/etc/polipo/forbidden}, whichever
1128 exists) specifies the set of URLs that should never be fetched. If
1129 @code{forbiddenFile} is a directory, it will be recursively searched
1130 for files with forbidden URLs.
1132 Every line in a file listing forbidden URLs can either be a domain
1133 name --- a string that doesn't contain any of @samp{/}, @samp{*} or
1134 @samp{\} ---, or a POSIX extended regular expression. Blank lines are
1135 ignored, as are those that start with a hash sign @samp{#}.
1137 By default, whenever it attempts to fetch a forbidden URL, the browser
1138 will receive a @emph{403 forbidden} error from Polipo. Some users
1139 prefer to have the browser display a different page or an image.
1141 If @code{forbiddenUrl} is not null, it should represent a URL to which
1142 all forbidden URLs will be redirected. The kind of redirection used
1143 is specified by @code{forbiddenRedirectCode}; if this is 302 (the
1144 default) the redirection will be marked as temporary, if 301 it will
1147 @node External redirectors, , Internal forbidden list, Forbidden
1148 @subsection External redirectors
1152 @cindex Squid-style redirector
1154 @vindex redirectorRedirectCode
1156 Polipo can also use an external process (a @dfn{Squid-style
1157 redirector}) to determine which URLs should be redirected. The name
1158 of the redirector binary is determined from the variable
1159 @code{redirector}, and the kind of redirection generated is specified
1160 by @code{redirectorRedirectCode}, which should be 302 (the default) or
1163 @node DNS, Parent proxies, Forbidden, Network
1164 @section The domain name service
1167 @cindex gethostbyname
1170 @vindex dnsMaxTimeout
1171 @vindex dnsUseGethostbyname
1172 @vindex dnsNameServer
1173 @vindex dnsNegativeTtl
1174 @vindex dnsGethostbynameTtl
1175 @vindex dnsQueryIPv6
1177 The low-level protocols beneath HTTP identify machines by IP
1178 addresses, sequences of four 8-bit integers such as
1179 @samp{199.232.41.10}@footnote{Or sequences of eight 16-bit integers if
1180 you are running IPv6.}. HTTP, on the other hand, and most application
1181 protocols, manipulate host names, strings such as @samp{www.polipo.org}.
1183 The @dfn{domain name service} (DNS) is a distributed database that
1184 maps host names to IP addresses. When an application wants to make
1185 use of the DNS, it invokes a @dfn{resolver}, a local library or
1186 process that contacts remote name servers.
1188 The Unix interface to the resolver is provided by the
1189 @code{gethostbyname}(3) library call (@code{getaddrinfo}(3) on recent
1190 systems), which was designed at a time when a host lookup consisted in
1191 searching for one of five hosts in a @samp{HOSTS.TXT} file. The
1192 @code{gethostbyname} call is @dfn{blocking}, meaning that all activity
1193 must cease while a host lookup is in progress. When the call
1194 eventually returns, it doesn't provide a @dfn{time to live} (TTL)
1195 value to indicate how long the address may be cached. For these
1196 reasons, @code{gethostbyname} is hardly useful for programs that need
1197 to contact more than a few hosts@footnote{Recent systems replace
1198 @code{gethostbyname}(3) by @code{getaddrinfo}(3), which is reentrant.
1199 While this removes one important problem that multi-threaded programs
1200 encounter, it doesn't solve any of the other issues with
1201 @code{gethostbyname}.}.
1203 In order to avoid the @code{gethostname}(3)'s issues, Polipo usually
1204 tries to speak the DNS protocol itself rather than using the system
1205 resolver. Its precise behaviour is controlled by the value of
1206 @code{dnsUseGethostbyname}. If @code{dnsUseGethostbyname} is
1207 @code{false}, Polipo never uses the system resolver. If it is
1208 @code{reluctantly} (the default), Polipo tries to speak DNS and falls
1209 back to the system resolver if a name server could not be contacted.
1210 If it is @code{happily}, Polipo tries to speak DNS, and falls back to
1211 the system resolver if the host couldn't be found for any reason.
1212 Finally, if @code{dnsUseGethostbyname} is @code{true}, Polipo never
1213 tries to speak DNS itself and uses the system resolver straight away.
1215 If the internal DNS support is used, Polipo must be given a recursive
1216 name server to speak to. By default, this information is taken from
1217 the @samp{/etc/resolv.conf} file; however, if you wish to use a
1218 different name server, you may set the variable @code{dnsNameServer}
1219 to an IP address@footnote{While Polipo does its own caching of DNS
1220 data, I strongly recommend that you run a local caching name server.
1221 I am very happy with
1222 @uref{http://home.t-online.de/home/Moestl/,,@code{pdnsd}},
1223 notwithstanding its somewhat bizarre handling of TCP connections.}.
1225 When the reply to a DNS request is late to come, Polipo will retry
1226 multiple times using an exponentially increasing timeout. The maximum
1227 timeout used before Polipo gives up is defined by @code{dnsMaxTimeout}
1228 (default 60@dmn{s}); the total time before Polipo gives up on a DNS
1229 query will be roughly twice @code{dnsMaxTimeout}.
1231 The variable @code{dnsNegativeTtl} specifies the time during which
1232 negative DNS information (information that a host @emph{doesn't}
1233 exist) will be cached; this defaults to 120@dmn{s}. Increasing this
1234 value reduces both latency and network traffic but may cause a failed
1235 host not to be noticed when it comes back up.
1237 The variable @code{dnsQueryIPv6} specifies whether to query for IPv4
1238 or IPv6 addresses. If @code{dnsQueryIPv6} is @code{false}, only IPv4
1239 addresses are queried. If @code{dnsQueryIPv6} is @code{reluctantly},
1240 both types of addresses are queried, but IPv4 addresses are preferred.
1241 If @code{dnsQueryIPv6} is @code{happily} (the default), IPv6 addresses
1242 are preferred. Finally, if @code{dnsQueryIPv6} is @code{true}, only
1243 IPv6 addresses are queried.
1245 If the system resolver is used, the value @code{dnsGethostbynameTtl}
1246 specifies the time during which a @code{gethostbyname} reply will be
1247 cached (default 5 minutes).
1249 @node Parent proxies, Tuning POST and PUT, DNS, Network
1250 @section Parent proxies
1252 Polipo will usually fetch instances directly from source servers as
1253 this configuration minimises latency. In some cases, however, it may
1254 be useful to have Polipo fetch instances from a @dfn{parent} proxy.
1256 Polipo can use two protocols to speak to a parent proxy: HTTP and
1257 SOCKS. When configured to use both HTTP and SOCKS proxying, Polipo
1258 will contact an HTTP proxy over SOCKS --- in other words, SOCKS is
1259 considered as being at a lower (sub)layer than HTTP.
1262 * HTTP parent proxies:: Using an HTTP parent proxy.
1263 * SOCKS parent proxies:: Using a SOCKS4a parent proxy.
1266 @node HTTP parent proxies, SOCKS parent proxies, Parent proxies, Parent proxies
1267 @subsection HTTP parent proxies
1269 @vindex parentAuthCredentials
1270 @cindex parent proxy
1271 @cindex upstream proxy
1273 @cindex authentication
1275 The variable @code{parentProxy} specifies the hostname and port number
1276 of an HTTP parent proxy; it should have the form @samp{host:port}.
1278 If the parent proxy requires authorisation, the username and password
1279 should be specified in the variable @code{parentAuthCredentials} in
1280 the form @samp{username:password}. Only @emph{Basic} authentication
1281 is supported, which is vulnerable to replay attacks.
1283 The main application of the parent proxy support is to cross
1284 firewalls. Given a machine, say @code{trurl}, with unrestricted
1285 access to the web, the following evades a firewall by using an
1286 encrypted compressed @code{ssh} link:
1288 $ ssh -f -C -L 8124:localhost:8123 trurl polipo
1289 $ polipo parentProxy=localhost:8124
1292 @node SOCKS parent proxies, , HTTP parent proxies, Parent proxies
1293 @subsection SOCKS parent proxies
1295 @vindex socksParentProxy
1296 @vindex socksUserName
1297 @vindex socksProxyType
1299 The variable @code{socksParentProxy} specifies the hostname and port
1300 number of a SOCKS parent proxy; it should have the form
1301 @samp{host:port}. The variant of the SOCKS protocol being used is
1302 defined by @code{socksProxyType}, which can be either @samp{socks4a}
1303 or @samp{socks5}; the latter value specifies ``SOCKS@tie{}5 with
1304 hostnames'', and is the default.
1306 The user name passed to the SOCKS4a proxy is defined by the variable
1307 @code{socksUserName}. This value is currently ignored with a
1310 @node Tuning POST and PUT, Tunnelling connections, Parent proxies, Network
1311 @section Tuning POST and PUT requests
1314 @vindex expectContinue
1316 The main assumption behind the design of the HTTP protocol is that
1317 requests are idempotent: since a request can be repeated by a client,
1318 a server is allowed to drop a connection at any time. This fact, more
1319 than anything else, explains the amazing scalability of the protocol.
1321 This assumption breaks down in the case of POST requests. Indeed, a
1322 POST request usually causes some action to be performed (a page to be
1323 printed, a significant amount of money to be transferred from your
1324 bank account, or, in Florida, a vote to be registered), and such a
1325 request should not be repeated.
1327 The only solution to this problem is to reserve HTTP to idempotent
1328 activities, and use reliable protocols for action-effecting
1329 activities. Notwithstanding that, HTTP/1.1 makes a weak attempt at
1330 making POST requests slightly more reliable and efficient than they
1333 When speaking to an HTTP/1.1 server, an HTTP client is allowed to
1334 request that the server check @emph{a priori} whether it intends to
1335 honour a POST request. This is done by sending @dfn{an expectation},
1336 a specific header with the request, @samp{Expect: 100-continue}, and
1337 waiting for either an error message or a @samp{100 Continue} reply
1338 from the server. If the latter arrives, the client is welcome to send
1339 the rest of the POST request@footnote{This, of course, is only part of
1340 the story. Additionally, the server is not required to reply with
1341 @samp{100 Continue}, hence the client must implement a timeout.
1342 Furthermore, according to the obsolete RFC@tie{}2068, the server is
1343 allowed to spontaneously send @samp{100 Continue}, so the client must
1344 be prepared to ignore such a reply at any time.}.
1346 Polipo's behaviour w.r.t.@: client expectations is controlled by the
1347 variable @code{expectContinue}. If this variable is false, Polipo
1348 will never send an expectation to the server; if a client sends an
1349 expectation, Polipo will fail the expectation straight away, causing
1350 the client (if correctly implemented) to retry with no expectation.
1351 If @code{expectContinue} is @code{maybe} (the default), Polipo will
1352 behave in a standards-compliant manner: it will forward expectations
1353 to the server when allowed to do so, and fail client expectations
1354 otherwise. Finally, if @code{expectContinue} is @code{true}, Polipo
1355 will always send expectations when it is reasonable to do so; this
1356 violates the relevant standards and will break some websites, but
1357 might decrease network traffic under some circumstances.
1359 @node Tunnelling connections, , Tuning POST and PUT, Network
1360 @section Tunnelling connections
1362 @cindex tunnelling proxy
1367 @vindex tunnelAllowedPorts
1369 Polipo is an HTTP proxy; it proxies HTTP traffic, and clients using
1370 other protocols should either establish a direct connection to the
1371 server or use an @emph{ad hoc} proxy.
1373 Due to wide-spread brain-damage@footnote{Sometimes known as NAT.},
1374 however, there are some circumstances in which establishing a direct
1375 connection to the server is not possible. In such situations, it is
1376 possible to have Polipo behave as a @emph{tunnelling} proxy --- a
1377 proxy that merely forwards traffic between the client and the server
1378 without understanding it. Polipo enters tunnel mode when the server
1379 requests it by using the HTTP @samp{CONNECT} method.
1381 Most web browsers will use this technique for HTTP over SSL if
1382 configured to use Polipo as their `https proxy'. Recent versions of
1383 ssh can also use it to cross mis-configured firewalls.
1385 The variable @code{tunnelAllowedPorts} specifies the set of ports that
1386 Polipo will accept to tunnel traffic to. It defaults to @samp{22, 80,
1387 443, 873}, meaning that Polipo will only accept to tunnel ssh, HTTP,
1388 https and rsync traffic.
1390 @node Caching, Memory usage, Network, Top
1394 * Cache transparency:: Fresh and stale data.
1395 * Memory cache:: The in-memory cache.
1396 * Disk cache:: The on-disk cache.
1399 @node Cache transparency, Memory cache, Caching, Caching
1400 @section Cache transparency and validation
1401 @cindex transparent cache
1402 @cindex cache transparency
1403 @cindex out-of-date instances
1405 @cindex revalidation
1410 If resources on a server change, it is possible for a cached instance
1411 to become out-of date. Ideally, a cache would be perfectly
1412 @dfn{transparent}, meaning that it never serves an out-of-date
1413 instance; in a universe with a finite speed of signal propagation,
1414 however, this ideal is impossible to achieve.
1416 If a caching proxy decides that a cached instance is new enough to
1417 likely still be valid, it will directly serve the instance to the
1418 client; we then say that the cache decided that the instance is
1419 @dfn{fresh}. When an instance is @dfn{stale} (not fresh), the cache
1420 will check with the upstream server whether the resource has changed;
1421 we say that the cached instance is being @dfn{revalidated}.
1423 In HTTP/1.1, responsibility for revalidation is shared between the
1424 client, the server and the proxy itself. The client can override
1425 revalidation policy by using the @samp{Cache-Control}
1426 header@footnote{Or the obsolete @samp{Pragma} header.}; for example,
1427 some user-agents will request end-to-end revalidation in this way when
1428 the user shift-clicks on @emph{reload}. The server may choose to
1429 specify revalidation policy by using the @samp{Expires} and
1430 @samp{Cache-Control} headers. As to the proxy, it needs to choose a
1431 revalidation policy for instances with neither server- nor client-side
1432 cache control information. Of course, nothing (except the HTTP/1.1
1433 spec, but that is easily ignored) prevents a proxy from overriding the
1434 client's and server's cache control directives.
1437 * Tuning validation:: Tuning Polipo's validation behaviour.
1438 * Tweaking validation:: Further tweaking of validation.
1441 @node Tuning validation, Tweaking validation, Cache transparency, Cache transparency
1442 @subsection Tuning validation behaviour
1445 @vindex maxAgeFraction
1446 @vindex maxExpiresAge
1447 @vindex maxNoModifiedAge
1449 Polipo's revalidation behaviour is controlled by a number of
1450 variables. In the following, an resource's @dfn{age} is the time since
1451 it was last validated, either because it was fetched from the server
1452 or because it was revalidated.
1454 The policy defining when cached instances become stale in the absence
1455 of server-provided information is controlled by the variables
1456 @code{maxAge}, @code{maxAgeFraction}, @code{maxExpiresAge} and
1457 @code{maxNoModifiedAge}. If an instance has an @samp{Expires} header,
1458 it becomes stale at the date given by that header, or when its age
1459 becomes larger than @code{maxExpiresAge}, whichever happens first. If
1460 an instance has no @samp{Expires} header but has a @samp{LastModified}
1461 header, it becomes stale when its age reaches either
1462 @code{maxAgeFraction} of the time since it was last modified or else
1463 the absolute value @code{maxAge}, whichever happens first. Finally,
1464 if an instance has neither @samp{Expires} nor @samp{Last-Modified}, it
1465 will become stale when its age reaches @code{maxNoModifiedAge}.
1467 @node Tweaking validation, , Tuning validation, Cache transparency
1468 @subsection Further tweaking of validation behaviour
1471 @vindex cacheIsShared
1472 @vindex mindlesslyCacheVary
1473 @vindex uncachableFile
1474 @vindex dontCacheCookies
1475 @vindex dontCacheRedirects
1477 If @code{cacheIsShared} is false (the default), Polipo will ignore the
1478 server-side @samp{Cache-Control} directives @samp{private},
1479 @samp{s-maxage} and @samp{proxy-must-revalidate}. This is highly
1480 desirable behaviour when the proxy is used by just one user, but
1481 happens to violate RFC@tie{}2616 if the cache is shared.
1483 When connectivity is very poor, the variable @code{relaxTransparency}
1484 can be used to cause Polipo to serve stale instances under some
1485 circumstances. If @code{relaxTransparency} is @code{false} (the
1486 default), all stale instances are validated (@pxref{Cache
1487 transparency}), and failures to connect are reported to the client.
1488 This is the default mode of operation of most other proxies, and the
1489 least likely to surprise the user.
1491 If @code{relaxTransparency} is @code{maybe}, all stale instances are
1492 still validated, but a failure to connect is only reported as an error
1493 if no data is available in the cache. If a connection fails and stale
1494 data is available, it is served to the client with a suitable HTTP/1.1
1495 @samp{Warning} header. Current user-agents do not provide visible
1496 indication of such warnings, however, and this setting will typically
1497 cause the browser to display stale data with no indication that
1498 anything went wrong. This setting is useful when you are consulting a
1499 live web site but don't want to be bothered with failed revalidations.
1501 If @code{relaxTransparency} is @code{true}, missing data is fetched
1502 from remote servers, but stale data are unconditionally served with no
1503 validation. Client-side @samp{Cache-Control} directives are still
1504 honoured, which means that you can force an end-to-end revalidation
1505 from the browser's interface (typically by shift-clicking on
1506 ``reload''). This setting is only useful if you have very bad network
1507 connectivity or are consulting a very slow web site or one that
1508 provides wrong cache control
1509 information@footnote{@code{www.microsoft.com} comes to mind.} and are
1510 willing to manually revalidate pages that you suspect are stale.
1512 Finally, if @code{mindlesslyCacheVary} is true, the presence of a
1513 @samp{Vary} header (which indicates that content-negotiation occurred,
1514 @pxref{Censor Accept-Language}) is ignored, and cached negotiated
1515 instances are mindlessly returned to the client. If it is false (the
1516 default), negotiated instances are revalidated on every client
1519 A number of servers incorrectly mark variable resources as cachable;
1520 such servers can be worked around in polipo by manually marking given
1521 categories of objects as uncachable. If @code{dontCacheCookies} is
1522 true, all pages carrying HTTP cookies will be treated as uncachable.
1523 If @code{dontCacheRedirects} is true, all redirects (301 and 302) will
1524 be treated as uncachable. Finally, if everything else fails, a list
1525 of uncachable URLs can be given in the file specified by
1526 @code{uncachableFile}, which has the same format as the
1527 @code{forbiddenFile} (@pxref{Internal forbidden list}). If not
1528 specified, this file defaults to @samp{~/.polipo-uncachable} or
1529 @samp{/etc/polipo/uncachable}, whichever exists.
1531 @node Memory cache, Disk cache, Cache transparency, Caching
1532 @section The in-memory cache
1534 The memory cache consists of a list of HTTP and DNS objects maintained
1535 in least-recently used order. An index to the in-memory cache is
1536 maintained as a (closed) hash table.
1538 When the in-memory cache grows beyond a certain size (controlled by a
1539 number of variables, @pxref{Memory usage}), or when a hash table
1540 collision occurs, resources are written out to disk.
1542 @node Disk cache, , Memory cache, Caching
1543 @section The on-disk cache
1546 @vindex diskCacheRoot
1547 @vindex maxDiskEntries
1548 @vindex diskCacheWriteoutOnClose
1549 @vindex diskCacheFilePermissions
1550 @vindex diskCacheDirectoryPermissions
1551 @vindex maxDiskCacheEntrySize
1553 The on-disk cache consists in a filesystem subtree rooted at a
1554 location defined by the variable @code{diskCacheRoot}, by default
1555 @code{"/var/cache/polipo/"}. This directory should normally be
1556 writeable, readable and seekable by the user running Polipo. It
1557 should normally point at a local filesystem; however, using NFSv3
1558 should be safe in most implementations, but NFSv2 is definitely
1559 not@footnote{Polipo assumes that @samp{open(O_CREAT | O_EXCL)} works
1562 If @code{diskCacheRoot} is an empty string, no disk cache is used.
1564 The value @code{maxDiskEntries} (32 by default) is the absolute
1565 maximum of file descriptors held open for on-disk objects. When this
1566 limit is reached, Polipo will close descriptors on a
1567 least-recently-used basis, which will cause no harm other than a
1568 decrease in performance. This value should be set to be slightly
1569 larger than the number of resources that you expect to be live at a
1570 single time; defining the right notion of liveness is left as an
1571 exercise for the interested reader.
1573 The value @code{diskCacheWriteoutOnClose} (32@dmn{kB} by default) is
1574 the amount of data that Polipo will write out when closing a disk
1575 file. Writing out data when closing a file can avoid subsequently
1576 reopening and validating it, but causes unnecessary work if the
1577 instance is later superseded.
1579 The integers @code{diskCacheDirectoryPermissions} and
1580 @code{diskCacheFilePermissions} are the Unix filesystem permissions
1581 with which files and directories are created in the on-disk cache.
1583 The variable @code{maxDiskCacheEntrySize} specifies the maximum size,
1584 in bytes, of an instance that is stored in the disk cache.
1587 * Asynchronous writing:: Writing out data when idle.
1588 * Purging:: Purging the on-disk cache.
1589 * Disk format:: Format of the on-disk cache.
1592 @node Asynchronous writing, Purging, Disk cache, Disk cache
1593 @subsection Asynchronous writing
1595 @vindex maxObjectsWhenIdle
1596 @vindex maxWriteoutWhenIdle
1598 When Polipo runs out of memory (@pxref{Limiting memory usage}), it
1599 will start discarding instances from its memory cache. If a disk
1600 cache has been configured, it will write out any instance that it
1601 discards. Any memory allocation that prompted the purge must then
1602 wait for the write to complete.
1604 In order to avoid the latency hit that this causes, Polipo will
1605 preemptively write out instances to the disk cache whenever it is
1606 idle. The integer @code{idleTime} specifies the time during which
1607 Polipo will remain idle before it starts writing out random objects to
1608 the on-disk cache; this value defaults to 30@dmn{s}. You may want to
1609 decrease this value for a busy cache with little memory, or increase
1610 it if your cache is often idle and has a lot of memory.
1612 The value @code{maxObjectsWhenIdle} (default 32) specifies the
1613 maximum number of instances that an idle Polipo will write out without
1614 checking whether there's any new work to do. The value
1615 @code{maxWriteoutWhenIdle} specifies the maximum amount of data
1616 (default 64@dmn{kB}) that Polipo will write out without checking for new
1619 @node Purging, Disk format, Asynchronous writing, Disk cache
1620 @subsection Purging the on-disk cache
1622 @vindex diskCacheUnlinkTime
1623 @vindex diskCacheTruncateTime
1624 @vindex diskCacheTruncateSize
1625 @vindex preciseExpiry
1627 Polipo never removes a file in its on-disk cache, except when it finds
1628 that the instance that it represents has been superseded by a newer
1629 version. In order to keep the on-disk cache from growing without
1630 bound, it is necessary to @dfn{purge} it once in a while. Purging the
1631 cache typically consists in removing some files, truncating large
1632 files (@pxref{Partial instances}) or moving them to off-line storage.
1634 Polipo itself can be used to purge its on-disk cache; this is done by
1635 invoking Polipo with the @option{-x} flag. However, as resources are
1636 stored on disk in plain files (@pxref{Disk format}), any utility that
1637 can parse the files written by Polipo can be used.
1639 Purging the on-disk cache can be safely done when Polipo is running as
1640 long as no file is ever modified in place; in particular, it is
1641 @emph{not} safe to truncate a file in-place. It @emph{is} safe to
1642 unlink (remove, delete) files in the disk cache, or to add new files
1643 to the cache (in which case you should perform an exclusive open).
1644 Polipo's behaviour when invoked with the flag @option{-x} does obey
1647 For a purge to be effective, it is necessary to cause Polipo to
1648 write-out its in-memory cache to disk (@pxref{Stopping}).
1649 Additionally, Polipo will not necessarily notice the changed files
1650 until it attempts to access them; thus, you will want it to discard
1651 its in-memory cache after performing the purge. The safe way of
1652 performing a purge is therefore:
1654 $ kill -USR1 @var{polipo-pid}
1657 $ kill -USR2 @var{polipo-pid}
1660 The behaviour of the @option{-x} flag is controlled by three
1661 configuration variables. The variable @code{diskCacheUnlinkTime}
1662 specifies the time during which an on-disk entry should remain unused
1663 before it is eligible for removal; it defaults to 32 days.
1665 The variable @code{diskCacheTruncateTime} specifies the time for which
1666 an on-disk entry should remain unused before it is eligible for
1667 truncation; it defaults to 4 days and a half. The variable
1668 @code{diskCacheTruncateSize} specifies the size at which files are
1669 truncated after they have not been accessed for
1670 @code{diskCacheTruncateTime}; it defaults to 1@dmn{MB}.
1672 Usually, Polipo uses a files modification time in order to determine
1673 whether it is old enough to be expirable. This heuristic can be
1674 disabled by setting the variable @code{preciseExpiry} to true.
1676 @node Disk format, , Purging, Disk cache
1677 @subsection Format of the on-disk cache
1678 @vindex DISK_CACHE_BODY_OFFSET
1679 @cindex on-disk file
1680 @cindex on-disk cache
1682 The on-disk cache consists of a collection of files, one per instance.
1683 The format of an on-disk resource is similar to that of an HTTP
1684 message: it starts with an HTTP status line, followed by HTTP headers,
1685 followed by a blank line (@samp{\r\n\r\n}). The blank line is
1686 optionally followed by a number of binary zeroes. The body of the
1689 The headers of an on-disk file have a few minor differences with HTTP
1690 messages. Obviously, there is never a @samp{Transfer-Encoding} line.
1691 A few additional headers are used by Polipo for its internal
1695 @samp{X-Polipo-Location}: this is the URL of the resource stored in this
1696 file. This is always present.
1699 @samp{X-Polipo-Date}: this is Polipo's estimation of the date at which
1700 this instance was last validated, and is used for generating the
1701 @samp{Age} header of HTTP messages. This is optional, and only stored
1702 if different from the instance's date.
1705 @samp{X-Polipo-Access}: this is the date when the instance was last
1706 accessed by Polipo, and is used for cache purging (@pxref{Purging}).
1707 This is optional, and is absent if the instance was never accessed.
1710 @samp{X-Polipo-Body-Offset}: the presence of this line indicates that
1711 the blank line following the headers is followed by a number of zero
1712 bytes. Its value is an integer, which indicates the offset since the
1713 beginning of the file at which the instance body actually starts.
1714 This line is optional, and if absent the body starts immediately after
1719 @node Memory usage, Copying, Caching, Top
1720 @chapter Memory usage
1723 Polipo uses two distinct pools of memory, the @dfn{chunk pool} and
1724 the @dfn{malloc pool}.
1727 * Chunk memory:: Chunk memory.
1728 * Malloc memory:: Malloc memory.
1729 * Limiting memory usage:: Limiting Polipo's memory usage.
1732 @node Chunk memory, Malloc memory, Memory usage, Memory usage
1733 @section Chunk memory
1736 @vindex MALLOC_CHUNKS
1740 Most of the memory used by Polipo is stored in chunks, fixed-size
1741 blocks of memory; the size of a chunk is defined by the compile-time
1742 constant @code{CHUNK_SIZE}, and defaults to 4096 bytes. Chunks are
1743 used for storing object data (bodies of instances) and for temporary
1744 I/O buffers. Increasing the chunk size increases performance
1745 somewhat, but at the cost of larger granularity of allocation and
1746 hence larger memory usage.
1748 By default, Polipo uses a hand-crafted memory allocator based on
1749 @code{mmap}(2) (@code{VirtualAlloc} under Windows) for allocating
1750 chunks; while this is very slightly faster than the stock memory
1751 allocator, its main benefit is that it limits memory fragmentation.
1752 It is possible to disable the chunk allocator, and use
1753 @code{malloc}(3) for all memory allocation, by defining
1754 @code{MALLOC_CHUNKS} at compile time; this is probably only useful for
1757 There is one assumption made about @code{CHUNK_SIZE}:
1758 @code{CHUNK_SIZE} multiplied by the number of bits in an
1759 @code{unsigned int} (actually in a @code{ChunkBitmap} --- see
1760 @file{chunk.c}) must be a multiple of the page size, which is 4096 on
1761 most systems (8192 on Alpha, 65536 on Windows --- go figure).
1763 As all network I/O will be performed in units of one to two chunks,
1764 @code{CHUNK_SIZE} should be at least equal to your network interface's
1765 MTU (typically 1500 bytes). Additionally, as much I/O will be done at
1766 @code{CHUNK_SIZE}-aligned addresses, @code{CHUNK_SIZE} should ideally
1767 be a multiple of the page size.
1769 In summary, 2048, 4096, 8192 and 16384 are good choices for
1772 @node Malloc memory, Limiting memory usage, Chunk memory, Memory usage
1773 @section Malloc allocation
1777 Polipo uses the standard @code{malloc}(3) memory allocator for
1778 allocating small data structures (up to 100 bytes), small strings and
1779 atoms (unique strings).
1781 @node Limiting memory usage, , Malloc memory, Memory usage
1782 @section Limiting Polipo's memory usage
1783 @cindex limiting memory
1786 Polipo is designed to work well when given little memory, but will
1787 happily scale to larger configurations. For that reason, you need to
1788 inform it of the amount of memory it can use.
1791 * Limiting chunk usage:: Discard objects when low on chunks.
1792 * Limiting object usage:: Limit the number of objects.
1793 * OS usage limits:: Don't impose OS limits.
1796 @node Limiting chunk usage, Limiting object usage, Limiting memory usage, Limiting memory usage
1797 @subsection Limiting chunk usage
1799 @vindex chunkHighMark
1800 @vindex chunkCriticalMark
1801 @vindex chunkLowMark
1806 You can limit Polipo's usage of chunk memory by setting
1807 @code{chunkHighMark} and @code{chunkLowMark}.
1809 The value @code{chunkHighMark} is the absolute maximum number of bytes
1810 of allocated chunk memory. When this value is reached, Polipo will
1811 try to purge objects from its in-memory cache; if that fails to free
1812 memory, Polipo will start dropping connections.
1814 When chunk usage falls back below @code{chunkLowMark}, Polipo will
1815 stop discarding in-memory objects. The value
1816 @code{chunkCriticalMark}, which should be somewhere between
1817 @code{chunkLowMark} and @code{chunkHighMark}, specifies the value
1818 above which Polipo will make heroic efforts to free memory, including
1819 punching holes in the middle of instances, but without dropping
1822 Unless set explicitly, both @code{chunkLowMark} and
1823 @code{chunkCriticalMark} are computed automatically from
1824 @code{chunkHighMark}.
1826 @node Limiting object usage, OS usage limits, Limiting chunk usage, Limiting memory usage
1827 @subsection Limiting object usage
1829 @vindex objectHighMark
1830 @vindex publicObjectLowMark
1831 @vindex objectHashTableSize
1833 Besides limiting chunk usage, it is possible to limit Polipo's memory
1834 usage by bounding the number of objects it keeps in memory at any given
1835 time. This is done with @code{objectHighMark} and
1836 @code{publicObjectLowMark}.
1838 The value @code{objectHighMark} is the absolute maximum of objects
1839 held in memory (including resources and server addresses). When the
1840 number of in-memory public objects falls below
1841 @code{publicObjectLowMark}, Polipo will stop writing out objects to
1842 disk (private objects are discarded as soon as possible).
1844 On 32-bit architectures, every object costs 108 bytes of memory, plus
1845 storage for every globally unique header that is not handled specially
1846 (hopefully negligible), plus an overhead of one word (4 bytes) for
1847 every chunk of data in the object.
1849 You may also want to change @code{objectHashTableSize}. This is the
1850 size of the hash table used for holding objects; it should be a power
1851 of two and defaults to eight times @code{objectHighMark}. Increasing
1852 this value will reduce the number of objects being written out to disk
1853 due to hash table collisions. Every hash table entry costs one word.
1855 @node OS usage limits, , Limiting object usage, Limiting memory usage
1856 @subsection OS usage limits
1861 Many operating systems permit limiting a process' memory usage by
1862 setting a @dfn{usage limit}; on most Unix-like systems, this is done
1863 with the @option{-v} option to the @command{ulimit} command.
1864 Typically, the effect is to cause calls to the @code{malloc} and
1865 @code{mmap} library functions to fail.
1867 Polipo will usually react gracefully to failures to allocate
1868 memory@footnote{There are exactly three places in the code where
1869 Polipo will give up and exit if out of memory; all three are extremely
1870 unlikely to happen in practice.}. Nonetheless, you should avoid using
1871 OS limits to limit Polipo's memory usage: when it hits an OS limit,
1872 Polipo cannot allocate the memory needed to schedule recovery from the
1873 out-of-memory condition, and has no choice other than to drop a
1876 Unfortunately, some operating system kernels (notably certain Linux
1877 releases) fail to fail an allocation if no usage limit is given;
1878 instead, they either crash when memory is exhausted, or else start
1879 killing random processes with no advance warning. On such systems,
1880 imposing a (unrealistically large) usage limit on Polipo is the safe
1883 @node Copying, Variable index, Memory usage, Top
1885 Polipo is distributed under the following terms. In short, you are
1886 allowed to do anything you wish with Polipo as long as you don't deny
1887 my right to be recognised as the author and you don't blame me if
1888 anything goes wrong.
1891 Copyright @copyright{} 2003--2006 by Juliusz Chroboczek
1893 Permission is hereby granted, free of charge, to any person obtaining a copy
1894 of this software and associated documentation files (the "Software"), to deal
1895 in the Software without restriction, including without limitation the rights
1896 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
1897 copies of the Software, and to permit persons to whom the Software is
1898 furnished to do so, subject to the following conditions:
1900 The above copyright notice and this permission notice shall be included in
1901 all copies or substantial portions of the Software.
1903 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
1904 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
1905 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
1906 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
1907 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
1908 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
1912 @node Variable index, Concept index, Copying, Top
1913 @unnumbered Variable index
1916 @node Concept index, , Variable index, Top
1917 @unnumbered Concept index