[thirdparty/squid.git] / src / acl / ConnMark.cc

/*
 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/* DEBUG: section 28    Access Control */

#include "squid.h"
#include "acl/ConnMark.h"
#include "acl/FilledChecklist.h"
#include "base/IoManip.h"
#include "client_side.h"
#include "debug/Stream.h"
#include "http/Stream.h"
#include "sbuf/Stream.h"

bool
Acl::ConnMark::empty() const
{
    return false;
}

void
Acl::ConnMark::parse()
{
    while (const char *t = ConfigParser::strtokFile()) {
        SBuf token(t);
        Parser::Tokenizer tokenizer(token);
        const auto mc = Ip::NfMarkConfig::Parse(token);
        marks.push_back(mc);
        debugs(28, 7, "added " << mc);
    }

    if (marks.empty()) {
        throw TexcHere(ToSBuf("acl ", typeString(), " requires at least one mark"));
    }
}

int
Acl::ConnMark::match(ACLChecklist *cl)
{
    const auto *checklist = Filled(cl);
    const auto conn = checklist->conn();

    if (conn && conn->clientConnection) {
        const auto connmark = conn->clientConnection->nfConnmark;

        for (const auto &m : marks) {
            if (m.matches(connmark)) {
                debugs(28, 5, "found " << m << " matching " << asHex(connmark));
                return 1;
            }
            debugs(28, 7, "skipped " << m << " mismatching " << asHex(connmark));
        }
    } else {
        debugs(28, 7, "fails: no client connection");
    }

    return 0;
}

SBufList
Acl::ConnMark::dump() const
{
    SBufList sl;
    for (const auto &m : marks) {
        sl.push_back(ToSBuf(m));
    }
    return sl;
}

char const *
Acl::ConnMark::typeString() const
{
    return "client_connection_mark";
}
Commit	Line	Data
653d9927	1	/*
b8ae064d	2	* Copyright (C) 1996-2023 The Squid Software Foundation and contributors
653d9927 A	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
	7	*/
	8
	9	/* DEBUG: section 28 Access Control */
	10
	11	#include "squid.h"
	12	#include "acl/ConnMark.h"
	13	#include "acl/FilledChecklist.h"
675b8408	14	#include "base/IoManip.h"
653d9927	15	#include "client_side.h"
675b8408	16	#include "debug/Stream.h"
653d9927 A	17	#include "http/Stream.h"
	18	#include "sbuf/Stream.h"
	19
	20	bool
	21	Acl::ConnMark::empty() const
	22	{
	23	return false;
	24	}
	25
653d9927 A	26	void
	27	Acl::ConnMark::parse()
	28	{
	29	while (const char *t = ConfigParser::strtokFile()) {
	30	SBuf token(t);
	31	Parser::Tokenizer tokenizer(token);
244da4ad AG	32	const auto mc = Ip::NfMarkConfig::Parse(token);
	33	marks.push_back(mc);
	34	debugs(28, 7, "added " << mc);
653d9927 A	35	}
	36
	37	if (marks.empty()) {
	38	throw TexcHere(ToSBuf("acl ", typeString(), " requires at least one mark"));
	39	}
	40	}
	41
	42	int
	43	Acl::ConnMark::match(ACLChecklist *cl)
	44	{
	45	const auto *checklist = Filled(cl);
cad2828e	46	const auto conn = checklist->conn();
653d9927	47
cad2828e AG	48	if (conn && conn->clientConnection) {
	49	const auto connmark = conn->clientConnection->nfConnmark;
	50
	51	for (const auto &m : marks) {
	52	if (m.matches(connmark)) {
	53	debugs(28, 5, "found " << m << " matching " << asHex(connmark));
	54	return 1;
	55	}
	56	debugs(28, 7, "skipped " << m << " mismatching " << asHex(connmark));
653d9927	57	}
cad2828e AG	58	} else {
cad2828e AG	59	debugs(28, 7, "fails: no client connection");
653d9927	60	}
cad2828e	61
653d9927 A	62	return 0;
	63	}
	64
	65	SBufList
	66	Acl::ConnMark::dump() const
	67	{
	68	SBufList sl;
	69	for (const auto &m : marks) {
	70	sl.push_back(ToSBuf(m));
	71	}
	72	return sl;
	73	}
	74
	75	char const *
	76	Acl::ConnMark::typeString() const
	77	{
244da4ad	78	return "client_connection_mark";
653d9927 A	79	}
653d9927 A	80