]> git.ipfire.org Git - thirdparty/squid.git/blob - src/acl/Arp.cc
projects / thirdparty / squid.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
SourceFormat Enforcement
[thirdparty/squid.git] / src / acl / Arp.cc
1 /*
2 * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9 /* DEBUG: section 28 Access Control */
10
11 #include "squid.h"
12
13 #if USE_SQUID_EUI
14
15 #include "acl/Arp.h"
16 #include "acl/FilledChecklist.h"
17 #include "Debug.h"
18 #include "eui/Eui48.h"
19 #include "globals.h"
20 #include "ip/Address.h"
21
22 #include <algorithm>
23
24 ACL *
25 ACLARP::clone() const
26 {
27 return new ACLARP(*this);
28 }
29
30 ACLARP::ACLARP (char const *theClass) : class_ (theClass)
31 {}
32
33 ACLARP::ACLARP (ACLARP const & old) : class_ (old.class_), aclArpData(old.aclArpData)
34 {
35 }
36
37 char const *
38 ACLARP::typeString() const
39 {
40 return class_;
41 }
42
43 bool
44 ACLARP::empty () const
45 {
46 return aclArpData.empty();
47 }
48
49 /* ==== BEGIN ARP ACL SUPPORT ============================================= */
50
51 /*
52 * From: dale@server.ctam.bitmcnit.bryansk.su (Dale)
53 * To: wessels@nlanr.net
54 * Subject: Another Squid patch... :)
55 * Date: Thu, 04 Dec 1997 19:55:01 +0300
56 * ============================================================================
57 *
58 * Working on setting up a proper firewall for a network containing some
59 * Win'95 computers at our Univ, I've discovered that some smart students
60 * avoid the restrictions easily just changing their IP addresses in Win'95
61 * Contol Panel... It has been getting boring, so I took Squid-1.1.18
62 * sources and added a new acl type for hard-wired access control:
63 *
64 * acl <name> arp <Ethernet address> ...
65 *
66 * For example,
67 *
68 * acl students arp 00:00:21:55:ed:22 00:00:21:ff:55:38
69 *
70 * NOTE: Linux code by David Luyer <luyer@ucs.uwa.edu.au>.
71 * Original (BSD-specific) code no longer works.
72 * Solaris code by R. Gancarz <radekg@solaris.elektrownia-lagisza.com.pl>
73 */
74
75 Eui::Eui48 *
76 aclParseArpData(const char *t)
77 {
78 char buf[256];
79 Eui::Eui48 *q = new Eui::Eui48;
80 debugs(28, 5, "aclParseArpData: " << t);
81
82 if (sscanf(t, "%[0-9a-fA-F:]", buf) != 1) {
83 debugs(28, DBG_CRITICAL, "aclParseArpData: Bad ethernet address: '" << t << "'");
84 delete q;
85 return NULL;
86 }
87
88 if (!q->decode(buf)) {
89 debugs(28, DBG_CRITICAL, "" << cfg_filename << " line " << config_lineno << ": " << config_input_line);
90 debugs(28, DBG_CRITICAL, "aclParseArpData: Ignoring invalid ARP acl entry: can't parse '" << buf << "'");
91 delete q;
92 return NULL;
93 }
94
95 return q;
96 }
97
98 /*******************/
99 /* aclParseArpList */
100 /*******************/
101 void
102 ACLARP::parse()
103 {
104 while (const char *t = ConfigParser::strtokFile()) {
105 if (Eui::Eui48 *q = aclParseArpData(t)) {
106 aclArpData.insert(*q);
107 delete q;
108 }
109 }
110 }
111
112 int
113 ACLARP::match(ACLChecklist *cl)
114 {
115 ACLFilledChecklist *checklist = Filled(cl);
116
117 /* IPv6 does not do ARP */
118 if (!checklist->src_addr.isIPv4()) {
119 debugs(14, 3, "ACLARP::match: IPv4 Required for ARP Lookups. Skipping " << checklist->src_addr );
120 return 0;
121 }
122
123 Eui::Eui48 lookingFor;
124 lookingFor.lookup(checklist->src_addr);
125 return (aclArpData.find(lookingFor) != aclArpData.end());
126 }
127
128 SBufList
129 ACLARP::dump() const
130 {
131 SBufList sl;
132 for (auto i = aclArpData.begin(); i != aclArpData.end(); ++i) {
133 char buf[48];
134 i->encode(buf,48);
135 sl.push_back(SBuf(buf));
136 }
137 return sl;
138 }
139
140 /* ==== END ARP ACL SUPPORT =============================================== */
141
142 #endif /* USE_SQUID_EUI */
143
Mirror of https://github.com/squid-cache/squid.git