]> git.ipfire.org Git - thirdparty/squid.git/blob - src/acl/Asn.cc
projects / thirdparty / squid.git / blob
? search:


59037e2a391a66cebf4be809c70d1fab230267db
[thirdparty/squid.git] / src / acl / Asn.cc
1 /*
2 * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9 /* DEBUG: section 53 AS Number handling */
10
11 #include "squid.h"
12 #include "acl/Acl.h"
13 #include "acl/Asn.h"
14 #include "acl/Checklist.h"
15 #include "acl/DestinationAsn.h"
16 #include "acl/DestinationIp.h"
17 #include "acl/SourceAsn.h"
18 #include "acl/Strategised.h"
19 #include "FwdState.h"
20 #include "HttpReply.h"
21 #include "HttpRequest.h"
22 #include "ipcache.h"
23 #include "MasterXaction.h"
24 #include "mgr/Registration.h"
25 #include "radix.h"
26 #include "RequestFlags.h"
27 #include "SquidConfig.h"
28 #include "Store.h"
29 #include "StoreClient.h"
30
31 #ifndef AS_REQBUF_SZ
32 #define AS_REQBUF_SZ 4096
33 #endif
34
35 /* BEGIN of definitions for radix tree entries */
36
37 /* 32/128 bits address in memory with length */
38 class m_ADDR
39 {
40 public:
41 uint8_t len;
42 Ip::Address addr;
43
44 m_ADDR() : len(sizeof(Ip::Address)) {};
45 };
46
47 /* END of definitions for radix tree entries */
48
49 /* Head for ip to asn radix tree */
50
51 struct squid_radix_node_head *AS_tree_head;
52
53 /* explicit instantiation required for some systems */
54
55 /// \cond AUTODOCS_IGNORE
56 template cbdata_type CbDataList<int>::CBDATA_CbDataList;
57 /// \endcond
58
59 /**
60 * Structure for as number information. it could be simply
61 * a list but it's coded as a structure for future
62 * enhancements (e.g. expires)
63 */
64 struct as_info {
65 CbDataList<int> *as_number;
66 time_t expires; /* NOTUSED */
67 };
68
69 class ASState
70 {
71 CBDATA_CLASS(ASState);
72
73 public:
74 ASState() {
75 memset(reqbuf, 0, sizeof(reqbuf));
76 }
77 ~ASState() {
78 if (entry) {
79 debugs(53, 3, entry->url());
80 storeUnregister(sc, entry, this);
81 entry->unlock("~ASState");
82 }
83 }
84
85 public:
86 StoreEntry *entry = nullptr;
87 store_client *sc = nullptr;
88 HttpRequest::Pointer request;
89 int as_number = 0;
90 int64_t offset = 0;
91 int reqofs = 0;
92 char reqbuf[AS_REQBUF_SZ];
93 bool dataRead = false;
94 };
95
96 CBDATA_CLASS_INIT(ASState);
97
98 /** entry into the radix tree */
99 struct rtentry_t {
100 struct squid_radix_node e_nodes[2];
101 as_info *e_info;
102 m_ADDR e_addr;
103 m_ADDR e_mask;
104 };
105
106 static int asnAddNet(char *, int);
107
108 static void asnCacheStart(int as);
109
110 static STCB asHandleReply;
111
112 #if defined(__cplusplus)
113 extern "C" {
114 #endif
115
116 static int destroyRadixNode(struct squid_radix_node *rn, void *w);
117 static int printRadixNode(struct squid_radix_node *rn, void *sentry);
118
119 #if defined(__cplusplus)
120 }
121 #endif
122
123 void asnAclInitialize(ACL * acls);
124
125 static void destroyRadixNodeInfo(as_info *);
126
127 static OBJH asnStats;
128
129 /* PUBLIC */
130
131 int
132 asnMatchIp(CbDataList<int> *data, Ip::Address &addr)
133 {
134 struct squid_radix_node *rn;
135 as_info *e;
136 m_ADDR m_addr;
137 CbDataList<int> *a = nullptr;
138 CbDataList<int> *b = nullptr;
139
140 debugs(53, 3, "asnMatchIp: Called for " << addr );
141
142 if (AS_tree_head == nullptr)
143 return 0;
144
145 if (addr.isNoAddr())
146 return 0;
147
148 if (addr.isAnyAddr())
149 return 0;
150
151 m_addr.addr = addr;
152
153 rn = squid_rn_match(&m_addr, AS_tree_head);
154
155 if (rn == nullptr) {
156 debugs(53, 3, "asnMatchIp: Address not in as db.");
157 return 0;
158 }
159
160 debugs(53, 3, "asnMatchIp: Found in db!");
161 e = ((rtentry_t *) rn)->e_info;
162 assert(e);
163
164 for (a = data; a; a = a->next)
165 for (b = e->as_number; b; b = b->next)
166 if (a->element == b->element) {
167 debugs(53, 5, "asnMatchIp: Found a match!");
168 return 1;
169 }
170
171 debugs(53, 5, "asnMatchIp: AS not in as db.");
172 return 0;
173 }
174
175 void
176 ACLASN::prepareForUse()
177 {
178 for (CbDataList<int> *i = data; i; i = i->
179 next)
180 asnCacheStart(i->element);
181 }
182
183 static void
184 asnRegisterWithCacheManager(void)
185 {
186 Mgr::RegisterAction("asndb", "AS Number Database", asnStats, 0, 1);
187 }
188
189 /* initialize the radix tree structure */
190
191 SQUIDCEXTERN int squid_max_keylen; /* yuck.. this is in lib/radix.c */
192
193 void
194 asnInit(void)
195 {
196 static bool inited = false;
197 squid_max_keylen = 40;
198
199 if (!inited) {
200 inited = true;
201 squid_rn_init();
202 }
203
204 squid_rn_inithead(&AS_tree_head, 8);
205
206 asnRegisterWithCacheManager();
207 }
208
209 void
210 asnFreeMemory(void)
211 {
212 squid_rn_walktree(AS_tree_head, destroyRadixNode, AS_tree_head);
213
214 destroyRadixNode((struct squid_radix_node *) nullptr, (void *) AS_tree_head);
215 }
216
217 static void
218 asnStats(StoreEntry * sentry)
219 {
220 storeAppendPrintf(sentry, "Address \tAS Numbers\n");
221 squid_rn_walktree(AS_tree_head, printRadixNode, sentry);
222 }
223
224 /* PRIVATE */
225
226 static void
227 asnCacheStart(int as)
228 {
229 AnyP::Uri whoisUrl(AnyP::PROTO_WHOIS);
230 whoisUrl.host(Config.as_whois_server);
231 whoisUrl.defaultPort();
232
233 SBuf asPath("/!gAS");
234 asPath.appendf("%d", as);
235 whoisUrl.path(asPath);
236
237 debugs(53, 3, "AS " << as);
238 ASState *asState = new ASState;
239 asState->as_number = as;
240 const auto mx = MasterXaction::MakePortless<XactionInitiator::initAsn>();
241 asState->request = new HttpRequest(mx);
242 asState->request->url = whoisUrl;
243 asState->request->method = Http::METHOD_GET;
244
245 // XXX: performance regression, c_str() reallocates
246 const auto asres = xstrdup(whoisUrl.absolute().c_str());
247
248 // XXX: Missing a hittingRequiresCollapsing() && startCollapsingOn() check.
249 auto e = storeGetPublic(asres, Http::METHOD_GET);
250 if (!e) {
251 e = storeCreateEntry(asres, asres, RequestFlags(), Http::METHOD_GET);
252 asState->sc = storeClientListAdd(e, asState);
253 FwdState::fwdStart(Comm::ConnectionPointer(), e, asState->request.getRaw());
254 } else {
255 e->lock("Asn");
256 asState->sc = storeClientListAdd(e, asState);
257 }
258 xfree(asres);
259
260 asState->entry = e;
261 StoreIOBuffer readBuffer (AS_REQBUF_SZ, asState->offset, asState->reqbuf);
262 storeClientCopy(asState->sc, e, readBuffer, asHandleReply, asState);
263 }
264
265 static void
266 asHandleReply(void *data, StoreIOBuffer result)
267 {
268 ASState *asState = (ASState *)data;
269 StoreEntry *e = asState->entry;
270 char *s;
271 char *t;
272 char *buf = asState->reqbuf;
273 int leftoversz = -1;
274
275 debugs(53, 3, "asHandleReply: Called with size=" << (unsigned int)result.length);
276 debugs(53, 3, "asHandleReply: buffer='" << buf << "'");
277
278 /* First figure out whether we should abort the request */
279
280 if (EBIT_TEST(e->flags, ENTRY_ABORTED)) {
281 delete asState;
282 return;
283 }
284
285 if (result.length == 0 && asState->dataRead) {
286 debugs(53, 3, "asHandleReply: Done: " << e->url());
287 delete asState;
288 return;
289 } else if (result.flags.error) {
290 debugs(53, DBG_IMPORTANT, "ERROR: asHandleReply: Called with Error set and size=" << (unsigned int) result.length);
291 delete asState;
292 return;
293 } else if (e->mem().baseReply().sline.status() != Http::scOkay) {
294 debugs(53, DBG_IMPORTANT, "WARNING: AS " << asState->as_number << " whois request failed");
295 delete asState;
296 return;
297 }
298
299 /*
300 * Next, attempt to parse our request
301 * Remembering that the actual buffer size is retsize + reqofs!
302 */
303 s = buf;
304
305 while ((size_t)(s - buf) < result.length + asState->reqofs && *s != '\0') {
306 while (*s && xisspace(*s))
307 ++s;
308
309 for (t = s; *t; ++t) {
310 if (xisspace(*t))
311 break;
312 }
313
314 if (*t == '\0') {
315 /* oof, word should continue on next block */
316 break;
317 }
318
319 *t = '\0';
320 debugs(53, 3, "asHandleReply: AS# " << s << " (" << asState->as_number << ")");
321 asnAddNet(s, asState->as_number);
322 s = t + 1;
323 asState->dataRead = true;
324 }
325
326 /*
327 * Next, grab the end of the 'valid data' in the buffer, and figure
328 * out how much data is left in our buffer, which we need to keep
329 * around for the next request
330 */
331 leftoversz = (asState->reqofs + result.length) - (s - buf);
332
333 assert(leftoversz >= 0);
334
335 /*
336 * Next, copy the left over data, from s to s + leftoversz to the
337 * beginning of the buffer
338 */
339 memmove(buf, s, leftoversz);
340
341 /*
342 * Next, update our offset and reqofs, and kick off a copy if required
343 */
344 asState->offset += result.length;
345
346 asState->reqofs = leftoversz;
347
348 debugs(53, 3, "asState->offset = " << asState->offset);
349
350 if (e->store_status == STORE_PENDING) {
351 debugs(53, 3, "asHandleReply: store_status == STORE_PENDING: " << e->url() );
352 StoreIOBuffer tempBuffer (AS_REQBUF_SZ - asState->reqofs,
353 asState->offset,
354 asState->reqbuf + asState->reqofs);
355 storeClientCopy(asState->sc,
356 e,
357 tempBuffer,
358 asHandleReply,
359 asState);
360 } else {
361 StoreIOBuffer tempBuffer;
362 debugs(53, 3, "asHandleReply: store complete, but data received " << e->url() );
363 tempBuffer.offset = asState->offset;
364 tempBuffer.length = AS_REQBUF_SZ - asState->reqofs;
365 tempBuffer.data = asState->reqbuf + asState->reqofs;
366 storeClientCopy(asState->sc,
367 e,
368 tempBuffer,
369 asHandleReply,
370 asState);
371 }
372 }
373
374 /**
375 * add a network (addr, mask) to the radix tree, with matching AS number
376 */
377 static int
378 asnAddNet(char *as_string, int as_number)
379 {
380 struct squid_radix_node *rn;
381 CbDataList<int> **Tail = nullptr;
382 CbDataList<int> *q = nullptr;
383 as_info *asinfo = nullptr;
384
385 Ip::Address mask;
386 Ip::Address addr;
387 char *t;
388 int bitl;
389
390 t = strchr(as_string, '/');
391
392 if (t == nullptr) {
393 debugs(53, 3, "asnAddNet: failed, invalid response from whois server.");
394 return 0;
395 }
396
397 *t = '\0';
398 addr = as_string;
399 bitl = atoi(t + 1);
400
401 if (bitl < 0)
402 bitl = 0;
403
404 // INET6 TODO : find a better way of identifying the base IPA family for mask than this.
405 t = strchr(as_string, '.');
406
407 // generate Netbits Format Mask
408 mask.setNoAddr();
409 mask.applyMask(bitl, (t!=nullptr?AF_INET:AF_INET6) );
410
411 debugs(53, 3, "asnAddNet: called for " << addr << "/" << mask );
412
413 rtentry_t *e = (rtentry_t *)xcalloc(1, sizeof(rtentry_t));
414
415 e->e_addr.addr = addr;
416
417 e->e_mask.addr = mask;
418
419 rn = squid_rn_lookup(&e->e_addr, &e->e_mask, AS_tree_head);
420
421 if (rn != nullptr) {
422 asinfo = ((rtentry_t *) rn)->e_info;
423
424 if (asinfo->as_number->find(as_number)) {
425 debugs(53, 3, "asnAddNet: Ignoring repeated network '" << addr << "/" << bitl << "' for AS " << as_number);
426 } else {
427 debugs(53, 3, "asnAddNet: Warning: Found a network with multiple AS numbers!");
428
429 for (Tail = &asinfo->as_number; *Tail; Tail = &(*Tail)->next);
430 q = new CbDataList<int> (as_number);
431
432 *(Tail) = q;
433
434 e->e_info = asinfo;
435 }
436 } else {
437 q = new CbDataList<int> (as_number);
438 asinfo = (as_info *)xmalloc(sizeof(as_info));
439 asinfo->as_number = q;
440 squid_rn_addroute(&e->e_addr, &e->e_mask, AS_tree_head, e->e_nodes);
441 rn = squid_rn_match(&e->e_addr, AS_tree_head);
442 assert(rn != nullptr);
443 e->e_info = asinfo;
444 }
445
446 if (rn == nullptr) { /* assert might expand to nothing */
447 xfree(asinfo);
448 delete q;
449 xfree(e);
450 debugs(53, 3, "asnAddNet: Could not add entry.");
451 return 0;
452 }
453
454 e->e_info = asinfo;
455 return 1;
456 }
457
458 static int
459 destroyRadixNode(struct squid_radix_node *rn, void *w)
460 {
461
462 struct squid_radix_node_head *rnh = (struct squid_radix_node_head *) w;
463
464 if (rn && !(rn->rn_flags & RNF_ROOT)) {
465 rtentry_t *e = (rtentry_t *) rn;
466 rn = squid_rn_delete(rn->rn_key, rn->rn_mask, rnh);
467
468 if (rn == nullptr)
469 debugs(53, 3, "destroyRadixNode: internal screwup");
470
471 destroyRadixNodeInfo(e->e_info);
472
473 xfree(rn);
474 }
475
476 return 1;
477 }
478
479 static void
480 destroyRadixNodeInfo(as_info * e_info)
481 {
482 CbDataList<int> *prev = nullptr;
483 CbDataList<int> *data = e_info->as_number;
484
485 while (data) {
486 prev = data;
487 data = data->next;
488 delete prev;
489 }
490 }
491
492 static int
493 printRadixNode(struct squid_radix_node *rn, void *_sentry)
494 {
495 StoreEntry *sentry = (StoreEntry *)_sentry;
496 rtentry_t *e = (rtentry_t *) rn;
497 CbDataList<int> *q;
498 as_info *asinfo;
499 char buf[MAX_IPSTRLEN];
500 Ip::Address addr;
501 Ip::Address mask;
502
503 assert(e);
504 assert(e->e_info);
505 addr = e->e_addr.addr;
506 mask = e->e_mask.addr;
507 storeAppendPrintf(sentry, "%s/%d\t",
508 addr.toStr(buf, MAX_IPSTRLEN),
509 mask.cidr() );
510 asinfo = e->e_info;
511 assert(asinfo->as_number);
512
513 for (q = asinfo->as_number; q; q = q->next)
514 storeAppendPrintf(sentry, " %d", q->element);
515
516 storeAppendPrintf(sentry, "\n");
517
518 return 0;
519 }
520
521 ACLASN::~ACLASN()
522 {
523 if (data)
524 delete data;
525 }
526
527 bool
528
529 ACLASN::match(Ip::Address toMatch)
530 {
531 return asnMatchIp(data, toMatch);
532 }
533
534 SBufList
535 ACLASN::dump() const
536 {
537 SBufList sl;
538
539 CbDataList<int> *ldata = data;
540
541 while (ldata != nullptr) {
542 SBuf s;
543 s.Printf("%d", ldata->element);
544 sl.push_back(s);
545 ldata = ldata->next;
546 }
547
548 return sl;
549 }
550
551 bool
552 ACLASN::empty () const
553 {
554 return data == nullptr;
555 }
556
557 void
558 ACLASN::parse()
559 {
560 CbDataList<int> **curlist = &data;
561 CbDataList<int> **Tail;
562 CbDataList<int> *q = nullptr;
563 char *t = nullptr;
564
565 for (Tail = curlist; *Tail; Tail = &((*Tail)->next));
566 while ((t = ConfigParser::strtokFile())) {
567 q = new CbDataList<int> (atoi(t));
568 *(Tail) = q;
569 Tail = &q->next;
570 }
571 }
572
573 /* explicit template instantiation required for some systems */
574
575 template class ACLStrategised<Ip::Address>;
576
577 int
578 ACLSourceASNStrategy::match (ACLData<Ip::Address> * &data, ACLFilledChecklist *checklist)
579 {
580 return data->match(checklist->src_addr);
581 }
582
583 int
584 ACLDestinationASNStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
585 {
586 const ipcache_addrs *ia = ipcache_gethostbyname(checklist->request->url.host(), IP_LOOKUP_IF_MISS);
587
588 if (ia) {
589 for (const auto &ip: ia->goodAndBad()) {
590 if (data->match(ip))
591 return 1;
592 }
593
594 return 0;
595
596 } else if (!checklist->request->flags.destinationIpLookedUp) {
597 /* No entry in cache, lookup not attempted */
598 debugs(28, 3, "can't yet compare '" << AclMatchedName << "' ACL for " << checklist->request->url.host());
599 if (checklist->goAsync(DestinationIPLookup::Instance()))
600 return -1;
601 // else fall through to noaddr match, hiding the lookup failure (XXX)
602 }
603 Ip::Address noaddr;
604 noaddr.setNoAddr();
605 return data->match(noaddr);
606 }
607
Mirror of https://github.com/squid-cache/squid.git