[thirdparty/squid.git] / src / acl / Asn.cc


/*
 * DEBUG: section 53    AS Number handling
 * AUTHOR: Duane Wessels, Kostas Anagnostakis
 *
 * SQUID Web Proxy Cache          http://www.squid-cache.org/
 * ----------------------------------------------------------
 *
 *  Squid is the result of efforts by numerous individuals from
 *  the Internet community; see the CONTRIBUTORS file for full
 *  details.   Many organizations have provided support for Squid's
 *  development; see the SPONSORS file for full details.  Squid is
 *  Copyrighted (C) 2001 by the Regents of the University of
 *  California; see the COPYRIGHT file for full details.  Squid
 *  incorporates software developed and/or copyrighted by other
 *  sources; see the CREDITS file for full details.
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
 *
 */

#include "squid.h"
#include "acl/Acl.h"
#include "acl/Asn.h"
#include "acl/Checklist.h"
#include "acl/DestinationAsn.h"
#include "acl/DestinationIp.h"
#include "acl/SourceAsn.h"
#include "cache_cf.h"
#include "FwdState.h"
#include "HttpReply.h"
#include "HttpRequest.h"
#include "ipcache.h"
#include "mgr/Registration.h"
#include "radix.h"
#include "RequestFlags.h"
#include "SquidConfig.h"
#include "Store.h"
#include "StoreClient.h"
#include "StoreClient.h"
#include "wordlist.h"

#define WHOIS_PORT 43
#define	AS_REQBUF_SZ	4096

/* BEGIN of definitions for radix tree entries */

/* 32/128 bits address in memory with length */
class m_ADDR
{
public:
    uint8_t len;
    Ip::Address addr;

    m_ADDR() : len(sizeof(Ip::Address)) {};
};

/* END of definitions for radix tree entries */

/* Head for ip to asn radix tree */

struct squid_radix_node_head *AS_tree_head;

/* explicit instantiation required for some systems */

/// \cond AUTODOCS-IGNORE
template cbdata_type CbDataList<int>::CBDATA_CbDataList;
/// \endcond

/**
 * Structure for as number information. it could be simply
 * a list but it's coded as a structure for future
 * enhancements (e.g. expires)
 */
struct as_info {
    CbDataList<int> *as_number;
    time_t expires;		/* NOTUSED */
};

struct ASState {
    StoreEntry *entry;
    store_client *sc;
    HttpRequest *request;
    int as_number;
    int64_t offset;
    int reqofs;
    char reqbuf[AS_REQBUF_SZ];
    bool dataRead;
};

/** entry into the radix tree */
struct rtentry_t {
    struct squid_radix_node e_nodes[2];
    as_info *e_info;
    m_ADDR e_addr;
    m_ADDR e_mask;
};

static int asnAddNet(char *, int);

static void asnCacheStart(int as);

static STCB asHandleReply;

#if defined(__cplusplus)
extern "C" {
#endif

    static int destroyRadixNode(struct squid_radix_node *rn, void *w);
    static int printRadixNode(struct squid_radix_node *rn, void *sentry);

#if defined(__cplusplus)
}
#endif

void asnAclInitialize(ACL * acls);

static void asStateFree(void *data);

static void destroyRadixNodeInfo(as_info *);

static OBJH asnStats;

/* PUBLIC */

int
asnMatchIp(CbDataList<int> *data, Ip::Address &addr)
{
    struct squid_radix_node *rn;
    as_info *e;
    m_ADDR m_addr;
    CbDataList<int> *a = NULL;
    CbDataList<int> *b = NULL;

    debugs(53, 3, "asnMatchIp: Called for " << addr );

    if (AS_tree_head == NULL)
        return 0;

    if (addr.isNoAddr())
        return 0;

    if (addr.isAnyAddr())
        return 0;

    m_addr.addr = addr;

    rn = squid_rn_match(&m_addr, AS_tree_head);

    if (rn == NULL) {
        debugs(53, 3, "asnMatchIp: Address not in as db.");
        return 0;
    }

    debugs(53, 3, "asnMatchIp: Found in db!");
    e = ((rtentry_t *) rn)->e_info;
    assert(e);

    for (a = data; a; a = a->next)
        for (b = e->as_number; b; b = b->next)
            if (a->element == b->element) {
                debugs(53, 5, "asnMatchIp: Found a match!");
                return 1;
            }

    debugs(53, 5, "asnMatchIp: AS not in as db.");
    return 0;
}

void
ACLASN::prepareForUse()
{
    for (CbDataList<int> *i = data; i; i = i->
                                           next)
        asnCacheStart(i->element);
}

static void
asnRegisterWithCacheManager(void)
{
    Mgr::RegisterAction("asndb", "AS Number Database", asnStats, 0, 1);
}

/* initialize the radix tree structure */

SQUIDCEXTERN int squid_max_keylen;	/* yuck.. this is in lib/radix.c */

CBDATA_TYPE(ASState);
void
asnInit(void)
{
    static bool inited = false;
    squid_max_keylen = 40;
    CBDATA_INIT_TYPE(ASState);

    if (!inited) {
        inited = true;
        squid_rn_init();
    }

    squid_rn_inithead(&AS_tree_head, 8);

    asnRegisterWithCacheManager();
}

void
asnFreeMemory(void)
{
    squid_rn_walktree(AS_tree_head, destroyRadixNode, AS_tree_head);

    destroyRadixNode((struct squid_radix_node *) 0, (void *) AS_tree_head);
}

static void
asnStats(StoreEntry * sentry)
{
    storeAppendPrintf(sentry, "Address    \tAS Numbers\n");
    squid_rn_walktree(AS_tree_head, printRadixNode, sentry);
}

/* PRIVATE */

static void
asnCacheStart(int as)
{
    LOCAL_ARRAY(char, asres, 4096);
    StoreEntry *e;
    ASState *asState;
    asState = cbdataAlloc(ASState);
    asState->dataRead = 0;
    debugs(53, 3, "asnCacheStart: AS " << as);
    snprintf(asres, 4096, "whois://%s/!gAS%d", Config.as_whois_server, as);
    asState->as_number = as;
    asState->request = HttpRequest::CreateFromUrl(asres);
    assert(NULL != asState->request);
    HTTPMSGLOCK(asState->request);

    if ((e = storeGetPublic(asres, Http::METHOD_GET)) == NULL) {
        e = storeCreateEntry(asres, asres, RequestFlags(), Http::METHOD_GET);
        asState->sc = storeClientListAdd(e, asState);
        FwdState::fwdStart(Comm::ConnectionPointer(), e, asState->request);
    } else {

        e->lock();
        asState->sc = storeClientListAdd(e, asState);
    }

    asState->entry = e;
    asState->offset = 0;
    asState->reqofs = 0;
    StoreIOBuffer readBuffer (AS_REQBUF_SZ, asState->offset, asState->reqbuf);
    storeClientCopy(asState->sc,
                    e,
                    readBuffer,
                    asHandleReply,
                    asState);
}

static void
asHandleReply(void *data, StoreIOBuffer result)
{
    ASState *asState = (ASState *)data;
    StoreEntry *e = asState->entry;
    char *s;
    char *t;
    char *buf = asState->reqbuf;
    int leftoversz = -1;

    debugs(53, 3, "asHandleReply: Called with size=" << (unsigned int)result.length);
    debugs(53, 3, "asHandleReply: buffer='" << buf << "'");

    /* First figure out whether we should abort the request */

    if (EBIT_TEST(e->flags, ENTRY_ABORTED)) {
        asStateFree(asState);
        return;
    }

    if (result.length == 0 && asState->dataRead) {
        debugs(53, 3, "asHandleReply: Done: " << e->url()  );
        asStateFree(asState);
        return;
    } else if (result.flags.error) {
        debugs(53, DBG_IMPORTANT, "asHandleReply: Called with Error set and size=" << (unsigned int) result.length);
        asStateFree(asState);
        return;
    } else if (e->getReply()->sline.status() != Http::scOkay) {
        debugs(53, DBG_IMPORTANT, "WARNING: AS " << asState->as_number << " whois request failed");
        asStateFree(asState);
        return;
    }

    /*
     * Next, attempt to parse our request
     * Remembering that the actual buffer size is retsize + reqofs!
     */
    s = buf;

    while ((size_t)(s - buf) < result.length + asState->reqofs && *s != '\0') {
        while (*s && xisspace(*s))
            ++s;

        for (t = s; *t; ++t) {
            if (xisspace(*t))
                break;
        }

        if (*t == '\0') {
            /* oof, word should continue on next block */
            break;
        }

        *t = '\0';
        debugs(53, 3, "asHandleReply: AS# " << s << " (" << asState->as_number << ")");
        asnAddNet(s, asState->as_number);
        s = t + 1;
        asState->dataRead = 1;
    }

    /*
     * Next, grab the end of the 'valid data' in the buffer, and figure
     * out how much data is left in our buffer, which we need to keep
     * around for the next request
     */
    leftoversz = (asState->reqofs + result.length) - (s - buf);

    assert(leftoversz >= 0);

    /*
     * Next, copy the left over data, from s to s + leftoversz to the
     * beginning of the buffer
     */
    memmove(buf, s, leftoversz);

    /*
     * Next, update our offset and reqofs, and kick off a copy if required
     */
    asState->offset += result.length;

    asState->reqofs = leftoversz;

    debugs(53, 3, "asState->offset = " << asState->offset);

    if (e->store_status == STORE_PENDING) {
        debugs(53, 3, "asHandleReply: store_status == STORE_PENDING: " << e->url()  );
        StoreIOBuffer tempBuffer (AS_REQBUF_SZ - asState->reqofs,
                                  asState->offset,
                                  asState->reqbuf + asState->reqofs);
        storeClientCopy(asState->sc,
                        e,
                        tempBuffer,
                        asHandleReply,
                        asState);
    } else {
        StoreIOBuffer tempBuffer;
        debugs(53, 3, "asHandleReply: store complete, but data received " << e->url()  );
        tempBuffer.offset = asState->offset;
        tempBuffer.length = AS_REQBUF_SZ - asState->reqofs;
        tempBuffer.data = asState->reqbuf + asState->reqofs;
        storeClientCopy(asState->sc,
                        e,
                        tempBuffer,
                        asHandleReply,
                        asState);
    }
}

static void
asStateFree(void *data)
{
    ASState *asState = (ASState *)data;
    debugs(53, 3, "asnStateFree: " << asState->entry->url()  );
    storeUnregister(asState->sc, asState->entry, asState);
    asState->entry->unlock();
    HTTPMSGUNLOCK(asState->request);
    cbdataFree(asState);
}

/**
 * add a network (addr, mask) to the radix tree, with matching AS number
 */
static int
asnAddNet(char *as_string, int as_number)
{
    struct squid_radix_node *rn;
    CbDataList<int> **Tail = NULL;
    CbDataList<int> *q = NULL;
    as_info *asinfo = NULL;

    Ip::Address mask;
    Ip::Address addr;
    char *t;
    int bitl;

    t = strchr(as_string, '/');

    if (t == NULL) {
        debugs(53, 3, "asnAddNet: failed, invalid response from whois server.");
        return 0;
    }

    *t = '\0';
    addr = as_string;
    bitl = atoi(t + 1);

    if (bitl < 0)
        bitl = 0;

    // INET6 TODO : find a better way of identifying the base IPA family for mask than this.
    t = strchr(as_string, '.');

    // generate Netbits Format Mask
    mask.setNoAddr();
    mask.applyMask(bitl, (t!=NULL?AF_INET:AF_INET6) );

    debugs(53, 3, "asnAddNet: called for " << addr << "/" << mask );

    rtentry_t *e = (rtentry_t *)xcalloc(1, sizeof(rtentry_t));

    e->e_addr.addr = addr;

    e->e_mask.addr = mask;

    rn = squid_rn_lookup(&e->e_addr, &e->e_mask, AS_tree_head);

    if (rn != NULL) {
        asinfo = ((rtentry_t *) rn)->e_info;

        if (asinfo->as_number->find(as_number)) {
            debugs(53, 3, "asnAddNet: Ignoring repeated network '" << addr << "/" << bitl << "' for AS " << as_number);
        } else {
            debugs(53, 3, "asnAddNet: Warning: Found a network with multiple AS numbers!");

            for (Tail = &asinfo->as_number; *Tail; Tail = &(*Tail)->next);
            q = new CbDataList<int> (as_number);

            *(Tail) = q;

            e->e_info = asinfo;
        }
    } else {
        q = new CbDataList<int> (as_number);
        asinfo = (as_info *)xmalloc(sizeof(as_info));
        asinfo->as_number = q;
        squid_rn_addroute(&e->e_addr, &e->e_mask, AS_tree_head, e->e_nodes);
        rn = squid_rn_match(&e->e_addr, AS_tree_head);
        assert(rn != NULL);
        e->e_info = asinfo;
    }

    if (rn == 0) { 		/* assert might expand to nothing */
        xfree(asinfo);
        delete q;
        xfree(e);
        debugs(53, 3, "asnAddNet: Could not add entry.");
        return 0;
    }

    e->e_info = asinfo;
    return 1;
}

static int
destroyRadixNode(struct squid_radix_node *rn, void *w)
{

    struct squid_radix_node_head *rnh = (struct squid_radix_node_head *) w;

    if (rn && !(rn->rn_flags & RNF_ROOT)) {
        rtentry_t *e = (rtentry_t *) rn;
        rn = squid_rn_delete(rn->rn_key, rn->rn_mask, rnh);

        if (rn == 0)
            debugs(53, 3, "destroyRadixNode: internal screwup");

        destroyRadixNodeInfo(e->e_info);

        xfree(rn);
    }

    return 1;
}

static void
destroyRadixNodeInfo(as_info * e_info)
{
    CbDataList<int> *prev = NULL;
    CbDataList<int> *data = e_info->as_number;

    while (data) {
        prev = data;
        data = data->next;
        delete prev;
    }
}

static int
printRadixNode(struct squid_radix_node *rn, void *_sentry)
{
    StoreEntry *sentry = (StoreEntry *)_sentry;
    rtentry_t *e = (rtentry_t *) rn;
    CbDataList<int> *q;
    as_info *asinfo;
    char buf[MAX_IPSTRLEN];
    Ip::Address addr;
    Ip::Address mask;

    assert(e);
    assert(e->e_info);
    addr = e->e_addr.addr;
    mask = e->e_mask.addr;
    storeAppendPrintf(sentry, "%s/%d\t",
                      addr.toStr(buf, MAX_IPSTRLEN),
                      mask.cidr() );
    asinfo = e->e_info;
    assert(asinfo->as_number);

    for (q = asinfo->as_number; q; q = q->next)
        storeAppendPrintf(sentry, " %d", q->element);

    storeAppendPrintf(sentry, "\n");

    return 0;
}

ACLASN::~ACLASN()
{
    if (data)
        delete data;
}

bool

ACLASN::match(Ip::Address toMatch)
{
    return asnMatchIp(data, toMatch);
}

wordlist *
ACLASN::dump()
{
    wordlist *W = NULL;
    char buf[32];
    CbDataList<int> *ldata = data;

    while (ldata != NULL) {
        snprintf(buf, sizeof(buf), "%d", ldata->element);
        wordlistAdd(&W, buf);
        ldata = ldata->next;
    }

    return W;
}

bool
ACLASN::empty () const
{
    return data == NULL;
}

void
ACLASN::parse()
{
    CbDataList<int> **curlist = &data;
    CbDataList<int> **Tail;
    CbDataList<int> *q = NULL;
    char *t = NULL;

    for (Tail = curlist; *Tail; Tail = &((*Tail)->next));
    while ((t = strtokFile())) {
        q = new CbDataList<int> (atoi(t));
        *(Tail) = q;
        Tail = &q->next;
    }
}

ACLData<Ip::Address> *
ACLASN::clone() const
{
    if (data)
        fatal ("cloning of ACLASN not implemented");

    return new ACLASN(*this);
}

/* explicit template instantiation required for some systems */

template class ACLStrategised<Ip::Address>;

ACL::Prototype ACLASN::SourceRegistryProtoype(&ACLASN::SourceRegistryEntry_, "src_as");

ACLStrategised<Ip::Address> ACLASN::SourceRegistryEntry_(new ACLASN, ACLSourceASNStrategy::Instance(), "src_as");

ACL::Prototype ACLASN::DestinationRegistryProtoype(&ACLASN::DestinationRegistryEntry_, "dst_as");

ACLStrategised<Ip::Address> ACLASN::DestinationRegistryEntry_(new ACLASN, ACLDestinationASNStrategy::Instance(), "dst_as");

int
ACLSourceASNStrategy::match (ACLData<Ip::Address> * &data, ACLFilledChecklist *checklist, ACLFlags &)
{
    return data->match(checklist->src_addr);
}

ACLSourceASNStrategy *
ACLSourceASNStrategy::Instance()
{
    return &Instance_;
}

ACLSourceASNStrategy ACLSourceASNStrategy::Instance_;

int
ACLDestinationASNStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
{
    const ipcache_addrs *ia = ipcache_gethostbyname(checklist->request->GetHost(), IP_LOOKUP_IF_MISS);

    if (ia) {
        for (int k = 0; k < (int) ia->count; ++k) {
            if (data->match(ia->in_addrs[k]))
                return 1;
        }

        return 0;

    } else if (!checklist->request->flags.destinationIpLookedUp) {
        /* No entry in cache, lookup not attempted */
        debugs(28, 3, "asnMatchAcl: Can't yet compare '" << AclMatchedName << "' ACL for '" << checklist->request->GetHost() << "'");
        if (checklist->goAsync(DestinationIPLookup::Instance()))
            return -1;
        // else fall through to noaddr match, hiding the lookup failure (XXX)
    }
    Ip::Address noaddr;
    noaddr.setNoAddr();
    return data->match(noaddr);
}

ACLDestinationASNStrategy *
ACLDestinationASNStrategy::Instance()
{
    return &Instance_;
}

ACLDestinationASNStrategy ACLDestinationASNStrategy::Instance_;
Commit	Line	Data
445d18a4	1
3841dd46	2	/*
445d18a4 AJ	3	* DEBUG: section 53 AS Number handling
445d18a4 AJ	4	* AUTHOR: Duane Wessels, Kostas Anagnostakis
3841dd46	5	*
	6	* SQUID Web Proxy Cache http://www.squid-cache.org/
	7	* ----------------------------------------------------------
	8	*
	9	* Squid is the result of efforts by numerous individuals from
	10	* the Internet community; see the CONTRIBUTORS file for full
	11	* details. Many organizations have provided support for Squid's
	12	* development; see the SPONSORS file for full details. Squid is
	13	* Copyrighted (C) 2001 by the Regents of the University of
	14	* California; see the COPYRIGHT file for full details. Squid
	15	* incorporates software developed and/or copyrighted by other
	16	* sources; see the CREDITS file for full details.
	17	*
	18	* This program is free software; you can redistribute it and/or modify
	19	* it under the terms of the GNU General Public License as published by
	20	* the Free Software Foundation; either version 2 of the License, or
	21	* (at your option) any later version.
26ac0430	22	*
3841dd46	23	* This program is distributed in the hope that it will be useful,
	24	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	25	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	26	* GNU General Public License for more details.
26ac0430	27	*
3841dd46	28	* You should have received a copy of the GNU General Public License
	29	* along with this program; if not, write to the Free Software
	30	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
	31	*
3841dd46	32	*/
3841dd46	33
582c2af2	34	#include "squid.h"
445d18a4	35	#include "acl/Acl.h"
3ad63615 AR	36	#include "acl/Asn.h"
3ad63615 AR	37	#include "acl/Checklist.h"
445d18a4 AJ	38	#include "acl/DestinationAsn.h"
445d18a4 AJ	39	#include "acl/DestinationIp.h"
f206b652	40	#include "acl/SourceAsn.h"
06390e4b	41	#include "cache_cf.h"
eb13c21e	42	#include "FwdState.h"
445d18a4	43	#include "HttpReply.h"
f206b652	44	#include "HttpRequest.h"
714e68b7	45	#include "ipcache.h"
f206b652 FC	46	#include "mgr/Registration.h"
	47	#include "radix.h"
	48	#include "RequestFlags.h"
4d5904f7	49	#include "SquidConfig.h"
f206b652 FC	50	#include "Store.h"
f206b652 FC	51	#include "StoreClient.h"
e87137f1	52	#include "StoreClient.h"
445d18a4 AJ	53	#include "wordlist.h"
	54
	55	#define WHOIS_PORT 43
	56	#define AS_REQBUF_SZ 4096
	57
	58	/* BEGIN of definitions for radix tree entries */
	59
445d18a4 AJ	60	/* 32/128 bits address in memory with length */
	61	class m_ADDR
	62	{
	63	public:
	64	uint8_t len;
b7ac5457	65	Ip::Address addr;
445d18a4	66
b7ac5457	67	m_ADDR() : len(sizeof(Ip::Address)) {};
445d18a4 AJ	68	};
	69
	70	/* END of definitions for radix tree entries */
	71
	72	/* Head for ip to asn radix tree */
	73
	74	struct squid_radix_node_head *AS_tree_head;
	75
	76	/* explicit instantiation required for some systems */
	77
	78	/// \cond AUTODOCS-IGNORE
	79	template cbdata_type CbDataList<int>::CBDATA_CbDataList;
	80	/// \endcond
	81
	82	/**
	83	* Structure for as number information. it could be simply
	84	* a list but it's coded as a structure for future
	85	* enhancements (e.g. expires)
	86	*/
	87	struct as_info {
	88	CbDataList<int> *as_number;
	89	time_t expires; /* NOTUSED */
	90	};
	91
	92	struct ASState {
	93	StoreEntry *entry;
	94	store_client *sc;
	95	HttpRequest *request;
	96	int as_number;
	97	int64_t offset;
	98	int reqofs;
	99	char reqbuf[AS_REQBUF_SZ];
	100	bool dataRead;
	101	};
	102
	103	/** entry into the radix tree */
	104	struct rtentry_t {
	105	struct squid_radix_node e_nodes[2];
	106	as_info *e_info;
	107	m_ADDR e_addr;
	108	m_ADDR e_mask;
	109	};
	110
	111	static int asnAddNet(char *, int);
	112
	113	static void asnCacheStart(int as);
	114
	115	static STCB asHandleReply;
	116
062e0b16 FC	117	#if defined(__cplusplus)
	118	extern "C" {
	119	#endif
	120
182fbea5 A	121	static int destroyRadixNode(struct squid_radix_node rn, void w);
182fbea5 A	122	static int printRadixNode(struct squid_radix_node rn, void sentry);
445d18a4	123
062e0b16 FC	124	#if defined(__cplusplus)
	125	}
	126	#endif
	127
445d18a4 AJ	128	void asnAclInitialize(ACL * acls);
	129
	130	static void asStateFree(void *data);
	131
	132	static void destroyRadixNodeInfo(as_info *);
	133
	134	static OBJH asnStats;
	135
	136	/* PUBLIC */
	137
	138	int
b7ac5457	139	asnMatchIp(CbDataList<int> *data, Ip::Address &addr)
445d18a4 AJ	140	{
	141	struct squid_radix_node *rn;
	142	as_info *e;
	143	m_ADDR m_addr;
	144	CbDataList<int> *a = NULL;
	145	CbDataList<int> *b = NULL;
	146
	147	debugs(53, 3, "asnMatchIp: Called for " << addr );
	148
	149	if (AS_tree_head == NULL)
	150	return 0;
	151
4dd643d5	152	if (addr.isNoAddr())
445d18a4 AJ	153	return 0;
445d18a4 AJ	154
4dd643d5	155	if (addr.isAnyAddr())
445d18a4 AJ	156	return 0;
	157
	158	m_addr.addr = addr;
	159
	160	rn = squid_rn_match(&m_addr, AS_tree_head);
	161
	162	if (rn == NULL) {
	163	debugs(53, 3, "asnMatchIp: Address not in as db.");
	164	return 0;
	165	}
	166
	167	debugs(53, 3, "asnMatchIp: Found in db!");
	168	e = ((rtentry_t *) rn)->e_info;
	169	assert(e);
	170
	171	for (a = data; a; a = a->next)
	172	for (b = e->as_number; b; b = b->next)
	173	if (a->element == b->element) {
	174	debugs(53, 5, "asnMatchIp: Found a match!");
	175	return 1;
	176	}
	177
	178	debugs(53, 5, "asnMatchIp: AS not in as db.");
	179	return 0;
	180	}
	181
	182	void
	183	ACLASN::prepareForUse()
	184	{
	185	for (CbDataList<int> *i = data; i; i = i->
	186	next)
	187	asnCacheStart(i->element);
	188	}
	189
	190	static void
	191	asnRegisterWithCacheManager(void)
	192	{
8822ebee	193	Mgr::RegisterAction("asndb", "AS Number Database", asnStats, 0, 1);
445d18a4 AJ	194	}
	195
	196	/* initialize the radix tree structure */
	197
	198	SQUIDCEXTERN int squid_max_keylen; /* yuck.. this is in lib/radix.c */
	199
	200	CBDATA_TYPE(ASState);
	201	void
	202	asnInit(void)
	203	{
742a021b	204	static bool inited = false;
445d18a4 AJ	205	squid_max_keylen = 40;
	206	CBDATA_INIT_TYPE(ASState);
	207
742a021b FC	208	if (!inited) {
742a021b FC	209	inited = true;
445d18a4	210	squid_rn_init();
742a021b	211	}
445d18a4 AJ	212
	213	squid_rn_inithead(&AS_tree_head, 8);
	214
	215	asnRegisterWithCacheManager();
	216	}
	217
	218	void
	219	asnFreeMemory(void)
	220	{
	221	squid_rn_walktree(AS_tree_head, destroyRadixNode, AS_tree_head);
	222
	223	destroyRadixNode((struct squid_radix_node ) 0, (void ) AS_tree_head);
	224	}
	225
	226	static void
	227	asnStats(StoreEntry * sentry)
	228	{
	229	storeAppendPrintf(sentry, "Address \tAS Numbers\n");
	230	squid_rn_walktree(AS_tree_head, printRadixNode, sentry);
	231	}
	232
	233	/* PRIVATE */
	234
445d18a4 AJ	235	static void
	236	asnCacheStart(int as)
	237	{
	238	LOCAL_ARRAY(char, asres, 4096);
	239	StoreEntry *e;
445d18a4 AJ	240	ASState *asState;
	241	asState = cbdataAlloc(ASState);
	242	asState->dataRead = 0;
	243	debugs(53, 3, "asnCacheStart: AS " << as);
	244	snprintf(asres, 4096, "whois://%s/!gAS%d", Config.as_whois_server, as);
	245	asState->as_number = as;
b248c2a3 AJ	246	asState->request = HttpRequest::CreateFromUrl(asres);
	247	assert(NULL != asState->request);
	248	HTTPMSGLOCK(asState->request);
445d18a4	249
c2a7cefd AJ	250	if ((e = storeGetPublic(asres, Http::METHOD_GET)) == NULL) {
c2a7cefd AJ	251	e = storeCreateEntry(asres, asres, RequestFlags(), Http::METHOD_GET);
445d18a4	252	asState->sc = storeClientListAdd(e, asState);
e83cc785	253	FwdState::fwdStart(Comm::ConnectionPointer(), e, asState->request);
445d18a4 AJ	254	} else {
	255
	256	e->lock();
	257	asState->sc = storeClientListAdd(e, asState);
	258	}
	259
	260	asState->entry = e;
	261	asState->offset = 0;
	262	asState->reqofs = 0;
	263	StoreIOBuffer readBuffer (AS_REQBUF_SZ, asState->offset, asState->reqbuf);
	264	storeClientCopy(asState->sc,
	265	e,
	266	readBuffer,
	267	asHandleReply,
	268	asState);
	269	}
	270
	271	static void
	272	asHandleReply(void *data, StoreIOBuffer result)
	273	{
	274	ASState asState = (ASState )data;
	275	StoreEntry *e = asState->entry;
	276	char *s;
	277	char *t;
	278	char *buf = asState->reqbuf;
	279	int leftoversz = -1;
	280
	281	debugs(53, 3, "asHandleReply: Called with size=" << (unsigned int)result.length);
	282	debugs(53, 3, "asHandleReply: buffer='" << buf << "'");
	283
	284	/* First figure out whether we should abort the request */
	285
	286	if (EBIT_TEST(e->flags, ENTRY_ABORTED)) {
	287	asStateFree(asState);
	288	return;
	289	}
	290
	291	if (result.length == 0 && asState->dataRead) {
	292	debugs(53, 3, "asHandleReply: Done: " << e->url() );
	293	asStateFree(asState);
	294	return;
	295	} else if (result.flags.error) {
e0236918	296	debugs(53, DBG_IMPORTANT, "asHandleReply: Called with Error set and size=" << (unsigned int) result.length);
445d18a4 AJ	297	asStateFree(asState);
445d18a4 AJ	298	return;
9b769c67	299	} else if (e->getReply()->sline.status() != Http::scOkay) {
e0236918	300	debugs(53, DBG_IMPORTANT, "WARNING: AS " << asState->as_number << " whois request failed");
445d18a4 AJ	301	asStateFree(asState);
	302	return;
	303	}
	304
	305	/*
	306	* Next, attempt to parse our request
	307	* Remembering that the actual buffer size is retsize + reqofs!
	308	*/
	309	s = buf;
	310
	311	while ((size_t)(s - buf) < result.length + asState->reqofs && *s != '\0') {
	312	while (s && xisspace(s))
742a021b	313	++s;
445d18a4	314
742a021b	315	for (t = s; *t; ++t) {
445d18a4 AJ	316	if (xisspace(*t))
	317	break;
	318	}
	319
	320	if (*t == '\0') {
	321	/* oof, word should continue on next block */
	322	break;
	323	}
	324
	325	*t = '\0';
	326	debugs(53, 3, "asHandleReply: AS# " << s << " (" << asState->as_number << ")");
	327	asnAddNet(s, asState->as_number);
	328	s = t + 1;
	329	asState->dataRead = 1;
	330	}
	331
	332	/*
	333	* Next, grab the end of the 'valid data' in the buffer, and figure
	334	* out how much data is left in our buffer, which we need to keep
	335	* around for the next request
	336	*/
	337	leftoversz = (asState->reqofs + result.length) - (s - buf);
	338
	339	assert(leftoversz >= 0);
	340
	341	/*
	342	* Next, copy the left over data, from s to s + leftoversz to the
	343	* beginning of the buffer
	344	*/
41d00cd3	345	memmove(buf, s, leftoversz);
445d18a4 AJ	346
	347	/*
	348	* Next, update our offset and reqofs, and kick off a copy if required
	349	*/
	350	asState->offset += result.length;
	351
	352	asState->reqofs = leftoversz;
	353
	354	debugs(53, 3, "asState->offset = " << asState->offset);
	355
	356	if (e->store_status == STORE_PENDING) {
	357	debugs(53, 3, "asHandleReply: store_status == STORE_PENDING: " << e->url() );
	358	StoreIOBuffer tempBuffer (AS_REQBUF_SZ - asState->reqofs,
	359	asState->offset,
	360	asState->reqbuf + asState->reqofs);
	361	storeClientCopy(asState->sc,
	362	e,
	363	tempBuffer,
	364	asHandleReply,
	365	asState);
	366	} else {
	367	StoreIOBuffer tempBuffer;
	368	debugs(53, 3, "asHandleReply: store complete, but data received " << e->url() );
	369	tempBuffer.offset = asState->offset;
	370	tempBuffer.length = AS_REQBUF_SZ - asState->reqofs;
	371	tempBuffer.data = asState->reqbuf + asState->reqofs;
	372	storeClientCopy(asState->sc,
	373	e,
	374	tempBuffer,
	375	asHandleReply,
	376	asState);
	377	}
	378	}
	379
	380	static void
	381	asStateFree(void *data)
	382	{
	383	ASState asState = (ASState )data;
	384	debugs(53, 3, "asnStateFree: " << asState->entry->url() );
	385	storeUnregister(asState->sc, asState->entry, asState);
	386	asState->entry->unlock();
	387	HTTPMSGUNLOCK(asState->request);
	388	cbdataFree(asState);
	389	}
	390
445d18a4 AJ	391	/**
	392	* add a network (addr, mask) to the radix tree, with matching AS number
	393	*/
	394	static int
	395	asnAddNet(char *as_string, int as_number)
	396	{
445d18a4 AJ	397	struct squid_radix_node *rn;
	398	CbDataList<int> **Tail = NULL;
	399	CbDataList<int> *q = NULL;
	400	as_info *asinfo = NULL;
	401
b7ac5457 AJ	402	Ip::Address mask;
b7ac5457 AJ	403	Ip::Address addr;
445d18a4 AJ	404	char *t;
	405	int bitl;
	406
	407	t = strchr(as_string, '/');
	408
	409	if (t == NULL) {
	410	debugs(53, 3, "asnAddNet: failed, invalid response from whois server.");
	411	return 0;
	412	}
	413
	414	*t = '\0';
	415	addr = as_string;
	416	bitl = atoi(t + 1);
	417
	418	if (bitl < 0)
	419	bitl = 0;
	420
	421	// INET6 TODO : find a better way of identifying the base IPA family for mask than this.
	422	t = strchr(as_string, '.');
	423
	424	// generate Netbits Format Mask
4dd643d5 AJ	425	mask.setNoAddr();
4dd643d5 AJ	426	mask.applyMask(bitl, (t!=NULL?AF_INET:AF_INET6) );
445d18a4 AJ	427
	428	debugs(53, 3, "asnAddNet: called for " << addr << "/" << mask );
	429
726904ad	430	rtentry_t e = (rtentry_t )xcalloc(1, sizeof(rtentry_t));
445d18a4 AJ	431
	432	e->e_addr.addr = addr;
	433
	434	e->e_mask.addr = mask;
	435
	436	rn = squid_rn_lookup(&e->e_addr, &e->e_mask, AS_tree_head);
	437
	438	if (rn != NULL) {
	439	asinfo = ((rtentry_t *) rn)->e_info;
	440
	441	if (asinfo->as_number->find(as_number)) {
	442	debugs(53, 3, "asnAddNet: Ignoring repeated network '" << addr << "/" << bitl << "' for AS " << as_number);
	443	} else {
	444	debugs(53, 3, "asnAddNet: Warning: Found a network with multiple AS numbers!");
	445
	446	for (Tail = &asinfo->as_number; Tail; Tail = &(Tail)->next);
	447	q = new CbDataList<int> (as_number);
	448
	449	*(Tail) = q;
	450
	451	e->e_info = asinfo;
	452	}
	453	} else {
	454	q = new CbDataList<int> (as_number);
	455	asinfo = (as_info *)xmalloc(sizeof(as_info));
	456	asinfo->as_number = q;
58ff1033	457	squid_rn_addroute(&e->e_addr, &e->e_mask, AS_tree_head, e->e_nodes);
445d18a4 AJ	458	rn = squid_rn_match(&e->e_addr, AS_tree_head);
	459	assert(rn != NULL);
	460	e->e_info = asinfo;
	461	}
	462
	463	if (rn == 0) { /* assert might expand to nothing */
	464	xfree(asinfo);
	465	delete q;
	466	xfree(e);
	467	debugs(53, 3, "asnAddNet: Could not add entry.");
	468	return 0;
	469	}
	470
	471	e->e_info = asinfo;
	472	return 1;
	473	}
	474
	475	static int
	476	destroyRadixNode(struct squid_radix_node rn, void w)
	477	{
	478
	479	struct squid_radix_node_head rnh = (struct squid_radix_node_head ) w;
	480
	481	if (rn && !(rn->rn_flags & RNF_ROOT)) {
	482	rtentry_t e = (rtentry_t ) rn;
	483	rn = squid_rn_delete(rn->rn_key, rn->rn_mask, rnh);
	484
	485	if (rn == 0)
	486	debugs(53, 3, "destroyRadixNode: internal screwup");
	487
	488	destroyRadixNodeInfo(e->e_info);
	489
	490	xfree(rn);
	491	}
	492
	493	return 1;
	494	}
	495
	496	static void
	497	destroyRadixNodeInfo(as_info * e_info)
	498	{
	499	CbDataList<int> *prev = NULL;
	500	CbDataList<int> *data = e_info->as_number;
	501
	502	while (data) {
	503	prev = data;
	504	data = data->next;
	505	delete prev;
	506	}
445d18a4 AJ	507	}
	508
	509	static int
	510	printRadixNode(struct squid_radix_node rn, void _sentry)
	511	{
	512	StoreEntry sentry = (StoreEntry )_sentry;
	513	rtentry_t e = (rtentry_t ) rn;
	514	CbDataList<int> *q;
	515	as_info *asinfo;
	516	char buf[MAX_IPSTRLEN];
b7ac5457 AJ	517	Ip::Address addr;
b7ac5457 AJ	518	Ip::Address mask;
445d18a4 AJ	519
	520	assert(e);
	521	assert(e->e_info);
	522	addr = e->e_addr.addr;
	523	mask = e->e_mask.addr;
	524	storeAppendPrintf(sentry, "%s/%d\t",
4dd643d5 AJ	525	addr.toStr(buf, MAX_IPSTRLEN),
4dd643d5 AJ	526	mask.cidr() );
445d18a4 AJ	527	asinfo = e->e_info;
	528	assert(asinfo->as_number);
	529
	530	for (q = asinfo->as_number; q; q = q->next)
	531	storeAppendPrintf(sentry, " %d", q->element);
	532
	533	storeAppendPrintf(sentry, "\n");
	534
	535	return 0;
	536	}
	537
	538	ACLASN::~ACLASN()
	539	{
	540	if (data)
	541	delete data;
	542	}
	543
	544	bool
	545
b7ac5457	546	ACLASN::match(Ip::Address toMatch)
445d18a4 AJ	547	{
	548	return asnMatchIp(data, toMatch);
	549	}
	550
	551	wordlist *
	552	ACLASN::dump()
	553	{
	554	wordlist *W = NULL;
	555	char buf[32];
	556	CbDataList<int> *ldata = data;
	557
	558	while (ldata != NULL) {
	559	snprintf(buf, sizeof(buf), "%d", ldata->element);
	560	wordlistAdd(&W, buf);
	561	ldata = ldata->next;
	562	}
	563
	564	return W;
	565	}
	566
	567	bool
	568	ACLASN::empty () const
	569	{
	570	return data == NULL;
	571	}
	572
	573	void
	574	ACLASN::parse()
	575	{
	576	CbDataList<int> **curlist = &data;
	577	CbDataList<int> **Tail;
	578	CbDataList<int> *q = NULL;
	579	char *t = NULL;
	580
	581	for (Tail = curlist; Tail; Tail = &((Tail)->next));
	582	while ((t = strtokFile())) {
	583	q = new CbDataList<int> (atoi(t));
	584	*(Tail) = q;
	585	Tail = &q->next;
	586	}
	587	}
	588
b7ac5457	589	ACLData<Ip::Address> *
445d18a4 AJ	590	ACLASN::clone() const
	591	{
	592	if (data)
	593	fatal ("cloning of ACLASN not implemented");
	594
	595	return new ACLASN(*this);
	596	}
	597
	598	/* explicit template instantiation required for some systems */
	599
b7ac5457	600	template class ACLStrategised<Ip::Address>;
445d18a4 AJ	601
	602	ACL::Prototype ACLASN::SourceRegistryProtoype(&ACLASN::SourceRegistryEntry_, "src_as");
	603
b7ac5457	604	ACLStrategised<Ip::Address> ACLASN::SourceRegistryEntry_(new ACLASN, ACLSourceASNStrategy::Instance(), "src_as");
445d18a4 AJ	605
	606	ACL::Prototype ACLASN::DestinationRegistryProtoype(&ACLASN::DestinationRegistryEntry_, "dst_as");
	607
b7ac5457	608	ACLStrategised<Ip::Address> ACLASN::DestinationRegistryEntry_(new ACLASN, ACLDestinationASNStrategy::Instance(), "dst_as");
445d18a4 AJ	609
445d18a4 AJ	610	int
33810b1d	611	ACLSourceASNStrategy::match (ACLData<Ip::Address> * &data, ACLFilledChecklist *checklist, ACLFlags &)
445d18a4 AJ	612	{
	613	return data->match(checklist->src_addr);
	614	}
	615
	616	ACLSourceASNStrategy *
	617	ACLSourceASNStrategy::Instance()
	618	{
	619	return &Instance_;
	620	}
	621
	622	ACLSourceASNStrategy ACLSourceASNStrategy::Instance_;
	623
445d18a4	624	int
33810b1d	625	ACLDestinationASNStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist, ACLFlags &)
445d18a4 AJ	626	{
	627	const ipcache_addrs *ia = ipcache_gethostbyname(checklist->request->GetHost(), IP_LOOKUP_IF_MISS);
	628
	629	if (ia) {
742a021b	630	for (int k = 0; k < (int) ia->count; ++k) {
445d18a4 AJ	631	if (data->match(ia->in_addrs[k]))
	632	return 1;
	633	}
	634
	635	return 0;
	636
450fe1cb	637	} else if (!checklist->request->flags.destinationIpLookedUp) {
445d18a4	638	/* No entry in cache, lookup not attempted */
0160be3b	639	debugs(28, 3, "asnMatchAcl: Can't yet compare '" << AclMatchedName << "' ACL for '" << checklist->request->GetHost() << "'");
6f58d7d7 AR	640	if (checklist->goAsync(DestinationIPLookup::Instance()))
	641	return -1;
	642	// else fall through to noaddr match, hiding the lookup failure (XXX)
	643	}
e936c41c	644	Ip::Address noaddr;
4dd643d5	645	noaddr.setNoAddr();
e936c41c	646	return data->match(noaddr);
445d18a4 AJ	647	}
	648
	649	ACLDestinationASNStrategy *
	650	ACLDestinationASNStrategy::Instance()
	651	{
	652	return &Instance_;
	653	}
3841dd46	654
445d18a4	655	ACLDestinationASNStrategy ACLDestinationASNStrategy::Instance_;