2 * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 /* DEBUG: section 28 Access Control */
16 #include "acl/FilledChecklist.h"
19 #include "eui/Eui48.h"
21 #include "ip/Address.h"
23 static void aclParseArpList(SplayNode
<Eui::Eui48
*> **curlist
);
24 static int aclMatchArp(SplayNode
<Eui::Eui48
*> **dataptr
, Ip::Address
&c
);
25 static SplayNode
<Eui::Eui48
*>::SPLAYCMP aclArpCompare
;
26 static SplayNode
<Eui::Eui48
*>::SPLAYWALKEE aclDumpArpListWalkee
;
31 return new ACLARP(*this);
34 ACLARP::ACLARP (char const *theClass
) : data (NULL
), class_ (theClass
)
37 ACLARP::ACLARP (ACLARP
const & old
) : data (NULL
), class_ (old
.class_
)
39 /* we don't have copy constructors for the data yet */
46 data
->destroy(SplayNode
<Eui::Eui48
*>::DefaultFree
);
50 ACLARP::typeString() const
56 ACLARP::empty () const
61 /* ==== BEGIN ARP ACL SUPPORT ============================================= */
64 * From: dale@server.ctam.bitmcnit.bryansk.su (Dale)
65 * To: wessels@nlanr.net
66 * Subject: Another Squid patch... :)
67 * Date: Thu, 04 Dec 1997 19:55:01 +0300
68 * ============================================================================
70 * Working on setting up a proper firewall for a network containing some
71 * Win'95 computers at our Univ, I've discovered that some smart students
72 * avoid the restrictions easily just changing their IP addresses in Win'95
73 * Contol Panel... It has been getting boring, so I took Squid-1.1.18
74 * sources and added a new acl type for hard-wired access control:
76 * acl <name> arp <Ethernet address> ...
80 * acl students arp 00:00:21:55:ed:22 00:00:21:ff:55:38
82 * NOTE: Linux code by David Luyer <luyer@ucs.uwa.edu.au>.
83 * Original (BSD-specific) code no longer works.
84 * Solaris code by R. Gancarz <radekg@solaris.elektrownia-lagisza.com.pl>
88 aclParseArpData(const char *t
)
91 Eui::Eui48
*q
= new Eui::Eui48
;
92 debugs(28, 5, "aclParseArpData: " << t
);
94 if (sscanf(t
, "%[0-9a-fA-F:]", buf
) != 1) {
95 debugs(28, DBG_CRITICAL
, "aclParseArpData: Bad ethernet address: '" << t
<< "'");
100 if (!q
->decode(buf
)) {
101 debugs(28, DBG_CRITICAL
, "" << cfg_filename
<< " line " << config_lineno
<< ": " << config_input_line
);
102 debugs(28, DBG_CRITICAL
, "aclParseArpData: Ignoring invalid ARP acl entry: can't parse '" << buf
<< "'");
110 /*******************/
111 /* aclParseArpList */
112 /*******************/
116 aclParseArpList(&data
);
120 aclParseArpList(SplayNode
<Eui::Eui48
*> **curlist
)
123 SplayNode
<Eui::Eui48
*> **Top
= curlist
;
124 Eui::Eui48
*q
= NULL
;
126 while ((t
= strtokFile())) {
127 if ((q
= aclParseArpData(t
)) == NULL
)
130 *Top
= (*Top
)->insert(q
, aclArpCompare
);
135 ACLARP::match(ACLChecklist
*cl
)
137 ACLFilledChecklist
*checklist
= Filled(cl
);
139 /* IPv6 does not do ARP */
140 if (!checklist
->src_addr
.isIPv4()) {
141 debugs(14, 3, "ACLARP::match: IPv4 Required for ARP Lookups. Skipping " << checklist
->src_addr
);
145 return aclMatchArp(&data
, checklist
->src_addr
);
152 aclMatchArp(SplayNode
<Eui::Eui48
*> **dataptr
, Ip::Address
&c
)
155 SplayNode
<Eui::Eui48
*> **Top
= dataptr
;
157 if (result
.lookup(c
)) {
158 /* Do ACL match lookup */
159 *Top
= (*Top
)->splay(&result
, aclArpCompare
);
160 debugs(28, 3, "aclMatchArp: '" << c
<< "' " << (splayLastResult
? "NOT found" : "found"));
161 return (0 == splayLastResult
);
165 * Address was not found on any interface
167 debugs(28, 3, "aclMatchArp: " << c
<< " NOT found");
172 aclArpCompare(Eui::Eui48
* const &a
, Eui::Eui48
* const &b
)
174 return memcmp(a
, b
, sizeof(Eui::Eui48
));
178 aclDumpArpListWalkee(Eui::Eui48
* const &node
, void *state
)
181 node
->encode(buf
, 48);
182 static_cast<SBufList
*>(state
)->push_back(SBuf(buf
));
189 data
->walk(aclDumpArpListWalkee
, &sl
);
193 /* ==== END ARP ACL SUPPORT =============================================== */
195 #endif /* USE_SQUID_EUI */