2 * Copyright (C) 1996-2014 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 /* DEBUG: section 53 AS Number handling */
14 #include "acl/Checklist.h"
15 #include "acl/DestinationAsn.h"
16 #include "acl/DestinationIp.h"
17 #include "acl/SourceAsn.h"
20 #include "HttpReply.h"
21 #include "HttpRequest.h"
23 #include "mgr/Registration.h"
25 #include "RequestFlags.h"
26 #include "SquidConfig.h"
28 #include "StoreClient.h"
29 #include "StoreClient.h"
32 #define AS_REQBUF_SZ 4096
34 /* BEGIN of definitions for radix tree entries */
36 /* 32/128 bits address in memory with length */
43 m_ADDR() : len(sizeof(Ip::Address
)) {};
46 /* END of definitions for radix tree entries */
48 /* Head for ip to asn radix tree */
50 struct squid_radix_node_head
*AS_tree_head
;
52 /* explicit instantiation required for some systems */
54 /// \cond AUTODOCS_IGNORE
55 template cbdata_type CbDataList
<int>::CBDATA_CbDataList
;
59 * Structure for as number information. it could be simply
60 * a list but it's coded as a structure for future
61 * enhancements (e.g. expires)
64 CbDataList
<int> *as_number
;
65 time_t expires
; /* NOTUSED */
70 CBDATA_CLASS(ASState
);
78 HttpRequest::Pointer request
;
82 char reqbuf
[AS_REQBUF_SZ
];
86 CBDATA_CLASS_INIT(ASState
);
97 memset(reqbuf
, 0, AS_REQBUF_SZ
);
102 debugs(53, 3, entry
->url());
103 storeUnregister(sc
, entry
, this);
104 entry
->unlock("~ASState");
107 /** entry into the radix tree */
109 struct squid_radix_node e_nodes
[2];
115 static int asnAddNet(char *, int);
117 static void asnCacheStart(int as
);
119 static STCB asHandleReply
;
121 #if defined(__cplusplus)
125 static int destroyRadixNode(struct squid_radix_node
*rn
, void *w
);
126 static int printRadixNode(struct squid_radix_node
*rn
, void *sentry
);
128 #if defined(__cplusplus)
132 void asnAclInitialize(ACL
* acls
);
134 static void destroyRadixNodeInfo(as_info
*);
136 static OBJH asnStats
;
141 asnMatchIp(CbDataList
<int> *data
, Ip::Address
&addr
)
143 struct squid_radix_node
*rn
;
146 CbDataList
<int> *a
= NULL
;
147 CbDataList
<int> *b
= NULL
;
149 debugs(53, 3, "asnMatchIp: Called for " << addr
);
151 if (AS_tree_head
== NULL
)
157 if (addr
.isAnyAddr())
162 rn
= squid_rn_match(&m_addr
, AS_tree_head
);
165 debugs(53, 3, "asnMatchIp: Address not in as db.");
169 debugs(53, 3, "asnMatchIp: Found in db!");
170 e
= ((rtentry_t
*) rn
)->e_info
;
173 for (a
= data
; a
; a
= a
->next
)
174 for (b
= e
->as_number
; b
; b
= b
->next
)
175 if (a
->element
== b
->element
) {
176 debugs(53, 5, "asnMatchIp: Found a match!");
180 debugs(53, 5, "asnMatchIp: AS not in as db.");
185 ACLASN::prepareForUse()
187 for (CbDataList
<int> *i
= data
; i
; i
= i
->
189 asnCacheStart(i
->element
);
193 asnRegisterWithCacheManager(void)
195 Mgr::RegisterAction("asndb", "AS Number Database", asnStats
, 0, 1);
198 /* initialize the radix tree structure */
200 SQUIDCEXTERN
int squid_max_keylen
; /* yuck.. this is in lib/radix.c */
205 static bool inited
= false;
206 squid_max_keylen
= 40;
213 squid_rn_inithead(&AS_tree_head
, 8);
215 asnRegisterWithCacheManager();
221 squid_rn_walktree(AS_tree_head
, destroyRadixNode
, AS_tree_head
);
223 destroyRadixNode((struct squid_radix_node
*) 0, (void *) AS_tree_head
);
227 asnStats(StoreEntry
* sentry
)
229 storeAppendPrintf(sentry
, "Address \tAS Numbers\n");
230 squid_rn_walktree(AS_tree_head
, printRadixNode
, sentry
);
236 asnCacheStart(int as
)
238 LOCAL_ARRAY(char, asres
, 4096);
240 ASState
*asState
= new ASState
;
241 debugs(53, 3, "AS " << as
);
242 snprintf(asres
, 4096, "whois://%s/!gAS%d", Config
.as_whois_server
, as
);
243 asState
->as_number
= as
;
244 asState
->request
= HttpRequest::CreateFromUrl(asres
);
245 assert(asState
->request
!= NULL
);
247 if ((e
= storeGetPublic(asres
, Http::METHOD_GET
)) == NULL
) {
248 e
= storeCreateEntry(asres
, asres
, RequestFlags(), Http::METHOD_GET
);
249 asState
->sc
= storeClientListAdd(e
, asState
);
250 FwdState::fwdStart(Comm::ConnectionPointer(), e
, asState
->request
.getRaw());
253 asState
->sc
= storeClientListAdd(e
, asState
);
257 StoreIOBuffer
readBuffer (AS_REQBUF_SZ
, asState
->offset
, asState
->reqbuf
);
258 storeClientCopy(asState
->sc
, e
, readBuffer
, asHandleReply
, asState
);
262 asHandleReply(void *data
, StoreIOBuffer result
)
264 ASState
*asState
= (ASState
*)data
;
265 StoreEntry
*e
= asState
->entry
;
268 char *buf
= asState
->reqbuf
;
271 debugs(53, 3, "asHandleReply: Called with size=" << (unsigned int)result
.length
);
272 debugs(53, 3, "asHandleReply: buffer='" << buf
<< "'");
274 /* First figure out whether we should abort the request */
276 if (EBIT_TEST(e
->flags
, ENTRY_ABORTED
)) {
281 if (result
.length
== 0 && asState
->dataRead
) {
282 debugs(53, 3, "asHandleReply: Done: " << e
->url());
285 } else if (result
.flags
.error
) {
286 debugs(53, DBG_IMPORTANT
, "asHandleReply: Called with Error set and size=" << (unsigned int) result
.length
);
289 } else if (e
->getReply()->sline
.status() != Http::scOkay
) {
290 debugs(53, DBG_IMPORTANT
, "WARNING: AS " << asState
->as_number
<< " whois request failed");
296 * Next, attempt to parse our request
297 * Remembering that the actual buffer size is retsize + reqofs!
301 while ((size_t)(s
- buf
) < result
.length
+ asState
->reqofs
&& *s
!= '\0') {
302 while (*s
&& xisspace(*s
))
305 for (t
= s
; *t
; ++t
) {
311 /* oof, word should continue on next block */
316 debugs(53, 3, "asHandleReply: AS# " << s
<< " (" << asState
->as_number
<< ")");
317 asnAddNet(s
, asState
->as_number
);
319 asState
->dataRead
= true;
323 * Next, grab the end of the 'valid data' in the buffer, and figure
324 * out how much data is left in our buffer, which we need to keep
325 * around for the next request
327 leftoversz
= (asState
->reqofs
+ result
.length
) - (s
- buf
);
329 assert(leftoversz
>= 0);
332 * Next, copy the left over data, from s to s + leftoversz to the
333 * beginning of the buffer
335 memmove(buf
, s
, leftoversz
);
338 * Next, update our offset and reqofs, and kick off a copy if required
340 asState
->offset
+= result
.length
;
342 asState
->reqofs
= leftoversz
;
344 debugs(53, 3, "asState->offset = " << asState
->offset
);
346 if (e
->store_status
== STORE_PENDING
) {
347 debugs(53, 3, "asHandleReply: store_status == STORE_PENDING: " << e
->url() );
348 StoreIOBuffer
tempBuffer (AS_REQBUF_SZ
- asState
->reqofs
,
350 asState
->reqbuf
+ asState
->reqofs
);
351 storeClientCopy(asState
->sc
,
357 StoreIOBuffer tempBuffer
;
358 debugs(53, 3, "asHandleReply: store complete, but data received " << e
->url() );
359 tempBuffer
.offset
= asState
->offset
;
360 tempBuffer
.length
= AS_REQBUF_SZ
- asState
->reqofs
;
361 tempBuffer
.data
= asState
->reqbuf
+ asState
->reqofs
;
362 storeClientCopy(asState
->sc
,
371 * add a network (addr, mask) to the radix tree, with matching AS number
374 asnAddNet(char *as_string
, int as_number
)
376 struct squid_radix_node
*rn
;
377 CbDataList
<int> **Tail
= NULL
;
378 CbDataList
<int> *q
= NULL
;
379 as_info
*asinfo
= NULL
;
386 t
= strchr(as_string
, '/');
389 debugs(53, 3, "asnAddNet: failed, invalid response from whois server.");
400 // INET6 TODO : find a better way of identifying the base IPA family for mask than this.
401 t
= strchr(as_string
, '.');
403 // generate Netbits Format Mask
405 mask
.applyMask(bitl
, (t
!=NULL
?AF_INET
:AF_INET6
) );
407 debugs(53, 3, "asnAddNet: called for " << addr
<< "/" << mask
);
409 rtentry_t
*e
= (rtentry_t
*)xcalloc(1, sizeof(rtentry_t
));
411 e
->e_addr
.addr
= addr
;
413 e
->e_mask
.addr
= mask
;
415 rn
= squid_rn_lookup(&e
->e_addr
, &e
->e_mask
, AS_tree_head
);
418 asinfo
= ((rtentry_t
*) rn
)->e_info
;
420 if (asinfo
->as_number
->find(as_number
)) {
421 debugs(53, 3, "asnAddNet: Ignoring repeated network '" << addr
<< "/" << bitl
<< "' for AS " << as_number
);
423 debugs(53, 3, "asnAddNet: Warning: Found a network with multiple AS numbers!");
425 for (Tail
= &asinfo
->as_number
; *Tail
; Tail
= &(*Tail
)->next
);
426 q
= new CbDataList
<int> (as_number
);
433 q
= new CbDataList
<int> (as_number
);
434 asinfo
= (as_info
*)xmalloc(sizeof(as_info
));
435 asinfo
->as_number
= q
;
436 squid_rn_addroute(&e
->e_addr
, &e
->e_mask
, AS_tree_head
, e
->e_nodes
);
437 rn
= squid_rn_match(&e
->e_addr
, AS_tree_head
);
442 if (rn
== 0) { /* assert might expand to nothing */
446 debugs(53, 3, "asnAddNet: Could not add entry.");
455 destroyRadixNode(struct squid_radix_node
*rn
, void *w
)
458 struct squid_radix_node_head
*rnh
= (struct squid_radix_node_head
*) w
;
460 if (rn
&& !(rn
->rn_flags
& RNF_ROOT
)) {
461 rtentry_t
*e
= (rtentry_t
*) rn
;
462 rn
= squid_rn_delete(rn
->rn_key
, rn
->rn_mask
, rnh
);
465 debugs(53, 3, "destroyRadixNode: internal screwup");
467 destroyRadixNodeInfo(e
->e_info
);
476 destroyRadixNodeInfo(as_info
* e_info
)
478 CbDataList
<int> *prev
= NULL
;
479 CbDataList
<int> *data
= e_info
->as_number
;
489 printRadixNode(struct squid_radix_node
*rn
, void *_sentry
)
491 StoreEntry
*sentry
= (StoreEntry
*)_sentry
;
492 rtentry_t
*e
= (rtentry_t
*) rn
;
495 char buf
[MAX_IPSTRLEN
];
501 addr
= e
->e_addr
.addr
;
502 mask
= e
->e_mask
.addr
;
503 storeAppendPrintf(sentry
, "%s/%d\t",
504 addr
.toStr(buf
, MAX_IPSTRLEN
),
507 assert(asinfo
->as_number
);
509 for (q
= asinfo
->as_number
; q
; q
= q
->next
)
510 storeAppendPrintf(sentry
, " %d", q
->element
);
512 storeAppendPrintf(sentry
, "\n");
525 ACLASN::match(Ip::Address toMatch
)
527 return asnMatchIp(data
, toMatch
);
535 CbDataList
<int> *ldata
= data
;
537 while (ldata
!= NULL
) {
539 s
.Printf("%d", ldata
->element
);
548 ACLASN::empty () const
556 CbDataList
<int> **curlist
= &data
;
557 CbDataList
<int> **Tail
;
558 CbDataList
<int> *q
= NULL
;
561 for (Tail
= curlist
; *Tail
; Tail
= &((*Tail
)->next
));
562 while ((t
= strtokFile())) {
563 q
= new CbDataList
<int> (atoi(t
));
569 ACLData
<Ip::Address
> *
570 ACLASN::clone() const
573 fatal ("cloning of ACLASN not implemented");
575 return new ACLASN(*this);
578 /* explicit template instantiation required for some systems */
580 template class ACLStrategised
<Ip::Address
>;
582 ACL::Prototype
ACLASN::SourceRegistryProtoype(&ACLASN::SourceRegistryEntry_
, "src_as");
584 ACLStrategised
<Ip::Address
> ACLASN::SourceRegistryEntry_(new ACLASN
, ACLSourceASNStrategy::Instance(), "src_as");
586 ACL::Prototype
ACLASN::DestinationRegistryProtoype(&ACLASN::DestinationRegistryEntry_
, "dst_as");
588 ACLStrategised
<Ip::Address
> ACLASN::DestinationRegistryEntry_(new ACLASN
, ACLDestinationASNStrategy::Instance(), "dst_as");
591 ACLSourceASNStrategy::match (ACLData
<Ip::Address
> * &data
, ACLFilledChecklist
*checklist
, ACLFlags
&)
593 return data
->match(checklist
->src_addr
);
596 ACLSourceASNStrategy
*
597 ACLSourceASNStrategy::Instance()
602 ACLSourceASNStrategy
ACLSourceASNStrategy::Instance_
;
605 ACLDestinationASNStrategy::match (ACLData
<MatchType
> * &data
, ACLFilledChecklist
*checklist
, ACLFlags
&)
607 const ipcache_addrs
*ia
= ipcache_gethostbyname(checklist
->request
->GetHost(), IP_LOOKUP_IF_MISS
);
610 for (int k
= 0; k
< (int) ia
->count
; ++k
) {
611 if (data
->match(ia
->in_addrs
[k
]))
617 } else if (!checklist
->request
->flags
.destinationIpLookedUp
) {
618 /* No entry in cache, lookup not attempted */
619 debugs(28, 3, "asnMatchAcl: Can't yet compare '" << AclMatchedName
<< "' ACL for '" << checklist
->request
->GetHost() << "'");
620 if (checklist
->goAsync(DestinationIPLookup::Instance()))
622 // else fall through to noaddr match, hiding the lookup failure (XXX)
626 return data
->match(noaddr
);
629 ACLDestinationASNStrategy
*
630 ACLDestinationASNStrategy::Instance()
635 ACLDestinationASNStrategy
ACLDestinationASNStrategy::Instance_
;