]>
git.ipfire.org Git - thirdparty/squid.git/blob - src/acl/DestinationDomain.cc
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 /* DEBUG: section 28 Access Control */
12 #include "acl/DestinationDomain.h"
13 #include "acl/DomainData.h"
14 #include "acl/FilledChecklist.h"
15 #include "acl/RegexData.h"
16 #include "fqdncache.h"
17 #include "HttpRequest.h"
19 static void LookupDone(const char *, const Dns::LookupDetails
&, void *data
);
22 StartLookup(ACLFilledChecklist
&cl
, const Acl::Node
&)
24 fqdncache_nbgethostbyaddr(cl
.dst_addr
, LookupDone
, &cl
);
28 LookupDone(const char *, const Dns::LookupDetails
&details
, void *data
)
30 ACLFilledChecklist
*checklist
= Filled((ACLChecklist
*)data
);
31 checklist
->markDestinationDomainChecked();
32 checklist
->request
->recordLookup(details
);
33 checklist
->resumeNonBlockingCheck();
36 /* Acl::DestinationDomainCheck */
39 Acl::DestinationDomainCheck::options()
41 static const Acl::BooleanOption
LookupBanFlag("-n");
42 static const Acl::Options MyOptions
= { &LookupBanFlag
};
43 LookupBanFlag
.linkWith(&lookupBanned
);
48 Acl::DestinationDomainCheck::match(ACLChecklist
* const ch
)
50 const auto checklist
= Filled(ch
);
52 assert(checklist
!= nullptr && checklist
->request
!= nullptr);
54 if (data
->match(checklist
->request
->url
.host())) {
59 debugs(28, 3, "No-lookup DNS ACL '" << name
<< "' for " << checklist
->request
->url
.host());
63 /* numeric IPA? no, trust the above result. */
64 if (!checklist
->request
->url
.hostIsNumeric()) {
68 /* do we already have the rDNS? match on it if we do. */
69 if (checklist
->dst_rdns
) {
70 debugs(28, 3, "'" << name
<< "' match with stored rDNS '" << checklist
->dst_rdns
<< "' for " << checklist
->request
->url
.host());
71 return data
->match(checklist
->dst_rdns
);
74 /* raw IP without rDNS? look it up and wait for the result */
75 if (!checklist
->dst_addr
.fromHost(checklist
->request
->url
.host())) {
77 checklist
->dst_rdns
= xstrdup("invalid");
81 const char *fqdn
= fqdncache_gethostbyaddr(checklist
->dst_addr
, FQDN_LOOKUP_IF_MISS
);
84 checklist
->dst_rdns
= xstrdup(fqdn
);
85 return data
->match(fqdn
);
86 } else if (!checklist
->destinationDomainChecked()) {
87 debugs(28, 3, "Can't yet compare '" << name
<< "' ACL for " << checklist
->request
->url
.host());
88 if (checklist
->goAsync(StartLookup
, *this))
90 // else fall through to "none" match, hiding the lookup failure (XXX)
93 return data
->match("none");