#include "squid.h"
#include "acl/Ip.h"
#include "acl/Checklist.h"
+#include "Debug.h"
+#include "ip/tools.h"
#include "MemBuf.h"
+#include "protos.h"
#include "wordlist.h"
void *
if (!addr2.IsAnyAddr()) {
b2[0] = '-';
- rlen++;
+ ++rlen;
addr2.NtoA(&(b2[1]), len - rlen );
rlen = strlen(buf);
} else
if (!mask.IsNoAddr()) {
b3[0] = '/';
- rlen++;
-#if USE_IPV6
+ ++rlen;
int cidr = mask.GetCIDR() - (addr1.IsIPv4()?96:0);
snprintf(&(b3[1]), (len-rlen), "%u", (unsigned int)(cidr<0?0:cidr) );
-#else
- snprintf(&(b3[1]), (len-rlen), "%u", mask.GetCIDR() );
-#endif
} else
b3[0] = '\0';
}
int
aclIpAddrNetworkCompare(acl_ip_data * const &p, acl_ip_data * const &q)
{
- IpAddress A = p->addr1;
+ Ip::Address A = p->addr1;
/* apply netmask */
A.ApplyMask(q->mask);
}
}
-
/*
* acl_ip_data::NetworkCompare - Compare two acl_ip_data entries. Strictly
* used by the splay insertion routine. It emits a warning if it
a->toStr(buf_n1, 3*(MAX_IPSTRLEN+1));
b->toStr(buf_n2, 3*(MAX_IPSTRLEN+1));
}
- debugs(28, 0, "WARNING: (" << (bina?'B':'A') << ") '" << buf_n1 << "' is a subnetwork of (" << (bina?'A':'B') << ") '" << buf_n2 << "'");
- debugs(28, 0, "WARNING: because of this '" << (bina?buf_n2:buf_n1) << "' is ignored to keep splay tree searching predictable");
- debugs(28, 0, "WARNING: You should probably remove '" << buf_n1 << "' from the ACL named '" << AclMatchedName << "'");
+ debugs(28, DBG_CRITICAL, "WARNING: (" << (bina?'B':'A') << ") '" << buf_n1 << "' is a subnetwork of (" << (bina?'A':'B') << ") '" << buf_n2 << "'");
+ debugs(28, DBG_CRITICAL, "WARNING: because of this '" << (bina?buf_n2:buf_n1) << "' is ignored to keep splay tree searching predictable");
+ debugs(28, DBG_CRITICAL, "WARNING: You should probably remove '" << buf_n1 << "' from the ACL named '" << AclMatchedName << "'");
}
return ret;
* This function should NOT be called if 'asc' is a hostname!
*/
bool
-acl_ip_data::DecodeMask(const char *asc, IpAddress &mask, int ctype)
+acl_ip_data::DecodeMask(const char *asc, Ip::Address &mask, int ctype)
{
char junk;
int a1 = 0;
/* this will completely crap out with a security fail-open if the admin is playing mask tricks */
/* however, thats their fault, and we do warn. see bug 2601 for the effects if we don't do this. */
unsigned int m = mask.GetCIDR();
-#if USE_IPV6
debugs(28, DBG_CRITICAL, "WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.");
-#endif
debugs(28, DBG_CRITICAL, "WARNING: For now we will assume you meant to write /" << m);
/* reset the mask completely, and crop to the CIDR boundary back properly. */
mask.SetNoAddr();
LOCAL_ARRAY(char, mask, 256);
acl_ip_data *r = NULL;
acl_ip_data **Q = NULL;
- IpAddress temp;
+ Ip::Address temp;
char c;
unsigned int changed;
acl_ip_data *q = new acl_ip_data;
/* Detect some old broken strings equivalent to 'all'.
* treat them nicely. But be loud until its fixed. */
if (strcasecmp(t, "0/0") == 0 || strcasecmp(t, "0.0.0.0/0") == 0 || strcasecmp(t, "0.0.0.0/0.0.0.0") == 0 ||
- strcasecmp(t, "0.0.0.0") == 0 || strcasecmp(t, "0.0.0.0-0.0.0.0") == 0 || strcasecmp(t, "0.0.0.0-0.0.0.0/0") == 0) {
+ strcasecmp(t, "0.0.0.0-255.255.255.255") == 0 || strcasecmp(t, "0.0.0.0-0.0.0.0/0") == 0) {
debugs(28,DBG_CRITICAL, "ERROR: '" << t << "' needs to be replaced by the term 'all'.");
debugs(28,DBG_CRITICAL, "SECURITY NOTICE: Overriding config setting. Using 'all' instead.");
return q;
}
-#if USE_IPV6
/* Special ACL RHS "ipv4" matches IPv4 Internet
* A nod to IANA; we include the entire class space in case
* they manage to find a way to recover and use it */
return r;
}
-#endif
// IPv4
if (sscanf(t, SCAN_ACL1_4, addr1, addr2, mask) == 3) {
addr2[0] = '\0';
} else if (sscanf(t, "%s", addr1) == 1) {
/*
- * Note, must use plain xgetaddrinfo() here because at startup
+ * Note, must use plain getaddrinfo() here because at startup
* ipcache hasn't been initialized
- * TODO: offload this to one of the IpAddress lookups.
+ * TODO: offload this to one of the Ip::Address lookups.
*/
debugs(28, 5, "aclIpParseIpData: Lookup Host/IP " << addr1);
struct addrinfo *hp = NULL, *x = NULL;
struct addrinfo hints;
- IpAddress *prev_addr = NULL;
+ Ip::Address *prev_addr = NULL;
memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_flags |= AI_NUMERICHOST;
}
-#if 0 && USE_IPV6 && !IPV6_SPECIAL_SPLITSTACK
- hints.ai_flags |= AI_V4MAPPED | AI_ALL;
+#if 0
+ if (Ip::EnableIpv6&IPV6_SPECIAL_V4MAPPING)
+ hints.ai_flags |= AI_V4MAPPED | AI_ALL;
#endif
- int errcode = xgetaddrinfo(addr1,NULL,&hints,&hp);
+ int errcode = getaddrinfo(addr1,NULL,&hints,&hp);
if (hp == NULL) {
- debugs(28, 0, "aclIpParseIpData: Bad host/IP: '" << addr1 <<
+ debugs(28, DBG_CRITICAL, "aclIpParseIpData: Bad host/IP: '" << addr1 <<
"' in '" << t << "', flags=" << hints.ai_flags <<
- " : (" << errcode << ") " << xgai_strerror(errcode) );
+ " : (" << errcode << ") " << gai_strerror(errcode) );
self_destruct();
return NULL;
}
}
if (*Q != NULL) {
- debugs(28, 0, "aclIpParseIpData: Bad host/IP: '" << t << "'");
+ debugs(28, DBG_CRITICAL, "aclIpParseIpData: Bad host/IP: '" << t << "'");
self_destruct();
return NULL;
}
- xfreeaddrinfo(hp);
+ freeaddrinfo(hp);
return q;
}
-#if !USE_IPV6
/* ignore IPv6 addresses when built with IPv4-only */
- if ( iptype == AF_INET6 ) {
- debugs(28, 0, "aclIpParseIpData: IPv6 has not been enabled. build with '--enable-ipv6'");
+ if ( iptype == AF_INET6 && !Ip::EnableIpv6) {
+ debugs(28, DBG_IMPORTANT, "aclIpParseIpData: IPv6 has not been enabled.");
return NULL;
}
-#endif
/* Decode addr1 */
if (!*addr1 || !(q->addr1 = addr1)) {
- debugs(28, 0, "aclIpParseIpData: unknown first address in '" << t << "'");
+ debugs(28, DBG_CRITICAL, "aclIpParseIpData: unknown first address in '" << t << "'");
delete q;
self_destruct();
return NULL;
if (!*addr2)
q->addr2.SetAnyAddr();
else if (!(q->addr2=addr2) ) {
- debugs(28, 0, "aclIpParseIpData: unknown second address in '" << t << "'");
+ debugs(28, DBG_CRITICAL, "aclIpParseIpData: unknown second address in '" << t << "'");
delete q;
self_destruct();
return NULL;
/* Decode mask (NULL or empty means a exact host mask) */
if (!DecodeMask(mask, q->mask, iptype)) {
- debugs(28, 0, "aclParseIpData: unknown netmask '" << mask << "' in '" << t << "'");
+ debugs(28, DBG_CRITICAL, "aclParseIpData: unknown netmask '" << mask << "' in '" << t << "'");
delete q;
self_destruct();
return NULL;
changed += q->addr2.ApplyMask(q->mask);
if (changed)
- debugs(28, 0, "aclIpParseIpData: WARNING: Netmask masks away part of the specified IP in '" << t << "'");
+ debugs(28, DBG_CRITICAL, "aclIpParseIpData: WARNING: Netmask masks away part of the specified IP in '" << t << "'");
debugs(28,9, HERE << "Parsed: " << q->addr1 << "-" << q->addr2 << "/" << q->mask << "(/" << q->mask.GetCIDR() <<")");
}
int
-ACLIP::match(IpAddress &clientip)
+ACLIP::match(Ip::Address &clientip)
{
static acl_ip_data ClientAddress;
/*
acl_ip_data::acl_ip_data () :addr1(), addr2(), mask(), next (NULL) {}
-acl_ip_data::acl_ip_data (IpAddress const &anAddress1, IpAddress const &anAddress2, IpAddress const &aMask, acl_ip_data *aNext) : addr1(anAddress1), addr2(anAddress2), mask(aMask), next(aNext) {}
+acl_ip_data::acl_ip_data (Ip::Address const &anAddress1, Ip::Address const &anAddress2, Ip::Address const &aMask, acl_ip_data *aNext) : addr1(anAddress1), addr2(anAddress2), mask(aMask), next(aNext) {}
projects / thirdparty / squid.git / blobdiff