*/
#include "squid.h"
-#include "compat/getaddrinfo.h"
#include "acl/Ip.h"
#include "acl/Checklist.h"
+#include "Debug.h"
+#include "ip/tools.h"
#include "MemBuf.h"
+#include "protos.h"
#include "wordlist.h"
void *
if (!addr2.IsAnyAddr()) {
b2[0] = '-';
- rlen++;
+ ++rlen;
addr2.NtoA(&(b2[1]), len - rlen );
rlen = strlen(buf);
} else
if (!mask.IsNoAddr()) {
b3[0] = '/';
- rlen++;
-#if USE_IPV6
+ ++rlen;
int cidr = mask.GetCIDR() - (addr1.IsIPv4()?96:0);
snprintf(&(b3[1]), (len-rlen), "%u", (unsigned int)(cidr<0?0:cidr) );
-#else
- snprintf(&(b3[1]), (len-rlen), "%u", mask.GetCIDR() );
-#endif
} else
b3[0] = '\0';
}
}
}
-
/*
* acl_ip_data::NetworkCompare - Compare two acl_ip_data entries. Strictly
* used by the splay insertion routine. It emits a warning if it
a->toStr(buf_n1, 3*(MAX_IPSTRLEN+1));
b->toStr(buf_n2, 3*(MAX_IPSTRLEN+1));
}
- debugs(28, 0, "WARNING: (" << (bina?'B':'A') << ") '" << buf_n1 << "' is a subnetwork of (" << (bina?'A':'B') << ") '" << buf_n2 << "'");
- debugs(28, 0, "WARNING: because of this '" << (bina?buf_n2:buf_n1) << "' is ignored to keep splay tree searching predictable");
- debugs(28, 0, "WARNING: You should probably remove '" << buf_n1 << "' from the ACL named '" << AclMatchedName << "'");
+ debugs(28, DBG_CRITICAL, "WARNING: (" << (bina?'B':'A') << ") '" << buf_n1 << "' is a subnetwork of (" << (bina?'A':'B') << ") '" << buf_n2 << "'");
+ debugs(28, DBG_CRITICAL, "WARNING: because of this '" << (bina?buf_n2:buf_n1) << "' is ignored to keep splay tree searching predictable");
+ debugs(28, DBG_CRITICAL, "WARNING: You should probably remove '" << buf_n1 << "' from the ACL named '" << AclMatchedName << "'");
}
return ret;
/* this will completely crap out with a security fail-open if the admin is playing mask tricks */
/* however, thats their fault, and we do warn. see bug 2601 for the effects if we don't do this. */
unsigned int m = mask.GetCIDR();
-#if USE_IPV6
debugs(28, DBG_CRITICAL, "WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.");
-#endif
debugs(28, DBG_CRITICAL, "WARNING: For now we will assume you meant to write /" << m);
/* reset the mask completely, and crop to the CIDR boundary back properly. */
mask.SetNoAddr();
return q;
}
-#if USE_IPV6
/* Special ACL RHS "ipv4" matches IPv4 Internet
* A nod to IANA; we include the entire class space in case
* they manage to find a way to recover and use it */
return r;
}
-#endif
// IPv4
if (sscanf(t, SCAN_ACL1_4, addr1, addr2, mask) == 3) {
hints.ai_flags |= AI_NUMERICHOST;
}
-#if 0 && USE_IPV6 && !IPV6_SPECIAL_SPLITSTACK
- hints.ai_flags |= AI_V4MAPPED | AI_ALL;
+#if 0
+ if (Ip::EnableIpv6&IPV6_SPECIAL_V4MAPPING)
+ hints.ai_flags |= AI_V4MAPPED | AI_ALL;
#endif
int errcode = getaddrinfo(addr1,NULL,&hints,&hp);
if (hp == NULL) {
- debugs(28, 0, "aclIpParseIpData: Bad host/IP: '" << addr1 <<
+ debugs(28, DBG_CRITICAL, "aclIpParseIpData: Bad host/IP: '" << addr1 <<
"' in '" << t << "', flags=" << hints.ai_flags <<
" : (" << errcode << ") " << gai_strerror(errcode) );
self_destruct();
}
if (*Q != NULL) {
- debugs(28, 0, "aclIpParseIpData: Bad host/IP: '" << t << "'");
+ debugs(28, DBG_CRITICAL, "aclIpParseIpData: Bad host/IP: '" << t << "'");
self_destruct();
return NULL;
}
return q;
}
-#if !USE_IPV6
/* ignore IPv6 addresses when built with IPv4-only */
- if ( iptype == AF_INET6 ) {
- debugs(28, 0, "aclIpParseIpData: IPv6 has not been enabled. build with '--enable-ipv6'");
+ if ( iptype == AF_INET6 && !Ip::EnableIpv6) {
+ debugs(28, DBG_IMPORTANT, "aclIpParseIpData: IPv6 has not been enabled.");
return NULL;
}
-#endif
/* Decode addr1 */
if (!*addr1 || !(q->addr1 = addr1)) {
- debugs(28, 0, "aclIpParseIpData: unknown first address in '" << t << "'");
+ debugs(28, DBG_CRITICAL, "aclIpParseIpData: unknown first address in '" << t << "'");
delete q;
self_destruct();
return NULL;
if (!*addr2)
q->addr2.SetAnyAddr();
else if (!(q->addr2=addr2) ) {
- debugs(28, 0, "aclIpParseIpData: unknown second address in '" << t << "'");
+ debugs(28, DBG_CRITICAL, "aclIpParseIpData: unknown second address in '" << t << "'");
delete q;
self_destruct();
return NULL;
/* Decode mask (NULL or empty means a exact host mask) */
if (!DecodeMask(mask, q->mask, iptype)) {
- debugs(28, 0, "aclParseIpData: unknown netmask '" << mask << "' in '" << t << "'");
+ debugs(28, DBG_CRITICAL, "aclParseIpData: unknown netmask '" << mask << "' in '" << t << "'");
delete q;
self_destruct();
return NULL;
changed += q->addr2.ApplyMask(q->mask);
if (changed)
- debugs(28, 0, "aclIpParseIpData: WARNING: Netmask masks away part of the specified IP in '" << t << "'");
+ debugs(28, DBG_CRITICAL, "aclIpParseIpData: WARNING: Netmask masks away part of the specified IP in '" << t << "'");
debugs(28,9, HERE << "Parsed: " << q->addr1 << "-" << q->addr2 << "/" << q->mask << "(/" << q->mask.GetCIDR() <<")");