From: Willy Tarreau Date: Wed, 25 Apr 2012 08:13:36 +0000 (+0200) Subject: MEDIUM: acl/pattern: use the same direction scheme X-Git-Tag: v1.5-dev9~40 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=32a6f2e572adfad27a8bb95de9a98163c316f4d1;p=thirdparty%2Fhaproxy.git MEDIUM: acl/pattern: use the same direction scheme Patterns were using a bitmask to indicate if request or response was desired in fetch functions and keywords. ACLs were using a bitmask in fetch keywords and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit in fetch functions indicating that a non-final fetch was performed, which was an abuse of the existing direction flag. The change now consists in using : - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate if a keyword supports requests, responses, both, etc... - an option field for fetch functions to indicate what the caller expects (request/response, final/non-final) The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit to know we're working on a final buffer than on a non-final one. ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved to support being called on responses too since they're still available. The field of all fetch functions was changed to which is now unsigned. The patch is large but mostly made of cosmetic changes to accomodate this, as almost no logic change happened. --- diff --git a/include/proto/acl.h b/include/proto/acl.h index 493b56e5a0..3a7606b8e3 100644 --- a/include/proto/acl.h +++ b/include/proto/acl.h @@ -94,7 +94,7 @@ struct acl_cond *build_acl_cond(const char *file, int line, struct proxy *px, co * condition, it does not apply the polarity required by IF/UNLESS, it's up to * the caller to do this. */ -int acl_exec_cond(struct acl_cond *cond, struct proxy *px, struct session *l4, void *l7, int dir); +int acl_exec_cond(struct acl_cond *cond, struct proxy *px, struct session *l4, void *l7, unsigned int opt); /* Reports a pointer to the first ACL used in condition which requires * at least one of the USE_FLAGS in . Returns NULL if none matches. @@ -171,7 +171,7 @@ int acl_parse_reg(const char **text, struct acl_pattern *pattern, int *opaque); int acl_parse_ip(const char **text, struct acl_pattern *pattern, int *opaque); /* always fake a data retrieval */ -int acl_fetch_nothing(struct proxy *px, struct session *l4, void *l7, int dir, +int acl_fetch_nothing(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp); /* always return false */ diff --git a/include/proto/pattern.h b/include/proto/pattern.h index 5a9f9444aa..f3250eccf4 100644 --- a/include/proto/pattern.h +++ b/include/proto/pattern.h @@ -27,7 +27,7 @@ struct pattern_expr *pattern_parse_expr(char **str, int *idx, char *err, int err_size); struct sample *pattern_process(struct proxy *px, struct session *l4, - void *l7, int dir, struct pattern_expr *expr, + void *l7, unsigned int dir, struct pattern_expr *expr, struct sample *p); void pattern_register_fetches(struct pattern_fetch_kw_list *psl); void pattern_register_convs(struct pattern_conv_kw_list *psl); diff --git a/include/proto/proto_tcp.h b/include/proto/proto_tcp.h index 91573e9596..947699bb42 100644 --- a/include/proto/proto_tcp.h +++ b/include/proto/proto_tcp.h @@ -34,7 +34,7 @@ int tcp_connect_server(struct stream_interface *si); int tcp_inspect_request(struct session *s, struct buffer *req, int an_bit); int tcp_inspect_response(struct session *s, struct buffer *rep, int an_bit); int tcp_exec_req_rules(struct session *s); -int smp_fetch_rdp_cookie(struct proxy *px, struct session *l4, void *l7, int dir, const struct arg *args, struct sample *smp); +int smp_fetch_rdp_cookie(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp); /* Converts the TCP source address to a stick_table key usable for table * lookups. Returns either NULL if the source cannot be converted (eg: not diff --git a/include/proto/stick_table.h b/include/proto/stick_table.h index 5da327ca64..7756623ba6 100644 --- a/include/proto/stick_table.h +++ b/include/proto/stick_table.h @@ -47,7 +47,7 @@ struct stksess *stktable_lookup(struct stktable *t, struct stksess *ts); struct stksess *stktable_lookup_key(struct stktable *t, struct stktable_key *key); struct stksess *stktable_update_key(struct stktable *table, struct stktable_key *key); struct stktable_key *stktable_fetch_key(struct stktable *t, struct proxy *px, - struct session *l4, void *l7, int dir, + struct session *l4, void *l7, unsigned int opt, struct pattern_expr *expr); int stktable_compatible_pattern(struct pattern_expr *expr, unsigned long table_type); int stktable_get_data_type(char *name); diff --git a/include/types/acl.h b/include/types/acl.h index 564c4bbe7a..cff3ae2c7a 100644 --- a/include/types/acl.h +++ b/include/types/acl.h @@ -71,14 +71,6 @@ enum { ACL_COND_UNLESS, /* negative condition (after 'unless') */ }; -/* ACLs can be evaluated on requests and on responses, and on partial or complete data */ -enum { - ACL_DIR_REQ = 0, /* ACL evaluated on request */ - ACL_DIR_RTR = (1 << 0), /* ACL evaluated on response */ - ACL_DIR_MASK = (ACL_DIR_REQ | ACL_DIR_RTR), - ACL_PARTIAL = (1 << 1), /* partial data, return MISS if data are missing */ -}; - /* possible flags for expressions or patterns */ enum { ACL_PAT_F_IGNORE_CASE = 1 << 0, /* ignore case */ @@ -238,7 +230,7 @@ struct acl_expr; struct acl_keyword { const char *kw; int (*parse)(const char **text, struct acl_pattern *pattern, int *opaque); - int (*fetch)(struct proxy *px, struct session *l4, void *l7, int dir, + int (*fetch)(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp); int (*match)(struct sample *smp, struct acl_pattern *pattern); unsigned int requires; /* bit mask of all ACL_USE_* required to evaluate this keyword */ diff --git a/include/types/pattern.h b/include/types/pattern.h index d4d38382a1..3ee18cb6be 100644 --- a/include/types/pattern.h +++ b/include/types/pattern.h @@ -41,6 +41,26 @@ enum { SMP_TYPES /* number of types, must always be last */ }; +/* Sample fetch capabilities are used to declare keywords. Right now only + * the supportd fetch directions are specified. + */ +enum { + SMP_CAP_REQ = 1 << 0, /* fetch supported on request */ + SMP_CAP_RES = 1 << 1, /* fetch supported on response */ +}; + +/* Sample fetch options are passed to sample fetch functions to add precision + * about what is desired : + * - fetch direction (req/resp) + * - intermediary / final fetch + */ +enum { + SMP_OPT_DIR_REQ = 0, /* direction = request */ + SMP_OPT_DIR_RES = 1, /* direction = response */ + SMP_OPT_DIR = (SMP_OPT_DIR_REQ|SMP_OPT_DIR_RES), /* mask to get direction */ + SMP_OPT_FINAL = 2, /* final fetch, contents won't change anymore */ +}; + /* Flags used to describe fetched samples. MAY_CHANGE indicates that the result * of the fetch might still evolve, for instance because of more data expected, * even if the fetch has failed. VOL_* indicates how long a result may be cached. @@ -56,11 +76,6 @@ enum { SMP_F_VOLATILE = (1<<2)|(1<<3)|(1<<4)|(1<<5)|(1<<6), /* any volatility condition */ }; -/* pattern fetch direction */ -#define PATTERN_FETCH_REQ 1 -#define PATTERN_FETCH_RTR 2 - - /* a sample context might be used by any sample fetch function in order to * store information needed across multiple calls (eg: restart point for a * next occurrence). By definition it may store up to 8 pointers, or any @@ -115,13 +130,14 @@ struct pattern_fetch { int (*process)(struct proxy *px, struct session *l4, void *l7, - int dir, const struct arg *arg_p, + unsigned int opt, /* fetch options (SMP_OPT_*) */ + const struct arg *arg_p, struct sample *smp); /* fetch processing function */ unsigned int arg_mask; /* arguments (ARG*()) */ int (*val_args)(struct arg *arg_p, char **err_msg); /* argument validation function */ unsigned long out_type; /* output pattern type */ - int dir; /* usable directions */ + unsigned int cap; /* fetch capabilities (SMP_CAP_*) */ }; /* pattern expression */ diff --git a/src/acl.c b/src/acl.c index 1eda948dac..1267ec30b2 100644 --- a/src/acl.c +++ b/src/acl.c @@ -65,7 +65,7 @@ static struct acl_kw_list acl_keywords = { /* force TRUE to be returned at the fetch level */ static int -acl_fetch_true(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_true(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { smp->type = SMP_T_BOOL; @@ -77,10 +77,10 @@ acl_fetch_true(struct proxy *px, struct session *l4, void *l7, int dir, * used with content inspection. */ static int -acl_fetch_wait_end(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_wait_end(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { - if (dir & ACL_PARTIAL) { + if (!(opt & SMP_OPT_FINAL)) { smp->flags |= SMP_F_MAY_CHANGE; return 0; } @@ -91,7 +91,7 @@ acl_fetch_wait_end(struct proxy *px, struct session *l4, void *l7, int dir, /* force FALSE to be returned at the fetch level */ static int -acl_fetch_false(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_false(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { smp->type = SMP_T_BOOL; @@ -101,7 +101,7 @@ acl_fetch_false(struct proxy *px, struct session *l4, void *l7, int dir, /* return the number of bytes in the request buffer */ static int -acl_fetch_req_len(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_req_len(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4 || !l4->req) @@ -115,7 +115,7 @@ acl_fetch_req_len(struct proxy *px, struct session *l4, void *l7, int dir, static int -acl_fetch_ssl_hello_type(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_ssl_hello_type(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { int hs_len; @@ -126,7 +126,7 @@ acl_fetch_ssl_hello_type(struct proxy *px, struct session *l4, void *l7, int dir if (!l4) goto not_ssl_hello; - b = ((dir & ACL_DIR_MASK) == ACL_DIR_RTR) ? l4->rep : l4->req; + b = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? l4->rep : l4->req; bleft = b->i; data = (const unsigned char *)b->p; @@ -184,7 +184,7 @@ acl_fetch_ssl_hello_type(struct proxy *px, struct session *l4, void *l7, int dir * Note: this decoder only works with non-wrapping data. */ static int -acl_fetch_req_ssl_ver(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_req_ssl_ver(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { int version, bleft, msg_len; @@ -320,7 +320,7 @@ acl_fetch_req_ssl_ver(struct proxy *px, struct session *l4, void *l7, int dir, * - opaque hostname[name_len bytes] */ static int -acl_fetch_ssl_hello_sni(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_ssl_hello_sni(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { int hs_len, ext_len, bleft; @@ -330,7 +330,7 @@ acl_fetch_ssl_hello_sni(struct proxy *px, struct session *l4, void *l7, int dir, if (!l4) goto not_ssl_hello; - b = ((dir & ACL_DIR_MASK) == ACL_DIR_RTR) ? l4->rep : l4->req; + b = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? l4->rep : l4->req; bleft = b->i; data = (unsigned char *)b->p; @@ -464,7 +464,7 @@ int acl_parse_nothing(const char **text, struct acl_pattern *pattern, int *opaqu } /* always fake a data retrieval */ -int acl_fetch_nothing(struct proxy *px, struct session *l4, void *l7, int dir, +int acl_fetch_nothing(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { return 1; @@ -1681,8 +1681,8 @@ struct acl_cond *build_acl_cond(const char *file, int line, struct proxy *px, co /* Execute condition and return either ACL_PAT_FAIL, ACL_PAT_MISS or * ACL_PAT_PASS depending on the test results. ACL_PAT_MISS may only be - * returned if contains ACL_PARTIAL, indicating that incomplete data - * is being examined. + * returned if does not contain SMP_OPT_FINAL, indicating that incomplete + * data is being examined. * This function only computes the condition, it does not apply the polarity * required by IF/UNLESS, it's up to the caller to do this using something like * this : @@ -1693,7 +1693,7 @@ struct acl_cond *build_acl_cond(const char *file, int line, struct proxy *px, co * if (cond->pol == ACL_COND_UNLESS) * res = !res; */ -int acl_exec_cond(struct acl_cond *cond, struct proxy *px, struct session *l4, void *l7, int dir) +int acl_exec_cond(struct acl_cond *cond, struct proxy *px, struct session *l4, void *l7, unsigned int opt) { __label__ fetch_next; struct acl_term_suite *suite; @@ -1733,9 +1733,9 @@ int acl_exec_cond(struct acl_cond *cond, struct proxy *px, struct session *l4, v /* we need to reset context and flags */ memset(&smp, 0, sizeof(smp)); fetch_next: - if (!expr->kw->fetch(px, l4, l7, dir, expr->args, &smp)) { + if (!expr->kw->fetch(px, l4, l7, opt, expr->args, &smp)) { /* maybe we could not fetch because of missing data */ - if (smp.flags & SMP_F_MAY_CHANGE && dir & ACL_PARTIAL) + if (smp.flags & SMP_F_MAY_CHANGE && !(opt & SMP_OPT_FINAL)) acl_res |= ACL_PAT_MISS; continue; } @@ -1784,7 +1784,7 @@ int acl_exec_cond(struct acl_cond *cond, struct proxy *px, struct session *l4, v * later and give another chance for a new match (eg: request * size, time, ...) */ - if (smp.flags & SMP_F_MAY_CHANGE && dir & ACL_PARTIAL) + if (smp.flags & SMP_F_MAY_CHANGE && !(opt & SMP_OPT_FINAL)) acl_res |= ACL_PAT_MISS; } /* diff --git a/src/backend.c b/src/backend.c index a9567070ff..5bec608ff3 100644 --- a/src/backend.c +++ b/src/backend.c @@ -416,7 +416,7 @@ struct server *get_server_rch(struct session *s) args[0].data.str.len = px->hh_len; args[1].type = ARGT_STOP; - ret = smp_fetch_rdp_cookie(px, s, NULL, ACL_DIR_REQ, args, &smp); + ret = smp_fetch_rdp_cookie(px, s, NULL, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, args, &smp); len = smp.data.str.len; if (ret == 0 || (smp.flags & SMP_F_MAY_CHANGE) || len == 0) @@ -1134,7 +1134,7 @@ int tcp_persist_rdp_cookie(struct session *s, struct buffer *req, int an_bit) args[0].data.str.len = s->be->rdp_cookie_len; args[1].type = ARGT_STOP; - ret = smp_fetch_rdp_cookie(px, s, NULL, ACL_DIR_REQ, args, &smp); + ret = smp_fetch_rdp_cookie(px, s, NULL, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, args, &smp); if (ret == 0 || (smp.flags & SMP_F_MAY_CHANGE) || smp.data.str.len == 0) goto no_cookie; @@ -1374,7 +1374,7 @@ int backend_parse_balance(const char **args, char *err, int errlen, struct proxy * undefined behaviour. */ static int -acl_fetch_nbsrv(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_nbsrv(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { smp->flags = SMP_F_VOL_TEST; @@ -1397,7 +1397,7 @@ acl_fetch_nbsrv(struct proxy *px, struct session *l4, void *l7, int dir, * undefined behaviour. */ static int -acl_fetch_srv_is_up(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_srv_is_up(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct server *srv = args->data.srv; @@ -1417,7 +1417,7 @@ acl_fetch_srv_is_up(struct proxy *px, struct session *l4, void *l7, int dir, * undefined behaviour. */ static int -acl_fetch_connslots(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_connslots(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct server *iterator; @@ -1445,7 +1445,7 @@ acl_fetch_connslots(struct proxy *px, struct session *l4, void *l7, int dir, /* set temp integer to the id of the backend */ static int -acl_fetch_be_id(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_be_id(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { smp->flags = SMP_F_VOL_TXN; @@ -1456,7 +1456,7 @@ acl_fetch_be_id(struct proxy *px, struct session *l4, void *l7, int dir, /* set temp integer to the id of the server */ static int -acl_fetch_srv_id(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_srv_id(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!target_srv(&l4->target)) @@ -1473,7 +1473,7 @@ acl_fetch_srv_id(struct proxy *px, struct session *l4, void *l7, int dir, * undefined behaviour. */ static int -acl_fetch_be_sess_rate(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_be_sess_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { smp->flags = SMP_F_VOL_TEST; @@ -1487,7 +1487,7 @@ acl_fetch_be_sess_rate(struct proxy *px, struct session *l4, void *l7, int dir, * undefined behaviour. */ static int -acl_fetch_be_conn(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_be_conn(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { smp->flags = SMP_F_VOL_TEST; @@ -1501,7 +1501,7 @@ acl_fetch_be_conn(struct proxy *px, struct session *l4, void *l7, int dir, * undefined behaviour. */ static int -acl_fetch_queue_size(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_queue_size(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { smp->flags = SMP_F_VOL_TEST; @@ -1519,7 +1519,7 @@ acl_fetch_queue_size(struct proxy *px, struct session *l4, void *l7, int dir, * undefined behaviour. */ static int -acl_fetch_avg_queue_size(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_avg_queue_size(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { int nbsrv; @@ -1548,7 +1548,7 @@ acl_fetch_avg_queue_size(struct proxy *px, struct session *l4, void *l7, int dir * undefined behaviour. */ static int -acl_fetch_srv_conn(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_srv_conn(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { smp->flags = SMP_F_VOL_TEST; diff --git a/src/cfgparse.c b/src/cfgparse.c index 4719abbd3b..a3ac66121c 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -1120,7 +1120,7 @@ static int create_cond_regex_rule(const char *file, int line, goto err; } - if (dir == ACL_DIR_REQ) + if (dir == SMP_OPT_DIR_REQ) err_code |= warnif_cond_requires_resp(cond, file, line); else err_code |= warnif_cond_requires_req(cond, file, line); @@ -1138,7 +1138,7 @@ static int create_cond_regex_rule(const char *file, int line, goto err; } - err = chain_regex((dir == ACL_DIR_REQ) ? &px->req_exp : &px->rsp_exp, + err = chain_regex((dir == SMP_OPT_DIR_REQ) ? &px->req_exp : &px->rsp_exp, preg, action, repl ? strdup(repl) : NULL, cond); if (repl && err) { Alert("parsing [%s:%d] : '%s' : invalid character or unterminated sequence in replacement string near '%c'.\n", @@ -1147,7 +1147,7 @@ static int create_cond_regex_rule(const char *file, int line, goto err; } - if (dir == ACL_DIR_REQ && warnif_misplaced_reqxxx(px, file, line, cmd)) + if (dir == SMP_OPT_DIR_REQ && warnif_misplaced_reqxxx(px, file, line, cmd)) err_code |= ERR_WARN; return err_code; @@ -3005,7 +3005,7 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) } if (flags & STK_ON_RSP) { - if (!(expr->fetch->dir & PATTERN_FETCH_RTR)) { + if (!(expr->fetch->cap & SMP_CAP_RES)) { Alert("parsing [%s:%d] : '%s': fetch method '%s' can not be used on response.\n", file, linenum, args[0], expr->fetch->kw); err_code |= ERR_ALERT | ERR_FATAL; @@ -3013,7 +3013,7 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm) goto out; } } else { - if (!(expr->fetch->dir & PATTERN_FETCH_REQ)) { + if (!(expr->fetch->cap & SMP_CAP_REQ)) { Alert("parsing [%s:%d] : '%s': fetch method '%s' can not be used on request.\n", file, linenum, args[0], expr->fetch->kw); err_code |= ERR_ALERT | ERR_FATAL; @@ -4882,56 +4882,56 @@ stats_error_parsing: } err_code |= create_cond_regex_rule(file, linenum, curproxy, - ACL_DIR_REQ, ACT_REPLACE, 0, + SMP_OPT_DIR_REQ, ACT_REPLACE, 0, args[0], args[1], args[2], (const char **)args+3); if (err_code & ERR_FATAL) goto out; } else if (!strcmp(args[0], "reqdel")) { /* delete request header from a regex */ err_code |= create_cond_regex_rule(file, linenum, curproxy, - ACL_DIR_REQ, ACT_REMOVE, 0, + SMP_OPT_DIR_REQ, ACT_REMOVE, 0, args[0], args[1], NULL, (const char **)args+2); if (err_code & ERR_FATAL) goto out; } else if (!strcmp(args[0], "reqdeny")) { /* deny a request if a header matches this regex */ err_code |= create_cond_regex_rule(file, linenum, curproxy, - ACL_DIR_REQ, ACT_DENY, 0, + SMP_OPT_DIR_REQ, ACT_DENY, 0, args[0], args[1], NULL, (const char **)args+2); if (err_code & ERR_FATAL) goto out; } else if (!strcmp(args[0], "reqpass")) { /* pass this header without allowing or denying the request */ err_code |= create_cond_regex_rule(file, linenum, curproxy, - ACL_DIR_REQ, ACT_PASS, 0, + SMP_OPT_DIR_REQ, ACT_PASS, 0, args[0], args[1], NULL, (const char **)args+2); if (err_code & ERR_FATAL) goto out; } else if (!strcmp(args[0], "reqallow")) { /* allow a request if a header matches this regex */ err_code |= create_cond_regex_rule(file, linenum, curproxy, - ACL_DIR_REQ, ACT_ALLOW, 0, + SMP_OPT_DIR_REQ, ACT_ALLOW, 0, args[0], args[1], NULL, (const char **)args+2); if (err_code & ERR_FATAL) goto out; } else if (!strcmp(args[0], "reqtarpit")) { /* tarpit a request if a header matches this regex */ err_code |= create_cond_regex_rule(file, linenum, curproxy, - ACL_DIR_REQ, ACT_TARPIT, 0, + SMP_OPT_DIR_REQ, ACT_TARPIT, 0, args[0], args[1], NULL, (const char **)args+2); if (err_code & ERR_FATAL) goto out; } else if (!strcmp(args[0], "reqsetbe")) { /* switch the backend from a regex, respecting case */ err_code |= create_cond_regex_rule(file, linenum, curproxy, - ACL_DIR_REQ, ACT_SETBE, 0, + SMP_OPT_DIR_REQ, ACT_SETBE, 0, args[0], args[1], args[2], (const char **)args+3); if (err_code & ERR_FATAL) goto out; } else if (!strcmp(args[0], "reqisetbe")) { /* switch the backend from a regex, ignoring case */ err_code |= create_cond_regex_rule(file, linenum, curproxy, - ACL_DIR_REQ, ACT_SETBE, REG_ICASE, + SMP_OPT_DIR_REQ, ACT_SETBE, REG_ICASE, args[0], args[1], args[2], (const char **)args+3); if (err_code & ERR_FATAL) goto out; @@ -4945,42 +4945,42 @@ stats_error_parsing: } err_code |= create_cond_regex_rule(file, linenum, curproxy, - ACL_DIR_REQ, ACT_REPLACE, REG_ICASE, + SMP_OPT_DIR_REQ, ACT_REPLACE, REG_ICASE, args[0], args[1], args[2], (const char **)args+3); if (err_code & ERR_FATAL) goto out; } else if (!strcmp(args[0], "reqidel")) { /* delete request header from a regex ignoring case */ err_code |= create_cond_regex_rule(file, linenum, curproxy, - ACL_DIR_REQ, ACT_REMOVE, REG_ICASE, + SMP_OPT_DIR_REQ, ACT_REMOVE, REG_ICASE, args[0], args[1], NULL, (const char **)args+2); if (err_code & ERR_FATAL) goto out; } else if (!strcmp(args[0], "reqideny")) { /* deny a request if a header matches this regex ignoring case */ err_code |= create_cond_regex_rule(file, linenum, curproxy, - ACL_DIR_REQ, ACT_DENY, REG_ICASE, + SMP_OPT_DIR_REQ, ACT_DENY, REG_ICASE, args[0], args[1], NULL, (const char **)args+2); if (err_code & ERR_FATAL) goto out; } else if (!strcmp(args[0], "reqipass")) { /* pass this header without allowing or denying the request */ err_code |= create_cond_regex_rule(file, linenum, curproxy, - ACL_DIR_REQ, ACT_PASS, REG_ICASE, + SMP_OPT_DIR_REQ, ACT_PASS, REG_ICASE, args[0], args[1], NULL, (const char **)args+2); if (err_code & ERR_FATAL) goto out; } else if (!strcmp(args[0], "reqiallow")) { /* allow a request if a header matches this regex ignoring case */ err_code |= create_cond_regex_rule(file, linenum, curproxy, - ACL_DIR_REQ, ACT_ALLOW, REG_ICASE, + SMP_OPT_DIR_REQ, ACT_ALLOW, REG_ICASE, args[0], args[1], NULL, (const char **)args+2); if (err_code & ERR_FATAL) goto out; } else if (!strcmp(args[0], "reqitarpit")) { /* tarpit a request if a header matches this regex ignoring case */ err_code |= create_cond_regex_rule(file, linenum, curproxy, - ACL_DIR_REQ, ACT_TARPIT, REG_ICASE, + SMP_OPT_DIR_REQ, ACT_TARPIT, REG_ICASE, args[0], args[1], NULL, (const char **)args+2); if (err_code & ERR_FATAL) goto out; @@ -5033,21 +5033,21 @@ stats_error_parsing: } err_code |= create_cond_regex_rule(file, linenum, curproxy, - ACL_DIR_RTR, ACT_REPLACE, 0, + SMP_OPT_DIR_RES, ACT_REPLACE, 0, args[0], args[1], args[2], (const char **)args+3); if (err_code & ERR_FATAL) goto out; } else if (!strcmp(args[0], "rspdel")) { /* delete response header from a regex */ err_code |= create_cond_regex_rule(file, linenum, curproxy, - ACL_DIR_RTR, ACT_REMOVE, 0, + SMP_OPT_DIR_RES, ACT_REMOVE, 0, args[0], args[1], NULL, (const char **)args+2); if (err_code & ERR_FATAL) goto out; } else if (!strcmp(args[0], "rspdeny")) { /* block response header from a regex */ err_code |= create_cond_regex_rule(file, linenum, curproxy, - ACL_DIR_RTR, ACT_DENY, 0, + SMP_OPT_DIR_RES, ACT_DENY, 0, args[0], args[1], NULL, (const char **)args+2); if (err_code & ERR_FATAL) goto out; @@ -5061,21 +5061,21 @@ stats_error_parsing: } err_code |= create_cond_regex_rule(file, linenum, curproxy, - ACL_DIR_RTR, ACT_REPLACE, REG_ICASE, + SMP_OPT_DIR_RES, ACT_REPLACE, REG_ICASE, args[0], args[1], args[2], (const char **)args+3); if (err_code & ERR_FATAL) goto out; } else if (!strcmp(args[0], "rspidel")) { /* delete response header from a regex ignoring case */ err_code |= create_cond_regex_rule(file, linenum, curproxy, - ACL_DIR_RTR, ACT_REMOVE, REG_ICASE, + SMP_OPT_DIR_RES, ACT_REMOVE, REG_ICASE, args[0], args[1], NULL, (const char **)args+2); if (err_code & ERR_FATAL) goto out; } else if (!strcmp(args[0], "rspideny")) { /* block response header from a regex ignoring case */ err_code |= create_cond_regex_rule(file, linenum, curproxy, - ACL_DIR_RTR, ACT_DENY, REG_ICASE, + SMP_OPT_DIR_RES, ACT_DENY, REG_ICASE, args[0], args[1], NULL, (const char **)args+2); if (err_code & ERR_FATAL) goto out; diff --git a/src/frontend.c b/src/frontend.c index 8cd9de7a96..6485b0747b 100644 --- a/src/frontend.c +++ b/src/frontend.c @@ -499,7 +499,7 @@ int make_proxy_line(char *buf, int buf_len, struct sockaddr_storage *src, struct /* set temp integer to the id of the frontend */ static int -acl_fetch_fe_id(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_fe_id(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { smp->flags = SMP_F_VOL_SESS; @@ -513,7 +513,7 @@ acl_fetch_fe_id(struct proxy *px, struct session *l4, void *l7, int dir, * an undefined behaviour. */ static int -acl_fetch_fe_sess_rate(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_fe_sess_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { smp->flags = SMP_F_VOL_TEST; @@ -527,7 +527,7 @@ acl_fetch_fe_sess_rate(struct proxy *px, struct session *l4, void *l7, int dir, * an undefined behaviour. */ static int -acl_fetch_fe_conn(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_fe_conn(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { smp->flags = SMP_F_VOL_TEST; diff --git a/src/pattern.c b/src/pattern.c index 9787eccd06..f6afb9700c 100644 --- a/src/pattern.c +++ b/src/pattern.c @@ -463,7 +463,7 @@ out_error: /* * Process a fetch + format conversion of defined by the pattern expression - * on request or response considering the parameter. + * on request or response considering the parameter. * Returns a pointer on a typed pattern structure containing the result or NULL if * pattern is not found or when format conversion failed. * If

is not null, function returns results in structure pointed by

. @@ -473,7 +473,8 @@ out_error: * conversion functions must do so too. However the cast functions do not need * to since they're made to cast mutiple types according to what is required. */ -struct sample *pattern_process(struct proxy *px, struct session *l4, void *l7, int dir, +struct sample *pattern_process(struct proxy *px, struct session *l4, void *l7, + unsigned int opt, struct pattern_expr *expr, struct sample *p) { struct pattern_conv_expr *conv_expr; @@ -482,7 +483,7 @@ struct sample *pattern_process(struct proxy *px, struct session *l4, void *l7, i p = &temp_smp; p->flags = 0; - if (!expr->fetch->process(px, l4, l7, dir, expr->arg_p, p)) + if (!expr->fetch->process(px, l4, l7, opt, expr->arg_p, p)) return NULL; list_for_each_entry(conv_expr, &expr->conv_exprs, list) { diff --git a/src/proto_http.c b/src/proto_http.c index 7421688d18..6302ea4682 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -2355,7 +2355,7 @@ int http_wait_for_request(struct session *s, struct buffer *req, int an_bit) /* Check if we want to fail this monitor request or not */ list_for_each_entry(cond, &s->fe->mon_fail_cond, list) { - int ret = acl_exec_cond(cond, s->fe, s, txn, ACL_DIR_REQ); + int ret = acl_exec_cond(cond, s->fe, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL); ret = acl_pass(ret); if (cond->pol == ACL_COND_UNLESS) @@ -2735,7 +2735,7 @@ http_check_access_rule(struct proxy *px, struct list *rules, struct session *s, /* check condition, but only if attached */ if (rule->cond) { - ret = acl_exec_cond(rule->cond, px, s, txn, ACL_DIR_REQ); + ret = acl_exec_cond(rule->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL); ret = acl_pass(ret); if (rule->cond->pol == ACL_COND_UNLESS) @@ -2789,7 +2789,7 @@ int http_process_req_common(struct session *s, struct buffer *req, int an_bit, s /* first check whether we have some ACLs set to block this request */ list_for_each_entry(cond, &px->block_cond, list) { - int ret = acl_exec_cond(cond, px, s, txn, ACL_DIR_REQ); + int ret = acl_exec_cond(cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL); ret = acl_pass(ret); if (cond->pol == ACL_COND_UNLESS) @@ -2944,7 +2944,7 @@ int http_process_req_common(struct session *s, struct buffer *req, int an_bit, s /* add request headers from the rule sets in the same order */ list_for_each_entry(wl, &px->req_add, list) { if (wl->cond) { - int ret = acl_exec_cond(wl->cond, px, s, txn, ACL_DIR_REQ); + int ret = acl_exec_cond(wl->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL); ret = acl_pass(ret); if (((struct acl_cond *)wl->cond)->pol == ACL_COND_UNLESS) ret = !ret; @@ -2969,7 +2969,7 @@ int http_process_req_common(struct session *s, struct buffer *req, int an_bit, s int ret = 1; if (stats_admin_rule->cond) { - ret = acl_exec_cond(stats_admin_rule->cond, s->be, s, &s->txn, ACL_DIR_REQ); + ret = acl_exec_cond(stats_admin_rule->cond, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL); ret = acl_pass(ret); if (stats_admin_rule->cond->pol == ACL_COND_UNLESS) ret = !ret; @@ -3031,7 +3031,7 @@ int http_process_req_common(struct session *s, struct buffer *req, int an_bit, s int ret = ACL_PAT_PASS; if (rule->cond) { - ret = acl_exec_cond(rule->cond, px, s, txn, ACL_DIR_REQ); + ret = acl_exec_cond(rule->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL); ret = acl_pass(ret); if (rule->cond->pol == ACL_COND_UNLESS) ret = !ret; @@ -5004,7 +5004,7 @@ int http_process_res_common(struct session *t, struct buffer *rep, int an_bit, s if (txn->status < 200) break; if (wl->cond) { - int ret = acl_exec_cond(wl->cond, px, t, txn, ACL_DIR_RTR); + int ret = acl_exec_cond(wl->cond, px, t, txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL); ret = acl_pass(ret); if (((struct acl_cond *)wl->cond)->pol == ACL_COND_UNLESS) ret = !ret; @@ -5737,7 +5737,7 @@ int apply_filters_to_request(struct session *s, struct buffer *req, struct proxy * next filter if the condition does not match. */ if (exp->cond) { - ret = acl_exec_cond(exp->cond, px, s, txn, ACL_DIR_REQ); + ret = acl_exec_cond(exp->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL); ret = acl_pass(ret); if (((struct acl_cond *)exp->cond)->pol == ACL_COND_UNLESS) ret = !ret; @@ -6577,7 +6577,7 @@ int apply_filters_to_response(struct session *s, struct buffer *rtr, struct prox * next filter if the condition does not match. */ if (exp->cond) { - ret = acl_exec_cond(exp->cond, px, s, txn, ACL_DIR_RTR); + ret = acl_exec_cond(exp->cond, px, s, txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL); ret = acl_pass(ret); if (((struct acl_cond *)exp->cond)->pol == ACL_COND_UNLESS) ret = !ret; @@ -7541,7 +7541,7 @@ req_error_parsing: * 1 if an HTTP message is ready */ static int -acl_prefetch_http(struct proxy *px, struct session *s, void *l7, int dir, +acl_prefetch_http(struct proxy *px, struct session *s, void *l7, unsigned int opt, const struct arg *args, struct sample *smp, int req_vol) { struct http_txn *txn = l7; @@ -7557,7 +7557,7 @@ acl_prefetch_http(struct proxy *px, struct session *s, void *l7, int dir, /* Check for a dependency on a request */ smp->type = SMP_T_BOOL; - if ((dir & ACL_DIR_MASK) == ACL_DIR_REQ) { + if ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) { if (unlikely(!s->req)) return 0; @@ -7612,10 +7612,10 @@ acl_prefetch_http(struct proxy *px, struct session *s, void *l7, int dir, } #define CHECK_HTTP_MESSAGE_FIRST() \ - do { int r = acl_prefetch_http(px, l4, l7, dir, args, smp, 1); if (r <= 0) return r; } while (0) + do { int r = acl_prefetch_http(px, l4, l7, opt, args, smp, 1); if (r <= 0) return r; } while (0) #define CHECK_HTTP_MESSAGE_FIRST_PERM() \ - do { int r = acl_prefetch_http(px, l4, l7, dir, args, smp, 0); if (r <= 0) return r; } while (0) + do { int r = acl_prefetch_http(px, l4, l7, opt, args, smp, 0); if (r <= 0) return r; } while (0) /* 1. Check on METHOD @@ -7648,7 +7648,7 @@ static int acl_parse_meth(const char **text, struct acl_pattern *pattern, int *o * This is intended to be used with acl_match_meth() only. */ static int -acl_fetch_meth(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_meth(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { int meth; @@ -7712,7 +7712,7 @@ static int acl_parse_ver(const char **text, struct acl_pattern *pattern, int *op } static int -acl_fetch_rqver(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_rqver(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct http_txn *txn = l7; @@ -7737,7 +7737,7 @@ acl_fetch_rqver(struct proxy *px, struct session *l4, void *l7, int dir, } static int -acl_fetch_stver(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_stver(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct http_txn *txn = l7; @@ -7763,7 +7763,7 @@ acl_fetch_stver(struct proxy *px, struct session *l4, void *l7, int dir, /* 3. Check on Status Code. We manipulate integers here. */ static int -acl_fetch_stcode(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_stcode(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct http_txn *txn = l7; @@ -7783,7 +7783,7 @@ acl_fetch_stcode(struct proxy *px, struct session *l4, void *l7, int dir, /* 4. Check on URL/URI. A pointer to the URI is stored. */ static int -acl_fetch_url(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_url(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct http_txn *txn = l7; @@ -7798,7 +7798,7 @@ acl_fetch_url(struct proxy *px, struct session *l4, void *l7, int dir, } static int -acl_fetch_url_ip(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_url_ip(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct http_txn *txn = l7; @@ -7824,7 +7824,7 @@ acl_fetch_url_ip(struct proxy *px, struct session *l4, void *l7, int dir, } static int -acl_fetch_url_port(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_url_port(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct http_txn *txn = l7; @@ -7847,13 +7847,13 @@ acl_fetch_url_port(struct proxy *px, struct session *l4, void *l7, int dir, * Accepts exactly 1 argument of type string. */ static int -acl_fetch_hdr(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_hdr(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct http_txn *txn = l7; struct hdr_idx *idx = &txn->hdr_idx; struct hdr_ctx *ctx = (struct hdr_ctx *)smp->ctx.a; - const struct http_msg *msg = ((dir & ACL_DIR_MASK) == ACL_DIR_REQ) ? &txn->req : &txn->rsp; + const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp; if (!args || args->type != ARGT_STR) return 0; @@ -7883,13 +7883,13 @@ acl_fetch_hdr(struct proxy *px, struct session *l4, void *l7, int dir, * Accepts exactly 1 argument of type string. */ static int -acl_fetch_hdr_cnt(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_hdr_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct http_txn *txn = l7; struct hdr_idx *idx = &txn->hdr_idx; struct hdr_ctx ctx; - const struct http_msg *msg = ((dir & ACL_DIR_MASK) == ACL_DIR_REQ) ? &txn->req : &txn->rsp; + const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp; int cnt; if (!args || args->type != ARGT_STR) @@ -7912,10 +7912,10 @@ acl_fetch_hdr_cnt(struct proxy *px, struct session *l4, void *l7, int dir, * FIXME: the type is 'int', it may not be appropriate for everything. */ static int -acl_fetch_hdr_val(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_hdr_val(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { - int ret = acl_fetch_hdr(px, l4, l7, dir, args, smp); + int ret = acl_fetch_hdr(px, l4, l7, opt, args, smp); if (ret > 0) { smp->type = SMP_T_UINT; @@ -7928,12 +7928,12 @@ acl_fetch_hdr_val(struct proxy *px, struct session *l4, void *l7, int dir, /* 7. Check on HTTP header's IPv4 address value. The IPv4 address is returned. */ static int -acl_fetch_hdr_ip(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_hdr_ip(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { int ret; - while ((ret = acl_fetch_hdr(px, l4, l7, dir, args, smp)) > 0) { + while ((ret = acl_fetch_hdr(px, l4, l7, opt, args, smp)) > 0) { smp->type = SMP_T_IPV4; if (url2ipv4((char *)smp->data.str.str, &smp->data.ipv4)) break; @@ -7946,7 +7946,7 @@ acl_fetch_hdr_ip(struct proxy *px, struct session *l4, void *l7, int dir, * the first '/' after the possible hostname, and ends before the possible '?'. */ static int -acl_fetch_path(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_path(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct http_txn *txn = l7; @@ -7972,7 +7972,7 @@ acl_fetch_path(struct proxy *px, struct session *l4, void *l7, int dir, } static int -acl_fetch_proto_http(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_proto_http(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { /* Note: hdr_idx.v cannot be NULL in this ACL because the ACL is tagged @@ -7988,7 +7988,7 @@ acl_fetch_proto_http(struct proxy *px, struct session *l4, void *l7, int dir, /* return a valid test if the current request is the first one on the connection */ static int -acl_fetch_http_first_req(struct proxy *px, struct session *s, void *l7, int dir, +acl_fetch_http_first_req(struct proxy *px, struct session *s, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!s) @@ -8001,7 +8001,7 @@ acl_fetch_http_first_req(struct proxy *px, struct session *s, void *l7, int dir, /* Accepts exactly 1 argument of type userlist */ static int -acl_fetch_http_auth(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_http_auth(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { @@ -8121,7 +8121,7 @@ extract_cookie_value(char *hdr, const char *hdr_end, * Accepts exactly 1 argument of type string. */ static int -acl_fetch_cookie_value(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_cookie_value(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct http_txn *txn = l7; @@ -8137,7 +8137,7 @@ acl_fetch_cookie_value(struct proxy *px, struct session *l4, void *l7, int dir, CHECK_HTTP_MESSAGE_FIRST(); - if ((dir & ACL_DIR_MASK) == ACL_DIR_REQ) { + if ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) { msg = &txn->req; hdr_name = "Cookie"; hdr_name_len = 6; @@ -8172,7 +8172,7 @@ acl_fetch_cookie_value(struct proxy *px, struct session *l4, void *l7, int dir, smp->type = SMP_T_CSTR; smp->ctx.a[0] = extract_cookie_value(smp->ctx.a[0], smp->ctx.a[1], args->data.str.str, args->data.str.len, - (dir & ACL_DIR_MASK) == ACL_DIR_REQ, + (opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ, &smp->data.str.str, &smp->data.str.len); if (smp->ctx.a[0]) { @@ -8195,7 +8195,7 @@ acl_fetch_cookie_value(struct proxy *px, struct session *l4, void *l7, int dir, * Accepts exactly 1 argument of type string. */ static int -acl_fetch_cookie_cnt(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_cookie_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct http_txn *txn = l7; @@ -8213,7 +8213,7 @@ acl_fetch_cookie_cnt(struct proxy *px, struct session *l4, void *l7, int dir, CHECK_HTTP_MESSAGE_FIRST(); - if ((dir & ACL_DIR_MASK) == ACL_DIR_REQ) { + if ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) { msg = &txn->req; hdr_name = "Cookie"; hdr_name_len = 6; @@ -8244,7 +8244,7 @@ acl_fetch_cookie_cnt(struct proxy *px, struct session *l4, void *l7, int dir, smp->type = SMP_T_CSTR; while ((val_beg = extract_cookie_value(val_beg, val_end, args->data.str.str, args->data.str.len, - (dir & ACL_DIR_MASK) == ACL_DIR_REQ, + (opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ, &smp->data.str.str, &smp->data.str.len))) { cnt++; @@ -8349,7 +8349,7 @@ static struct acl_kw_list acl_kws = {{ },{ /* Returns the last occurrence of specified header. */ static int -pattern_fetch_hdr(struct proxy *px, struct session *l4, void *l7, int dir, +pattern_fetch_hdr(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *arg_p, struct sample *smp) { struct http_txn *txn = l7; @@ -8445,7 +8445,7 @@ find_url_param_value(char* path, size_t path_l, } static int -pattern_fetch_url_param(struct proxy *px, struct session *l4, void *l7, int dir, +pattern_fetch_url_param(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *arg_p, struct sample *smp) { struct http_txn *txn = l7; @@ -8499,7 +8499,7 @@ find_cookie_value(struct http_msg *msg, struct http_txn *txn, } static int -pattern_fetch_cookie(struct proxy *px, struct session *l4, void *l7, int dir, +pattern_fetch_cookie(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *arg_p, struct sample *smp) { struct http_txn *txn = l7; @@ -8522,7 +8522,7 @@ pattern_fetch_cookie(struct proxy *px, struct session *l4, void *l7, int dir, static int -pattern_fetch_set_cookie(struct proxy *px, struct session *l4, void *l7, int dir, +pattern_fetch_set_cookie(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *arg_p, struct sample *smp) { struct http_txn *txn = l7; @@ -8548,10 +8548,10 @@ pattern_fetch_set_cookie(struct proxy *px, struct session *l4, void *l7, int dir /************************************************************************/ /* Note: must not be declared as its list will be overwritten */ static struct pattern_fetch_kw_list pattern_fetch_keywords = {{ },{ - { "hdr", pattern_fetch_hdr, ARG1(1,STR), NULL, SMP_T_CSTR, PATTERN_FETCH_REQ }, - { "url_param", pattern_fetch_url_param, ARG1(1,STR), NULL, SMP_T_CSTR, PATTERN_FETCH_REQ }, - { "cookie", pattern_fetch_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, PATTERN_FETCH_REQ }, - { "set-cookie", pattern_fetch_set_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, PATTERN_FETCH_RTR }, + { "hdr", pattern_fetch_hdr, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_REQ }, + { "url_param", pattern_fetch_url_param, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_REQ }, + { "cookie", pattern_fetch_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_REQ }, + { "set-cookie", pattern_fetch_set_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_RES }, { NULL, NULL, 0, 0, 0 }, }}; diff --git a/src/proto_tcp.c b/src/proto_tcp.c index ff094c13b0..6bc669e8ff 100644 --- a/src/proto_tcp.c +++ b/src/proto_tcp.c @@ -690,15 +690,15 @@ int tcp_inspect_request(struct session *s, struct buffer *req, int an_bit) */ if (req->flags & (BF_SHUTR|BF_FULL) || !s->be->tcp_req.inspect_delay || tick_is_expired(req->analyse_exp, now_ms)) - partial = 0; + partial = SMP_OPT_FINAL; else - partial = ACL_PARTIAL; + partial = 0; list_for_each_entry(rule, &s->be->tcp_req.inspect_rules, list) { int ret = ACL_PAT_PASS; if (rule->cond) { - ret = acl_exec_cond(rule->cond, s->be, s, &s->txn, ACL_DIR_REQ | partial); + ret = acl_exec_cond(rule->cond, s->be, s, &s->txn, SMP_OPT_DIR_REQ | partial); if (ret == ACL_PAT_MISS) { buffer_dont_connect(req); /* just set the request timeout once at the beginning of the request */ @@ -808,15 +808,15 @@ int tcp_inspect_response(struct session *s, struct buffer *rep, int an_bit) */ if (rep->flags & BF_SHUTR || tick_is_expired(rep->analyse_exp, now_ms)) - partial = 0; + partial = SMP_OPT_FINAL; else - partial = ACL_PARTIAL; + partial = 0; list_for_each_entry(rule, &s->be->tcp_rep.inspect_rules, list) { int ret = ACL_PAT_PASS; if (rule->cond) { - ret = acl_exec_cond(rule->cond, s->be, s, &s->txn, ACL_DIR_RTR | partial); + ret = acl_exec_cond(rule->cond, s->be, s, &s->txn, SMP_OPT_DIR_RES | partial); if (ret == ACL_PAT_MISS) { /* just set the analyser timeout once at the beginning of the response */ if (!tick_isset(rep->analyse_exp) && s->be->tcp_rep.inspect_delay) @@ -880,7 +880,7 @@ int tcp_exec_req_rules(struct session *s) ret = ACL_PAT_PASS; if (rule->cond) { - ret = acl_exec_cond(rule->cond, s->fe, s, NULL, ACL_DIR_REQ); + ret = acl_exec_cond(rule->cond, s->fe, s, NULL, SMP_OPT_DIR_REQ|SMP_OPT_FINAL); ret = acl_pass(ret); if (rule->cond->pol == ACL_COND_UNLESS) ret = !ret; @@ -1257,7 +1257,7 @@ static int tcp_parse_tcp_req(char **args, int section_type, struct proxy *curpx, * is a string (cookie name), other types will lead to undefined behaviour. */ int -smp_fetch_rdp_cookie(struct proxy *px, struct session *l4, void *l7, int dir, +smp_fetch_rdp_cookie(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { int bleft; @@ -1345,13 +1345,13 @@ smp_fetch_rdp_cookie(struct proxy *px, struct session *l4, void *l7, int dir, } static int -pattern_fetch_rdp_cookie(struct proxy *px, struct session *l4, void *l7, int dir, +pattern_fetch_rdp_cookie(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *arg_p, struct sample *smp) { int ret; /* sample type set by smp_fetch_rdp_cookie() */ - ret = smp_fetch_rdp_cookie(px, l4, NULL, ACL_DIR_REQ, arg_p, smp); + ret = smp_fetch_rdp_cookie(px, l4, NULL, opt, arg_p, smp); if (ret == 0 || (smp->flags & SMP_F_MAY_CHANGE) || smp->data.str.len == 0) return 0; return 1; @@ -1363,12 +1363,12 @@ pattern_fetch_rdp_cookie(struct proxy *px, struct session *l4, void *l7, int dir /* returns either 1 or 0 depending on whether an RDP cookie is found or not */ static int -acl_fetch_rdp_cookie_cnt(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_rdp_cookie_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { int ret; - ret = smp_fetch_rdp_cookie(px, l4, l7, dir, args, smp); + ret = smp_fetch_rdp_cookie(px, l4, l7, opt, args, smp); if (smp->flags & SMP_F_MAY_CHANGE) return 0; @@ -1382,7 +1382,7 @@ acl_fetch_rdp_cookie_cnt(struct proxy *px, struct session *l4, void *l7, int dir /* copy the source IPv4/v6 address into temp_pattern */ static int -acl_fetch_src(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_src(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { switch (l4->si[0].addr.from.ss_family) { @@ -1404,7 +1404,7 @@ acl_fetch_src(struct proxy *px, struct session *l4, void *l7, int dir, /* extract the connection's source ipv4 address */ static int -pattern_fetch_src(struct proxy *px, struct session *l4, void *l7, int dir, +pattern_fetch_src(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *arg_p, struct sample *smp) { if (l4->si[0].addr.from.ss_family != AF_INET ) @@ -1417,7 +1417,7 @@ pattern_fetch_src(struct proxy *px, struct session *l4, void *l7, int dir, /* extract the connection's source ipv6 address */ static int -pattern_fetch_src6(struct proxy *px, struct session *l4, void *l7, int dir, +pattern_fetch_src6(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *arg_p, struct sample *smp) { if (l4->si[0].addr.from.ss_family != AF_INET6) @@ -1430,7 +1430,7 @@ pattern_fetch_src6(struct proxy *px, struct session *l4, void *l7, int dir, /* set temp integer to the connection's source port */ static int -acl_fetch_sport(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sport(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { smp->type = SMP_T_UINT; @@ -1444,7 +1444,7 @@ acl_fetch_sport(struct proxy *px, struct session *l4, void *l7, int dir, /* set test->ptr to point to the frontend's IPv4/IPv6 address and test->i to the family */ static int -acl_fetch_dst(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_dst(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { stream_sock_get_to_addr(&l4->si[0]); @@ -1469,7 +1469,7 @@ acl_fetch_dst(struct proxy *px, struct session *l4, void *l7, int dir, /* extract the connection's destination ipv4 address */ static int -pattern_fetch_dst(struct proxy *px, struct session *l4, void *l7, int dir, +pattern_fetch_dst(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *arg_p, struct sample *smp) { stream_sock_get_to_addr(&l4->si[0]); @@ -1484,7 +1484,7 @@ pattern_fetch_dst(struct proxy *px, struct session *l4, void *l7, int dir, /* extract the connection's destination ipv6 address */ static int -pattern_fetch_dst6(struct proxy *px, struct session *l4, void *l7, int dir, +pattern_fetch_dst6(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *arg_p, struct sample *smp) { stream_sock_get_to_addr(&l4->si[0]); @@ -1499,7 +1499,7 @@ pattern_fetch_dst6(struct proxy *px, struct session *l4, void *l7, int dir, /* set temp integer to the frontend connexion's destination port */ static int -acl_fetch_dport(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_dport(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { stream_sock_get_to_addr(&l4->si[0]); @@ -1513,7 +1513,7 @@ acl_fetch_dport(struct proxy *px, struct session *l4, void *l7, int dir, } static int -pattern_fetch_dport(struct proxy *px, struct session *l4, void *l7, int dir, +pattern_fetch_dport(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *arg, struct sample *smp) { smp->type = SMP_T_UINT; @@ -1526,7 +1526,7 @@ pattern_fetch_dport(struct proxy *px, struct session *l4, void *l7, int dir, } static int -pattern_fetch_payloadlv(struct proxy *px, struct session *l4, void *l7, int dir, +pattern_fetch_payloadlv(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *arg_p, struct sample *smp) { int len_offset = arg_p[0].data.uint; @@ -1543,7 +1543,7 @@ pattern_fetch_payloadlv(struct proxy *px, struct session *l4, void *l7, int dir, if (!l4) return 0; - b = (dir & PATTERN_FETCH_RTR) ? l4->rep : l4->req; + b = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? l4->rep : l4->req; if (!b || !b->i) return 0; @@ -1576,7 +1576,7 @@ pattern_fetch_payloadlv(struct proxy *px, struct session *l4, void *l7, int dir, } static int -pattern_fetch_payload(struct proxy *px, struct session *l4, void *l7, int dir, +pattern_fetch_payload(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *arg_p, struct sample *smp) { int buf_offset = arg_p[0].data.uint; @@ -1586,7 +1586,7 @@ pattern_fetch_payload(struct proxy *px, struct session *l4, void *l7, int dir, if (!l4) return 0; - b = (dir & PATTERN_FETCH_RTR) ? l4->rep : l4->req; + b = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? l4->rep : l4->req; if (!b || !b->i) return 0; @@ -1666,14 +1666,14 @@ static struct acl_kw_list acl_kws = {{ },{ /* Note: must not be declared as its list will be overwritten */ static struct pattern_fetch_kw_list pattern_fetch_keywords = {{ },{ - { "src", pattern_fetch_src, 0, NULL, SMP_T_IPV4, PATTERN_FETCH_REQ }, - { "src6", pattern_fetch_src6, 0, NULL, SMP_T_IPV6, PATTERN_FETCH_REQ }, - { "dst", pattern_fetch_dst, 0, NULL, SMP_T_IPV4, PATTERN_FETCH_REQ }, - { "dst6", pattern_fetch_dst6, 0, NULL, SMP_T_IPV6, PATTERN_FETCH_REQ }, - { "dst_port", pattern_fetch_dport, 0, NULL, SMP_T_UINT, PATTERN_FETCH_REQ }, - { "payload", pattern_fetch_payload, ARG2(2,UINT,UINT), val_payload, SMP_T_CBIN, PATTERN_FETCH_REQ|PATTERN_FETCH_RTR }, - { "payload_lv", pattern_fetch_payloadlv, ARG3(2,UINT,UINT,SINT), val_payload_lv, SMP_T_CBIN, PATTERN_FETCH_REQ|PATTERN_FETCH_RTR }, - { "rdp_cookie", pattern_fetch_rdp_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, PATTERN_FETCH_REQ }, + { "src", pattern_fetch_src, 0, NULL, SMP_T_IPV4, SMP_CAP_REQ|SMP_CAP_RES }, + { "src6", pattern_fetch_src6, 0, NULL, SMP_T_IPV6, SMP_CAP_REQ|SMP_CAP_RES }, + { "dst", pattern_fetch_dst, 0, NULL, SMP_T_IPV4, SMP_CAP_REQ|SMP_CAP_RES }, + { "dst6", pattern_fetch_dst6, 0, NULL, SMP_T_IPV6, SMP_CAP_REQ|SMP_CAP_RES }, + { "dst_port", pattern_fetch_dport, 0, NULL, SMP_T_UINT, SMP_CAP_REQ|SMP_CAP_RES }, + { "payload", pattern_fetch_payload, ARG2(2,UINT,UINT), val_payload, SMP_T_CBIN, SMP_CAP_REQ|SMP_CAP_RES }, + { "payload_lv", pattern_fetch_payloadlv, ARG3(2,UINT,UINT,SINT), val_payload_lv, SMP_T_CBIN, SMP_CAP_REQ|SMP_CAP_RES }, + { "rdp_cookie", pattern_fetch_rdp_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_REQ|SMP_CAP_RES }, { NULL, NULL, 0, 0, 0 }, }}; diff --git a/src/protocols.c b/src/protocols.c index 8a95c2db22..5b3e081cfa 100644 --- a/src/protocols.c +++ b/src/protocols.c @@ -325,7 +325,7 @@ int protocol_disable_all(void) /* set temp integer to the number of connexions to the same listening socket */ static int -acl_fetch_dconn(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_dconn(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { smp->type = SMP_T_UINT; @@ -335,7 +335,7 @@ acl_fetch_dconn(struct proxy *px, struct session *l4, void *l7, int dir, /* set temp integer to the id of the socket (listener) */ static int -acl_fetch_so_id(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_so_id(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { smp->type = SMP_T_UINT; diff --git a/src/session.c b/src/session.c index f381f9efc6..9d1c9357cc 100644 --- a/src/session.c +++ b/src/session.c @@ -982,7 +982,7 @@ static int process_switching_rules(struct session *s, struct buffer *req, int an list_for_each_entry(rule, &s->fe->switching_rules, list) { int ret; - ret = acl_exec_cond(rule->cond, s->fe, s, &s->txn, ACL_DIR_REQ); + ret = acl_exec_cond(rule->cond, s->fe, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL); ret = acl_pass(ret); if (rule->cond->pol == ACL_COND_UNLESS) ret = !ret; @@ -1017,7 +1017,7 @@ static int process_switching_rules(struct session *s, struct buffer *req, int an int ret = 1; if (prst_rule->cond) { - ret = acl_exec_cond(prst_rule->cond, s->be, s, &s->txn, ACL_DIR_REQ); + ret = acl_exec_cond(prst_rule->cond, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL); ret = acl_pass(ret); if (prst_rule->cond->pol == ACL_COND_UNLESS) ret = !ret; @@ -1074,7 +1074,7 @@ static int process_server_rules(struct session *s, struct buffer *req, int an_bi list_for_each_entry(rule, &px->server_rules, list) { int ret; - ret = acl_exec_cond(rule->cond, s->be, s, &s->txn, ACL_DIR_REQ); + ret = acl_exec_cond(rule->cond, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL); ret = acl_pass(ret); if (rule->cond->pol == ACL_COND_UNLESS) ret = !ret; @@ -1132,7 +1132,7 @@ static int process_sticking_rules(struct session *s, struct buffer *req, int an_ continue; if (rule->cond) { - ret = acl_exec_cond(rule->cond, px, s, &s->txn, ACL_DIR_REQ); + ret = acl_exec_cond(rule->cond, px, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL); ret = acl_pass(ret); if (rule->cond->pol == ACL_COND_UNLESS) ret = !ret; @@ -1141,7 +1141,7 @@ static int process_sticking_rules(struct session *s, struct buffer *req, int an_ if (ret) { struct stktable_key *key; - key = stktable_fetch_key(rule->table.t, px, s, &s->txn, PATTERN_FETCH_REQ, rule->expr); + key = stktable_fetch_key(rule->table.t, px, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->expr); if (!key) continue; @@ -1225,7 +1225,7 @@ static int process_store_rules(struct session *s, struct buffer *rep, int an_bit continue; if (rule->cond) { - ret = acl_exec_cond(rule->cond, px, s, &s->txn, ACL_DIR_RTR); + ret = acl_exec_cond(rule->cond, px, s, &s->txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL); ret = acl_pass(ret); if (rule->cond->pol == ACL_COND_UNLESS) ret = !ret; @@ -1234,7 +1234,7 @@ static int process_store_rules(struct session *s, struct buffer *rep, int an_bit if (ret) { struct stktable_key *key; - key = stktable_fetch_key(rule->table.t, px, s, &s->txn, PATTERN_FETCH_RTR, rule->expr); + key = stktable_fetch_key(rule->table.t, px, s, &s->txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL, rule->expr); if (!key) continue; @@ -2326,7 +2326,7 @@ acl_fetch_get_gpc0(struct stktable *table, struct sample *smp, struct stksess *t * frontend counters. */ static int -acl_fetch_sc1_get_gpc0(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc1_get_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr1_entry) @@ -2338,7 +2338,7 @@ acl_fetch_sc1_get_gpc0(struct proxy *px, struct session *l4, void *l7, int dir, * backend counters. */ static int -acl_fetch_sc2_get_gpc0(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc2_get_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr2_entry) @@ -2351,7 +2351,7 @@ acl_fetch_sc2_get_gpc0(struct proxy *px, struct session *l4, void *l7, int dir, * Accepts exactly 1 argument of type table. */ static int -acl_fetch_src_get_gpc0(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_src_get_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct stktable_key *key; @@ -2386,7 +2386,7 @@ acl_fetch_inc_gpc0(struct stktable *table, struct sample *smp, struct stksess *t * frontend counters and return it into temp integer. */ static int -acl_fetch_sc1_inc_gpc0(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc1_inc_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr1_entry) @@ -2398,7 +2398,7 @@ acl_fetch_sc1_inc_gpc0(struct proxy *px, struct session *l4, void *l7, int dir, * backend counters and return it into temp integer. */ static int -acl_fetch_sc2_inc_gpc0(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc2_inc_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr2_entry) @@ -2411,7 +2411,7 @@ acl_fetch_sc2_inc_gpc0(struct proxy *px, struct session *l4, void *l7, int dir, * Accepts exactly 1 argument of type table. */ static int -acl_fetch_src_inc_gpc0(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_src_inc_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct stktable_key *key; @@ -2447,7 +2447,7 @@ acl_fetch_clr_gpc0(struct stktable *table, struct sample *smp, struct stksess *t * frontend counters and return its previous value into temp integer. */ static int -acl_fetch_sc1_clr_gpc0(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc1_clr_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr1_entry) @@ -2459,7 +2459,7 @@ acl_fetch_sc1_clr_gpc0(struct proxy *px, struct session *l4, void *l7, int dir, * backend counters and return its previous value into temp integer. */ static int -acl_fetch_sc2_clr_gpc0(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc2_clr_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr2_entry) @@ -2472,7 +2472,7 @@ acl_fetch_sc2_clr_gpc0(struct proxy *px, struct session *l4, void *l7, int dir, * Accepts exactly 1 argument of type table. */ static int -acl_fetch_src_clr_gpc0(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_src_clr_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct stktable_key *key; @@ -2503,7 +2503,7 @@ acl_fetch_conn_cnt(struct stktable *table, struct sample *smp, struct stksess *t /* set temp integer to the cumulated number of connections from the session's tracked FE counters */ static int -acl_fetch_sc1_conn_cnt(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc1_conn_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr1_entry) @@ -2514,7 +2514,7 @@ acl_fetch_sc1_conn_cnt(struct proxy *px, struct session *l4, void *l7, int dir, /* set temp integer to the cumulated number of connections from the session's tracked BE counters */ static int -acl_fetch_sc2_conn_cnt(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc2_conn_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr2_entry) @@ -2528,7 +2528,7 @@ acl_fetch_sc2_conn_cnt(struct proxy *px, struct session *l4, void *l7, int dir, * Accepts exactly 1 argument of type table. */ static int -acl_fetch_src_conn_cnt(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_src_conn_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct stktable_key *key; @@ -2562,7 +2562,7 @@ acl_fetch_conn_rate(struct stktable *table, struct sample *smp, struct stksess * * the configured period. */ static int -acl_fetch_sc1_conn_rate(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc1_conn_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr1_entry) @@ -2575,7 +2575,7 @@ acl_fetch_sc1_conn_rate(struct proxy *px, struct session *l4, void *l7, int dir, * the configured period. */ static int -acl_fetch_sc2_conn_rate(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc2_conn_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr2_entry) @@ -2589,7 +2589,7 @@ acl_fetch_sc2_conn_rate(struct proxy *px, struct session *l4, void *l7, int dir, * Accepts exactly 1 argument of type table. */ static int -acl_fetch_src_conn_rate(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_src_conn_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct stktable_key *key; @@ -2607,7 +2607,7 @@ acl_fetch_src_conn_rate(struct proxy *px, struct session *l4, void *l7, int dir, * Accepts exactly 1 argument of type table. */ static int -acl_fetch_src_updt_conn_cnt(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_src_updt_conn_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct stksess *ts; @@ -2653,7 +2653,7 @@ acl_fetch_conn_cur(struct stktable *table, struct sample *smp, struct stksess *t /* set temp integer to the number of concurrent connections from the session's tracked FE counters */ static int -acl_fetch_sc1_conn_cur(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc1_conn_cur(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr1_entry) @@ -2664,7 +2664,7 @@ acl_fetch_sc1_conn_cur(struct proxy *px, struct session *l4, void *l7, int dir, /* set temp integer to the number of concurrent connections from the session's tracked BE counters */ static int -acl_fetch_sc2_conn_cur(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc2_conn_cur(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr2_entry) @@ -2678,7 +2678,7 @@ acl_fetch_sc2_conn_cur(struct proxy *px, struct session *l4, void *l7, int dir, * Accepts exactly 1 argument of type table. */ static int -acl_fetch_src_conn_cur(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_src_conn_cur(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct stktable_key *key; @@ -2709,7 +2709,7 @@ acl_fetch_sess_cnt(struct stktable *table, struct sample *smp, struct stksess *t /* set temp integer to the cumulated number of sessions from the session's tracked FE counters */ static int -acl_fetch_sc1_sess_cnt(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc1_sess_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr1_entry) @@ -2720,7 +2720,7 @@ acl_fetch_sc1_sess_cnt(struct proxy *px, struct session *l4, void *l7, int dir, /* set temp integer to the cumulated number of sessions from the session's tracked BE counters */ static int -acl_fetch_sc2_sess_cnt(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc2_sess_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr2_entry) @@ -2734,7 +2734,7 @@ acl_fetch_sc2_sess_cnt(struct proxy *px, struct session *l4, void *l7, int dir, * Accepts exactly 1 argument of type table. */ static int -acl_fetch_src_sess_cnt(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_src_sess_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct stktable_key *key; @@ -2768,7 +2768,7 @@ acl_fetch_sess_rate(struct stktable *table, struct sample *smp, struct stksess * * the configured period. */ static int -acl_fetch_sc1_sess_rate(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc1_sess_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr1_entry) @@ -2781,7 +2781,7 @@ acl_fetch_sc1_sess_rate(struct proxy *px, struct session *l4, void *l7, int dir, * the configured period. */ static int -acl_fetch_sc2_sess_rate(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc2_sess_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr2_entry) @@ -2795,7 +2795,7 @@ acl_fetch_sc2_sess_rate(struct proxy *px, struct session *l4, void *l7, int dir, * Accepts exactly 1 argument of type table. */ static int -acl_fetch_src_sess_rate(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_src_sess_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct stktable_key *key; @@ -2826,7 +2826,7 @@ acl_fetch_http_req_cnt(struct stktable *table, struct sample *smp, struct stkses /* set temp integer to the cumulated number of sessions from the session's tracked FE counters */ static int -acl_fetch_sc1_http_req_cnt(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc1_http_req_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr1_entry) @@ -2837,7 +2837,7 @@ acl_fetch_sc1_http_req_cnt(struct proxy *px, struct session *l4, void *l7, int d /* set temp integer to the cumulated number of sessions from the session's tracked BE counters */ static int -acl_fetch_sc2_http_req_cnt(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc2_http_req_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr2_entry) @@ -2851,7 +2851,7 @@ acl_fetch_sc2_http_req_cnt(struct proxy *px, struct session *l4, void *l7, int d * Accepts exactly 1 argument of type table. */ static int -acl_fetch_src_http_req_cnt(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_src_http_req_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct stktable_key *key; @@ -2885,7 +2885,7 @@ acl_fetch_http_req_rate(struct stktable *table, struct sample *smp, struct stkse * the configured period. */ static int -acl_fetch_sc1_http_req_rate(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc1_http_req_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr1_entry) @@ -2898,7 +2898,7 @@ acl_fetch_sc1_http_req_rate(struct proxy *px, struct session *l4, void *l7, int * the configured period. */ static int -acl_fetch_sc2_http_req_rate(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc2_http_req_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr2_entry) @@ -2912,7 +2912,7 @@ acl_fetch_sc2_http_req_rate(struct proxy *px, struct session *l4, void *l7, int * Accepts exactly 1 argument of type table. */ static int -acl_fetch_src_http_req_rate(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_src_http_req_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct stktable_key *key; @@ -2943,7 +2943,7 @@ acl_fetch_http_err_cnt(struct stktable *table, struct sample *smp, struct stkses /* set temp integer to the cumulated number of sessions from the session's tracked FE counters */ static int -acl_fetch_sc1_http_err_cnt(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc1_http_err_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr1_entry) @@ -2954,7 +2954,7 @@ acl_fetch_sc1_http_err_cnt(struct proxy *px, struct session *l4, void *l7, int d /* set temp integer to the cumulated number of sessions from the session's tracked BE counters */ static int -acl_fetch_sc2_http_err_cnt(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc2_http_err_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr2_entry) @@ -2968,7 +2968,7 @@ acl_fetch_sc2_http_err_cnt(struct proxy *px, struct session *l4, void *l7, int d * Accepts exactly 1 argument of type table. */ static int -acl_fetch_src_http_err_cnt(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_src_http_err_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct stktable_key *key; @@ -3002,7 +3002,7 @@ acl_fetch_http_err_rate(struct stktable *table, struct sample *smp, struct stkse * the configured period. */ static int -acl_fetch_sc1_http_err_rate(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc1_http_err_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr1_entry) @@ -3015,7 +3015,7 @@ acl_fetch_sc1_http_err_rate(struct proxy *px, struct session *l4, void *l7, int * the configured period. */ static int -acl_fetch_sc2_http_err_rate(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc2_http_err_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr2_entry) @@ -3029,7 +3029,7 @@ acl_fetch_sc2_http_err_rate(struct proxy *px, struct session *l4, void *l7, int * Accepts exactly 1 argument of type table. */ static int -acl_fetch_src_http_err_rate(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_src_http_err_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct stktable_key *key; @@ -3063,7 +3063,7 @@ acl_fetch_kbytes_in(struct stktable *table, struct sample *smp, struct stksess * * session's tracked FE counters. */ static int -acl_fetch_sc1_kbytes_in(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc1_kbytes_in(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr1_entry) @@ -3076,7 +3076,7 @@ acl_fetch_sc1_kbytes_in(struct proxy *px, struct session *l4, void *l7, int dir, * session's tracked BE counters. */ static int -acl_fetch_sc2_kbytes_in(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc2_kbytes_in(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr2_entry) @@ -3090,7 +3090,7 @@ acl_fetch_sc2_kbytes_in(struct proxy *px, struct session *l4, void *l7, int dir, * Accepts exactly 1 argument of type table. */ static int -acl_fetch_src_kbytes_in(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_src_kbytes_in(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct stktable_key *key; @@ -3126,7 +3126,7 @@ acl_fetch_bytes_in_rate(struct stktable *table, struct sample *smp, struct stkse * counters over the configured period. */ static int -acl_fetch_sc1_bytes_in_rate(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc1_bytes_in_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr1_entry) @@ -3139,7 +3139,7 @@ acl_fetch_sc1_bytes_in_rate(struct proxy *px, struct session *l4, void *l7, int * counters over the configured period. */ static int -acl_fetch_sc2_bytes_in_rate(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc2_bytes_in_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr2_entry) @@ -3153,7 +3153,7 @@ acl_fetch_sc2_bytes_in_rate(struct proxy *px, struct session *l4, void *l7, int * Accepts exactly 1 argument of type table. */ static int -acl_fetch_src_bytes_in_rate(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_src_bytes_in_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct stktable_key *key; @@ -3187,7 +3187,7 @@ acl_fetch_kbytes_out(struct stktable *table, struct sample *smp, struct stksess * tracked FE counters. */ static int -acl_fetch_sc1_kbytes_out(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc1_kbytes_out(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr1_entry) @@ -3200,7 +3200,7 @@ acl_fetch_sc1_kbytes_out(struct proxy *px, struct session *l4, void *l7, int dir * tracked BE counters. */ static int -acl_fetch_sc2_kbytes_out(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc2_kbytes_out(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr2_entry) @@ -3214,7 +3214,7 @@ acl_fetch_sc2_kbytes_out(struct proxy *px, struct session *l4, void *l7, int dir * Accepts exactly 1 argument of type table. */ static int -acl_fetch_src_kbytes_out(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_src_kbytes_out(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct stktable_key *key; @@ -3250,7 +3250,7 @@ acl_fetch_bytes_out_rate(struct stktable *table, struct sample *smp, struct stks * over the configured period. */ static int -acl_fetch_sc1_bytes_out_rate(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc1_bytes_out_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr1_entry) @@ -3263,7 +3263,7 @@ acl_fetch_sc1_bytes_out_rate(struct proxy *px, struct session *l4, void *l7, int * over the configured period. */ static int -acl_fetch_sc2_bytes_out_rate(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_sc2_bytes_out_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { if (!l4->stkctr2_entry) @@ -3277,7 +3277,7 @@ acl_fetch_sc2_bytes_out_rate(struct proxy *px, struct session *l4, void *l7, int * Accepts exactly 1 argument of type table. */ static int -acl_fetch_src_bytes_out_rate(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_src_bytes_out_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { struct stktable_key *key; @@ -3294,7 +3294,7 @@ acl_fetch_src_bytes_out_rate(struct proxy *px, struct session *l4, void *l7, int * Accepts exactly 1 argument of type table. */ static int -acl_fetch_table_cnt(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_table_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { smp->flags = SMP_F_VOL_TEST; @@ -3307,7 +3307,7 @@ acl_fetch_table_cnt(struct proxy *px, struct session *l4, void *l7, int dir, * Accepts exactly 1 argument of type table. */ static int -acl_fetch_table_avl(struct proxy *px, struct session *l4, void *l7, int dir, +acl_fetch_table_avl(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { px = args->data.prx; diff --git a/src/stick_table.c b/src/stick_table.c index 08a84f2613..7bff124e99 100644 --- a/src/stick_table.c +++ b/src/stick_table.c @@ -586,16 +586,17 @@ static pattern_to_key_fct pattern_to_key[SMP_TYPES][STKTABLE_TYPES] = { /* * Process a fetch + format conversion as defined by the pattern expression - * on request or response considering the

parameter. Returns either NULL if + * on request or response considering the parameter. Returns either NULL if * no key could be extracted, or a pointer to the converted result stored in * static_table_key in format . */ -struct stktable_key *stktable_fetch_key(struct stktable *t, struct proxy *px, struct session *l4, void *l7, int dir, +struct stktable_key *stktable_fetch_key(struct stktable *t, struct proxy *px, struct session *l4, void *l7, + unsigned int opt, struct pattern_expr *expr) { struct sample *smp; - smp = pattern_process(px, l4, l7, dir, expr, NULL); + smp = pattern_process(px, l4, l7, opt, expr, NULL); if (!smp) return NULL;