From: Thierry FOURNIER Date: Wed, 15 Jan 2014 10:38:49 +0000 (+0100) Subject: MEDIUM: pattern: add delete functions X-Git-Tag: v1.5-dev23~112 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b113650e54647f525ff2b1174a5d3187fb490d8b;p=thirdparty%2Fhaproxy.git MEDIUM: pattern: add delete functions This commit adds a delete function for patterns. It looks up all instances of the pattern to delete and deletes them all. The fetch keyword declarations have been extended to point to the appropriate delete function. --- diff --git a/include/proto/pattern.h b/include/proto/pattern.h index e2801a0b6a..63e02e7e9f 100644 --- a/include/proto/pattern.h +++ b/include/proto/pattern.h @@ -73,6 +73,20 @@ int pat_idx_list_reg(struct pattern_expr *expr, struct pattern *pat, char **err) int pat_idx_tree_ip(struct pattern_expr *expr, struct pattern *pat, char **err); int pat_idx_tree_str(struct pattern_expr *expr, struct pattern *pat, char **err); +/* + * + * The following functions search pattern into the pattern + * expression . If the pattern is found, delete it. This function + * never fails. + * + */ +void pat_del_list_val(struct pattern_expr *expr, struct pattern *pat); +void pat_del_tree_ip(struct pattern_expr *expr, struct pattern *pat); +void pat_del_list_ptr(struct pattern_expr *expr, struct pattern *pat); +void pat_del_tree_str(struct pattern_expr *expr, struct pattern *pat); +void pat_del_list_str(struct pattern_expr *expr, struct pattern *pat); +void pat_del_list_reg(struct pattern_expr *expr, struct pattern *pat); + /* * * The following functions are general purpose pattern matching functions. @@ -162,6 +176,7 @@ void pattern_free(struct pattern_list *pat); void pattern_prune_expr(struct pattern_expr *expr); void pattern_init_expr(struct pattern_expr *expr); int pattern_lookup(const char *args, struct pattern_expr *expr, struct pattern_list **pat_elt, struct pattern_tree **idx_elt, char **err); +int pattern_delete(const char *key, struct pattern_expr *expr, char **err); #endif diff --git a/include/types/acl.h b/include/types/acl.h index 49c03cfe06..96b30bd1a3 100644 --- a/include/types/acl.h +++ b/include/types/acl.h @@ -94,6 +94,7 @@ struct acl_keyword { char *fetch_kw; int (*parse)(const char *text, struct pattern *pattern, char **err); int (*index)(struct pattern_expr *expr, struct pattern *pattern, char **err); + void (*delete)(struct pattern_expr *expr, struct pattern *pattern); struct pattern *(*match)(struct sample *smp, struct pattern_expr *expr, int fill); /* must be after the config params */ struct sample_fetch *smp; /* the sample fetch we depend on */ diff --git a/include/types/pattern.h b/include/types/pattern.h index 9622888a3e..2224e4c33e 100644 --- a/include/types/pattern.h +++ b/include/types/pattern.h @@ -157,6 +157,7 @@ struct pattern_list { struct pattern_expr { int (*parse)(const char *text, struct pattern *pattern, char **err); int (*index)(struct pattern_expr *, struct pattern *, char **); + void (*delete)(struct pattern_expr *, struct pattern *); struct pattern *(*match)(struct sample *, struct pattern_expr *, int); struct list patterns; /* list of acl_patterns */ struct eb_root pattern_tree; /* may be used for lookup in large datasets */ @@ -166,7 +167,8 @@ struct pattern_expr { extern char *pat_match_names[PAT_MATCH_NUM]; extern int (*pat_parse_fcts[PAT_MATCH_NUM])(const char *, struct pattern *, char **); extern int (*pat_index_fcts[PAT_MATCH_NUM])(struct pattern_expr *, struct pattern *, char **); -struct pattern *(*pat_match_fcts[PAT_MATCH_NUM])(struct sample *, struct pattern_expr *, int); +extern void (*pat_delete_fcts[PAT_MATCH_NUM])(struct pattern_expr *, struct pattern *); +extern struct pattern *(*pat_match_fcts[PAT_MATCH_NUM])(struct sample *, struct pattern_expr *, int); extern int pat_match_types[PAT_MATCH_NUM]; #endif /* _TYPES_PATTERN_H */ diff --git a/src/acl.c b/src/acl.c index 37fd8f4b68..0356ca0b76 100644 --- a/src/acl.c +++ b/src/acl.c @@ -354,6 +354,7 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list * expr->pat.parse = aclkw ? aclkw->parse : NULL; expr->pat.index = aclkw ? aclkw->index : NULL; expr->pat.match = aclkw ? aclkw->match : NULL; + expr->pat.delete = aclkw ? aclkw->delete : NULL; expr->smp = smp; smp = NULL; @@ -365,18 +366,21 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list * expr->pat.parse = pat_parse_fcts[PAT_MATCH_BOOL]; expr->pat.index = pat_index_fcts[PAT_MATCH_BOOL]; expr->pat.match = pat_match_fcts[PAT_MATCH_BOOL]; + expr->pat.delete = pat_delete_fcts[PAT_MATCH_BOOL]; break; case SMP_T_SINT: case SMP_T_UINT: expr->pat.parse = pat_parse_fcts[PAT_MATCH_INT]; expr->pat.index = pat_index_fcts[PAT_MATCH_INT]; expr->pat.match = pat_match_fcts[PAT_MATCH_INT]; + expr->pat.delete = pat_delete_fcts[PAT_MATCH_INT]; break; case SMP_T_IPV4: case SMP_T_IPV6: expr->pat.parse = pat_parse_fcts[PAT_MATCH_IP]; expr->pat.index = pat_index_fcts[PAT_MATCH_IP]; expr->pat.match = pat_match_fcts[PAT_MATCH_IP]; + expr->pat.delete = pat_delete_fcts[PAT_MATCH_IP]; break; } } @@ -437,6 +441,7 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list * expr->pat.parse = pat_parse_fcts[idx]; expr->pat.index = pat_index_fcts[idx]; expr->pat.match = pat_match_fcts[idx]; + expr->pat.delete = pat_delete_fcts[idx]; args++; } else if ((*args)[1] == '-') { diff --git a/src/dumpstats.c b/src/dumpstats.c index 12bace2f5b..836ad302d4 100644 --- a/src/dumpstats.c +++ b/src/dumpstats.c @@ -1849,8 +1849,6 @@ static int stats_sock_parse_request(struct stream_interface *si, char *line) } else if (strcmp(args[0], "del") == 0) { if (strcmp(args[1], "map") == 0) { - struct pattern_list *pat_elt; - struct pattern_tree *idx_elt; struct map_entry *ent; /* Expect two parameters: map name and key. */ @@ -1895,16 +1893,7 @@ static int stats_sock_parse_request(struct stream_interface *si, char *line) appctx->ctx.map.desc = NULL; stats_map_lookup_next(si); while (appctx->ctx.map.desc) { - while (pattern_lookup(args[3], appctx->ctx.map.desc->pat, &pat_elt, &idx_elt, NULL)) { - if (pat_elt != NULL) { - LIST_DEL(&pat_elt->list); - pattern_free(pat_elt); - } - if (idx_elt != NULL) { - ebmb_delete(&idx_elt->node); - free(idx_elt); - } - } + pattern_delete(args[3], appctx->ctx.map.desc->pat, NULL); stats_map_lookup_next(si); } diff --git a/src/map.c b/src/map.c index c244bb7d31..25052fda3e 100644 --- a/src/map.c +++ b/src/map.c @@ -412,6 +412,7 @@ static int sample_load_map(struct arg *arg, struct sample_conv *conv, char **err desc->pat->match = pat_match_fcts[conv->private]; desc->pat->parse = pat_parse_fcts[conv->private]; desc->pat->index = pat_index_fcts[conv->private]; + desc->pat->delete = pat_delete_fcts[conv->private]; /* parse each line of the file */ list_for_each_entry(ent, &ref->entries, list) diff --git a/src/pattern.c b/src/pattern.c index b417e9ffc6..796384dcfd 100644 --- a/src/pattern.c +++ b/src/pattern.c @@ -72,6 +72,22 @@ int (*pat_index_fcts[PAT_MATCH_NUM])(struct pattern_expr *, struct pattern *, ch [PAT_MATCH_REG] = pat_idx_list_reg, }; +void (*pat_delete_fcts[PAT_MATCH_NUM])(struct pattern_expr *, struct pattern *) = { + [PAT_MATCH_FOUND] = pat_del_list_val, + [PAT_MATCH_BOOL] = pat_del_list_val, + [PAT_MATCH_INT] = pat_del_list_val, + [PAT_MATCH_IP] = pat_del_tree_ip, + [PAT_MATCH_BIN] = pat_del_list_ptr, + [PAT_MATCH_LEN] = pat_del_list_val, + [PAT_MATCH_STR] = pat_del_tree_str, + [PAT_MATCH_BEG] = pat_del_list_str, + [PAT_MATCH_SUB] = pat_del_list_str, + [PAT_MATCH_DIR] = pat_del_list_str, + [PAT_MATCH_DOM] = pat_del_list_str, + [PAT_MATCH_END] = pat_del_list_str, + [PAT_MATCH_REG] = pat_del_list_reg, +}; + struct pattern *(*pat_match_fcts[PAT_MATCH_NUM])(struct sample *, struct pattern_expr *, int) = { [PAT_MATCH_FOUND] = NULL, [PAT_MATCH_BOOL] = pat_match_nothing, @@ -1178,6 +1194,202 @@ int pat_idx_tree_str(struct pattern_expr *expr, struct pattern *pat, char **err) return 1; } +void pat_del_list_val(struct pattern_expr *expr, struct pattern *pattern) +{ + struct pattern_list *pat; + struct pattern_list *safe; + + list_for_each_entry_safe(pat, safe, &expr->patterns, list) { + /* Check equality. */ + if (pattern->val.range.min_set != pat->pat.val.range.min_set) + continue; + if (pattern->val.range.max_set != pat->pat.val.range.max_set) + continue; + if (pattern->val.range.min_set && + pattern->val.range.min != pat->pat.val.range.min) + continue; + if (pattern->val.range.max_set && + pattern->val.range.max != pat->pat.val.range.max) + continue; + + /* Delete and free entry. */ + LIST_DEL(&pat->list); + free(pat->pat.smp); + free(pat); + } +} + +void pat_del_tree_ip(struct pattern_expr *expr, struct pattern *pattern) +{ + struct ebmb_node *node, *next_node; + struct pattern_tree *elt; + struct pattern_list *pat; + struct pattern_list *safe; + unsigned int mask; + + /* browse each node of the tree for IPv4 addresses. */ + if (pattern->type == SMP_T_IPV4) { + /* Convert mask. If the mask is contiguous, browse each node + * of the tree for IPv4 addresses. + */ + mask = ntohl(pattern->val.ipv4.mask.s_addr); + if (mask + (mask & -mask) == 0) { + mask = mask ? 33 - flsnz(mask & -mask) : 0; /* equals cidr value */ + + for (node = ebmb_first(&expr->pattern_tree), next_node = node ? ebmb_next(node) : NULL; + node; + node = next_node, next_node = node ? ebmb_next(node) : NULL) { + /* Extract container of the tree node. */ + elt = container_of(node, struct pattern_tree, node); + + /* Check equality. */ + if (memcmp(&pattern->val.ipv4.addr, elt->node.key, + sizeof(pattern->val.ipv4.addr)) != 0) + continue; + if (elt->node.node.pfx != mask) + continue; + + /* Delete and free entry. */ + ebmb_delete(node); + free(elt->smp); + free(elt); + } + } + else { + /* Browse each node of the list for IPv4 addresses. */ + list_for_each_entry_safe(pat, safe, &expr->patterns, list) { + /* Check equality, addr then mask */ + if (memcmp(&pattern->val.ipv4.addr, &pat->pat.val.ipv4.addr, + sizeof(pat->pat.val.ipv4.addr)) != 0) + continue; + + if (memcmp(&pattern->val.ipv4.mask, &pat->pat.val.ipv4.mask, + sizeof(pat->pat.val.ipv4.addr)) != 0) + continue; + + /* Delete and free entry. */ + LIST_DEL(&pat->list); + free(pat->pat.smp); + free(pat); + } + } + } + else if (pattern->type == SMP_T_IPV6) { + /* browse each node of the tree for IPv6 addresses. */ + for (node = ebmb_first(&expr->pattern_tree_2), next_node = node ? ebmb_next(node) : NULL; + node; + node = next_node, next_node = node ? ebmb_next(node) : NULL) { + /* Extract container of the tree node. */ + elt = container_of(node, struct pattern_tree, node); + + /* Check equality. */ + if (memcmp(&pattern->val.ipv6.addr, elt->node.key, + sizeof(pattern->val.ipv6.addr)) != 0) + continue; + if (elt->node.node.pfx != pattern->val.ipv6.mask) + continue; + + /* Delete and free entry. */ + ebmb_delete(node); + free(elt->smp); + free(elt); + } + } +} + +void pat_del_list_ptr(struct pattern_expr *expr, struct pattern *pattern) +{ + struct pattern_list *pat; + struct pattern_list *safe; + + list_for_each_entry_safe(pat, safe, &expr->patterns, list) { + /* Check equality. */ + if (pattern->len != pat->pat.len) + continue; + if (memcmp(pattern->ptr.ptr, pat->pat.ptr.ptr, pat->pat.len) != 0) + continue; + + /* Delete and free entry. */ + LIST_DEL(&pat->list); + free(pat->pat.ptr.ptr); + free(pat->pat.smp); + free(pat); + } +} + +void pat_del_tree_str(struct pattern_expr *expr, struct pattern *pattern) +{ + struct ebmb_node *node, *next_node; + struct pattern_tree *elt; + + /* browse each node of the tree. */ + for (node = ebmb_first(&expr->pattern_tree), next_node = node ? ebmb_next(node) : NULL; + node; + node = next_node, next_node = node ? ebmb_next(node) : NULL) { + /* Extract container of the tree node. */ + elt = container_of(node, struct pattern_tree, node); + + /* Check equality. */ + if (strcmp(pattern->ptr.str, (char *)elt->node.key) != 0) + continue; + + /* Delete and free entry. */ + ebmb_delete(node); + free(elt->smp); + free(elt); + } +} + +void pat_del_list_str(struct pattern_expr *expr, struct pattern *pattern) +{ + struct pattern_list *pat; + struct pattern_list *safe; + + list_for_each_entry_safe(pat, safe, &expr->patterns, list) { + /* Check equality. */ + if (pattern->len != pat->pat.len) + continue; + if (pat->pat.flags & PAT_F_IGNORE_CASE) { + if (strncasecmp(pattern->ptr.str, pat->pat.ptr.str, pat->pat.len) != 0) + continue; + } + else { + if (strncmp(pattern->ptr.str, pat->pat.ptr.str, pat->pat.len) != 0) + continue; + } + + /* Delete and free entry. */ + LIST_DEL(&pat->list); + free(pat->pat.ptr.str); + free(pat->pat.smp); + free(pat); + } +} + +void pat_del_list_reg(struct pattern_expr *expr, struct pattern *pattern) +{ + struct pattern_list *pat; + struct pattern_list *safe; + + list_for_each_entry_safe(pat, safe, &expr->patterns, list) { + /* Check equality. */ + if (pat->pat.flags & PAT_F_IGNORE_CASE) { + if (strcasecmp(pattern->ptr.reg->regstr, pat->pat.ptr.reg->regstr) != 0) + continue; + } + else { + if (strcmp(pattern->ptr.reg->regstr, pat->pat.ptr.reg->regstr) != 0) + continue; + } + + /* Delete and free entry. */ + LIST_DEL(&pat->list); + regex_free(pat->pat.ptr.ptr); + free(pat->pat.smp); + free(pat); + } +} + /* return 1 if the process is ok * return -1 if the parser fail. The err message is filled. * return -2 if out of memory @@ -1290,6 +1502,20 @@ struct pattern *pattern_exec_match(struct pattern_expr *expr, struct sample *smp return expr->match(smp, expr, fill); } +/* This function search all the pattern matching the and delete it. + * If the parsing of the input key fails, the function returns 0 and the + * is filled, else return 1; + */ +int pattern_delete(const char *key, struct pattern_expr *expr, char **err) +{ + struct pattern pattern; + + if (!expr->parse(key, &pattern, err)) + return 0; + expr->delete(expr, &pattern); + return 1; +} + /* This function browse the pattern expr to lookup the key . On * error it returns 0. On success, it returns 1 and fills either * or with the respectively matched pointers, and the other one with diff --git a/src/payload.c b/src/payload.c index 4bfd277434..42468ec991 100644 --- a/src/payload.c +++ b/src/payload.c @@ -681,13 +681,13 @@ static struct sample_fetch_kw_list smp_kws = {ILH, { * Please take care of keeping this list alphabetically sorted. */ static struct acl_kw_list acl_kws = {ILH, { - { "payload", "req.payload", pat_parse_bin, pat_idx_list_ptr, pat_match_bin }, - { "payload_lv", "req.payload_lv", pat_parse_bin, pat_idx_list_ptr, pat_match_bin }, - { "req_rdp_cookie", "req.rdp_cookie", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "req_rdp_cookie_cnt", "req.rdp_cookie_cnt", pat_parse_int, pat_idx_list_val, pat_match_int }, - { "req_ssl_sni", "req.ssl_sni", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "req_ssl_ver", "req.ssl_ver", pat_parse_dotted_ver, pat_idx_list_val, pat_match_int }, - { "req.ssl_ver", "req.ssl_ver", pat_parse_dotted_ver, pat_idx_list_val, pat_match_int }, + { "payload", "req.payload", pat_parse_bin, pat_idx_list_ptr, pat_del_list_ptr, pat_match_bin }, + { "payload_lv", "req.payload_lv", pat_parse_bin, pat_idx_list_ptr, pat_del_list_ptr, pat_match_bin }, + { "req_rdp_cookie", "req.rdp_cookie", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "req_rdp_cookie_cnt", "req.rdp_cookie_cnt", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_match_int }, + { "req_ssl_sni", "req.ssl_sni", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "req_ssl_ver", "req.ssl_ver", pat_parse_dotted_ver, pat_idx_list_val, pat_del_list_val, pat_match_int }, + { "req.ssl_ver", "req.ssl_ver", pat_parse_dotted_ver, pat_idx_list_val, pat_del_list_val, pat_match_int }, { /* END */ }, }}; diff --git a/src/proto_http.c b/src/proto_http.c index 0ae2e87614..38c0fc82a3 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -9075,6 +9075,36 @@ static struct pattern *pat_match_meth(struct sample *smp, struct pattern_expr *e return NULL; } +static +void pat_del_meth(struct pattern_expr *expr, struct pattern *pattern) +{ + struct pattern_list *pat; + struct pattern_list *safe; + + list_for_each_entry_safe(pat, safe, &expr->patterns, list) { + /* Check equality. */ + if (pattern->val.i != pat->pat.val.i) + continue; + if (pattern->val.i == HTTP_METH_OTHER) { + if (pattern->len != pat->pat.len) + continue; + if (pat->pat.flags & PAT_F_IGNORE_CASE) { + if (strncasecmp(pattern->ptr.str, pat->pat.ptr.str, pat->pat.len) != 0) + continue; + } + else { + if (strncmp(pattern->ptr.str, pat->pat.ptr.str, pat->pat.len) != 0) + continue; + } + } + + /* Delete and free entry. */ + LIST_DEL(&pat->list); + free(pat->pat.ptr.str); + free(pat); + } +} + static int smp_fetch_rqver(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp, const char *kw) @@ -10361,84 +10391,84 @@ static int sample_conv_http_date(const struct arg *args, struct sample *smp) * Please take care of keeping this list alphabetically sorted. */ static struct acl_kw_list acl_kws = {ILH, { - { "base", "base", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "base_beg", "base", pat_parse_str, pat_idx_list_str, pat_match_beg }, - { "base_dir", "base", pat_parse_str, pat_idx_list_str, pat_match_dir }, - { "base_dom", "base", pat_parse_str, pat_idx_list_str, pat_match_dom }, - { "base_end", "base", pat_parse_str, pat_idx_list_str, pat_match_end }, - { "base_len", "base", pat_parse_int, pat_idx_list_val, pat_match_len }, - { "base_reg", "base", pat_parse_reg, pat_idx_list_reg, pat_match_reg }, - { "base_sub", "base", pat_parse_str, pat_idx_list_str, pat_match_sub }, - - { "cook", "req.cook", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "cook_beg", "req.cook", pat_parse_str, pat_idx_list_str, pat_match_beg }, - { "cook_dir", "req.cook", pat_parse_str, pat_idx_list_str, pat_match_dir }, - { "cook_dom", "req.cook", pat_parse_str, pat_idx_list_str, pat_match_dom }, - { "cook_end", "req.cook", pat_parse_str, pat_idx_list_str, pat_match_end }, - { "cook_len", "req.cook", pat_parse_int, pat_idx_list_val, pat_match_len }, - { "cook_reg", "req.cook", pat_parse_reg, pat_idx_list_reg, pat_match_reg }, - { "cook_sub", "req.cook", pat_parse_str, pat_idx_list_str, pat_match_sub }, - - { "hdr", "req.hdr", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "hdr_beg", "req.hdr", pat_parse_str, pat_idx_list_str, pat_match_beg }, - { "hdr_dir", "req.hdr", pat_parse_str, pat_idx_list_str, pat_match_dir }, - { "hdr_dom", "req.hdr", pat_parse_str, pat_idx_list_str, pat_match_dom }, - { "hdr_end", "req.hdr", pat_parse_str, pat_idx_list_str, pat_match_end }, - { "hdr_len", "req.hdr", pat_parse_int, pat_idx_list_val, pat_match_len }, - { "hdr_reg", "req.hdr", pat_parse_reg, pat_idx_list_reg, pat_match_reg }, - { "hdr_sub", "req.hdr", pat_parse_str, pat_idx_list_str, pat_match_sub }, - - { "http_auth_group", NULL, pat_parse_str, pat_idx_list_str, pat_match_auth }, - - { "method", NULL, pat_parse_meth, pat_idx_list_str, pat_match_meth }, - - { "path", "path", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "path_beg", "path", pat_parse_str, pat_idx_list_str, pat_match_beg }, - { "path_dir", "path", pat_parse_str, pat_idx_list_str, pat_match_dir }, - { "path_dom", "path", pat_parse_str, pat_idx_list_str, pat_match_dom }, - { "path_end", "path", pat_parse_str, pat_idx_list_str, pat_match_end }, - { "path_len", "path", pat_parse_int, pat_idx_list_val, pat_match_len }, - { "path_reg", "path", pat_parse_reg, pat_idx_list_reg, pat_match_reg }, - { "path_sub", "path", pat_parse_str, pat_idx_list_str, pat_match_sub }, - - { "req_ver", "req.ver", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "resp_ver", "res.ver", pat_parse_str, pat_idx_tree_str, pat_match_str }, - - { "scook", "res.cook", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "scook_beg", "res.cook", pat_parse_str, pat_idx_list_str, pat_match_beg }, - { "scook_dir", "res.cook", pat_parse_str, pat_idx_list_str, pat_match_dir }, - { "scook_dom", "res.cook", pat_parse_str, pat_idx_list_str, pat_match_dom }, - { "scook_end", "res.cook", pat_parse_str, pat_idx_list_str, pat_match_end }, - { "scook_len", "res.cook", pat_parse_int, pat_idx_list_val, pat_match_len }, - { "scook_reg", "res.cook", pat_parse_reg, pat_idx_list_reg, pat_match_reg }, - { "scook_sub", "res.cook", pat_parse_str, pat_idx_list_str, pat_match_sub }, - - { "shdr", "res.hdr", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "shdr_beg", "res.hdr", pat_parse_str, pat_idx_list_str, pat_match_beg }, - { "shdr_dir", "res.hdr", pat_parse_str, pat_idx_list_str, pat_match_dir }, - { "shdr_dom", "res.hdr", pat_parse_str, pat_idx_list_str, pat_match_dom }, - { "shdr_end", "res.hdr", pat_parse_str, pat_idx_list_str, pat_match_end }, - { "shdr_len", "res.hdr", pat_parse_int, pat_idx_list_val, pat_match_len }, - { "shdr_reg", "res.hdr", pat_parse_reg, pat_idx_list_reg, pat_match_reg }, - { "shdr_sub", "res.hdr", pat_parse_str, pat_idx_list_str, pat_match_sub }, - - { "url", "url", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "url_beg", "url", pat_parse_str, pat_idx_list_str, pat_match_beg }, - { "url_dir", "url", pat_parse_str, pat_idx_list_str, pat_match_dir }, - { "url_dom", "url", pat_parse_str, pat_idx_list_str, pat_match_dom }, - { "url_end", "url", pat_parse_str, pat_idx_list_str, pat_match_end }, - { "url_len", "url", pat_parse_int, pat_idx_list_val, pat_match_len }, - { "url_reg", "url", pat_parse_reg, pat_idx_list_reg, pat_match_reg }, - { "url_sub", "url", pat_parse_str, pat_idx_list_str, pat_match_sub }, - - { "urlp", "urlp", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "urlp_beg", "urlp", pat_parse_str, pat_idx_list_str, pat_match_beg }, - { "urlp_dir", "urlp", pat_parse_str, pat_idx_list_str, pat_match_dir }, - { "urlp_dom", "urlp", pat_parse_str, pat_idx_list_str, pat_match_dom }, - { "urlp_end", "urlp", pat_parse_str, pat_idx_list_str, pat_match_end }, - { "urlp_len", "urlp", pat_parse_int, pat_idx_list_val, pat_match_len }, - { "urlp_reg", "urlp", pat_parse_reg, pat_idx_list_reg, pat_match_reg }, - { "urlp_sub", "urlp", pat_parse_str, pat_idx_list_str, pat_match_sub }, + { "base", "base", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "base_beg", "base", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_beg }, + { "base_dir", "base", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dir }, + { "base_dom", "base", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dom }, + { "base_end", "base", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_end }, + { "base_len", "base", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_match_len }, + { "base_reg", "base", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_match_reg }, + { "base_sub", "base", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_sub }, + + { "cook", "req.cook", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "cook_beg", "req.cook", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_beg }, + { "cook_dir", "req.cook", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dir }, + { "cook_dom", "req.cook", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dom }, + { "cook_end", "req.cook", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_end }, + { "cook_len", "req.cook", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_match_len }, + { "cook_reg", "req.cook", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_match_reg }, + { "cook_sub", "req.cook", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_sub }, + + { "hdr", "req.hdr", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "hdr_beg", "req.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_beg }, + { "hdr_dir", "req.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dir }, + { "hdr_dom", "req.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dom }, + { "hdr_end", "req.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_end }, + { "hdr_len", "req.hdr", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_match_len }, + { "hdr_reg", "req.hdr", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_match_reg }, + { "hdr_sub", "req.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_sub }, + + { "http_auth_group", NULL, pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_auth }, + + { "method", NULL, pat_parse_meth, pat_idx_list_str, pat_del_meth, pat_match_meth }, + + { "path", "path", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "path_beg", "path", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_beg }, + { "path_dir", "path", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dir }, + { "path_dom", "path", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dom }, + { "path_end", "path", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_end }, + { "path_len", "path", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_match_len }, + { "path_reg", "path", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_match_reg }, + { "path_sub", "path", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_sub }, + + { "req_ver", "req.ver", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "resp_ver", "res.ver", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + + { "scook", "res.cook", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "scook_beg", "res.cook", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_beg }, + { "scook_dir", "res.cook", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dir }, + { "scook_dom", "res.cook", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dom }, + { "scook_end", "res.cook", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_end }, + { "scook_len", "res.cook", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_match_len }, + { "scook_reg", "res.cook", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_match_reg }, + { "scook_sub", "res.cook", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_sub }, + + { "shdr", "res.hdr", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "shdr_beg", "res.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_beg }, + { "shdr_dir", "res.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dir }, + { "shdr_dom", "res.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dom }, + { "shdr_end", "res.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_end }, + { "shdr_len", "res.hdr", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_match_len }, + { "shdr_reg", "res.hdr", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_match_reg }, + { "shdr_sub", "res.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_sub }, + + { "url", "url", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "url_beg", "url", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_beg }, + { "url_dir", "url", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dir }, + { "url_dom", "url", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dom }, + { "url_end", "url", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_end }, + { "url_len", "url", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_match_len }, + { "url_reg", "url", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_match_reg }, + { "url_sub", "url", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_sub }, + + { "urlp", "urlp", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "urlp_beg", "urlp", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_beg }, + { "urlp_dir", "urlp", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dir }, + { "urlp_dom", "urlp", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dom }, + { "urlp_end", "urlp", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_end }, + { "urlp_len", "urlp", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_match_len }, + { "urlp_reg", "urlp", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_match_reg }, + { "urlp_sub", "urlp", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_sub }, { /* END */ }, }}; diff --git a/src/ssl_sock.c b/src/ssl_sock.c index e6a341e50d..d71ed9551f 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -3546,31 +3546,31 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, { * Please take care of keeping this list alphabetically sorted. */ static struct acl_kw_list acl_kws = {ILH, { - { "ssl_c_i_dn", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_c_key_alg", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_c_notafter", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_c_notbefore", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_c_sig_alg", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_c_s_dn", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_c_serial", NULL, pat_parse_bin, pat_idx_list_ptr, pat_match_bin }, - { "ssl_f_i_dn", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_f_key_alg", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_f_notafter", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_f_notbefore", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_f_sig_alg", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_f_s_dn", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_f_serial", NULL, pat_parse_bin, pat_idx_list_ptr, pat_match_bin }, - { "ssl_fc_cipher", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, + { "ssl_c_i_dn", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_c_key_alg", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_c_notafter", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_c_notbefore", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_c_sig_alg", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_c_s_dn", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_c_serial", NULL, pat_parse_bin, pat_idx_list_ptr, pat_del_list_ptr, pat_match_bin }, + { "ssl_f_i_dn", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_f_key_alg", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_f_notafter", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_f_notbefore", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_f_sig_alg", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_f_s_dn", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_f_serial", NULL, pat_parse_bin, pat_idx_list_ptr, pat_del_list_ptr, pat_match_bin }, + { "ssl_fc_cipher", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, #ifdef OPENSSL_NPN_NEGOTIATED - { "ssl_fc_npn", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, + { "ssl_fc_npn", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, #endif #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation - { "ssl_fc_alpn", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, + { "ssl_fc_alpn", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, #endif - { "ssl_fc_protocol", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_fc_sni", "ssl_fc_sni", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_fc_sni_end", "ssl_fc_sni", pat_parse_str, pat_idx_list_str, pat_match_end }, - { "ssl_fc_sni_reg", "ssl_fc_sni", pat_parse_reg, pat_idx_list_reg, pat_match_reg }, + { "ssl_fc_protocol", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_fc_sni", "ssl_fc_sni", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_fc_sni_end", "ssl_fc_sni", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_end }, + { "ssl_fc_sni_reg", "ssl_fc_sni", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_match_reg }, { /* END */ }, }};