[MEDIUM] acl: set types on all currently known ACL verbs

All currently known ACL verbs have been assigned a type which makes
it possible to detect inconsistencies, such as response values used
in request rules.

diff --git a/include/types/acl.h b/include/types/acl.h
index 2cf3f4e7c5652da13bfa02b2001f131d7796641c..431e22b44ab290a679e8f49f53869333ae5493ca 100644 (file)
--- a/include/types/acl.h
+++ b/include/types/acl.h
@@ -104,6 +104,7 @@ enum {
  * allows for flexible ACLs typed by their contents.
  */
 enum {
+       ACL_USE_NOTHING         = 0,            /* no need for anything beyond internal information */
        ACL_USE_TCP4_PERMANENT  = 1 <<  0,      /* unchanged TCPv4 data (eg: source IP) */
        ACL_USE_TCP4_CACHEABLE  = 1 <<  1,      /* cacheable TCPv4 data (eg: src conns) */
        ACL_USE_TCP4_VOLATILE   = 1 <<  2,      /* volatile  TCPv4 data (eg: RTT) */

diff --git a/src/acl.c b/src/acl.c
index ffed8263cc8030c8e84d3489eb14a6b69adc2802..30c30de6c1b9cbc209474c364d980974a830f1f8 100644 (file)
--- a/src/acl.c
+++ b/src/acl.c
@@ -1102,9 +1102,9 @@ int acl_exec_cond(struct acl_cond *cond, struct proxy *px, struct session *l4, v
 
 /* Note: must not be declared <const> as its list will be overwritten */
 static struct acl_kw_list acl_kws = {{ },{
-       { "always_true", acl_parse_nothing, acl_fetch_true, acl_match_nothing },
-       { "always_false", acl_parse_nothing, acl_fetch_false, acl_match_nothing },
-       { "wait_end", acl_parse_nothing, acl_fetch_wait_end, acl_match_nothing },
+       { "always_true", acl_parse_nothing, acl_fetch_true, acl_match_nothing,   ACL_USE_NOTHING },
+       { "always_false", acl_parse_nothing, acl_fetch_false, acl_match_nothing, ACL_USE_NOTHING },
+       { "wait_end", acl_parse_nothing, acl_fetch_wait_end, acl_match_nothing,  ACL_USE_NOTHING },
 #if 0
        { "time",       acl_parse_time,  acl_fetch_time,   acl_match_time  },
 #endif

diff --git a/src/backend.c b/src/backend.c
index ddedfd9823ad8b18163cbd613d08a2595a3974ba..7fbc7206dad9dca187f89abce0933a49c8e1c4c4 100644 (file)
--- a/src/backend.c
+++ b/src/backend.c
@@ -2138,7 +2138,7 @@ acl_fetch_nbsrv(struct proxy *px, struct session *l4, void *l7, int dir,
 
 /* Note: must not be declared <const> as its list will be overwritten */
 static struct acl_kw_list acl_kws = {{ },{
-       { "nbsrv",   acl_parse_int,   acl_fetch_nbsrv,    acl_match_int },
+       { "nbsrv",   acl_parse_int,   acl_fetch_nbsrv,    acl_match_int, ACL_USE_NOTHING },
        { NULL, NULL, NULL, NULL },
 }};
 

diff --git a/src/client.c b/src/client.c
index f3081c1d198f2f3b1772923e36360d48b6381594..502ee979605d95ebda27b6642a91951a862fec0b 100644 (file)
--- a/src/client.c
+++ b/src/client.c
@@ -536,14 +536,14 @@ acl_fetch_dconn(struct proxy *px, struct session *l4, void *l7, int dir,
 
 /* Note: must not be declared <const> as its list will be overwritten */
 static struct acl_kw_list acl_kws = {{ },{
-       { "src_port",   acl_parse_int,   acl_fetch_sport,    acl_match_int },
-       { "src",        acl_parse_ip,    acl_fetch_src,      acl_match_ip  },
-       { "dst",        acl_parse_ip,    acl_fetch_dst,      acl_match_ip  },
-       { "dst_port",   acl_parse_int,   acl_fetch_dport,    acl_match_int },
+       { "src_port",   acl_parse_int,   acl_fetch_sport,    acl_match_int, ACL_USE_TCP_PERMANENT  },
+       { "src",        acl_parse_ip,    acl_fetch_src,      acl_match_ip,  ACL_USE_TCP4_PERMANENT },
+       { "dst",        acl_parse_ip,    acl_fetch_dst,      acl_match_ip,  ACL_USE_TCP4_PERMANENT },
+       { "dst_port",   acl_parse_int,   acl_fetch_dport,    acl_match_int, ACL_USE_TCP_PERMANENT  },
 #if 0
        { "src_limit",  acl_parse_int,   acl_fetch_sconn,    acl_match_int },
 #endif
-       { "dst_conn",   acl_parse_int,   acl_fetch_dconn,    acl_match_int },
+       { "dst_conn",   acl_parse_int,   acl_fetch_dconn,    acl_match_int, ACL_USE_NOTHING },
        { NULL, NULL, NULL, NULL },
 }};
 

diff --git a/src/proto_http.c b/src/proto_http.c
index 5b1221f1cd457d2e77bce35097914f2909e786b2..5b11cb2b6c444f277ee501e02196b42d8399c76a 100644 (file)
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -5746,48 +5746,49 @@ acl_fetch_path(struct proxy *px, struct session *l4, void *l7, int dir,
 
 /* Note: must not be declared <const> as its list will be overwritten */
 static struct acl_kw_list acl_kws = {{ },{
-       { "method",     acl_parse_meth,  acl_fetch_meth,   acl_match_meth },
-       { "req_ver",    acl_parse_ver,   acl_fetch_rqver,  acl_match_str  },
-       { "resp_ver",   acl_parse_ver,   acl_fetch_stver,  acl_match_str  },
-       { "status",     acl_parse_int,   acl_fetch_stcode, acl_match_int  },
-
-       { "url",        acl_parse_str,   acl_fetch_url,      acl_match_str  },
-       { "url_beg",    acl_parse_str,   acl_fetch_url,      acl_match_beg  },
-       { "url_end",    acl_parse_str,   acl_fetch_url,      acl_match_end  },
-       { "url_sub",    acl_parse_str,   acl_fetch_url,      acl_match_sub  },
-       { "url_dir",    acl_parse_str,   acl_fetch_url,      acl_match_dir  },
-       { "url_dom",    acl_parse_str,   acl_fetch_url,      acl_match_dom  },
-       { "url_reg",    acl_parse_reg,   acl_fetch_url,      acl_match_reg  },
-       { "url_ip",     acl_parse_ip,    acl_fetch_url_ip,   acl_match_ip   },
-       { "url_port",   acl_parse_int,   acl_fetch_url_port, acl_match_int  },
-
-       { "hdr",        acl_parse_str,   acl_fetch_chdr,    acl_match_str },
-       { "hdr_reg",    acl_parse_reg,   acl_fetch_chdr,    acl_match_reg },
-       { "hdr_beg",    acl_parse_str,   acl_fetch_chdr,    acl_match_beg },
-       { "hdr_end",    acl_parse_str,   acl_fetch_chdr,    acl_match_end },
-       { "hdr_sub",    acl_parse_str,   acl_fetch_chdr,    acl_match_sub },
-       { "hdr_dir",    acl_parse_str,   acl_fetch_chdr,    acl_match_dir },
-       { "hdr_dom",    acl_parse_str,   acl_fetch_chdr,    acl_match_dom },
-       { "hdr_cnt",    acl_parse_int,   acl_fetch_chdr_cnt,acl_match_int },
-       { "hdr_val",    acl_parse_int,   acl_fetch_chdr_val,acl_match_int },
-
-       { "shdr",       acl_parse_str,   acl_fetch_shdr,    acl_match_str },
-       { "shdr_reg",   acl_parse_reg,   acl_fetch_shdr,    acl_match_reg },
-       { "shdr_beg",   acl_parse_str,   acl_fetch_shdr,    acl_match_beg },
-       { "shdr_end",   acl_parse_str,   acl_fetch_shdr,    acl_match_end },
-       { "shdr_sub",   acl_parse_str,   acl_fetch_shdr,    acl_match_sub },
-       { "shdr_dir",   acl_parse_str,   acl_fetch_shdr,    acl_match_dir },
-       { "shdr_dom",   acl_parse_str,   acl_fetch_shdr,    acl_match_dom },
-       { "shdr_cnt",   acl_parse_int,   acl_fetch_shdr_cnt,acl_match_int },
-       { "shdr_val",   acl_parse_int,   acl_fetch_shdr_val,acl_match_int },
-
-       { "path",       acl_parse_str,   acl_fetch_path,   acl_match_str  },
-       { "path_reg",   acl_parse_reg,   acl_fetch_path,   acl_match_reg  },
-       { "path_beg",   acl_parse_str,   acl_fetch_path,   acl_match_beg  },
-       { "path_end",   acl_parse_str,   acl_fetch_path,   acl_match_end  },
-       { "path_sub",   acl_parse_str,   acl_fetch_path,   acl_match_sub  },
-       { "path_dir",   acl_parse_str,   acl_fetch_path,   acl_match_dir  },
-       { "path_dom",   acl_parse_str,   acl_fetch_path,   acl_match_dom  },
+       { "method",     acl_parse_meth,  acl_fetch_meth,   acl_match_meth, ACL_USE_L7REQ_PERMANENT },
+       { "req_ver",    acl_parse_ver,   acl_fetch_rqver,  acl_match_str,  ACL_USE_L7REQ_VOLATILE  },
+       { "resp_ver",   acl_parse_ver,   acl_fetch_stver,  acl_match_str,  ACL_USE_L7RTR_VOLATILE  },
+       { "status",     acl_parse_int,   acl_fetch_stcode, acl_match_int,  ACL_USE_L7RTR_PERMANENT },
+
+       { "url",        acl_parse_str,   acl_fetch_url,      acl_match_str,  ACL_USE_L7REQ_VOLATILE },
+       { "url_beg",    acl_parse_str,   acl_fetch_url,      acl_match_beg,  ACL_USE_L7REQ_VOLATILE },
+       { "url_end",    acl_parse_str,   acl_fetch_url,      acl_match_end,  ACL_USE_L7REQ_VOLATILE },
+       { "url_sub",    acl_parse_str,   acl_fetch_url,      acl_match_sub,  ACL_USE_L7REQ_VOLATILE },
+       { "url_dir",    acl_parse_str,   acl_fetch_url,      acl_match_dir,  ACL_USE_L7REQ_VOLATILE },
+       { "url_dom",    acl_parse_str,   acl_fetch_url,      acl_match_dom,  ACL_USE_L7REQ_VOLATILE },
+       { "url_reg",    acl_parse_reg,   acl_fetch_url,      acl_match_reg,  ACL_USE_L7REQ_VOLATILE },
+       { "url_ip",     acl_parse_ip,    acl_fetch_url_ip,   acl_match_ip,   ACL_USE_L7REQ_VOLATILE },
+       { "url_port",   acl_parse_int,   acl_fetch_url_port, acl_match_int,  ACL_USE_L7REQ_VOLATILE },
+
+       /* note: we should set hdr* to use ACL_USE_HDR_VOLATILE, and chdr* to use L7REQ_VOLATILE */
+       { "hdr",        acl_parse_str,   acl_fetch_chdr,    acl_match_str, ACL_USE_L7REQ_VOLATILE },
+       { "hdr_reg",    acl_parse_reg,   acl_fetch_chdr,    acl_match_reg, ACL_USE_L7REQ_VOLATILE },
+       { "hdr_beg",    acl_parse_str,   acl_fetch_chdr,    acl_match_beg, ACL_USE_L7REQ_VOLATILE },
+       { "hdr_end",    acl_parse_str,   acl_fetch_chdr,    acl_match_end, ACL_USE_L7REQ_VOLATILE },
+       { "hdr_sub",    acl_parse_str,   acl_fetch_chdr,    acl_match_sub, ACL_USE_L7REQ_VOLATILE },
+       { "hdr_dir",    acl_parse_str,   acl_fetch_chdr,    acl_match_dir, ACL_USE_L7REQ_VOLATILE },
+       { "hdr_dom",    acl_parse_str,   acl_fetch_chdr,    acl_match_dom, ACL_USE_L7REQ_VOLATILE },
+       { "hdr_cnt",    acl_parse_int,   acl_fetch_chdr_cnt,acl_match_int, ACL_USE_L7REQ_VOLATILE },
+       { "hdr_val",    acl_parse_int,   acl_fetch_chdr_val,acl_match_int, ACL_USE_L7REQ_VOLATILE },
+
+       { "shdr",       acl_parse_str,   acl_fetch_shdr,    acl_match_str, ACL_USE_L7RTR_VOLATILE },
+       { "shdr_reg",   acl_parse_reg,   acl_fetch_shdr,    acl_match_reg, ACL_USE_L7RTR_VOLATILE },
+       { "shdr_beg",   acl_parse_str,   acl_fetch_shdr,    acl_match_beg, ACL_USE_L7RTR_VOLATILE },
+       { "shdr_end",   acl_parse_str,   acl_fetch_shdr,    acl_match_end, ACL_USE_L7RTR_VOLATILE },
+       { "shdr_sub",   acl_parse_str,   acl_fetch_shdr,    acl_match_sub, ACL_USE_L7RTR_VOLATILE },
+       { "shdr_dir",   acl_parse_str,   acl_fetch_shdr,    acl_match_dir, ACL_USE_L7RTR_VOLATILE },
+       { "shdr_dom",   acl_parse_str,   acl_fetch_shdr,    acl_match_dom, ACL_USE_L7RTR_VOLATILE },
+       { "shdr_cnt",   acl_parse_int,   acl_fetch_shdr_cnt,acl_match_int, ACL_USE_L7RTR_VOLATILE },
+       { "shdr_val",   acl_parse_int,   acl_fetch_shdr_val,acl_match_int, ACL_USE_L7RTR_VOLATILE },
+
+       { "path",       acl_parse_str,   acl_fetch_path,   acl_match_str, ACL_USE_L7REQ_VOLATILE },
+       { "path_reg",   acl_parse_reg,   acl_fetch_path,   acl_match_reg, ACL_USE_L7REQ_VOLATILE },
+       { "path_beg",   acl_parse_str,   acl_fetch_path,   acl_match_beg, ACL_USE_L7REQ_VOLATILE },
+       { "path_end",   acl_parse_str,   acl_fetch_path,   acl_match_end, ACL_USE_L7REQ_VOLATILE },
+       { "path_sub",   acl_parse_str,   acl_fetch_path,   acl_match_sub, ACL_USE_L7REQ_VOLATILE },
+       { "path_dir",   acl_parse_str,   acl_fetch_path,   acl_match_dir, ACL_USE_L7REQ_VOLATILE },
+       { "path_dom",   acl_parse_str,   acl_fetch_path,   acl_match_dom, ACL_USE_L7REQ_VOLATILE },
 
        { NULL, NULL, NULL, NULL },
 

diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index d06b76a7a46df3c292364bc8d5c69f4f041f9567..3d93a34b108afe6f116e6e201efca576ad0632e5 100644 (file)
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -558,8 +558,8 @@ static struct cfg_kw_list cfg_kws = {{ },{
 }};
 
 static struct acl_kw_list acl_kws = {{ },{
-       { "req_len",      acl_parse_int,        acl_fetch_req_len,     acl_match_int },
-       { "req_ssl_ver",  acl_parse_dotted_ver, acl_fetch_req_ssl_ver, acl_match_int },
+       { "req_len",      acl_parse_int,        acl_fetch_req_len,     acl_match_int, ACL_USE_L4REQ_VOLATILE },
+       { "req_ssl_ver",  acl_parse_dotted_ver, acl_fetch_req_ssl_ver, acl_match_int, ACL_USE_L4REQ_VOLATILE },
        { NULL, NULL, NULL, NULL },
 }};