ACL ARP support

From:    dale@server.ctam.bitmcnit.bryansk.su (Dale)
   Working on setting up a proper firewall for a network containing some
Win'95 computers at our Univ, I've discovered that some smart students
avoid the restrictions easily just changing their IP addresses in Win'95
Contol Panel... It has been getting boring, so I took Squid-1.1.18
sources and added a new acl type for hard-wired access control:

diff --git a/src/acl.cc b/src/acl.cc
index 73566b0dfba75b075751a89e92582c0e6a82c35e..03a8846983a4ebdf46bd31324a98db1fc51eebcc 100644 (file)
--- a/src/acl.cc
+++ b/src/acl.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: acl.cc,v 1.120 1997/11/21 01:59:14 wessels Exp $
+ * $Id: acl.cc,v 1.121 1997/12/05 19:30:03 wessels Exp $
  *
  * DEBUG: section 28    Access Control
  * AUTHOR: Duane Wessels
@@ -168,6 +168,10 @@ aclType(const char *s)
        return ACL_SRC_ASN;
     if (!strcmp(s, "dst_as"))
        return ACL_DST_ASN;
+#if USE_ARP_ACL
+    if (!strcmp(s, "arp"))
+       return ACL_SRC_ARP;
+#endif
     return ACL_NONE;
 }
 
@@ -696,6 +700,11 @@ aclParseAclLine(acl ** head)
     case ACL_DST_ASN:
        aclParseIntlist(&A->data);
        break;
+#if USE_ARP_ACL
+    case ACL_SRC_ARP:
+       aclParseArpList(&A->data);
+       break;
+#endif
     case ACL_NONE:
     default:
        fatal("Bad ACL type");
@@ -1249,6 +1258,10 @@ aclMatchAcl(struct _acl *acl, aclCheck_t * checklist)
     case ACL_DST_ASN:
        assert(0);
        return 0;
+#if USE_ARP_ACL
+    case ACL_SRC_ARP:
+       return aclMatchArp(&acl->data, checklist->src_addr);
+#endif
     case ACL_NONE:
     default:
        debug(28, 0) ("aclMatchAcl: '%s' has bad type %d\n",

diff --git a/src/protos.h b/src/protos.h
index 05aff4f2fe9c9bac3881e96cd12efc09de93f21f..73478254242b85da5b9038499edb938fdfdb5001 100644 (file)
--- a/src/protos.h
+++ b/src/protos.h
@@ -1,6 +1,5 @@
 
 
-
 extern void accessLogLog(AccessLogEntry *);
 extern void accessLogRotate(void);
 extern void accessLogClose(void);
@@ -29,6 +28,19 @@ extern void aclDestroyRegexList(struct _relist *data);
 extern int aclMatchRegex(relist * data, const char *word);
 extern void aclParseRegexList(void *curlist);
 
+#if USE_ARP_ACL
+extern int checkARP(u_long ip, char *eth);
+extern int decode_eth(const char *asc, char *eth);
+extern int aclMatchArp(void *dataptr, struct in_addr c);
+#if USE_SPLAY_TREE
+extern int aclArpNetworkCompare(const void *, splayNode *);
+extern void aclParseArpList(void *curlist);
+#elif USE_BIN_TREE
+extern int bintreeArpNetworkCompare(void *, void *);
+extern void aclParseArpList(void **curtree);
+#endif
+extern void aclParseArpList(void *curlist);
+#endif
 
 extern int aio_cancel(aio_result_t *);
 extern int aio_open(const char *, int, mode_t, aio_result_t *);
@@ -585,3 +597,13 @@ extern void asnAclInitialize(acl *);
 
 extern void dlinkAdd(void *data, dlink_node *, dlink_list *);
 extern void dlinkDelete(dlink_node * m, dlink_list * list);
+
+/*
+ * prototypes for system functions missing from system includes
+ */
+
+#ifdef _SQUID_SOLARIS_
+int getrusage(int, struct rusage *);
+int getpagesize(void);
+int gethostname(char *, int);
+#endif

diff --git a/src/structs.h b/src/structs.h
index aaa324ed834a40ebfed63df6433b168d1fe90177..d74b3630c7bcf538f6e551649aefddac492e9786 100644 (file)
--- a/src/structs.h
+++ b/src/structs.h
@@ -34,6 +34,15 @@ struct _acl_deny_info_list {
     struct _acl_deny_info_list *next;
 };
 
+#if USE_ARP_ACL
+struct _acl_arp_data {
+       unsigned char eth[6];
+#ifndef USE_SPLAY_TREE
+       struct _acl_arp_data *next;
+#endif
+};
+#endif
+
 #if SQUID_SNMP
 struct _snmpconf {
     char *line;