From: Willy Tarreau Date: Wed, 25 Apr 2012 14:21:44 +0000 (+0200) Subject: MEDIUM: acl/pattern: start merging common sample fetch functions X-Git-Tag: v1.5-dev9~39 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=25c1ebc0c99a5cd1329bdea843e9e9c6f20808d8;p=thirdparty%2Fhaproxy.git MEDIUM: acl/pattern: start merging common sample fetch functions src_port, dst_port and url_param have converged between ACLs and patterns. This means that src_port is now available in patterns and that urlp_* has been added to ACLs. Some code has moved to accommodate for static function definitions, but there were little changes. --- diff --git a/doc/configuration.txt b/doc/configuration.txt index 0059fe1762..c2b063ae84 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -7935,7 +7935,7 @@ hdr(
) Use the shdr() variant for response headers sent by the server. The "hdr" criteria returns true if any of the headers matching the criteria - match any of the strings. This can be used to check exact for values. For + match any of the strings. This can be used to check for exact values. For instance, checking that "connection: close" is set : hdr(Connection) -i close @@ -8126,6 +8126,52 @@ url_sub Returns true when the URL contains one of the strings. It can be used to detect particular patterns in query strings for example. See also "path_sub". +urlp() + Note: all "urlp*" matching criteria apply to the first occurrence of the + parameter in the query string. The parameter name is case-sensitive. + + The "urlp" matching criteria returns true if the designated URL parameter + matches any of the strings. This can be used to check for exact values. + +urlp_beg() + Returns true when the URL parameter "" begins with one of the strings. + This can be used to check whether a URL begins with a slash or with a + protocol scheme. + +urlp_dir() + Returns true when the URL parameter "" contains one of the strings + either isolated or delimited with slashes. This is used to perform filename + or directory name matching in a specific URL parameter without the risk of + wrong match due to colliding prefixes. See also "path_dir" and "urlp_sub". + +urlp_dom() + Returns true when one of the strings is found isolated or delimited with dots + in the URL parameter "". This is used to perform domain name matching + in a specific URL parameter without the risk of wrong match due to colliding + prefixes. See also "urlp_sub". + +urlp_end() + Returns true when the URL parameter "" ends with one of the strings. + +urlp_ip() + Returns true when the URL parameter "" contains an IPv4 address which + matches one of the specified IP addresses. + +urlp_len() + Returns true when the URL parameter "" has a length matching the values + or ranges specified. This is used to detect abusive requests for instance. + +urlp_reg() + Returns true when the URL parameter "" matches one of the regular + expressions. It can be used any time, but it is important to remember that + regex matching is slower than other methods. See also "path_reg" and all + "urlp_" criteria. + +urlp_sub() + Returns true when the URL parameter "" contains one of the strings. It + can be used to detect particular patterns in query strings for example. See + also "path_sub" and other "urlp_" criteria. + 7.6. Pre-defined ACLs --------------------- @@ -8293,6 +8339,11 @@ The list of currently supported pattern fetch functions is the following : + else it is absolute. Ex: see SSL session id example in "stick table" chapter. + src_port This is the source TCP port of the session on the client side, + which is the port the client connected from. It is very unlikely + that this function will be useful but it's available at no cost. + It is of type integer and only works with such tables. + url_param() This extracts the first occurrence of the parameter in the query string of the request and uses the corresponding value diff --git a/src/proto_http.c b/src/proto_http.c index 6302ea4682..08750d7f75 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -8256,93 +8256,6 @@ acl_fetch_cookie_cnt(struct proxy *px, struct session *l4, void *l7, unsigned in return 1; } -/************************************************************************/ -/* All supported keywords must be declared here. */ -/************************************************************************/ - -/* Note: must not be declared as its list will be overwritten. - * Please take care of keeping this list alphabetically sorted. - */ -static struct acl_kw_list acl_kws = {{ },{ - { "cook", acl_parse_str, acl_fetch_cookie_value, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) }, - { "cook_beg", acl_parse_str, acl_fetch_cookie_value, acl_match_beg, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, - { "cook_cnt", acl_parse_int, acl_fetch_cookie_cnt, acl_match_int, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, - { "cook_dir", acl_parse_str, acl_fetch_cookie_value, acl_match_dir, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, - { "cook_dom", acl_parse_str, acl_fetch_cookie_value, acl_match_dom, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, - { "cook_end", acl_parse_str, acl_fetch_cookie_value, acl_match_end, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, - { "cook_len", acl_parse_int, acl_fetch_cookie_value, acl_match_len, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, - { "cook_reg", acl_parse_reg, acl_fetch_cookie_value, acl_match_reg, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, - { "cook_sub", acl_parse_str, acl_fetch_cookie_value, acl_match_sub, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, - - { "hdr", acl_parse_str, acl_fetch_hdr, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) }, - { "hdr_beg", acl_parse_str, acl_fetch_hdr, acl_match_beg, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, - { "hdr_cnt", acl_parse_int, acl_fetch_hdr_cnt, acl_match_int, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, - { "hdr_dir", acl_parse_str, acl_fetch_hdr, acl_match_dir, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, - { "hdr_dom", acl_parse_str, acl_fetch_hdr, acl_match_dom, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, - { "hdr_end", acl_parse_str, acl_fetch_hdr, acl_match_end, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, - { "hdr_ip", acl_parse_ip, acl_fetch_hdr_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) }, - { "hdr_len", acl_parse_int, acl_fetch_hdr, acl_match_len, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, - { "hdr_reg", acl_parse_reg, acl_fetch_hdr, acl_match_reg, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, - { "hdr_sub", acl_parse_str, acl_fetch_hdr, acl_match_sub, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, - { "hdr_val", acl_parse_int, acl_fetch_hdr_val, acl_match_int, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, - - { "http_auth", acl_parse_nothing, acl_fetch_http_auth, acl_match_nothing, ACL_USE_L7REQ_VOLATILE, ARG1(0,USR) }, - { "http_auth_group", acl_parse_strcat, acl_fetch_http_auth, acl_match_auth, ACL_USE_L7REQ_VOLATILE, ARG1(0,USR) }, - { "http_first_req", acl_parse_nothing, acl_fetch_http_first_req, acl_match_nothing, ACL_USE_L7REQ_PERMANENT, 0 }, - - { "method", acl_parse_meth, acl_fetch_meth, acl_match_meth, ACL_USE_L7REQ_PERMANENT, 0 }, - - { "path", acl_parse_str, acl_fetch_path, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 }, - { "path_beg", acl_parse_str, acl_fetch_path, acl_match_beg, ACL_USE_L7REQ_VOLATILE, 0 }, - { "path_dir", acl_parse_str, acl_fetch_path, acl_match_dir, ACL_USE_L7REQ_VOLATILE, 0 }, - { "path_dom", acl_parse_str, acl_fetch_path, acl_match_dom, ACL_USE_L7REQ_VOLATILE, 0 }, - { "path_end", acl_parse_str, acl_fetch_path, acl_match_end, ACL_USE_L7REQ_VOLATILE, 0 }, - { "path_len", acl_parse_int, acl_fetch_path, acl_match_len, ACL_USE_L7REQ_VOLATILE, 0 }, - { "path_reg", acl_parse_reg, acl_fetch_path, acl_match_reg, ACL_USE_L7REQ_VOLATILE, 0 }, - { "path_sub", acl_parse_str, acl_fetch_path, acl_match_sub, ACL_USE_L7REQ_VOLATILE, 0 }, - - { "req_proto_http", acl_parse_nothing, acl_fetch_proto_http, acl_match_nothing, ACL_USE_L7REQ_PERMANENT, 0 }, - { "req_ver", acl_parse_ver, acl_fetch_rqver, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 }, - { "resp_ver", acl_parse_ver, acl_fetch_stver, acl_match_str, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, 0 }, - - { "scook", acl_parse_str, acl_fetch_cookie_value, acl_match_str, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) }, - { "scook_beg", acl_parse_str, acl_fetch_cookie_value, acl_match_beg, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, - { "scook_cnt", acl_parse_int, acl_fetch_cookie_cnt, acl_match_int, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, - { "scook_dir", acl_parse_str, acl_fetch_cookie_value, acl_match_dir, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, - { "scook_dom", acl_parse_str, acl_fetch_cookie_value, acl_match_dom, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, - { "scook_end", acl_parse_str, acl_fetch_cookie_value, acl_match_end, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, - { "scook_len", acl_parse_int, acl_fetch_cookie_value, acl_match_len, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, - { "scook_reg", acl_parse_reg, acl_fetch_cookie_value, acl_match_reg, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, - { "scook_sub", acl_parse_str, acl_fetch_cookie_value, acl_match_sub, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, - - { "shdr", acl_parse_str, acl_fetch_hdr, acl_match_str, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) }, - { "shdr_beg", acl_parse_str, acl_fetch_hdr, acl_match_beg, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, - { "shdr_cnt", acl_parse_int, acl_fetch_hdr_cnt, acl_match_int, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, - { "shdr_dir", acl_parse_str, acl_fetch_hdr, acl_match_dir, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, - { "shdr_dom", acl_parse_str, acl_fetch_hdr, acl_match_dom, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, - { "shdr_end", acl_parse_str, acl_fetch_hdr, acl_match_end, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, - { "shdr_ip", acl_parse_ip, acl_fetch_hdr_ip, acl_match_ip, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) }, - { "shdr_len", acl_parse_int, acl_fetch_hdr, acl_match_len, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, - { "shdr_reg", acl_parse_reg, acl_fetch_hdr, acl_match_reg, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, - { "shdr_sub", acl_parse_str, acl_fetch_hdr, acl_match_sub, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, - { "shdr_val", acl_parse_int, acl_fetch_hdr_val, acl_match_int, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, - - { "status", acl_parse_int, acl_fetch_stcode, acl_match_int, ACL_USE_L7RTR_PERMANENT, 0 }, - - { "url", acl_parse_str, acl_fetch_url, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 }, - { "url_beg", acl_parse_str, acl_fetch_url, acl_match_beg, ACL_USE_L7REQ_VOLATILE, 0 }, - { "url_dir", acl_parse_str, acl_fetch_url, acl_match_dir, ACL_USE_L7REQ_VOLATILE, 0 }, - { "url_dom", acl_parse_str, acl_fetch_url, acl_match_dom, ACL_USE_L7REQ_VOLATILE, 0 }, - { "url_end", acl_parse_str, acl_fetch_url, acl_match_end, ACL_USE_L7REQ_VOLATILE, 0 }, - { "url_ip", acl_parse_ip, acl_fetch_url_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 }, - { "url_len", acl_parse_int, acl_fetch_url, acl_match_len, ACL_USE_L7REQ_VOLATILE, 0 }, - { "url_port", acl_parse_int, acl_fetch_url_port, acl_match_int, ACL_USE_L7REQ_VOLATILE, 0 }, - { "url_reg", acl_parse_reg, acl_fetch_url, acl_match_reg, ACL_USE_L7REQ_VOLATILE, 0 }, - { "url_sub", acl_parse_str, acl_fetch_url, acl_match_sub, ACL_USE_L7REQ_VOLATILE, 0 }, - - { NULL, NULL, NULL, NULL }, -}}; - /************************************************************************/ /* The code below is dedicated to pattern fetching and matching */ /************************************************************************/ @@ -8417,7 +8330,7 @@ find_url_param_pos(char* query_string, size_t query_string_l, static int find_url_param_value(char* path, size_t path_l, char* url_param_name, size_t url_param_name_l, - char** value, size_t* value_l) + char** value, int* value_l) { char *query_string, *qs_end; char *arg_start; @@ -8445,22 +8358,24 @@ find_url_param_value(char* path, size_t path_l, } static int -pattern_fetch_url_param(struct proxy *px, struct session *l4, void *l7, unsigned int opt, - const struct arg *arg_p, struct sample *smp) +smp_fetch_url_param(struct proxy *px, struct session *l4, void *l7, unsigned int opt, + const struct arg *args, struct sample *smp) { struct http_txn *txn = l7; struct http_msg *msg = &txn->req; - char *url_param_value; - size_t url_param_value_l; + + if (!args || args->type != ARGT_STR) + return 0; + + CHECK_HTTP_MESSAGE_FIRST(); if (!find_url_param_value(msg->buf->p + msg->sol + msg->sl.rq.u, msg->sl.rq.u_l, - arg_p->data.str.str, arg_p->data.str.len, - &url_param_value, &url_param_value_l)) + args->data.str.str, args->data.str.len, + &smp->data.str.str, &smp->data.str.len)) return 0; smp->type = SMP_T_CSTR; - smp->data.str.str = url_param_value; - smp->data.str.len = url_param_value_l; + smp->flags = SMP_F_VOL_1ST; return 1; } @@ -8544,12 +8459,109 @@ pattern_fetch_set_cookie(struct proxy *px, struct session *l4, void *l7, unsigne } /************************************************************************/ -/* All supported keywords must be declared here. */ +/* All supported ACL keywords must be declared here. */ +/************************************************************************/ + +/* Note: must not be declared as its list will be overwritten. + * Please take care of keeping this list alphabetically sorted. + */ +static struct acl_kw_list acl_kws = {{ },{ + { "cook", acl_parse_str, acl_fetch_cookie_value, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) }, + { "cook_beg", acl_parse_str, acl_fetch_cookie_value, acl_match_beg, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, + { "cook_cnt", acl_parse_int, acl_fetch_cookie_cnt, acl_match_int, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, + { "cook_dir", acl_parse_str, acl_fetch_cookie_value, acl_match_dir, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, + { "cook_dom", acl_parse_str, acl_fetch_cookie_value, acl_match_dom, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, + { "cook_end", acl_parse_str, acl_fetch_cookie_value, acl_match_end, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, + { "cook_len", acl_parse_int, acl_fetch_cookie_value, acl_match_len, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, + { "cook_reg", acl_parse_reg, acl_fetch_cookie_value, acl_match_reg, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, + { "cook_sub", acl_parse_str, acl_fetch_cookie_value, acl_match_sub, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, + + { "hdr", acl_parse_str, acl_fetch_hdr, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) }, + { "hdr_beg", acl_parse_str, acl_fetch_hdr, acl_match_beg, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, + { "hdr_cnt", acl_parse_int, acl_fetch_hdr_cnt, acl_match_int, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, + { "hdr_dir", acl_parse_str, acl_fetch_hdr, acl_match_dir, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, + { "hdr_dom", acl_parse_str, acl_fetch_hdr, acl_match_dom, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, + { "hdr_end", acl_parse_str, acl_fetch_hdr, acl_match_end, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, + { "hdr_ip", acl_parse_ip, acl_fetch_hdr_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) }, + { "hdr_len", acl_parse_int, acl_fetch_hdr, acl_match_len, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, + { "hdr_reg", acl_parse_reg, acl_fetch_hdr, acl_match_reg, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, + { "hdr_sub", acl_parse_str, acl_fetch_hdr, acl_match_sub, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, + { "hdr_val", acl_parse_int, acl_fetch_hdr_val, acl_match_int, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, + + { "http_auth", acl_parse_nothing, acl_fetch_http_auth, acl_match_nothing, ACL_USE_L7REQ_VOLATILE, ARG1(0,USR) }, + { "http_auth_group", acl_parse_strcat, acl_fetch_http_auth, acl_match_auth, ACL_USE_L7REQ_VOLATILE, ARG1(0,USR) }, + { "http_first_req", acl_parse_nothing, acl_fetch_http_first_req, acl_match_nothing, ACL_USE_L7REQ_PERMANENT, 0 }, + + { "method", acl_parse_meth, acl_fetch_meth, acl_match_meth, ACL_USE_L7REQ_PERMANENT, 0 }, + + { "path", acl_parse_str, acl_fetch_path, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 }, + { "path_beg", acl_parse_str, acl_fetch_path, acl_match_beg, ACL_USE_L7REQ_VOLATILE, 0 }, + { "path_dir", acl_parse_str, acl_fetch_path, acl_match_dir, ACL_USE_L7REQ_VOLATILE, 0 }, + { "path_dom", acl_parse_str, acl_fetch_path, acl_match_dom, ACL_USE_L7REQ_VOLATILE, 0 }, + { "path_end", acl_parse_str, acl_fetch_path, acl_match_end, ACL_USE_L7REQ_VOLATILE, 0 }, + { "path_len", acl_parse_int, acl_fetch_path, acl_match_len, ACL_USE_L7REQ_VOLATILE, 0 }, + { "path_reg", acl_parse_reg, acl_fetch_path, acl_match_reg, ACL_USE_L7REQ_VOLATILE, 0 }, + { "path_sub", acl_parse_str, acl_fetch_path, acl_match_sub, ACL_USE_L7REQ_VOLATILE, 0 }, + + { "req_proto_http", acl_parse_nothing, acl_fetch_proto_http, acl_match_nothing, ACL_USE_L7REQ_PERMANENT, 0 }, + { "req_ver", acl_parse_ver, acl_fetch_rqver, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 }, + { "resp_ver", acl_parse_ver, acl_fetch_stver, acl_match_str, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, 0 }, + + { "scook", acl_parse_str, acl_fetch_cookie_value, acl_match_str, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) }, + { "scook_beg", acl_parse_str, acl_fetch_cookie_value, acl_match_beg, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, + { "scook_cnt", acl_parse_int, acl_fetch_cookie_cnt, acl_match_int, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, + { "scook_dir", acl_parse_str, acl_fetch_cookie_value, acl_match_dir, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, + { "scook_dom", acl_parse_str, acl_fetch_cookie_value, acl_match_dom, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, + { "scook_end", acl_parse_str, acl_fetch_cookie_value, acl_match_end, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, + { "scook_len", acl_parse_int, acl_fetch_cookie_value, acl_match_len, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, + { "scook_reg", acl_parse_reg, acl_fetch_cookie_value, acl_match_reg, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, + { "scook_sub", acl_parse_str, acl_fetch_cookie_value, acl_match_sub, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, + + { "shdr", acl_parse_str, acl_fetch_hdr, acl_match_str, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) }, + { "shdr_beg", acl_parse_str, acl_fetch_hdr, acl_match_beg, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, + { "shdr_cnt", acl_parse_int, acl_fetch_hdr_cnt, acl_match_int, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, + { "shdr_dir", acl_parse_str, acl_fetch_hdr, acl_match_dir, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, + { "shdr_dom", acl_parse_str, acl_fetch_hdr, acl_match_dom, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, + { "shdr_end", acl_parse_str, acl_fetch_hdr, acl_match_end, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, + { "shdr_ip", acl_parse_ip, acl_fetch_hdr_ip, acl_match_ip, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) }, + { "shdr_len", acl_parse_int, acl_fetch_hdr, acl_match_len, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, + { "shdr_reg", acl_parse_reg, acl_fetch_hdr, acl_match_reg, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, + { "shdr_sub", acl_parse_str, acl_fetch_hdr, acl_match_sub, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, + { "shdr_val", acl_parse_int, acl_fetch_hdr_val, acl_match_int, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, + + { "status", acl_parse_int, acl_fetch_stcode, acl_match_int, ACL_USE_L7RTR_PERMANENT, 0 }, + + { "url", acl_parse_str, acl_fetch_url, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 }, + { "url_beg", acl_parse_str, acl_fetch_url, acl_match_beg, ACL_USE_L7REQ_VOLATILE, 0 }, + { "url_dir", acl_parse_str, acl_fetch_url, acl_match_dir, ACL_USE_L7REQ_VOLATILE, 0 }, + { "url_dom", acl_parse_str, acl_fetch_url, acl_match_dom, ACL_USE_L7REQ_VOLATILE, 0 }, + { "url_end", acl_parse_str, acl_fetch_url, acl_match_end, ACL_USE_L7REQ_VOLATILE, 0 }, + { "url_ip", acl_parse_ip, acl_fetch_url_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 }, + { "url_len", acl_parse_int, acl_fetch_url, acl_match_len, ACL_USE_L7REQ_VOLATILE, 0 }, + { "url_port", acl_parse_int, acl_fetch_url_port, acl_match_int, ACL_USE_L7REQ_VOLATILE, 0 }, + { "url_reg", acl_parse_reg, acl_fetch_url, acl_match_reg, ACL_USE_L7REQ_VOLATILE, 0 }, + { "url_sub", acl_parse_str, acl_fetch_url, acl_match_sub, ACL_USE_L7REQ_VOLATILE, 0 }, + + { "urlp", acl_parse_str, smp_fetch_url_param, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(1,STR) }, + { "urlp_beg", acl_parse_str, smp_fetch_url_param, acl_match_beg, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) }, + { "urlp_dir", acl_parse_str, smp_fetch_url_param, acl_match_dir, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) }, + { "urlp_dom", acl_parse_str, smp_fetch_url_param, acl_match_dom, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) }, + { "urlp_end", acl_parse_str, smp_fetch_url_param, acl_match_end, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) }, + { "urlp_ip", acl_parse_ip, smp_fetch_url_param, acl_match_ip, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(1,STR) }, + { "urlp_len", acl_parse_int, smp_fetch_url_param, acl_match_len, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) }, + { "urlp_reg", acl_parse_reg, smp_fetch_url_param, acl_match_reg, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) }, + { "urlp_sub", acl_parse_str, smp_fetch_url_param, acl_match_sub, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) }, + + { NULL, NULL, NULL, NULL }, +}}; + +/************************************************************************/ +/* All supported pattern keywords must be declared here. */ /************************************************************************/ /* Note: must not be declared as its list will be overwritten */ static struct pattern_fetch_kw_list pattern_fetch_keywords = {{ },{ { "hdr", pattern_fetch_hdr, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_REQ }, - { "url_param", pattern_fetch_url_param, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_REQ }, + { "url_param", smp_fetch_url_param, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_REQ }, { "cookie", pattern_fetch_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_REQ }, { "set-cookie", pattern_fetch_set_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_RES }, { NULL, NULL, 0, 0, 0 }, diff --git a/src/proto_tcp.c b/src/proto_tcp.c index 6bc669e8ff..b2a3adbaba 100644 --- a/src/proto_tcp.c +++ b/src/proto_tcp.c @@ -1430,7 +1430,7 @@ pattern_fetch_src6(struct proxy *px, struct session *l4, void *l7, unsigned int /* set temp integer to the connection's source port */ static int -acl_fetch_sport(struct proxy *px, struct session *l4, void *l7, unsigned int opt, +smp_fetch_sport(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { smp->type = SMP_T_UINT; @@ -1499,7 +1499,7 @@ pattern_fetch_dst6(struct proxy *px, struct session *l4, void *l7, unsigned int /* set temp integer to the frontend connexion's destination port */ static int -acl_fetch_dport(struct proxy *px, struct session *l4, void *l7, unsigned int opt, +smp_fetch_dport(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp) { stream_sock_get_to_addr(&l4->si[0]); @@ -1512,19 +1512,6 @@ acl_fetch_dport(struct proxy *px, struct session *l4, void *l7, unsigned int opt return 1; } -static int -pattern_fetch_dport(struct proxy *px, struct session *l4, void *l7, unsigned int opt, - const struct arg *arg, struct sample *smp) -{ - smp->type = SMP_T_UINT; - stream_sock_get_to_addr(&l4->si[0]); - - if (!(smp->data.uint = get_host_port(&l4->si[0].addr.to))) - return 0; - - return 1; -} - static int pattern_fetch_payloadlv(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *arg_p, struct sample *smp) @@ -1656,11 +1643,11 @@ static struct cfg_kw_list cfg_kws = {{ },{ */ static struct acl_kw_list acl_kws = {{ },{ { "dst", acl_parse_ip, acl_fetch_dst, acl_match_ip, ACL_USE_TCP4_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "dst_port", acl_parse_int, acl_fetch_dport, acl_match_int, ACL_USE_TCP_PERMANENT, 0 }, + { "dst_port", acl_parse_int, smp_fetch_dport, acl_match_int, ACL_USE_TCP_PERMANENT, 0 }, { "req_rdp_cookie", acl_parse_str, smp_fetch_rdp_cookie, acl_match_str, ACL_USE_L6REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) }, { "req_rdp_cookie_cnt", acl_parse_int, acl_fetch_rdp_cookie_cnt, acl_match_int, ACL_USE_L6REQ_VOLATILE, ARG1(0,STR) }, { "src", acl_parse_ip, acl_fetch_src, acl_match_ip, ACL_USE_TCP4_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "src_port", acl_parse_int, acl_fetch_sport, acl_match_int, ACL_USE_TCP_PERMANENT, 0 }, + { "src_port", acl_parse_int, smp_fetch_sport, acl_match_int, ACL_USE_TCP_PERMANENT, 0 }, { NULL, NULL, NULL, NULL }, }}; @@ -1670,10 +1657,11 @@ static struct pattern_fetch_kw_list pattern_fetch_keywords = {{ },{ { "src6", pattern_fetch_src6, 0, NULL, SMP_T_IPV6, SMP_CAP_REQ|SMP_CAP_RES }, { "dst", pattern_fetch_dst, 0, NULL, SMP_T_IPV4, SMP_CAP_REQ|SMP_CAP_RES }, { "dst6", pattern_fetch_dst6, 0, NULL, SMP_T_IPV6, SMP_CAP_REQ|SMP_CAP_RES }, - { "dst_port", pattern_fetch_dport, 0, NULL, SMP_T_UINT, SMP_CAP_REQ|SMP_CAP_RES }, + { "dst_port", smp_fetch_dport, 0, NULL, SMP_T_UINT, SMP_CAP_REQ|SMP_CAP_RES }, { "payload", pattern_fetch_payload, ARG2(2,UINT,UINT), val_payload, SMP_T_CBIN, SMP_CAP_REQ|SMP_CAP_RES }, { "payload_lv", pattern_fetch_payloadlv, ARG3(2,UINT,UINT,SINT), val_payload_lv, SMP_T_CBIN, SMP_CAP_REQ|SMP_CAP_RES }, { "rdp_cookie", pattern_fetch_rdp_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_REQ|SMP_CAP_RES }, + { "src_port", smp_fetch_sport, 0, NULL, SMP_T_UINT, SMP_CAP_REQ|SMP_CAP_RES }, { NULL, NULL, 0, 0, 0 }, }};