From: wessels <> Date: Thu, 27 Feb 1997 03:49:05 +0000 (+0000) Subject: rrrrrrrrripppped out lots of stuff, including firewall and local lists. X-Git-Tag: SQUID_3_0_PRE1~5067 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=850341335b5878e11ab4979650f7bceb48bd43a8;p=thirdparty%2Fsquid.git rrrrrrrrripppped out lots of stuff, including firewall and local lists. --- diff --git a/src/acl.cc b/src/acl.cc index 9d3aaaaa66..698717e5f3 100644 --- a/src/acl.cc +++ b/src/acl.cc @@ -1,5 +1,5 @@ /* - * $Id: acl.cc,v 1.85 1997/02/20 21:03:09 wessels Exp $ + * $Id: acl.cc,v 1.86 1997/02/26 20:49:05 wessels Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -45,15 +45,6 @@ const char *AclMatchedName = NULL; int aclFromFile = 0; FILE *aclFile; -/* These should never be referenced directly in this file! */ -struct _acl_deny_info_list *DenyInfoList = NULL; -struct _acl_access *HTTPAccessList = NULL; -struct _acl_access *ICPAccessList = NULL; -struct _acl_access *MISSAccessList = NULL; -#if DELAY_HACK -struct _acl_access *DelayAccessList = NULL; -#endif - static struct _acl *AclList = NULL; static struct _acl **AclListTail = &AclList; static const char *const w_space = " \t\n\r"; /* Jasper sez so */ diff --git a/src/cache_cf.cc b/src/cache_cf.cc index 618913bc99..e28b8f9e07 100644 --- a/src/cache_cf.cc +++ b/src/cache_cf.cc @@ -1,5 +1,5 @@ /* - * $Id: cache_cf.cc,v 1.174 1997/02/24 20:22:08 wessels Exp $ + * $Id: cache_cf.cc,v 1.175 1997/02/26 20:49:06 wessels Exp $ * * DEBUG: section 3 Configuration File Parsing * AUTHOR: Harvest Derived @@ -214,8 +214,6 @@ int config_lineno = 0; static char fatal_str[BUFSIZ]; static char *safe_xstrdup _PARAMS((const char *p)); -static int ip_acl_match _PARAMS((struct in_addr, const ip_acl *)); -static void addToIPACL _PARAMS((ip_acl **, const char *, ip_access_type)); static void parseOnOff _PARAMS((int *)); static void parseIntegerValue _PARAMS((int *)); static void parseString _PARAMS((char **)); @@ -241,10 +239,7 @@ static void parseHostDomainLine _PARAMS((void)); static void parseHostDomainTypeLine _PARAMS((void)); static void parseHttpPortLine _PARAMS((void)); static void parseHttpdAccelLine _PARAMS((void)); -static void parseIPLine _PARAMS((ip_acl ** list)); static void parseIcpPortLine _PARAMS((void)); -static void parseLocalDomainFile _PARAMS((const char *fname)); -static void parseLocalDomainLine _PARAMS((void)); static void parseMcastGroupLine _PARAMS((void)); static void parseMemLine _PARAMS((void)); static void parseMgrLine _PARAMS((void)); @@ -254,7 +249,6 @@ static void parseRefreshPattern _PARAMS((int icase)); static void parseVisibleHostnameLine _PARAMS((void)); static void parseWAISRelayLine _PARAMS((void)); static void parseMinutesLine _PARAMS((int *)); -static void ip_acl_destroy _PARAMS((ip_acl **)); static void parseCachemgrPasswd _PARAMS((void)); static void parsePathname _PARAMS((char **)); static void parseProxyLine _PARAMS((peer **)); @@ -268,140 +262,6 @@ self_destruct(void) fatal(fatal_str); } -static int -ip_acl_match(struct in_addr c, const ip_acl * a) -{ - static struct in_addr h; - - h.s_addr = c.s_addr & a->mask.s_addr; - if (h.s_addr == a->addr.s_addr) - return 1; - else - return 0; -} - -static void -ip_acl_destroy(ip_acl ** a) -{ - ip_acl *b; - ip_acl *n; - for (b = *a; b; b = n) { - n = b->next; - safe_free(b); - } - *a = NULL; -} - -ip_access_type -ip_access_check(struct in_addr address, const ip_acl * list) -{ - static int init = 0; - static struct in_addr localhost; - const ip_acl *p = NULL; - struct in_addr naddr; /* network byte-order IP addr */ - - if (!list) - return IP_ALLOW; - - if (!init) { - memset((char *) &localhost, '\0', sizeof(struct in_addr)); - localhost.s_addr = inet_addr("127.0.0.1"); - init = 1; - } - naddr.s_addr = address.s_addr; - if (naddr.s_addr == localhost.s_addr) - return IP_ALLOW; - - debug(3, 5, "ip_access_check: using %s\n", inet_ntoa(naddr)); - - for (p = list; p; p = p->next) { - if (ip_acl_match(naddr, p)) - return p->access; - } - return IP_ALLOW; -} - - -static void -addToIPACL(ip_acl ** list, const char *ip_str, ip_access_type access) -{ - ip_acl *p, *q; - int a1, a2, a3, a4; - int m1, m2, m3, m4; - struct in_addr lmask; - int inv = 0; - int c; - - if (!ip_str) { - return; - } - if (!(*list)) { - /* empty list */ - *list = xcalloc(1, sizeof(ip_acl)); - (*list)->next = NULL; - q = *list; - } else { - /* find end of list */ - p = *list; - while (p->next) - p = p->next; - q = xcalloc(1, sizeof(ip_acl)); - q->next = NULL; - p->next = q; - } - - /* decode ip address */ - if (*ip_str == '!') { - ip_str++; - inv = 1; - } - if (!strcasecmp(ip_str, "all")) { - a1 = a2 = a3 = a4 = 0; - lmask.s_addr = 0; - } else { - a1 = a2 = a3 = a4 = 0; - c = sscanf(ip_str, "%d.%d.%d.%d/%d.%d.%d.%d", &a1, &a2, &a3, &a4, - &m1, &m2, &m3, &m4); - - switch (c) { - case 4: - if (a1 == 0 && a2 == 0 && a3 == 0 && a4 == 0) /* world */ - lmask.s_addr = 0x00000000ul; - else if (a2 == 0 && a3 == 0 && a4 == 0) /* class A */ - lmask.s_addr = htonl(0xff000000ul); - else if (a3 == 0 && a4 == 0) /* class B */ - lmask.s_addr = htonl(0xffff0000ul); - else if (a4 == 0) /* class C */ - lmask.s_addr = htonl(0xffffff00ul); - else - lmask.s_addr = 0xfffffffful; - break; - - case 5: - if (m1 < 0 || m1 > 32) { - debug(3, 0, "addToIPACL: Ignoring invalid IP acl line '%s'\n", - ip_str); - return; - } - lmask.s_addr = m1 ? htonl(0xfffffffful << (32 - m1)) : 0; - break; - - case 8: - lmask.s_addr = htonl(m1 * 0x1000000 + m2 * 0x10000 + m3 * 0x100 + m4); - break; - - default: - debug(3, 0, "addToIPACL: Ignoring invalid IP acl line '%s'\n", - ip_str); - return; - } - } - - q->access = inv ? (access == IP_ALLOW ? IP_DENY : IP_ALLOW) : access; - q->addr.s_addr = htonl(a1 * 0x1000000 + a2 * 0x10000 + a3 * 0x100 + a4); - q->mask.s_addr = lmask.s_addr; -} - void wordlistDestroy(wordlist ** list) { @@ -756,15 +616,6 @@ parseWAISRelayLine(void) Config.Wais.relayPort = (u_short) i; } -static void -parseIPLine(ip_acl ** list) -{ - char *token; - while ((token = strtok(NULL, w_space))) { - addToIPACL(list, token, IP_DENY); - } -} - static void parseWordlist(wordlist ** list) { @@ -802,46 +653,6 @@ parseAddressLine(struct in_addr *addr) self_destruct(); } -static void -parseLocalDomainFile(const char *fname) -{ - LOCAL_ARRAY(char, tmp_line, BUFSIZ); - FILE *fp = NULL; - char *t = NULL; - if ((fp = fopen(fname, "r")) == NULL) { - debug(50, 1, "parseLocalDomainFile: %s: %s\n", fname, xstrerror()); - return; - } - memset(tmp_line, '\0', BUFSIZ); - while (fgets(tmp_line, BUFSIZ, fp)) { - if (tmp_line[0] == '#') - continue; - if (tmp_line[0] == '\0') - continue; - if (tmp_line[0] == '\n') - continue; - for (t = strtok(tmp_line, w_space); t; t = strtok(NULL, w_space)) { - debug(3, 1, "parseLocalDomainFileLine: adding %s\n", t); - wordlistAdd(&Config.local_domain_list, t); - } - } - fclose(fp); -} - -static void -parseLocalDomainLine(void) -{ - char *token = NULL; - struct stat sb; - while ((token = strtok(NULL, w_space))) { - if (stat(token, &sb) < 0) { - wordlistAdd(&Config.local_domain_list, token); - } else { - parseLocalDomainFile(token); - } - } -} - static void parseMcastGroupLine(void) { @@ -1051,13 +862,12 @@ parseConfigFile(const char *file_name) configFreeMemory(); configSetFactoryDefaults(); aclDestroyAcls(); - aclDestroyDenyInfoList(&DenyInfoList); - aclDestroyAccessList(&HTTPAccessList); - aclDestroyAccessList(&MISSAccessList); - aclDestroyAccessList(&ICPAccessList); -#if DELAY_HACK - aclDestroyAccessList(&DelayAccessList); -#endif + aclDestroyDenyInfoList(&Config.denyInfoList); + aclDestroyAccessList(&Config.accessList.HTTP); + aclDestroyAccessList(&Config.accessList.ICP); + aclDestroyAccessList(&Config.accessList.MISS); + aclDestroyAccessList(&Config.accessList.NeverDirect); + aclDestroyAccessList(&Config.accessList.AlwaysDirect); aclDestroyRegexList(Config.cache_stop_relist); Config.cache_stop_relist = NULL; @@ -1159,16 +969,18 @@ parseConfigFile(const char *file_name) aclParseAclLine(); else if (!strcmp(token, "deny_info")) - aclParseDenyInfoLine(&DenyInfoList); + aclParseDenyInfoLine(&Config.denyInfoList); else if (!strcmp(token, "http_access")) - aclParseAccessLine(&HTTPAccessList); - - else if (!strcmp(token, "miss_access")) - aclParseAccessLine(&MISSAccessList); - + aclParseAccessLine(&Config.accessList.HTTP); else if (!strcmp(token, "icp_access")) - aclParseAccessLine(&ICPAccessList); + aclParseAccessLine(&Config.accessList.ICP); + else if (!strcmp(token, "miss_access")) + aclParseAccessLine(&Config.accessList.MISS); + else if (!strcmp(token, "never_direct")) + aclParseAccessLine(&Config.accessList.NeverDirect); + else if (!strcmp(token, "always_direct")) + aclParseAccessLine(&Config.accessList.AlwaysDirect); else if (!strcmp(token, "hierarchy_stoplist")) parseWordlist(&Config.hierarchy_stoplist); @@ -1180,11 +992,6 @@ parseConfigFile(const char *file_name) else if (!strcmp(token, "cache_stoplist_pattern/i")) aclParseRegexList(&Config.cache_stop_relist, 1); -#if DELAY_HACK - else if (!strcmp(token, "delay_access")) - aclParseAccessLine(&DelayAccessList); -#endif - else if (!strcmp(token, "refresh_pattern")) parseRefreshPattern(0); else if (!strcmp(token, "refresh_pattern/i")) @@ -1255,8 +1062,8 @@ parseConfigFile(const char *file_name) #if LOG_FULL_HEADERS else if (!strcmp(token, "log_mime_hdrs")) parseOnOff(&Config.logMimeHdrs); - #endif /* LOG_FULL_HEADERS */ + else if (!strcmp(token, "ident_lookup")) parseOnOff(&Config.identLookup); @@ -1266,15 +1073,6 @@ parseConfigFile(const char *file_name) else if (!strcmp(token, "wais_relay")) parseWAISRelayLine(); - else if (!strcmp(token, "local_ip")) - parseIPLine(&Config.local_ip_list); - - else if (!strcmp(token, "firewall_ip")) - parseIPLine(&Config.firewall_ip_list); - - else if (!strcmp(token, "local_domain")) - parseLocalDomainLine(); - else if (!strcmp(token, "mcast_groups")) parseMcastGroupLine(); @@ -1311,9 +1109,6 @@ parseConfigFile(const char *file_name) else if (!strcmp(token, "icp_port") || !strcmp(token, "udp_port")) parseIcpPortLine(); - else if (!strcmp(token, "inside_firewall")) - parseWordlist(&Config.inside_firewall_list); - else if (!strcmp(token, "dns_testnames")) parseWordlist(&Config.dns_testname_list); @@ -1489,13 +1284,9 @@ configFreeMemory(void) peerDestroy(Config.passProxy); wordlistDestroy(&Config.cache_dirs); wordlistDestroy(&Config.hierarchy_stoplist); - wordlistDestroy(&Config.local_domain_list); wordlistDestroy(&Config.mcast_group_list); - wordlistDestroy(&Config.inside_firewall_list); wordlistDestroy(&Config.dns_testname_list); wordlistDestroy(&Config.cache_stoplist); - ip_acl_destroy(&Config.local_ip_list); - ip_acl_destroy(&Config.firewall_ip_list); objcachePasswdDestroy(&Config.passwd_list); refreshFreeMemory(); } diff --git a/src/client_side.cc b/src/client_side.cc index 13b5536faa..3d0b355d66 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -1,6 +1,6 @@ /* - * $Id: client_side.cc,v 1.91 1997/02/26 19:46:09 wessels Exp $ + * $Id: client_side.cc,v 1.92 1997/02/26 20:49:08 wessels Exp $ * * DEBUG: section 33 Client-side Routines * AUTHOR: Duane Wessels @@ -183,7 +183,7 @@ clientAccessCheck(icpStateData * icpState, void (*handler) (icpStateData *, int) if (checkAccelOnly(icpState)) { answer = 0; } else { - answer = aclCheck(HTTPAccessList, ch); + answer = aclCheck(Config.accessList.HTTP, ch); if (ch->state[ACL_DST_IP] == ACL_LOOKUP_NEED) { ch->state[ACL_DST_IP] = ACL_LOOKUP_PENDING; /* first */ ipcache_nbgethostbyname(icpState->request->host, @@ -227,7 +227,7 @@ clientAccessCheckDone(icpStateData * icpState, int answer) redirectStart(fd, icpState, clientRedirectDone, icpState); } else { debug(33, 5, "Access Denied: %s\n", icpState->url); - redirectUrl = aclGetDenyInfoUrl(&DenyInfoList, AclMatchedName); + redirectUrl = aclGetDenyInfoUrl(&Config.denyInfoList, AclMatchedName); if (redirectUrl) { icpState->http_code = 302, buf = access_denied_redirect(icpState->http_code, @@ -443,7 +443,7 @@ icpProcessExpired(int fd, void *data) icpState->out_offset = 0; /* Register with storage manager to receive updates when data comes in. */ storeRegister(entry, fd, icpHandleIMSReply, (void *) icpState); - protoDispatch(fd, url, icpState->entry, icpState->request); + protoDispatch(fd, icpState->entry, icpState->request); } static int diff --git a/src/main.cc b/src/main.cc index 715e2864cb..60232c37a7 100644 --- a/src/main.cc +++ b/src/main.cc @@ -1,5 +1,5 @@ /* - * $Id: main.cc,v 1.135 1997/02/07 04:57:14 wessels Exp $ + * $Id: main.cc,v 1.136 1997/02/26 20:49:10 wessels Exp $ * * DEBUG: section 1 Startup and Main Loop * AUTHOR: Harvest Derived @@ -455,6 +455,7 @@ serverConnectionsOpen(void) clientdbInit(); icmpOpen(); netdbInit(); + peerSelectInit(); } void diff --git a/src/neighbors.cc b/src/neighbors.cc index 6db52a9cb0..77ecd2c633 100644 --- a/src/neighbors.cc +++ b/src/neighbors.cc @@ -1,5 +1,5 @@ /* - * $Id: neighbors.cc,v 1.124 1997/02/26 19:46:18 wessels Exp $ + * $Id: neighbors.cc,v 1.125 1997/02/26 20:49:11 wessels Exp $ * * DEBUG: section 15 Neighbor Routines * AUTHOR: Harvest Derived @@ -144,8 +144,6 @@ const char *hier_strings[] = "FIRST_UP_PARENT", "NO_PARENT_DIRECT", "FIRST_PARENT_MISS", - "LOCAL_IP_DIRECT", - "FIREWALL_IP_DIRECT", "NO_DIRECT_FAIL", "SOURCE_FASTEST", "SIBLING_UDP_HIT_OBJ", @@ -766,8 +764,7 @@ neighborsUdpAck(int fd, const char *url, icp_common_t * header, const struct soc debug(15, 6, "neighborsUdpAck: All replies received.\n"); /* pass in fd=0 here so protoStart() looks up the real FD * and resets the timeout handler */ - getFromDefaultSource(0, entry); - return; + peerSelect(0, entry->mem_obj->request, entry); } } diff --git a/src/peer_select.cc b/src/peer_select.cc index 2f0d9f71a0..87276474ea 100644 --- a/src/peer_select.cc +++ b/src/peer_select.cc @@ -1,5 +1,5 @@ /* - * $Id: peer_select.cc,v 1.2 1997/02/26 19:46:19 wessels Exp $ + * $Id: peer_select.cc,v 1.3 1997/02/26 20:49:12 wessels Exp $ * * DEBUG: section 44 Peer Selection Algorithm * AUTHOR: Duane Wessels @@ -30,53 +30,26 @@ #include "squid.h" -#define OUTSIDE_FIREWALL 0 -#define INSIDE_FIREWALL 1 -#define NO_FIREWALL 2 - -/* for debugging */ -static char *firewall_desc_str[] = -{ - "OUTSIDE_FIREWALL", - "INSIDE_FIREWALL", - "NO_FIREWALL" -}; - -int -matchIpList(const ipcache_addrs * ia, ip_acl * ip_list) -{ - int i; - if (ip_list == NULL) - return 0; - for (i = 0; i < ia->count; i++) { - if (ip_access_check(ia->in_addrs[i], ip_list) == IP_DENY) - return 1; - } - return 0; -} - -static int -matchLocalDomain(const char *host) -{ - const wordlist *s = NULL; - for (s = Config.local_domain_list; s; s = s->next) { - if (matchDomainName(s->key, host)) - return 1; - } - return 0; -} +static struct { + int timeouts; +} PeerStats; int peerSelectDirect(request_t * request) { + int answer; + aclCheck_t ch; const ipcache_addrs *ia = ipcache_gethostbyname(request->host, 0); - if (ia && matchIpList(ia, Config.firewall_ip_list)) - return DIRECT_MAYBE; /* or DIRECT_YES */ - if (!matchInsideFirewall(request->host)) + memset(&ch, '\0', sizeof(aclCheck_t)); + ch.request = requestLink(request); + ch.dst_addr = ia->in_addrs[ia->cur]; + ch.src_addr = request->client_addr; + answer = aclCheck(Config.accessList.NeverDirect, &ch); + requestUnlink(ch.request); + if (answer) return DIRECT_NO; - if (ia && matchIpList(ia, Config.local_ip_list)) - return DIRECT_YES; - if (matchLocalDomain(request->host)) + answer = aclCheck(Config.accessList.AlwaysDirect, &ch); + if (answer) return DIRECT_YES; if (ia == NULL) return DIRECT_NO; @@ -155,7 +128,7 @@ peerSelect(int fd, request_t * request, StoreEntry * entry) entry->ping_status = PING_WAITING; commSetSelect(fd, COMM_SELECT_TIMEOUT, - (PF) getFromDefaultSource, + peerPingTimeout, (void *) entry, Config.neighborTimeout); return; @@ -170,42 +143,17 @@ peerSelect(int fd, request_t * request, StoreEntry * entry) } } -/* - * return 0 if the host is outside the firewall (no domains matched), and - * return 1 if the host is inside the firewall or no domains at all. - */ -int -matchInsideFirewall(const char *host) +void +peerPingTimeout(int fd, void *data) { - const wordlist *s = Config.inside_firewall_list; - const char *key = NULL; - int result = NO_FIREWALL; - struct in_addr addr; - if (!s && !Config.firewall_ip_list) - /* no firewall goop, all hosts are "inside" the firewall */ - return NO_FIREWALL; - for (; s; s = s->next) { - key = s->key; - if (!strcasecmp(key, "none")) - /* no domains are inside the firewall, all domains are outside */ - return OUTSIDE_FIREWALL; - if (*key == '!') { - key++; - result = OUTSIDE_FIREWALL; - } else { - result = INSIDE_FIREWALL; - } - if (matchDomainName(key, host)) - return result; - } - /* Check for dotted-quads */ - if (Config.firewall_ip_list) { - if ((addr.s_addr = inet_addr(host)) != inaddr_none) { - if (ip_access_check(addr, Config.firewall_ip_list) == IP_DENY) - return INSIDE_FIREWALL; - } - } - /* all through the list and no domains matched, this host must - * not be inside the firewall, it must be outside */ - return OUTSIDE_FIREWALL; + StoreEntry *entry = data; + debug(44,3,"peerPingTimeout: '%s'\n", entry->url); + PeerStats.timeouts++; + peerSelect(fd, entry->mem_obj->request, entry); +} + +void +peerSelectInit(void) +{ + memset(&PeerStats, '\0', sizeof(PeerStats)); }