From: Willy Tarreau Date: Sun, 17 Jun 2007 18:40:25 +0000 (+0200) Subject: [MEDIUM] acl: added the TRUE and FALSE ACLs. X-Git-Tag: v1.3.12~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a590983fe57f706b827444eb9ca10b9043c37032;p=thirdparty%2Fhaproxy.git [MEDIUM] acl: added the TRUE and FALSE ACLs. Those ACLs are sometimes useful for troubleshooting. Two ACL subjects "always_true" and "always_false" have been added too. They return what their subject says for every pattern. Also, acl_match_pst() has been removed. --- diff --git a/include/proto/acl.h b/include/proto/acl.h index 896872f258..4e2b30177a 100644 --- a/include/proto/acl.h +++ b/include/proto/acl.h @@ -94,11 +94,6 @@ void acl_unregister_keywords(struct acl_kw_list *kwl); */ -/* This one always returns 1 because its only purpose is to check that the - * value is present, which is already checked by getval(). - */ -int acl_match_pst(struct acl_test *test, struct acl_pattern *pattern); - /* NB: For two strings to be identical, it is required that their lengths match */ int acl_match_str(struct acl_test *test, struct acl_pattern *pattern); diff --git a/src/acl.c b/src/acl.c index bdf0b08106..a4744602ec 100644 --- a/src/acl.c +++ b/src/acl.c @@ -30,14 +30,40 @@ static struct acl_kw_list acl_keywords = { }; -/* This one always returns 1 because its only purpose is to check that the - * value is present, which is already checked by getval(). +/* + * These functions are only used for debugging complex configurations. */ -int acl_match_pst(struct acl_test *test, struct acl_pattern *pattern) + +/* ignore the current line */ +static int +acl_parse_nothing(const char **text, struct acl_pattern *pattern, int *opaque) +{ + return 1; +} + +/* always fake a data retrieval */ +static int +acl_fetch_nothing(struct proxy *px, struct session *l4, void *l7, int dir, + struct acl_expr *expr, struct acl_test *test) { return 1; } +/* always return true */ +static int +acl_match_true(struct acl_test *test, struct acl_pattern *pattern) +{ + return 1; +} + +/* always return false */ +static int +acl_match_false(struct acl_test *test, struct acl_pattern *pattern) +{ + return 0; +} + + /* NB: For two strings to be identical, it is required that their lengths match */ int acl_match_str(struct acl_test *test, struct acl_pattern *pattern) { @@ -590,6 +616,8 @@ const struct { const char *name; const char *expr[4]; /* put enough for longest expression */ } default_acl_list[] = { + { .name = "TRUE", .expr = {"always_true","1",""}}, + { .name = "FALSE", .expr = {"always_false","0",""}}, { .name = "LOCALHOST", .expr = {"src","127.0.0.1/8",""}}, { .name = "HTTP_1.0", .expr = {"req_ver","1.0",""}}, { .name = "HTTP_1.1", .expr = {"req_ver","1.1",""}}, @@ -871,6 +899,8 @@ int acl_exec_cond(struct acl_cond *cond, struct proxy *px, struct session *l4, v /* Note: must not be declared as its list will be overwritten */ static struct acl_kw_list acl_kws = {{ },{ + { "always_true", acl_parse_nothing, acl_fetch_nothing, acl_match_true }, + { "always_false", acl_parse_nothing, acl_fetch_nothing, acl_match_false }, #if 0 { "time", acl_parse_time, acl_fetch_time, acl_match_time }, #endif