From: wessels <> Date: Sat, 6 Dec 1997 02:30:03 +0000 (+0000) Subject: ACL ARP support X-Git-Tag: SQUID_3_0_PRE1~4388 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=66c75c41fb48fdd6145897ee7ed09c7dfd84ce1e;p=thirdparty%2Fsquid.git ACL ARP support From: dale@server.ctam.bitmcnit.bryansk.su (Dale) Working on setting up a proper firewall for a network containing some Win'95 computers at our Univ, I've discovered that some smart students avoid the restrictions easily just changing their IP addresses in Win'95 Contol Panel... It has been getting boring, so I took Squid-1.1.18 sources and added a new acl type for hard-wired access control: --- diff --git a/src/acl.cc b/src/acl.cc index 73566b0dfb..03a8846983 100644 --- a/src/acl.cc +++ b/src/acl.cc @@ -1,6 +1,6 @@ /* - * $Id: acl.cc,v 1.120 1997/11/21 01:59:14 wessels Exp $ + * $Id: acl.cc,v 1.121 1997/12/05 19:30:03 wessels Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -168,6 +168,10 @@ aclType(const char *s) return ACL_SRC_ASN; if (!strcmp(s, "dst_as")) return ACL_DST_ASN; +#if USE_ARP_ACL + if (!strcmp(s, "arp")) + return ACL_SRC_ARP; +#endif return ACL_NONE; } @@ -696,6 +700,11 @@ aclParseAclLine(acl ** head) case ACL_DST_ASN: aclParseIntlist(&A->data); break; +#if USE_ARP_ACL + case ACL_SRC_ARP: + aclParseArpList(&A->data); + break; +#endif case ACL_NONE: default: fatal("Bad ACL type"); @@ -1249,6 +1258,10 @@ aclMatchAcl(struct _acl *acl, aclCheck_t * checklist) case ACL_DST_ASN: assert(0); return 0; +#if USE_ARP_ACL + case ACL_SRC_ARP: + return aclMatchArp(&acl->data, checklist->src_addr); +#endif case ACL_NONE: default: debug(28, 0) ("aclMatchAcl: '%s' has bad type %d\n", diff --git a/src/protos.h b/src/protos.h index 05aff4f2fe..7347825424 100644 --- a/src/protos.h +++ b/src/protos.h @@ -1,6 +1,5 @@ - extern void accessLogLog(AccessLogEntry *); extern void accessLogRotate(void); extern void accessLogClose(void); @@ -29,6 +28,19 @@ extern void aclDestroyRegexList(struct _relist *data); extern int aclMatchRegex(relist * data, const char *word); extern void aclParseRegexList(void *curlist); +#if USE_ARP_ACL +extern int checkARP(u_long ip, char *eth); +extern int decode_eth(const char *asc, char *eth); +extern int aclMatchArp(void *dataptr, struct in_addr c); +#if USE_SPLAY_TREE +extern int aclArpNetworkCompare(const void *, splayNode *); +extern void aclParseArpList(void *curlist); +#elif USE_BIN_TREE +extern int bintreeArpNetworkCompare(void *, void *); +extern void aclParseArpList(void **curtree); +#endif +extern void aclParseArpList(void *curlist); +#endif extern int aio_cancel(aio_result_t *); extern int aio_open(const char *, int, mode_t, aio_result_t *); @@ -585,3 +597,13 @@ extern void asnAclInitialize(acl *); extern void dlinkAdd(void *data, dlink_node *, dlink_list *); extern void dlinkDelete(dlink_node * m, dlink_list * list); + +/* + * prototypes for system functions missing from system includes + */ + +#ifdef _SQUID_SOLARIS_ +int getrusage(int, struct rusage *); +int getpagesize(void); +int gethostname(char *, int); +#endif diff --git a/src/structs.h b/src/structs.h index aaa324ed83..d74b3630c7 100644 --- a/src/structs.h +++ b/src/structs.h @@ -34,6 +34,15 @@ struct _acl_deny_info_list { struct _acl_deny_info_list *next; }; +#if USE_ARP_ACL +struct _acl_arp_data { + unsigned char eth[6]; +#ifndef USE_SPLAY_TREE + struct _acl_arp_data *next; +#endif +}; +#endif + #if SQUID_SNMP struct _snmpconf { char *line;