From 5b8077638a70de0e8e43135c0abddeafff3a4db9 Mon Sep 17 00:00:00 2001
From: serassio <>
Date: Sun, 8 May 2005 15:58:05 +0000
Subject: [PATCH] Fixed the dump format of arp ACL Added arp ACL documentation
 in squid.conf

---
 src/ACLARP.cc   |  7 ++++---
 src/cf.data.pre | 13 ++++++++++++-
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/ACLARP.cc b/src/ACLARP.cc
index 9fb7187299..aea067bab3 100644
--- a/src/ACLARP.cc
+++ b/src/ACLARP.cc
@@ -1,5 +1,5 @@
 /*
- * $Id: ACLARP.cc,v 1.16 2005/05/08 09:15:38 serassio Exp $
+ * $Id: ACLARP.cc,v 1.17 2005/05/08 09:58:05 serassio Exp $
  *
  * DEBUG: section 28    Access Control
  * AUTHOR: Duane Wessels
@@ -677,8 +677,9 @@ aclDumpArpListWalkee(acl_arp_data * const &node, void *state)
     acl_arp_data *arp = node;
     static char buf[24];
     snprintf(buf, sizeof(buf), "%02x:%02x:%02x:%02x:%02x:%02x",
-             arp->eth[0], arp->eth[1], arp->eth[2], arp->eth[3],
-             arp->eth[4], arp->eth[5]);
+             arp->eth[0] & 0xff, arp->eth[1] & 0xff,
+             arp->eth[2] & 0xff, arp->eth[3] & 0xff,
+             arp->eth[4] & 0xff, arp->eth[5] & 0xff);
     wordlistAdd((wordlist **)state, buf);
 }
 
diff --git a/src/cf.data.pre b/src/cf.data.pre
index f66e710322..4657f2dfef 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1,6 +1,6 @@
 
 #
-# $Id: cf.data.pre,v 1.387 2005/05/01 08:11:48 serassio Exp $
+# $Id: cf.data.pre,v 1.388 2005/05/08 09:58:05 serassio Exp $
 #
 #
 # SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -2480,6 +2480,16 @@ DOC_START
 	acl aclname dst      ip-address/netmask ... (URL host's IP address)
 	acl aclname myip     ip-address/netmask ... (local socket IP address)
 
+	acl aclname arp      mac-address ... (xx:xx:xx:xx:xx:xx notation)
+	  # The arp ACL requires the special configure option --enable-arp-acl.
+	  # Furthermore, the ARP ACL code is not portable to all operating systems.
+	  # It works on Linux, Solaris, Windows, FreeBSD, OpenBSD and some other *BSD
+	  # variants.
+	  #
+	  # NOTE: Squid can only determine the MAC address for clients that are on
+	  # the same subnet. If the client is on a different subnet, then Squid cannot
+	  # find out its MAC address.
+
 	acl aclname srcdomain   .foo.com ...    # reverse lookup, client IP
 	acl aclname dstdomain   .foo.com ...    # Destination server from URL
 	acl aclname srcdom_regex [-i] xxx ...   # regex matching client name
@@ -2597,6 +2607,7 @@ DOC_START
 	  # use REQUIRED to accept any non-null user name.
 
 Examples:
+acl macaddress arp 09:00:2b:23:45:67
 acl myexample dst_as 1241
 acl password proxy_auth REQUIRED
 acl fileupload req_mime_type -i ^multipart/form-data$
-- 
2.47.3