From ae2c08a2d1925577b4b8c0dc60939ef7afdb9583 Mon Sep 17 00:00:00 2001 From: wessels <> Date: Sat, 30 Jan 1999 04:28:06 +0000 Subject: [PATCH] added myip ACL type (luyer) --- src/acl.cc | 14 +++++++++++++- src/asn.cc | 4 ++-- src/cf.data.pre | 3 ++- src/client_side.cc | 9 ++++++--- src/enums.h | 3 ++- src/forward.cc | 6 ++++-- src/icp_v2.cc | 3 ++- src/icp_v3.cc | 3 ++- src/neighbors.cc | 3 ++- src/net_db.cc | 4 ++-- src/peer_digest.cc | 4 ++-- src/peer_select.cc | 4 +++- src/protos.h | 5 +++-- src/structs.h | 3 ++- src/urn.cc | 4 ++-- 15 files changed, 49 insertions(+), 23 deletions(-) diff --git a/src/acl.cc b/src/acl.cc index 2c40415852..96f478ff71 100644 --- a/src/acl.cc +++ b/src/acl.cc @@ -1,6 +1,6 @@ /* - * $Id: acl.cc,v 1.196 1999/01/24 04:03:48 wessels Exp $ + * $Id: acl.cc,v 1.197 1999/01/29 21:28:06 wessels Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -153,6 +153,8 @@ aclStrToType(const char *s) return ACL_SRC_IP; if (!strcmp(s, "dst")) return ACL_DST_IP; + if (!strcmp(s, "myip")) + return ACL_MY_IP; if (!strcmp(s, "domain")) return ACL_DST_DOMAIN; if (!strcmp(s, "dstdomain")) @@ -209,6 +211,8 @@ aclTypeToStr(squid_acl type) return "src"; if (type == ACL_DST_IP) return "dst"; + if (type == ACL_MY_IP) + return "myip"; if (type == ACL_DST_DOMAIN) return "dstdomain"; if (type == ACL_SRC_DOMAIN) @@ -672,6 +676,7 @@ aclParseAclLine(acl ** head) switch (A->type) { case ACL_SRC_IP: case ACL_DST_IP: + case ACL_MY_IP: aclParseIpList(&A->data); break; case ACL_SRC_DOMAIN: @@ -1228,6 +1233,9 @@ aclMatchAcl(acl * ae, aclCheck_t * checklist) case ACL_SRC_IP: return aclMatchIp(&ae->data, checklist->src_addr); /* NOTREACHED */ + case ACL_MY_IP: + return aclMatchIp(&ae->data, checklist->my_addr); + /* NOTREACHED */ case ACL_DST_IP: ia = ipcache_gethostbyname(r->host, IP_LOOKUP_IF_MISS); if (ia) { @@ -1659,6 +1667,7 @@ aclCheck_t * aclChecklistCreate(const acl_access * A, request_t * request, struct in_addr src_addr, + struct in_addr my_addr, const char *user_agent, const char *ident) { @@ -1674,6 +1683,7 @@ aclChecklistCreate(const acl_access * A, if (request != NULL) checklist->request = requestLink(request); checklist->src_addr = src_addr; + checklist->my_addr = my_addr; for (i = 0; i < ACL_ENUM_MAX; i++) checklist->state[i] = ACL_LOOKUP_NONE; if (user_agent) @@ -1753,6 +1763,7 @@ aclDestroyAcls(acl ** head) switch (a->type) { case ACL_SRC_IP: case ACL_DST_IP: + case ACL_MY_IP: splay_destroy(a->data, aclFreeIpData); break; case ACL_SRC_ARP: @@ -2082,6 +2093,7 @@ aclDumpGeneric(const acl * a) switch (a->type) { case ACL_SRC_IP: case ACL_DST_IP: + case ACL_MY_IP: return aclDumpIpList(a->data); break; case ACL_SRC_DOMAIN: diff --git a/src/asn.cc b/src/asn.cc index 26cfcbef9c..5f17c00244 100644 --- a/src/asn.cc +++ b/src/asn.cc @@ -1,5 +1,5 @@ /* - * $Id: asn.cc,v 1.55 1999/01/19 16:35:13 wessels Exp $ + * $Id: asn.cc,v 1.56 1999/01/29 21:28:07 wessels Exp $ * * DEBUG: section 53 AS Number handling * AUTHOR: Duane Wessels, Kostas Anagnostakis @@ -196,7 +196,7 @@ asnCacheStart(int as) if ((e = storeGetPublic(asres, METHOD_GET)) == NULL) { e = storeCreateEntry(asres, asres, null_request_flags, METHOD_GET); storeClientListAdd(e, asState); - fwdStart(-1, e, asState->request, no_addr); + fwdStart(-1, e, asState->request, no_addr, no_addr); } else { storeLockObject(e); storeClientListAdd(e, asState); diff --git a/src/cf.data.pre b/src/cf.data.pre index 23c27a6efa..eb002c7eb7 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -1,6 +1,6 @@ # -# $Id: cf.data.pre,v 1.141 1999/01/29 21:05:21 wessels Exp $ +# $Id: cf.data.pre,v 1.142 1999/01/29 21:28:08 wessels Exp $ # # # SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -1413,6 +1413,7 @@ DOC_START acl aclname src ip-address/netmask ... (clients IP address) acl aclname src addr1-addr2/netmask ... (range of addresses) acl aclname dst ip-address/netmask ... (URL host's IP address) + acl aclname myip ip-address/netmask ... (local socket IP address) acl aclname srcdomain foo.com ... # reverse lookup, client IP acl aclname dstdomain foo.com ... # Destination server from URL diff --git a/src/client_side.cc b/src/client_side.cc index ed743cab72..87d17ce89b 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -1,6 +1,6 @@ /* - * $Id: client_side.cc,v 1.437 1999/01/24 04:03:50 wessels Exp $ + * $Id: client_side.cc,v 1.438 1999/01/29 21:28:10 wessels Exp $ * * DEBUG: section 33 Client-side Routines * AUTHOR: Duane Wessels @@ -133,6 +133,7 @@ clientAccessCheck(void *data) http->acl_checklist = aclChecklistCreate(Config.accessList.http, http->request, conn->peer.sin_addr, + conn->me.sin_addr, browser, conn->ident); #if USE_IDENT @@ -304,7 +305,7 @@ clientProcessExpired(void *data) http->entry = entry; http->out.offset = 0; fwdStart(http->conn->fd, http->entry, http->request, - http->conn->peer.sin_addr); + http->conn->peer.sin_addr, http->conn->me.sin_addr); /* Register with storage manager to receive updates when data comes in. */ if (EBIT_TEST(entry->flags, ENTRY_ABORTED)) debug(33, 0) ("clientProcessExpired: found ENTRY_ABORTED object\n"); @@ -852,6 +853,7 @@ clientCachable(clientHttpRequest * http) * This may not work yet for 'dst' and 'dst_domain' ACLs. */ ch.src_addr = http->conn->peer.sin_addr; + ch.my_addr = http->conn->me.sin_addr; ch.request = http->request; /* * aclCheckFast returns 1 for ALLOW and 0 for DENY. The default @@ -1860,7 +1862,8 @@ clientProcessMiss(clientHttpRequest * http) } if (http->flags.internal) r->protocol = PROTO_INTERNAL; - fwdStart(http->conn->fd, http->entry, r, http->conn->peer.sin_addr); + fwdStart(http->conn->fd, http->entry, r, + http->conn->peer.sin_addr, http->conn->me.sin_addr); } static clientHttpRequest * diff --git a/src/enums.h b/src/enums.h index d428959d46..c1b3a159ed 100644 --- a/src/enums.h +++ b/src/enums.h @@ -1,6 +1,6 @@ /* - * $Id: enums.h,v 1.144 1999/01/24 04:03:51 wessels Exp $ + * $Id: enums.h,v 1.145 1999/01/29 21:28:11 wessels Exp $ * * * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -89,6 +89,7 @@ typedef enum { ACL_NONE, ACL_SRC_IP, ACL_DST_IP, + ACL_MY_IP, ACL_SRC_DOMAIN, ACL_DST_DOMAIN, ACL_SRC_DOM_REGEX, diff --git a/src/forward.cc b/src/forward.cc index 858b979bb8..06eb2b5756 100644 --- a/src/forward.cc +++ b/src/forward.cc @@ -1,6 +1,6 @@ /* - * $Id: forward.cc,v 1.52 1999/01/19 19:23:27 wessels Exp $ + * $Id: forward.cc,v 1.53 1999/01/29 21:28:12 wessels Exp $ * * DEBUG: section 17 Request Forwarding * AUTHOR: Duane Wessels @@ -384,7 +384,8 @@ fwdReforward(FwdState * fwdState) /* PUBLIC FUNCTIONS */ void -fwdStart(int fd, StoreEntry * e, request_t * r, struct in_addr client_addr) +fwdStart(int fd, StoreEntry * e, request_t * r, struct in_addr client_addr, + struct in_addr my_addr) { FwdState *fwdState; aclCheck_t ch; @@ -401,6 +402,7 @@ fwdStart(int fd, StoreEntry * e, request_t * r, struct in_addr client_addr) */ memset(&ch, '\0', sizeof(aclCheck_t)); ch.src_addr = client_addr; + ch.my_addr = my_addr; ch.request = r; answer = aclCheckFast(Config.accessList.miss, &ch); if (answer == 0) { diff --git a/src/icp_v2.cc b/src/icp_v2.cc index c7c3695953..6b16c821ee 100644 --- a/src/icp_v2.cc +++ b/src/icp_v2.cc @@ -1,6 +1,6 @@ /* - * $Id: icp_v2.cc,v 1.57 1999/01/11 23:29:42 wessels Exp $ + * $Id: icp_v2.cc,v 1.58 1999/01/29 21:28:13 wessels Exp $ * * DEBUG: section 12 Internet Cache Protocol * AUTHOR: Duane Wessels @@ -218,6 +218,7 @@ icpHandleIcpV2(int fd, struct sockaddr_in from, char *buf, int len) break; } checklist.src_addr = from.sin_addr; + checklist.my_addr = no_addr; checklist.request = icp_request; allow = aclCheckFast(Config.accessList.icp, &checklist); if (!allow) { diff --git a/src/icp_v3.cc b/src/icp_v3.cc index 181b80dcc1..4213a9a9fa 100644 --- a/src/icp_v3.cc +++ b/src/icp_v3.cc @@ -1,6 +1,6 @@ /* - * $Id: icp_v3.cc,v 1.27 1998/12/05 00:54:30 wessels Exp $ + * $Id: icp_v3.cc,v 1.28 1999/01/29 21:28:14 wessels Exp $ * * DEBUG: section 12 Internet Cache Protocol * AUTHOR: Duane Wessels @@ -72,6 +72,7 @@ icpHandleIcpV3(int fd, struct sockaddr_in from, char *buf, int len) break; } checklist.src_addr = from.sin_addr; + checklist.my_addr = no_addr; checklist.request = icp_request; allow = aclCheckFast(Config.accessList.icp, &checklist); if (!allow) { diff --git a/src/neighbors.cc b/src/neighbors.cc index cd48e048dd..bf3b46e614 100644 --- a/src/neighbors.cc +++ b/src/neighbors.cc @@ -1,6 +1,6 @@ /* - * $Id: neighbors.cc,v 1.267 1999/01/11 16:50:33 wessels Exp $ + * $Id: neighbors.cc,v 1.268 1999/01/29 21:28:15 wessels Exp $ * * DEBUG: section 15 Neighbor Routines * AUTHOR: Harvest Derived @@ -147,6 +147,7 @@ peerAllowedToUse(const peer * p, request_t * request) if (p->access == NULL) return do_ping; checklist.src_addr = request->client_addr; + checklist.my_addr = no_addr; /* XXX wrong */ checklist.request = request; return aclCheckFast(p->access, &checklist); } diff --git a/src/net_db.cc b/src/net_db.cc index ee41bd1fd6..08f5e5b4f7 100644 --- a/src/net_db.cc +++ b/src/net_db.cc @@ -1,6 +1,6 @@ /* - * $Id: net_db.cc,v 1.135 1999/01/11 16:50:35 wessels Exp $ + * $Id: net_db.cc,v 1.136 1999/01/29 21:28:16 wessels Exp $ * * DEBUG: section 38 Network Measurement Database * AUTHOR: Duane Wessels @@ -971,7 +971,7 @@ netdbExchangeStart(void *data) storeClientCopy(ex->e, ex->seen, ex->used, ex->buf_sz, ex->buf, netdbExchangeHandleReply, ex); ex->r->flags.loopdetect = 1; /* cheat! -- force direct */ - fwdStart(-1, ex->e, ex->r, no_addr); + fwdStart(-1, ex->e, ex->r, no_addr, no_addr); #endif } diff --git a/src/peer_digest.cc b/src/peer_digest.cc index 00af1f49b2..14204b1cd9 100644 --- a/src/peer_digest.cc +++ b/src/peer_digest.cc @@ -1,6 +1,6 @@ /* - * $Id: peer_digest.cc,v 1.69 1999/01/11 16:50:36 wessels Exp $ + * $Id: peer_digest.cc,v 1.70 1999/01/29 21:28:17 wessels Exp $ * * DEBUG: section 72 Peer Digest Routines * AUTHOR: Alex Rousskov @@ -317,7 +317,7 @@ peerDigestRequest(PeerDigest * pd) /* push towards peer cache */ debug(72, 3) ("peerDigestRequest: forwarding to fwdStart...\n"); - fwdStart(-1, e, req, no_addr); + fwdStart(-1, e, req, no_addr, no_addr); cbdataLock(fetch); cbdataLock(fetch->pd); storeClientCopy(e, 0, 0, 4096, memAllocate(MEM_4K_BUF), diff --git a/src/peer_select.cc b/src/peer_select.cc index 3f1194508d..b1af9d3717 100644 --- a/src/peer_select.cc +++ b/src/peer_select.cc @@ -1,6 +1,6 @@ /* - * $Id: peer_select.cc,v 1.96 1999/01/29 17:20:56 wessels Exp $ + * $Id: peer_select.cc,v 1.97 1999/01/29 21:28:18 wessels Exp $ * * DEBUG: section 44 Peer Selection Algorithm * AUTHOR: Duane Wessels @@ -237,6 +237,7 @@ peerSelectFoo(ps_state * ps) Config.accessList.AlwaysDirect, request, request->client_addr, + no_addr, /* XXX wrong */ NULL, /* user agent */ NULL); /* ident */ aclNBCheck(ps->acl_checklist, @@ -250,6 +251,7 @@ peerSelectFoo(ps_state * ps) Config.accessList.NeverDirect, request, request->client_addr, + no_addr, /* XXX wrong */ NULL, /* user agent */ NULL); /* ident */ aclNBCheck(ps->acl_checklist, diff --git a/src/protos.h b/src/protos.h index 87b5d910cb..4087a5e274 100644 --- a/src/protos.h +++ b/src/protos.h @@ -1,6 +1,6 @@ /* - * $Id: protos.h,v 1.312 1999/01/24 04:03:53 wessels Exp $ + * $Id: protos.h,v 1.313 1999/01/29 21:28:19 wessels Exp $ * * * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -45,6 +45,7 @@ extern void fvdbCountForw(const char *key); extern aclCheck_t *aclChecklistCreate(const struct _acl_access *, request_t *, struct in_addr src, + struct in_addr me, const char *user_agent, const char *ident); extern void aclNBCheck(aclCheck_t *, PF *, void *); @@ -651,7 +652,7 @@ extern void peerDigestNotePeerGone(PeerDigest * pd); extern void peerDigestStatsReport(const PeerDigest * pd, StoreEntry * e); /* forward.c */ -extern void fwdStart(int, StoreEntry *, request_t *, struct in_addr); +extern void fwdStart(int, StoreEntry *, request_t *, struct in_addr, struct in_addr); extern DEFER fwdCheckDeferRead; extern void fwdFail(FwdState *, ErrorState *); extern void fwdUnregister(int fd, FwdState *); diff --git a/src/structs.h b/src/structs.h index 0ec3d9e802..da9f5407a1 100644 --- a/src/structs.h +++ b/src/structs.h @@ -1,6 +1,6 @@ /* - * $Id: structs.h,v 1.273 1999/01/24 04:03:54 wessels Exp $ + * $Id: structs.h,v 1.274 1999/01/29 21:28:21 wessels Exp $ * * * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -141,6 +141,7 @@ struct _aclCheck_t { const acl_access *access_list; struct in_addr src_addr; struct in_addr dst_addr; + struct in_addr my_addr; request_t *request; #if USE_IDENT ConnStateData *conn; /* hack for ident */ diff --git a/src/urn.cc b/src/urn.cc index a462d41403..e6405c27f5 100644 --- a/src/urn.cc +++ b/src/urn.cc @@ -1,7 +1,7 @@ /* * - * $Id: urn.cc,v 1.50 1999/01/11 16:50:43 wessels Exp $ + * $Id: urn.cc,v 1.51 1999/01/29 21:28:22 wessels Exp $ * * DEBUG: section 52 URN Parsing * AUTHOR: Kostas Anagnostakis @@ -138,7 +138,7 @@ urnStart(request_t * r, StoreEntry * e) if ((urlres_e = storeGetPublic(urlres, METHOD_GET)) == NULL) { urlres_e = storeCreateEntry(urlres, urlres, null_request_flags, METHOD_GET); storeClientListAdd(urlres_e, urnState); - fwdStart(-1, urlres_e, urlres_r, no_addr); + fwdStart(-1, urlres_e, urlres_r, no_addr, no_addr); } else { storeLockObject(urlres_e); storeClientListAdd(urlres_e, urnState); -- 2.47.3