--------------------- PatchSet 4195 Date: 2007/04/07 06:44:29 Author: amosjeffries Branch: squid3-ipv6 Tag: (none) Log: Rollout conversion to ASN ACLs. Added CIDR mask retrieval to IPAddress Members: include/IPAddress.h:1.1.2.8->1.1.2.9 lib/IPAddress.cc:1.1.2.19->1.1.2.20 src/ACLASN.h:1.5.6.5->1.5.6.6 src/ACLDestinationASN.h:1.1.12.1->1.1.12.2 src/ACLSourceASN.h:1.1.12.1->1.1.12.2 src/asn.cc:1.16.6.12->1.16.6.13 Index: squid3/include/IPAddress.h =================================================================== RCS file: /cvsroot/squid-sf//squid3/include/Attic/IPAddress.h,v retrieving revision 1.1.2.8 retrieving revision 1.1.2.9 diff -u -r1.1.2.8 -r1.1.2.9 --- squid3/include/IPAddress.h 5 Apr 2007 09:47:56 -0000 1.1.2.8 +++ squid3/include/IPAddress.h 7 Apr 2007 06:44:29 -0000 1.1.2.9 @@ -1,5 +1,5 @@ /* - * $Id: IPAddress.h,v 1.1.2.8 2007/04/05 09:47:56 amosjeffries Exp $ + * $Id: IPAddress.h,v 1.1.2.9 2007/04/07 06:44:29 amosjeffries Exp $ */ #ifndef _INC_IPADDRESS_H #define _INC_IPADDRESS_H @@ -136,6 +136,12 @@ /// Fast reset of the stored content to what would be after default constructor. void SetEmpty(); + /** + * Valid results IF and only IF the stored IP address is actually a network bitmask + * \retval N number of bits which are set in the bitmask stored. + */ + int GetCIDR(); + /** Apply a mask to the stored address. * \param mask Netmask format to be bit-mask-AND'd over the stored address. */ Index: squid3/lib/IPAddress.cc =================================================================== RCS file: /cvsroot/squid-sf//squid3/lib/Attic/IPAddress.cc,v retrieving revision 1.1.2.19 retrieving revision 1.1.2.20 diff -u -r1.1.2.19 -r1.1.2.20 --- squid3/lib/IPAddress.cc 5 Apr 2007 10:51:40 -0000 1.1.2.19 +++ squid3/lib/IPAddress.cc 7 Apr 2007 06:44:29 -0000 1.1.2.20 @@ -1,5 +1,5 @@ /* - * $Id: IPAddress.cc,v 1.1.2.19 2007/04/05 10:51:40 amosjeffries Exp $ + * $Id: IPAddress.cc,v 1.1.2.20 2007/04/07 06:44:29 amosjeffries Exp $ */ #include "IPAddress.h" @@ -65,6 +65,36 @@ { memset(this,0,sizeof(IPAddress)); } + +int +IPAddress::GetCIDR() +{ + u_char shift,byte; + char bit,caught; + int len = 0; + char *ptr= (char *)&m_SocketAddr.sin6_addr; + + /* Let's scan all the bits from Most Significant to Least */ + /* Until we find an "0" bit. Then, we return */ + for (shift=0;shift-1); bit--) { + caught = ((byte & 0x80) == 0x00); /* Found a '0' at 'bit' ? */ + if (!caught) len++; + byte <<= 1; + } + if (caught) break; /* We have found the most significant "0" bit. */ + } + + return len; +} + const int IPAddress::ApplyMask(IPAddress const &mask_addr) { uint32_t *p1 = (uint32_t*)(&m_SocketAddr.sin6_addr); Index: squid3/src/ACLASN.h =================================================================== RCS file: /cvsroot/squid-sf//squid3/src/ACLASN.h,v retrieving revision 1.5.6.5 retrieving revision 1.5.6.6 diff -u -r1.5.6.5 -r1.5.6.6 --- squid3/src/ACLASN.h 13 Mar 2007 07:00:31 -0000 1.5.6.5 +++ squid3/src/ACLASN.h 7 Apr 2007 06:44:29 -0000 1.5.6.6 @@ -1,6 +1,6 @@ /* - * $Id: ACLASN.h,v 1.5.6.5 2007/03/13 07:00:31 amosjeffries Exp $ + * $Id: ACLASN.h,v 1.5.6.6 2007/04/07 06:44:29 amosjeffries Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -39,17 +39,18 @@ #include "List.h" #include "ACLStrategised.h" #include "ACLChecklist.h" +#include "IPAddress.h" /* forward decls */ class CacheManager; -SQUIDCEXTERN int asnMatchIp(List *, struct IN_ADDR); +SQUIDCEXTERN int asnMatchIp(List *, IPAddress &); SQUIDCEXTERN void asnInit(void); extern void asnRegisterWithCacheManager(CacheManager & manager); SQUIDCEXTERN void asnFreeMemory(void); -class ACLASN : public ACLData +class ACLASN : public ACLData { public: @@ -57,18 +58,18 @@ virtual ~ACLASN(); - virtual bool match(struct IN_ADDR); + virtual bool match(IPAddress); virtual wordlist *dump(); virtual void parse(); bool empty() const; - virtual ACLData *clone() const; + virtual ACLData *clone() const; virtual void prepareForUse(); private: static ACL::Prototype SourceRegistryProtoype; - static ACLStrategised SourceRegistryEntry_; + static ACLStrategised SourceRegistryEntry_; static ACL::Prototype DestinationRegistryProtoype; - static ACLStrategised DestinationRegistryEntry_; + static ACLStrategised DestinationRegistryEntry_; List *data; }; Index: squid3/src/ACLDestinationASN.h =================================================================== RCS file: /cvsroot/squid-sf//squid3/src/ACLDestinationASN.h,v retrieving revision 1.1.12.1 retrieving revision 1.1.12.2 diff -u -r1.1.12.1 -r1.1.12.2 --- squid3/src/ACLDestinationASN.h 19 Apr 2005 10:57:55 -0000 1.1.12.1 +++ squid3/src/ACLDestinationASN.h 7 Apr 2007 06:44:29 -0000 1.1.12.2 @@ -1,6 +1,6 @@ /* - * $Id: ACLDestinationASN.h,v 1.1.12.1 2005/04/19 10:57:55 rmartinez Exp $ + * $Id: ACLDestinationASN.h,v 1.1.12.2 2007/04/07 06:44:29 amosjeffries Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -37,8 +37,9 @@ #define SQUID_ACLDESTINATIONASN_H #include "ACLASN.h" #include "ACLStrategy.h" +#include "IPAddress.h" -class ACLDestinationASNStrategy : public ACLStrategy +class ACLDestinationASNStrategy : public ACLStrategy { public: Index: squid3/src/ACLSourceASN.h =================================================================== RCS file: /cvsroot/squid-sf//squid3/src/ACLSourceASN.h,v retrieving revision 1.1.12.1 retrieving revision 1.1.12.2 diff -u -r1.1.12.1 -r1.1.12.2 --- squid3/src/ACLSourceASN.h 19 Apr 2005 10:57:55 -0000 1.1.12.1 +++ squid3/src/ACLSourceASN.h 7 Apr 2007 06:44:29 -0000 1.1.12.2 @@ -1,6 +1,6 @@ /* - * $Id: ACLSourceASN.h,v 1.1.12.1 2005/04/19 10:57:55 rmartinez Exp $ + * $Id: ACLSourceASN.h,v 1.1.12.2 2007/04/07 06:44:29 amosjeffries Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -37,8 +37,9 @@ #define SQUID_ACLSOURCEASN_H #include "ACLASN.h" #include "ACLStrategy.h" +#include "IPAddress.h" -class ACLSourceASNStrategy : public ACLStrategy +class ACLSourceASNStrategy : public ACLStrategy { public: Index: squid3/src/asn.cc =================================================================== RCS file: /cvsroot/squid-sf//squid3/src/asn.cc,v retrieving revision 1.16.6.12 retrieving revision 1.16.6.13 diff -u -r1.16.6.12 -r1.16.6.13 --- squid3/src/asn.cc 5 Apr 2007 06:15:13 -0000 1.16.6.12 +++ squid3/src/asn.cc 7 Apr 2007 06:44:29 -0000 1.16.6.13 @@ -1,6 +1,6 @@ /* - * $Id: asn.cc,v 1.16.6.12 2007/04/05 06:15:13 amosjeffries Exp $ + * $Id: asn.cc,v 1.16.6.13 2007/04/07 06:44:29 amosjeffries Exp $ * * DEBUG: section 53 AS Number handling * AUTHOR: Duane Wessels, Kostas Anagnostakis @@ -53,12 +53,15 @@ /* BEGIN of definitions for radix tree entries */ + +/* AYJ INET6 : Why are these objects being converted to raw u_char memory for use ? */ + /* 32/128 bits address in memory with length */ -typedef u_char m_IN_ADDR[1 + sizeof(struct IN_ADDR)]; -#define store_m_IN_ADDR(i, m) \ - (m[0] = sizeof(struct IN_ADDR), xmemcpy(m+1, &i, sizeof(struct IN_ADDR))) -#define get_m_IN_ADDR(i, m) \ - xmemcpy(&i, m+1, sizeof(struct IN_ADDR)) +typedef u_char m_ADDR[1 + sizeof(IPAddress)]; +#define store_m_ADDR(i, m) \ + (m[0] = sizeof(IPAddress), xmemcpy(m+1, &i, sizeof(IPAddress)) ) +#define get_m_ADDR(i, m) \ + xmemcpy(&i, m+1, sizeof(IPAddress)) /* END of definitions for radix tree entries */ @@ -103,11 +106,10 @@ struct _rtentry { - struct squid_radix_node e_nodes[2]; as_info *e_info; - m_IN_ADDR e_addr; - m_IN_ADDR e_mask; + m_ADDR e_addr; + m_ADDR e_mask; }; typedef struct _rtentry rtentry_t; @@ -133,26 +135,27 @@ /* PUBLIC */ int -asnMatchIp(List *data, struct IN_ADDR addr) +asnMatchIp(List *data, IPAddress &addr) { struct squid_radix_node *rn; as_info *e; - m_IN_ADDR m_addr; + m_ADDR m_addr; List *a = NULL; List *b = NULL; + char buf[MAX_IPSTRLEN]; - debug(53, 3) ("asnMatchIp: Called for %s.\n", INET_NTOA(addr)); + debug(53, 3) ("asnMatchIp: Called for %s.\n", addr.NtoA(buf,MAX_IPSTRLEN) ); if (AS_tree_head == NULL) return 0; - if (ADDR_IS_NOADDR(addr)) + if (addr.IsNoAddr()) return 0; - if (ADDR_IS_ANYADDR(addr)) + if (addr.IsAnyAddr()) return 0; - store_m_IN_ADDR(addr, m_addr); + store_m_ADDR(addr, m_addr); rn = squid_rn_match(m_addr, AS_tree_head); @@ -396,13 +399,13 @@ rtentry_t *e; struct squid_radix_node *rn; - char dbg1[MAXIPSTRLEN], dbg2[MAXIPSTRLEN]; + char dbg1[MAX_IPSTRLEN], dbg2[MAX_IPSTRLEN]; List **Tail = NULL; List *q = NULL; as_info *asinfo = NULL; - struct IN_ADDR in_a, in_m; - struct IN_ADDR mask,addr; + IPAddress mask; + IPAddress addr; char *t; int bitl; @@ -415,56 +418,30 @@ *t = '\0'; - inet_pton(AF_FAMILY,as_string,&addr); + addr = as_string; bitl = atoi(t + 1); if (bitl < 0) bitl = 0; - if (bitl > ((AF_FAMILY==AF_INET6) ? 128: 32) ) - bitl = (AF_FAMILY==AF_INET6)? 128: 32; - -#ifdef INET6 - u_int bp; - char *ptr=(char *)&mask; - memset(ptr, 0xff, sizeof(struct IN_ADDR)); - for (bp = bitl/8; bp < sizeof(struct IN_ADDR); bp++) { - int clearbits = (bp+1)*8 - bitl; - if (clearbits > 0) { - if (clearbits >= 8) - *(ptr + bp) = 0; - else - *(ptr + bp) = 0xff << clearbits; - } - } -#else - mask.s_addr = bitl ? 0xfffffffful << (32 - bitl) : 0; /* Could be assumed by the above branch */ -#endif - - memcpy(&in_a,&addr,sizeof(struct IN_ADDR)); - - memcpy(&in_m,&mask,sizeof(struct IN_ADDR)); - - xstrncpy(dbg1, INET_NTOA(in_a), MAXIPSTRLEN); - - xstrncpy(dbg2, INET_NTOA(in_m), MAXIPSTRLEN); - -#if 0 - /* FIXME: Now point-less */ - addr = ntohl(addr); /* ?? */ - /*mask = ntohl(mask); */ -#endif + t = strchr(as_string, '.'); - debug(53, 3) ("asnAddNet: called for %s/%s\n", dbg1, dbg2); + // generate Netbits Format Mask + mask.SetNoAddr(); + mask.ApplyMask(bitl, (t!=NULL?IPv4:IPv6) ); + + debug(53, 3) ("asnAddNet: called for %s/%s\n", + addr.NtoA(dbg1,MAX_IPSTRLEN) , + mask.NtoA(dbg2,MAX_IPSTRLEN) ); e = (rtentry_t *)xmalloc(sizeof(rtentry_t)); memset(e, '\0', sizeof(rtentry_t)); - store_m_IN_ADDR(addr, e->e_addr); + store_m_ADDR(addr, e->e_addr); - store_m_IN_ADDR(mask, e->e_mask); + store_m_ADDR(mask, e->e_mask); rn = squid_rn_lookup(e->e_addr, e->e_mask, AS_tree_head); @@ -509,7 +486,6 @@ } static int - destroyRadixNode(struct squid_radix_node *rn, void *w) { @@ -547,56 +523,23 @@ } static int -mask_len(struct IN_ADDR mask) -{ - u_char shift,byte; - char bit,caught; - int len = 0; - char *ptr= (char *)&mask; - - /* Let's scan all the bits from Most Significant to Least */ - /* Until we find an "0" bit. Then, we return */ - for (shift=0;shift-1); bit--) { - caught = ((byte & 0x80) == 0x00); /* Found a '0' at 'bit' ? */ - if (!caught) len++; - byte <<= 1; - } - if (caught) break; /* We have found the most significant "0" bit. */ - } - - return len; -} - -static int - printRadixNode(struct squid_radix_node *rn, void *_sentry) { StoreEntry *sentry = (StoreEntry *)_sentry; rtentry_t *e = (rtentry_t *) rn; List *q; as_info *asinfo; + char buf[MAX_IPSTRLEN]; + IPAddress addr; + IPAddress mask; - struct IN_ADDR addr; - - struct IN_ADDR mask; assert(e); assert(e->e_info); - (void) get_m_IN_ADDR(addr, e->e_addr); - (void) get_m_IN_ADDR(mask, e->e_mask); -#ifdef INET6 - storeAppendPrintf(sentry, "%45s/%d\t", -#else - storeAppendPrintf(sentry, "%15s/%d\t", -#endif - INET_NTOA(addr), mask_len(mask)); + (void) get_m_ADDR(addr, e->e_addr); + (void) get_m_ADDR(mask, e->e_mask); + storeAppendPrintf(sentry, "%s/%d\t", + addr.NtoA(buf, MAX_IPSTRLEN), + mask.GetCIDR() ); asinfo = e->e_info; assert(asinfo->as_number); @@ -616,7 +559,7 @@ bool -ACLASN::match(struct IN_ADDR toMatch) +ACLASN::match(IPAddress toMatch) { return asnMatchIp(data, toMatch); } @@ -661,7 +604,7 @@ } } -ACLData * +ACLData * ACLASN::clone() const { if (data) @@ -672,23 +615,22 @@ /* explicit template instantiation required for some systems */ -template class ACLStrategised +template class ACLStrategised ; ACL::Prototype ACLASN::SourceRegistryProtoype(&ACLASN::SourceRegistryEntry_, "src_as"); -ACLStrategised ACLASN::SourceRegistryEntry_(new ACLASN, ACLSourceASNStrategy::Instance(), "src_as"); +ACLStrategised ACLASN::SourceRegistryEntry_(new ACLASN, ACLSourceASNStrategy::Instance(), "src_as"); ACL::Prototype ACLASN::DestinationRegistryProtoype(&ACLASN::DestinationRegistryEntry_, "dst_as"); -ACLStrategised ACLASN::DestinationRegistryEntry_(new ACLASN, ACLDestinationASNStrategy::Instance(), "dst_as"); +ACLStrategised ACLASN::DestinationRegistryEntry_(new ACLASN, ACLDestinationASNStrategy::Instance(), "dst_as"); int -ACLSourceASNStrategy::match (ACLData * &data, ACLChecklist *checklist) +ACLSourceASNStrategy::match (ACLData * &data, ACLChecklist *checklist) { - /* FIXME INET6 : drop temp conversion */ struct IN_ADDR tmp; checklist->src_addr.GetInAddr(tmp); - return data->match(tmp); + return data->match(checklist->src_addr); } ACLSourceASNStrategy * @@ -719,7 +661,8 @@ "unknown" /*name*/, checklist->request->host); checklist->changeState (DestinationIPLookup::Instance()); } else { - return data->match(no_addr); + IPAddress noaddr; noaddr.SetNoAddr(); + return data->match(noaddr); } return 0;