--------------------- PatchSet 4229 Date: 2007/04/12 10:08:48 Author: amosjeffries Branch: squid3-ipv6 Tag: (none) Log: Rollout conversion to ACLARP, along with protocol-support tests for ARP. Members: include/config.h:1.7.4.13->1.7.4.14 src/ACLARP.cc:1.9.4.5->1.9.4.6 src/ACLIP.cc:1.8.2.21->1.8.2.22 Index: squid3/include/config.h =================================================================== RCS file: /cvsroot/squid-sf//squid3/include/config.h,v retrieving revision 1.7.4.13 retrieving revision 1.7.4.14 diff -u -r1.7.4.13 -r1.7.4.14 --- squid3/include/config.h 7 Apr 2007 14:05:22 -0000 1.7.4.13 +++ squid3/include/config.h 12 Apr 2007 10:08:48 -0000 1.7.4.14 @@ -1,5 +1,5 @@ /* - * $Id: config.h,v 1.7.4.13 2007/04/07 14:05:22 amosjeffries Exp $ + * $Id: config.h,v 1.7.4.14 2007/04/12 10:08:48 amosjeffries Exp $ * * AUTHOR: Duane Wessels * @@ -206,10 +206,6 @@ #define IN_ADDR in_addr #define SOCKADDR_IN sockaddr_in -#define IP_MREQ ip_mreq -#define INADDR_ANY_ASSIGN any_addr -#define INADDR_ANY_INIT htonl(INADDR_ANY) -#define MAXIPSTRLEN INET_ADDRSTRLEN #define AF_FAMILY AF_INET #define PF_FAMILY PF_INET #define SA_IS_ANYADDR(s) ((s).sin_addr.s_addr == INADDR_ANY) Index: squid3/src/ACLARP.cc =================================================================== RCS file: /cvsroot/squid-sf//squid3/src/ACLARP.cc,v retrieving revision 1.9.4.5 retrieving revision 1.9.4.6 diff -u -r1.9.4.5 -r1.9.4.6 --- squid3/src/ACLARP.cc 23 Mar 2007 06:35:18 -0000 1.9.4.5 +++ squid3/src/ACLARP.cc 12 Apr 2007 10:08:49 -0000 1.9.4.6 @@ -1,5 +1,5 @@ /* - * $Id: ACLARP.cc,v 1.9.4.5 2007/03/23 06:35:18 amosjeffries Exp $ + * $Id: ACLARP.cc,v 1.9.4.6 2007/04/12 10:08:49 amosjeffries Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -39,13 +39,14 @@ #include #endif #include "squid.h" +#include "IPAddress.h" #ifdef _SQUID_WIN32_ struct arpreq { - struct sockaddr arp_pa; /* protocol address */ + IPAddress arp_pa; /* protocol address */ struct sockaddr arp_ha; /* hardware address */ int arp_flags; /* flags */ @@ -83,7 +84,7 @@ #endif static void aclParseArpList(SplayNode **curlist); static int decode_eth(const char *asc, char *eth); -static int aclMatchArp(SplayNode **dataptr, struct IN_ADDR c); +static int aclMatchArp(SplayNode **dataptr, IPAddress &c); static SplayNode::SPLAYCMP aclArpCompare; static SplayNode::SPLAYWALKEE aclDumpArpListWalkee; @@ -232,13 +233,15 @@ /* aclMatchArp */ /***************/ int -aclMatchArp(SplayNode **dataptr, struct IN_ADDR c) +aclMatchArp(SplayNode **dataptr, IPAddress &c) { + char ntoabuf[MAX_IPSTRLEN]; + #if defined(_SQUID_LINUX_) struct arpreq arpReq; - struct SOCKADDR_IN ipAddr; + IPAddress ipAddr; unsigned char ifbuffer[sizeof(struct ifreq) * 64]; @@ -258,15 +261,23 @@ * name first. If that does not succeed, the try each interface * in turn */ +#ifdef USE_IPV6 + /* IPv6 does not do ARP */ + if(!c.IsIPv4()) + { + debug(14, 3) ("aclMatchArp: IPv4 Required for ARP Lookups. Skipping %s\n", + c.NtoA(ntoabuf,MAX_IPSTRLEN) ); + return 0; + } +#endif + /* * Set up structures for ARP lookup with blank interface name */ - FAMILY_FROM_SA(ipAddr) = AF_FAMILY; - PORT_FROM_SA(ipAddr) = 0; - ADDR_FROM_SA(ipAddr) = c; + ipAddr = c; memset(&arpReq, '\0', sizeof(arpReq)); - xmemcpy(&arpReq.arp_pa, &ipAddr, sizeof(struct SOCKADDR_IN)); + arpReq.arp_pa = ipAddr; /* Query ARP table */ if (ioctl(HttpSockets[0], SIOCGARP, &arpReq) != -1) { @@ -285,7 +296,7 @@ memcpy (X.eth, arpReq.arp_ha.sa_data, 6); *Top = (*Top)->splay(&X, aclArpCompare); debug(28, 3) ("aclMatchArp: '%s' %s\n", - INET_NTOA(c), splayLastResult ? "NOT found" : "found"); + c.NtoA(ntoabuf,MAX_IPSTRLEN), splayLastResult ? "NOT found" : "found"); return (0 == splayLastResult); } @@ -320,19 +331,17 @@ if (NULL != strchr(ifr->ifr_name, ':')) continue; - debug(28, 4) ("Looking up ARP address for %s on %s\n", INET_NTOA(c), + debug(28, 4) ("Looking up ARP address for %s on %s\n", c.NtoA(ntoabuf,MAX_IPSTRLEN), ifr->ifr_name); /* Set up structures for ARP lookup */ - FAMILY_FROM_SA(ipAddr) = AF_FAMILY; - - PORT_FROM_SA(ipAddr) = 0; + ipAddr.SetEmpty(); - ADDR_FROM_SA(ipAddr) = c; + ipAddr = c; memset(&arpReq, '\0', sizeof(arpReq)); - xmemcpy(&arpReq.arp_pa, &ipAddr, sizeof(struct SOCKADDR_IN)); + arpReq.arp_pa = ipAddr; strncpy(arpReq.arp_dev, ifr->ifr_name, sizeof(arpReq.arp_dev) - 1); @@ -378,7 +387,7 @@ /* Return if match, otherwise continue to other interfaces */ if (0 == splayLastResult) { debug(28, 3) ("aclMatchArp: %s found on %s\n", - INET_NTOA(c), ifr->ifr_name); + c.NtoA(ntoabuf,MAX_IPSTRLEN), ifr->ifr_name); return 1; } @@ -392,22 +401,29 @@ struct arpreq arpReq; - struct SOCKADDR_IN ipAddr; + IPAddress ipAddr; SplayNode **Top = dataptr; +#ifdef USE_IPV6 + /* IPv6 does not do ARP */ + if(!c.IsIPv4()) + { + debug(14, 3) ("aclMatchArp: IPv4 Required for ARP Lookups. Skipping %s\n", + c.NtoA(ntoabuf,MAX_IPSTRLEN) ); + return 0; + } +#endif + /* * Set up structures for ARP lookup with blank interface name */ - FAMILY_FROM_SA(ipAddr) = AF_INET; - - PORT_FROM_SA(ipAddr) = 0; - - ADDR_FROM_SA(ipAddr) = c; + + ipAddr = c; memset(&arpReq, '\0', sizeof(arpReq)); - xmemcpy(&arpReq.arp_pa, &ipAddr, sizeof(struct SOCKADDR_IN)); + arpReq.arp_pa = ipAddr; /* Query ARP table */ if (ioctl(HttpSockets[0], SIOCGARP, &arpReq) != -1) { @@ -432,7 +448,7 @@ *Top = (*Top)->splay((acl_arp_data *)&arpReq.arp_ha.sa_data, aclArpCompare); debug(28, 3) ("aclMatchArp: '%s' %s\n", - INET_NTOA(c), splayLastResult ? "NOT found" : "found"); + c.NtoA(ntoabuf,MAX_IPSTRLEN), splayLastResult ? "NOT found" : "found"); return (0 == splayLastResult); } @@ -441,7 +457,7 @@ struct arpreq arpReq; - struct SOCKADDR_IN ipAddr; + IPAddress ipAddr; SplayNode **Top = dataptr; @@ -457,18 +473,25 @@ struct sockaddr_dl *sdl; +#ifdef USE_IPV6 + /* IPv6 does not do ARP */ + if(!c.IsIPv4()) + { + debug(14, 3) ("aclMatchArp: IPv4 Required for ARP Lookups. Skipping %s\n", + c.NtoA(ntoabuf,MAX_IPSTRLEN) ); + return 0; + } +#endif + /* * Set up structures for ARP lookup with blank interface name */ - FAMILY_FROM_SA(ipAddr) = AF_INET; - PORT_FROM_SA(ipAddr) = 0; - - ADDR_FROM_SA(ipAddr) = c; + ipAddr = c; memset(&arpReq, '\0', sizeof(arpReq)); - xmemcpy(&arpReq.arp_pa, &ipAddr, sizeof(struct SOCKADDR_IN)); + arpReq.arp_pa = ipAddr; /* Query ARP table */ mib[0] = CTL_NET; @@ -505,7 +528,7 @@ rtm = (struct rt_msghdr *) next; - sin = (struct SOCKADDR_INarp *) (rtm + 1); + sin = (struct sockaddr_inarp *) (rtm + 1); /*sdl = (struct sockaddr_dl *) (sin + 1); */ #define ROUNDUP(a) \ @@ -513,7 +536,7 @@ sdl = (struct sockaddr_dl *)((char *) sin + ROUNDUP(sin->sin_len)); - if (c.s_addr == sin->sin_addr.s_addr) { + if (c == sin->sin_addr) { if (sdl->sdl_alen) { arpReq.arp_ha.sa_len = sizeof(struct sockaddr); @@ -539,7 +562,7 @@ *Top = (*Top)->splay((acl_arp_data *)&arpReq.arp_ha.sa_data, aclArpCompare); debug(28, 3) ("aclMatchArp: '%s' %s\n", - INET_NTOA(c), splayLastResult ? "NOT found" : "found"); + c.NtoA(ntoabuf,MAX_IPSTRLEN), splayLastResult ? "NOT found" : "found"); return (0 == splayLastResult); @@ -559,6 +582,16 @@ memset(&arpReq, '\0', sizeof(arpReq)); +#ifdef USE_IPV6 + /* IPv6 does not do ARP */ + if(!c.IsIPv4()) + { + debug(14, 3) ("aclMatchArp: IPv4 Required for ARP Lookups. Skipping %s\n", + c.NtoA(ntoabuf,MAX_IPSTRLEN) ); + return 0; + } +#endif + /* Get size of Windows ARP table */ if (GetIpNetTable(NetTable, &ipNetTableLen, FALSE) != ERROR_INSUFFICIENT_BUFFER) { debug(28, 0) ("Can't estimate ARP table size!\n"); @@ -580,7 +613,7 @@ /* Find MAC address from net table */ for (i = 0 ; i < NetTable->dwNumEntries ; i++) { - if ((c.s_addr == NetTable->table[i].dwAddr) && (NetTable->table[i].dwType > 2)) { + if ((c == (struct in_addr)NetTable->table[i].dwAddr) && (NetTable->table[i].dwType > 2)) { arpReq.arp_ha.sa_family = AF_UNSPEC; memcpy(arpReq.arp_ha.sa_data, NetTable->table[i].bPhysAddr, NetTable->table[i].dwPhysAddrLen); } @@ -602,7 +635,7 @@ *Top = (*Top)->splay((acl_arp_data *)&arpReq.arp_ha.sa_data, aclArpCompare); debug(28, 3) ("aclMatchArp: '%s' %s\n", - INET_NTOA(c), splayLastResult ? "NOT found" : "found"); + c.NtoA(notabuf,MAX_IPSTRLEN), splayLastResult ? "NOT found" : "found"); return (0 == splayLastResult); @@ -614,7 +647,7 @@ /* * Address was not found on any interface */ - debug(28, 3) ("aclMatchArp: %s NOT found\n", INET_NTOA(c)); + debug(28, 3) ("aclMatchArp: %s NOT found\n", c.NtoA(ntoabuf,MAX_IPSTRLEN) ); return 0; } Index: squid3/src/ACLIP.cc =================================================================== RCS file: /cvsroot/squid-sf//squid3/src/ACLIP.cc,v retrieving revision 1.8.2.21 retrieving revision 1.8.2.22 diff -u -r1.8.2.21 -r1.8.2.22 --- squid3/src/ACLIP.cc 9 Apr 2007 12:06:08 -0000 1.8.2.21 +++ squid3/src/ACLIP.cc 12 Apr 2007 10:08:49 -0000 1.8.2.22 @@ -1,5 +1,5 @@ /* - * $Id: ACLIP.cc,v 1.8.2.21 2007/04/09 12:06:08 amosjeffries Exp $ + * $Id: ACLIP.cc,v 1.8.2.22 2007/04/12 10:08:49 amosjeffries Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -164,14 +164,14 @@ } if (ret == 0) { - char buf_n1[3*(MAXIPSTRLEN+1)]; - char buf_n2[3*(MAXIPSTRLEN+1)]; + char buf_n1[3*(MAX_IPSTRLEN+1)]; + char buf_n2[3*(MAX_IPSTRLEN+1)]; if(bina) { - b->toStr(buf_n1, 3*(MAXIPSTRLEN+1)); - a->toStr(buf_n2, 3*(MAXIPSTRLEN+1)); + b->toStr(buf_n1, 3*(MAX_IPSTRLEN+1)); + a->toStr(buf_n2, 3*(MAX_IPSTRLEN+1)); } else { - a->toStr(buf_n1, 3*(MAXIPSTRLEN+1)); - b->toStr(buf_n2, 3*(MAXIPSTRLEN+1)); + a->toStr(buf_n1, 3*(MAX_IPSTRLEN+1)); + b->toStr(buf_n2, 3*(MAX_IPSTRLEN+1)); } debug(28, 0) ("WARNING: '%s' is a subnetwork of " "'%s'\n", buf_n1, buf_n2);