Squid-2.2.STABLE4: myport ACL type A new ACL type for matching the local port number (http_port) Index: squid/src/HttpRequest.c diff -u squid/src/HttpRequest.c:1.1.1.6 squid/src/HttpRequest.c:1.1.1.6.22.1 --- squid/src/HttpRequest.c:1.1.1.6 Sun Feb 14 23:29:49 1999 +++ squid/src/HttpRequest.c Tue Jul 13 00:37:15 1999 @@ -44,6 +44,8 @@ if (urlpath) stringReset(&req->urlpath, urlpath); req->max_forwards = -1; + req->client_addr = no_addr; + req->my_addr = no_addr; httpHeaderInit(&req->header, hoRequest); return req; } Index: squid/src/acl.c diff -u squid/src/acl.c:1.1.1.35.2.3 squid/src/acl.c:1.1.1.35.2.4 --- squid/src/acl.c:1.1.1.35.2.3 Tue Jul 13 00:34:49 1999 +++ squid/src/acl.c Tue Jul 13 00:37:15 1999 @@ -175,6 +175,8 @@ return ACL_URL_REGEX; if (!strcmp(s, "port")) return ACL_URL_PORT; + if (!strcmp(s, "myport")) + return ACL_MY_PORT; #if USE_IDENT if (!strcmp(s, "ident")) return ACL_IDENT; @@ -229,6 +231,8 @@ return "url_regex"; if (type == ACL_URL_PORT) return "port"; + if (type == ACL_MY_PORT) + return "myport"; #if USE_IDENT if (type == ACL_IDENT) return "ident"; @@ -704,6 +708,7 @@ aclParseIntlist(&A->data); break; case ACL_URL_PORT: + case ACL_MY_PORT: aclParseIntRange(&A->data); break; #if USE_IDENT @@ -1335,6 +1340,9 @@ case ACL_URL_PORT: return aclMatchIntegerRange(ae->data, r->port); /* NOTREACHED */ + case ACL_MY_PORT: + return aclMatchIntegerRange(ae->data, checklist->my_port); + /* NOTREACHED */ #if USE_IDENT case ACL_IDENT: if (checklist->ident[0]) { @@ -1678,8 +1686,6 @@ aclCheck_t * aclChecklistCreate(const acl_access * A, request_t * request, - struct in_addr src_addr, - struct in_addr my_addr, const char *user_agent, const char *ident) { @@ -1692,10 +1698,12 @@ * pointer, so lock it. */ cbdataLock(A); - if (request != NULL) + if (request != NULL) { checklist->request = requestLink(request); - checklist->src_addr = src_addr; - checklist->my_addr = my_addr; + checklist->src_addr = request->client_addr; + checklist->my_addr = request->my_addr; + checklist->my_port = request->my_port; + } for (i = 0; i < ACL_ENUM_MAX; i++) checklist->state[i] = ACL_LOOKUP_NONE; if (user_agent) @@ -1812,6 +1820,9 @@ case ACL_URL_PORT: aclDestroyIntRange(a->data); break; + case ACL_MY_PORT: + aclDestroyIntRange(a->data); + break; case ACL_NONE: default: debug(28, 1) ("aclDestroyAcls: no case for ACL type %d\n", a->type); @@ -2159,6 +2170,9 @@ return aclDumpIntlistList(a->data); break; case ACL_URL_PORT: + return aclDumpIntRangeList(a->data); + break; + case ACL_MY_PORT: return aclDumpIntRangeList(a->data); break; case ACL_PROTO: Index: squid/src/asn.c diff -u squid/src/asn.c:1.1.1.25 squid/src/asn.c:1.1.1.25.2.1 --- squid/src/asn.c:1.1.1.25 Tue Jul 13 00:09:22 1999 +++ squid/src/asn.c Tue Jul 13 00:37:16 1999 @@ -196,7 +196,7 @@ if ((e = storeGetPublic(asres, METHOD_GET)) == NULL) { e = storeCreateEntry(asres, asres, null_request_flags, METHOD_GET); storeClientListAdd(e, asState); - fwdStart(-1, e, asState->request, no_addr, no_addr); + fwdStart(-1, e, asState->request); } else { storeLockObject(e); storeClientListAdd(e, asState); Index: squid/src/cf.data.pre diff -u squid/src/cf.data.pre:1.1.1.38.2.3 squid/src/cf.data.pre:1.1.1.38.2.4 --- squid/src/cf.data.pre:1.1.1.38.2.3 Tue Jul 13 00:35:14 1999 +++ squid/src/cf.data.pre Tue Jul 13 00:37:16 1999 @@ -1448,6 +1448,7 @@ acl aclname urlpath_regex [-i] \.gif$ ... # regex matching on URL path acl aclname port 80 70 21 ... acl aclname port 0-1024 ... # ranges allowed + acl aclname myport 3128 ... # (local socket IP port) acl aclname proto HTTP FTP ... acl aclname method GET POST ... acl aclname browser [-i] regexp Index: squid/src/client_side.c diff -u squid/src/client_side.c:1.1.1.42.2.1 squid/src/client_side.c:1.1.1.42.2.2 --- squid/src/client_side.c:1.1.1.42.2.1 Tue Jul 13 00:32:37 1999 +++ squid/src/client_side.c Tue Jul 13 00:37:17 1999 @@ -132,8 +132,6 @@ browser = httpHeaderGetStr(&http->request->header, HDR_USER_AGENT); http->acl_checklist = aclChecklistCreate(Config.accessList.http, http->request, - conn->peer.sin_addr, - conn->me.sin_addr, browser, conn->ident); #if USE_IDENT @@ -262,6 +260,7 @@ httpHeaderAppend(&new_request->header, &old_request->header); new_request->client_addr = old_request->client_addr; new_request->my_addr = old_request->my_addr; + new_request->my_port = old_request->my_port; new_request->flags.redirected = 1; if (old_request->body) { new_request->body = xmalloc(old_request->body_sz); @@ -316,8 +315,7 @@ entry->refcount++; /* EXPIRED CASE */ http->entry = entry; http->out.offset = 0; - fwdStart(http->conn->fd, http->entry, http->request, - http->conn->peer.sin_addr, http->conn->me.sin_addr); + fwdStart(http->conn->fd, http->entry, http->request); /* Register with storage manager to receive updates when data comes in. */ if (EBIT_TEST(entry->flags, ENTRY_ABORTED)) debug(33, 0) ("clientProcessExpired: found ENTRY_ABORTED object\n"); @@ -867,6 +865,7 @@ */ ch.src_addr = http->conn->peer.sin_addr; ch.my_addr = http->conn->me.sin_addr; + ch.my_port = ntohs(http->conn->me.sin_port); ch.request = http->request; /* * aclCheckFast returns 1 for ALLOW and 0 for DENY. The default @@ -1876,8 +1875,7 @@ } if (http->flags.internal) r->protocol = PROTO_INTERNAL; - fwdStart(http->conn->fd, http->entry, r, - http->conn->peer.sin_addr, http->conn->me.sin_addr); + fwdStart(http->conn->fd, http->entry, r); } static clientHttpRequest * @@ -2279,6 +2277,7 @@ http->log_uri = xstrdup(urlCanonicalClean(request)); request->client_addr = conn->peer.sin_addr; request->my_addr = conn->me.sin_addr; + request->my_port = ntohs(conn->me.sin_port); request->http_ver = http->http_ver; if (!urlCheckRequest(request)) { err = errorCon(ERR_UNSUP_REQ, HTTP_NOT_IMPLEMENTED); @@ -2460,6 +2459,7 @@ #if USE_IDENT identChecklist.src_addr = peer.sin_addr; identChecklist.my_addr = me.sin_addr; + identChecklist.my_port = ntohs(me.sin_port); if (aclCheckFast(Config.accessList.identLookup, &identChecklist)) identStart(&me, &peer, clientIdentDone, connState); #endif Index: squid/src/delay_pools.c diff -u squid/src/delay_pools.c:1.1.1.11 squid/src/delay_pools.c:1.1.1.11.2.1 --- squid/src/delay_pools.c:1.1.1.11 Tue Jul 13 00:09:26 1999 +++ squid/src/delay_pools.c Tue Jul 13 00:37:18 1999 @@ -283,6 +283,7 @@ memset(&ch, '\0', sizeof(ch)); ch.src_addr = r->client_addr; ch.my_addr = r->my_addr; + ch.my_port = r->my_port; ch.request = r; for (pool = 0; pool < Config.Delay.pools; pool++) { if (aclCheckFast(Config.Delay.access[pool], &ch)) Index: squid/src/enums.h diff -u squid/src/enums.h:1.1.1.34 squid/src/enums.h:1.1.1.34.2.1 --- squid/src/enums.h:1.1.1.34 Tue Jul 13 00:09:26 1999 +++ squid/src/enums.h Tue Jul 13 00:37:18 1999 @@ -101,6 +101,7 @@ ACL_URLPATH_REGEX, ACL_URL_REGEX, ACL_URL_PORT, + ACL_MY_PORT, #if USE_IDENT ACL_IDENT, #endif Index: squid/src/forward.c diff -u squid/src/forward.c:1.1.1.14.2.3 squid/src/forward.c:1.1.1.14.2.4 --- squid/src/forward.c:1.1.1.14.2.3 Tue Jul 13 00:35:14 1999 +++ squid/src/forward.c Tue Jul 13 00:37:18 1999 @@ -403,8 +403,7 @@ } void -fwdStart(int fd, StoreEntry * e, request_t * r, struct in_addr client_addr, - struct in_addr my_addr) +fwdStart(int fd, StoreEntry * e, request_t * r) { FwdState *fwdState; aclCheck_t ch; @@ -415,19 +414,20 @@ * from peer_digest.c, asn.c, netdb.c, etc and should always * be allowed. yuck, I know. */ - if (client_addr.s_addr != no_addr.s_addr) { + if (r->client_addr.s_addr != no_addr.s_addr) { /* * Check if this host is allowed to fetch MISSES from us (miss_access) */ memset(&ch, '\0', sizeof(aclCheck_t)); - ch.src_addr = client_addr; - ch.my_addr = my_addr; + ch.src_addr = r->client_addr; + ch.my_addr = r->my_addr; + ch.my_port = r->my_port; ch.request = r; answer = aclCheckFast(Config.accessList.miss, &ch); if (answer == 0) { err = errorCon(ERR_FORWARDING_DENIED, HTTP_FORBIDDEN); err->request = requestLink(r); - err->src_addr = client_addr; + err->src_addr = r->client_addr; errorAppendEntry(e, err); return; } Index: squid/src/neighbors.c diff -u squid/src/neighbors.c:1.1.1.33.2.2 squid/src/neighbors.c:1.1.1.33.2.3 --- squid/src/neighbors.c:1.1.1.33.2.2 Tue Jul 13 00:25:49 1999 +++ squid/src/neighbors.c Tue Jul 13 00:37:18 1999 @@ -148,6 +148,7 @@ return do_ping; checklist.src_addr = request->client_addr; checklist.my_addr = request->my_addr; + checklist.my_port = request->my_port; checklist.request = request; return aclCheckFast(p->access, &checklist); } Index: squid/src/net_db.c diff -u squid/src/net_db.c:1.1.1.28 squid/src/net_db.c:1.1.1.28.2.1 --- squid/src/net_db.c:1.1.1.28 Tue Jul 13 00:09:32 1999 +++ squid/src/net_db.c Tue Jul 13 00:37:19 1999 @@ -973,7 +973,7 @@ storeClientCopy(ex->e, ex->seen, ex->used, ex->buf_sz, ex->buf, netdbExchangeHandleReply, ex); ex->r->flags.loopdetect = 1; /* cheat! -- force direct */ - fwdStart(-1, ex->e, ex->r, no_addr, no_addr); + fwdStart(-1, ex->e, ex->r); #endif } Index: squid/src/peer_digest.c diff -u squid/src/peer_digest.c:1.1.1.14 squid/src/peer_digest.c:1.1.1.14.22.1 --- squid/src/peer_digest.c:1.1.1.14 Sun Feb 14 23:30:04 1999 +++ squid/src/peer_digest.c Tue Jul 13 00:37:19 1999 @@ -317,7 +317,7 @@ /* push towards peer cache */ debug(72, 3) ("peerDigestRequest: forwarding to fwdStart...\n"); - fwdStart(-1, e, req, no_addr, no_addr); + fwdStart(-1, e, req); cbdataLock(fetch); cbdataLock(fetch->pd); storeClientCopy(e, 0, 0, 4096, memAllocate(MEM_4K_BUF), Index: squid/src/peer_select.c diff -u squid/src/peer_select.c:1.1.1.30.2.4 squid/src/peer_select.c:1.1.1.30.2.5 --- squid/src/peer_select.c:1.1.1.30.2.4 Tue Jul 13 00:35:14 1999 +++ squid/src/peer_select.c Tue Jul 13 00:37:19 1999 @@ -239,8 +239,6 @@ ps->acl_checklist = aclChecklistCreate( Config.accessList.AlwaysDirect, request, - request->client_addr, - request->my_addr, NULL, /* user agent */ NULL); /* ident */ aclNBCheck(ps->acl_checklist, @@ -253,8 +251,6 @@ ps->acl_checklist = aclChecklistCreate( Config.accessList.NeverDirect, request, - request->client_addr, - request->my_addr, NULL, /* user agent */ NULL); /* ident */ aclNBCheck(ps->acl_checklist, Index: squid/src/protos.h diff -u squid/src/protos.h:1.1.1.42.2.2 squid/src/protos.h:1.1.1.42.2.3 --- squid/src/protos.h:1.1.1.42.2.2 Tue Jul 13 00:30:13 1999 +++ squid/src/protos.h Tue Jul 13 00:37:20 1999 @@ -44,8 +44,6 @@ extern aclCheck_t *aclChecklistCreate(const struct _acl_access *, request_t *, - struct in_addr src, - struct in_addr me, const char *user_agent, const char *ident); extern void aclNBCheck(aclCheck_t *, PF *, void *); @@ -657,7 +655,7 @@ extern void peerDigestStatsReport(const PeerDigest * pd, StoreEntry * e); /* forward.c */ -extern void fwdStart(int, StoreEntry *, request_t *, struct in_addr, struct in_addr); +extern void fwdStart(int, StoreEntry *, request_t *); extern DEFER fwdCheckDeferRead; extern void fwdFail(FwdState *, ErrorState *); extern void fwdUnregister(int fd, FwdState *); Index: squid/src/structs.h diff -u squid/src/structs.h:1.1.1.39.2.7 squid/src/structs.h:1.1.1.39.2.8 --- squid/src/structs.h:1.1.1.39.2.7 Tue Jul 13 00:35:15 1999 +++ squid/src/structs.h Tue Jul 13 00:37:20 1999 @@ -142,6 +142,7 @@ struct in_addr src_addr; struct in_addr dst_addr; struct in_addr my_addr; + int my_port; request_t *request; #if USE_IDENT ConnStateData *conn; /* hack for ident */ @@ -1315,6 +1316,7 @@ int max_forwards; struct in_addr client_addr; struct in_addr my_addr; + int my_port; HttpHeader header; char *body; size_t body_sz; Index: squid/src/urn.c diff -u squid/src/urn.c:1.1.1.21 squid/src/urn.c:1.1.1.21.2.1 --- squid/src/urn.c:1.1.1.21 Tue Jul 13 00:09:40 1999 +++ squid/src/urn.c Tue Jul 13 00:37:21 1999 @@ -138,7 +138,7 @@ if ((urlres_e = storeGetPublic(urlres, METHOD_GET)) == NULL) { urlres_e = storeCreateEntry(urlres, urlres, null_request_flags, METHOD_GET); storeClientListAdd(urlres_e, urnState); - fwdStart(-1, urlres_e, urlres_r, no_addr, no_addr); + fwdStart(-1, urlres_e, urlres_r); } else { storeLockObject(urlres_e); storeClientListAdd(urlres_e, urnState);