--------------------- PatchSet 2387 Date: 2001/05/27 16:48:14 Author: rvenning Branch: ipv6 Tag: (none) Log: hmmm... I swear I did not touch all these files... this fixes some stuff ups from this evenings merge with head also adds support for IPv6 addresses in acls of course 0.0.0.0/0.0.0.0 doesn't really specify all, ::/0 does ;-> Members: lib/rfc1035.c:1.4.6.3->1.4.6.4 src/acl.c:1.4.6.5->1.4.6.6 src/authenticate.c:1.4.6.4->1.4.6.5 src/client_side.c:1.7.2.5->1.7.2.6 src/defines.h:1.3.6.5->1.3.6.6 src/ipcache.c:1.4.6.6->1.4.6.7 src/protos.h:1.5.2.6->1.5.2.7 src/store_dir.c:1.4.6.3->1.4.6.4 src/structs.h:1.7.2.4->1.7.2.5 src/tools.c:1.4.2.6->1.4.2.7 Index: squid/lib/rfc1035.c =================================================================== RCS file: /cvsroot/squid-sf//squid/lib/rfc1035.c,v retrieving revision 1.4.6.3 retrieving revision 1.4.6.4 diff -u -r1.4.6.3 -r1.4.6.4 --- squid/lib/rfc1035.c 29 Mar 2001 12:40:02 -0000 1.4.6.3 +++ squid/lib/rfc1035.c 27 May 2001 16:48:14 -0000 1.4.6.4 @@ -1,6 +1,6 @@ /* - * $Id: rfc1035.c,v 1.4.6.3 2001/03/29 12:40:02 rvenning Exp $ + * $Id: rfc1035.c,v 1.4.6.4 2001/05/27 16:48:14 rvenning Exp $ * * Low level DNS protocol routines * AUTHOR: Duane Wessels @@ -68,6 +68,9 @@ #if HAVE_STRINGS_H #include #endif +#if HAVE_SYS_SOCKET_H +#include +#endif #include "rfc1035.h" #include "snprintf.h" Index: squid/src/acl.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/acl.c,v retrieving revision 1.4.6.5 retrieving revision 1.4.6.6 diff -u -r1.4.6.5 -r1.4.6.6 --- squid/src/acl.c 27 May 2001 13:21:11 -0000 1.4.6.5 +++ squid/src/acl.c 27 May 2001 16:48:15 -0000 1.4.6.6 @@ -1,6 +1,6 @@ /* - * $Id: acl.c,v 1.4.6.5 2001/05/27 13:21:11 rvenning Exp $ + * $Id: acl.c,v 1.4.6.6 2001/05/27 16:48:15 rvenning Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -70,7 +70,7 @@ static int aclMatchWordList(wordlist *, const char *); #endif static squid_acl aclStrToType(const char *s); -static int decode_addr(const char *, struct in_addr *, struct in_addr *); +static int decode_addr(const char *, struct IN_ADDR *, struct IN_ADDR *); static void aclCheck(aclCheck_t * checklist); static void aclCheckCallback(aclCheck_t * checklist, allow_t answer); #if USE_IDENT @@ -370,57 +370,70 @@ } } +void make_mask(int len, struct IN_ADDR *mask) +{ + int bp; + if (len > 128 || len < 0) + return; + + memset(mask, 0xff, sizeof(*mask)); + for (bp = len/8; bp < sizeof(struct IN_ADDR); bp++) { + int clearbits = bp*8 - len; + if (clearbits > 0) { + if (clearbits >= 8) + mask->s6_addr[bp] = 0; + else + mask->s6_addr[bp] = 0xff << clearbits; + } + } +} + /* * Decode a ascii representation (asc) of a IP adress, and place * adress and netmask information in addr and mask. * This function should NOT be called if 'asc' is a hostname! */ static int -decode_addr(const char *asc, struct in_addr *addr, struct in_addr *mask) +decode_addr(const char *asc, struct IN_ADDR *addr, struct IN_ADDR *mask) { - u_num32 a; - int a1 = 0, a2 = 0, a3 = 0, a4 = 0; + int a1 = 0; - switch (sscanf(asc, "%d.%d.%d.%d", &a1, &a2, &a3, &a4)) { - case 4: /* a dotted quad */ - if (!safe_inet_addr(asc, addr)) { - debug(28, 0) ("decode_addr: unsafe IP address: '%s'\n", asc); - fatal("decode_addr: unsafe IP address"); - } - break; - case 1: /* a significant bits value for a mask */ - if (a1 >= 0 && a1 < 33) { - addr->s_addr = a1 ? htonl(0xfffffffful << (32 - a1)) : 0; - break; - } - default: - debug(28, 0) ("decode_addr: Invalid IP address '%s'\n", asc); - return 0; /* This is not valid address */ + if(!SAFE_INET_ADDR(asc, addr)) { + switch (sscanf(asc, "%d", &a1)) { + case 1: /* a significant bits value for a mask */ + if (a1 >= 0 && a1 < 129) { + make_mask(a1, addr); + break; + } + default: + debug(28, 0) ("decode_addr: Invalid IP address '%s'\n", asc); + return 0; /* This is not valid address */ + } } if (mask != NULL) { /* mask == NULL if called to decode a netmask */ /* Guess netmask */ - a = (u_num32) ntohl(addr->s_addr); - if (!(a & 0xFFFFFFFFul)) - mask->s_addr = htonl(0x00000000ul); - else if (!(a & 0x00FFFFFF)) - mask->s_addr = htonl(0xFF000000ul); - else if (!(a & 0x0000FFFF)) - mask->s_addr = htonl(0xFFFF0000ul); - else if (!(a & 0x000000FF)) - mask->s_addr = htonl(0xFFFFFF00ul); - else - mask->s_addr = htonl(0xFFFFFFFFul); + int shift = 127; + while (shift >= 0) { + int cp = shift/8; + int bp = 0x1 >> (shift - cp*8); + if ((addr->s6_addr[cp] & bp) == bp) + break; + shift--; + } + + make_mask(shift+1, mask); + } return 1; } -#define SCAN_ACL1 "%[0123456789.]-%[0123456789.]/%[0123456789.]" -#define SCAN_ACL2 "%[0123456789.]-%[0123456789.]%c" -#define SCAN_ACL3 "%[0123456789.]/%[0123456789.]" -#define SCAN_ACL4 "%[0123456789.]%c" +#define SCAN_ACL1 "%[0123456789.:]-%[0123456789.:]/%[0123456789.]" +#define SCAN_ACL2 "%[0123456789.:]-%[0123456789.:]%c" +#define SCAN_ACL3 "%[0123456789.:]/%[0123456789.:]" +#define SCAN_ACL4 "%[0123456789.:]%c" static acl_ip_data * aclParseIpData(const char *t) @@ -436,9 +449,9 @@ char c; debug(28, 5) ("aclParseIpData: %s\n", t); if (!strcasecmp(t, "all")) { - q->addr1.s_addr = 0; - q->addr2.s_addr = 0; - q->mask.s_addr = 0; + memset(&q->addr1, 0, sizeof(struct IN_ADDR)); + memset(&q->addr2, 0, sizeof(struct IN_ADDR)); + memset(&q->mask, 0, sizeof(struct IN_ADDR)); return q; } if (sscanf(t, SCAN_ACL1, addr1, addr2, mask) == 3) { @@ -466,11 +479,11 @@ for (x = hp->h_addr_list; x != NULL && *x != NULL; x++) { if ((r = *Q) == NULL) r = *Q = memAllocate(MEM_ACL_IP_DATA); - xmemcpy(&r->addr1.s_addr, *x, sizeof(r->addr1.s_addr)); - r->addr2.s_addr = 0; - r->mask.s_addr = INADDR_NONE; /* all ones IP */ + xmemcpy(&r->addr1, *x, sizeof(r->addr1)); + memset(&r->addr2, 0, sizeof(r->addr2)); + r->mask = INADDR_ANY_ASSIGN; /* all ones IP */ Q = &r->next; - debug(28, 3) ("%s --> %s\n", addr1, inet_ntoa(r->addr1)); + debug(28, 3) ("%s --> %s\n", addr1, INET_NTOA(r->addr1)); } return q; } else { @@ -502,11 +515,29 @@ safe_free(q); return NULL; } - if ((q->addr1.s_addr & q->mask.s_addr) != q->addr1.s_addr || + + { + int i; + char *p1,*p2; + + p1 = (char *)&q->addr1; + p2 = (char *)&q->mask; + for (i = 0; i < sizeof(struct IN_ADDR); i++) { + *(p1++) &= *p2++; + } + + p1 = (char *)&q->addr2; + p2 = (char *)&q->mask; + for (i = 0; i < sizeof(struct IN_ADDR); i++) { + *(p1++) &= *p2++; + } + } + +/* if ((q->addr1.s_addr & q->mask.s_addr) != q->addr1.s_addr || (q->addr2.s_addr & q->mask.s_addr) != q->addr2.s_addr) debug(28, 0) ("aclParseIpData: WARNING: Netmask masks away part of the specified IP in '%s'\n", t); q->addr1.s_addr &= q->mask.s_addr; - q->addr2.s_addr &= q->mask.s_addr; + q->addr2.s_addr &= q->mask.s_addr; */ /* 1.2.3.4/255.255.255.0 --> 1.2.3.0 */ return q; } @@ -2208,13 +2239,9 @@ { struct IN_ADDR A = *(const struct IN_ADDR *) a; const acl_ip_data *q = b; - struct in_addr B; - struct in_addr C; int i; char *p1,*p2; - B = q->addr1; - C = q->addr2; /* apply netmask ** FIXME... review this ** */ p1 = (char *)&A; p2 = (char *)&q->mask; @@ -2222,10 +2249,10 @@ *(p1++) &= *(p2++); } - if (ADDR_IS_ANYADDR(C)) { - return memcmp(&A, &B, sizeof(struct IN_ADDR)); + if (ADDR_IS_ANYADDR(q->addr2)) { + return memcmp(&A, &q->addr1, sizeof(struct IN_ADDR)); } else { - return memcmp(&A, &C, sizeof(struct IN_ADDR)); + return memcmp(&A, &q->addr2, sizeof(struct IN_ADDR)); } } @@ -2261,11 +2288,11 @@ MemBuf mb; wordlist **W = state; memBufDefInit(&mb); - memBufPrintf(&mb, "%s", inet_ntoa(ip->addr1)); + memBufPrintf(&mb, "%s", INET_NTOA(ip->addr1)); if (!ADDR_IS_ANYADDR(ip->addr2)) - memBufPrintf(&mb, "-%s", inet_ntoa(ip->addr2)); - if (ip->mask.s_addr != INADDR_NONE) - memBufPrintf(&mb, "/%s", inet_ntoa(ip->mask)); + memBufPrintf(&mb, "-%s", INET_NTOA(ip->addr2)); + if (!ADDR_IS_ANYADDR(ip->mask)) + memBufPrintf(&mb, "/%s", INET_NTOA(ip->mask)); wordlistAdd(W, mb.buf); memBufClean(&mb); } Index: squid/src/authenticate.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/authenticate.c,v retrieving revision 1.4.6.4 retrieving revision 1.4.6.5 diff -u -r1.4.6.4 -r1.4.6.5 --- squid/src/authenticate.c 27 May 2001 13:21:11 -0000 1.4.6.4 +++ squid/src/authenticate.c 27 May 2001 16:48:15 -0000 1.4.6.5 @@ -1,6 +1,6 @@ /* - * $Id: authenticate.c,v 1.4.6.4 2001/05/27 13:21:11 rvenning Exp $ + * $Id: authenticate.c,v 1.4.6.5 2001/05/27 16:48:15 rvenning Exp $ * * DEBUG: section 29 Authenticator * AUTHOR: Duane Wessels @@ -706,7 +706,7 @@ debug(29, 1) ("aclMatchProxyAuth: user '%s' tried to use multiple IP addresses! (%s, %s)\n ", username, ip1, ip2); } else { /* Non-strict mode. Reassign ownership to the new IP */ - auth_user_request->auth_user->ipaddr.s_addr = request_src_addr.s_addr; + auth_user_request->auth_user->ipaddr = request_src_addr; debug(29, 1) ("aclMatchProxyAuth: user '%s' has changed IP address (%s, %s)\n ", username, ip1, ip2); } safe_free(ip1); Index: squid/src/client_side.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/client_side.c,v retrieving revision 1.7.2.5 retrieving revision 1.7.2.6 diff -u -r1.7.2.5 -r1.7.2.6 --- squid/src/client_side.c 27 May 2001 13:21:11 -0000 1.7.2.5 +++ squid/src/client_side.c 27 May 2001 16:48:15 -0000 1.7.2.6 @@ -1,6 +1,6 @@ /* - * $Id: client_side.c,v 1.7.2.5 2001/05/27 13:21:11 rvenning Exp $ + * $Id: client_side.c,v 1.7.2.6 2001/05/27 16:48:15 rvenning Exp $ * * DEBUG: section 33 Client-side Routines * AUTHOR: Duane Wessels @@ -264,7 +264,7 @@ } err = errorCon(page_id, status); err->request = requestLink(http->request); - err->src_addr = ADDR_FROM_SA(http->conn->peer.sin_addr); + err->src_addr = ADDR_FROM_SA(http->conn->peer); if (http->conn->auth_user_request) err->auth_user_request = http->conn->auth_user_request; else if (http->request->auth_user_request) @@ -864,7 +864,7 @@ debug(33, 3) ("connStateFree: FD %d\n", fd); assert(connState != NULL); authenticateOnCloseConnection(connState); - clientdbEstablished(connState->peer.sin_addr, -1); /* decrement */ + clientdbEstablished(ADDR_FROM_SA(connState->peer), -1); /* decrement */ while ((http = connState->chr) != NULL) { assert(http->conn == connState); assert(connState->chr != connState->chr->next); @@ -3472,7 +3472,7 @@ */ commSetDefer(fd, httpAcceptDefer, NULL); debug(1, 1) ("Accepting HTTP connections at %s, port %d, FD %d.\n", - INET_NTOA(s->s), + SA_NTOA(s->s), (int) ntohs(PORT_FROM_SA(s->s)), fd); HttpSockets[NHttpSockets++] = fd; Index: squid/src/defines.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/defines.h,v retrieving revision 1.3.6.5 retrieving revision 1.3.6.6 diff -u -r1.3.6.5 -r1.3.6.6 --- squid/src/defines.h 27 May 2001 13:21:11 -0000 1.3.6.5 +++ squid/src/defines.h 27 May 2001 16:48:15 -0000 1.3.6.6 @@ -1,6 +1,6 @@ /* - * $Id: defines.h,v 1.3.6.5 2001/05/27 13:21:11 rvenning Exp $ + * $Id: defines.h,v 1.3.6.6 2001/05/27 16:48:15 rvenning Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -287,6 +287,9 @@ #define AF_FAMILY AF_INET6 #define PF_FAMILY PF_INET6 #define MAXIPSTRLEN INET6_ADDRSTRLEN /* 46 */ +#ifndef IPV6_ADD_MEMBERSHIP +#define IPV6_ADD_MEMBERSHIP IPV6_JOIN_GROUP +#endif #define CLEAR_AND_SET_SA(S, port, in_addr) \ memset(&(S), '\0', sizeof(S)); \ Index: squid/src/ipcache.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/ipcache.c,v retrieving revision 1.4.6.6 retrieving revision 1.4.6.7 diff -u -r1.4.6.6 -r1.4.6.7 --- squid/src/ipcache.c 29 Mar 2001 12:40:02 -0000 1.4.6.6 +++ squid/src/ipcache.c 27 May 2001 16:48:15 -0000 1.4.6.7 @@ -1,6 +1,6 @@ /* - * $Id: ipcache.c,v 1.4.6.6 2001/03/29 12:40:02 rvenning Exp $ + * $Id: ipcache.c,v 1.4.6.7 2001/05/27 16:48:15 rvenning Exp $ * * DEBUG: section 14 IP Cache * AUTHOR: Harvest Derived @@ -364,8 +364,11 @@ assert(answers[k].rdlength == 4); /* need to make into a mapped address */ a = &i.addrs.in_addrs[j++]; - a->s6_addr32[2] = htonl(0x0000ffff); - xmemcpy(&a->s6_addr32[3], answers[k].rdata, 4); + /* a->s6_addr32[2] = htonl(0x0000ffff); FreeBSD doesn't expose + this view of the in6_addr struct .... so we do it differently for now + xmemcpy(&a->s6_addr32[3], answers[k].rdata, 4); */ + *(u_int32_t *)&a->s6_addr[8] = htonl(0x0000ffff); + xmemcpy(&a->s6_addr[12], answers[k].rdata, 4); } else if (answers[k].type == RFC1886_TYPE_AAAA) { assert(answers[k].rdlength == 16); xmemcpy(&i.addrs.in_addrs[j++], answers[k].rdata, 16); Index: squid/src/protos.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/protos.h,v retrieving revision 1.5.2.6 retrieving revision 1.5.2.7 diff -u -r1.5.2.6 -r1.5.2.7 --- squid/src/protos.h 27 May 2001 13:21:11 -0000 1.5.2.6 +++ squid/src/protos.h 27 May 2001 16:48:15 -0000 1.5.2.7 @@ -1,6 +1,6 @@ /* - * $Id: protos.h,v 1.5.2.6 2001/05/27 13:21:11 rvenning Exp $ + * $Id: protos.h,v 1.5.2.7 2001/05/27 16:48:15 rvenning Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -761,7 +761,6 @@ extern int authenticateValidateUser(auth_user_request_t *); extern void authenticateOnCloseConnection(ConnStateData * conn); extern void authSchemeAdd(char *type, AUTHSSETUP * setup); ->>>>>>> 1.29 extern void refreshAddToList(const char *, int, time_t, int, time_t); extern int refreshIsCachable(const StoreEntry *); @@ -1129,7 +1128,7 @@ extern int pconnPop(const char *host, u_short port); extern void pconnInit(void); -extern int asnMatchIp(void *, struct IN_ADDR); +extern int asnMatchIp(void *, struct in_addr); extern void asnInit(void); extern void asnFreeMemory(void); Index: squid/src/store_dir.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/store_dir.c,v retrieving revision 1.4.6.3 retrieving revision 1.4.6.4 diff -u -r1.4.6.3 -r1.4.6.4 --- squid/src/store_dir.c 27 May 2001 13:21:32 -0000 1.4.6.3 +++ squid/src/store_dir.c 27 May 2001 16:48:15 -0000 1.4.6.4 @@ -1,6 +1,6 @@ /* - * $Id: store_dir.c,v 1.4.6.3 2001/05/27 13:21:32 rvenning Exp $ + * $Id: store_dir.c,v 1.4.6.4 2001/05/27 16:48:15 rvenning Exp $ * * DEBUG: section 47 Store Directory Routines * AUTHOR: Duane Wessels @@ -39,6 +39,8 @@ #if HAVE_SYS_STATVFS_H #include #endif +#else +#include #endif /* Windows uses sys/vfs.h */ #if HAVE_SYS_VFS_H Index: squid/src/structs.h =================================================================== RCS file: /cvsroot/squid-sf//squid/src/structs.h,v retrieving revision 1.7.2.4 retrieving revision 1.7.2.5 diff -u -r1.7.2.4 -r1.7.2.5 --- squid/src/structs.h 27 May 2001 13:21:32 -0000 1.7.2.4 +++ squid/src/structs.h 27 May 2001 16:48:15 -0000 1.7.2.5 @@ -1,6 +1,6 @@ /* - * $Id: structs.h,v 1.7.2.4 2001/05/27 13:21:32 rvenning Exp $ + * $Id: structs.h,v 1.7.2.5 2001/05/27 16:48:15 rvenning Exp $ * * * SQUID Web Proxy Cache http://www.squid-cache.org/ @@ -55,9 +55,9 @@ struct _acl_ip_data { - struct in_addr addr1; /* if addr2 non-zero then its a range */ - struct in_addr addr2; - struct in_addr mask; + struct IN_ADDR addr1; /* if addr2 non-zero then its a range */ + struct IN_ADDR addr2; + struct IN_ADDR mask; acl_ip_data *next; /* used for parsing, not for storing */ }; Index: squid/src/tools.c =================================================================== RCS file: /cvsroot/squid-sf//squid/src/tools.c,v retrieving revision 1.4.2.6 retrieving revision 1.4.2.7 diff -u -r1.4.2.6 -r1.4.2.7 --- squid/src/tools.c 27 May 2001 13:21:32 -0000 1.4.2.6 +++ squid/src/tools.c 27 May 2001 16:48:15 -0000 1.4.2.7 @@ -1,6 +1,6 @@ /* - * $Id: tools.c,v 1.4.2.6 2001/05/27 13:21:32 rvenning Exp $ + * $Id: tools.c,v 1.4.2.7 2001/05/27 16:48:15 rvenning Exp $ * * DEBUG: section 21 Misc Functions * AUTHOR: Harvest Derived @@ -465,7 +465,7 @@ } debug(50, 1) ("WARNING: failed to resolve %s to a fully qualified hostname\n", - SA_NTOA(Config.Sockaddr.http->s.sin_addr)); + SA_NTOA(Config.Sockaddr.http->s)); } /* * Get the host name and store it in host to return