--------------------- PatchSet 1416 Date: 2005/05/25 14:30:22 Author: rmartinez Branch: squid3-ipv6 Tag: (none) Log: Reprogramming the order relationship for IP addresses (to support ordered tree Splay). Module ready unless error Members: src/ACLIP.cc:1.8.2.4->1.8.2.5 Index: squid3/src/ACLIP.cc =================================================================== RCS file: /cvsroot/squid-sf//squid3/src/ACLIP.cc,v retrieving revision 1.8.2.4 retrieving revision 1.8.2.5 diff -u -r1.8.2.4 -r1.8.2.5 --- squid3/src/ACLIP.cc 6 May 2005 10:18:42 -0000 1.8.2.4 +++ squid3/src/ACLIP.cc 25 May 2005 14:30:22 -0000 1.8.2.5 @@ -1,5 +1,5 @@ /* - * $Id: ACLIP.cc,v 1.8.2.4 2005/05/06 10:18:42 rmartinez Exp $ + * $Id: ACLIP.cc,v 1.8.2.5 2005/05/25 14:30:22 rmartinez Exp $ * * DEBUG: section 28 Access Control * AUTHOR: Duane Wessels @@ -33,13 +33,6 @@ * Copyright (c) 2003, Robert Collins */ -#ifdef INET6 -/* This is one of the most important modules - * we should change from the point of view of - * IPv6 version. Think twice before merging - * head - */ -#endif #include "squid.h" #include "ACLIP.h" @@ -84,42 +77,23 @@ void acl_ip_data::toStr(char *buf, int len) const { -#ifdef INET6 - char b1[MAXIPSTRLEN+4]; - char b2[MAXIPSTRLEN+4]; - char b3[MAXIPSTRLEN+4]; - snprintf(b1, MAXIPSTRLEN+4, "%s", INET_NTOA(addr1)); + char b1[MAXIPSTRLEN+1]; + char b2[MAXIPSTRLEN+1]; + char b3[MAXIPSTRLEN+1]; + snprintf(b1, MAXIPSTRLEN+1, "%s", INET_NTOA(addr1)); if (!ADDR_IS_ANYADDR(addr2)) - snprintf(b2, MAXIPSTRLEN+4, "-%s", INET_NTOA(addr2)); + snprintf(b2, MAXIPSTRLEN+1, "-%s", INET_NTOA(addr2)); else b2[0] = '\0'; if (!ADDR_IS_NOADDR(mask)) - snprintf(b3, MAXIPSTRLEN+4, "/%s", INET_NTOA(mask)); + snprintf(b3, MAXIPSTRLEN+1, "/%s", INET_NTOA(mask)); else b3[0] = '\0'; snprintf(buf, len, "%s%s%s", b1, b2, b3); -#else - char b1[20]; - char b2[20]; - char b3[20]; - snprintf(b1, 20, "%s", INET_NTOA(addr1)); - - if (addr2.s_addr != any_addr.s_addr) - snprintf(b2, 20, "-%s", INET_NTOA(addr2)); - else - b2[0] = '\0'; - - if (mask.s_addr != no_addr.s_addr) - snprintf(b3, 20, "/%s", INET_NTOA(mask)); - else - b3[0] = '\0'; - - snprintf(buf, len, "%s%s%s", b1, b2, b3); -#endif } /* @@ -139,7 +113,6 @@ int aclIpAddrNetworkCompare(acl_ip_data * const &p, acl_ip_data * const &q) { -#ifdef INET6 struct IN_ADDR A = p->addr1; struct IN_ADDR B = q->addr1; @@ -156,42 +129,18 @@ *(p1++) &= *(p2++); } - if (ADDR_IS_ANYADDR(C)) { + if (ADDR_IS_ANYADDR(C)) { /* single address check */ return memcmp(&A, &B, sizeof(struct IN_ADDR)); - } else { - if ((memcmp(&A, &B, sizeof(struct IN_ADDR)) >= 0) && - (memcmp(&A, &C, sizeof(struct IN_ADDR)) <= 0)) - return 0; /* valid */ - else - return -1; /* outside of range, 'less than' */ - } - -#else - struct IN_ADDR A = p->addr1; + } else { /* range address check */ - const struct IN_ADDR B = q->addr1; - - const struct IN_ADDR C = q->addr2; - A.s_addr &= q->mask.s_addr; /* apply netmask */ - - if (C.s_addr == 0) { /* single address check */ - - if (ntohl(A.s_addr) > ntohl(B.s_addr)) - return 1; - else if (ntohl(A.s_addr) < ntohl(B.s_addr)) - return -1; - else - return 0; - } else { /* range address check */ - - if (ntohl(A.s_addr) > ntohl(C.s_addr)) + if (memcmp(&A, &C, sizeof(struct IN_ADDR)) >0) return 1; - else if (ntohl(A.s_addr) < ntohl(B.s_addr)) + else if (memcmp(&A, &B, sizeof(struct IN_ADDR)) < 0) return -1; else return 0; - } -#endif + } + } @@ -212,12 +161,12 @@ } if (ret == 0) { - char buf_n1[60]; - char buf_n2[60]; - char buf_a[60]; - b->toStr(buf_n1, 60); - a->toStr(buf_n2, 60); - a->toStr(buf_a, 60); + char buf_n1[3*(MAXIPSTRLEN+1)]; + char buf_n2[3*(MAXIPSTRLEN+1)]; + char buf_a[3*(MAXIPSTRLEN+1)]; + b->toStr(buf_n1, 3*(MAXIPSTRLEN+1)); + a->toStr(buf_n2, 3*(MAXIPSTRLEN+1)); + a->toStr(buf_a, 3*(MAXIPSTRLEN+1)); /* TODO: this warning may display the wrong way around */ debug(28, 0) ("WARNING: '%s' is a subnetwork of " "'%s'\n", buf_n1, buf_n2); @@ -241,20 +190,29 @@ { char junk; int a1 = 0; -#ifdef INET6 - unsigned int bp; - /* dotted notation 23::3r*/ - if (safe_inet6_addr(asc, mask)) + /* dotted notation 2003:800::3 */ + /* 255.255.255.0 */ + if (SAFE_INET_ADDR(asc, mask)) return 1; - if (sscanf(asc, "%d%c", &a1,&junk)==1 && a1 < 129 && a1 >= 0) { - memset(mask, 0xff, sizeof(*mask)); + memset(mask, 0xff, sizeof(*mask)); + + if (!asc || !*asc) /* short-cut: done */ + { + return 1; + } + + unsigned int bp; + + + /* An int mask 128, 32 */ + if ((sscanf(asc, "%d%c", &a1,&junk)==1) && (a1 <= (AF_FAMILY==AF_INET6)? 128:32) && (a1 >= 0)) { for (bp = a1/8; bp < sizeof(struct IN_ADDR); bp++) { int clearbits = (bp+1)*8 - a1; if (clearbits > 0) { if (clearbits >= 8) - mask->s6_addr[bp] = 0; + mask->s6_addr[bp] = 0x00; else mask->s6_addr[bp] = 0xff << clearbits; } @@ -262,25 +220,6 @@ return 1; } -#else - - if (!asc || !*asc) - { - mask->s_addr = htonl(0xFFFFFFFFul); - return 1; - } - - if (sscanf(asc, "%d%c", &a1, &junk) == 1 && a1 >= 0 && a1 < 33) - { /* a significant bits value for a mask */ - mask->s_addr = a1 ? htonl(0xfffffffful << (32 - a1)) : 0; - return 1; - } - - /* dotted notation */ - if (safe_inet_addr(asc, mask)) - return 1; -#endif - debug(28, 0) ("DecodeAddress: Invalid IP address: '%s'\n", asc); return 0; @@ -300,6 +239,7 @@ acl_ip_data * acl_ip_data::FactoryParse(const char *t) { + LOCAL_ARRAY(char, addr1, 256); LOCAL_ARRAY(char, addr2, 256); LOCAL_ARRAY(char, mask, 256); acl_ip_data *r; @@ -316,8 +256,6 @@ return q; } - LOCAL_ARRAY(char, addr1, 256); - if (sscanf(t, SCAN_ACL1, addr1, addr2, mask) == 3) { (void) 0; } else if (sscanf(t, SCAN_ACL2, addr1, addr2, &c) == 2) { @@ -402,22 +340,24 @@ unsigned int i; char *p1,*p2,*p3; -// FIX: The pre-warning -/* if ((q->addr1.s_addr & q->mask.s_addr) != q->addr1.s_addr || - (q->addr2.s_addr & q->mask.s_addr) != q->addr2.s_addr) - debug(28, 0) ("aclParseIpData: WARNING: Netmask masks away part of the specified IP in '%s'\n", t); -*/ p1 = (char *)&q->addr1; p2 = (char *)&q->addr2; p3 = (char *)&q->mask; + int changed = 0; for (i = 0; i < sizeof(struct IN_ADDR); i++,p1++,p2++,p3++) { - *p1 &= *p3; - *p2 &= *p3; + if (!changed) changed = ( (((*p1) & (*p3)) != (*p1)) || (((*p2) & (*p3)) != (*p2)) ) ; + (*p1) &= (*p3); + (*p2) &= (*p3); } + + if (changed) + debug(28, 0) ("aclParseIpData: WARNING: Netmask masks away part of the specified IP in '%s'\n", t); + + } /* 1.2.3.4/255.255.255.0 --> 1.2.3.0 */ - /* Also for IPv6 */ + /* Same as IPv6 (not so trivial to depict) */ return q; } @@ -463,7 +403,7 @@ /* * aclIpAddrNetworkCompare() takes two acl_ip_data pointers as * arguments, so we must create a fake one for the client's IP - * address, and use a /32 netmask. However, the current code + * address, and use a 128 IPv6/ 32 IPv4 netmask. However, the current code * probably only accesses the addr1 element of this argument, * so it might be possible to leave addr2 and mask unset. */