Repository: trafficserver Updated Branches: refs/heads/master d8a753876 -> f28e76608
TS-3582: Change @dst_ip to @in_ip Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/48e3670c Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/48e3670c Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/48e3670c Branch: refs/heads/master Commit: 48e3670cfe60e1e1601aa56f3cb834645f7508df Parents: d8a7538 Author: Brian Geffon <bri...@apache.org> Authored: Tue May 5 20:17:04 2015 -0700 Committer: Brian Geffon <bri...@apache.org> Committed: Tue May 5 20:17:04 2015 -0700 ---------------------------------------------------------------------- proxy/http/remap/AclFiltering.cc | 16 ++++++++-------- proxy/http/remap/AclFiltering.h | 10 +++++----- proxy/http/remap/RemapConfig.cc | 34 +++++++++++++++++----------------- proxy/http/remap/RemapConfig.h | 2 +- proxy/http/remap/UrlRewrite.cc | 18 ++++++++++++------ 5 files changed, 43 insertions(+), 37 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/48e3670c/proxy/http/remap/AclFiltering.cc ---------------------------------------------------------------------- diff --git a/proxy/http/remap/AclFiltering.cc b/proxy/http/remap/AclFiltering.cc index f05e41e..6a545f3 100644 --- a/proxy/http/remap/AclFiltering.cc +++ b/proxy/http/remap/AclFiltering.cc @@ -46,10 +46,10 @@ acl_filter_rule::reset(void) src_ip_array[i].reset(); } src_ip_valid = 0; - for (i = (dst_ip_cnt = 0); i < ACL_FILTER_MAX_DST_IP; i++) { - dst_ip_array[i].reset(); + for (i = (in_ip_cnt = 0); i < ACL_FILTER_MAX_IN_IP; i++) { + in_ip_array[i].reset(); } - dst_ip_valid = 0; + in_ip_valid = 0; internal = 0; } @@ -96,9 +96,9 @@ acl_filter_rule::print(void) { int i; printf("-----------------------------------------------------------------------------------------\n"); - printf("Filter \"%s\" status: allow_flag=%s, src_ip_valid=%s, dst_ip_valid=%s, internal=%s, active_queue_flag=%d\n", + printf("Filter \"%s\" status: allow_flag=%s, src_ip_valid=%s, in_ip_valid=%s, internal=%s, active_queue_flag=%d\n", filter_name ? filter_name : "<NONAME>", allow_flag ? "true" : "false", src_ip_valid ? "true" : "false", - dst_ip_valid ? "true" : "false", internal ? "true" : "false", (int)active_queue_flag); + in_ip_valid ? "true" : "false", internal ? "true" : "false", (int)active_queue_flag); printf("standard methods="); for (i = 0; i < HTTP_WKSIDX_METHODS_CNT; i++) { if (standard_method_lookup[i]) { @@ -116,10 +116,10 @@ acl_filter_rule::print(void) printf("%s - %s", ats_ip_ntop(&src_ip_array[i].start.sa, b1, sizeof(b1)), ats_ip_ntop(&src_ip_array[i].end.sa, b2, sizeof(b2))); } printf("\n"); - printf("dst_ip_cnt=%d\n", dst_ip_cnt); - for (i = 0; i < dst_ip_cnt; i++) { + printf("in_ip_cnt=%d\n", in_ip_cnt); + for (i = 0; i < in_ip_cnt; i++) { ip_text_buffer b1, b2; - printf("%s - %s", ats_ip_ntop(&dst_ip_array[i].start.sa, b1, sizeof(b1)), ats_ip_ntop(&dst_ip_array[i].end.sa, b2, sizeof(b2))); + printf("%s - %s", ats_ip_ntop(&in_ip_array[i].start.sa, b1, sizeof(b1)), ats_ip_ntop(&in_ip_array[i].end.sa, b2, sizeof(b2))); } printf("\n"); for (i = 0; i < argc; i++) { http://git-wip-us.apache.org/repos/asf/trafficserver/blob/48e3670c/proxy/http/remap/AclFiltering.h ---------------------------------------------------------------------- diff --git a/proxy/http/remap/AclFiltering.h b/proxy/http/remap/AclFiltering.h index 0eb2ee2..345ede3 100644 --- a/proxy/http/remap/AclFiltering.h +++ b/proxy/http/remap/AclFiltering.h @@ -35,7 +35,7 @@ // ACL like filtering defs (per one remap rule) static int const ACL_FILTER_MAX_SRC_IP = 128; -static int const ACL_FILTER_MAX_DST_IP = 8; +static int const ACL_FILTER_MAX_IN_IP = 8; static int const ACL_FILTER_MAX_ARGV = 512; struct src_ip_info_t { @@ -72,7 +72,7 @@ public: char *filter_name; // optional filter name unsigned int allow_flag : 1, // action allow deny src_ip_valid : 1, // src_ip range valid - dst_ip_valid : 1, + in_ip_valid : 1, active_queue_flag : 1, // filter is in active state (used by .useflt directive) internal : 1; // filter internal HTTP requests @@ -91,9 +91,9 @@ public: int src_ip_cnt; // how many valid src_ip rules we have src_ip_info_t src_ip_array[ACL_FILTER_MAX_SRC_IP]; - // dst_ip - int dst_ip_cnt; // how many valid dst_ip rules we have - src_ip_info_t dst_ip_array[ACL_FILTER_MAX_DST_IP]; + // in_ip + int in_ip_cnt; // how many valid dst_ip rules we have + src_ip_info_t in_ip_array[ACL_FILTER_MAX_IN_IP]; acl_filter_rule(); ~acl_filter_rule(); http://git-wip-us.apache.org/repos/asf/trafficserver/blob/48e3670c/proxy/http/remap/RemapConfig.cc ---------------------------------------------------------------------- diff --git a/proxy/http/remap/RemapConfig.cc b/proxy/http/remap/RemapConfig.cc index 1f458e2..3cacde1 100644 --- a/proxy/http/remap/RemapConfig.cc +++ b/proxy/http/remap/RemapConfig.cc @@ -470,10 +470,10 @@ remap_validate_filter_args(acl_filter_rule **rule_pp, const char **argv, int arg } } - if (ul & REMAP_OPTFLG_DST_IP) { /* "dst_ip=" option */ - if (rule->dst_ip_cnt >= ACL_FILTER_MAX_DST_IP) { - Debug("url_rewrite", "[validate_filter_args] Too many \"dst_ip=\" filters"); - snprintf(errStrBuf, errStrBufSize, "Defined more than %d \"dst_ip=\" filters!", ACL_FILTER_MAX_DST_IP); + if (ul & REMAP_OPTFLG_IN_IP) { /* "dst_ip=" option */ + if (rule->in_ip_cnt >= ACL_FILTER_MAX_IN_IP) { + Debug("url_rewrite", "[validate_filter_args] Too many \"in_ip=\" filters"); + snprintf(errStrBuf, errStrBufSize, "Defined more than %d \"in_ip=\" filters!", ACL_FILTER_MAX_IN_IP); errStrBuf[errStrBufSize - 1] = 0; if (new_rule_flg) { delete rule; @@ -481,7 +481,7 @@ remap_validate_filter_args(acl_filter_rule **rule_pp, const char **argv, int arg } return (const char *)errStrBuf; } - ipi = &rule->dst_ip_array[rule->dst_ip_cnt]; + ipi = &rule->in_ip_array[rule->in_ip_cnt]; if (ul & REMAP_OPTFLG_INVERT) ipi->invert = true; ink_strlcpy(tmpbuf, argptr, sizeof(tmpbuf)); @@ -496,16 +496,16 @@ remap_validate_filter_args(acl_filter_rule **rule_pp, const char **argv, int arg } return (const char *)errStrBuf; } - for (j = 0; j < rule->dst_ip_cnt; j++) { - if (rule->dst_ip_array[j].start == ipi->start && rule->dst_ip_array[j].end == ipi->end) { + for (j = 0; j < rule->in_ip_cnt; j++) { + if (rule->in_ip_array[j].start == ipi->start && rule->in_ip_array[j].end == ipi->end) { ipi->reset(); ipi = NULL; break; /* we have the same src_ip in the list */ } } if (ipi) { - rule->dst_ip_cnt++; - rule->dst_ip_valid = 1; + rule->in_ip_cnt++; + rule->in_ip_valid = 1; } } @@ -581,18 +581,18 @@ remap_check_option(const char **argv, int argc, unsigned long findmode, int *_re if (argptr) *argptr = &argv[i][7]; ret_flags |= REMAP_OPTFLG_SRC_IP; - } else if (!strncasecmp(argv[i], "dst_ip=~", 8)) { - if ((findmode & REMAP_OPTFLG_DST_IP) != 0) + } else if (!strncasecmp(argv[i], "in_ip=~", 7)) { + if ((findmode & REMAP_OPTFLG_IN_IP) != 0) idx = i; if (argptr) - *argptr = &argv[i][8]; - ret_flags |= (REMAP_OPTFLG_DST_IP | REMAP_OPTFLG_INVERT); - } else if (!strncasecmp(argv[i], "dst_ip=", 7)) { - if ((findmode & REMAP_OPTFLG_DST_IP) != 0) + *argptr = &argv[i][7]; + ret_flags |= (REMAP_OPTFLG_IN_IP | REMAP_OPTFLG_INVERT); + } else if (!strncasecmp(argv[i], "in_ip=", 6)) { + if ((findmode & REMAP_OPTFLG_IN_IP) != 0) idx = i; if (argptr) - *argptr = &argv[i][7]; - ret_flags |= REMAP_OPTFLG_DST_IP; + *argptr = &argv[i][6]; + ret_flags |= REMAP_OPTFLG_IN_IP; } else if (!strncasecmp(argv[i], "action=", 7)) { if ((findmode & REMAP_OPTFLG_ACTION) != 0) idx = i; http://git-wip-us.apache.org/repos/asf/trafficserver/blob/48e3670c/proxy/http/remap/RemapConfig.h ---------------------------------------------------------------------- diff --git a/proxy/http/remap/RemapConfig.h b/proxy/http/remap/RemapConfig.h index 2dd0fff..6c810d5 100644 --- a/proxy/http/remap/RemapConfig.h +++ b/proxy/http/remap/RemapConfig.h @@ -38,7 +38,7 @@ class UrlRewrite; #define REMAP_OPTFLG_SRC_IP 0x0010u /* "src_ip=" option (used for ACL filtering) */ #define REMAP_OPTFLG_ACTION 0x0020u /* "action=" option (used for ACL filtering) */ #define REMAP_OPTFLG_INTERNAL 0x0040u /* only allow internal requests to hit this remap */ -#define REMAP_OPTFLG_DST_IP 0x0080u /* "dst_ip=" option (used for ACL filtering)*/ +#define REMAP_OPTFLG_IN_IP 0x0080u /* "in_ip=" option (used for ACL filtering)*/ #define REMAP_OPTFLG_MAP_ID 0x0800u /* associate a map ID with this rule */ #define REMAP_OPTFLG_INVERT 0x80000000u /* "invert" the rule (for src_ip at least) */ #define REMAP_OPTFLG_ALL_FILTERS (REMAP_OPTFLG_METHOD | REMAP_OPTFLG_SRC_IP | REMAP_OPTFLG_ACTION | REMAP_OPTFLG_INTERNAL) http://git-wip-us.apache.org/repos/asf/trafficserver/blob/48e3670c/proxy/http/remap/UrlRewrite.cc ---------------------------------------------------------------------- diff --git a/proxy/http/remap/UrlRewrite.cc b/proxy/http/remap/UrlRewrite.cc index 995fe9e..496cb28 100644 --- a/proxy/http/remap/UrlRewrite.cc +++ b/proxy/http/remap/UrlRewrite.cc @@ -452,15 +452,21 @@ UrlRewrite::PerformACLFiltering(HttpTransact::State *s, url_mapping *map) } } - if (match && rp->dst_ip_valid) { - Debug("url_rewrite", "match was true and we have specified a dst_ip field"); + if (match && rp->in_ip_valid) { + Debug("url_rewrite", "match was true and we have specified a in_ip field"); match = false; - for (int j = 0; j < rp->dst_ip_cnt && !match; j++) { + for (int j = 0; j < rp->in_ip_cnt && !match; j++) { IpEndpoint incoming_addr; incoming_addr.assign(s->state_machine->ua_session->get_netvc()->get_local_addr()); - - bool in_range = rp->dst_ip_array[j].contains(incoming_addr); - if (rp->dst_ip_array[j].invert) { + if (is_debug_tag_set("url_rewrite")) { + char buf1[128], buf2[128], buf3[128]; + ats_ip_ntop(incoming_addr, buf1, sizeof(buf1)); + ats_ip_ntop(rp->in_ip_array[j].start, buf2, sizeof(buf2)); + ats_ip_ntop(rp->in_ip_array[j].end, buf3, sizeof(buf3)); + Debug("url_rewrite", "Trying to match incoming address %s in range %s - %s.", buf1, buf2, buf3); + } + bool in_range = rp->in_ip_array[j].contains(incoming_addr); + if (rp->in_ip_array[j].invert) { if (!in_range) { match = true; }