patch : a new acl (src FQDN Regex)

From: Bruno Pennec <[email protected]>
Date: Tue, 03 Mar 1998 18:05:37 +0100

I had to deny access from all the machines whose FQDN match "foo.{5}\.myorg\.fr"
I had a problem with squid ACL because i can't reduce the IP of foo?????.myorg.fr to a small
list of subnets, so i have written a small patch to do that :

My new ACL looks like the url_regex but it is for the source FQDN.

acl foo srcfqdn_regex foo.{5}\.myorg\.fr

This patch is for squid 1.1.20, and i hope it can be useful to someone else.
I tested it only on Solaris (2.4 & 2.5.1) (sparc, gcc).

bruno pennec

*** squid-1.1.20/src/acl.c.orig Mon Nov 3 20:27:08 1997
--- squid-1.1.20/src/acl.c Wed Feb 25 09:49:18 1998
***************
*** 153,158 ****
--- 153,160 ----
          return ACL_DST_DOMAIN;
      if (!strcmp(s, "srcdomain"))
          return ACL_SRC_DOMAIN;
+ if (!strcmp(s, "srcfqdn_regex"))
+ return ACL_SRC_FQDN_REGEX;
      if (!strcmp(s, "time"))
          return ACL_TIME;
      if (!strcmp(s, "pattern"))
***************
*** 634,639 ****
--- 636,644 ----
      case ACL_URLPATH_REGEX:
          aclParseRegexList(&A->data, 0);
          break;
+ case ACL_SRC_FQDN_REGEX:
+ aclParseRegexList(&A->data, 1);
+ break;
      case ACL_URL_PORT:
          aclParseIntlist(&A->data);
          break;
***************
*** 1101,1106 ****
--- 1106,1124 ----
              return aclMatchDomainList(&acl->data, "none");
          }
          /* NOTREACHED */
+ case ACL_SRC_FQDN_REGEX:
+ fqdn = fqdncache_gethostbyaddr(checklist->src_addr, FQDN_LOOKUP_IF_MISS);
+ if (fqdn) {
+ return aclMatchRegex(acl->data, fqdn);
+ } else if (checklist->state[ACL_SRC_FQDN_REGEX] == ACL_LOOKUP_NONE) {
+ debug(28, 3, "aclMatchAcl: Can't yet compare '%s' ACL for '%s'\n",
+ acl->name, inet_ntoa(checklist->src_addr));
+ checklist->state[ACL_SRC_FQDN_REGEX] = ACL_LOOKUP_NEED;
+ return 0;
+ } else {
+ return aclMatchRegex(acl->data, "none");
+ }
+ /* NOTREACHED */
      case ACL_TIME:
          return aclMatchTime(acl->data, squid_curtime);
          /* NOTREACHED */
***************
*** 1261,1266 ****
--- 1279,1285 ----
          case ACL_URL_REGEX:
          case ACL_URLPATH_REGEX:
          case ACL_BROWSER:
+ case ACL_SRC_FQDN_REGEX:
              aclDestroyRegexList(a->data);
              break;
          case ACL_URL_PORT:
*** squid-1.1.20/src/acl.h.orig Thu Feb 20 22:03:10 1997
--- squid-1.1.20/src/acl.h Wed Feb 25 09:37:05 1998
***************
*** 44,49 ****
--- 44,50 ----
      ACL_PROTO,
      ACL_METHOD,
      ACL_BROWSER,
+ ACL_SRC_FQDN_REGEX,
      ACL_ENUM_MAX
  } squid_acl;
  
*** squid-1.1.20/src/client_side.c.orig Wed Nov 19 17:44:51 1997
--- squid-1.1.20/src/client_side.c Wed Feb 25 16:14:22 1998
***************
*** 71,76 ****
--- 71,88 ----
  }
  
  static void
+ clientLookupSrcFQDNRegexDone(int fd, const char *fqdn, void *data)
+ {
+ icpStateData *icpState = data;
+ debug(33, 5, "clientLookupSrcFQDNRegexDone: FD %d, '%s', FQDN %s\n",
+ fd,
+ icpState->url,
+ fqdn ? fqdn : "NULL");
+ icpState->aclChecklist->state[ACL_SRC_FQDN_REGEX] = ACL_LOOKUP_DONE;
+ clientAccessCheck(icpState, icpState->aclHandler);
+ }
+
+ static void
  clientLookupDstFQDNDone(int fd, const char *fqdn, void *data)
  {
      icpStateData *icpState = data;
***************
*** 205,211 ****
                  clientLookupSrcFQDNDone,
                  icpState);
              return;
! } else if (ch->state[ACL_DST_DOMAIN] == ACL_LOOKUP_NEED) {
              ch->state[ACL_DST_DOMAIN] = ACL_LOOKUP_PENDING; /* first */
              ia = ipcacheCheckNumeric(icpState->request->host);
              if (ia != NULL)
--- 217,230 ----
                  clientLookupSrcFQDNDone,
                  icpState);
              return;
! } else if (ch->state[ACL_SRC_FQDN_REGEX] == ACL_LOOKUP_NEED) {
! ch->state[ACL_SRC_FQDN_REGEX] = ACL_LOOKUP_PENDING; /* first */
! fqdncache_nbgethostbyaddr(icpState->peer.sin_addr,
! icpState->fd,
! clientLookupSrcFQDNRegexDone,
! icpState);
! return;
! }else if (ch->state[ACL_DST_DOMAIN] == ACL_LOOKUP_NEED) {
              ch->state[ACL_DST_DOMAIN] = ACL_LOOKUP_PENDING; /* first */
              ia = ipcacheCheckNumeric(icpState->request->host);
              if (ia != NULL)
Received on Tue Mar 03 1998 - 09:12:08 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:08 MST