mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-09-22 06:11:32 +02:00
Code Issues Projects Releases Wiki Activity

MEDIUM: acl/pattern: start merging common sample fetch functions

Browse Source 
src_port, dst_port and url_param have converged between ACLs and patterns.
This means that src_port is now available in patterns and that urlp_* has
been added to ACLs. Some code has moved to accommodate for static function
definitions, but there were little changes.
This commit is contained in:
Willy Tarreau 2012-04-25 16:21:44 +02:00
parent 32a6f2e572
commit 25c1ebc0c9
3 changed files with 168 additions and 117 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
doc/configuration.txt
View File

@ -7935,7 +7935,7 @@ hdr(<header>) <string>
Use the shdr() variant for response headers sent by the server. Use the shdr() variant for response headers sent by the server.
The "hdr" criteria returns true if any of the headers matching the criteria The "hdr" criteria returns true if any of the headers matching the criteria
match any of the strings. This can be used to check exact for values. For match any of the strings. This can be used to check for exact values. For
instance, checking that "connection: close" is set : instance, checking that "connection: close" is set :
hdr(Connection) -i close hdr(Connection) -i close
@ -8126,6 +8126,52 @@ url_sub <string>
Returns true when the URL contains one of the strings. It can be used to Returns true when the URL contains one of the strings. It can be used to
detect particular patterns in query strings for example. See also "path_sub". detect particular patterns in query strings for example. See also "path_sub".
urlp(<name>) <string>
Note: all "urlp*" matching criteria apply to the first occurrence of the
parameter <name> in the query string. The parameter name is case-sensitive.
The "urlp" matching criteria returns true if the designated URL parameter
matches any of the strings. This can be used to check for exact values.
urlp_beg(<name>) <string>
Returns true when the URL parameter "<name>" begins with one of the strings.
This can be used to check whether a URL begins with a slash or with a
protocol scheme.
urlp_dir(<name>) <string>
Returns true when the URL parameter "<name>" contains one of the strings
either isolated or delimited with slashes. This is used to perform filename
or directory name matching in a specific URL parameter without the risk of
wrong match due to colliding prefixes. See also "path_dir" and "urlp_sub".
urlp_dom(<name>) <string>
Returns true when one of the strings is found isolated or delimited with dots
in the URL parameter "<name>". This is used to perform domain name matching
in a specific URL parameter without the risk of wrong match due to colliding
prefixes. See also "urlp_sub".
urlp_end(<name>) <string>
Returns true when the URL parameter "<name>" ends with one of the strings.
urlp_ip(<name>) <ip_address>
Returns true when the URL parameter "<name>" contains an IPv4 address which
matches one of the specified IP addresses.
urlp_len(<name>) <integer>
Returns true when the URL parameter "<name>" has a length matching the values
or ranges specified. This is used to detect abusive requests for instance.
urlp_reg(<name>) <regex>
Returns true when the URL parameter "<name>" matches one of the regular
expressions. It can be used any time, but it is important to remember that
regex matching is slower than other methods. See also "path_reg" and all
"urlp_" criteria.
urlp_sub(<name>) <string>
Returns true when the URL parameter "<name>" contains one of the strings. It
can be used to detect particular patterns in query strings for example. See
also "path_sub" and other "urlp_" criteria.
7.6. Pre-defined ACLs 7.6. Pre-defined ACLs
--------------------- ---------------------
@ -8293,6 +8339,11 @@ The list of currently supported pattern fetch functions is the following :
<lengthoffset> + <lengthsize> else it is absolute. <lengthoffset> + <lengthsize> else it is absolute.
Ex: see SSL session id example in "stick table" chapter. Ex: see SSL session id example in "stick table" chapter.
src_port This is the source TCP port of the session on the client side,
which is the port the client connected from. It is very unlikely
that this function will be useful but it's available at no cost.
It is of type integer and only works with such tables.
url_param(<name>) url_param(<name>)
This extracts the first occurrence of the parameter <name> in This extracts the first occurrence of the parameter <name> in
the query string of the request and uses the corresponding value the query string of the request and uses the corresponding value

208
src/proto_http.c
View File

@ -8256,93 +8256,6 @@ acl_fetch_cookie_cnt(struct proxy *px, struct session *l4, void *l7, unsigned in
return 1; return 1;
} }
/************************************************************************/
/* All supported keywords must be declared here. */
/************************************************************************/
/* Note: must not be declared <const> as its list will be overwritten.
* Please take care of keeping this list alphabetically sorted.
*/
static struct acl_kw_list acl_kws = {{ },{
{ "cook", acl_parse_str, acl_fetch_cookie_value, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) },
{ "cook_beg", acl_parse_str, acl_fetch_cookie_value, acl_match_beg, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "cook_cnt", acl_parse_int, acl_fetch_cookie_cnt, acl_match_int, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "cook_dir", acl_parse_str, acl_fetch_cookie_value, acl_match_dir, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "cook_dom", acl_parse_str, acl_fetch_cookie_value, acl_match_dom, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "cook_end", acl_parse_str, acl_fetch_cookie_value, acl_match_end, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "cook_len", acl_parse_int, acl_fetch_cookie_value, acl_match_len, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "cook_reg", acl_parse_reg, acl_fetch_cookie_value, acl_match_reg, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "cook_sub", acl_parse_str, acl_fetch_cookie_value, acl_match_sub, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "hdr", acl_parse_str, acl_fetch_hdr, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) },
{ "hdr_beg", acl_parse_str, acl_fetch_hdr, acl_match_beg, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "hdr_cnt", acl_parse_int, acl_fetch_hdr_cnt, acl_match_int, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "hdr_dir", acl_parse_str, acl_fetch_hdr, acl_match_dir, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "hdr_dom", acl_parse_str, acl_fetch_hdr, acl_match_dom, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "hdr_end", acl_parse_str, acl_fetch_hdr, acl_match_end, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "hdr_ip", acl_parse_ip, acl_fetch_hdr_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) },
{ "hdr_len", acl_parse_int, acl_fetch_hdr, acl_match_len, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "hdr_reg", acl_parse_reg, acl_fetch_hdr, acl_match_reg, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "hdr_sub", acl_parse_str, acl_fetch_hdr, acl_match_sub, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "hdr_val", acl_parse_int, acl_fetch_hdr_val, acl_match_int, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "http_auth", acl_parse_nothing, acl_fetch_http_auth, acl_match_nothing, ACL_USE_L7REQ_VOLATILE, ARG1(0,USR) },
{ "http_auth_group", acl_parse_strcat, acl_fetch_http_auth, acl_match_auth, ACL_USE_L7REQ_VOLATILE, ARG1(0,USR) },
{ "http_first_req", acl_parse_nothing, acl_fetch_http_first_req, acl_match_nothing, ACL_USE_L7REQ_PERMANENT, 0 },
{ "method", acl_parse_meth, acl_fetch_meth, acl_match_meth, ACL_USE_L7REQ_PERMANENT, 0 },
{ "path", acl_parse_str, acl_fetch_path, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 },
{ "path_beg", acl_parse_str, acl_fetch_path, acl_match_beg, ACL_USE_L7REQ_VOLATILE, 0 },
{ "path_dir", acl_parse_str, acl_fetch_path, acl_match_dir, ACL_USE_L7REQ_VOLATILE, 0 },
{ "path_dom", acl_parse_str, acl_fetch_path, acl_match_dom, ACL_USE_L7REQ_VOLATILE, 0 },
{ "path_end", acl_parse_str, acl_fetch_path, acl_match_end, ACL_USE_L7REQ_VOLATILE, 0 },
{ "path_len", acl_parse_int, acl_fetch_path, acl_match_len, ACL_USE_L7REQ_VOLATILE, 0 },
{ "path_reg", acl_parse_reg, acl_fetch_path, acl_match_reg, ACL_USE_L7REQ_VOLATILE, 0 },
{ "path_sub", acl_parse_str, acl_fetch_path, acl_match_sub, ACL_USE_L7REQ_VOLATILE, 0 },
{ "req_proto_http", acl_parse_nothing, acl_fetch_proto_http, acl_match_nothing, ACL_USE_L7REQ_PERMANENT, 0 },
{ "req_ver", acl_parse_ver, acl_fetch_rqver, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 },
{ "resp_ver", acl_parse_ver, acl_fetch_stver, acl_match_str, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, 0 },
{ "scook", acl_parse_str, acl_fetch_cookie_value, acl_match_str, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) },
{ "scook_beg", acl_parse_str, acl_fetch_cookie_value, acl_match_beg, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "scook_cnt", acl_parse_int, acl_fetch_cookie_cnt, acl_match_int, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "scook_dir", acl_parse_str, acl_fetch_cookie_value, acl_match_dir, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "scook_dom", acl_parse_str, acl_fetch_cookie_value, acl_match_dom, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "scook_end", acl_parse_str, acl_fetch_cookie_value, acl_match_end, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "scook_len", acl_parse_int, acl_fetch_cookie_value, acl_match_len, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "scook_reg", acl_parse_reg, acl_fetch_cookie_value, acl_match_reg, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "scook_sub", acl_parse_str, acl_fetch_cookie_value, acl_match_sub, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "shdr", acl_parse_str, acl_fetch_hdr, acl_match_str, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) },
{ "shdr_beg", acl_parse_str, acl_fetch_hdr, acl_match_beg, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "shdr_cnt", acl_parse_int, acl_fetch_hdr_cnt, acl_match_int, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "shdr_dir", acl_parse_str, acl_fetch_hdr, acl_match_dir, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "shdr_dom", acl_parse_str, acl_fetch_hdr, acl_match_dom, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "shdr_end", acl_parse_str, acl_fetch_hdr, acl_match_end, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "shdr_ip", acl_parse_ip, acl_fetch_hdr_ip, acl_match_ip, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) },
{ "shdr_len", acl_parse_int, acl_fetch_hdr, acl_match_len, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "shdr_reg", acl_parse_reg, acl_fetch_hdr, acl_match_reg, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "shdr_sub", acl_parse_str, acl_fetch_hdr, acl_match_sub, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "shdr_val", acl_parse_int, acl_fetch_hdr_val, acl_match_int, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "status", acl_parse_int, acl_fetch_stcode, acl_match_int, ACL_USE_L7RTR_PERMANENT, 0 },
{ "url", acl_parse_str, acl_fetch_url, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 },
{ "url_beg", acl_parse_str, acl_fetch_url, acl_match_beg, ACL_USE_L7REQ_VOLATILE, 0 },
{ "url_dir", acl_parse_str, acl_fetch_url, acl_match_dir, ACL_USE_L7REQ_VOLATILE, 0 },
{ "url_dom", acl_parse_str, acl_fetch_url, acl_match_dom, ACL_USE_L7REQ_VOLATILE, 0 },
{ "url_end", acl_parse_str, acl_fetch_url, acl_match_end, ACL_USE_L7REQ_VOLATILE, 0 },
{ "url_ip", acl_parse_ip, acl_fetch_url_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 },
{ "url_len", acl_parse_int, acl_fetch_url, acl_match_len, ACL_USE_L7REQ_VOLATILE, 0 },
{ "url_port", acl_parse_int, acl_fetch_url_port, acl_match_int, ACL_USE_L7REQ_VOLATILE, 0 },
{ "url_reg", acl_parse_reg, acl_fetch_url, acl_match_reg, ACL_USE_L7REQ_VOLATILE, 0 },
{ "url_sub", acl_parse_str, acl_fetch_url, acl_match_sub, ACL_USE_L7REQ_VOLATILE, 0 },
{ NULL, NULL, NULL, NULL },
}};
/************************************************************************/ /************************************************************************/
/* The code below is dedicated to pattern fetching and matching */ /* The code below is dedicated to pattern fetching and matching */
/************************************************************************/ /************************************************************************/
@ -8417,7 +8330,7 @@ find_url_param_pos(char* query_string, size_t query_string_l,
static int static int
find_url_param_value(char* path, size_t path_l, find_url_param_value(char* path, size_t path_l,
char* url_param_name, size_t url_param_name_l, char* url_param_name, size_t url_param_name_l,
char** value, size_t* value_l) char** value, int* value_l)
{ {
char *query_string, *qs_end; char *query_string, *qs_end;
char *arg_start; char *arg_start;
@ -8445,22 +8358,24 @@ find_url_param_value(char* path, size_t path_l,
} }
static int static int
pattern_fetch_url_param(struct proxy *px, struct session *l4, void *l7, unsigned int opt, smp_fetch_url_param(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *arg_p, struct sample *smp) const struct arg *args, struct sample *smp)
{ {
struct http_txn *txn = l7; struct http_txn *txn = l7;
struct http_msg *msg = &txn->req; struct http_msg *msg = &txn->req;
char *url_param_value;
size_t url_param_value_l; if (!args || args->type != ARGT_STR)
return 0;
CHECK_HTTP_MESSAGE_FIRST();
if (!find_url_param_value(msg->buf->p + msg->sol + msg->sl.rq.u, msg->sl.rq.u_l, if (!find_url_param_value(msg->buf->p + msg->sol + msg->sl.rq.u, msg->sl.rq.u_l,
arg_p->data.str.str, arg_p->data.str.len, args->data.str.str, args->data.str.len,
&url_param_value, &url_param_value_l)) &smp->data.str.str, &smp->data.str.len))
return 0; return 0;
smp->type = SMP_T_CSTR; smp->type = SMP_T_CSTR;
smp->data.str.str = url_param_value; smp->flags = SMP_F_VOL_1ST;
smp->data.str.len = url_param_value_l;
return 1; return 1;
} }
@ -8544,12 +8459,109 @@ pattern_fetch_set_cookie(struct proxy *px, struct session *l4, void *l7, unsigne
} }
/************************************************************************/ /************************************************************************/
/* All supported keywords must be declared here. */ /* All supported ACL keywords must be declared here. */
/************************************************************************/
/* Note: must not be declared <const> as its list will be overwritten.
* Please take care of keeping this list alphabetically sorted.
*/
static struct acl_kw_list acl_kws = {{ },{
{ "cook", acl_parse_str, acl_fetch_cookie_value, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) },
{ "cook_beg", acl_parse_str, acl_fetch_cookie_value, acl_match_beg, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "cook_cnt", acl_parse_int, acl_fetch_cookie_cnt, acl_match_int, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "cook_dir", acl_parse_str, acl_fetch_cookie_value, acl_match_dir, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "cook_dom", acl_parse_str, acl_fetch_cookie_value, acl_match_dom, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "cook_end", acl_parse_str, acl_fetch_cookie_value, acl_match_end, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "cook_len", acl_parse_int, acl_fetch_cookie_value, acl_match_len, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "cook_reg", acl_parse_reg, acl_fetch_cookie_value, acl_match_reg, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "cook_sub", acl_parse_str, acl_fetch_cookie_value, acl_match_sub, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "hdr", acl_parse_str, acl_fetch_hdr, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) },
{ "hdr_beg", acl_parse_str, acl_fetch_hdr, acl_match_beg, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "hdr_cnt", acl_parse_int, acl_fetch_hdr_cnt, acl_match_int, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "hdr_dir", acl_parse_str, acl_fetch_hdr, acl_match_dir, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "hdr_dom", acl_parse_str, acl_fetch_hdr, acl_match_dom, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "hdr_end", acl_parse_str, acl_fetch_hdr, acl_match_end, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "hdr_ip", acl_parse_ip, acl_fetch_hdr_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) },
{ "hdr_len", acl_parse_int, acl_fetch_hdr, acl_match_len, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "hdr_reg", acl_parse_reg, acl_fetch_hdr, acl_match_reg, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "hdr_sub", acl_parse_str, acl_fetch_hdr, acl_match_sub, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "hdr_val", acl_parse_int, acl_fetch_hdr_val, acl_match_int, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) },
{ "http_auth", acl_parse_nothing, acl_fetch_http_auth, acl_match_nothing, ACL_USE_L7REQ_VOLATILE, ARG1(0,USR) },
{ "http_auth_group", acl_parse_strcat, acl_fetch_http_auth, acl_match_auth, ACL_USE_L7REQ_VOLATILE, ARG1(0,USR) },
{ "http_first_req", acl_parse_nothing, acl_fetch_http_first_req, acl_match_nothing, ACL_USE_L7REQ_PERMANENT, 0 },
{ "method", acl_parse_meth, acl_fetch_meth, acl_match_meth, ACL_USE_L7REQ_PERMANENT, 0 },
{ "path", acl_parse_str, acl_fetch_path, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 },
{ "path_beg", acl_parse_str, acl_fetch_path, acl_match_beg, ACL_USE_L7REQ_VOLATILE, 0 },
{ "path_dir", acl_parse_str, acl_fetch_path, acl_match_dir, ACL_USE_L7REQ_VOLATILE, 0 },
{ "path_dom", acl_parse_str, acl_fetch_path, acl_match_dom, ACL_USE_L7REQ_VOLATILE, 0 },
{ "path_end", acl_parse_str, acl_fetch_path, acl_match_end, ACL_USE_L7REQ_VOLATILE, 0 },
{ "path_len", acl_parse_int, acl_fetch_path, acl_match_len, ACL_USE_L7REQ_VOLATILE, 0 },
{ "path_reg", acl_parse_reg, acl_fetch_path, acl_match_reg, ACL_USE_L7REQ_VOLATILE, 0 },
{ "path_sub", acl_parse_str, acl_fetch_path, acl_match_sub, ACL_USE_L7REQ_VOLATILE, 0 },
{ "req_proto_http", acl_parse_nothing, acl_fetch_proto_http, acl_match_nothing, ACL_USE_L7REQ_PERMANENT, 0 },
{ "req_ver", acl_parse_ver, acl_fetch_rqver, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 },
{ "resp_ver", acl_parse_ver, acl_fetch_stver, acl_match_str, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, 0 },
{ "scook", acl_parse_str, acl_fetch_cookie_value, acl_match_str, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) },
{ "scook_beg", acl_parse_str, acl_fetch_cookie_value, acl_match_beg, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "scook_cnt", acl_parse_int, acl_fetch_cookie_cnt, acl_match_int, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "scook_dir", acl_parse_str, acl_fetch_cookie_value, acl_match_dir, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "scook_dom", acl_parse_str, acl_fetch_cookie_value, acl_match_dom, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "scook_end", acl_parse_str, acl_fetch_cookie_value, acl_match_end, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "scook_len", acl_parse_int, acl_fetch_cookie_value, acl_match_len, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "scook_reg", acl_parse_reg, acl_fetch_cookie_value, acl_match_reg, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "scook_sub", acl_parse_str, acl_fetch_cookie_value, acl_match_sub, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "shdr", acl_parse_str, acl_fetch_hdr, acl_match_str, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) },
{ "shdr_beg", acl_parse_str, acl_fetch_hdr, acl_match_beg, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "shdr_cnt", acl_parse_int, acl_fetch_hdr_cnt, acl_match_int, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "shdr_dir", acl_parse_str, acl_fetch_hdr, acl_match_dir, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "shdr_dom", acl_parse_str, acl_fetch_hdr, acl_match_dom, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "shdr_end", acl_parse_str, acl_fetch_hdr, acl_match_end, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "shdr_ip", acl_parse_ip, acl_fetch_hdr_ip, acl_match_ip, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) },
{ "shdr_len", acl_parse_int, acl_fetch_hdr, acl_match_len, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "shdr_reg", acl_parse_reg, acl_fetch_hdr, acl_match_reg, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "shdr_sub", acl_parse_str, acl_fetch_hdr, acl_match_sub, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "shdr_val", acl_parse_int, acl_fetch_hdr_val, acl_match_int, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) },
{ "status", acl_parse_int, acl_fetch_stcode, acl_match_int, ACL_USE_L7RTR_PERMANENT, 0 },
{ "url", acl_parse_str, acl_fetch_url, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 },
{ "url_beg", acl_parse_str, acl_fetch_url, acl_match_beg, ACL_USE_L7REQ_VOLATILE, 0 },
{ "url_dir", acl_parse_str, acl_fetch_url, acl_match_dir, ACL_USE_L7REQ_VOLATILE, 0 },
{ "url_dom", acl_parse_str, acl_fetch_url, acl_match_dom, ACL_USE_L7REQ_VOLATILE, 0 },
{ "url_end", acl_parse_str, acl_fetch_url, acl_match_end, ACL_USE_L7REQ_VOLATILE, 0 },
{ "url_ip", acl_parse_ip, acl_fetch_url_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 },
{ "url_len", acl_parse_int, acl_fetch_url, acl_match_len, ACL_USE_L7REQ_VOLATILE, 0 },
{ "url_port", acl_parse_int, acl_fetch_url_port, acl_match_int, ACL_USE_L7REQ_VOLATILE, 0 },
{ "url_reg", acl_parse_reg, acl_fetch_url, acl_match_reg, ACL_USE_L7REQ_VOLATILE, 0 },
{ "url_sub", acl_parse_str, acl_fetch_url, acl_match_sub, ACL_USE_L7REQ_VOLATILE, 0 },
{ "urlp", acl_parse_str, smp_fetch_url_param, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(1,STR) },
{ "urlp_beg", acl_parse_str, smp_fetch_url_param, acl_match_beg, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) },
{ "urlp_dir", acl_parse_str, smp_fetch_url_param, acl_match_dir, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) },
{ "urlp_dom", acl_parse_str, smp_fetch_url_param, acl_match_dom, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) },
{ "urlp_end", acl_parse_str, smp_fetch_url_param, acl_match_end, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) },
{ "urlp_ip", acl_parse_ip, smp_fetch_url_param, acl_match_ip, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(1,STR) },
{ "urlp_len", acl_parse_int, smp_fetch_url_param, acl_match_len, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) },
{ "urlp_reg", acl_parse_reg, smp_fetch_url_param, acl_match_reg, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) },
{ "urlp_sub", acl_parse_str, smp_fetch_url_param, acl_match_sub, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) },
{ NULL, NULL, NULL, NULL },
}};
/************************************************************************/
/* All supported pattern keywords must be declared here. */
/************************************************************************/ /************************************************************************/
/* Note: must not be declared <const> as its list will be overwritten */ /* Note: must not be declared <const> as its list will be overwritten */
static struct pattern_fetch_kw_list pattern_fetch_keywords = {{ },{ static struct pattern_fetch_kw_list pattern_fetch_keywords = {{ },{
{ "hdr", pattern_fetch_hdr, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_REQ }, { "hdr", pattern_fetch_hdr, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_REQ },
{ "url_param", pattern_fetch_url_param, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_REQ }, { "url_param", smp_fetch_url_param, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_REQ },
{ "cookie", pattern_fetch_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_REQ }, { "cookie", pattern_fetch_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_REQ },
{ "set-cookie", pattern_fetch_set_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_RES }, { "set-cookie", pattern_fetch_set_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_RES },
{ NULL, NULL, 0, 0, 0 }, { NULL, NULL, 0, 0, 0 },

24
src/proto_tcp.c
View File

@ -1430,7 +1430,7 @@ pattern_fetch_src6(struct proxy *px, struct session *l4, void *l7, unsigned int
/* set temp integer to the connection's source port */ /* set temp integer to the connection's source port */
static int static int
acl_fetch_sport(struct proxy *px, struct session *l4, void *l7, unsigned int opt, smp_fetch_sport(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp) const struct arg *args, struct sample *smp)
{ {
smp->type = SMP_T_UINT; smp->type = SMP_T_UINT;
@ -1499,7 +1499,7 @@ pattern_fetch_dst6(struct proxy *px, struct session *l4, void *l7, unsigned int
/* set temp integer to the frontend connexion's destination port */ /* set temp integer to the frontend connexion's destination port */
static int static int
acl_fetch_dport(struct proxy *px, struct session *l4, void *l7, unsigned int opt, smp_fetch_dport(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp) const struct arg *args, struct sample *smp)
{ {
stream_sock_get_to_addr(&l4->si[0]); stream_sock_get_to_addr(&l4->si[0]);
@ -1512,19 +1512,6 @@ acl_fetch_dport(struct proxy *px, struct session *l4, void *l7, unsigned int opt
return 1; return 1;
} }
static int
pattern_fetch_dport(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *arg, struct sample *smp)
{
smp->type = SMP_T_UINT;
stream_sock_get_to_addr(&l4->si[0]);
if (!(smp->data.uint = get_host_port(&l4->si[0].addr.to)))
return 0;
return 1;
}
static int static int
pattern_fetch_payloadlv(struct proxy *px, struct session *l4, void *l7, unsigned int opt, pattern_fetch_payloadlv(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *arg_p, struct sample *smp) const struct arg *arg_p, struct sample *smp)
@ -1656,11 +1643,11 @@ static struct cfg_kw_list cfg_kws = {{ },{
*/ */
static struct acl_kw_list acl_kws = {{ },{ static struct acl_kw_list acl_kws = {{ },{
{ "dst", acl_parse_ip, acl_fetch_dst, acl_match_ip, ACL_USE_TCP4_PERMANENT|ACL_MAY_LOOKUP, 0 }, { "dst", acl_parse_ip, acl_fetch_dst, acl_match_ip, ACL_USE_TCP4_PERMANENT|ACL_MAY_LOOKUP, 0 },
{ "dst_port", acl_parse_int, acl_fetch_dport, acl_match_int, ACL_USE_TCP_PERMANENT, 0 }, { "dst_port", acl_parse_int, smp_fetch_dport, acl_match_int, ACL_USE_TCP_PERMANENT, 0 },
{ "req_rdp_cookie", acl_parse_str, smp_fetch_rdp_cookie, acl_match_str, ACL_USE_L6REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) }, { "req_rdp_cookie", acl_parse_str, smp_fetch_rdp_cookie, acl_match_str, ACL_USE_L6REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) },
{ "req_rdp_cookie_cnt", acl_parse_int, acl_fetch_rdp_cookie_cnt, acl_match_int, ACL_USE_L6REQ_VOLATILE, ARG1(0,STR) }, { "req_rdp_cookie_cnt", acl_parse_int, acl_fetch_rdp_cookie_cnt, acl_match_int, ACL_USE_L6REQ_VOLATILE, ARG1(0,STR) },
{ "src", acl_parse_ip, acl_fetch_src, acl_match_ip, ACL_USE_TCP4_PERMANENT|ACL_MAY_LOOKUP, 0 }, { "src", acl_parse_ip, acl_fetch_src, acl_match_ip, ACL_USE_TCP4_PERMANENT|ACL_MAY_LOOKUP, 0 },
{ "src_port", acl_parse_int, acl_fetch_sport, acl_match_int, ACL_USE_TCP_PERMANENT, 0 }, { "src_port", acl_parse_int, smp_fetch_sport, acl_match_int, ACL_USE_TCP_PERMANENT, 0 },
{ NULL, NULL, NULL, NULL }, { NULL, NULL, NULL, NULL },
}}; }};
@ -1670,10 +1657,11 @@ static struct pattern_fetch_kw_list pattern_fetch_keywords = {{ },{
{ "src6", pattern_fetch_src6, 0, NULL, SMP_T_IPV6, SMP_CAP_REQ|SMP_CAP_RES }, { "src6", pattern_fetch_src6, 0, NULL, SMP_T_IPV6, SMP_CAP_REQ|SMP_CAP_RES },
{ "dst", pattern_fetch_dst, 0, NULL, SMP_T_IPV4, SMP_CAP_REQ|SMP_CAP_RES }, { "dst", pattern_fetch_dst, 0, NULL, SMP_T_IPV4, SMP_CAP_REQ|SMP_CAP_RES },
{ "dst6", pattern_fetch_dst6, 0, NULL, SMP_T_IPV6, SMP_CAP_REQ|SMP_CAP_RES }, { "dst6", pattern_fetch_dst6, 0, NULL, SMP_T_IPV6, SMP_CAP_REQ|SMP_CAP_RES },
{ "dst_port", pattern_fetch_dport, 0, NULL, SMP_T_UINT, SMP_CAP_REQ|SMP_CAP_RES }, { "dst_port", smp_fetch_dport, 0, NULL, SMP_T_UINT, SMP_CAP_REQ|SMP_CAP_RES },
{ "payload", pattern_fetch_payload, ARG2(2,UINT,UINT), val_payload, SMP_T_CBIN, SMP_CAP_REQ|SMP_CAP_RES }, { "payload", pattern_fetch_payload, ARG2(2,UINT,UINT), val_payload, SMP_T_CBIN, SMP_CAP_REQ|SMP_CAP_RES },
{ "payload_lv", pattern_fetch_payloadlv, ARG3(2,UINT,UINT,SINT), val_payload_lv, SMP_T_CBIN, SMP_CAP_REQ|SMP_CAP_RES }, { "payload_lv", pattern_fetch_payloadlv, ARG3(2,UINT,UINT,SINT), val_payload_lv, SMP_T_CBIN, SMP_CAP_REQ|SMP_CAP_RES },
{ "rdp_cookie", pattern_fetch_rdp_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_REQ|SMP_CAP_RES }, { "rdp_cookie", pattern_fetch_rdp_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_REQ|SMP_CAP_RES },
{ "src_port", smp_fetch_sport, 0, NULL, SMP_T_UINT, SMP_CAP_REQ|SMP_CAP_RES },
{ NULL, NULL, 0, 0, 0 }, { NULL, NULL, 0, 0, 0 },
}}; }};