mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-11-28 14:21:00 +01:00
Code Issues Projects Releases Wiki Activity

MEDIUM: acl/pattern: use the same direction scheme

Browse Source 
Patterns were using a bitmask to indicate if request or response was desired
in fetch functions and keywords. ACLs were using a bitmask in fetch keywords
and a single bit in fetch functions. ACLs were also using an ACL_PARTIAL bit
in fetch functions indicating that a non-final fetch was performed, which was
an abuse of the existing direction flag.

The change now consists in using :
  - a capabilities field for fetch keywords => SMP_CAP_REQ/RES to indicate
    if a keyword supports requests, responses, both, etc...
  - an option field for fetch functions to indicate what the caller expects
    (request/response, final/non-final)

The ACL_PARTIAL bit was reversed to get SMP_OPT_FINAL as it's more explicit
to know we're working on a final buffer than on a non-final one.

ACL_DIR_* were removed, as well as PATTERN_FETCH_*. L4 fetches were improved
to support being called on responses too since they're still available.

The <dir> field of all fetch functions was changed to <opt> which is now
unsigned.

The patch is large but mostly made of cosmetic changes to accomodate this, as
almost no logic change happened.
This commit is contained in:
Willy Tarreau 2012-04-25 10:13:36 +02:00
parent 9fb4bc7f43
commit 32a6f2e572
16 changed files with 233 additions and 223 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/proto/acl.h
View File

@ -94,7 +94,7 @@ struct acl_cond *build_acl_cond(const char *file, int line, struct proxy *px, co
* condition, it does not apply the polarity required by IF/UNLESS, it's up to
* the caller to do this.
*/
int acl_exec_cond(struct acl_cond *cond, struct proxy *px, struct session *l4, void *l7, int dir);
int acl_exec_cond(struct acl_cond *cond, struct proxy *px, struct session *l4, void *l7, unsigned int opt);
/* Reports a pointer to the first ACL used in condition <cond> which requires
* at least one of the USE_FLAGS in <require>. Returns NULL if none matches.
@ -171,7 +171,7 @@ int acl_parse_reg(const char **text, struct acl_pattern *pattern, int *opaque);
int acl_parse_ip(const char **text, struct acl_pattern *pattern, int *opaque);
/* always fake a data retrieval */
int acl_fetch_nothing(struct proxy *px, struct session *l4, void *l7, int dir,
int acl_fetch_nothing(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp);
/* always return false */

2
include/proto/pattern.h
View File

@ -27,7 +27,7 @@
struct pattern_expr *pattern_parse_expr(char **str, int *idx, char *err, int err_size);
struct sample *pattern_process(struct proxy *px, struct session *l4,
void *l7, int dir, struct pattern_expr *expr,
void *l7, unsigned int dir, struct pattern_expr *expr,
struct sample *p);
void pattern_register_fetches(struct pattern_fetch_kw_list *psl);
void pattern_register_convs(struct pattern_conv_kw_list *psl);

2
include/proto/proto_tcp.h
View File

@ -34,7 +34,7 @@ int tcp_connect_server(struct stream_interface *si);
int tcp_inspect_request(struct session *s, struct buffer *req, int an_bit);
int tcp_inspect_response(struct session *s, struct buffer *rep, int an_bit);
int tcp_exec_req_rules(struct session *s);
int smp_fetch_rdp_cookie(struct proxy *px, struct session *l4, void *l7, int dir, const struct arg *args, struct sample *smp);
int smp_fetch_rdp_cookie(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp);
/* Converts the TCP source address to a stick_table key usable for table
* lookups. Returns either NULL if the source cannot be converted (eg: not

2
include/proto/stick_table.h
View File

@ -47,7 +47,7 @@ struct stksess *stktable_lookup(struct stktable *t, struct stksess *ts);
struct stksess *stktable_lookup_key(struct stktable *t, struct stktable_key *key);
struct stksess *stktable_update_key(struct stktable *table, struct stktable_key *key);
struct stktable_key *stktable_fetch_key(struct stktable *t, struct proxy *px,
struct session *l4, void *l7, int dir,
struct session *l4, void *l7, unsigned int opt,
struct pattern_expr *expr);
int stktable_compatible_pattern(struct pattern_expr *expr, unsigned long table_type);
int stktable_get_data_type(char *name);

10
include/types/acl.h
View File

@ -71,14 +71,6 @@ enum {
ACL_COND_UNLESS, /* negative condition (after 'unless') */
};
/* ACLs can be evaluated on requests and on responses, and on partial or complete data */
enum {
ACL_DIR_REQ = 0, /* ACL evaluated on request */
ACL_DIR_RTR = (1 << 0), /* ACL evaluated on response */
ACL_DIR_MASK = (ACL_DIR_REQ | ACL_DIR_RTR),
ACL_PARTIAL = (1 << 1), /* partial data, return MISS if data are missing */
};
/* possible flags for expressions or patterns */
enum {
ACL_PAT_F_IGNORE_CASE = 1 << 0, /* ignore case */
@ -238,7 +230,7 @@ struct acl_expr;
struct acl_keyword {
const char *kw;
int (*parse)(const char **text, struct acl_pattern *pattern, int *opaque);
int (*fetch)(struct proxy *px, struct session *l4, void *l7, int dir,
int (*fetch)(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp);
int (*match)(struct sample *smp, struct acl_pattern *pattern);
unsigned int requires; /* bit mask of all ACL_USE_* required to evaluate this keyword */

30
include/types/pattern.h
View File

@ -41,6 +41,26 @@ enum {
SMP_TYPES /* number of types, must always be last */
};
/* Sample fetch capabilities are used to declare keywords. Right now only
* the supportd fetch directions are specified.
*/
enum {
SMP_CAP_REQ = 1 << 0, /* fetch supported on request */
SMP_CAP_RES = 1 << 1, /* fetch supported on response */
};
/* Sample fetch options are passed to sample fetch functions to add precision
* about what is desired :
* - fetch direction (req/resp)
* - intermediary / final fetch
*/
enum {
SMP_OPT_DIR_REQ = 0, /* direction = request */
SMP_OPT_DIR_RES = 1, /* direction = response */
SMP_OPT_DIR = (SMP_OPT_DIR_REQ|SMP_OPT_DIR_RES), /* mask to get direction */
SMP_OPT_FINAL = 2, /* final fetch, contents won't change anymore */
};
/* Flags used to describe fetched samples. MAY_CHANGE indicates that the result
* of the fetch might still evolve, for instance because of more data expected,
* even if the fetch has failed. VOL_* indicates how long a result may be cached.
@ -56,11 +76,6 @@ enum {
SMP_F_VOLATILE = (1<<2)|(1<<3)|(1<<4)|(1<<5)|(1<<6), /* any volatility condition */
};
/* pattern fetch direction */
#define PATTERN_FETCH_REQ 1
#define PATTERN_FETCH_RTR 2
/* a sample context might be used by any sample fetch function in order to
* store information needed across multiple calls (eg: restart point for a
* next occurrence). By definition it may store up to 8 pointers, or any
@ -115,13 +130,14 @@ struct pattern_fetch {
int (*process)(struct proxy *px,
struct session *l4,
void *l7,
int dir, const struct arg *arg_p,
unsigned int opt, /* fetch options (SMP_OPT_*) */
const struct arg *arg_p,
struct sample *smp); /* fetch processing function */
unsigned int arg_mask; /* arguments (ARG*()) */
int (*val_args)(struct arg *arg_p,
char **err_msg); /* argument validation function */
unsigned long out_type; /* output pattern type */
int dir; /* usable directions */
unsigned int cap; /* fetch capabilities (SMP_CAP_*) */
};
/* pattern expression */

34
src/acl.c
View File

@ -65,7 +65,7 @@ static struct acl_kw_list acl_keywords = {
/* force TRUE to be returned at the fetch level */
static int
acl_fetch_true(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_true(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
smp->type = SMP_T_BOOL;
@ -77,10 +77,10 @@ acl_fetch_true(struct proxy *px, struct session *l4, void *l7, int dir,
* used with content inspection.
*/
static int
acl_fetch_wait_end(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_wait_end(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (dir & ACL_PARTIAL) {
if (!(opt & SMP_OPT_FINAL)) {
smp->flags |= SMP_F_MAY_CHANGE;
return 0;
}
@ -91,7 +91,7 @@ acl_fetch_wait_end(struct proxy *px, struct session *l4, void *l7, int dir,
/* force FALSE to be returned at the fetch level */
static int
acl_fetch_false(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_false(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
smp->type = SMP_T_BOOL;
@ -101,7 +101,7 @@ acl_fetch_false(struct proxy *px, struct session *l4, void *l7, int dir,
/* return the number of bytes in the request buffer */
static int
acl_fetch_req_len(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_req_len(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4 || !l4->req)
@ -115,7 +115,7 @@ acl_fetch_req_len(struct proxy *px, struct session *l4, void *l7, int dir,
static int
acl_fetch_ssl_hello_type(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_ssl_hello_type(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
int hs_len;
@ -126,7 +126,7 @@ acl_fetch_ssl_hello_type(struct proxy *px, struct session *l4, void *l7, int dir
if (!l4)
goto not_ssl_hello;
b = ((dir & ACL_DIR_MASK) == ACL_DIR_RTR) ? l4->rep : l4->req;
b = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? l4->rep : l4->req;
bleft = b->i;
data = (const unsigned char *)b->p;
@ -184,7 +184,7 @@ acl_fetch_ssl_hello_type(struct proxy *px, struct session *l4, void *l7, int dir
* Note: this decoder only works with non-wrapping data.
*/
static int
acl_fetch_req_ssl_ver(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_req_ssl_ver(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
int version, bleft, msg_len;
@ -320,7 +320,7 @@ acl_fetch_req_ssl_ver(struct proxy *px, struct session *l4, void *l7, int dir,
* - opaque hostname[name_len bytes]
*/
static int
acl_fetch_ssl_hello_sni(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_ssl_hello_sni(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
int hs_len, ext_len, bleft;
@ -330,7 +330,7 @@ acl_fetch_ssl_hello_sni(struct proxy *px, struct session *l4, void *l7, int dir,
if (!l4)
goto not_ssl_hello;
b = ((dir & ACL_DIR_MASK) == ACL_DIR_RTR) ? l4->rep : l4->req;
b = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? l4->rep : l4->req;
bleft = b->i;
data = (unsigned char *)b->p;
@ -464,7 +464,7 @@ int acl_parse_nothing(const char **text, struct acl_pattern *pattern, int *opaqu
}
/* always fake a data retrieval */
int acl_fetch_nothing(struct proxy *px, struct session *l4, void *l7, int dir,
int acl_fetch_nothing(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
return 1;
@ -1681,8 +1681,8 @@ struct acl_cond *build_acl_cond(const char *file, int line, struct proxy *px, co
/* Execute condition <cond> and return either ACL_PAT_FAIL, ACL_PAT_MISS or
* ACL_PAT_PASS depending on the test results. ACL_PAT_MISS may only be
* returned if <dir> contains ACL_PARTIAL, indicating that incomplete data
* is being examined.
* returned if <opt> does not contain SMP_OPT_FINAL, indicating that incomplete
* data is being examined.
* This function only computes the condition, it does not apply the polarity
* required by IF/UNLESS, it's up to the caller to do this using something like
* this :
@ -1693,7 +1693,7 @@ struct acl_cond *build_acl_cond(const char *file, int line, struct proxy *px, co
* if (cond->pol == ACL_COND_UNLESS)
* res = !res;
*/
int acl_exec_cond(struct acl_cond *cond, struct proxy *px, struct session *l4, void *l7, int dir)
int acl_exec_cond(struct acl_cond *cond, struct proxy *px, struct session *l4, void *l7, unsigned int opt)
{
__label__ fetch_next;
struct acl_term_suite *suite;
@ -1733,9 +1733,9 @@ int acl_exec_cond(struct acl_cond *cond, struct proxy *px, struct session *l4, v
/* we need to reset context and flags */
memset(&smp, 0, sizeof(smp));
fetch_next:
if (!expr->kw->fetch(px, l4, l7, dir, expr->args, &smp)) {
if (!expr->kw->fetch(px, l4, l7, opt, expr->args, &smp)) {
/* maybe we could not fetch because of missing data */
if (smp.flags & SMP_F_MAY_CHANGE && dir & ACL_PARTIAL)
if (smp.flags & SMP_F_MAY_CHANGE && !(opt & SMP_OPT_FINAL))
acl_res |= ACL_PAT_MISS;
continue;
}
@ -1784,7 +1784,7 @@ int acl_exec_cond(struct acl_cond *cond, struct proxy *px, struct session *l4, v
* later and give another chance for a new match (eg: request
* size, time, ...)
*/
if (smp.flags & SMP_F_MAY_CHANGE && dir & ACL_PARTIAL)
if (smp.flags & SMP_F_MAY_CHANGE && !(opt & SMP_OPT_FINAL))
acl_res |= ACL_PAT_MISS;
}
/*

24
src/backend.c
View File

@ -416,7 +416,7 @@ struct server *get_server_rch(struct session *s)
args[0].data.str.len = px->hh_len;
args[1].type = ARGT_STOP;
ret = smp_fetch_rdp_cookie(px, s, NULL, ACL_DIR_REQ, args, &smp);
ret = smp_fetch_rdp_cookie(px, s, NULL, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, args, &smp);
len = smp.data.str.len;
if (ret == 0 || (smp.flags & SMP_F_MAY_CHANGE) || len == 0)
@ -1134,7 +1134,7 @@ int tcp_persist_rdp_cookie(struct session *s, struct buffer *req, int an_bit)
args[0].data.str.len = s->be->rdp_cookie_len;
args[1].type = ARGT_STOP;
ret = smp_fetch_rdp_cookie(px, s, NULL, ACL_DIR_REQ, args, &smp);
ret = smp_fetch_rdp_cookie(px, s, NULL, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, args, &smp);
if (ret == 0 || (smp.flags & SMP_F_MAY_CHANGE) || smp.data.str.len == 0)
goto no_cookie;
@ -1374,7 +1374,7 @@ int backend_parse_balance(const char **args, char *err, int errlen, struct proxy
* undefined behaviour.
*/
static int
acl_fetch_nbsrv(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_nbsrv(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
smp->flags = SMP_F_VOL_TEST;
@ -1397,7 +1397,7 @@ acl_fetch_nbsrv(struct proxy *px, struct session *l4, void *l7, int dir,
* undefined behaviour.
*/
static int
acl_fetch_srv_is_up(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_srv_is_up(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct server *srv = args->data.srv;
@ -1417,7 +1417,7 @@ acl_fetch_srv_is_up(struct proxy *px, struct session *l4, void *l7, int dir,
* undefined behaviour.
*/
static int
acl_fetch_connslots(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_connslots(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct server *iterator;
@ -1445,7 +1445,7 @@ acl_fetch_connslots(struct proxy *px, struct session *l4, void *l7, int dir,
/* set temp integer to the id of the backend */
static int
acl_fetch_be_id(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_be_id(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
smp->flags = SMP_F_VOL_TXN;
@ -1456,7 +1456,7 @@ acl_fetch_be_id(struct proxy *px, struct session *l4, void *l7, int dir,
/* set temp integer to the id of the server */
static int
acl_fetch_srv_id(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_srv_id(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!target_srv(&l4->target))
@ -1473,7 +1473,7 @@ acl_fetch_srv_id(struct proxy *px, struct session *l4, void *l7, int dir,
* undefined behaviour.
*/
static int
acl_fetch_be_sess_rate(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_be_sess_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
smp->flags = SMP_F_VOL_TEST;
@ -1487,7 +1487,7 @@ acl_fetch_be_sess_rate(struct proxy *px, struct session *l4, void *l7, int dir,
* undefined behaviour.
*/
static int
acl_fetch_be_conn(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_be_conn(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
smp->flags = SMP_F_VOL_TEST;
@ -1501,7 +1501,7 @@ acl_fetch_be_conn(struct proxy *px, struct session *l4, void *l7, int dir,
* undefined behaviour.
*/
static int
acl_fetch_queue_size(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_queue_size(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
smp->flags = SMP_F_VOL_TEST;
@ -1519,7 +1519,7 @@ acl_fetch_queue_size(struct proxy *px, struct session *l4, void *l7, int dir,
* undefined behaviour.
*/
static int
acl_fetch_avg_queue_size(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_avg_queue_size(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
int nbsrv;
@ -1548,7 +1548,7 @@ acl_fetch_avg_queue_size(struct proxy *px, struct session *l4, void *l7, int dir
* undefined behaviour.
*/
static int
acl_fetch_srv_conn(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_srv_conn(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
smp->flags = SMP_F_VOL_TEST;

50
src/cfgparse.c
View File

@ -1120,7 +1120,7 @@ static int create_cond_regex_rule(const char *file, int line,
goto err;
}
if (dir == ACL_DIR_REQ)
if (dir == SMP_OPT_DIR_REQ)
err_code |= warnif_cond_requires_resp(cond, file, line);
else
err_code |= warnif_cond_requires_req(cond, file, line);
@ -1138,7 +1138,7 @@ static int create_cond_regex_rule(const char *file, int line,
goto err;
}
err = chain_regex((dir == ACL_DIR_REQ) ? &px->req_exp : &px->rsp_exp,
err = chain_regex((dir == SMP_OPT_DIR_REQ) ? &px->req_exp : &px->rsp_exp,
preg, action, repl ? strdup(repl) : NULL, cond);
if (repl && err) {
Alert("parsing [%s:%d] : '%s' : invalid character or unterminated sequence in replacement string near '%c'.\n",
@ -1147,7 +1147,7 @@ static int create_cond_regex_rule(const char *file, int line,
goto err;
}
if (dir == ACL_DIR_REQ && warnif_misplaced_reqxxx(px, file, line, cmd))
if (dir == SMP_OPT_DIR_REQ && warnif_misplaced_reqxxx(px, file, line, cmd))
err_code |= ERR_WARN;
return err_code;
@ -3005,7 +3005,7 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
}
if (flags & STK_ON_RSP) {
if (!(expr->fetch->dir & PATTERN_FETCH_RTR)) {
if (!(expr->fetch->cap & SMP_CAP_RES)) {
Alert("parsing [%s:%d] : '%s': fetch method '%s' can not be used on response.\n",
file, linenum, args[0], expr->fetch->kw);
err_code |= ERR_ALERT | ERR_FATAL;
@ -3013,7 +3013,7 @@ int cfg_parse_listen(const char *file, int linenum, char **args, int kwm)
goto out;
}
} else {
if (!(expr->fetch->dir & PATTERN_FETCH_REQ)) {
if (!(expr->fetch->cap & SMP_CAP_REQ)) {
Alert("parsing [%s:%d] : '%s': fetch method '%s' can not be used on request.\n",
file, linenum, args[0], expr->fetch->kw);
err_code |= ERR_ALERT | ERR_FATAL;
@ -4882,56 +4882,56 @@ stats_error_parsing:
}
err_code |= create_cond_regex_rule(file, linenum, curproxy,
ACL_DIR_REQ, ACT_REPLACE, 0,
SMP_OPT_DIR_REQ, ACT_REPLACE, 0,
args[0], args[1], args[2], (const char **)args+3);
if (err_code & ERR_FATAL)
goto out;
}
else if (!strcmp(args[0], "reqdel")) { /* delete request header from a regex */
err_code |= create_cond_regex_rule(file, linenum, curproxy,
ACL_DIR_REQ, ACT_REMOVE, 0,
SMP_OPT_DIR_REQ, ACT_REMOVE, 0,
args[0], args[1], NULL, (const char **)args+2);
if (err_code & ERR_FATAL)
goto out;
}
else if (!strcmp(args[0], "reqdeny")) { /* deny a request if a header matches this regex */
err_code |= create_cond_regex_rule(file, linenum, curproxy,
ACL_DIR_REQ, ACT_DENY, 0,
SMP_OPT_DIR_REQ, ACT_DENY, 0,
args[0], args[1], NULL, (const char **)args+2);
if (err_code & ERR_FATAL)
goto out;
}
else if (!strcmp(args[0], "reqpass")) { /* pass this header without allowing or denying the request */
err_code |= create_cond_regex_rule(file, linenum, curproxy,
ACL_DIR_REQ, ACT_PASS, 0,
SMP_OPT_DIR_REQ, ACT_PASS, 0,
args[0], args[1], NULL, (const char **)args+2);
if (err_code & ERR_FATAL)
goto out;
}
else if (!strcmp(args[0], "reqallow")) { /* allow a request if a header matches this regex */
err_code |= create_cond_regex_rule(file, linenum, curproxy,
ACL_DIR_REQ, ACT_ALLOW, 0,
SMP_OPT_DIR_REQ, ACT_ALLOW, 0,
args[0], args[1], NULL, (const char **)args+2);
if (err_code & ERR_FATAL)
goto out;
}
else if (!strcmp(args[0], "reqtarpit")) { /* tarpit a request if a header matches this regex */
err_code |= create_cond_regex_rule(file, linenum, curproxy,
ACL_DIR_REQ, ACT_TARPIT, 0,
SMP_OPT_DIR_REQ, ACT_TARPIT, 0,
args[0], args[1], NULL, (const char **)args+2);
if (err_code & ERR_FATAL)
goto out;
}
else if (!strcmp(args[0], "reqsetbe")) { /* switch the backend from a regex, respecting case */
err_code |= create_cond_regex_rule(file, linenum, curproxy,
ACL_DIR_REQ, ACT_SETBE, 0,
SMP_OPT_DIR_REQ, ACT_SETBE, 0,
args[0], args[1], args[2], (const char **)args+3);
if (err_code & ERR_FATAL)
goto out;
}
else if (!strcmp(args[0], "reqisetbe")) { /* switch the backend from a regex, ignoring case */
err_code |= create_cond_regex_rule(file, linenum, curproxy,
ACL_DIR_REQ, ACT_SETBE, REG_ICASE,
SMP_OPT_DIR_REQ, ACT_SETBE, REG_ICASE,
args[0], args[1], args[2], (const char **)args+3);
if (err_code & ERR_FATAL)
goto out;
@ -4945,42 +4945,42 @@ stats_error_parsing:
}
err_code |= create_cond_regex_rule(file, linenum, curproxy,
ACL_DIR_REQ, ACT_REPLACE, REG_ICASE,
SMP_OPT_DIR_REQ, ACT_REPLACE, REG_ICASE,
args[0], args[1], args[2], (const char **)args+3);
if (err_code & ERR_FATAL)
goto out;
}
else if (!strcmp(args[0], "reqidel")) { /* delete request header from a regex ignoring case */
err_code |= create_cond_regex_rule(file, linenum, curproxy,
ACL_DIR_REQ, ACT_REMOVE, REG_ICASE,
SMP_OPT_DIR_REQ, ACT_REMOVE, REG_ICASE,
args[0], args[1], NULL, (const char **)args+2);
if (err_code & ERR_FATAL)
goto out;
}
else if (!strcmp(args[0], "reqideny")) { /* deny a request if a header matches this regex ignoring case */
err_code |= create_cond_regex_rule(file, linenum, curproxy,
ACL_DIR_REQ, ACT_DENY, REG_ICASE,
SMP_OPT_DIR_REQ, ACT_DENY, REG_ICASE,
args[0], args[1], NULL, (const char **)args+2);
if (err_code & ERR_FATAL)
goto out;
}
else if (!strcmp(args[0], "reqipass")) { /* pass this header without allowing or denying the request */
err_code |= create_cond_regex_rule(file, linenum, curproxy,
ACL_DIR_REQ, ACT_PASS, REG_ICASE,
SMP_OPT_DIR_REQ, ACT_PASS, REG_ICASE,
args[0], args[1], NULL, (const char **)args+2);
if (err_code & ERR_FATAL)
goto out;
}
else if (!strcmp(args[0], "reqiallow")) { /* allow a request if a header matches this regex ignoring case */
err_code |= create_cond_regex_rule(file, linenum, curproxy,
ACL_DIR_REQ, ACT_ALLOW, REG_ICASE,
SMP_OPT_DIR_REQ, ACT_ALLOW, REG_ICASE,
args[0], args[1], NULL, (const char **)args+2);
if (err_code & ERR_FATAL)
goto out;
}
else if (!strcmp(args[0], "reqitarpit")) { /* tarpit a request if a header matches this regex ignoring case */
err_code |= create_cond_regex_rule(file, linenum, curproxy,
ACL_DIR_REQ, ACT_TARPIT, REG_ICASE,
SMP_OPT_DIR_REQ, ACT_TARPIT, REG_ICASE,
args[0], args[1], NULL, (const char **)args+2);
if (err_code & ERR_FATAL)
goto out;
@ -5033,21 +5033,21 @@ stats_error_parsing:
}
err_code |= create_cond_regex_rule(file, linenum, curproxy,
ACL_DIR_RTR, ACT_REPLACE, 0,
SMP_OPT_DIR_RES, ACT_REPLACE, 0,
args[0], args[1], args[2], (const char **)args+3);
if (err_code & ERR_FATAL)
goto out;
}
else if (!strcmp(args[0], "rspdel")) { /* delete response header from a regex */
err_code |= create_cond_regex_rule(file, linenum, curproxy,
ACL_DIR_RTR, ACT_REMOVE, 0,
SMP_OPT_DIR_RES, ACT_REMOVE, 0,
args[0], args[1], NULL, (const char **)args+2);
if (err_code & ERR_FATAL)
goto out;
}
else if (!strcmp(args[0], "rspdeny")) { /* block response header from a regex */
err_code |= create_cond_regex_rule(file, linenum, curproxy,
ACL_DIR_RTR, ACT_DENY, 0,
SMP_OPT_DIR_RES, ACT_DENY, 0,
args[0], args[1], NULL, (const char **)args+2);
if (err_code & ERR_FATAL)
goto out;
@ -5061,21 +5061,21 @@ stats_error_parsing:
}
err_code |= create_cond_regex_rule(file, linenum, curproxy,
ACL_DIR_RTR, ACT_REPLACE, REG_ICASE,
SMP_OPT_DIR_RES, ACT_REPLACE, REG_ICASE,
args[0], args[1], args[2], (const char **)args+3);
if (err_code & ERR_FATAL)
goto out;
}
else if (!strcmp(args[0], "rspidel")) { /* delete response header from a regex ignoring case */
err_code |= create_cond_regex_rule(file, linenum, curproxy,
ACL_DIR_RTR, ACT_REMOVE, REG_ICASE,
SMP_OPT_DIR_RES, ACT_REMOVE, REG_ICASE,
args[0], args[1], NULL, (const char **)args+2);
if (err_code & ERR_FATAL)
goto out;
}
else if (!strcmp(args[0], "rspideny")) { /* block response header from a regex ignoring case */
err_code |= create_cond_regex_rule(file, linenum, curproxy,
ACL_DIR_RTR, ACT_DENY, REG_ICASE,
SMP_OPT_DIR_RES, ACT_DENY, REG_ICASE,
args[0], args[1], NULL, (const char **)args+2);
if (err_code & ERR_FATAL)
goto out;

6
src/frontend.c
View File

@ -499,7 +499,7 @@ int make_proxy_line(char *buf, int buf_len, struct sockaddr_storage *src, struct
/* set temp integer to the id of the frontend */
static int
acl_fetch_fe_id(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_fe_id(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
smp->flags = SMP_F_VOL_SESS;
@ -513,7 +513,7 @@ acl_fetch_fe_id(struct proxy *px, struct session *l4, void *l7, int dir,
* an undefined behaviour.
*/
static int
acl_fetch_fe_sess_rate(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_fe_sess_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
smp->flags = SMP_F_VOL_TEST;
@ -527,7 +527,7 @@ acl_fetch_fe_sess_rate(struct proxy *px, struct session *l4, void *l7, int dir,
* an undefined behaviour.
*/
static int
acl_fetch_fe_conn(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_fe_conn(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
smp->flags = SMP_F_VOL_TEST;

7
src/pattern.c
View File

@ -463,7 +463,7 @@ out_error:
/*
* Process a fetch + format conversion of defined by the pattern expression <expr>
* on request or response considering the <dir> parameter.
* on request or response considering the <opt> parameter.
* Returns a pointer on a typed pattern structure containing the result or NULL if
* pattern is not found or when format conversion failed.
* If <p> is not null, function returns results in structure pointed by <p>.
@ -473,7 +473,8 @@ out_error:
* conversion functions must do so too. However the cast functions do not need
* to since they're made to cast mutiple types according to what is required.
*/
struct sample *pattern_process(struct proxy *px, struct session *l4, void *l7, int dir,
struct sample *pattern_process(struct proxy *px, struct session *l4, void *l7,
unsigned int opt,
struct pattern_expr *expr, struct sample *p)
{
struct pattern_conv_expr *conv_expr;
@ -482,7 +483,7 @@ struct sample *pattern_process(struct proxy *px, struct session *l4, void *l7, i
p = &temp_smp;
p->flags = 0;
if (!expr->fetch->process(px, l4, l7, dir, expr->arg_p, p))
if (!expr->fetch->process(px, l4, l7, opt, expr->arg_p, p))
return NULL;
list_for_each_entry(conv_expr, &expr->conv_exprs, list) {

92
src/proto_http.c
View File

@ -2355,7 +2355,7 @@ int http_wait_for_request(struct session *s, struct buffer *req, int an_bit)
/* Check if we want to fail this monitor request or not */
list_for_each_entry(cond, &s->fe->mon_fail_cond, list) {
int ret = acl_exec_cond(cond, s->fe, s, txn, ACL_DIR_REQ);
int ret = acl_exec_cond(cond, s->fe, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
ret = acl_pass(ret);
if (cond->pol == ACL_COND_UNLESS)
@ -2735,7 +2735,7 @@ http_check_access_rule(struct proxy *px, struct list *rules, struct session *s,
/* check condition, but only if attached */
if (rule->cond) {
ret = acl_exec_cond(rule->cond, px, s, txn, ACL_DIR_REQ);
ret = acl_exec_cond(rule->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
ret = acl_pass(ret);
if (rule->cond->pol == ACL_COND_UNLESS)
@ -2789,7 +2789,7 @@ int http_process_req_common(struct session *s, struct buffer *req, int an_bit, s
/* first check whether we have some ACLs set to block this request */
list_for_each_entry(cond, &px->block_cond, list) {
int ret = acl_exec_cond(cond, px, s, txn, ACL_DIR_REQ);
int ret = acl_exec_cond(cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
ret = acl_pass(ret);
if (cond->pol == ACL_COND_UNLESS)
@ -2944,7 +2944,7 @@ int http_process_req_common(struct session *s, struct buffer *req, int an_bit, s
/* add request headers from the rule sets in the same order */
list_for_each_entry(wl, &px->req_add, list) {
if (wl->cond) {
int ret = acl_exec_cond(wl->cond, px, s, txn, ACL_DIR_REQ);
int ret = acl_exec_cond(wl->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
ret = acl_pass(ret);
if (((struct acl_cond *)wl->cond)->pol == ACL_COND_UNLESS)
ret = !ret;
@ -2969,7 +2969,7 @@ int http_process_req_common(struct session *s, struct buffer *req, int an_bit, s
int ret = 1;
if (stats_admin_rule->cond) {
ret = acl_exec_cond(stats_admin_rule->cond, s->be, s, &s->txn, ACL_DIR_REQ);
ret = acl_exec_cond(stats_admin_rule->cond, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
ret = acl_pass(ret);
if (stats_admin_rule->cond->pol == ACL_COND_UNLESS)
ret = !ret;
@ -3031,7 +3031,7 @@ int http_process_req_common(struct session *s, struct buffer *req, int an_bit, s
int ret = ACL_PAT_PASS;
if (rule->cond) {
ret = acl_exec_cond(rule->cond, px, s, txn, ACL_DIR_REQ);
ret = acl_exec_cond(rule->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
ret = acl_pass(ret);
if (rule->cond->pol == ACL_COND_UNLESS)
ret = !ret;
@ -5004,7 +5004,7 @@ int http_process_res_common(struct session *t, struct buffer *rep, int an_bit, s
if (txn->status < 200)
break;
if (wl->cond) {
int ret = acl_exec_cond(wl->cond, px, t, txn, ACL_DIR_RTR);
int ret = acl_exec_cond(wl->cond, px, t, txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL);
ret = acl_pass(ret);
if (((struct acl_cond *)wl->cond)->pol == ACL_COND_UNLESS)
ret = !ret;
@ -5737,7 +5737,7 @@ int apply_filters_to_request(struct session *s, struct buffer *req, struct proxy
* next filter if the condition does not match.
*/
if (exp->cond) {
ret = acl_exec_cond(exp->cond, px, s, txn, ACL_DIR_REQ);
ret = acl_exec_cond(exp->cond, px, s, txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
ret = acl_pass(ret);
if (((struct acl_cond *)exp->cond)->pol == ACL_COND_UNLESS)
ret = !ret;
@ -6577,7 +6577,7 @@ int apply_filters_to_response(struct session *s, struct buffer *rtr, struct prox
* next filter if the condition does not match.
*/
if (exp->cond) {
ret = acl_exec_cond(exp->cond, px, s, txn, ACL_DIR_RTR);
ret = acl_exec_cond(exp->cond, px, s, txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL);
ret = acl_pass(ret);
if (((struct acl_cond *)exp->cond)->pol == ACL_COND_UNLESS)
ret = !ret;
@ -7541,7 +7541,7 @@ req_error_parsing:
* 1 if an HTTP message is ready
*/
static int
acl_prefetch_http(struct proxy *px, struct session *s, void *l7, int dir,
acl_prefetch_http(struct proxy *px, struct session *s, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp, int req_vol)
{
struct http_txn *txn = l7;
@ -7557,7 +7557,7 @@ acl_prefetch_http(struct proxy *px, struct session *s, void *l7, int dir,
/* Check for a dependency on a request */
smp->type = SMP_T_BOOL;
if ((dir & ACL_DIR_MASK) == ACL_DIR_REQ) {
if ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) {
if (unlikely(!s->req))
return 0;
@ -7612,10 +7612,10 @@ acl_prefetch_http(struct proxy *px, struct session *s, void *l7, int dir,
}
#define CHECK_HTTP_MESSAGE_FIRST() \
do { int r = acl_prefetch_http(px, l4, l7, dir, args, smp, 1); if (r <= 0) return r; } while (0)
do { int r = acl_prefetch_http(px, l4, l7, opt, args, smp, 1); if (r <= 0) return r; } while (0)
#define CHECK_HTTP_MESSAGE_FIRST_PERM() \
do { int r = acl_prefetch_http(px, l4, l7, dir, args, smp, 0); if (r <= 0) return r; } while (0)
do { int r = acl_prefetch_http(px, l4, l7, opt, args, smp, 0); if (r <= 0) return r; } while (0)
/* 1. Check on METHOD
@ -7648,7 +7648,7 @@ static int acl_parse_meth(const char **text, struct acl_pattern *pattern, int *o
* This is intended to be used with acl_match_meth() only.
*/
static int
acl_fetch_meth(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_meth(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
int meth;
@ -7712,7 +7712,7 @@ static int acl_parse_ver(const char **text, struct acl_pattern *pattern, int *op
}
static int
acl_fetch_rqver(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_rqver(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct http_txn *txn = l7;
@ -7737,7 +7737,7 @@ acl_fetch_rqver(struct proxy *px, struct session *l4, void *l7, int dir,
}
static int
acl_fetch_stver(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_stver(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct http_txn *txn = l7;
@ -7763,7 +7763,7 @@ acl_fetch_stver(struct proxy *px, struct session *l4, void *l7, int dir,
/* 3. Check on Status Code. We manipulate integers here. */
static int
acl_fetch_stcode(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_stcode(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct http_txn *txn = l7;
@ -7783,7 +7783,7 @@ acl_fetch_stcode(struct proxy *px, struct session *l4, void *l7, int dir,
/* 4. Check on URL/URI. A pointer to the URI is stored. */
static int
acl_fetch_url(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_url(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct http_txn *txn = l7;
@ -7798,7 +7798,7 @@ acl_fetch_url(struct proxy *px, struct session *l4, void *l7, int dir,
}
static int
acl_fetch_url_ip(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_url_ip(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct http_txn *txn = l7;
@ -7824,7 +7824,7 @@ acl_fetch_url_ip(struct proxy *px, struct session *l4, void *l7, int dir,
}
static int
acl_fetch_url_port(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_url_port(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct http_txn *txn = l7;
@ -7847,13 +7847,13 @@ acl_fetch_url_port(struct proxy *px, struct session *l4, void *l7, int dir,
* Accepts exactly 1 argument of type string.
*/
static int
acl_fetch_hdr(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_hdr(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct http_txn *txn = l7;
struct hdr_idx *idx = &txn->hdr_idx;
struct hdr_ctx *ctx = (struct hdr_ctx *)smp->ctx.a;
const struct http_msg *msg = ((dir & ACL_DIR_MASK) == ACL_DIR_REQ) ? &txn->req : &txn->rsp;
const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp;
if (!args || args->type != ARGT_STR)
return 0;
@ -7883,13 +7883,13 @@ acl_fetch_hdr(struct proxy *px, struct session *l4, void *l7, int dir,
* Accepts exactly 1 argument of type string.
*/
static int
acl_fetch_hdr_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_hdr_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct http_txn *txn = l7;
struct hdr_idx *idx = &txn->hdr_idx;
struct hdr_ctx ctx;
const struct http_msg *msg = ((dir & ACL_DIR_MASK) == ACL_DIR_REQ) ? &txn->req : &txn->rsp;
const struct http_msg *msg = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) ? &txn->req : &txn->rsp;
int cnt;
if (!args || args->type != ARGT_STR)
@ -7912,10 +7912,10 @@ acl_fetch_hdr_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
* FIXME: the type is 'int', it may not be appropriate for everything.
*/
static int
acl_fetch_hdr_val(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_hdr_val(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
int ret = acl_fetch_hdr(px, l4, l7, dir, args, smp);
int ret = acl_fetch_hdr(px, l4, l7, opt, args, smp);
if (ret > 0) {
smp->type = SMP_T_UINT;
@ -7928,12 +7928,12 @@ acl_fetch_hdr_val(struct proxy *px, struct session *l4, void *l7, int dir,
/* 7. Check on HTTP header's IPv4 address value. The IPv4 address is returned.
*/
static int
acl_fetch_hdr_ip(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_hdr_ip(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
int ret;
while ((ret = acl_fetch_hdr(px, l4, l7, dir, args, smp)) > 0) {
while ((ret = acl_fetch_hdr(px, l4, l7, opt, args, smp)) > 0) {
smp->type = SMP_T_IPV4;
if (url2ipv4((char *)smp->data.str.str, &smp->data.ipv4))
break;
@ -7946,7 +7946,7 @@ acl_fetch_hdr_ip(struct proxy *px, struct session *l4, void *l7, int dir,
* the first '/' after the possible hostname, and ends before the possible '?'.
*/
static int
acl_fetch_path(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_path(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct http_txn *txn = l7;
@ -7972,7 +7972,7 @@ acl_fetch_path(struct proxy *px, struct session *l4, void *l7, int dir,
}
static int
acl_fetch_proto_http(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_proto_http(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
/* Note: hdr_idx.v cannot be NULL in this ACL because the ACL is tagged
@ -7988,7 +7988,7 @@ acl_fetch_proto_http(struct proxy *px, struct session *l4, void *l7, int dir,
/* return a valid test if the current request is the first one on the connection */
static int
acl_fetch_http_first_req(struct proxy *px, struct session *s, void *l7, int dir,
acl_fetch_http_first_req(struct proxy *px, struct session *s, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!s)
@ -8001,7 +8001,7 @@ acl_fetch_http_first_req(struct proxy *px, struct session *s, void *l7, int dir,
/* Accepts exactly 1 argument of type userlist */
static int
acl_fetch_http_auth(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_http_auth(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
@ -8121,7 +8121,7 @@ extract_cookie_value(char *hdr, const char *hdr_end,
* Accepts exactly 1 argument of type string.
*/
static int
acl_fetch_cookie_value(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_cookie_value(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct http_txn *txn = l7;
@ -8137,7 +8137,7 @@ acl_fetch_cookie_value(struct proxy *px, struct session *l4, void *l7, int dir,
CHECK_HTTP_MESSAGE_FIRST();
if ((dir & ACL_DIR_MASK) == ACL_DIR_REQ) {
if ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) {
msg = &txn->req;
hdr_name = "Cookie";
hdr_name_len = 6;
@ -8172,7 +8172,7 @@ acl_fetch_cookie_value(struct proxy *px, struct session *l4, void *l7, int dir,
smp->type = SMP_T_CSTR;
smp->ctx.a[0] = extract_cookie_value(smp->ctx.a[0], smp->ctx.a[1],
args->data.str.str, args->data.str.len,
(dir & ACL_DIR_MASK) == ACL_DIR_REQ,
(opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ,
&smp->data.str.str,
&smp->data.str.len);
if (smp->ctx.a[0]) {
@ -8195,7 +8195,7 @@ acl_fetch_cookie_value(struct proxy *px, struct session *l4, void *l7, int dir,
* Accepts exactly 1 argument of type string.
*/
static int
acl_fetch_cookie_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_cookie_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct http_txn *txn = l7;
@ -8213,7 +8213,7 @@ acl_fetch_cookie_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
CHECK_HTTP_MESSAGE_FIRST();
if ((dir & ACL_DIR_MASK) == ACL_DIR_REQ) {
if ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ) {
msg = &txn->req;
hdr_name = "Cookie";
hdr_name_len = 6;
@ -8244,7 +8244,7 @@ acl_fetch_cookie_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
smp->type = SMP_T_CSTR;
while ((val_beg = extract_cookie_value(val_beg, val_end,
args->data.str.str, args->data.str.len,
(dir & ACL_DIR_MASK) == ACL_DIR_REQ,
(opt & SMP_OPT_DIR) == SMP_OPT_DIR_REQ,
&smp->data.str.str,
&smp->data.str.len))) {
cnt++;
@ -8349,7 +8349,7 @@ static struct acl_kw_list acl_kws = {{ },{
/* Returns the last occurrence of specified header. */
static int
pattern_fetch_hdr(struct proxy *px, struct session *l4, void *l7, int dir,
pattern_fetch_hdr(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *arg_p, struct sample *smp)
{
struct http_txn *txn = l7;
@ -8445,7 +8445,7 @@ find_url_param_value(char* path, size_t path_l,
}
static int
pattern_fetch_url_param(struct proxy *px, struct session *l4, void *l7, int dir,
pattern_fetch_url_param(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *arg_p, struct sample *smp)
{
struct http_txn *txn = l7;
@ -8499,7 +8499,7 @@ find_cookie_value(struct http_msg *msg, struct http_txn *txn,
}
static int
pattern_fetch_cookie(struct proxy *px, struct session *l4, void *l7, int dir,
pattern_fetch_cookie(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *arg_p, struct sample *smp)
{
struct http_txn *txn = l7;
@ -8522,7 +8522,7 @@ pattern_fetch_cookie(struct proxy *px, struct session *l4, void *l7, int dir,
static int
pattern_fetch_set_cookie(struct proxy *px, struct session *l4, void *l7, int dir,
pattern_fetch_set_cookie(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *arg_p, struct sample *smp)
{
struct http_txn *txn = l7;
@ -8548,10 +8548,10 @@ pattern_fetch_set_cookie(struct proxy *px, struct session *l4, void *l7, int dir
/************************************************************************/
/* Note: must not be declared <const> as its list will be overwritten */
static struct pattern_fetch_kw_list pattern_fetch_keywords = {{ },{
{ "hdr", pattern_fetch_hdr, ARG1(1,STR), NULL, SMP_T_CSTR, PATTERN_FETCH_REQ },
{ "url_param", pattern_fetch_url_param, ARG1(1,STR), NULL, SMP_T_CSTR, PATTERN_FETCH_REQ },
{ "cookie", pattern_fetch_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, PATTERN_FETCH_REQ },
{ "set-cookie", pattern_fetch_set_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, PATTERN_FETCH_RTR },
{ "hdr", pattern_fetch_hdr, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_REQ },
{ "url_param", pattern_fetch_url_param, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_REQ },
{ "cookie", pattern_fetch_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_REQ },
{ "set-cookie", pattern_fetch_set_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_RES },
{ NULL, NULL, 0, 0, 0 },
}};

66
src/proto_tcp.c
View File

@ -690,15 +690,15 @@ int tcp_inspect_request(struct session *s, struct buffer *req, int an_bit)
*/
if (req->flags & (BF_SHUTR|BF_FULL) || !s->be->tcp_req.inspect_delay || tick_is_expired(req->analyse_exp, now_ms))
partial = 0;
partial = SMP_OPT_FINAL;
else
partial = ACL_PARTIAL;
partial = 0;
list_for_each_entry(rule, &s->be->tcp_req.inspect_rules, list) {
int ret = ACL_PAT_PASS;
if (rule->cond) {
ret = acl_exec_cond(rule->cond, s->be, s, &s->txn, ACL_DIR_REQ | partial);
ret = acl_exec_cond(rule->cond, s->be, s, &s->txn, SMP_OPT_DIR_REQ | partial);
if (ret == ACL_PAT_MISS) {
buffer_dont_connect(req);
/* just set the request timeout once at the beginning of the request */
@ -808,15 +808,15 @@ int tcp_inspect_response(struct session *s, struct buffer *rep, int an_bit)
*/
if (rep->flags & BF_SHUTR || tick_is_expired(rep->analyse_exp, now_ms))
partial = 0;
partial = SMP_OPT_FINAL;
else
partial = ACL_PARTIAL;
partial = 0;
list_for_each_entry(rule, &s->be->tcp_rep.inspect_rules, list) {
int ret = ACL_PAT_PASS;
if (rule->cond) {
ret = acl_exec_cond(rule->cond, s->be, s, &s->txn, ACL_DIR_RTR | partial);
ret = acl_exec_cond(rule->cond, s->be, s, &s->txn, SMP_OPT_DIR_RES | partial);
if (ret == ACL_PAT_MISS) {
/* just set the analyser timeout once at the beginning of the response */
if (!tick_isset(rep->analyse_exp) && s->be->tcp_rep.inspect_delay)
@ -880,7 +880,7 @@ int tcp_exec_req_rules(struct session *s)
ret = ACL_PAT_PASS;
if (rule->cond) {
ret = acl_exec_cond(rule->cond, s->fe, s, NULL, ACL_DIR_REQ);
ret = acl_exec_cond(rule->cond, s->fe, s, NULL, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
ret = acl_pass(ret);
if (rule->cond->pol == ACL_COND_UNLESS)
ret = !ret;
@ -1257,7 +1257,7 @@ static int tcp_parse_tcp_req(char **args, int section_type, struct proxy *curpx,
* is a string (cookie name), other types will lead to undefined behaviour.
*/
int
smp_fetch_rdp_cookie(struct proxy *px, struct session *l4, void *l7, int dir,
smp_fetch_rdp_cookie(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
int bleft;
@ -1345,13 +1345,13 @@ smp_fetch_rdp_cookie(struct proxy *px, struct session *l4, void *l7, int dir,
}
static int
pattern_fetch_rdp_cookie(struct proxy *px, struct session *l4, void *l7, int dir,
pattern_fetch_rdp_cookie(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *arg_p, struct sample *smp)
{
int ret;
/* sample type set by smp_fetch_rdp_cookie() */
ret = smp_fetch_rdp_cookie(px, l4, NULL, ACL_DIR_REQ, arg_p, smp);
ret = smp_fetch_rdp_cookie(px, l4, NULL, opt, arg_p, smp);
if (ret == 0 || (smp->flags & SMP_F_MAY_CHANGE) || smp->data.str.len == 0)
return 0;
return 1;
@ -1363,12 +1363,12 @@ pattern_fetch_rdp_cookie(struct proxy *px, struct session *l4, void *l7, int dir
/* returns either 1 or 0 depending on whether an RDP cookie is found or not */
static int
acl_fetch_rdp_cookie_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_rdp_cookie_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
int ret;
ret = smp_fetch_rdp_cookie(px, l4, l7, dir, args, smp);
ret = smp_fetch_rdp_cookie(px, l4, l7, opt, args, smp);
if (smp->flags & SMP_F_MAY_CHANGE)
return 0;
@ -1382,7 +1382,7 @@ acl_fetch_rdp_cookie_cnt(struct proxy *px, struct session *l4, void *l7, int dir
/* copy the source IPv4/v6 address into temp_pattern */
static int
acl_fetch_src(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_src(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
switch (l4->si[0].addr.from.ss_family) {
@ -1404,7 +1404,7 @@ acl_fetch_src(struct proxy *px, struct session *l4, void *l7, int dir,
/* extract the connection's source ipv4 address */
static int
pattern_fetch_src(struct proxy *px, struct session *l4, void *l7, int dir,
pattern_fetch_src(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *arg_p, struct sample *smp)
{
if (l4->si[0].addr.from.ss_family != AF_INET )
@ -1417,7 +1417,7 @@ pattern_fetch_src(struct proxy *px, struct session *l4, void *l7, int dir,
/* extract the connection's source ipv6 address */
static int
pattern_fetch_src6(struct proxy *px, struct session *l4, void *l7, int dir,
pattern_fetch_src6(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *arg_p, struct sample *smp)
{
if (l4->si[0].addr.from.ss_family != AF_INET6)
@ -1430,7 +1430,7 @@ pattern_fetch_src6(struct proxy *px, struct session *l4, void *l7, int dir,
/* set temp integer to the connection's source port */
static int
acl_fetch_sport(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sport(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
smp->type = SMP_T_UINT;
@ -1444,7 +1444,7 @@ acl_fetch_sport(struct proxy *px, struct session *l4, void *l7, int dir,
/* set test->ptr to point to the frontend's IPv4/IPv6 address and test->i to the family */
static int
acl_fetch_dst(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_dst(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
stream_sock_get_to_addr(&l4->si[0]);
@ -1469,7 +1469,7 @@ acl_fetch_dst(struct proxy *px, struct session *l4, void *l7, int dir,
/* extract the connection's destination ipv4 address */
static int
pattern_fetch_dst(struct proxy *px, struct session *l4, void *l7, int dir,
pattern_fetch_dst(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *arg_p, struct sample *smp)
{
stream_sock_get_to_addr(&l4->si[0]);
@ -1484,7 +1484,7 @@ pattern_fetch_dst(struct proxy *px, struct session *l4, void *l7, int dir,
/* extract the connection's destination ipv6 address */
static int
pattern_fetch_dst6(struct proxy *px, struct session *l4, void *l7, int dir,
pattern_fetch_dst6(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *arg_p, struct sample *smp)
{
stream_sock_get_to_addr(&l4->si[0]);
@ -1499,7 +1499,7 @@ pattern_fetch_dst6(struct proxy *px, struct session *l4, void *l7, int dir,
/* set temp integer to the frontend connexion's destination port */
static int
acl_fetch_dport(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_dport(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
stream_sock_get_to_addr(&l4->si[0]);
@ -1513,7 +1513,7 @@ acl_fetch_dport(struct proxy *px, struct session *l4, void *l7, int dir,
}
static int
pattern_fetch_dport(struct proxy *px, struct session *l4, void *l7, int dir,
pattern_fetch_dport(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *arg, struct sample *smp)
{
smp->type = SMP_T_UINT;
@ -1526,7 +1526,7 @@ pattern_fetch_dport(struct proxy *px, struct session *l4, void *l7, int dir,
}
static int
pattern_fetch_payloadlv(struct proxy *px, struct session *l4, void *l7, int dir,
pattern_fetch_payloadlv(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *arg_p, struct sample *smp)
{
int len_offset = arg_p[0].data.uint;
@ -1543,7 +1543,7 @@ pattern_fetch_payloadlv(struct proxy *px, struct session *l4, void *l7, int dir,
if (!l4)
return 0;
b = (dir & PATTERN_FETCH_RTR) ? l4->rep : l4->req;
b = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? l4->rep : l4->req;
if (!b || !b->i)
return 0;
@ -1576,7 +1576,7 @@ pattern_fetch_payloadlv(struct proxy *px, struct session *l4, void *l7, int dir,
}
static int
pattern_fetch_payload(struct proxy *px, struct session *l4, void *l7, int dir,
pattern_fetch_payload(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *arg_p, struct sample *smp)
{
int buf_offset = arg_p[0].data.uint;
@ -1586,7 +1586,7 @@ pattern_fetch_payload(struct proxy *px, struct session *l4, void *l7, int dir,
if (!l4)
return 0;
b = (dir & PATTERN_FETCH_RTR) ? l4->rep : l4->req;
b = ((opt & SMP_OPT_DIR) == SMP_OPT_DIR_RES) ? l4->rep : l4->req;
if (!b || !b->i)
return 0;
@ -1666,14 +1666,14 @@ static struct acl_kw_list acl_kws = {{ },{
/* Note: must not be declared <const> as its list will be overwritten */
static struct pattern_fetch_kw_list pattern_fetch_keywords = {{ },{
{ "src", pattern_fetch_src, 0, NULL, SMP_T_IPV4, PATTERN_FETCH_REQ },
{ "src6", pattern_fetch_src6, 0, NULL, SMP_T_IPV6, PATTERN_FETCH_REQ },
{ "dst", pattern_fetch_dst, 0, NULL, SMP_T_IPV4, PATTERN_FETCH_REQ },
{ "dst6", pattern_fetch_dst6, 0, NULL, SMP_T_IPV6, PATTERN_FETCH_REQ },
{ "dst_port", pattern_fetch_dport, 0, NULL, SMP_T_UINT, PATTERN_FETCH_REQ },
{ "payload", pattern_fetch_payload, ARG2(2,UINT,UINT), val_payload, SMP_T_CBIN, PATTERN_FETCH_REQ|PATTERN_FETCH_RTR },
{ "payload_lv", pattern_fetch_payloadlv, ARG3(2,UINT,UINT,SINT), val_payload_lv, SMP_T_CBIN, PATTERN_FETCH_REQ|PATTERN_FETCH_RTR },
{ "rdp_cookie", pattern_fetch_rdp_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, PATTERN_FETCH_REQ },
{ "src", pattern_fetch_src, 0, NULL, SMP_T_IPV4, SMP_CAP_REQ|SMP_CAP_RES },
{ "src6", pattern_fetch_src6, 0, NULL, SMP_T_IPV6, SMP_CAP_REQ|SMP_CAP_RES },
{ "dst", pattern_fetch_dst, 0, NULL, SMP_T_IPV4, SMP_CAP_REQ|SMP_CAP_RES },
{ "dst6", pattern_fetch_dst6, 0, NULL, SMP_T_IPV6, SMP_CAP_REQ|SMP_CAP_RES },
{ "dst_port", pattern_fetch_dport, 0, NULL, SMP_T_UINT, SMP_CAP_REQ|SMP_CAP_RES },
{ "payload", pattern_fetch_payload, ARG2(2,UINT,UINT), val_payload, SMP_T_CBIN, SMP_CAP_REQ|SMP_CAP_RES },
{ "payload_lv", pattern_fetch_payloadlv, ARG3(2,UINT,UINT,SINT), val_payload_lv, SMP_T_CBIN, SMP_CAP_REQ|SMP_CAP_RES },
{ "rdp_cookie", pattern_fetch_rdp_cookie, ARG1(1,STR), NULL, SMP_T_CSTR, SMP_CAP_REQ|SMP_CAP_RES },
{ NULL, NULL, 0, 0, 0 },
}};

4
src/protocols.c
View File

@ -325,7 +325,7 @@ int protocol_disable_all(void)
/* set temp integer to the number of connexions to the same listening socket */
static int
acl_fetch_dconn(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_dconn(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
smp->type = SMP_T_UINT;
@ -335,7 +335,7 @@ acl_fetch_dconn(struct proxy *px, struct session *l4, void *l7, int dir,
/* set temp integer to the id of the socket (listener) */
static int
acl_fetch_so_id(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_so_id(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
smp->type = SMP_T_UINT;

116
src/session.c
View File

@ -982,7 +982,7 @@ static int process_switching_rules(struct session *s, struct buffer *req, int an
list_for_each_entry(rule, &s->fe->switching_rules, list) {
int ret;
ret = acl_exec_cond(rule->cond, s->fe, s, &s->txn, ACL_DIR_REQ);
ret = acl_exec_cond(rule->cond, s->fe, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
ret = acl_pass(ret);
if (rule->cond->pol == ACL_COND_UNLESS)
ret = !ret;
@ -1017,7 +1017,7 @@ static int process_switching_rules(struct session *s, struct buffer *req, int an
int ret = 1;
if (prst_rule->cond) {
ret = acl_exec_cond(prst_rule->cond, s->be, s, &s->txn, ACL_DIR_REQ);
ret = acl_exec_cond(prst_rule->cond, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
ret = acl_pass(ret);
if (prst_rule->cond->pol == ACL_COND_UNLESS)
ret = !ret;
@ -1074,7 +1074,7 @@ static int process_server_rules(struct session *s, struct buffer *req, int an_bi
list_for_each_entry(rule, &px->server_rules, list) {
int ret;
ret = acl_exec_cond(rule->cond, s->be, s, &s->txn, ACL_DIR_REQ);
ret = acl_exec_cond(rule->cond, s->be, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
ret = acl_pass(ret);
if (rule->cond->pol == ACL_COND_UNLESS)
ret = !ret;
@ -1132,7 +1132,7 @@ static int process_sticking_rules(struct session *s, struct buffer *req, int an_
continue;
if (rule->cond) {
ret = acl_exec_cond(rule->cond, px, s, &s->txn, ACL_DIR_REQ);
ret = acl_exec_cond(rule->cond, px, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL);
ret = acl_pass(ret);
if (rule->cond->pol == ACL_COND_UNLESS)
ret = !ret;
@ -1141,7 +1141,7 @@ static int process_sticking_rules(struct session *s, struct buffer *req, int an_
if (ret) {
struct stktable_key *key;
key = stktable_fetch_key(rule->table.t, px, s, &s->txn, PATTERN_FETCH_REQ, rule->expr);
key = stktable_fetch_key(rule->table.t, px, s, &s->txn, SMP_OPT_DIR_REQ|SMP_OPT_FINAL, rule->expr);
if (!key)
continue;
@ -1225,7 +1225,7 @@ static int process_store_rules(struct session *s, struct buffer *rep, int an_bit
continue;
if (rule->cond) {
ret = acl_exec_cond(rule->cond, px, s, &s->txn, ACL_DIR_RTR);
ret = acl_exec_cond(rule->cond, px, s, &s->txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL);
ret = acl_pass(ret);
if (rule->cond->pol == ACL_COND_UNLESS)
ret = !ret;
@ -1234,7 +1234,7 @@ static int process_store_rules(struct session *s, struct buffer *rep, int an_bit
if (ret) {
struct stktable_key *key;
key = stktable_fetch_key(rule->table.t, px, s, &s->txn, PATTERN_FETCH_RTR, rule->expr);
key = stktable_fetch_key(rule->table.t, px, s, &s->txn, SMP_OPT_DIR_RES|SMP_OPT_FINAL, rule->expr);
if (!key)
continue;
@ -2326,7 +2326,7 @@ acl_fetch_get_gpc0(struct stktable *table, struct sample *smp, struct stksess *t
* frontend counters.
*/
static int
acl_fetch_sc1_get_gpc0(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc1_get_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr1_entry)
@ -2338,7 +2338,7 @@ acl_fetch_sc1_get_gpc0(struct proxy *px, struct session *l4, void *l7, int dir,
* backend counters.
*/
static int
acl_fetch_sc2_get_gpc0(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc2_get_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr2_entry)
@ -2351,7 +2351,7 @@ acl_fetch_sc2_get_gpc0(struct proxy *px, struct session *l4, void *l7, int dir,
* Accepts exactly 1 argument of type table.
*/
static int
acl_fetch_src_get_gpc0(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_src_get_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct stktable_key *key;
@ -2386,7 +2386,7 @@ acl_fetch_inc_gpc0(struct stktable *table, struct sample *smp, struct stksess *t
* frontend counters and return it into temp integer.
*/
static int
acl_fetch_sc1_inc_gpc0(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc1_inc_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr1_entry)
@ -2398,7 +2398,7 @@ acl_fetch_sc1_inc_gpc0(struct proxy *px, struct session *l4, void *l7, int dir,
* backend counters and return it into temp integer.
*/
static int
acl_fetch_sc2_inc_gpc0(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc2_inc_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr2_entry)
@ -2411,7 +2411,7 @@ acl_fetch_sc2_inc_gpc0(struct proxy *px, struct session *l4, void *l7, int dir,
* Accepts exactly 1 argument of type table.
*/
static int
acl_fetch_src_inc_gpc0(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_src_inc_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct stktable_key *key;
@ -2447,7 +2447,7 @@ acl_fetch_clr_gpc0(struct stktable *table, struct sample *smp, struct stksess *t
* frontend counters and return its previous value into temp integer.
*/
static int
acl_fetch_sc1_clr_gpc0(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc1_clr_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr1_entry)
@ -2459,7 +2459,7 @@ acl_fetch_sc1_clr_gpc0(struct proxy *px, struct session *l4, void *l7, int dir,
* backend counters and return its previous value into temp integer.
*/
static int
acl_fetch_sc2_clr_gpc0(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc2_clr_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr2_entry)
@ -2472,7 +2472,7 @@ acl_fetch_sc2_clr_gpc0(struct proxy *px, struct session *l4, void *l7, int dir,
* Accepts exactly 1 argument of type table.
*/
static int
acl_fetch_src_clr_gpc0(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_src_clr_gpc0(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct stktable_key *key;
@ -2503,7 +2503,7 @@ acl_fetch_conn_cnt(struct stktable *table, struct sample *smp, struct stksess *t
/* set temp integer to the cumulated number of connections from the session's tracked FE counters */
static int
acl_fetch_sc1_conn_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc1_conn_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr1_entry)
@ -2514,7 +2514,7 @@ acl_fetch_sc1_conn_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
/* set temp integer to the cumulated number of connections from the session's tracked BE counters */
static int
acl_fetch_sc2_conn_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc2_conn_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr2_entry)
@ -2528,7 +2528,7 @@ acl_fetch_sc2_conn_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
* Accepts exactly 1 argument of type table.
*/
static int
acl_fetch_src_conn_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_src_conn_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct stktable_key *key;
@ -2562,7 +2562,7 @@ acl_fetch_conn_rate(struct stktable *table, struct sample *smp, struct stksess *
* the configured period.
*/
static int
acl_fetch_sc1_conn_rate(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc1_conn_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr1_entry)
@ -2575,7 +2575,7 @@ acl_fetch_sc1_conn_rate(struct proxy *px, struct session *l4, void *l7, int dir,
* the configured period.
*/
static int
acl_fetch_sc2_conn_rate(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc2_conn_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr2_entry)
@ -2589,7 +2589,7 @@ acl_fetch_sc2_conn_rate(struct proxy *px, struct session *l4, void *l7, int dir,
* Accepts exactly 1 argument of type table.
*/
static int
acl_fetch_src_conn_rate(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_src_conn_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct stktable_key *key;
@ -2607,7 +2607,7 @@ acl_fetch_src_conn_rate(struct proxy *px, struct session *l4, void *l7, int dir,
* Accepts exactly 1 argument of type table.
*/
static int
acl_fetch_src_updt_conn_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_src_updt_conn_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct stksess *ts;
@ -2653,7 +2653,7 @@ acl_fetch_conn_cur(struct stktable *table, struct sample *smp, struct stksess *t
/* set temp integer to the number of concurrent connections from the session's tracked FE counters */
static int
acl_fetch_sc1_conn_cur(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc1_conn_cur(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr1_entry)
@ -2664,7 +2664,7 @@ acl_fetch_sc1_conn_cur(struct proxy *px, struct session *l4, void *l7, int dir,
/* set temp integer to the number of concurrent connections from the session's tracked BE counters */
static int
acl_fetch_sc2_conn_cur(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc2_conn_cur(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr2_entry)
@ -2678,7 +2678,7 @@ acl_fetch_sc2_conn_cur(struct proxy *px, struct session *l4, void *l7, int dir,
* Accepts exactly 1 argument of type table.
*/
static int
acl_fetch_src_conn_cur(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_src_conn_cur(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct stktable_key *key;
@ -2709,7 +2709,7 @@ acl_fetch_sess_cnt(struct stktable *table, struct sample *smp, struct stksess *t
/* set temp integer to the cumulated number of sessions from the session's tracked FE counters */
static int
acl_fetch_sc1_sess_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc1_sess_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr1_entry)
@ -2720,7 +2720,7 @@ acl_fetch_sc1_sess_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
/* set temp integer to the cumulated number of sessions from the session's tracked BE counters */
static int
acl_fetch_sc2_sess_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc2_sess_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr2_entry)
@ -2734,7 +2734,7 @@ acl_fetch_sc2_sess_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
* Accepts exactly 1 argument of type table.
*/
static int
acl_fetch_src_sess_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_src_sess_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct stktable_key *key;
@ -2768,7 +2768,7 @@ acl_fetch_sess_rate(struct stktable *table, struct sample *smp, struct stksess *
* the configured period.
*/
static int
acl_fetch_sc1_sess_rate(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc1_sess_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr1_entry)
@ -2781,7 +2781,7 @@ acl_fetch_sc1_sess_rate(struct proxy *px, struct session *l4, void *l7, int dir,
* the configured period.
*/
static int
acl_fetch_sc2_sess_rate(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc2_sess_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr2_entry)
@ -2795,7 +2795,7 @@ acl_fetch_sc2_sess_rate(struct proxy *px, struct session *l4, void *l7, int dir,
* Accepts exactly 1 argument of type table.
*/
static int
acl_fetch_src_sess_rate(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_src_sess_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct stktable_key *key;
@ -2826,7 +2826,7 @@ acl_fetch_http_req_cnt(struct stktable *table, struct sample *smp, struct stkses
/* set temp integer to the cumulated number of sessions from the session's tracked FE counters */
static int
acl_fetch_sc1_http_req_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc1_http_req_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr1_entry)
@ -2837,7 +2837,7 @@ acl_fetch_sc1_http_req_cnt(struct proxy *px, struct session *l4, void *l7, int d
/* set temp integer to the cumulated number of sessions from the session's tracked BE counters */
static int
acl_fetch_sc2_http_req_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc2_http_req_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr2_entry)
@ -2851,7 +2851,7 @@ acl_fetch_sc2_http_req_cnt(struct proxy *px, struct session *l4, void *l7, int d
* Accepts exactly 1 argument of type table.
*/
static int
acl_fetch_src_http_req_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_src_http_req_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct stktable_key *key;
@ -2885,7 +2885,7 @@ acl_fetch_http_req_rate(struct stktable *table, struct sample *smp, struct stkse
* the configured period.
*/
static int
acl_fetch_sc1_http_req_rate(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc1_http_req_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr1_entry)
@ -2898,7 +2898,7 @@ acl_fetch_sc1_http_req_rate(struct proxy *px, struct session *l4, void *l7, int
* the configured period.
*/
static int
acl_fetch_sc2_http_req_rate(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc2_http_req_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr2_entry)
@ -2912,7 +2912,7 @@ acl_fetch_sc2_http_req_rate(struct proxy *px, struct session *l4, void *l7, int
* Accepts exactly 1 argument of type table.
*/
static int
acl_fetch_src_http_req_rate(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_src_http_req_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct stktable_key *key;
@ -2943,7 +2943,7 @@ acl_fetch_http_err_cnt(struct stktable *table, struct sample *smp, struct stkses
/* set temp integer to the cumulated number of sessions from the session's tracked FE counters */
static int
acl_fetch_sc1_http_err_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc1_http_err_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr1_entry)
@ -2954,7 +2954,7 @@ acl_fetch_sc1_http_err_cnt(struct proxy *px, struct session *l4, void *l7, int d
/* set temp integer to the cumulated number of sessions from the session's tracked BE counters */
static int
acl_fetch_sc2_http_err_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc2_http_err_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr2_entry)
@ -2968,7 +2968,7 @@ acl_fetch_sc2_http_err_cnt(struct proxy *px, struct session *l4, void *l7, int d
* Accepts exactly 1 argument of type table.
*/
static int
acl_fetch_src_http_err_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_src_http_err_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct stktable_key *key;
@ -3002,7 +3002,7 @@ acl_fetch_http_err_rate(struct stktable *table, struct sample *smp, struct stkse
* the configured period.
*/
static int
acl_fetch_sc1_http_err_rate(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc1_http_err_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr1_entry)
@ -3015,7 +3015,7 @@ acl_fetch_sc1_http_err_rate(struct proxy *px, struct session *l4, void *l7, int
* the configured period.
*/
static int
acl_fetch_sc2_http_err_rate(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc2_http_err_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr2_entry)
@ -3029,7 +3029,7 @@ acl_fetch_sc2_http_err_rate(struct proxy *px, struct session *l4, void *l7, int
* Accepts exactly 1 argument of type table.
*/
static int
acl_fetch_src_http_err_rate(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_src_http_err_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct stktable_key *key;
@ -3063,7 +3063,7 @@ acl_fetch_kbytes_in(struct stktable *table, struct sample *smp, struct stksess *
* session's tracked FE counters.
*/
static int
acl_fetch_sc1_kbytes_in(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc1_kbytes_in(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr1_entry)
@ -3076,7 +3076,7 @@ acl_fetch_sc1_kbytes_in(struct proxy *px, struct session *l4, void *l7, int dir,
* session's tracked BE counters.
*/
static int
acl_fetch_sc2_kbytes_in(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc2_kbytes_in(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr2_entry)
@ -3090,7 +3090,7 @@ acl_fetch_sc2_kbytes_in(struct proxy *px, struct session *l4, void *l7, int dir,
* Accepts exactly 1 argument of type table.
*/
static int
acl_fetch_src_kbytes_in(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_src_kbytes_in(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct stktable_key *key;
@ -3126,7 +3126,7 @@ acl_fetch_bytes_in_rate(struct stktable *table, struct sample *smp, struct stkse
* counters over the configured period.
*/
static int
acl_fetch_sc1_bytes_in_rate(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc1_bytes_in_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr1_entry)
@ -3139,7 +3139,7 @@ acl_fetch_sc1_bytes_in_rate(struct proxy *px, struct session *l4, void *l7, int
* counters over the configured period.
*/
static int
acl_fetch_sc2_bytes_in_rate(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc2_bytes_in_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr2_entry)
@ -3153,7 +3153,7 @@ acl_fetch_sc2_bytes_in_rate(struct proxy *px, struct session *l4, void *l7, int
* Accepts exactly 1 argument of type table.
*/
static int
acl_fetch_src_bytes_in_rate(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_src_bytes_in_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct stktable_key *key;
@ -3187,7 +3187,7 @@ acl_fetch_kbytes_out(struct stktable *table, struct sample *smp, struct stksess
* tracked FE counters.
*/
static int
acl_fetch_sc1_kbytes_out(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc1_kbytes_out(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr1_entry)
@ -3200,7 +3200,7 @@ acl_fetch_sc1_kbytes_out(struct proxy *px, struct session *l4, void *l7, int dir
* tracked BE counters.
*/
static int
acl_fetch_sc2_kbytes_out(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc2_kbytes_out(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr2_entry)
@ -3214,7 +3214,7 @@ acl_fetch_sc2_kbytes_out(struct proxy *px, struct session *l4, void *l7, int dir
* Accepts exactly 1 argument of type table.
*/
static int
acl_fetch_src_kbytes_out(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_src_kbytes_out(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct stktable_key *key;
@ -3250,7 +3250,7 @@ acl_fetch_bytes_out_rate(struct stktable *table, struct sample *smp, struct stks
* over the configured period.
*/
static int
acl_fetch_sc1_bytes_out_rate(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc1_bytes_out_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr1_entry)
@ -3263,7 +3263,7 @@ acl_fetch_sc1_bytes_out_rate(struct proxy *px, struct session *l4, void *l7, int
* over the configured period.
*/
static int
acl_fetch_sc2_bytes_out_rate(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_sc2_bytes_out_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
if (!l4->stkctr2_entry)
@ -3277,7 +3277,7 @@ acl_fetch_sc2_bytes_out_rate(struct proxy *px, struct session *l4, void *l7, int
* Accepts exactly 1 argument of type table.
*/
static int
acl_fetch_src_bytes_out_rate(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_src_bytes_out_rate(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
struct stktable_key *key;
@ -3294,7 +3294,7 @@ acl_fetch_src_bytes_out_rate(struct proxy *px, struct session *l4, void *l7, int
* Accepts exactly 1 argument of type table.
*/
static int
acl_fetch_table_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_table_cnt(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
smp->flags = SMP_F_VOL_TEST;
@ -3307,7 +3307,7 @@ acl_fetch_table_cnt(struct proxy *px, struct session *l4, void *l7, int dir,
* Accepts exactly 1 argument of type table.
*/
static int
acl_fetch_table_avl(struct proxy *px, struct session *l4, void *l7, int dir,
acl_fetch_table_avl(struct proxy *px, struct session *l4, void *l7, unsigned int opt,
const struct arg *args, struct sample *smp)
{
px = args->data.prx;

7
src/stick_table.c
View File

@ -586,16 +586,17 @@ static pattern_to_key_fct pattern_to_key[SMP_TYPES][STKTABLE_TYPES] = {
/*
* Process a fetch + format conversion as defined by the pattern expression <expr>
* on request or response considering the <dir> parameter. Returns either NULL if
* on request or response considering the <opt> parameter. Returns either NULL if
* no key could be extracted, or a pointer to the converted result stored in
* static_table_key in format <table_type>.
*/
struct stktable_key *stktable_fetch_key(struct stktable *t, struct proxy *px, struct session *l4, void *l7, int dir,
struct stktable_key *stktable_fetch_key(struct stktable *t, struct proxy *px, struct session *l4, void *l7,
unsigned int opt,
struct pattern_expr *expr)
{
struct sample *smp;
smp = pattern_process(px, l4, l7, dir, expr, NULL);
smp = pattern_process(px, l4, l7, opt, expr, NULL);
if (!smp)
return NULL;