diff --git a/include/proto/pattern.h b/include/proto/pattern.h index e2801a0b6..63e02e7e9 100644 --- a/include/proto/pattern.h +++ b/include/proto/pattern.h @@ -73,6 +73,20 @@ int pat_idx_list_reg(struct pattern_expr *expr, struct pattern *pat, char **err) int pat_idx_tree_ip(struct pattern_expr *expr, struct pattern *pat, char **err); int pat_idx_tree_str(struct pattern_expr *expr, struct pattern *pat, char **err); +/* + * + * The following functions search pattern into the pattern + * expression . If the pattern is found, delete it. This function + * never fails. + * + */ +void pat_del_list_val(struct pattern_expr *expr, struct pattern *pat); +void pat_del_tree_ip(struct pattern_expr *expr, struct pattern *pat); +void pat_del_list_ptr(struct pattern_expr *expr, struct pattern *pat); +void pat_del_tree_str(struct pattern_expr *expr, struct pattern *pat); +void pat_del_list_str(struct pattern_expr *expr, struct pattern *pat); +void pat_del_list_reg(struct pattern_expr *expr, struct pattern *pat); + /* * * The following functions are general purpose pattern matching functions. @@ -162,6 +176,7 @@ void pattern_free(struct pattern_list *pat); void pattern_prune_expr(struct pattern_expr *expr); void pattern_init_expr(struct pattern_expr *expr); int pattern_lookup(const char *args, struct pattern_expr *expr, struct pattern_list **pat_elt, struct pattern_tree **idx_elt, char **err); +int pattern_delete(const char *key, struct pattern_expr *expr, char **err); #endif diff --git a/include/types/acl.h b/include/types/acl.h index 49c03cfe0..96b30bd1a 100644 --- a/include/types/acl.h +++ b/include/types/acl.h @@ -94,6 +94,7 @@ struct acl_keyword { char *fetch_kw; int (*parse)(const char *text, struct pattern *pattern, char **err); int (*index)(struct pattern_expr *expr, struct pattern *pattern, char **err); + void (*delete)(struct pattern_expr *expr, struct pattern *pattern); struct pattern *(*match)(struct sample *smp, struct pattern_expr *expr, int fill); /* must be after the config params */ struct sample_fetch *smp; /* the sample fetch we depend on */ diff --git a/include/types/pattern.h b/include/types/pattern.h index 9622888a3..2224e4c33 100644 --- a/include/types/pattern.h +++ b/include/types/pattern.h @@ -157,6 +157,7 @@ struct pattern_list { struct pattern_expr { int (*parse)(const char *text, struct pattern *pattern, char **err); int (*index)(struct pattern_expr *, struct pattern *, char **); + void (*delete)(struct pattern_expr *, struct pattern *); struct pattern *(*match)(struct sample *, struct pattern_expr *, int); struct list patterns; /* list of acl_patterns */ struct eb_root pattern_tree; /* may be used for lookup in large datasets */ @@ -166,7 +167,8 @@ struct pattern_expr { extern char *pat_match_names[PAT_MATCH_NUM]; extern int (*pat_parse_fcts[PAT_MATCH_NUM])(const char *, struct pattern *, char **); extern int (*pat_index_fcts[PAT_MATCH_NUM])(struct pattern_expr *, struct pattern *, char **); -struct pattern *(*pat_match_fcts[PAT_MATCH_NUM])(struct sample *, struct pattern_expr *, int); +extern void (*pat_delete_fcts[PAT_MATCH_NUM])(struct pattern_expr *, struct pattern *); +extern struct pattern *(*pat_match_fcts[PAT_MATCH_NUM])(struct sample *, struct pattern_expr *, int); extern int pat_match_types[PAT_MATCH_NUM]; #endif /* _TYPES_PATTERN_H */ diff --git a/src/acl.c b/src/acl.c index 37fd8f4b6..0356ca0b7 100644 --- a/src/acl.c +++ b/src/acl.c @@ -354,6 +354,7 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list * expr->pat.parse = aclkw ? aclkw->parse : NULL; expr->pat.index = aclkw ? aclkw->index : NULL; expr->pat.match = aclkw ? aclkw->match : NULL; + expr->pat.delete = aclkw ? aclkw->delete : NULL; expr->smp = smp; smp = NULL; @@ -365,18 +366,21 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list * expr->pat.parse = pat_parse_fcts[PAT_MATCH_BOOL]; expr->pat.index = pat_index_fcts[PAT_MATCH_BOOL]; expr->pat.match = pat_match_fcts[PAT_MATCH_BOOL]; + expr->pat.delete = pat_delete_fcts[PAT_MATCH_BOOL]; break; case SMP_T_SINT: case SMP_T_UINT: expr->pat.parse = pat_parse_fcts[PAT_MATCH_INT]; expr->pat.index = pat_index_fcts[PAT_MATCH_INT]; expr->pat.match = pat_match_fcts[PAT_MATCH_INT]; + expr->pat.delete = pat_delete_fcts[PAT_MATCH_INT]; break; case SMP_T_IPV4: case SMP_T_IPV6: expr->pat.parse = pat_parse_fcts[PAT_MATCH_IP]; expr->pat.index = pat_index_fcts[PAT_MATCH_IP]; expr->pat.match = pat_match_fcts[PAT_MATCH_IP]; + expr->pat.delete = pat_delete_fcts[PAT_MATCH_IP]; break; } } @@ -437,6 +441,7 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list * expr->pat.parse = pat_parse_fcts[idx]; expr->pat.index = pat_index_fcts[idx]; expr->pat.match = pat_match_fcts[idx]; + expr->pat.delete = pat_delete_fcts[idx]; args++; } else if ((*args)[1] == '-') { diff --git a/src/dumpstats.c b/src/dumpstats.c index 12bace2f5..836ad302d 100644 --- a/src/dumpstats.c +++ b/src/dumpstats.c @@ -1849,8 +1849,6 @@ static int stats_sock_parse_request(struct stream_interface *si, char *line) } else if (strcmp(args[0], "del") == 0) { if (strcmp(args[1], "map") == 0) { - struct pattern_list *pat_elt; - struct pattern_tree *idx_elt; struct map_entry *ent; /* Expect two parameters: map name and key. */ @@ -1895,16 +1893,7 @@ static int stats_sock_parse_request(struct stream_interface *si, char *line) appctx->ctx.map.desc = NULL; stats_map_lookup_next(si); while (appctx->ctx.map.desc) { - while (pattern_lookup(args[3], appctx->ctx.map.desc->pat, &pat_elt, &idx_elt, NULL)) { - if (pat_elt != NULL) { - LIST_DEL(&pat_elt->list); - pattern_free(pat_elt); - } - if (idx_elt != NULL) { - ebmb_delete(&idx_elt->node); - free(idx_elt); - } - } + pattern_delete(args[3], appctx->ctx.map.desc->pat, NULL); stats_map_lookup_next(si); } diff --git a/src/map.c b/src/map.c index c244bb7d3..25052fda3 100644 --- a/src/map.c +++ b/src/map.c @@ -412,6 +412,7 @@ static int sample_load_map(struct arg *arg, struct sample_conv *conv, char **err desc->pat->match = pat_match_fcts[conv->private]; desc->pat->parse = pat_parse_fcts[conv->private]; desc->pat->index = pat_index_fcts[conv->private]; + desc->pat->delete = pat_delete_fcts[conv->private]; /* parse each line of the file */ list_for_each_entry(ent, &ref->entries, list) diff --git a/src/pattern.c b/src/pattern.c index b417e9ffc..796384dcf 100644 --- a/src/pattern.c +++ b/src/pattern.c @@ -72,6 +72,22 @@ int (*pat_index_fcts[PAT_MATCH_NUM])(struct pattern_expr *, struct pattern *, ch [PAT_MATCH_REG] = pat_idx_list_reg, }; +void (*pat_delete_fcts[PAT_MATCH_NUM])(struct pattern_expr *, struct pattern *) = { + [PAT_MATCH_FOUND] = pat_del_list_val, + [PAT_MATCH_BOOL] = pat_del_list_val, + [PAT_MATCH_INT] = pat_del_list_val, + [PAT_MATCH_IP] = pat_del_tree_ip, + [PAT_MATCH_BIN] = pat_del_list_ptr, + [PAT_MATCH_LEN] = pat_del_list_val, + [PAT_MATCH_STR] = pat_del_tree_str, + [PAT_MATCH_BEG] = pat_del_list_str, + [PAT_MATCH_SUB] = pat_del_list_str, + [PAT_MATCH_DIR] = pat_del_list_str, + [PAT_MATCH_DOM] = pat_del_list_str, + [PAT_MATCH_END] = pat_del_list_str, + [PAT_MATCH_REG] = pat_del_list_reg, +}; + struct pattern *(*pat_match_fcts[PAT_MATCH_NUM])(struct sample *, struct pattern_expr *, int) = { [PAT_MATCH_FOUND] = NULL, [PAT_MATCH_BOOL] = pat_match_nothing, @@ -1178,6 +1194,202 @@ int pat_idx_tree_str(struct pattern_expr *expr, struct pattern *pat, char **err) return 1; } +void pat_del_list_val(struct pattern_expr *expr, struct pattern *pattern) +{ + struct pattern_list *pat; + struct pattern_list *safe; + + list_for_each_entry_safe(pat, safe, &expr->patterns, list) { + /* Check equality. */ + if (pattern->val.range.min_set != pat->pat.val.range.min_set) + continue; + if (pattern->val.range.max_set != pat->pat.val.range.max_set) + continue; + if (pattern->val.range.min_set && + pattern->val.range.min != pat->pat.val.range.min) + continue; + if (pattern->val.range.max_set && + pattern->val.range.max != pat->pat.val.range.max) + continue; + + /* Delete and free entry. */ + LIST_DEL(&pat->list); + free(pat->pat.smp); + free(pat); + } +} + +void pat_del_tree_ip(struct pattern_expr *expr, struct pattern *pattern) +{ + struct ebmb_node *node, *next_node; + struct pattern_tree *elt; + struct pattern_list *pat; + struct pattern_list *safe; + unsigned int mask; + + /* browse each node of the tree for IPv4 addresses. */ + if (pattern->type == SMP_T_IPV4) { + /* Convert mask. If the mask is contiguous, browse each node + * of the tree for IPv4 addresses. + */ + mask = ntohl(pattern->val.ipv4.mask.s_addr); + if (mask + (mask & -mask) == 0) { + mask = mask ? 33 - flsnz(mask & -mask) : 0; /* equals cidr value */ + + for (node = ebmb_first(&expr->pattern_tree), next_node = node ? ebmb_next(node) : NULL; + node; + node = next_node, next_node = node ? ebmb_next(node) : NULL) { + /* Extract container of the tree node. */ + elt = container_of(node, struct pattern_tree, node); + + /* Check equality. */ + if (memcmp(&pattern->val.ipv4.addr, elt->node.key, + sizeof(pattern->val.ipv4.addr)) != 0) + continue; + if (elt->node.node.pfx != mask) + continue; + + /* Delete and free entry. */ + ebmb_delete(node); + free(elt->smp); + free(elt); + } + } + else { + /* Browse each node of the list for IPv4 addresses. */ + list_for_each_entry_safe(pat, safe, &expr->patterns, list) { + /* Check equality, addr then mask */ + if (memcmp(&pattern->val.ipv4.addr, &pat->pat.val.ipv4.addr, + sizeof(pat->pat.val.ipv4.addr)) != 0) + continue; + + if (memcmp(&pattern->val.ipv4.mask, &pat->pat.val.ipv4.mask, + sizeof(pat->pat.val.ipv4.addr)) != 0) + continue; + + /* Delete and free entry. */ + LIST_DEL(&pat->list); + free(pat->pat.smp); + free(pat); + } + } + } + else if (pattern->type == SMP_T_IPV6) { + /* browse each node of the tree for IPv6 addresses. */ + for (node = ebmb_first(&expr->pattern_tree_2), next_node = node ? ebmb_next(node) : NULL; + node; + node = next_node, next_node = node ? ebmb_next(node) : NULL) { + /* Extract container of the tree node. */ + elt = container_of(node, struct pattern_tree, node); + + /* Check equality. */ + if (memcmp(&pattern->val.ipv6.addr, elt->node.key, + sizeof(pattern->val.ipv6.addr)) != 0) + continue; + if (elt->node.node.pfx != pattern->val.ipv6.mask) + continue; + + /* Delete and free entry. */ + ebmb_delete(node); + free(elt->smp); + free(elt); + } + } +} + +void pat_del_list_ptr(struct pattern_expr *expr, struct pattern *pattern) +{ + struct pattern_list *pat; + struct pattern_list *safe; + + list_for_each_entry_safe(pat, safe, &expr->patterns, list) { + /* Check equality. */ + if (pattern->len != pat->pat.len) + continue; + if (memcmp(pattern->ptr.ptr, pat->pat.ptr.ptr, pat->pat.len) != 0) + continue; + + /* Delete and free entry. */ + LIST_DEL(&pat->list); + free(pat->pat.ptr.ptr); + free(pat->pat.smp); + free(pat); + } +} + +void pat_del_tree_str(struct pattern_expr *expr, struct pattern *pattern) +{ + struct ebmb_node *node, *next_node; + struct pattern_tree *elt; + + /* browse each node of the tree. */ + for (node = ebmb_first(&expr->pattern_tree), next_node = node ? ebmb_next(node) : NULL; + node; + node = next_node, next_node = node ? ebmb_next(node) : NULL) { + /* Extract container of the tree node. */ + elt = container_of(node, struct pattern_tree, node); + + /* Check equality. */ + if (strcmp(pattern->ptr.str, (char *)elt->node.key) != 0) + continue; + + /* Delete and free entry. */ + ebmb_delete(node); + free(elt->smp); + free(elt); + } +} + +void pat_del_list_str(struct pattern_expr *expr, struct pattern *pattern) +{ + struct pattern_list *pat; + struct pattern_list *safe; + + list_for_each_entry_safe(pat, safe, &expr->patterns, list) { + /* Check equality. */ + if (pattern->len != pat->pat.len) + continue; + if (pat->pat.flags & PAT_F_IGNORE_CASE) { + if (strncasecmp(pattern->ptr.str, pat->pat.ptr.str, pat->pat.len) != 0) + continue; + } + else { + if (strncmp(pattern->ptr.str, pat->pat.ptr.str, pat->pat.len) != 0) + continue; + } + + /* Delete and free entry. */ + LIST_DEL(&pat->list); + free(pat->pat.ptr.str); + free(pat->pat.smp); + free(pat); + } +} + +void pat_del_list_reg(struct pattern_expr *expr, struct pattern *pattern) +{ + struct pattern_list *pat; + struct pattern_list *safe; + + list_for_each_entry_safe(pat, safe, &expr->patterns, list) { + /* Check equality. */ + if (pat->pat.flags & PAT_F_IGNORE_CASE) { + if (strcasecmp(pattern->ptr.reg->regstr, pat->pat.ptr.reg->regstr) != 0) + continue; + } + else { + if (strcmp(pattern->ptr.reg->regstr, pat->pat.ptr.reg->regstr) != 0) + continue; + } + + /* Delete and free entry. */ + LIST_DEL(&pat->list); + regex_free(pat->pat.ptr.ptr); + free(pat->pat.smp); + free(pat); + } +} + /* return 1 if the process is ok * return -1 if the parser fail. The err message is filled. * return -2 if out of memory @@ -1290,6 +1502,20 @@ struct pattern *pattern_exec_match(struct pattern_expr *expr, struct sample *smp return expr->match(smp, expr, fill); } +/* This function search all the pattern matching the and delete it. + * If the parsing of the input key fails, the function returns 0 and the + * is filled, else return 1; + */ +int pattern_delete(const char *key, struct pattern_expr *expr, char **err) +{ + struct pattern pattern; + + if (!expr->parse(key, &pattern, err)) + return 0; + expr->delete(expr, &pattern); + return 1; +} + /* This function browse the pattern expr to lookup the key . On * error it returns 0. On success, it returns 1 and fills either * or with the respectively matched pointers, and the other one with diff --git a/src/payload.c b/src/payload.c index 4bfd27743..42468ec99 100644 --- a/src/payload.c +++ b/src/payload.c @@ -681,13 +681,13 @@ static struct sample_fetch_kw_list smp_kws = {ILH, { * Please take care of keeping this list alphabetically sorted. */ static struct acl_kw_list acl_kws = {ILH, { - { "payload", "req.payload", pat_parse_bin, pat_idx_list_ptr, pat_match_bin }, - { "payload_lv", "req.payload_lv", pat_parse_bin, pat_idx_list_ptr, pat_match_bin }, - { "req_rdp_cookie", "req.rdp_cookie", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "req_rdp_cookie_cnt", "req.rdp_cookie_cnt", pat_parse_int, pat_idx_list_val, pat_match_int }, - { "req_ssl_sni", "req.ssl_sni", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "req_ssl_ver", "req.ssl_ver", pat_parse_dotted_ver, pat_idx_list_val, pat_match_int }, - { "req.ssl_ver", "req.ssl_ver", pat_parse_dotted_ver, pat_idx_list_val, pat_match_int }, + { "payload", "req.payload", pat_parse_bin, pat_idx_list_ptr, pat_del_list_ptr, pat_match_bin }, + { "payload_lv", "req.payload_lv", pat_parse_bin, pat_idx_list_ptr, pat_del_list_ptr, pat_match_bin }, + { "req_rdp_cookie", "req.rdp_cookie", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "req_rdp_cookie_cnt", "req.rdp_cookie_cnt", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_match_int }, + { "req_ssl_sni", "req.ssl_sni", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "req_ssl_ver", "req.ssl_ver", pat_parse_dotted_ver, pat_idx_list_val, pat_del_list_val, pat_match_int }, + { "req.ssl_ver", "req.ssl_ver", pat_parse_dotted_ver, pat_idx_list_val, pat_del_list_val, pat_match_int }, { /* END */ }, }}; diff --git a/src/proto_http.c b/src/proto_http.c index 0ae2e8761..38c0fc82a 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -9075,6 +9075,36 @@ static struct pattern *pat_match_meth(struct sample *smp, struct pattern_expr *e return NULL; } +static +void pat_del_meth(struct pattern_expr *expr, struct pattern *pattern) +{ + struct pattern_list *pat; + struct pattern_list *safe; + + list_for_each_entry_safe(pat, safe, &expr->patterns, list) { + /* Check equality. */ + if (pattern->val.i != pat->pat.val.i) + continue; + if (pattern->val.i == HTTP_METH_OTHER) { + if (pattern->len != pat->pat.len) + continue; + if (pat->pat.flags & PAT_F_IGNORE_CASE) { + if (strncasecmp(pattern->ptr.str, pat->pat.ptr.str, pat->pat.len) != 0) + continue; + } + else { + if (strncmp(pattern->ptr.str, pat->pat.ptr.str, pat->pat.len) != 0) + continue; + } + } + + /* Delete and free entry. */ + LIST_DEL(&pat->list); + free(pat->pat.ptr.str); + free(pat); + } +} + static int smp_fetch_rqver(struct proxy *px, struct session *l4, void *l7, unsigned int opt, const struct arg *args, struct sample *smp, const char *kw) @@ -10361,84 +10391,84 @@ static int sample_conv_http_date(const struct arg *args, struct sample *smp) * Please take care of keeping this list alphabetically sorted. */ static struct acl_kw_list acl_kws = {ILH, { - { "base", "base", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "base_beg", "base", pat_parse_str, pat_idx_list_str, pat_match_beg }, - { "base_dir", "base", pat_parse_str, pat_idx_list_str, pat_match_dir }, - { "base_dom", "base", pat_parse_str, pat_idx_list_str, pat_match_dom }, - { "base_end", "base", pat_parse_str, pat_idx_list_str, pat_match_end }, - { "base_len", "base", pat_parse_int, pat_idx_list_val, pat_match_len }, - { "base_reg", "base", pat_parse_reg, pat_idx_list_reg, pat_match_reg }, - { "base_sub", "base", pat_parse_str, pat_idx_list_str, pat_match_sub }, + { "base", "base", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "base_beg", "base", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_beg }, + { "base_dir", "base", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dir }, + { "base_dom", "base", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dom }, + { "base_end", "base", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_end }, + { "base_len", "base", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_match_len }, + { "base_reg", "base", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_match_reg }, + { "base_sub", "base", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_sub }, - { "cook", "req.cook", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "cook_beg", "req.cook", pat_parse_str, pat_idx_list_str, pat_match_beg }, - { "cook_dir", "req.cook", pat_parse_str, pat_idx_list_str, pat_match_dir }, - { "cook_dom", "req.cook", pat_parse_str, pat_idx_list_str, pat_match_dom }, - { "cook_end", "req.cook", pat_parse_str, pat_idx_list_str, pat_match_end }, - { "cook_len", "req.cook", pat_parse_int, pat_idx_list_val, pat_match_len }, - { "cook_reg", "req.cook", pat_parse_reg, pat_idx_list_reg, pat_match_reg }, - { "cook_sub", "req.cook", pat_parse_str, pat_idx_list_str, pat_match_sub }, + { "cook", "req.cook", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "cook_beg", "req.cook", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_beg }, + { "cook_dir", "req.cook", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dir }, + { "cook_dom", "req.cook", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dom }, + { "cook_end", "req.cook", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_end }, + { "cook_len", "req.cook", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_match_len }, + { "cook_reg", "req.cook", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_match_reg }, + { "cook_sub", "req.cook", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_sub }, - { "hdr", "req.hdr", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "hdr_beg", "req.hdr", pat_parse_str, pat_idx_list_str, pat_match_beg }, - { "hdr_dir", "req.hdr", pat_parse_str, pat_idx_list_str, pat_match_dir }, - { "hdr_dom", "req.hdr", pat_parse_str, pat_idx_list_str, pat_match_dom }, - { "hdr_end", "req.hdr", pat_parse_str, pat_idx_list_str, pat_match_end }, - { "hdr_len", "req.hdr", pat_parse_int, pat_idx_list_val, pat_match_len }, - { "hdr_reg", "req.hdr", pat_parse_reg, pat_idx_list_reg, pat_match_reg }, - { "hdr_sub", "req.hdr", pat_parse_str, pat_idx_list_str, pat_match_sub }, + { "hdr", "req.hdr", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "hdr_beg", "req.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_beg }, + { "hdr_dir", "req.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dir }, + { "hdr_dom", "req.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dom }, + { "hdr_end", "req.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_end }, + { "hdr_len", "req.hdr", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_match_len }, + { "hdr_reg", "req.hdr", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_match_reg }, + { "hdr_sub", "req.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_sub }, - { "http_auth_group", NULL, pat_parse_str, pat_idx_list_str, pat_match_auth }, + { "http_auth_group", NULL, pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_auth }, - { "method", NULL, pat_parse_meth, pat_idx_list_str, pat_match_meth }, + { "method", NULL, pat_parse_meth, pat_idx_list_str, pat_del_meth, pat_match_meth }, - { "path", "path", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "path_beg", "path", pat_parse_str, pat_idx_list_str, pat_match_beg }, - { "path_dir", "path", pat_parse_str, pat_idx_list_str, pat_match_dir }, - { "path_dom", "path", pat_parse_str, pat_idx_list_str, pat_match_dom }, - { "path_end", "path", pat_parse_str, pat_idx_list_str, pat_match_end }, - { "path_len", "path", pat_parse_int, pat_idx_list_val, pat_match_len }, - { "path_reg", "path", pat_parse_reg, pat_idx_list_reg, pat_match_reg }, - { "path_sub", "path", pat_parse_str, pat_idx_list_str, pat_match_sub }, + { "path", "path", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "path_beg", "path", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_beg }, + { "path_dir", "path", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dir }, + { "path_dom", "path", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dom }, + { "path_end", "path", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_end }, + { "path_len", "path", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_match_len }, + { "path_reg", "path", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_match_reg }, + { "path_sub", "path", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_sub }, - { "req_ver", "req.ver", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "resp_ver", "res.ver", pat_parse_str, pat_idx_tree_str, pat_match_str }, + { "req_ver", "req.ver", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "resp_ver", "res.ver", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, - { "scook", "res.cook", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "scook_beg", "res.cook", pat_parse_str, pat_idx_list_str, pat_match_beg }, - { "scook_dir", "res.cook", pat_parse_str, pat_idx_list_str, pat_match_dir }, - { "scook_dom", "res.cook", pat_parse_str, pat_idx_list_str, pat_match_dom }, - { "scook_end", "res.cook", pat_parse_str, pat_idx_list_str, pat_match_end }, - { "scook_len", "res.cook", pat_parse_int, pat_idx_list_val, pat_match_len }, - { "scook_reg", "res.cook", pat_parse_reg, pat_idx_list_reg, pat_match_reg }, - { "scook_sub", "res.cook", pat_parse_str, pat_idx_list_str, pat_match_sub }, + { "scook", "res.cook", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "scook_beg", "res.cook", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_beg }, + { "scook_dir", "res.cook", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dir }, + { "scook_dom", "res.cook", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dom }, + { "scook_end", "res.cook", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_end }, + { "scook_len", "res.cook", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_match_len }, + { "scook_reg", "res.cook", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_match_reg }, + { "scook_sub", "res.cook", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_sub }, - { "shdr", "res.hdr", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "shdr_beg", "res.hdr", pat_parse_str, pat_idx_list_str, pat_match_beg }, - { "shdr_dir", "res.hdr", pat_parse_str, pat_idx_list_str, pat_match_dir }, - { "shdr_dom", "res.hdr", pat_parse_str, pat_idx_list_str, pat_match_dom }, - { "shdr_end", "res.hdr", pat_parse_str, pat_idx_list_str, pat_match_end }, - { "shdr_len", "res.hdr", pat_parse_int, pat_idx_list_val, pat_match_len }, - { "shdr_reg", "res.hdr", pat_parse_reg, pat_idx_list_reg, pat_match_reg }, - { "shdr_sub", "res.hdr", pat_parse_str, pat_idx_list_str, pat_match_sub }, + { "shdr", "res.hdr", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "shdr_beg", "res.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_beg }, + { "shdr_dir", "res.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dir }, + { "shdr_dom", "res.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dom }, + { "shdr_end", "res.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_end }, + { "shdr_len", "res.hdr", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_match_len }, + { "shdr_reg", "res.hdr", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_match_reg }, + { "shdr_sub", "res.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_sub }, - { "url", "url", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "url_beg", "url", pat_parse_str, pat_idx_list_str, pat_match_beg }, - { "url_dir", "url", pat_parse_str, pat_idx_list_str, pat_match_dir }, - { "url_dom", "url", pat_parse_str, pat_idx_list_str, pat_match_dom }, - { "url_end", "url", pat_parse_str, pat_idx_list_str, pat_match_end }, - { "url_len", "url", pat_parse_int, pat_idx_list_val, pat_match_len }, - { "url_reg", "url", pat_parse_reg, pat_idx_list_reg, pat_match_reg }, - { "url_sub", "url", pat_parse_str, pat_idx_list_str, pat_match_sub }, + { "url", "url", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "url_beg", "url", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_beg }, + { "url_dir", "url", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dir }, + { "url_dom", "url", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dom }, + { "url_end", "url", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_end }, + { "url_len", "url", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_match_len }, + { "url_reg", "url", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_match_reg }, + { "url_sub", "url", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_sub }, - { "urlp", "urlp", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "urlp_beg", "urlp", pat_parse_str, pat_idx_list_str, pat_match_beg }, - { "urlp_dir", "urlp", pat_parse_str, pat_idx_list_str, pat_match_dir }, - { "urlp_dom", "urlp", pat_parse_str, pat_idx_list_str, pat_match_dom }, - { "urlp_end", "urlp", pat_parse_str, pat_idx_list_str, pat_match_end }, - { "urlp_len", "urlp", pat_parse_int, pat_idx_list_val, pat_match_len }, - { "urlp_reg", "urlp", pat_parse_reg, pat_idx_list_reg, pat_match_reg }, - { "urlp_sub", "urlp", pat_parse_str, pat_idx_list_str, pat_match_sub }, + { "urlp", "urlp", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "urlp_beg", "urlp", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_beg }, + { "urlp_dir", "urlp", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dir }, + { "urlp_dom", "urlp", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_dom }, + { "urlp_end", "urlp", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_end }, + { "urlp_len", "urlp", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_match_len }, + { "urlp_reg", "urlp", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_match_reg }, + { "urlp_sub", "urlp", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_sub }, { /* END */ }, }}; diff --git a/src/ssl_sock.c b/src/ssl_sock.c index e6a341e50..d71ed9551 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -3546,31 +3546,31 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, { * Please take care of keeping this list alphabetically sorted. */ static struct acl_kw_list acl_kws = {ILH, { - { "ssl_c_i_dn", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_c_key_alg", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_c_notafter", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_c_notbefore", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_c_sig_alg", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_c_s_dn", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_c_serial", NULL, pat_parse_bin, pat_idx_list_ptr, pat_match_bin }, - { "ssl_f_i_dn", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_f_key_alg", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_f_notafter", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_f_notbefore", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_f_sig_alg", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_f_s_dn", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_f_serial", NULL, pat_parse_bin, pat_idx_list_ptr, pat_match_bin }, - { "ssl_fc_cipher", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, + { "ssl_c_i_dn", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_c_key_alg", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_c_notafter", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_c_notbefore", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_c_sig_alg", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_c_s_dn", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_c_serial", NULL, pat_parse_bin, pat_idx_list_ptr, pat_del_list_ptr, pat_match_bin }, + { "ssl_f_i_dn", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_f_key_alg", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_f_notafter", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_f_notbefore", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_f_sig_alg", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_f_s_dn", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_f_serial", NULL, pat_parse_bin, pat_idx_list_ptr, pat_del_list_ptr, pat_match_bin }, + { "ssl_fc_cipher", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, #ifdef OPENSSL_NPN_NEGOTIATED - { "ssl_fc_npn", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, + { "ssl_fc_npn", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, #endif #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation - { "ssl_fc_alpn", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, + { "ssl_fc_alpn", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, #endif - { "ssl_fc_protocol", NULL, pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_fc_sni", "ssl_fc_sni", pat_parse_str, pat_idx_tree_str, pat_match_str }, - { "ssl_fc_sni_end", "ssl_fc_sni", pat_parse_str, pat_idx_list_str, pat_match_end }, - { "ssl_fc_sni_reg", "ssl_fc_sni", pat_parse_reg, pat_idx_list_reg, pat_match_reg }, + { "ssl_fc_protocol", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_fc_sni", "ssl_fc_sni", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_match_str }, + { "ssl_fc_sni_end", "ssl_fc_sni", pat_parse_str, pat_idx_list_str, pat_del_list_str, pat_match_end }, + { "ssl_fc_sni_reg", "ssl_fc_sni", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_match_reg }, { /* END */ }, }};