diff --git a/include/types/acl.h b/include/types/acl.h index 908b0e588..c5c2824ec 100644 --- a/include/types/acl.h +++ b/include/types/acl.h @@ -92,6 +92,7 @@ struct acl_expr; struct acl_keyword { const char *kw; char *fetch_kw; + int match_type; /* Contain PAT_MATCH_* */ int (*parse)(const char *text, struct pattern *pattern, char **err); int (*index)(struct pattern_expr *expr, struct pattern *pattern, char **err); void (*delete)(struct pattern_expr *expr, struct pat_ref_elt *); diff --git a/src/acl.c b/src/acl.c index 8d14c68d6..29b158fae 100644 --- a/src/acl.c +++ b/src/acl.c @@ -367,6 +367,24 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list * expr->smp = smp; smp = NULL; + /* Fill NULL pointers with values provided by the pattern.c arrays */ + if (aclkw) { + if (!expr->pat.parse) + expr->pat.parse = pat_parse_fcts[aclkw->match_type]; + + if (!expr->pat.index) + expr->pat.index = pat_index_fcts[aclkw->match_type]; + + if (!expr->pat.match) + expr->pat.match = pat_match_fcts[aclkw->match_type]; + + if (!expr->pat.delete) + expr->pat.delete = pat_delete_fcts[aclkw->match_type]; + + if (!expr->pat.prune) + expr->pat.prune = pat_prune_fcts[aclkw->match_type]; + } + if (!expr->pat.parse) { /* some types can be automatically converted */ diff --git a/src/payload.c b/src/payload.c index 82efe95f1..b806e0852 100644 --- a/src/payload.c +++ b/src/payload.c @@ -681,13 +681,13 @@ static struct sample_fetch_kw_list smp_kws = {ILH, { * Please take care of keeping this list alphabetically sorted. */ static struct acl_kw_list acl_kws = {ILH, { - { "payload", "req.payload", pat_parse_bin, pat_idx_list_ptr, pat_del_list_ptr, pat_prune_ptr, pat_match_bin }, - { "payload_lv", "req.payload_lv", pat_parse_bin, pat_idx_list_ptr, pat_del_list_ptr, pat_prune_ptr, pat_match_bin }, - { "req_rdp_cookie", "req.rdp_cookie", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "req_rdp_cookie_cnt", "req.rdp_cookie_cnt", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_prune_val, pat_match_int }, - { "req_ssl_sni", "req.ssl_sni", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "req_ssl_ver", "req.ssl_ver", pat_parse_dotted_ver, pat_idx_list_val, pat_del_list_val, pat_prune_val, pat_match_int }, - { "req.ssl_ver", "req.ssl_ver", pat_parse_dotted_ver, pat_idx_list_val, pat_del_list_val, pat_prune_val, pat_match_int }, + { "payload", "req.payload", PAT_MATCH_BIN }, + { "payload_lv", "req.payload_lv", PAT_MATCH_BIN }, + { "req_rdp_cookie", "req.rdp_cookie", PAT_MATCH_STR }, + { "req_rdp_cookie_cnt", "req.rdp_cookie_cnt", PAT_MATCH_INT }, + { "req_ssl_sni", "req.ssl_sni", PAT_MATCH_STR }, + { "req_ssl_ver", "req.ssl_ver", PAT_MATCH_INT, pat_parse_dotted_ver }, + { "req.ssl_ver", "req.ssl_ver", PAT_MATCH_INT, pat_parse_dotted_ver }, { /* END */ }, }}; diff --git a/src/proto_http.c b/src/proto_http.c index 105b9a8d8..89e75b717 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -10362,84 +10362,89 @@ static int sample_conv_http_date(const struct arg *args, struct sample *smp) * Please take care of keeping this list alphabetically sorted. */ static struct acl_kw_list acl_kws = {ILH, { - { "base", "base", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "base_beg", "base", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_beg }, - { "base_dir", "base", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_dir }, - { "base_dom", "base", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_dom }, - { "base_end", "base", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_end }, - { "base_len", "base", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_prune_val, pat_match_len }, - { "base_reg", "base", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_prune_reg, pat_match_reg }, - { "base_sub", "base", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_sub }, + { "base", "base", PAT_MATCH_STR }, + { "base_beg", "base", PAT_MATCH_BEG }, + { "base_dir", "base", PAT_MATCH_DIR }, + { "base_dom", "base", PAT_MATCH_DOM }, + { "base_end", "base", PAT_MATCH_END }, + { "base_len", "base", PAT_MATCH_LEN }, + { "base_reg", "base", PAT_MATCH_REG }, + { "base_sub", "base", PAT_MATCH_SUB }, - { "cook", "req.cook", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "cook_beg", "req.cook", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_beg }, - { "cook_dir", "req.cook", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_dir }, - { "cook_dom", "req.cook", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_dom }, - { "cook_end", "req.cook", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_end }, - { "cook_len", "req.cook", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_prune_val, pat_match_len }, - { "cook_reg", "req.cook", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_prune_reg, pat_match_reg }, - { "cook_sub", "req.cook", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_sub }, + { "cook", "req.cook", PAT_MATCH_STR }, + { "cook_beg", "req.cook", PAT_MATCH_BEG }, + { "cook_dir", "req.cook", PAT_MATCH_DIR }, + { "cook_dom", "req.cook", PAT_MATCH_DOM }, + { "cook_end", "req.cook", PAT_MATCH_END }, + { "cook_len", "req.cook", PAT_MATCH_LEN }, + { "cook_reg", "req.cook", PAT_MATCH_REG }, + { "cook_sub", "req.cook", PAT_MATCH_SUB }, - { "hdr", "req.hdr", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "hdr_beg", "req.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_beg }, - { "hdr_dir", "req.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_dir }, - { "hdr_dom", "req.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_dom }, - { "hdr_end", "req.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_end }, - { "hdr_len", "req.hdr", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_prune_val, pat_match_len }, - { "hdr_reg", "req.hdr", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_prune_reg, pat_match_reg }, - { "hdr_sub", "req.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_sub }, + { "hdr", "req.hdr", PAT_MATCH_STR }, + { "hdr_beg", "req.hdr", PAT_MATCH_BEG }, + { "hdr_dir", "req.hdr", PAT_MATCH_DIR }, + { "hdr_dom", "req.hdr", PAT_MATCH_DOM }, + { "hdr_end", "req.hdr", PAT_MATCH_END }, + { "hdr_len", "req.hdr", PAT_MATCH_LEN }, + { "hdr_reg", "req.hdr", PAT_MATCH_REG }, + { "hdr_sub", "req.hdr", PAT_MATCH_SUB }, - { "http_auth_group", NULL, pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_auth }, + /* these two declarations uses strings with list storage (in place + * of tree storage). The basic match is PAT_MATCH_STR, but the indexation + * and delete functions are relative to the list management. The parse + * and match method are related to the corresponding fetch methods. This + * is very particular ACL declaration mode. + */ + { "http_auth_group", NULL, PAT_MATCH_STR, NULL, pat_idx_list_str, pat_del_list_ptr, NULL, pat_match_auth }, + { "method", NULL, PAT_MATCH_STR, pat_parse_meth, pat_idx_list_str, pat_del_list_ptr, NULL, pat_match_meth }, - { "method", NULL, pat_parse_meth, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_meth }, + { "path", "path", PAT_MATCH_STR }, + { "path_beg", "path", PAT_MATCH_BEG }, + { "path_dir", "path", PAT_MATCH_DIR }, + { "path_dom", "path", PAT_MATCH_DOM }, + { "path_end", "path", PAT_MATCH_END }, + { "path_len", "path", PAT_MATCH_LEN }, + { "path_reg", "path", PAT_MATCH_REG }, + { "path_sub", "path", PAT_MATCH_SUB }, - { "path", "path", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "path_beg", "path", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_beg }, - { "path_dir", "path", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_dir }, - { "path_dom", "path", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_dom }, - { "path_end", "path", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_end }, - { "path_len", "path", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_prune_val, pat_match_len }, - { "path_reg", "path", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_prune_reg, pat_match_reg }, - { "path_sub", "path", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_sub }, + { "req_ver", "req.ver", PAT_MATCH_STR }, + { "resp_ver", "res.ver", PAT_MATCH_STR }, - { "req_ver", "req.ver", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "resp_ver", "res.ver", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, + { "scook", "res.cook", PAT_MATCH_STR }, + { "scook_beg", "res.cook", PAT_MATCH_BEG }, + { "scook_dir", "res.cook", PAT_MATCH_DIR }, + { "scook_dom", "res.cook", PAT_MATCH_DOM }, + { "scook_end", "res.cook", PAT_MATCH_END }, + { "scook_len", "res.cook", PAT_MATCH_LEN }, + { "scook_reg", "res.cook", PAT_MATCH_REG }, + { "scook_sub", "res.cook", PAT_MATCH_SUB }, - { "scook", "res.cook", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "scook_beg", "res.cook", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_beg }, - { "scook_dir", "res.cook", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_dir }, - { "scook_dom", "res.cook", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_dom }, - { "scook_end", "res.cook", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_end }, - { "scook_len", "res.cook", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_prune_val, pat_match_len }, - { "scook_reg", "res.cook", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_prune_reg, pat_match_reg }, - { "scook_sub", "res.cook", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_sub }, + { "shdr", "res.hdr", PAT_MATCH_STR }, + { "shdr_beg", "res.hdr", PAT_MATCH_BEG }, + { "shdr_dir", "res.hdr", PAT_MATCH_DIR }, + { "shdr_dom", "res.hdr", PAT_MATCH_DOM }, + { "shdr_end", "res.hdr", PAT_MATCH_END }, + { "shdr_len", "res.hdr", PAT_MATCH_LEN }, + { "shdr_reg", "res.hdr", PAT_MATCH_REG }, + { "shdr_sub", "res.hdr", PAT_MATCH_SUB }, - { "shdr", "res.hdr", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "shdr_beg", "res.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_beg }, - { "shdr_dir", "res.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_dir }, - { "shdr_dom", "res.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_dom }, - { "shdr_end", "res.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_end }, - { "shdr_len", "res.hdr", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_prune_val, pat_match_len }, - { "shdr_reg", "res.hdr", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_prune_reg, pat_match_reg }, - { "shdr_sub", "res.hdr", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_sub }, + { "url", "url", PAT_MATCH_STR }, + { "url_beg", "url", PAT_MATCH_BEG }, + { "url_dir", "url", PAT_MATCH_DIR }, + { "url_dom", "url", PAT_MATCH_DOM }, + { "url_end", "url", PAT_MATCH_END }, + { "url_len", "url", PAT_MATCH_LEN }, + { "url_reg", "url", PAT_MATCH_REG }, + { "url_sub", "url", PAT_MATCH_SUB }, - { "url", "url", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "url_beg", "url", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_beg }, - { "url_dir", "url", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_dir }, - { "url_dom", "url", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_dom }, - { "url_end", "url", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_end }, - { "url_len", "url", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_prune_val, pat_match_len }, - { "url_reg", "url", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_prune_reg, pat_match_reg }, - { "url_sub", "url", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_sub }, - - { "urlp", "urlp", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "urlp_beg", "urlp", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_beg }, - { "urlp_dir", "urlp", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_dir }, - { "urlp_dom", "urlp", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_dom }, - { "urlp_end", "urlp", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_end }, - { "urlp_len", "urlp", pat_parse_int, pat_idx_list_val, pat_del_list_val, pat_prune_val, pat_match_len }, - { "urlp_reg", "urlp", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_prune_reg, pat_match_reg }, - { "urlp_sub", "urlp", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_sub }, + { "urlp", "urlp", PAT_MATCH_STR }, + { "urlp_beg", "urlp", PAT_MATCH_BEG }, + { "urlp_dir", "urlp", PAT_MATCH_DIR }, + { "urlp_dom", "urlp", PAT_MATCH_DOM }, + { "urlp_end", "urlp", PAT_MATCH_END }, + { "urlp_len", "urlp", PAT_MATCH_LEN }, + { "urlp_reg", "urlp", PAT_MATCH_REG }, + { "urlp_sub", "urlp", PAT_MATCH_SUB }, { /* END */ }, }}; diff --git a/src/ssl_sock.c b/src/ssl_sock.c index b3f051d82..7e036303a 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -3546,31 +3546,31 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {ILH, { * Please take care of keeping this list alphabetically sorted. */ static struct acl_kw_list acl_kws = {ILH, { - { "ssl_c_i_dn", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "ssl_c_key_alg", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "ssl_c_notafter", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "ssl_c_notbefore", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "ssl_c_sig_alg", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "ssl_c_s_dn", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "ssl_c_serial", NULL, pat_parse_bin, pat_idx_list_ptr, pat_del_list_ptr, pat_prune_ptr, pat_match_bin }, - { "ssl_f_i_dn", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "ssl_f_key_alg", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "ssl_f_notafter", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "ssl_f_notbefore", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "ssl_f_sig_alg", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "ssl_f_s_dn", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "ssl_f_serial", NULL, pat_parse_bin, pat_idx_list_ptr, pat_del_list_ptr, pat_prune_ptr, pat_match_bin }, - { "ssl_fc_cipher", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, + { "ssl_c_i_dn", NULL, PAT_MATCH_STR }, + { "ssl_c_key_alg", NULL, PAT_MATCH_STR }, + { "ssl_c_notafter", NULL, PAT_MATCH_STR }, + { "ssl_c_notbefore", NULL, PAT_MATCH_STR }, + { "ssl_c_sig_alg", NULL, PAT_MATCH_STR }, + { "ssl_c_s_dn", NULL, PAT_MATCH_STR }, + { "ssl_c_serial", NULL, PAT_MATCH_BIN }, + { "ssl_f_i_dn", NULL, PAT_MATCH_STR }, + { "ssl_f_key_alg", NULL, PAT_MATCH_STR }, + { "ssl_f_notafter", NULL, PAT_MATCH_STR }, + { "ssl_f_notbefore", NULL, PAT_MATCH_STR }, + { "ssl_f_sig_alg", NULL, PAT_MATCH_STR }, + { "ssl_f_s_dn", NULL, PAT_MATCH_STR }, + { "ssl_f_serial", NULL, PAT_MATCH_BIN }, + { "ssl_fc_cipher", NULL, PAT_MATCH_STR }, #ifdef OPENSSL_NPN_NEGOTIATED - { "ssl_fc_npn", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, + { "ssl_fc_npn", NULL, PAT_MATCH_STR }, #endif #ifdef TLSEXT_TYPE_application_layer_protocol_negotiation - { "ssl_fc_alpn", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, + { "ssl_fc_alpn", NULL, PAT_MATCH_STR }, #endif - { "ssl_fc_protocol", NULL, pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "ssl_fc_sni", "ssl_fc_sni", pat_parse_str, pat_idx_tree_str, pat_del_tree_str, pat_prune_ptr, pat_match_str }, - { "ssl_fc_sni_end", "ssl_fc_sni", pat_parse_str, pat_idx_list_str, pat_del_list_ptr, pat_prune_ptr, pat_match_end }, - { "ssl_fc_sni_reg", "ssl_fc_sni", pat_parse_reg, pat_idx_list_reg, pat_del_list_reg, pat_prune_reg, pat_match_reg }, + { "ssl_fc_protocol", NULL, PAT_MATCH_STR }, + { "ssl_fc_sni", "ssl_fc_sni", PAT_MATCH_STR }, + { "ssl_fc_sni_end", "ssl_fc_sni", PAT_MATCH_END }, + { "ssl_fc_sni_reg", "ssl_fc_sni", PAT_MATCH_REG }, { /* END */ }, }};