diff --git a/include/types/acl.h b/include/types/acl.h index 2b0de0c21..0cdcef27d 100644 --- a/include/types/acl.h +++ b/include/types/acl.h @@ -145,12 +145,6 @@ enum { /* any type of response information */ ACL_USE_RTR_ANY = (ACL_USE_L6RTR_ANY | ACL_USE_L7RTR_ANY | ACL_USE_RTR_INTERNAL), - - /* some flags indicating if a keyword supports exact pattern matching, - * so that patterns may be arranged in lookup trees. Let's put those - * flags at the end to leave some space for the other ones above. - */ - ACL_MAY_LOOKUP = 1 << 31, /* exact pattern lookup */ }; /* filtering hooks */ diff --git a/src/acl.c b/src/acl.c index a0b16b14e..86094c565 100644 --- a/src/acl.c +++ b/src/acl.c @@ -1359,7 +1359,8 @@ static int acl_read_patterns_from_file( struct acl_keyword *aclkw, memset(pattern, 0, sizeof(*pattern)); pattern->flags = patflags; - if ((aclkw->requires & ACL_MAY_LOOKUP) && !(pattern->flags & ACL_PAT_F_IGNORE_CASE)) { + if (!(pattern->flags & ACL_PAT_F_IGNORE_CASE) && + (aclkw->match == acl_match_str || aclkw->match == acl_match_ip)) { /* we pre-set the data pointer to the tree's head so that functions * which are able to insert in a tree know where to do that. */ @@ -2314,7 +2315,7 @@ static struct acl_kw_list acl_kws = {{ },{ { "rep_ssl_hello_type", acl_parse_int, acl_fetch_ssl_hello_type, acl_match_int, ACL_USE_L6RTR_VOLATILE, 0 }, { "req_len", acl_parse_int, acl_fetch_req_len, acl_match_int, ACL_USE_L6REQ_VOLATILE, 0 }, { "req_ssl_hello_type", acl_parse_int, acl_fetch_ssl_hello_type, acl_match_int, ACL_USE_L6REQ_VOLATILE, 0 }, - { "req_ssl_sni", acl_parse_str, acl_fetch_ssl_hello_sni, acl_match_str, ACL_USE_L6REQ_VOLATILE|ACL_MAY_LOOKUP, 0 }, + { "req_ssl_sni", acl_parse_str, acl_fetch_ssl_hello_sni, acl_match_str, ACL_USE_L6REQ_VOLATILE, 0 }, { "req_ssl_ver", acl_parse_dotted_ver, acl_fetch_req_ssl_ver, acl_match_int, ACL_USE_L6REQ_VOLATILE, 0 }, { "wait_end", acl_parse_nothing, acl_fetch_wait_end, acl_match_nothing, ACL_USE_NOTHING, 0 }, { NULL, NULL, NULL, NULL } diff --git a/src/proto_http.c b/src/proto_http.c index 4ab3f93b9..0808e64cf 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -9492,7 +9492,7 @@ static int val_hdr(struct arg *arg, char **err_msg) * Please take care of keeping this list alphabetically sorted. */ static struct acl_kw_list acl_kws = {{ },{ - { "base", acl_parse_str, smp_fetch_base, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 }, + { "base", acl_parse_str, smp_fetch_base, acl_match_str, ACL_USE_L7REQ_VOLATILE, 0 }, { "base_beg", acl_parse_str, smp_fetch_base, acl_match_beg, ACL_USE_L7REQ_VOLATILE, 0 }, { "base_dir", acl_parse_str, smp_fetch_base, acl_match_dir, ACL_USE_L7REQ_VOLATILE, 0 }, { "base_dom", acl_parse_str, smp_fetch_base, acl_match_dom, ACL_USE_L7REQ_VOLATILE, 0 }, @@ -9501,7 +9501,7 @@ static struct acl_kw_list acl_kws = {{ },{ { "base_reg", acl_parse_reg, smp_fetch_base, acl_match_reg, ACL_USE_L7REQ_VOLATILE, 0 }, { "base_sub", acl_parse_str, smp_fetch_base, acl_match_sub, ACL_USE_L7REQ_VOLATILE, 0 }, - { "cook", acl_parse_str, smp_fetch_cookie, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) }, + { "cook", acl_parse_str, smp_fetch_cookie, acl_match_str, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, { "cook_beg", acl_parse_str, smp_fetch_cookie, acl_match_beg, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, { "cook_cnt", acl_parse_int, acl_fetch_cookie_cnt, acl_match_int, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, { "cook_dir", acl_parse_str, smp_fetch_cookie, acl_match_dir, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, @@ -9512,13 +9512,13 @@ static struct acl_kw_list acl_kws = {{ },{ { "cook_sub", acl_parse_str, smp_fetch_cookie, acl_match_sub, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, { "cook_val", acl_parse_int, smp_fetch_cookie_val, acl_match_int, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, - { "hdr", acl_parse_str, smp_fetch_hdr, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG2(0,STR,SINT), val_hdr }, + { "hdr", acl_parse_str, smp_fetch_hdr, acl_match_str, ACL_USE_L7REQ_VOLATILE, ARG2(0,STR,SINT), val_hdr }, { "hdr_beg", acl_parse_str, smp_fetch_hdr, acl_match_beg, ACL_USE_L7REQ_VOLATILE, ARG2(0,STR,SINT), val_hdr }, { "hdr_cnt", acl_parse_int, smp_fetch_hdr_cnt, acl_match_int, ACL_USE_L7REQ_VOLATILE, ARG1(0,STR) }, { "hdr_dir", acl_parse_str, smp_fetch_hdr, acl_match_dir, ACL_USE_L7REQ_VOLATILE, ARG2(0,STR,SINT), val_hdr }, { "hdr_dom", acl_parse_str, smp_fetch_hdr, acl_match_dom, ACL_USE_L7REQ_VOLATILE, ARG2(0,STR,SINT), val_hdr }, { "hdr_end", acl_parse_str, smp_fetch_hdr, acl_match_end, ACL_USE_L7REQ_VOLATILE, ARG2(0,STR,SINT), val_hdr }, - { "hdr_ip", acl_parse_ip, smp_fetch_hdr_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG2(0,STR,SINT), val_hdr }, + { "hdr_ip", acl_parse_ip, smp_fetch_hdr_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE, ARG2(0,STR,SINT), val_hdr }, { "hdr_len", acl_parse_int, smp_fetch_hdr, acl_match_len, ACL_USE_L7REQ_VOLATILE, ARG2(0,STR,SINT), val_hdr }, { "hdr_reg", acl_parse_reg, smp_fetch_hdr, acl_match_reg, ACL_USE_L7REQ_VOLATILE, ARG2(0,STR,SINT), val_hdr }, { "hdr_sub", acl_parse_str, smp_fetch_hdr, acl_match_sub, ACL_USE_L7REQ_VOLATILE, ARG2(0,STR,SINT), val_hdr }, @@ -9530,7 +9530,7 @@ static struct acl_kw_list acl_kws = {{ },{ { "method", acl_parse_meth, acl_fetch_meth, acl_match_meth, ACL_USE_L7REQ_PERMANENT, 0 }, - { "path", acl_parse_str, smp_fetch_path, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 }, + { "path", acl_parse_str, smp_fetch_path, acl_match_str, ACL_USE_L7REQ_VOLATILE, 0 }, { "path_beg", acl_parse_str, smp_fetch_path, acl_match_beg, ACL_USE_L7REQ_VOLATILE, 0 }, { "path_dir", acl_parse_str, smp_fetch_path, acl_match_dir, ACL_USE_L7REQ_VOLATILE, 0 }, { "path_dom", acl_parse_str, smp_fetch_path, acl_match_dom, ACL_USE_L7REQ_VOLATILE, 0 }, @@ -9540,10 +9540,10 @@ static struct acl_kw_list acl_kws = {{ },{ { "path_sub", acl_parse_str, smp_fetch_path, acl_match_sub, ACL_USE_L7REQ_VOLATILE, 0 }, { "req_proto_http", acl_parse_nothing, acl_fetch_proto_http, acl_match_nothing, ACL_USE_L7REQ_PERMANENT, 0 }, - { "req_ver", acl_parse_ver, acl_fetch_rqver, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 }, - { "resp_ver", acl_parse_ver, acl_fetch_stver, acl_match_str, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, 0 }, + { "req_ver", acl_parse_ver, acl_fetch_rqver, acl_match_str, ACL_USE_L7REQ_VOLATILE, 0 }, + { "resp_ver", acl_parse_ver, acl_fetch_stver, acl_match_str, ACL_USE_L7RTR_VOLATILE, 0 }, - { "scook", acl_parse_str, smp_fetch_cookie, acl_match_str, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) }, + { "scook", acl_parse_str, smp_fetch_cookie, acl_match_str, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, { "scook_beg", acl_parse_str, smp_fetch_cookie, acl_match_beg, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, { "scook_cnt", acl_parse_int, acl_fetch_cookie_cnt, acl_match_int, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, { "scook_dir", acl_parse_str, smp_fetch_cookie, acl_match_dir, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, @@ -9554,13 +9554,13 @@ static struct acl_kw_list acl_kws = {{ },{ { "scook_sub", acl_parse_str, smp_fetch_cookie, acl_match_sub, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, { "scook_val", acl_parse_int, smp_fetch_cookie_val, acl_match_int, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, - { "shdr", acl_parse_str, smp_fetch_hdr, acl_match_str, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, ARG2(0,STR,SINT), val_hdr }, + { "shdr", acl_parse_str, smp_fetch_hdr, acl_match_str, ACL_USE_L7RTR_VOLATILE, ARG2(0,STR,SINT), val_hdr }, { "shdr_beg", acl_parse_str, smp_fetch_hdr, acl_match_beg, ACL_USE_L7RTR_VOLATILE, ARG2(0,STR,SINT), val_hdr }, { "shdr_cnt", acl_parse_int, smp_fetch_hdr_cnt, acl_match_int, ACL_USE_L7RTR_VOLATILE, ARG1(0,STR) }, { "shdr_dir", acl_parse_str, smp_fetch_hdr, acl_match_dir, ACL_USE_L7RTR_VOLATILE, ARG2(0,STR,SINT), val_hdr }, { "shdr_dom", acl_parse_str, smp_fetch_hdr, acl_match_dom, ACL_USE_L7RTR_VOLATILE, ARG2(0,STR,SINT), val_hdr }, { "shdr_end", acl_parse_str, smp_fetch_hdr, acl_match_end, ACL_USE_L7RTR_VOLATILE, ARG2(0,STR,SINT), val_hdr }, - { "shdr_ip", acl_parse_ip, smp_fetch_hdr_ip, acl_match_ip, ACL_USE_L7RTR_VOLATILE|ACL_MAY_LOOKUP, ARG2(0,STR,SINT), val_hdr }, + { "shdr_ip", acl_parse_ip, smp_fetch_hdr_ip, acl_match_ip, ACL_USE_L7RTR_VOLATILE, ARG2(0,STR,SINT), val_hdr }, { "shdr_len", acl_parse_int, smp_fetch_hdr, acl_match_len, ACL_USE_L7RTR_VOLATILE, ARG2(0,STR,SINT), val_hdr }, { "shdr_reg", acl_parse_reg, smp_fetch_hdr, acl_match_reg, ACL_USE_L7RTR_VOLATILE, ARG2(0,STR,SINT), val_hdr }, { "shdr_sub", acl_parse_str, smp_fetch_hdr, acl_match_sub, ACL_USE_L7RTR_VOLATILE, ARG2(0,STR,SINT), val_hdr }, @@ -9568,23 +9568,23 @@ static struct acl_kw_list acl_kws = {{ },{ { "status", acl_parse_int, acl_fetch_stcode, acl_match_int, ACL_USE_L7RTR_PERMANENT, 0 }, - { "url", acl_parse_str, smp_fetch_url, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 }, + { "url", acl_parse_str, smp_fetch_url, acl_match_str, ACL_USE_L7REQ_VOLATILE, 0 }, { "url_beg", acl_parse_str, smp_fetch_url, acl_match_beg, ACL_USE_L7REQ_VOLATILE, 0 }, { "url_dir", acl_parse_str, smp_fetch_url, acl_match_dir, ACL_USE_L7REQ_VOLATILE, 0 }, { "url_dom", acl_parse_str, smp_fetch_url, acl_match_dom, ACL_USE_L7REQ_VOLATILE, 0 }, { "url_end", acl_parse_str, smp_fetch_url, acl_match_end, ACL_USE_L7REQ_VOLATILE, 0 }, - { "url_ip", acl_parse_ip, smp_fetch_url_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, 0 }, + { "url_ip", acl_parse_ip, smp_fetch_url_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE, 0 }, { "url_len", acl_parse_int, smp_fetch_url, acl_match_len, ACL_USE_L7REQ_VOLATILE, 0 }, { "url_port", acl_parse_int, smp_fetch_url_port, acl_match_int, ACL_USE_L7REQ_VOLATILE, 0 }, { "url_reg", acl_parse_reg, smp_fetch_url, acl_match_reg, ACL_USE_L7REQ_VOLATILE, 0 }, { "url_sub", acl_parse_str, smp_fetch_url, acl_match_sub, ACL_USE_L7REQ_VOLATILE, 0 }, - { "urlp", acl_parse_str, smp_fetch_url_param, acl_match_str, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(1,STR) }, + { "urlp", acl_parse_str, smp_fetch_url_param, acl_match_str, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) }, { "urlp_beg", acl_parse_str, smp_fetch_url_param, acl_match_beg, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) }, { "urlp_dir", acl_parse_str, smp_fetch_url_param, acl_match_dir, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) }, { "urlp_dom", acl_parse_str, smp_fetch_url_param, acl_match_dom, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) }, { "urlp_end", acl_parse_str, smp_fetch_url_param, acl_match_end, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) }, - { "urlp_ip", acl_parse_ip, smp_fetch_url_param, acl_match_ip, ACL_USE_L7REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(1,STR) }, + { "urlp_ip", acl_parse_ip, smp_fetch_url_param, acl_match_ip, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) }, { "urlp_len", acl_parse_int, smp_fetch_url_param, acl_match_len, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) }, { "urlp_reg", acl_parse_reg, smp_fetch_url_param, acl_match_reg, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) }, { "urlp_sub", acl_parse_str, smp_fetch_url_param, acl_match_sub, ACL_USE_L7REQ_VOLATILE, ARG1(1,STR) }, diff --git a/src/proto_tcp.c b/src/proto_tcp.c index 38b9bdc2f..1e1d076f9 100644 --- a/src/proto_tcp.c +++ b/src/proto_tcp.c @@ -1865,13 +1865,13 @@ static struct cfg_kw_list cfg_kws = {{ },{ * Please take care of keeping this list alphabetically sorted. */ static struct acl_kw_list acl_kws = {{ },{ - { "dst", acl_parse_ip, smp_fetch_dst, acl_match_ip, ACL_USE_TCP4_PERMANENT|ACL_MAY_LOOKUP, 0 }, + { "dst", acl_parse_ip, smp_fetch_dst, acl_match_ip, ACL_USE_TCP4_PERMANENT, 0 }, { "dst_port", acl_parse_int, smp_fetch_dport, acl_match_int, ACL_USE_TCP_PERMANENT, 0 }, - { "payload", acl_parse_str, smp_fetch_payload, acl_match_str, ACL_USE_L6REQ_VOLATILE|ACL_MAY_LOOKUP, ARG2(2,UINT,UINT), val_payload }, - { "payload_lv", acl_parse_str, smp_fetch_payload_lv, acl_match_str, ACL_USE_L6REQ_VOLATILE|ACL_MAY_LOOKUP, ARG3(2,UINT,UINT,SINT), val_payload_lv }, - { "req_rdp_cookie", acl_parse_str, smp_fetch_rdp_cookie, acl_match_str, ACL_USE_L6REQ_VOLATILE|ACL_MAY_LOOKUP, ARG1(0,STR) }, + { "payload", acl_parse_str, smp_fetch_payload, acl_match_str, ACL_USE_L6REQ_VOLATILE, ARG2(2,UINT,UINT), val_payload }, + { "payload_lv", acl_parse_str, smp_fetch_payload_lv, acl_match_str, ACL_USE_L6REQ_VOLATILE, ARG3(2,UINT,UINT,SINT), val_payload_lv }, + { "req_rdp_cookie", acl_parse_str, smp_fetch_rdp_cookie, acl_match_str, ACL_USE_L6REQ_VOLATILE, ARG1(0,STR) }, { "req_rdp_cookie_cnt", acl_parse_int, acl_fetch_rdp_cookie_cnt, acl_match_int, ACL_USE_L6REQ_VOLATILE, ARG1(0,STR) }, - { "src", acl_parse_ip, smp_fetch_src, acl_match_ip, ACL_USE_TCP4_PERMANENT|ACL_MAY_LOOKUP, 0 }, + { "src", acl_parse_ip, smp_fetch_src, acl_match_ip, ACL_USE_TCP4_PERMANENT, 0 }, { "src_port", acl_parse_int, smp_fetch_sport, acl_match_int, ACL_USE_TCP_PERMANENT, 0 }, { NULL, NULL, NULL, NULL }, }}; diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 6faab78f0..b7ca2b420 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -2967,38 +2967,38 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {{ },{ * Please take care of keeping this list alphabetically sorted. */ static struct acl_kw_list acl_kws = {{ },{ - { "ssl_c_ca_err", acl_parse_int, smp_fetch_ssl_c_ca_err, acl_match_int, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_c_ca_err_depth", acl_parse_int, smp_fetch_ssl_c_ca_err_depth, acl_match_int, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_c_err", acl_parse_int, smp_fetch_ssl_c_err, acl_match_int, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_c_i_dn", acl_parse_str, smp_fetch_ssl_c_i_dn, acl_match_str, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, ARG2(0,STR,SINT) }, - { "ssl_c_key_alg", acl_parse_str, smp_fetch_ssl_c_key_alg, acl_match_str, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_c_notafter", acl_parse_str, smp_fetch_ssl_c_notafter, acl_match_str, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_c_notbefore", acl_parse_str, smp_fetch_ssl_c_notbefore, acl_match_str, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_c_sig_alg", acl_parse_str, smp_fetch_ssl_c_sig_alg, acl_match_str, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_c_s_dn", acl_parse_str, smp_fetch_ssl_c_s_dn, acl_match_str, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, ARG2(0,STR,SINT) }, - { "ssl_c_serial", acl_parse_bin, smp_fetch_ssl_c_serial, acl_match_bin, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_c_used", acl_parse_nothing, smp_fetch_ssl_c_used, acl_match_nothing, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_c_verify", acl_parse_int, smp_fetch_ssl_c_verify, acl_match_int, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_c_version", acl_parse_int, smp_fetch_ssl_c_version, acl_match_int, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_f_i_dn", acl_parse_str, smp_fetch_ssl_f_i_dn, acl_match_str, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, ARG2(0,STR,SINT) }, - { "ssl_f_key_alg", acl_parse_str, smp_fetch_ssl_f_key_alg, acl_match_str, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_f_notafter", acl_parse_str, smp_fetch_ssl_f_notafter, acl_match_str, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_f_notbefore", acl_parse_str, smp_fetch_ssl_f_notbefore, acl_match_str, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_f_sig_alg", acl_parse_str, smp_fetch_ssl_f_sig_alg, acl_match_str, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_f_s_dn", acl_parse_str, smp_fetch_ssl_f_s_dn, acl_match_str, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, ARG2(0,STR,SINT) }, - { "ssl_f_serial", acl_parse_bin, smp_fetch_ssl_f_serial, acl_match_bin, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_f_version", acl_parse_int, smp_fetch_ssl_f_version, acl_match_int, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_fc", acl_parse_nothing, smp_fetch_ssl_fc, acl_match_nothing, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_fc_alg_keysize", acl_parse_int, smp_fetch_ssl_fc_alg_keysize, acl_match_int, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_fc_cipher", acl_parse_str, smp_fetch_ssl_fc_cipher, acl_match_str, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, + { "ssl_c_ca_err", acl_parse_int, smp_fetch_ssl_c_ca_err, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 }, + { "ssl_c_ca_err_depth", acl_parse_int, smp_fetch_ssl_c_ca_err_depth, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 }, + { "ssl_c_err", acl_parse_int, smp_fetch_ssl_c_err, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 }, + { "ssl_c_i_dn", acl_parse_str, smp_fetch_ssl_c_i_dn, acl_match_str, ACL_USE_L6REQ_PERMANENT, ARG2(0,STR,SINT) }, + { "ssl_c_key_alg", acl_parse_str, smp_fetch_ssl_c_key_alg, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 }, + { "ssl_c_notafter", acl_parse_str, smp_fetch_ssl_c_notafter, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 }, + { "ssl_c_notbefore", acl_parse_str, smp_fetch_ssl_c_notbefore, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 }, + { "ssl_c_sig_alg", acl_parse_str, smp_fetch_ssl_c_sig_alg, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 }, + { "ssl_c_s_dn", acl_parse_str, smp_fetch_ssl_c_s_dn, acl_match_str, ACL_USE_L6REQ_PERMANENT, ARG2(0,STR,SINT) }, + { "ssl_c_serial", acl_parse_bin, smp_fetch_ssl_c_serial, acl_match_bin, ACL_USE_L6REQ_PERMANENT, 0 }, + { "ssl_c_used", acl_parse_nothing, smp_fetch_ssl_c_used, acl_match_nothing, ACL_USE_L6REQ_PERMANENT, 0 }, + { "ssl_c_verify", acl_parse_int, smp_fetch_ssl_c_verify, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 }, + { "ssl_c_version", acl_parse_int, smp_fetch_ssl_c_version, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 }, + { "ssl_f_i_dn", acl_parse_str, smp_fetch_ssl_f_i_dn, acl_match_str, ACL_USE_L6REQ_PERMANENT, ARG2(0,STR,SINT) }, + { "ssl_f_key_alg", acl_parse_str, smp_fetch_ssl_f_key_alg, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 }, + { "ssl_f_notafter", acl_parse_str, smp_fetch_ssl_f_notafter, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 }, + { "ssl_f_notbefore", acl_parse_str, smp_fetch_ssl_f_notbefore, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 }, + { "ssl_f_sig_alg", acl_parse_str, smp_fetch_ssl_f_sig_alg, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 }, + { "ssl_f_s_dn", acl_parse_str, smp_fetch_ssl_f_s_dn, acl_match_str, ACL_USE_L6REQ_PERMANENT, ARG2(0,STR,SINT) }, + { "ssl_f_serial", acl_parse_bin, smp_fetch_ssl_f_serial, acl_match_bin, ACL_USE_L6REQ_PERMANENT, 0 }, + { "ssl_f_version", acl_parse_int, smp_fetch_ssl_f_version, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 }, + { "ssl_fc", acl_parse_nothing, smp_fetch_ssl_fc, acl_match_nothing, ACL_USE_L6REQ_PERMANENT, 0 }, + { "ssl_fc_alg_keysize", acl_parse_int, smp_fetch_ssl_fc_alg_keysize, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 }, + { "ssl_fc_cipher", acl_parse_str, smp_fetch_ssl_fc_cipher, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 }, { "ssl_fc_has_crt", acl_parse_nothing, smp_fetch_ssl_fc_has_crt, acl_match_nothing, ACL_USE_L6REQ_PERMANENT, 0 }, { "ssl_fc_has_sni", acl_parse_nothing, smp_fetch_ssl_fc_has_sni, acl_match_nothing, ACL_USE_L6REQ_PERMANENT, 0 }, #ifdef OPENSSL_NPN_NEGOTIATED - { "ssl_fc_npn", acl_parse_str, smp_fetch_ssl_fc_npn, acl_match_str, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, + { "ssl_fc_npn", acl_parse_str, smp_fetch_ssl_fc_npn, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 }, #endif - { "ssl_fc_protocol", acl_parse_str, smp_fetch_ssl_fc_protocol, acl_match_str, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_fc_use_keysize", acl_parse_int, smp_fetch_ssl_fc_use_keysize, acl_match_int, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, - { "ssl_fc_sni", acl_parse_str, smp_fetch_ssl_fc_sni, acl_match_str, ACL_USE_L6REQ_PERMANENT|ACL_MAY_LOOKUP, 0 }, + { "ssl_fc_protocol", acl_parse_str, smp_fetch_ssl_fc_protocol, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 }, + { "ssl_fc_use_keysize", acl_parse_int, smp_fetch_ssl_fc_use_keysize, acl_match_int, ACL_USE_L6REQ_PERMANENT, 0 }, + { "ssl_fc_sni", acl_parse_str, smp_fetch_ssl_fc_sni, acl_match_str, ACL_USE_L6REQ_PERMANENT, 0 }, { "ssl_fc_sni_end", acl_parse_str, smp_fetch_ssl_fc_sni, acl_match_end, ACL_USE_L6REQ_PERMANENT, 0 }, { "ssl_fc_sni_reg", acl_parse_reg, smp_fetch_ssl_fc_sni, acl_match_reg, ACL_USE_L6REQ_PERMANENT, 0 }, { NULL, NULL, NULL, NULL },