GCOV - Varnish Cache


/*-
 * Copyright (c) 2006 Verdens Gang AS
 * Copyright (c) 2006-2015 Varnish Software AS
 * All rights reserved.
 *
 * Author: Poul-Henning Kamp <phk@phk.freebsd.dk>
 *
 * SPDX-License-Identifier: BSD-2-Clause
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 */

#include "config.h"

#include <stdlib.h>
#include <stdio.h>

#include "cache_varnishd.h"
#include "cache_ban.h"
#include "cache_objhead.h"

#include "vcli_serve.h"
#include "vend.h"
#include "vmb.h"

/* cache_ban_build.c */
void BAN_Build_Init(void);
void BAN_Build_Fini(void);

struct lock ban_mtx;
int ban_shutdown;
struct banhead_s ban_head = VTAILQ_HEAD_INITIALIZER(ban_head);
struct ban * volatile ban_start;

static pthread_t ban_thread;
static int ban_holds;
uint64_t bans_persisted_bytes;
uint64_t bans_persisted_fragmentation;

struct ban_test {
        uint8_t                 oper;
        uint8_t                 arg1;
        const char              *arg1_spec;
        const char              *arg2;
        double                  arg2_double;
        const void              *arg2_spec;
};

static const char * const arg_name[BAN_ARGARRSZ + 1] = {
#define PVAR(a, b, c) [BAN_ARGIDX(c)] = (a),
#include "tbl/ban_vars.h"
        [BAN_ARGARRSZ] = NULL
};

/*--------------------------------------------------------------------
 * Storage handling of bans
 */

static struct ban *
ban_alloc(void)
{
        struct ban *b;

        ALLOC_OBJ(b, BAN_MAGIC);
        if (b != NULL)
                VTAILQ_INIT(&b->objcore);
        return (b);
}

void
BAN_Free(struct ban *b)
{

        CHECK_OBJ_NOTNULL(b, BAN_MAGIC);
        AZ(b->refcount);
        assert(VTAILQ_EMPTY(&b->objcore));

        if (b->spec != NULL)
                free(b->spec);
        FREE_OBJ(b);
}

/*--------------------------------------------------------------------
 * Get/release holds which prevent the ban_lurker from starting.
 * Holds are held while stevedores load zombie objects.
 */

void
BAN_Hold(void)
{

        Lck_Lock(&ban_mtx);
        /* Once holds are released, we allow no more */
        assert(ban_holds > 0);
        ban_holds++;
        Lck_Unlock(&ban_mtx);
}

void
BAN_Release(void)
{

        Lck_Lock(&ban_mtx);
        assert(ban_holds > 0);
        ban_holds--;
        Lck_Unlock(&ban_mtx);
        if (ban_holds == 0)
                WRK_BgThread(&ban_thread, "ban-lurker", ban_lurker, NULL);
}

/*--------------------------------------------------------------------
 * Extract time and length from ban-spec
 */

vtim_real
ban_time(const uint8_t *banspec)
{
        vtim_real t;
        uint64_t u;

        assert(sizeof t == sizeof u);
        assert(sizeof t == (BANS_LENGTH - BANS_TIMESTAMP));
        u = vbe64dec(banspec + BANS_TIMESTAMP);
        memcpy(&t, &u, sizeof t);
        return (t);
}

unsigned
ban_len(const uint8_t *banspec)
{
        unsigned u;

        u = vbe32dec(banspec + BANS_LENGTH);
        return (u);
}

int
ban_equal(const uint8_t *bs1, const uint8_t *bs2)
{
        unsigned u;

        /*
         * Compare two ban-strings.
         */
        u = ban_len(bs1);
        if (u != ban_len(bs2))
                return (0);
        if (bs1[BANS_FLAGS] & BANS_FLAG_NODEDUP)
                return (0);

        return (!memcmp(bs1 + BANS_LENGTH, bs2 + BANS_LENGTH, u - BANS_LENGTH));
}

void
ban_mark_completed(struct ban *b)
{
        unsigned ln;

        CHECK_OBJ_NOTNULL(b, BAN_MAGIC);
        Lck_AssertHeld(&ban_mtx);

        AN(b->spec);
        if (!(b->flags & BANS_FLAG_COMPLETED)) {
                ln = ban_len(b->spec);
                b->flags |= BANS_FLAG_COMPLETED;
                b->spec[BANS_FLAGS] |= BANS_FLAG_COMPLETED;
                VWMB();
                vbe32enc(b->spec + BANS_LENGTH, BANS_HEAD_LEN);
                VSC_C_main->bans_completed++;
                bans_persisted_fragmentation += ln - ban_len(b->spec);
                VSC_C_main->bans_persisted_fragmentation =
                    bans_persisted_fragmentation;
        }
}

/*--------------------------------------------------------------------
 * Access a lump of bytes in a ban test spec
 */

static const void *
ban_get_lump(const uint8_t **bs)
{
        const void *r;
        unsigned ln;

        while (**bs == 0xff)
                *bs += 1;
        ln = vbe32dec(*bs);
        *bs += PRNDUP(sizeof(uint32_t));
        assert(PAOK(*bs));
        r = (const void*)*bs;
        *bs += ln;
        return (r);
}

/*--------------------------------------------------------------------
 * Pick a test apart from a spec string
 */

static void
ban_iter(const uint8_t **bs, struct ban_test *bt)
{
        uint64_t dtmp;

        memset(bt, 0, sizeof *bt);
        bt->arg2_double = nan("");
        bt->arg1 = *(*bs)++;
        if (BANS_HAS_ARG1_SPEC(bt->arg1)) {
                bt->arg1_spec = (const char *)*bs;
                (*bs) += (*bs)[0] + 2;
        }
        if (BANS_HAS_ARG2_DOUBLE(bt->arg1)) {
                dtmp = vbe64dec(ban_get_lump(bs));
                bt->oper = *(*bs)++;

                memcpy(&bt->arg2_double, &dtmp, sizeof dtmp);
                return;
        }
        bt->arg2 = ban_get_lump(bs);
        bt->oper = *(*bs)++;
        if (BANS_HAS_ARG2_SPEC(bt->oper))
                bt->arg2_spec = ban_get_lump(bs);
}

/*--------------------------------------------------------------------
 * A new object is created, grab a reference to the newest ban
 */

void
BAN_NewObjCore(struct objcore *oc)
{

        CHECK_OBJ_NOTNULL(oc, OBJCORE_MAGIC);
        AZ(oc->ban);
        AN(oc->objhead);
        Lck_Lock(&ban_mtx);
        oc->ban = ban_start;
        ban_start->refcount++;
        VTAILQ_INSERT_TAIL(&ban_start->objcore, oc, ban_list);
        Lck_Unlock(&ban_mtx);
}

/*--------------------------------------------------------------------
 * An object is destroyed, release its ban reference
 */

void
BAN_DestroyObj(struct objcore *oc)
{

        CHECK_OBJ_NOTNULL(oc, OBJCORE_MAGIC);
        if (oc->ban == NULL)
                return;
        Lck_Lock(&ban_mtx);
        CHECK_OBJ_ORNULL(oc->ban, BAN_MAGIC);
        if (oc->ban != NULL) {
                assert(oc->ban->refcount > 0);
                oc->ban->refcount--;
                VTAILQ_REMOVE(&oc->ban->objcore, oc, ban_list);
                oc->ban = NULL;
        }
        Lck_Unlock(&ban_mtx);
}

/*--------------------------------------------------------------------
 * Find a ban based on a timestamp.
 * Assume we have a BAN_Hold, so list traversal is safe.
 */

struct ban *
BAN_FindBan(vtim_real t0)
{
        struct ban *b;
        vtim_real t1;

        assert(ban_holds > 0);
        VTAILQ_FOREACH(b, &ban_head, list) {
                t1 = ban_time(b->spec);
                if (t1 == t0)
                        return (b);
                if (t1 < t0)
                        break;
        }
        return (NULL);
}

/*--------------------------------------------------------------------
 * Grab a reference to a ban and associate the objcore with that ban.
 * Assume we have a BAN_Hold, so list traversal is safe.
 */

void
BAN_RefBan(struct objcore *oc, struct ban *b)
{

        Lck_Lock(&ban_mtx);
        CHECK_OBJ_NOTNULL(oc, OBJCORE_MAGIC);
        AZ(oc->ban);
        CHECK_OBJ_NOTNULL(b, BAN_MAGIC);
        assert(ban_holds > 0);
        b->refcount++;
        VTAILQ_INSERT_TAIL(&b->objcore, oc, ban_list);
        oc->ban = b;
        Lck_Unlock(&ban_mtx);
}

/*--------------------------------------------------------------------
 * Compile a full ban list and export this area to the stevedores for
 * persistence.
 */

static void
ban_export(void)
{
        struct ban *b;
        struct vsb *vsb;
        unsigned ln;

        Lck_AssertHeld(&ban_mtx);
        ln = bans_persisted_bytes - bans_persisted_fragmentation;
        vsb = VSB_new_auto();
        AN(vsb);
        VTAILQ_FOREACH_REVERSE(b, &ban_head, banhead_s, list)
                AZ(VSB_bcat(vsb, b->spec, ban_len(b->spec)));
        AZ(VSB_finish(vsb));
        assert(VSB_len(vsb) == ln);
        STV_BanExport((const uint8_t *)VSB_data(vsb), VSB_len(vsb));
        VSB_destroy(&vsb);
        VSC_C_main->bans_persisted_bytes =
            bans_persisted_bytes = ln;
        VSC_C_main->bans_persisted_fragmentation =
            bans_persisted_fragmentation = 0;
}

/*
 * For both of these we do a full export on info failure to remove
 * holes in the exported list.
 * XXX: we should keep track of the size of holes in the last exported list
 * XXX: check if the ban_export should be batched in ban_cleantail
 */
void
ban_info_new(const uint8_t *ban, unsigned len)
{
        /* XXX martin pls review if ban_mtx needs to be held */
        Lck_AssertHeld(&ban_mtx);
        if (STV_BanInfoNew(ban, len))
                ban_export();
}

void
ban_info_drop(const uint8_t *ban, unsigned len)
{
        /* XXX martin pls review if ban_mtx needs to be held */
        Lck_AssertHeld(&ban_mtx);
        if (STV_BanInfoDrop(ban, len))
                ban_export();
}

/*--------------------------------------------------------------------
 * Put a skeleton ban in the list, unless there is an identical,
 * time & condition, ban already in place.
 *
 * If a newer ban has same condition, mark the inserted ban COMPLETED,
 * also mark any older bans, with the same condition COMPLETED.
 */

static void
ban_reload(const uint8_t *ban, unsigned len)
{
        struct ban *b, *b2;
        int duplicate = 0;
        vtim_real t0, t1, t2 = 9e99;
        ASSERT_CLI();
        Lck_AssertHeld(&ban_mtx);

        t0 = ban_time(ban);
        assert(len == ban_len(ban));

        VTAILQ_FOREACH(b, &ban_head, list) {
                t1 = ban_time(b->spec);
                assert(t1 < t2);
                t2 = t1;
                if (t1 == t0)
                        return;
                if (t1 < t0)
                        break;
                if (ban_equal(b->spec, ban))
                        duplicate = 1;
        }

        VSC_C_main->bans++;
        VSC_C_main->bans_added++;

        b2 = ban_alloc();
        AN(b2);
        b2->spec = malloc(len);
        AN(b2->spec);
        memcpy(b2->spec, ban, len);
        if (ban[BANS_FLAGS] & BANS_FLAG_REQ) {
                VSC_C_main->bans_req++;
                b2->flags |= BANS_FLAG_REQ;
        }
        if (duplicate)
                VSC_C_main->bans_dups++;
        if (duplicate || (ban[BANS_FLAGS] & BANS_FLAG_COMPLETED))
                ban_mark_completed(b2);
        if (b == NULL)
                VTAILQ_INSERT_TAIL(&ban_head, b2, list);
        else
                VTAILQ_INSERT_BEFORE(b, b2, list);
        bans_persisted_bytes += len;
        VSC_C_main->bans_persisted_bytes = bans_persisted_bytes;

        /* Hunt down older duplicates */
        for (b = VTAILQ_NEXT(b2, list); b != NULL; b = VTAILQ_NEXT(b, list)) {
                if (b->flags & BANS_FLAG_COMPLETED)
                        continue;
                if (ban_equal(b->spec, ban)) {
                        ban_mark_completed(b);
                        VSC_C_main->bans_dups++;
                }
        }
}

/*--------------------------------------------------------------------
 * Reload a series of persisted ban specs
 */

void
BAN_Reload(const uint8_t *ptr, unsigned len)
{
        const uint8_t *pe;
        unsigned l;

        AZ(ban_shutdown);
        pe = ptr + len;
        Lck_Lock(&ban_mtx);
        while (ptr < pe) {
                /* XXX: This can be optimized by traversing the live
                 * ban list together with the reload list (combining
                 * the loops in BAN_Reload and ban_reload). */
                l = ban_len(ptr);
                assert(ptr + l <= pe);
                ban_reload(ptr, l);
                ptr += l;
        }
        Lck_Unlock(&ban_mtx);
}

/*--------------------------------------------------------------------
 * Get a bans timestamp
 */

vtim_real
BAN_Time(const struct ban *b)
{

        if (b == NULL)
                return (0.0);

        CHECK_OBJ_NOTNULL(b, BAN_MAGIC);
        return (ban_time(b->spec));
}

/*--------------------------------------------------------------------
 * Evaluate ban-spec
 */

int
ban_evaluate(struct worker *wrk, const uint8_t *bsarg, struct objcore *oc,
    const struct http *reqhttp, unsigned *tests)
{
        struct ban_test bt;
        const uint8_t *bs, *be;
        const char *p;
        const char *arg1;
        double darg1, darg2;
        int rv;

        /*
         * for ttl and age, fix the point in time such that banning refers to
         * the same point in time when the ban is evaluated
         *
         * for grace/keep, we assume that the absolute values are pola and that
         * users will most likely also specify a ttl criterion if they want to
         * fix a point in time (such as "obj.ttl > 5h && obj.keep > 3h")
         */

        bs = bsarg;
        be = bs + ban_len(bs);
        bs += BANS_HEAD_LEN;
        while (bs < be) {
                (*tests)++;
                ban_iter(&bs, &bt);
                arg1 = NULL;
                darg1 = darg2 = nan("");
                switch (bt.arg1) {
                case BANS_ARG_URL:
                        AN(reqhttp);
                        arg1 = reqhttp->hd[HTTP_HDR_URL].b;
                        break;
                case BANS_ARG_REQHTTP:
                        AN(reqhttp);
                        (void)http_GetHdr(reqhttp, bt.arg1_spec, &p);
                        arg1 = p;
                        break;
                case BANS_ARG_OBJHTTP:
                        arg1 = HTTP_GetHdrPack(wrk, oc, bt.arg1_spec);
                        break;
                case BANS_ARG_OBJSTATUS:
                        arg1 = HTTP_GetHdrPack(wrk, oc, H__Status);
                        break;
                case BANS_ARG_OBJTTL:
                        darg1 = oc->ttl + oc->t_origin;
                        darg2 = bt.arg2_double + ban_time(bsarg);
                        break;
                case BANS_ARG_OBJAGE:
                        darg1 = 0.0 - oc->t_origin;
                        darg2 = 0.0 - (ban_time(bsarg) - bt.arg2_double);
                        break;
                case BANS_ARG_OBJGRACE:
                        darg1 = oc->grace;
                        darg2 = bt.arg2_double;
                        break;
                case BANS_ARG_OBJKEEP:
                        darg1 = oc->keep;
                        darg2 = bt.arg2_double;
                        break;
                default:
                        WRONG("Wrong BAN_ARG code");
                }

                switch (bt.oper) {
                case BANS_OPER_EQ:
                        if (arg1 == NULL) {
                                if (isnan(darg1) || darg1 != darg2)
                                        return (0);
                        } else if (strcmp(arg1, bt.arg2)) {
                                return (0);
                        }
                        break;
                case BANS_OPER_NEQ:
                        if (arg1 == NULL) {
                                if (! isnan(darg1) && darg1 == darg2)
                                        return (0);
                        } else if (!strcmp(arg1, bt.arg2)) {
                                return (0);
                        }
                        break;
                case BANS_OPER_MATCH:
                        if (arg1 == NULL)
                                return (0);
                        rv = VRE_match(bt.arg2_spec, arg1, 0, 0, NULL);
                        xxxassert(rv >= -1);
                        if (rv < 0)
                                return (0);
                        break;
                case BANS_OPER_NMATCH:
                        if (arg1 == NULL)
                                return (0);
                        rv = VRE_match(bt.arg2_spec, arg1, 0, 0, NULL);
                        xxxassert(rv >= -1);
                        if (rv >= 0)
                                return (0);
                        break;
                case BANS_OPER_GT:
                        AZ(arg1);
                        assert(! isnan(darg1));
                        if (!(darg1 > darg2))
                                return (0);
                        break;
                case BANS_OPER_GTE:
                        AZ(arg1);
                        assert(! isnan(darg1));
                        if (!(darg1 >= darg2))
                                return (0);
                        break;
                case BANS_OPER_LT:
                        AZ(arg1);
                        assert(! isnan(darg1));
                        if (!(darg1 < darg2))
                                return (0);
                        break;
                case BANS_OPER_LTE:
                        AZ(arg1);
                        assert(! isnan(darg1));
                        if (!(darg1 <= darg2))
                                return (0);
                        break;
                default:
                        WRONG("Wrong BAN_OPER code");
                }
        }
        return (1);
}

/*--------------------------------------------------------------------
 * Check an object against all applicable bans
 *
 * Return:
 *      -1 not all bans checked, but none of the checked matched
 *              Only if !has_req
 *      0 No bans matched, object moved to ban_start.
 *      1 Ban matched, object removed from ban list.
 */

int
BAN_CheckObject(struct worker *wrk, struct objcore *oc, struct req *req)
{
        struct ban *b;
        struct vsl_log *vsl;
        struct ban *b0, *bn;
        unsigned tests;

        CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
        CHECK_OBJ_NOTNULL(oc, OBJCORE_MAGIC);
        CHECK_OBJ_NOTNULL(req, REQ_MAGIC);
        Lck_AssertHeld(&oc->objhead->mtx);
        assert(oc->refcnt > 0);

        vsl = req->vsl;

        CHECK_OBJ_NOTNULL(oc->ban, BAN_MAGIC);

        /* First do an optimistic unlocked check */
        b0 = ban_start;
        CHECK_OBJ_NOTNULL(b0, BAN_MAGIC);

        if (b0 == oc->ban)
                return (0);

        /* If that fails, make a safe check */
        Lck_Lock(&ban_mtx);
        b0 = ban_start;
        bn = oc->ban;
        if (b0 != bn)
                bn->refcount++;
        Lck_Unlock(&ban_mtx);

        AN(bn);

        if (b0 == bn)
                return (0);

        AN(b0);
        AN(bn);

        /*
         * This loop is safe without locks, because we know we hold
         * a refcount on a ban somewhere in the list and we do not
         * inspect the list past that ban.
         */
        tests = 0;
        for (b = b0; b != bn; b = VTAILQ_NEXT(b, list)) {
                CHECK_OBJ_NOTNULL(b, BAN_MAGIC);
                if (b->flags & BANS_FLAG_COMPLETED)
                        continue;
                if (ban_evaluate(wrk, b->spec, oc, req->http, &tests))
                        break;
        }

        Lck_Lock(&ban_mtx);
        bn->refcount--;
        VSC_C_main->bans_tested++;
        VSC_C_main->bans_tests_tested += tests;

        if (b == bn) {
                /* not banned */
                oc->ban->refcount--;
                VTAILQ_REMOVE(&oc->ban->objcore, oc, ban_list);
                VTAILQ_INSERT_TAIL(&b0->objcore, oc, ban_list);
                b0->refcount++;
                oc->ban = b0;
                b = NULL;
        }
        if (b != NULL)
                VSC_C_main->bans_obj_killed++;

        if (VTAILQ_LAST(&ban_head, banhead_s)->refcount == 0)
                ban_kick_lurker();

        Lck_Unlock(&ban_mtx);

        if (b == NULL) {
                /* not banned */
                ObjSendEvent(wrk, oc, OEV_BANCHG);
                return (0);
        } else {
                VSLb(vsl, SLT_ExpBan,
                    "%ju banned lookup", VXID(ObjGetXID(wrk, oc)));
                return (1);
        }
}

/*--------------------------------------------------------------------
 * CLI functions to add bans
 */

static void v_matchproto_(cli_func_t)
ccf_ban(struct cli *cli, const char * const *av, void *priv)
{
        int narg, i;
        struct ban_proto *bp;
        const char *err = NULL;

        (void)priv;

        /* First do some cheap checks on the arguments */
        for (narg = 0; av[narg + 2] != NULL; narg++)
                continue;
        if ((narg % 4) != 3) {
                VCLI_Out(cli, "Wrong number of arguments");
                VCLI_SetResult(cli, CLIS_PARAM);
                return;
        }
        for (i = 3; i < narg; i += 4) {
                if (strcmp(av[i + 2], "&&")) {
                        VCLI_Out(cli, "Found \"%s\" expected &&", av[i + 2]);
                        VCLI_SetResult(cli, CLIS_PARAM);
                        return;
                }
        }

        bp = BAN_Build();
        if (bp == NULL) {
                VCLI_Out(cli, "Out of Memory");
                VCLI_SetResult(cli, CLIS_CANT);
                return;
        }
        for (i = 0; i < narg; i += 4) {
                err = BAN_AddTest(bp, av[i + 2], av[i + 3], av[i + 4]);
                if (err)
                        break;
        }

        if (err == NULL) {
                // XXX racy - grab wstat lock?
                err = BAN_Commit(bp);
        }

        if (err != NULL) {
                VCLI_Out(cli, "%s", err);
                BAN_Abandon(bp);
                VCLI_SetResult(cli, CLIS_PARAM);
        }
}

#define Ms 60
#define Hs (Ms * 60)
#define Ds (Hs * 24)
#define Ws (Ds * 7)
#define Ys (Ds * 365)

#define Xfmt(buf, var, s, unit)                                         \
        ((var) >= s && (var) % s == 0)                                  \
                bprintf((buf), "%ju" unit, (var) / s)

// XXX move to VTIM?
#define vdur_render(buf, dur) do {                                      \
        uintmax_t dec = (uintmax_t)floor(dur);                          \
        uintmax_t frac = (uintmax_t)floor((dur) * 1e3) % UINTMAX_C(1000); \
        if (dec == 0 && frac == 0)                                      \
                (void) strncpy(buf, "0s", sizeof(buf));                 \
        else if (dec == 0)                                              \
                bprintf((buf), "%jums", frac);                          \
        else if (frac != 0)                                             \
                bprintf((buf), "%ju.%03jus", dec, frac);                \
        else if Xfmt(buf, dec, Ys, "y");                                \
        else if Xfmt(buf, dec, Ws, "w");                                \
        else if Xfmt(buf, dec, Ds, "d");                                \
        else if Xfmt(buf, dec, Hs, "h");                                \
        else if Xfmt(buf, dec, Ms, "m");                                \
        else                                                            \
                bprintf((buf), "%jus", dec);                            \
        } while (0)

static void
ban_render(struct cli *cli, const uint8_t *bs, int quote)
{
        struct ban_test bt;
        const uint8_t *be;
        char buf[64];

        be = bs + ban_len(bs);
        bs += BANS_HEAD_LEN;
        while (bs < be) {
                ban_iter(&bs, &bt);
                ASSERT_BAN_ARG(bt.arg1);
                ASSERT_BAN_OPER(bt.oper);

                if (BANS_HAS_ARG1_SPEC(bt.arg1))
                        VCLI_Out(cli, "%s%.*s",
                            arg_name[BAN_ARGIDX(bt.arg1)],
                            bt.arg1_spec[0] - 1, bt.arg1_spec + 1);
                else
                        VCLI_Out(cli, "%s", arg_name[BAN_ARGIDX(bt.arg1)]);

                VCLI_Out(cli, " %s ", ban_oper[BAN_OPERIDX(bt.oper)]);

                if (BANS_HAS_ARG2_DOUBLE(bt.arg1)) {
                        vdur_render(buf, bt.arg2_double);
                        VCLI_Out(cli, "%s", buf);
                } else if (quote) {
                        VCLI_Quote(cli, bt.arg2);
                } else {
                        VCLI_Out(cli, "%s", bt.arg2);
                }

                if (bs < be)
                        VCLI_Out(cli, " && ");
        }
}

static void
ban_list(struct cli *cli, struct ban *bl)
{
        struct ban *b;
        int64_t o;

        VCLI_Out(cli, "Present bans:\n");
        VTAILQ_FOREACH(b, &ban_head, list) {
                o = bl == b ? 1 : 0;
                VCLI_Out(cli, "%10.6f %5ju %s", ban_time(b->spec),
                    (intmax_t)(b->refcount - o),
                    b->flags & BANS_FLAG_COMPLETED ? "C" : "-");
                if (DO_DEBUG(DBG_LURKER)) {
                        VCLI_Out(cli, "%s%s %p ",
                            b->flags & BANS_FLAG_REQ ? "R" : "-",
                            b->flags & BANS_FLAG_OBJ ? "O" : "-",
                            b);
                }
                VCLI_Out(cli, "  ");
                ban_render(cli, b->spec, 0);
                VCLI_Out(cli, "\n");
                if (VCLI_Overflow(cli))
                        break;
                if (DO_DEBUG(DBG_LURKER)) {
                        Lck_Lock(&ban_mtx);
                        struct objcore *oc;
                        VTAILQ_FOREACH(oc, &b->objcore, ban_list)
                                VCLI_Out(cli, "  oc = %p\n", oc);
                        Lck_Unlock(&ban_mtx);
                }
        }
}

static void
ban_list_json(struct cli *cli, const char * const *av, struct ban *bl)
{
        struct ban *b;
        int64_t o;
        int n = 0;
        int ocs;

        VCLI_JSON_begin(cli, 2, av);
        VCLI_Out(cli, ",\n");
        VTAILQ_FOREACH(b, &ban_head, list) {
                o = bl == b ? 1 : 0;
                VCLI_Out(cli, "%s", n ? ",\n" : "");
                n++;
                VCLI_Out(cli, "{\n");
                VSB_indent(cli->sb, 2);
                VCLI_Out(cli, "\"time\": %.6f,\n", ban_time(b->spec));
                VCLI_Out(cli, "\"refs\": %ju,\n", (intmax_t)(b->refcount - o));
                VCLI_Out(cli, "\"completed\": %s,\n",
                         b->flags & BANS_FLAG_COMPLETED ? "true" : "false");
                VCLI_Out(cli, "\"spec\": \"");
                ban_render(cli, b->spec, 1);
                VCLI_Out(cli, "\"");

                if (DO_DEBUG(DBG_LURKER)) {
                        VCLI_Out(cli, ",\n");
                        VCLI_Out(cli, "\"req_tests\": %s,\n",
                                 b->flags & BANS_FLAG_REQ ? "true" : "false");
                        VCLI_Out(cli, "\"obj_tests\": %s,\n",
                                 b->flags & BANS_FLAG_OBJ ? "true" : "false");
                        VCLI_Out(cli, "\"pointer\": \"%p\",\n", b);
                        if (VCLI_Overflow(cli))
                                break;

                        ocs = 0;
                        VCLI_Out(cli, "\"objcores\": [\n");
                        VSB_indent(cli->sb, 2);
                        Lck_Lock(&ban_mtx);
                        struct objcore *oc;
                        VTAILQ_FOREACH(oc, &b->objcore, ban_list) {
                                if (ocs)
                                        VCLI_Out(cli, ",\n");
                                VCLI_Out(cli, "%p", oc);
                                ocs++;
                        }
                        Lck_Unlock(&ban_mtx);
                        VSB_indent(cli->sb, -2);
                        VCLI_Out(cli, "\n]");
                }
                VSB_indent(cli->sb, -2);
                VCLI_Out(cli, "\n}");
        }
        VCLI_JSON_end(cli);
}

static void v_matchproto_(cli_func_t)
ccf_ban_list(struct cli *cli, const char * const *av, void *priv)
{
        struct ban *bl;

        (void)priv;

        /* Get a reference so we are safe to traverse the list */
        Lck_Lock(&ban_mtx);
        bl = VTAILQ_LAST(&ban_head, banhead_s);
        bl->refcount++;
        Lck_Unlock(&ban_mtx);

        if (av[2] != NULL && strcmp(av[2], "-j") == 0)
                ban_list_json(cli, av, bl);
        else
                ban_list(cli, bl);

        Lck_Lock(&ban_mtx);
        bl->refcount--;
        ban_kick_lurker();      // XXX: Mostly for testcase b00009.vtc
        Lck_Unlock(&ban_mtx);
}

static struct cli_proto ban_cmds[] = {
        { CLICMD_BAN,                           "", ccf_ban },
        { CLICMD_BAN_LIST,                      "", ccf_ban_list,
          ccf_ban_list },
        { NULL }
};

/*--------------------------------------------------------------------
 */

void
BAN_Compile(void)
{
        struct ban *b;

        /*
         * All bans have been read from all persistent stevedores. Export
         * the compiled list
         */

        ASSERT_CLI();
        AZ(ban_shutdown);

        Lck_Lock(&ban_mtx);

        /* Report the place-holder ban */
        b = VTAILQ_FIRST(&ban_head);
        ban_info_new(b->spec, ban_len(b->spec));

        ban_export();

        Lck_Unlock(&ban_mtx);

        ban_start = VTAILQ_FIRST(&ban_head);
        BAN_Release();
}

void
BAN_Init(void)
{
        struct ban_proto *bp;

        BAN_Build_Init();
        Lck_New(&ban_mtx, lck_ban);
        CLI_AddFuncs(ban_cmds);

        ban_holds = 1;

        /* Add a placeholder ban */
        bp = BAN_Build();
        AN(bp);
        PTOK(pthread_cond_init(&ban_lurker_cond, NULL));
        AZ(BAN_Commit(bp));
        Lck_Lock(&ban_mtx);
        ban_mark_completed(VTAILQ_FIRST(&ban_head));
        Lck_Unlock(&ban_mtx);
}

/*--------------------------------------------------------------------
 * Shutdown of the ban system.
 *
 * When this function returns, no new bans will be accepted, and no
 * bans will be dropped (ban lurker thread stopped), so that no
 * STV_BanInfo calls will be executed.
 */

void
BAN_Shutdown(void)
{
        void *status;

        Lck_Lock(&ban_mtx);
        ban_shutdown = 1;
        ban_kick_lurker();
        Lck_Unlock(&ban_mtx);

        PTOK(pthread_join(ban_thread, &status));
        AZ(status);

        Lck_Lock(&ban_mtx);
        /* Export the ban list to compact it */
        ban_export();
        Lck_Unlock(&ban_mtx);

        BAN_Build_Fini();
}

		varnish-cache/bin/varnishd/cache/cache_ban.c
0		/*-
1		* Copyright (c) 2006 Verdens Gang AS
2		* Copyright (c) 2006-2015 Varnish Software AS
3		* All rights reserved.
4		*
5		* Author: Poul-Henning Kamp <phk@phk.freebsd.dk>
6		*
7		* SPDX-License-Identifier: BSD-2-Clause
8		*
9		* Redistribution and use in source and binary forms, with or without
10		* modification, are permitted provided that the following conditions
11		* are met:
12		* 1. Redistributions of source code must retain the above copyright
13		* notice, this list of conditions and the following disclaimer.
14		* 2. Redistributions in binary form must reproduce the above copyright
15		* notice, this list of conditions and the following disclaimer in the
16		* documentation and/or other materials provided with the distribution.
17		*
18		* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19		* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21		* ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
22		* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23		* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24		* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25		* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26		* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27		* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28		* SUCH DAMAGE.
29		*
30		*/
31
32		#include "config.h"
33
34		#include <stdlib.h>
35		#include <stdio.h>
36
37		#include "cache_varnishd.h"
38		#include "cache_ban.h"
39		#include "cache_objhead.h"
40
41		#include "vcli_serve.h"
42		#include "vend.h"
43		#include "vmb.h"
44
45		/* cache_ban_build.c */
46		void BAN_Build_Init(void);
47		void BAN_Build_Fini(void);
48
49		struct lock ban_mtx;
50		int ban_shutdown;
51		struct banhead_s ban_head = VTAILQ_HEAD_INITIALIZER(ban_head);
52		struct ban * volatile ban_start;
53
54		static pthread_t ban_thread;
55		static int ban_holds;
56		uint64_t bans_persisted_bytes;
57		uint64_t bans_persisted_fragmentation;
58
59		struct ban_test {
60		uint8_t oper;
61		uint8_t arg1;
62		const char *arg1_spec;
63		const char *arg2;
64		double arg2_double;
65		const void *arg2_spec;
66		};
67
68		static const char * const arg_name[BAN_ARGARRSZ + 1] = {
69		#define PVAR(a, b, c) [BAN_ARGIDX(c)] = (a),
70		#include "tbl/ban_vars.h"
71		[BAN_ARGARRSZ] = NULL
72		};
73
74		/*--------------------------------------------------------------------
75		* Storage handling of bans
76		*/
77
78		static struct ban *
79	650	ban_alloc(void)
80		{
81		struct ban *b;
82
83	650	ALLOC_OBJ(b, BAN_MAGIC);
84	650	if (b != NULL)
85	650	VTAILQ_INIT(&b->objcore);
86	650	return (b);
87		}
88
89		void
90	1750	BAN_Free(struct ban *b)
91		{
92
93	1750	CHECK_OBJ_NOTNULL(b, BAN_MAGIC);
94	1750	AZ(b->refcount);
95	1750	assert(VTAILQ_EMPTY(&b->objcore));
96
97	1750	if (b->spec != NULL)
98	1750	free(b->spec);
99	1750	FREE_OBJ(b);
100	1750	}
101
102		/*--------------------------------------------------------------------
103		* Get/release holds which prevent the ban_lurker from starting.
104		* Holds are held while stevedores load zombie objects.
105		*/
106
107		void
108	950	BAN_Hold(void)
109		{
110
111	950	Lck_Lock(&ban_mtx);
112		/* Once holds are released, we allow no more */
113	950	assert(ban_holds > 0);
114	950	ban_holds++;
115	950	Lck_Unlock(&ban_mtx);
116	950	}
117
118		void
119	23094	BAN_Release(void)
120		{
121
122	23094	Lck_Lock(&ban_mtx);
123	23094	assert(ban_holds > 0);
124	23094	ban_holds--;
125	23094	Lck_Unlock(&ban_mtx);
126	23094	if (ban_holds == 0)
127	22144	WRK_BgThread(&ban_thread, "ban-lurker", ban_lurker, NULL);
128	23094	}
129
130		/*--------------------------------------------------------------------
131		* Extract time and length from ban-spec
132		*/
133
134		vtim_real
135	20650	ban_time(const uint8_t *banspec)
136		{
137		vtim_real t;
138		uint64_t u;
139
140	20650	assert(sizeof t == sizeof u);
141	20650	assert(sizeof t == (BANS_LENGTH - BANS_TIMESTAMP));
142	20650	u = vbe64dec(banspec + BANS_TIMESTAMP);
143	20650	memcpy(&t, &u, sizeof t);
144	20650	return (t);
145		}
146
147		unsigned
148	140226	ban_len(const uint8_t *banspec)
149		{
150		unsigned u;
151
152	140226	u = vbe32dec(banspec + BANS_LENGTH);
153	140226	return (u);
154		}
155
156		int
157	5525	ban_equal(const uint8_t bs1, const uint8_t bs2)
158		{
159		unsigned u;
160
161		/*
162		* Compare two ban-strings.
163		*/
164	5525	u = ban_len(bs1);
165	5525	if (u != ban_len(bs2))
166	1225	return (0);
167	4300	if (bs1[BANS_FLAGS] & BANS_FLAG_NODEDUP)
168	125	return (0);
169
170	4175	return (!memcmp(bs1 + BANS_LENGTH, bs2 + BANS_LENGTH, u - BANS_LENGTH));
171	5525	}
172
173		void
174	23369	ban_mark_completed(struct ban *b)
175		{
176		unsigned ln;
177
178	23369	CHECK_OBJ_NOTNULL(b, BAN_MAGIC);
179	23369	Lck_AssertHeld(&ban_mtx);
180
181	23369	AN(b->spec);
182	23369	if (!(b->flags & BANS_FLAG_COMPLETED)) {
183	23369	ln = ban_len(b->spec);
184	23369	b->flags \|= BANS_FLAG_COMPLETED;
185	23369	b->spec[BANS_FLAGS] \|= BANS_FLAG_COMPLETED;
186	23369	VWMB();
187	23369	vbe32enc(b->spec + BANS_LENGTH, BANS_HEAD_LEN);
188	23369	VSC_C_main->bans_completed++;
189	23369	bans_persisted_fragmentation += ln - ban_len(b->spec);
190	23369	VSC_C_main->bans_persisted_fragmentation =
191	23369	bans_persisted_fragmentation;
192	23369	}
193	23369	}
194
195		/*--------------------------------------------------------------------
196		* Access a lump of bytes in a ban test spec
197		*/
198
199		static const void *
200	8875	ban_get_lump(const uint8_t **bs)
201		{
202		const void *r;
203		unsigned ln;
204
205	53925	while (**bs == 0xff)
206	45050	*bs += 1;
207	8875	ln = vbe32dec(*bs);
208	8875	*bs += PRNDUP(sizeof(uint32_t));
209	8875	assert(PAOK(*bs));
210	8875	r = (const void)bs;
211	8875	*bs += ln;
212	8875	return (r);
213		}
214
215		/*--------------------------------------------------------------------
216		* Pick a test apart from a spec string
217		*/
218
219		static void
220	7625	ban_iter(const uint8_t *bs, struct ban_test bt)
221		{
222		uint64_t dtmp;
223
224	7625	memset(bt, 0, sizeof *bt);
225	7625	bt->arg2_double = nan("");
226	7625	bt->arg1 = (bs)++;
227	7625	if (BANS_HAS_ARG1_SPEC(bt->arg1)) {
228	2425	bt->arg1_spec = (const char )bs;
229	2425	(bs) += (bs)[0] + 2;
230	2425	}
231	7625	if (BANS_HAS_ARG2_DOUBLE(bt->arg1)) {
232	3175	dtmp = vbe64dec(ban_get_lump(bs));
233	3175	bt->oper = (bs)++;
234
235	3175	memcpy(&bt->arg2_double, &dtmp, sizeof dtmp);
236	3175	return;
237		}
238	4450	bt->arg2 = ban_get_lump(bs);
239	4450	bt->oper = (bs)++;
240	4450	if (BANS_HAS_ARG2_SPEC(bt->oper))
241	1250	bt->arg2_spec = ban_get_lump(bs);
242	7625	}
243
244		/*--------------------------------------------------------------------
245		* A new object is created, grab a reference to the newest ban
246		*/
247
248		void
249	34124	BAN_NewObjCore(struct objcore *oc)
250		{
251
252	34124	CHECK_OBJ_NOTNULL(oc, OBJCORE_MAGIC);
253	34124	AZ(oc->ban);
254	34124	AN(oc->objhead);
255	34124	Lck_Lock(&ban_mtx);
256	34124	oc->ban = ban_start;
257	34124	ban_start->refcount++;
258	34124	VTAILQ_INSERT_TAIL(&ban_start->objcore, oc, ban_list);
259	34124	Lck_Unlock(&ban_mtx);
260	34124	}
261
262		/*--------------------------------------------------------------------
263		* An object is destroyed, release its ban reference
264		*/
265
266		void
267	42277	BAN_DestroyObj(struct objcore *oc)
268		{
269
270	42277	CHECK_OBJ_NOTNULL(oc, OBJCORE_MAGIC);
271	42277	if (oc->ban == NULL)
272	33338	return;
273	8939	Lck_Lock(&ban_mtx);
274	8939	CHECK_OBJ_ORNULL(oc->ban, BAN_MAGIC);
275	8939	if (oc->ban != NULL) {
276	8939	assert(oc->ban->refcount > 0);
277	8939	oc->ban->refcount--;
278	8939	VTAILQ_REMOVE(&oc->ban->objcore, oc, ban_list);
279	8939	oc->ban = NULL;
280	8939	}
281	8939	Lck_Unlock(&ban_mtx);
282	42277	}
283
284		/*--------------------------------------------------------------------
285		* Find a ban based on a timestamp.
286		* Assume we have a BAN_Hold, so list traversal is safe.
287		*/
288
289		struct ban *
290	425	BAN_FindBan(vtim_real t0)
291		{
292		struct ban *b;
293		vtim_real t1;
294
295	425	assert(ban_holds > 0);
296	1150	VTAILQ_FOREACH(b, &ban_head, list) {
297	1150	t1 = ban_time(b->spec);
298	1150	if (t1 == t0)
299	425	return (b);
300	725	if (t1 < t0)
301	0	break;
302	725	}
303	0	return (NULL);
304	425	}
305
306		/*--------------------------------------------------------------------
307		* Grab a reference to a ban and associate the objcore with that ban.
308		* Assume we have a BAN_Hold, so list traversal is safe.
309		*/
310
311		void
312	425	BAN_RefBan(struct objcore oc, struct ban b)
313		{
314
315	425	Lck_Lock(&ban_mtx);
316	425	CHECK_OBJ_NOTNULL(oc, OBJCORE_MAGIC);
317	425	AZ(oc->ban);
318	425	CHECK_OBJ_NOTNULL(b, BAN_MAGIC);
319	425	assert(ban_holds > 0);
320	425	b->refcount++;
321	425	VTAILQ_INSERT_TAIL(&b->objcore, oc, ban_list);
322	425	oc->ban = b;
323	425	Lck_Unlock(&ban_mtx);
324	425	}
325
326		/*--------------------------------------------------------------------
327		* Compile a full ban list and export this area to the stevedores for
328		* persistence.
329		*/
330
331		static void
332	44044	ban_export(void)
333		{
334		struct ban *b;
335		struct vsb *vsb;
336		unsigned ln;
337
338	44044	Lck_AssertHeld(&ban_mtx);
339	44044	ln = bans_persisted_bytes - bans_persisted_fragmentation;
340	44044	vsb = VSB_new_auto();
341	44044	AN(vsb);
342	90013	VTAILQ_FOREACH_REVERSE(b, &ban_head, banhead_s, list)
343	45969	AZ(VSB_bcat(vsb, b->spec, ban_len(b->spec)));
344	44044	AZ(VSB_finish(vsb));
345	44044	assert(VSB_len(vsb) == ln);
346	44044	STV_BanExport((const uint8_t *)VSB_data(vsb), VSB_len(vsb));
347	44044	VSB_destroy(&vsb);
348	44044	VSC_C_main->bans_persisted_bytes =
349	44044	bans_persisted_bytes = ln;
350	44044	VSC_C_main->bans_persisted_fragmentation =
351	44044	bans_persisted_fragmentation = 0;
352	44044	}
353
354		/*
355		* For both of these we do a full export on info failure to remove
356		* holes in the exported list.
357		* XXX: we should keep track of the size of holes in the last exported list
358		* XXX: check if the ban_export should be batched in ban_cleantail
359		*/
360		void
361	24519	ban_info_new(const uint8_t *ban, unsigned len)
362		{
363		/* XXX martin pls review if ban_mtx needs to be held */
364	24519	Lck_AssertHeld(&ban_mtx);
365	24519	if (STV_BanInfoNew(ban, len))
366	0	ban_export();
367	24519	}
368
369		void
370	1750	ban_info_drop(const uint8_t *ban, unsigned len)
371		{
372		/* XXX martin pls review if ban_mtx needs to be held */
373	1750	Lck_AssertHeld(&ban_mtx);
374	1750	if (STV_BanInfoDrop(ban, len))
375	0	ban_export();
376	1750	}
377
378		/*--------------------------------------------------------------------
379		* Put a skeleton ban in the list, unless there is an identical,
380		* time & condition, ban already in place.
381		*
382		* If a newer ban has same condition, mark the inserted ban COMPLETED,
383		* also mark any older bans, with the same condition COMPLETED.
384		*/
385
386		static void
387	850	ban_reload(const uint8_t *ban, unsigned len)
388		{
389		struct ban b, b2;
390	850	int duplicate = 0;
391	850	vtim_real t0, t1, t2 = 9e99;
392	850	ASSERT_CLI();
393	850	Lck_AssertHeld(&ban_mtx);
394
395	850	t0 = ban_time(ban);
396	850	assert(len == ban_len(ban));
397
398	1850	VTAILQ_FOREACH(b, &ban_head, list) {
399	1450	t1 = ban_time(b->spec);
400	1450	assert(t1 < t2);
401	1450	t2 = t1;
402	1450	if (t1 == t0)
403	200	return;
404	1250	if (t1 < t0)
405	250	break;
406	1000	if (ban_equal(b->spec, ban))
407	600	duplicate = 1;
408	1000	}
409
410	650	VSC_C_main->bans++;
411	650	VSC_C_main->bans_added++;
412
413	650	b2 = ban_alloc();
414	650	AN(b2);
415	650	b2->spec = malloc(len);
416	650	AN(b2->spec);
417	650	memcpy(b2->spec, ban, len);
418	650	if (ban[BANS_FLAGS] & BANS_FLAG_REQ) {
419	125	VSC_C_main->bans_req++;
420	125	b2->flags \|= BANS_FLAG_REQ;
421	125	}
422	650	if (duplicate)
423	450	VSC_C_main->bans_dups++;
424	650	if (duplicate \|\| (ban[BANS_FLAGS] & BANS_FLAG_COMPLETED))
425	475	ban_mark_completed(b2);
426	650	if (b == NULL)
427	400	VTAILQ_INSERT_TAIL(&ban_head, b2, list);
428		else
429	250	VTAILQ_INSERT_BEFORE(b, b2, list);
430	650	bans_persisted_bytes += len;
431	650	VSC_C_main->bans_persisted_bytes = bans_persisted_bytes;
432
433		/* Hunt down older duplicates */
434	1025	for (b = VTAILQ_NEXT(b2, list); b != NULL; b = VTAILQ_NEXT(b, list)) {
435	375	if (b->flags & BANS_FLAG_COMPLETED)
436	350	continue;
437	25	if (ban_equal(b->spec, ban)) {
438	0	ban_mark_completed(b);
439	0	VSC_C_main->bans_dups++;
440	0	}
441	25	}
442	850	}
443
444		/*--------------------------------------------------------------------
445		* Reload a series of persisted ban specs
446		*/
447
448		void
449	950	BAN_Reload(const uint8_t *ptr, unsigned len)
450		{
451		const uint8_t *pe;
452		unsigned l;
453
454	950	AZ(ban_shutdown);
455	950	pe = ptr + len;
456	950	Lck_Lock(&ban_mtx);
457	1800	while (ptr < pe) {
458		/* XXX: This can be optimized by traversing the live
459		* ban list together with the reload list (combining
460		* the loops in BAN_Reload and ban_reload). */
461	850	l = ban_len(ptr);
462	850	assert(ptr + l <= pe);
463	850	ban_reload(ptr, l);
464	850	ptr += l;
465		}
466	950	Lck_Unlock(&ban_mtx);
467	950	}
468
469		/*--------------------------------------------------------------------
470		* Get a bans timestamp
471		*/
472
473		vtim_real
474	1750	BAN_Time(const struct ban *b)
475		{
476
477	1750	if (b == NULL)
478	550	return (0.0);
479
480	1200	CHECK_OBJ_NOTNULL(b, BAN_MAGIC);
481	1200	return (ban_time(b->spec));
482	1750	}
483
484		/*--------------------------------------------------------------------
485		* Evaluate ban-spec
486		*/
487
488		int
489	1775	ban_evaluate(struct worker wrk, const uint8_t bsarg, struct objcore *oc,
490		const struct http reqhttp, unsigned tests)
491		{
492		struct ban_test bt;
493		const uint8_t bs, be;
494		const char *p;
495		const char *arg1;
496		double darg1, darg2;
497		int rv;
498
499		/*