GCOV - Varnish Cache


/*-
 * Copyright (c) 2012-2019 Varnish Software AS
 * All rights reserved.
 *
 * Author: Poul-Henning Kamp <phk@FreeBSD.org>
 *
 * SPDX-License-Identifier: BSD-2-Clause
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include "config.h"

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <sys/socket.h>
#include <unistd.h>

// #include "vdef.h"
//#include "vas.h"
#include "cache/cache.h"
#include "vend.h"
#include "vsa.h"
#include "vsb.h"
#include "vsha256.h"
#include "vtcp.h"
#include "vtim.h"
#include "vcc_debug_if.h"

VCL_ACL v_matchproto_(td_debug_null_acl)
xyzzy_null_acl(VRT_CTX)
{

        CHECK_OBJ_ORNULL(ctx, VRT_CTX_MAGIC);
        return (NULL);
}

VCL_ACL v_matchproto_(td_debug_acl)
xyzzy_acl(VRT_CTX, VCL_ACL acl)
{

        CHECK_OBJ_ORNULL(ctx, VRT_CTX_MAGIC);
        return (acl);
}

VCL_BOOL v_matchproto_(td_debug_match_acl)
xyzzy_match_acl(VRT_CTX, VCL_ACL acl, VCL_IP ip)
{

        CHECK_OBJ_ORNULL(ctx, VRT_CTX_MAGIC);
        assert(VSA_Sane(ip));

        return (VRT_acl_match(ctx, acl, ip));
}

/*
 * The code below is more intimate with VSA than anything is supposed to.
 */

struct acl_sweep {
        int                     family;
        const uint8_t           *ip0_p;
        const uint8_t           *ip1_p;
        struct suckaddr         *probe;
        uint8_t                 *probe_p;
        VCL_INT                 step;
        uint64_t                reset;
        uint64_t                that;
        uint64_t                count;
};

static void
reset_sweep(struct acl_sweep *asw)
{
        asw->that = asw->reset;
}

static int
setup_sweep(VRT_CTX, struct acl_sweep *asw, VCL_IP ip0, VCL_IP ip1,
    VCL_INT step)
{
        int fam0, fam1;
        const uint8_t *ptr;

        AN(asw);
        memset(asw, 0, sizeof *asw);

        AN(ip0);
        AN(ip1);
        fam0 = VSA_GetPtr(ip0, &asw->ip0_p);
        fam1 = VSA_GetPtr(ip1, &asw->ip1_p);
        if (fam0 != fam1) {
                VRT_fail(ctx, "IPs have different families (0x%x vs 0x%x)",
                    fam0, fam1);
                return (-1);
        }

        asw->family = fam0;
        if (asw->family == PF_INET) {
                if (memcmp(asw->ip0_p, asw->ip1_p, 4) > 0) {
                        VRT_fail(ctx, "Sweep: ipv4.end < ipv4.start");
                        return (-1);
                }
                asw->reset = vbe32dec(asw->ip0_p);
        } else {
                if (memcmp(asw->ip0_p, asw->ip1_p, 16) > 0) {
                        VRT_fail(ctx, "Sweep: ipv6.end < ipv6.start");
                        return (-1);
                }
                asw->reset = vbe64dec(asw->ip0_p + 8);
        }
        asw->that = asw->reset;

        /* Dont try this at home */
        asw->probe = malloc(vsa_suckaddr_len);
        AN(asw->probe);
        memcpy(asw->probe, ip0, vsa_suckaddr_len);
        (void)VSA_GetPtr(asw->probe, &ptr);
        asw->probe_p = ((uint8_t*)(asw->probe)) + (ptr - (uint8_t*)asw->probe);

        asw->step = step;

        return (0);
}

static void
cleanup_sweep(struct acl_sweep *asw)
{
        free(asw->probe);
        memset(asw, 0, sizeof *asw);
}

static int
step_sweep(struct acl_sweep *asw)
{

        AN(asw);
        asw->count++;
        asw->that += asw->step;
        if (asw->family == PF_INET) {
                vbe32enc(asw->probe_p, asw->that);
                return (memcmp(asw->probe_p, asw->ip1_p, 4));
        } else {
                vbe64enc(asw->probe_p + 8, asw->that);
                return (memcmp(asw->probe_p, asw->ip1_p, 16));
        }
}


VCL_BLOB
xyzzy_sweep_acl(VRT_CTX, VCL_ACL acl, VCL_IP ip0, VCL_IP ip1, VCL_INT step)
{
        struct acl_sweep asw[1];
        int i, j;
        struct vsb *vsb;
        char abuf[VTCP_ADDRBUFSIZE];
        char pbuf[VTCP_PORTBUFSIZE];
        unsigned char digest[VSHA256_DIGEST_LENGTH];
        struct VSHA256Context vsha[1];
        struct vrt_blob *b;
        ssize_t sz;

        CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
        AN(acl);
        AN(ip0);
        AN(ip1);
        assert(step > 0);
        if (setup_sweep(ctx, asw, ip0, ip1, step))
                return (NULL);

        vsb = VSB_new_auto();
        AN(vsb);

        VSHA256_Init(vsha);
        for (j = 0; ; j++) {
                if ((j & 0x3f) == 0x00) {
                        VTCP_name(asw->probe, abuf, sizeof abuf,
                            pbuf, sizeof pbuf);
                        VSB_printf(vsb, "Sweep: %-15s", abuf);
                }
                i = VRT_acl_match(ctx, acl, asw->probe);
                assert(0 <= i && i <= 1);
                VSB_putc(vsb, "-X"[i]);
                if ((j & 0x3f) == 0x3f) {
                        AZ(VSB_finish(vsb));
                        VSLbs(ctx->vsl, SLT_Debug, TOSTRAND(VSB_data(vsb)));
                        sz =VSB_len(vsb);
                        assert (sz > 0);
                        VSHA256_Update(vsha, VSB_data(vsb), sz);
                        VSB_clear(vsb);
                }
                if (step_sweep(asw) > 0)
                        break;
        }
        if (VSB_len(vsb)) {
                AZ(VSB_finish(vsb));
                VSLbs(ctx->vsl, SLT_Debug, TOSTRAND(VSB_data(vsb)));
                sz =VSB_len(vsb);
                assert (sz > 0);
                VSHA256_Update(vsha, VSB_data(vsb), sz);
                VSB_clear(vsb);
        }
        VSB_destroy(&vsb);

        VSHA256_Final(digest, vsha);
        b = WS_Alloc(ctx->ws, sizeof *b + sizeof digest);
        if (b != NULL) {
                memcpy(b + 1, digest, sizeof digest);
                b->magic = VRT_BLOB_MAGIC;
                b->blob = b + 1;
                b->len = sizeof digest;
        }
        cleanup_sweep(asw);
        return (b);
}

VCL_DURATION
xyzzy_time_acl(VRT_CTX, VCL_ACL acl, VCL_IP ip0, VCL_IP ip1,
    VCL_INT step, VCL_INT turnus)
{
        struct acl_sweep asw[1];
        vtim_mono t0, t1;
        vtim_dur d;
        VCL_INT cnt;

        CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
        AN(acl);
        AN(ip0);
        AN(ip1);
        assert(step > 0);
        assert(turnus > 0);

        if (setup_sweep(ctx, asw, ip0, ip1, step))
                return (-1);
        do {
                (void)VRT_acl_match(ctx, acl, asw->probe);
        } while (step_sweep(asw) <= 0);
        asw->count = 0;
        t0 = VTIM_mono();
        for (cnt = 0; cnt < turnus; cnt++) {
                reset_sweep(asw);
                do {
                        (void)VRT_acl_match(ctx, acl, asw->probe);
                } while (step_sweep(asw) <= 0);
        }
        t1 = VTIM_mono();
        cnt = asw->count;
        assert(cnt > 0);
        d = (t1 - t0) / cnt;
        VSLb(ctx->vsl, SLT_Debug,
            "Timed ACL: %.9f -> %.9f = %.9f %.9f/round, %.9f/IP %ju IPs",
            t0, t1, t1 - t0, (t1-t0) / turnus, d, (intmax_t)cnt);
        cleanup_sweep(asw);
        return (d);
}

struct xyzzy_debug_aclobj {
        unsigned                        magic;
#define VMOD_DEBUG_ACLOBJ_MAGIC 0xac10ac10
        char *                          vcl_name;
        VCL_ACL                 acl;
};

VCL_VOID v_matchproto_(td_xyzzy_debug_aclobj__init)
xyzzy_aclobj__init(VRT_CTX, struct VPFX(debug_aclobj) **op,
    const char *vcl_name, VCL_ACL acl)
{
        struct VPFX(debug_aclobj) *o;

        CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
        AN(op);
        AZ(*op);
        ALLOC_OBJ(o, VMOD_DEBUG_ACLOBJ_MAGIC);
        AN(o);
        REPLACE(o->vcl_name, vcl_name);
        o->acl = acl;
        *op = o;
}

VCL_VOID v_matchproto_(td_xyzzy_debug_aclobj__fini)
xyzzy_aclobj__fini(struct VPFX(debug_aclobj) **op)
{
        struct VPFX(debug_aclobj) *o;

        TAKE_OBJ_NOTNULL(o, op, VMOD_DEBUG_ACLOBJ_MAGIC);
        REPLACE(o->vcl_name, NULL);
        FREE_OBJ(o);
}

VCL_ACL v_matchproto_(td_xyzzy_debug_aclobj_get)
xyzzy_aclobj_get(VRT_CTX, struct VPFX(debug_aclobj) *o)
{
        CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
        CHECK_OBJ_NOTNULL(o, VMOD_DEBUG_ACLOBJ_MAGIC);
        return (o->acl);
}

		varnish-cache/vmod/vmod_debug_acl.c
0		/*-
1		* Copyright (c) 2012-2019 Varnish Software AS
2		* All rights reserved.
3		*
4		* Author: Poul-Henning Kamp <phk@FreeBSD.org>
5		*
6		* SPDX-License-Identifier: BSD-2-Clause
7		*
8		* Redistribution and use in source and binary forms, with or without
9		* modification, are permitted provided that the following conditions
10		* are met:
11		* 1. Redistributions of source code must retain the above copyright
12		* notice, this list of conditions and the following disclaimer.
13		* 2. Redistributions in binary form must reproduce the above copyright
14		* notice, this list of conditions and the following disclaimer in the
15		* documentation and/or other materials provided with the distribution.
16		*
17		* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18		* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20		* ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
21		* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22		* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23		* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24		* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25		* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26		* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27		* SUCH DAMAGE.
28		*/
29
30		#include "config.h"
31
32		#include <stdlib.h>
33		#include <stdio.h>
34		#include <string.h>
35		#include <sys/socket.h>
36		#include <unistd.h>
37
38		// #include "vdef.h"
39		//#include "vas.h"
40		#include "cache/cache.h"
41		#include "vend.h"
42		#include "vsa.h"
43		#include "vsb.h"
44		#include "vsha256.h"
45		#include "vtcp.h"
46		#include "vtim.h"
47		#include "vcc_debug_if.h"
48
49		VCL_ACL v_matchproto_(td_debug_null_acl)
50	4	xyzzy_null_acl(VRT_CTX)
51		{
52
53	4	CHECK_OBJ_ORNULL(ctx, VRT_CTX_MAGIC);
54	4	return (NULL);
55		}
56
57		VCL_ACL v_matchproto_(td_debug_acl)
58	2	xyzzy_acl(VRT_CTX, VCL_ACL acl)
59		{
60
61	2	CHECK_OBJ_ORNULL(ctx, VRT_CTX_MAGIC);
62	2	return (acl);
63		}
64
65		VCL_BOOL v_matchproto_(td_debug_match_acl)
66	4	xyzzy_match_acl(VRT_CTX, VCL_ACL acl, VCL_IP ip)
67		{
68
69	4	CHECK_OBJ_ORNULL(ctx, VRT_CTX_MAGIC);
70	4	assert(VSA_Sane(ip));
71
72	4	return (VRT_acl_match(ctx, acl, ip));
73		}
74
75		/*
76		* The code below is more intimate with VSA than anything is supposed to.
77		*/
78
79		struct acl_sweep {
80		int family;
81		const uint8_t *ip0_p;
82		const uint8_t *ip1_p;
83		struct suckaddr *probe;
84		uint8_t *probe_p;
85		VCL_INT step;
86		uint64_t reset;
87		uint64_t that;
88		uint64_t count;
89		};
90
91		static void
92	2000	reset_sweep(struct acl_sweep *asw)
93		{
94	2000	asw->that = asw->reset;
95	2000	}
96
97		static int
98	16	setup_sweep(VRT_CTX, struct acl_sweep *asw, VCL_IP ip0, VCL_IP ip1,
99		VCL_INT step)
100		{
101		int fam0, fam1;
102		const uint8_t *ptr;
103
104	16	AN(asw);
105	16	memset(asw, 0, sizeof *asw);
106
107	16	AN(ip0);
108	16	AN(ip1);
109	16	fam0 = VSA_GetPtr(ip0, &asw->ip0_p);
110	16	fam1 = VSA_GetPtr(ip1, &asw->ip1_p);
111	16	if (fam0 != fam1) {
112	0	VRT_fail(ctx, "IPs have different families (0x%x vs 0x%x)",
113	0	fam0, fam1);
114	0	return (-1);
115		}
116
117	16	asw->family = fam0;
118	16	if (asw->family == PF_INET) {
119	6	if (memcmp(asw->ip0_p, asw->ip1_p, 4) > 0) {
120	0	VRT_fail(ctx, "Sweep: ipv4.end < ipv4.start");
121	0	return (-1);
122		}
123	6	asw->reset = vbe32dec(asw->ip0_p);
124	6	} else {
125	10	if (memcmp(asw->ip0_p, asw->ip1_p, 16) > 0) {
126	0	VRT_fail(ctx, "Sweep: ipv6.end < ipv6.start");
127	0	return (-1);
128		}
129	10	asw->reset = vbe64dec(asw->ip0_p + 8);
130		}
131	16	asw->that = asw->reset;
132
133		/* Dont try this at home */
134	16	asw->probe = malloc(vsa_suckaddr_len);
135	16	AN(asw->probe);
136	16	memcpy(asw->probe, ip0, vsa_suckaddr_len);
137	16	(void)VSA_GetPtr(asw->probe, &ptr);
138	16	asw->probe_p = ((uint8_t)(asw->probe)) + (ptr - (uint8_t)asw->probe);
139
140	16	asw->step = step;
141
142	16	return (0);
143	16	}
144
145		static void
146	16	cleanup_sweep(struct acl_sweep *asw)
147		{
148	16	free(asw->probe);
149	16	memset(asw, 0, sizeof *asw);
150	16	}
151
152		static int
153	192780	step_sweep(struct acl_sweep *asw)
154		{
155
156	192780	AN(asw);
157	192780	asw->count++;
158	192780	asw->that += asw->step;
159	192780	if (asw->family == PF_INET) {
160	198	vbe32enc(asw->probe_p, asw->that);
161	198	return (memcmp(asw->probe_p, asw->ip1_p, 4));
162		} else {
163	192582	vbe64enc(asw->probe_p + 8, asw->that);
164	192582	return (memcmp(asw->probe_p, asw->ip1_p, 16));
165		}
166	192780	}
167
168
169		VCL_BLOB
170	14	xyzzy_sweep_acl(VRT_CTX, VCL_ACL acl, VCL_IP ip0, VCL_IP ip1, VCL_INT step)
171		{
172		struct acl_sweep asw[1];
173		int i, j;
174		struct vsb *vsb;
175		char abuf[VTCP_ADDRBUFSIZE];
176		char pbuf[VTCP_PORTBUFSIZE];
177		unsigned char digest[VSHA256_DIGEST_LENGTH];
178		struct VSHA256Context vsha[1];
179		struct vrt_blob *b;
180		ssize_t sz;
181
182	14	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
183	14	AN(acl);
184	14	AN(ip0);
185	14	AN(ip1);
186	14	assert(step > 0);
187	14	if (setup_sweep(ctx, asw, ip0, ip1, step))
188	0	return (NULL);
189
190	14	vsb = VSB_new_auto();
191	14	AN(vsb);
192
193	14	VSHA256_Init(vsha);
194	588	for (j = 0; ; j++) {
195	588	if ((j & 0x3f) == 0x00) {
196	32	VTCP_name(asw->probe, abuf, sizeof abuf,
197	16	pbuf, sizeof pbuf);
198	16	VSB_printf(vsb, "Sweep: %-15s", abuf);
199	16	}
200	588	i = VRT_acl_match(ctx, acl, asw->probe);
201	588	assert(0 <= i && i <= 1);
202	588	VSB_putc(vsb, "-X"[i]);
203	588	if ((j & 0x3f) == 0x3f) {
204	2	AZ(VSB_finish(vsb));
205	2	VSLbs(ctx->vsl, SLT_Debug, TOSTRAND(VSB_data(vsb)));
206	2	sz =VSB_len(vsb);
207	2	assert (sz > 0);
208	2	VSHA256_Update(vsha, VSB_data(vsb), sz);
209	2	VSB_clear(vsb);
210	2	}
211	588	if (step_sweep(asw) > 0)
212	14	break;
213	574	}
214	14	if (VSB_len(vsb)) {
215	14	AZ(VSB_finish(vsb));
216	14	VSLbs(ctx->vsl, SLT_Debug, TOSTRAND(VSB_data(vsb)));
217	14	sz =VSB_len(vsb);
218	14	assert (sz > 0);
219	14	VSHA256_Update(vsha, VSB_data(vsb), sz);
220	14	VSB_clear(vsb);
221	14	}
222	14	VSB_destroy(&vsb);
223
224	14	VSHA256_Final(digest, vsha);
225	14	b = WS_Alloc(ctx->ws, sizeof *b + sizeof digest);
226	14	if (b != NULL) {
227	14	memcpy(b + 1, digest, sizeof digest);
228	14	b->magic = VRT_BLOB_MAGIC;
229	14	b->blob = b + 1;
230	14	b->len = sizeof digest;
231	14	}
232	14	cleanup_sweep(asw);
233	14	return (b);
234	14	}
235
236		VCL_DURATION
237	2	xyzzy_time_acl(VRT_CTX, VCL_ACL acl, VCL_IP ip0, VCL_IP ip1,
238		VCL_INT step, VCL_INT turnus)
239		{
240		struct acl_sweep asw[1];
241		vtim_mono t0, t1;
242		vtim_dur d;
243		VCL_INT cnt;
244
245	2	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
246	2	AN(acl);
247	2	AN(ip0);
248	2	AN(ip1);
249	2	assert(step > 0);
250	2	assert(turnus > 0);
251
252	2	if (setup_sweep(ctx, asw, ip0, ip1, step))
253	0	return (-1);
254	2	do {
255	192	(void)VRT_acl_match(ctx, acl, asw->probe);
256	192	} while (step_sweep(asw) <= 0);
257	2	asw->count = 0;
258	2	t0 = VTIM_mono();
259	2002	for (cnt = 0; cnt < turnus; cnt++) {
260	2000	reset_sweep(asw);
261	2000	do {
262	192000	(void)VRT_acl_match(ctx, acl, asw->probe);
263	192000	} while (step_sweep(asw) <= 0);
264	2000	}
265	2	t1 = VTIM_mono();
266	2	cnt = asw->count;
267	2	assert(cnt > 0);
268	2	d = (t1 - t0) / cnt;
269	4	VSLb(ctx->vsl, SLT_Debug,
270		"Timed ACL: %.9f -> %.9f = %.9f %.9f/round, %.9f/IP %ju IPs",
271	2	t0, t1, t1 - t0, (t1-t0) / turnus, d, (intmax_t)cnt);
272	2	cleanup_sweep(asw);
273	2	return (d);
274	2	}
275
276		struct xyzzy_debug_aclobj {
277		unsigned magic;
278		#define VMOD_DEBUG_ACLOBJ_MAGIC 0xac10ac10
279		char * vcl_name;
280		VCL_ACL acl;
281		};
282
283		VCL_VOID v_matchproto_(td_xyzzy_debug_aclobj__init)
284	4	xyzzy_aclobj__init(VRT_CTX, struct VPFX(debug_aclobj) **op,
285		const char *vcl_name, VCL_ACL acl)
286		{
287		struct VPFX(debug_aclobj) *o;
288
289	4	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
290	4	AN(op);
291	4	AZ(*op);
292	4	ALLOC_OBJ(o, VMOD_DEBUG_ACLOBJ_MAGIC);
293	4	AN(o);
294	4	REPLACE(o->vcl_name, vcl_name);
295	4	o->acl = acl;
296	4	*op = o;
297	4	}
298
299		VCL_VOID v_matchproto_(td_xyzzy_debug_aclobj__fini)
300	0	xyzzy_aclobj__fini(struct VPFX(debug_aclobj) **op)
301		{
302		struct VPFX(debug_aclobj) *o;
303
304	0	TAKE_OBJ_NOTNULL(o, op, VMOD_DEBUG_ACLOBJ_MAGIC);
305	0	REPLACE(o->vcl_name, NULL);
306	0	FREE_OBJ(o);
307	0	}
308
309		VCL_ACL v_matchproto_(td_xyzzy_debug_aclobj_get)
310	4	xyzzy_aclobj_get(VRT_CTX, struct VPFX(debug_aclobj) *o)
311		{
312	4	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
313	4	CHECK_OBJ_NOTNULL(o, VMOD_DEBUG_ACLOBJ_MAGIC);
314	4	return (o->acl);
315		}