GCOV - Varnish Cache


/*-
 * Copyright (c) 2012-2019 Varnish Software AS
 * All rights reserved.
 *
 * Author: Poul-Henning Kamp <phk@FreeBSD.org>
 *
 * SPDX-License-Identifier: BSD-2-Clause
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#include "config.h"

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <sys/socket.h>
#include <unistd.h>

// #include "vdef.h"
//#include "vas.h"
#include "cache/cache.h"
#include "vend.h"
#include "vsa.h"
#include "vsb.h"
#include "vsha256.h"
#include "vtcp.h"
#include "vtim.h"
#include "vcc_debug_if.h"

VCL_ACL v_matchproto_(td_debug_null_acl)
xyzzy_null_acl(VRT_CTX)
{

        CHECK_OBJ_ORNULL(ctx, VRT_CTX_MAGIC);
        return (NULL);
}

VCL_ACL v_matchproto_(td_debug_acl)
xyzzy_acl(VRT_CTX, VCL_ACL acl)
{

        CHECK_OBJ_ORNULL(ctx, VRT_CTX_MAGIC);
        return (acl);
}

VCL_BOOL v_matchproto_(td_debug_match_acl)
xyzzy_match_acl(VRT_CTX, VCL_ACL acl, VCL_IP ip)
{

        CHECK_OBJ_ORNULL(ctx, VRT_CTX_MAGIC);
        assert(VSA_Sane(ip));

        return (VRT_acl_match(ctx, acl, ip));
}

/*
 * The code below is more intimate with VSA than anything is supposed to.
 */

struct acl_sweep {
        int                     family;
        const uint8_t           *ip0_p;
        const uint8_t           *ip1_p;
        struct suckaddr         *probe;
        uint8_t                 *probe_p;
        VCL_INT                 step;
        uint64_t                reset;
        uint64_t                that;
        uint64_t                count;
};

static void
reset_sweep(struct acl_sweep *asw)
{
        asw->that = asw->reset;
}

static int
setup_sweep(VRT_CTX, struct acl_sweep *asw, VCL_IP ip0, VCL_IP ip1,
    VCL_INT step)
{
        int fam0, fam1;
        const uint8_t *ptr;

        AN(asw);
        memset(asw, 0, sizeof *asw);

        AN(ip0);
        AN(ip1);
        fam0 = VSA_GetPtr(ip0, &asw->ip0_p);
        fam1 = VSA_GetPtr(ip1, &asw->ip1_p);
        if (fam0 != fam1) {
                VRT_fail(ctx, "IPs have different families (0x%x vs 0x%x)",
                    fam0, fam1);
                return (-1);
        }

        asw->family = fam0;
        if (asw->family == PF_INET) {
                if (memcmp(asw->ip0_p, asw->ip1_p, 4) > 0) {
                        VRT_fail(ctx, "Sweep: ipv4.end < ipv4.start");
                        return (-1);
                }
                asw->reset = vbe32dec(asw->ip0_p);
        } else {
                if (memcmp(asw->ip0_p, asw->ip1_p, 16) > 0) {
                        VRT_fail(ctx, "Sweep: ipv6.end < ipv6.start");
                        return (-1);
                }
                asw->reset = vbe64dec(asw->ip0_p + 8);
        }
        asw->that = asw->reset;

        /* Dont try this at home */
        asw->probe = malloc(vsa_suckaddr_len);
        AN(asw->probe);
        memcpy(asw->probe, ip0, vsa_suckaddr_len);
        (void)VSA_GetPtr(asw->probe, &ptr);
        asw->probe_p = ((uint8_t*)(asw->probe)) + (ptr - (uint8_t*)asw->probe);

        asw->step = step;

        return (0);
}

static void
cleanup_sweep(struct acl_sweep *asw)
{
        free(asw->probe);
        memset(asw, 0, sizeof *asw);
}

static int
step_sweep(struct acl_sweep *asw)
{

        AN(asw);
        asw->count++;
        asw->that += asw->step;
        if (asw->family == PF_INET) {
                vbe32enc(asw->probe_p, asw->that);
                return (memcmp(asw->probe_p, asw->ip1_p, 4));
        } else {
                vbe64enc(asw->probe_p + 8, asw->that);
                return (memcmp(asw->probe_p, asw->ip1_p, 16));
        }
}


VCL_BLOB
xyzzy_sweep_acl(VRT_CTX, VCL_ACL acl, VCL_IP ip0, VCL_IP ip1, VCL_INT step)
{
        struct acl_sweep asw[1];
        int i, j;
        struct vsb *vsb;
        char abuf[VTCP_ADDRBUFSIZE];
        char pbuf[VTCP_PORTBUFSIZE];
        unsigned char digest[VSHA256_DIGEST_LENGTH];
        struct VSHA256Context vsha[1];
        struct vrt_blob *b;
        ssize_t sz;

        CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
        AN(acl);
        AN(ip0);
        AN(ip1);
        assert(step > 0);
        if (setup_sweep(ctx, asw, ip0, ip1, step))
                return (NULL);

        vsb = VSB_new_auto();
        AN(vsb);

        VSHA256_Init(vsha);
        for (j = 0; ; j++) {
                if ((j & 0x3f) == 0x00) {
                        VTCP_name(asw->probe, abuf, sizeof abuf,
                            pbuf, sizeof pbuf);
                        VSB_printf(vsb, "Sweep: %-15s", abuf);
                }
                i = VRT_acl_match(ctx, acl, asw->probe);
                assert(0 <= i && i <= 1);
                VSB_putc(vsb, "-X"[i]);
                if ((j & 0x3f) == 0x3f) {
                        AZ(VSB_finish(vsb));
                        VSLbs(ctx->vsl, SLT_Debug, TOSTRAND(VSB_data(vsb)));
                        sz =VSB_len(vsb);
                        assert (sz > 0);
                        VSHA256_Update(vsha, VSB_data(vsb), sz);
                        VSB_clear(vsb);
                }
                if (step_sweep(asw) > 0)
                        break;
        }
        if (VSB_len(vsb)) {
                AZ(VSB_finish(vsb));
                VSLbs(ctx->vsl, SLT_Debug, TOSTRAND(VSB_data(vsb)));
                sz =VSB_len(vsb);
                assert (sz > 0);
                VSHA256_Update(vsha, VSB_data(vsb), sz);
                VSB_clear(vsb);
        }
        VSB_destroy(&vsb);

        VSHA256_Final(digest, vsha);
        b = WS_Alloc(ctx->ws, sizeof *b + sizeof digest);
        if (b != NULL) {
                memcpy(b + 1, digest, sizeof digest);
                b->magic = VRT_BLOB_MAGIC;
                b->blob = b + 1;
                b->len = sizeof digest;
        }
        cleanup_sweep(asw);
        return (b);
}

VCL_DURATION
xyzzy_time_acl(VRT_CTX, VCL_ACL acl, VCL_IP ip0, VCL_IP ip1,
    VCL_INT step, VCL_INT turnus)
{
        struct acl_sweep asw[1];
        vtim_mono t0, t1;
        vtim_dur d;
        VCL_INT cnt;

        CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
        AN(acl);
        AN(ip0);
        AN(ip1);
        assert(step > 0);
        assert(turnus > 0);

        if (setup_sweep(ctx, asw, ip0, ip1, step))
                return (-1);
        do {
                (void)VRT_acl_match(ctx, acl, asw->probe);
        } while (step_sweep(asw) <= 0);
        asw->count = 0;
        t0 = VTIM_mono();
        for (cnt = 0; cnt < turnus; cnt++) {
                reset_sweep(asw);
                do {
                        (void)VRT_acl_match(ctx, acl, asw->probe);
                } while (step_sweep(asw) <= 0);
        }
        t1 = VTIM_mono();
        cnt = asw->count;
        assert(cnt > 0);
        d = (t1 - t0) / cnt;
        VSLb(ctx->vsl, SLT_Debug,
            "Timed ACL: %.9f -> %.9f = %.9f %.9f/round, %.9f/IP %ju IPs",
            t0, t1, t1 - t0, (t1-t0) / turnus, d, (intmax_t)cnt);
        cleanup_sweep(asw);
        return (d);
}

struct xyzzy_debug_aclobj {
        unsigned                        magic;
#define VMOD_DEBUG_ACLOBJ_MAGIC 0xac10ac10
        char *                          vcl_name;
        VCL_ACL                 acl;
};

VCL_VOID v_matchproto_(td_xyzzy_debug_aclobj__init)
xyzzy_aclobj__init(VRT_CTX, struct VPFX(debug_aclobj) **op,
    const char *vcl_name, VCL_ACL acl)
{
        struct VPFX(debug_aclobj) *o;

        CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
        AN(op);
        AZ(*op);
        ALLOC_OBJ(o, VMOD_DEBUG_ACLOBJ_MAGIC);
        AN(o);
        REPLACE(o->vcl_name, vcl_name);
        o->acl = acl;
        *op = o;
}

VCL_VOID v_matchproto_(td_xyzzy_debug_aclobj__fini)
xyzzy_aclobj__fini(struct VPFX(debug_aclobj) **op)
{
        struct VPFX(debug_aclobj) *o;

        TAKE_OBJ_NOTNULL(o, op, VMOD_DEBUG_ACLOBJ_MAGIC);
        REPLACE(o->vcl_name, NULL);
        FREE_OBJ(o);
}

VCL_ACL v_matchproto_(td_xyzzy_debug_aclobj_get)
xyzzy_aclobj_get(VRT_CTX, struct VPFX(debug_aclobj) *o)
{
        CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
        CHECK_OBJ_NOTNULL(o, VMOD_DEBUG_ACLOBJ_MAGIC);
        return (o->acl);
}

		varnish-cache/vmod/vmod_debug_acl.c
0		/*-
1		* Copyright (c) 2012-2019 Varnish Software AS
2		* All rights reserved.
3		*
4		* Author: Poul-Henning Kamp <phk@FreeBSD.org>
5		*
6		* SPDX-License-Identifier: BSD-2-Clause
7		*
8		* Redistribution and use in source and binary forms, with or without
9		* modification, are permitted provided that the following conditions
10		* are met:
11		* 1. Redistributions of source code must retain the above copyright
12		* notice, this list of conditions and the following disclaimer.
13		* 2. Redistributions in binary form must reproduce the above copyright
14		* notice, this list of conditions and the following disclaimer in the
15		* documentation and/or other materials provided with the distribution.
16		*
17		* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18		* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20		* ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
21		* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22		* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23		* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24		* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25		* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26		* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27		* SUCH DAMAGE.
28		*/
29
30		#include "config.h"
31
32		#include <stdlib.h>
33		#include <stdio.h>
34		#include <string.h>
35		#include <sys/socket.h>
36		#include <unistd.h>
37
38		// #include "vdef.h"
39		//#include "vas.h"
40		#include "cache/cache.h"
41		#include "vend.h"
42		#include "vsa.h"
43		#include "vsb.h"
44		#include "vsha256.h"
45		#include "vtcp.h"
46		#include "vtim.h"
47		#include "vcc_debug_if.h"
48
49		VCL_ACL v_matchproto_(td_debug_null_acl)
50	2	xyzzy_null_acl(VRT_CTX)
51		{
52
53	2	CHECK_OBJ_ORNULL(ctx, VRT_CTX_MAGIC);
54	2	return (NULL);
55		}
56
57		VCL_ACL v_matchproto_(td_debug_acl)
58	1	xyzzy_acl(VRT_CTX, VCL_ACL acl)
59		{
60
61	1	CHECK_OBJ_ORNULL(ctx, VRT_CTX_MAGIC);
62	1	return (acl);
63		}
64
65		VCL_BOOL v_matchproto_(td_debug_match_acl)
66	2	xyzzy_match_acl(VRT_CTX, VCL_ACL acl, VCL_IP ip)
67		{
68
69	2	CHECK_OBJ_ORNULL(ctx, VRT_CTX_MAGIC);
70	2	assert(VSA_Sane(ip));
71
72	2	return (VRT_acl_match(ctx, acl, ip));
73		}
74
75		/*
76		* The code below is more intimate with VSA than anything is supposed to.
77		*/
78
79		struct acl_sweep {
80		int family;
81		const uint8_t *ip0_p;
82		const uint8_t *ip1_p;
83		struct suckaddr *probe;
84		uint8_t *probe_p;
85		VCL_INT step;
86		uint64_t reset;
87		uint64_t that;
88		uint64_t count;
89		};
90
91		static void
92	1000	reset_sweep(struct acl_sweep *asw)
93		{
94	1000	asw->that = asw->reset;
95	1000	}
96
97		static int
98	8	setup_sweep(VRT_CTX, struct acl_sweep *asw, VCL_IP ip0, VCL_IP ip1,
99		VCL_INT step)
100		{
101		int fam0, fam1;
102		const uint8_t *ptr;
103
104	8	AN(asw);
105	8	memset(asw, 0, sizeof *asw);
106
107	8	AN(ip0);
108	8	AN(ip1);
109	8	fam0 = VSA_GetPtr(ip0, &asw->ip0_p);
110	8	fam1 = VSA_GetPtr(ip1, &asw->ip1_p);
111	8	if (fam0 != fam1) {
112	0	VRT_fail(ctx, "IPs have different families (0x%x vs 0x%x)",
113	0	fam0, fam1);
114	0	return (-1);
115		}
116
117	8	asw->family = fam0;
118	8	if (asw->family == PF_INET) {
119	3	if (memcmp(asw->ip0_p, asw->ip1_p, 4) > 0) {
120	0	VRT_fail(ctx, "Sweep: ipv4.end < ipv4.start");
121	0	return (-1);
122		}
123	3	asw->reset = vbe32dec(asw->ip0_p);
124	3	} else {
125	5	if (memcmp(asw->ip0_p, asw->ip1_p, 16) > 0) {
126	0	VRT_fail(ctx, "Sweep: ipv6.end < ipv6.start");
127	0	return (-1);
128		}
129	5	asw->reset = vbe64dec(asw->ip0_p + 8);
130		}
131	8	asw->that = asw->reset;
132
133		/* Dont try this at home */
134	8	asw->probe = malloc(vsa_suckaddr_len);
135	8	AN(asw->probe);
136	8	memcpy(asw->probe, ip0, vsa_suckaddr_len);
137	8	(void)VSA_GetPtr(asw->probe, &ptr);
138	8	asw->probe_p = ((uint8_t)(asw->probe)) + (ptr - (uint8_t)asw->probe);
139
140	8	asw->step = step;
141
142	8	return (0);
143	8	}
144
145		static void
146	8	cleanup_sweep(struct acl_sweep *asw)
147		{
148	8	free(asw->probe);
149	8	memset(asw, 0, sizeof *asw);
150	8	}
151
152		static int
153	96390	step_sweep(struct acl_sweep *asw)
154		{
155
156	96390	AN(asw);
157	96390	asw->count++;
158	96390	asw->that += asw->step;
159	96390	if (asw->family == PF_INET) {
160	99	vbe32enc(asw->probe_p, asw->that);
161	99	return (memcmp(asw->probe_p, asw->ip1_p, 4));
162		} else {
163	96291	vbe64enc(asw->probe_p + 8, asw->that);
164	96291	return (memcmp(asw->probe_p, asw->ip1_p, 16));
165		}
166	96390	}
167
168
169		VCL_BLOB
170	7	xyzzy_sweep_acl(VRT_CTX, VCL_ACL acl, VCL_IP ip0, VCL_IP ip1, VCL_INT step)
171		{
172		struct acl_sweep asw[1];
173		int i, j;
174		struct vsb *vsb;
175		char abuf[VTCP_ADDRBUFSIZE];
176		char pbuf[VTCP_PORTBUFSIZE];
177		unsigned char digest[VSHA256_DIGEST_LENGTH];
178		struct VSHA256Context vsha[1];
179		struct vrt_blob *b;
180		ssize_t sz;
181
182	7	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
183	7	AN(acl);
184	7	AN(ip0);
185	7	AN(ip1);
186	7	assert(step > 0);
187	7	if (setup_sweep(ctx, asw, ip0, ip1, step))
188	0	return (NULL);
189
190	7	vsb = VSB_new_auto();
191	7	AN(vsb);
192
193	7	VSHA256_Init(vsha);
194	294	for (j = 0; ; j++) {
195	294	if ((j & 0x3f) == 0x00) {
196	16	VTCP_name(asw->probe, abuf, sizeof abuf,
197	8	pbuf, sizeof pbuf);
198	8	VSB_printf(vsb, "Sweep: %-15s", abuf);
199	8	}
200	294	i = VRT_acl_match(ctx, acl, asw->probe);
201	294	assert(0 <= i && i <= 1);
202	294	VSB_putc(vsb, "-X"[i]);
203	294	if ((j & 0x3f) == 0x3f) {
204	1	AZ(VSB_finish(vsb));
205	1	VSLbs(ctx->vsl, SLT_Debug, TOSTRAND(VSB_data(vsb)));
206	1	sz =VSB_len(vsb);
207	1	assert (sz > 0);
208	1	VSHA256_Update(vsha, VSB_data(vsb), sz);
209	1	VSB_clear(vsb);
210	1	}
211	294	if (step_sweep(asw) > 0)
212	7	break;
213	287	}
214	7	if (VSB_len(vsb)) {
215	7	AZ(VSB_finish(vsb));
216	7	VSLbs(ctx->vsl, SLT_Debug, TOSTRAND(VSB_data(vsb)));
217	7	sz =VSB_len(vsb);
218	7	assert (sz > 0);
219	7	VSHA256_Update(vsha, VSB_data(vsb), sz);
220	7	VSB_clear(vsb);
221	7	}
222	7	VSB_destroy(&vsb);
223
224	7	VSHA256_Final(digest, vsha);
225	7	b = WS_Alloc(ctx->ws, sizeof *b + sizeof digest);
226	7	if (b != NULL) {
227	7	memcpy(b + 1, digest, sizeof digest);
228	7	b->magic = VRT_BLOB_MAGIC;
229	7	b->blob = b + 1;
230	7	b->len = sizeof digest;
231	7	}
232	7	cleanup_sweep(asw);
233	7	return (b);
234	7	}
235
236		VCL_DURATION
237	1	xyzzy_time_acl(VRT_CTX, VCL_ACL acl, VCL_IP ip0, VCL_IP ip1,
238		VCL_INT step, VCL_INT turnus)
239		{
240		struct acl_sweep asw[1];
241		vtim_mono t0, t1;
242		vtim_dur d;
243		VCL_INT cnt;
244
245	1	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
246	1	AN(acl);
247	1	AN(ip0);
248	1	AN(ip1);
249	1	assert(step > 0);
250	1	assert(turnus > 0);
251
252	1	if (setup_sweep(ctx, asw, ip0, ip1, step))
253	0	return (-1);
254	1	do {
255	96	(void)VRT_acl_match(ctx, acl, asw->probe);
256	96	} while (step_sweep(asw) <= 0);
257	1	asw->count = 0;
258	1	t0 = VTIM_mono();
259	1001	for (cnt = 0; cnt < turnus; cnt++) {
260	1000	reset_sweep(asw);
261	1000	do {
262	96000	(void)VRT_acl_match(ctx, acl, asw->probe);
263	96000	} while (step_sweep(asw) <= 0);
264	1000	}
265	1	t1 = VTIM_mono();
266	1	cnt = asw->count;
267	1	assert(cnt > 0);
268	1	d = (t1 - t0) / cnt;
269	2	VSLb(ctx->vsl, SLT_Debug,
270		"Timed ACL: %.9f -> %.9f = %.9f %.9f/round, %.9f/IP %ju IPs",
271	1	t0, t1, t1 - t0, (t1-t0) / turnus, d, (intmax_t)cnt);
272	1	cleanup_sweep(asw);
273	1	return (d);
274	1	}
275
276		struct xyzzy_debug_aclobj {
277		unsigned magic;
278		#define VMOD_DEBUG_ACLOBJ_MAGIC 0xac10ac10
279		char * vcl_name;
280		VCL_ACL acl;
281		};
282
283		VCL_VOID v_matchproto_(td_xyzzy_debug_aclobj__init)
284	2	xyzzy_aclobj__init(VRT_CTX, struct VPFX(debug_aclobj) **op,
285		const char *vcl_name, VCL_ACL acl)
286		{
287		struct VPFX(debug_aclobj) *o;
288
289	2	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
290	2	AN(op);
291	2	AZ(*op);
292	2	ALLOC_OBJ(o, VMOD_DEBUG_ACLOBJ_MAGIC);
293	2	AN(o);
294	2	REPLACE(o->vcl_name, vcl_name);
295	2	o->acl = acl;
296	2	*op = o;
297	2	}
298
299		VCL_VOID v_matchproto_(td_xyzzy_debug_aclobj__fini)
300	0	xyzzy_aclobj__fini(struct VPFX(debug_aclobj) **op)
301		{
302		struct VPFX(debug_aclobj) *o;
303
304	0	TAKE_OBJ_NOTNULL(o, op, VMOD_DEBUG_ACLOBJ_MAGIC);
305	0	REPLACE(o->vcl_name, NULL);
306	0	FREE_OBJ(o);
307	0	}
308
309		VCL_ACL v_matchproto_(td_xyzzy_debug_aclobj_get)
310	2	xyzzy_aclobj_get(VRT_CTX, struct VPFX(debug_aclobj) *o)
311		{
312	2	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
313	2	CHECK_OBJ_NOTNULL(o, VMOD_DEBUG_ACLOBJ_MAGIC);
314	2	return (o->acl);
315		}