[PATCH] Implement std.ip() to simplify ACL checking in VCL
Federico Schwindt
fgsch at lodoss.net
Thu Aug 1 03:03:14 CEST 2013
On Wed, Jul 31, 2013 at 2:46 PM, Lasse Karstensen <
lkarsten at varnish-software.com> wrote:
> Hello all.
>
> I've extended the std vmod to include an ip() method, which
> converts a string into VCL IP. The result can be used for
> matching against a VCL ACL.
>
> Attached is a patch against current master. Documentation and
> test case included.
>
> Please consider this for merging into the 4.0 release.
>
A few comments:
- rp leaks if WS_Reserve() fails.
- WS_Reserve() is cheaper that getaddrinfo(), so I'd check first if there
is space and then do the getaddrinfo() call. That'd simplify the error path
too.
- Missing CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC).
- You could just check for getaddrinfo() != 0 instead of using s = .. since
it's not used anywhere else.
- Using VCL_IP for the fallback parameter restricts what you can use to
client.ip or server.ip. This might or might not be a problem.
I wrote a similar function a while ago that was using a STRING parameter as
suggested by Tollef. Not sure if this is still required.
Cheers,
f.-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-dev/attachments/20130801/b065e8c9/attachment.html>
More information about the varnish-dev
mailing list