[PATCH] Implement std.ip() to simplify ACL checking in VCL

Federico Schwindt fgsch at lodoss.net
Thu Aug 1 03:03:14 CEST 2013


On Wed, Jul 31, 2013 at 2:46 PM, Lasse Karstensen <
lkarsten at varnish-software.com> wrote:

> Hello all.
>
> I've extended the std vmod to include an ip() method, which
> converts a string into VCL IP. The result can be used for
> matching against a VCL ACL.
>
> Attached is a patch against current master. Documentation and
> test case included.
>
> Please consider this for merging into the 4.0 release.
>

A few comments:

- rp leaks if WS_Reserve() fails.

- WS_Reserve() is cheaper that getaddrinfo(), so I'd check first if there
is space and then do the getaddrinfo() call. That'd simplify the error path
too.

- Missing CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC).

- You could just check for getaddrinfo() != 0 instead of using s = .. since
it's not used anywhere else.

- Using VCL_IP for the fallback parameter restricts what you can use to
client.ip or server.ip. This might or might not be a problem.
I wrote a similar function a while ago that was using a STRING parameter as
suggested by Tollef. Not sure if this is still required.

Cheers,

f.-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-dev/attachments/20130801/b065e8c9/attachment.html>


More information about the varnish-dev mailing list