Make named ACLs available to VMODs
Poul-Henning Kamp
phk at phk.freebsd.dk
Wed Feb 24 11:14:24 CET 2016
--------
In message <CABoVN9DdKHK1dVvByqAeDPQYTRP9Z+D1eAu8UZ1aBOLyQr4P1A at mail.gmail.com>
, Dridi Boukelmoune writes:
- VSLb(ctx->vsl, SLT_VCL_acl, "%s", msg);
+ AN(msg);
+ if (ctx->vsl != NULL)
+ VSLb(ctx->vsl, SLT_VCL_acl, "%s", msg);
else
VSL(SLT_VCL_acl, 0, "%s", msg);
+#define VRT_ACL_MAGIC 0x78329d96
+ int (*match)(VRT_CTX, VCL_IP);
+};
+
Use a typedef for the function pointer in vrt.h
Please have VCC also emit the __match_proto__(name of typedef) for the
ACL matchers.
-.. TODO document ACL if patchwork #314 is merged
+ACL
+ C-type: ``int(acl_f)(VRT_CTX, VCL_IP)*``
+
+ A function that checks an IP address against the named ACL declared in
+ VCL.
I don't undstand this bit, shouldn't that be the struct ?
+ if (fmt == ACL)
+ sym = VCC_FindSymbol(tl, tl->t, SYM_ACL);
if (fmt == BACKEND)
sym = VCC_FindSymbol(tl, tl->t, SYM_BACKEND);
if (fmt == PROBE)
For clarity we should have some 'else' there, or possibly a switch instead.
+int
+VRT_acl_match(VRT_CTX, VCL_ACL acl, VCL_IP ip)
+{
+
+ CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
+ CHECK_OBJ_NOTNULL(acl, VRT_ACL_MAGIC);
+ AN(ip);
+ return (acl->match(ctx, ip));
+}
+
Do a VSA_Sane() in the ip, the acl-matcher function doesn't do it as far
as I remember.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the varnish-dev
mailing list