diff --git a/include/types/acl.h b/include/types/acl.h index 2cf3f4e7c..431e22b44 100644 --- a/include/types/acl.h +++ b/include/types/acl.h @@ -104,6 +104,7 @@ enum { * allows for flexible ACLs typed by their contents. */ enum { + ACL_USE_NOTHING = 0, /* no need for anything beyond internal information */ ACL_USE_TCP4_PERMANENT = 1 << 0, /* unchanged TCPv4 data (eg: source IP) */ ACL_USE_TCP4_CACHEABLE = 1 << 1, /* cacheable TCPv4 data (eg: src conns) */ ACL_USE_TCP4_VOLATILE = 1 << 2, /* volatile TCPv4 data (eg: RTT) */ diff --git a/src/acl.c b/src/acl.c index ffed8263c..30c30de6c 100644 --- a/src/acl.c +++ b/src/acl.c @@ -1102,9 +1102,9 @@ int acl_exec_cond(struct acl_cond *cond, struct proxy *px, struct session *l4, v /* Note: must not be declared as its list will be overwritten */ static struct acl_kw_list acl_kws = {{ },{ - { "always_true", acl_parse_nothing, acl_fetch_true, acl_match_nothing }, - { "always_false", acl_parse_nothing, acl_fetch_false, acl_match_nothing }, - { "wait_end", acl_parse_nothing, acl_fetch_wait_end, acl_match_nothing }, + { "always_true", acl_parse_nothing, acl_fetch_true, acl_match_nothing, ACL_USE_NOTHING }, + { "always_false", acl_parse_nothing, acl_fetch_false, acl_match_nothing, ACL_USE_NOTHING }, + { "wait_end", acl_parse_nothing, acl_fetch_wait_end, acl_match_nothing, ACL_USE_NOTHING }, #if 0 { "time", acl_parse_time, acl_fetch_time, acl_match_time }, #endif diff --git a/src/backend.c b/src/backend.c index ddedfd982..7fbc7206d 100644 --- a/src/backend.c +++ b/src/backend.c @@ -2138,7 +2138,7 @@ acl_fetch_nbsrv(struct proxy *px, struct session *l4, void *l7, int dir, /* Note: must not be declared as its list will be overwritten */ static struct acl_kw_list acl_kws = {{ },{ - { "nbsrv", acl_parse_int, acl_fetch_nbsrv, acl_match_int }, + { "nbsrv", acl_parse_int, acl_fetch_nbsrv, acl_match_int, ACL_USE_NOTHING }, { NULL, NULL, NULL, NULL }, }}; diff --git a/src/client.c b/src/client.c index f3081c1d1..502ee9796 100644 --- a/src/client.c +++ b/src/client.c @@ -536,14 +536,14 @@ acl_fetch_dconn(struct proxy *px, struct session *l4, void *l7, int dir, /* Note: must not be declared as its list will be overwritten */ static struct acl_kw_list acl_kws = {{ },{ - { "src_port", acl_parse_int, acl_fetch_sport, acl_match_int }, - { "src", acl_parse_ip, acl_fetch_src, acl_match_ip }, - { "dst", acl_parse_ip, acl_fetch_dst, acl_match_ip }, - { "dst_port", acl_parse_int, acl_fetch_dport, acl_match_int }, + { "src_port", acl_parse_int, acl_fetch_sport, acl_match_int, ACL_USE_TCP_PERMANENT }, + { "src", acl_parse_ip, acl_fetch_src, acl_match_ip, ACL_USE_TCP4_PERMANENT }, + { "dst", acl_parse_ip, acl_fetch_dst, acl_match_ip, ACL_USE_TCP4_PERMANENT }, + { "dst_port", acl_parse_int, acl_fetch_dport, acl_match_int, ACL_USE_TCP_PERMANENT }, #if 0 { "src_limit", acl_parse_int, acl_fetch_sconn, acl_match_int }, #endif - { "dst_conn", acl_parse_int, acl_fetch_dconn, acl_match_int }, + { "dst_conn", acl_parse_int, acl_fetch_dconn, acl_match_int, ACL_USE_NOTHING }, { NULL, NULL, NULL, NULL }, }}; diff --git a/src/proto_http.c b/src/proto_http.c index 5b1221f1c..5b11cb2b6 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -5746,48 +5746,49 @@ acl_fetch_path(struct proxy *px, struct session *l4, void *l7, int dir, /* Note: must not be declared as its list will be overwritten */ static struct acl_kw_list acl_kws = {{ },{ - { "method", acl_parse_meth, acl_fetch_meth, acl_match_meth }, - { "req_ver", acl_parse_ver, acl_fetch_rqver, acl_match_str }, - { "resp_ver", acl_parse_ver, acl_fetch_stver, acl_match_str }, - { "status", acl_parse_int, acl_fetch_stcode, acl_match_int }, + { "method", acl_parse_meth, acl_fetch_meth, acl_match_meth, ACL_USE_L7REQ_PERMANENT }, + { "req_ver", acl_parse_ver, acl_fetch_rqver, acl_match_str, ACL_USE_L7REQ_VOLATILE }, + { "resp_ver", acl_parse_ver, acl_fetch_stver, acl_match_str, ACL_USE_L7RTR_VOLATILE }, + { "status", acl_parse_int, acl_fetch_stcode, acl_match_int, ACL_USE_L7RTR_PERMANENT }, - { "url", acl_parse_str, acl_fetch_url, acl_match_str }, - { "url_beg", acl_parse_str, acl_fetch_url, acl_match_beg }, - { "url_end", acl_parse_str, acl_fetch_url, acl_match_end }, - { "url_sub", acl_parse_str, acl_fetch_url, acl_match_sub }, - { "url_dir", acl_parse_str, acl_fetch_url, acl_match_dir }, - { "url_dom", acl_parse_str, acl_fetch_url, acl_match_dom }, - { "url_reg", acl_parse_reg, acl_fetch_url, acl_match_reg }, - { "url_ip", acl_parse_ip, acl_fetch_url_ip, acl_match_ip }, - { "url_port", acl_parse_int, acl_fetch_url_port, acl_match_int }, + { "url", acl_parse_str, acl_fetch_url, acl_match_str, ACL_USE_L7REQ_VOLATILE }, + { "url_beg", acl_parse_str, acl_fetch_url, acl_match_beg, ACL_USE_L7REQ_VOLATILE }, + { "url_end", acl_parse_str, acl_fetch_url, acl_match_end, ACL_USE_L7REQ_VOLATILE }, + { "url_sub", acl_parse_str, acl_fetch_url, acl_match_sub, ACL_USE_L7REQ_VOLATILE }, + { "url_dir", acl_parse_str, acl_fetch_url, acl_match_dir, ACL_USE_L7REQ_VOLATILE }, + { "url_dom", acl_parse_str, acl_fetch_url, acl_match_dom, ACL_USE_L7REQ_VOLATILE }, + { "url_reg", acl_parse_reg, acl_fetch_url, acl_match_reg, ACL_USE_L7REQ_VOLATILE }, + { "url_ip", acl_parse_ip, acl_fetch_url_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE }, + { "url_port", acl_parse_int, acl_fetch_url_port, acl_match_int, ACL_USE_L7REQ_VOLATILE }, - { "hdr", acl_parse_str, acl_fetch_chdr, acl_match_str }, - { "hdr_reg", acl_parse_reg, acl_fetch_chdr, acl_match_reg }, - { "hdr_beg", acl_parse_str, acl_fetch_chdr, acl_match_beg }, - { "hdr_end", acl_parse_str, acl_fetch_chdr, acl_match_end }, - { "hdr_sub", acl_parse_str, acl_fetch_chdr, acl_match_sub }, - { "hdr_dir", acl_parse_str, acl_fetch_chdr, acl_match_dir }, - { "hdr_dom", acl_parse_str, acl_fetch_chdr, acl_match_dom }, - { "hdr_cnt", acl_parse_int, acl_fetch_chdr_cnt,acl_match_int }, - { "hdr_val", acl_parse_int, acl_fetch_chdr_val,acl_match_int }, + /* note: we should set hdr* to use ACL_USE_HDR_VOLATILE, and chdr* to use L7REQ_VOLATILE */ + { "hdr", acl_parse_str, acl_fetch_chdr, acl_match_str, ACL_USE_L7REQ_VOLATILE }, + { "hdr_reg", acl_parse_reg, acl_fetch_chdr, acl_match_reg, ACL_USE_L7REQ_VOLATILE }, + { "hdr_beg", acl_parse_str, acl_fetch_chdr, acl_match_beg, ACL_USE_L7REQ_VOLATILE }, + { "hdr_end", acl_parse_str, acl_fetch_chdr, acl_match_end, ACL_USE_L7REQ_VOLATILE }, + { "hdr_sub", acl_parse_str, acl_fetch_chdr, acl_match_sub, ACL_USE_L7REQ_VOLATILE }, + { "hdr_dir", acl_parse_str, acl_fetch_chdr, acl_match_dir, ACL_USE_L7REQ_VOLATILE }, + { "hdr_dom", acl_parse_str, acl_fetch_chdr, acl_match_dom, ACL_USE_L7REQ_VOLATILE }, + { "hdr_cnt", acl_parse_int, acl_fetch_chdr_cnt,acl_match_int, ACL_USE_L7REQ_VOLATILE }, + { "hdr_val", acl_parse_int, acl_fetch_chdr_val,acl_match_int, ACL_USE_L7REQ_VOLATILE }, - { "shdr", acl_parse_str, acl_fetch_shdr, acl_match_str }, - { "shdr_reg", acl_parse_reg, acl_fetch_shdr, acl_match_reg }, - { "shdr_beg", acl_parse_str, acl_fetch_shdr, acl_match_beg }, - { "shdr_end", acl_parse_str, acl_fetch_shdr, acl_match_end }, - { "shdr_sub", acl_parse_str, acl_fetch_shdr, acl_match_sub }, - { "shdr_dir", acl_parse_str, acl_fetch_shdr, acl_match_dir }, - { "shdr_dom", acl_parse_str, acl_fetch_shdr, acl_match_dom }, - { "shdr_cnt", acl_parse_int, acl_fetch_shdr_cnt,acl_match_int }, - { "shdr_val", acl_parse_int, acl_fetch_shdr_val,acl_match_int }, + { "shdr", acl_parse_str, acl_fetch_shdr, acl_match_str, ACL_USE_L7RTR_VOLATILE }, + { "shdr_reg", acl_parse_reg, acl_fetch_shdr, acl_match_reg, ACL_USE_L7RTR_VOLATILE }, + { "shdr_beg", acl_parse_str, acl_fetch_shdr, acl_match_beg, ACL_USE_L7RTR_VOLATILE }, + { "shdr_end", acl_parse_str, acl_fetch_shdr, acl_match_end, ACL_USE_L7RTR_VOLATILE }, + { "shdr_sub", acl_parse_str, acl_fetch_shdr, acl_match_sub, ACL_USE_L7RTR_VOLATILE }, + { "shdr_dir", acl_parse_str, acl_fetch_shdr, acl_match_dir, ACL_USE_L7RTR_VOLATILE }, + { "shdr_dom", acl_parse_str, acl_fetch_shdr, acl_match_dom, ACL_USE_L7RTR_VOLATILE }, + { "shdr_cnt", acl_parse_int, acl_fetch_shdr_cnt,acl_match_int, ACL_USE_L7RTR_VOLATILE }, + { "shdr_val", acl_parse_int, acl_fetch_shdr_val,acl_match_int, ACL_USE_L7RTR_VOLATILE }, - { "path", acl_parse_str, acl_fetch_path, acl_match_str }, - { "path_reg", acl_parse_reg, acl_fetch_path, acl_match_reg }, - { "path_beg", acl_parse_str, acl_fetch_path, acl_match_beg }, - { "path_end", acl_parse_str, acl_fetch_path, acl_match_end }, - { "path_sub", acl_parse_str, acl_fetch_path, acl_match_sub }, - { "path_dir", acl_parse_str, acl_fetch_path, acl_match_dir }, - { "path_dom", acl_parse_str, acl_fetch_path, acl_match_dom }, + { "path", acl_parse_str, acl_fetch_path, acl_match_str, ACL_USE_L7REQ_VOLATILE }, + { "path_reg", acl_parse_reg, acl_fetch_path, acl_match_reg, ACL_USE_L7REQ_VOLATILE }, + { "path_beg", acl_parse_str, acl_fetch_path, acl_match_beg, ACL_USE_L7REQ_VOLATILE }, + { "path_end", acl_parse_str, acl_fetch_path, acl_match_end, ACL_USE_L7REQ_VOLATILE }, + { "path_sub", acl_parse_str, acl_fetch_path, acl_match_sub, ACL_USE_L7REQ_VOLATILE }, + { "path_dir", acl_parse_str, acl_fetch_path, acl_match_dir, ACL_USE_L7REQ_VOLATILE }, + { "path_dom", acl_parse_str, acl_fetch_path, acl_match_dom, ACL_USE_L7REQ_VOLATILE }, { NULL, NULL, NULL, NULL }, diff --git a/src/proto_tcp.c b/src/proto_tcp.c index d06b76a7a..3d93a34b1 100644 --- a/src/proto_tcp.c +++ b/src/proto_tcp.c @@ -558,8 +558,8 @@ static struct cfg_kw_list cfg_kws = {{ },{ }}; static struct acl_kw_list acl_kws = {{ },{ - { "req_len", acl_parse_int, acl_fetch_req_len, acl_match_int }, - { "req_ssl_ver", acl_parse_dotted_ver, acl_fetch_req_ssl_ver, acl_match_int }, + { "req_len", acl_parse_int, acl_fetch_req_len, acl_match_int, ACL_USE_L4REQ_VOLATILE }, + { "req_ssl_ver", acl_parse_dotted_ver, acl_fetch_req_ssl_ver, acl_match_int, ACL_USE_L4REQ_VOLATILE }, { NULL, NULL, NULL, NULL }, }};