Mailing List Archive: Varnish: Dev

PATCH: add ip to std vmod

Index | Next | Previous | View Threaded

fgsch at lodoss

Mar 20, 2012, 4:36 AM

Post #1 of 3 (237 views)
Permalink

PATCH: add ip to std vmod

Hi,

The code below adds the function ip to the std vmod allowing to use strings for acl matching.
I will update the documentation later today.
Comments?

f.-

bin/varnishtest/tests/m00008.vtc | 33 ++++++++++++++++++++++++++++++++
lib/libvcl/vcc_acl.c | 4 +++
lib/libvmod_std/vmod.vcc | 1 +
lib/libvmod_std/vmod_std_conversions.c | 23 ++++++++++++++++++++++
4 files changed, 61 insertions(+), 0 deletions(-)

diff --git a/bin/varnishtest/tests/m00008.vtc b/bin/varnishtest/tests/m00008.vtc
new file mode 100644
index 0000000..4b349f3
--- /dev/null
+++ b/bin/varnishtest/tests/m00008.vtc
@@ -0,0 +1,33 @@
+varnishtest "test vmod_std.ip conversion"
+
+server s1 {
+ rxreq
+ expect req.url == "/"
+ txresp
+ rxreq
+ expect req.url == "foo"
+ txresp
+} -start
+
+varnish v1 -vcl+backend {
+ import std from "${topbuild}/lib/libvmod_std/.libs/libvmod_std.so";
+
+ acl acl1 {
+ "localhost";
+ }
+
+ sub vcl_recv {
+ if (std.ip(req.http.ip) ~ acl1) {
+ set req.url = "/";
+ }
+ }
+} -start
+
+client c1 {
+ txreq -url "foo" -hdr "ip: 127.0.0.1"
+ rxresp
+ expect resp.status == 200
+ txreq -url "foo" -hdr "ip: unexistent"
+ rxresp
+ expect resp.status == 200
+} -run
diff --git a/lib/libvcl/vcc_acl.c b/lib/libvcl/vcc_acl.c
index e6a1065..a4f3229 100644
--- a/lib/libvcl/vcc_acl.c
+++ b/lib/libvcl/vcc_acl.c
@@ -361,6 +361,10 @@ vcc_acl_emit(const struct vcc *tl, const char *acln, int anon)
c_is_a_silly_language(tl);

Fh(tl, 0, "\n");
+ Fh(tl, 0, "\tif (!p) {\n");
+ Fh(tl, 0, "\t\tVRT_acl_log(sp, \"NO_P %s\");\n", acln);
+ Fh(tl, 0, "\t\treturn(0);\n");
+ Fh(tl, 0, "\t}\n\n");
Fh(tl, 0, "\ta = p;\n");
Fh(tl, 0, "\tVRT_memmove(&fam, a + %zd, sizeof fam);\n",
offsetof(struct sockaddr, sa_family));
diff --git a/lib/libvmod_std/vmod.vcc b/lib/libvmod_std/vmod.vcc
index 0a71e5b..b411cac 100644
--- a/lib/libvmod_std/vmod.vcc
+++ b/lib/libvmod_std/vmod.vcc
@@ -38,3 +38,4 @@ Function STRING author(ENUM { phk, des, kristian, mithrandir })
Function DURATION duration(STRING, DURATION)
Function INT integer(STRING, INT)
Function VOID collect(HEADER)
+Function IP ip(STRING)
diff --git a/lib/libvmod_std/vmod_std_conversions.c b/lib/libvmod_std/vmod_std_conversions.c
index 149be81..aa85717 100644
--- a/lib/libvmod_std/vmod_std_conversions.c
+++ b/lib/libvmod_std/vmod_std_conversions.c
@@ -29,8 +29,11 @@

#include "config.h"

+#include <sys/types.h>
+#include <sys/socket.h>
#include <ctype.h>
#include <math.h>
+#include <netdb.h>
#include <stdlib.h>

#include "cache/cache.h"
@@ -117,3 +120,23 @@ vmod_integer(struct sess *sp, const char *p, int i)

return (r);
}
+
+struct sockaddr_storage * __match_proto__()
+vmod_ip(struct sess *sp, const char *hostname)
+{
+ struct sockaddr_storage *addr;
+ struct addrinfo hint, *res;
+
+ CHECK_OBJ_NOTNULL(sp, SESS_MAGIC);
+
+ memset(&hint, 0, sizeof(hint));
+ hint.ai_family = PF_UNSPEC;
+ hint.ai_socktype = SOCK_STREAM;
+ hint.ai_flags = AI_NUMERICHOST;
+ if (getaddrinfo(hostname, NULL, &hint, &res))
+ return (NULL);
+ addr = (void *)WS_Alloc(sp->req->ws, sizeof *addr);
+ memcpy(addr, res->ai_addr, sizeof *addr);
+ freeaddrinfo(res);
+ return (addr);
+}

_______________________________________________
varnish-dev mailing list
varnish-dev [at] varnish-cache
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev

fgsch at lodoss

Mar 20, 2012, 6:23 AM

Post #2 of 3 (223 views)
Permalink

Re: PATCH: add ip to std vmod [In reply to]

On Tue, 20 Mar 2012 11:36:40 +0000
"Federico G. Schwindt" <fgsch [at] lodoss> wrote:

> Hi,
>
> The code below adds the function ip to the std vmod allowing to use strings for acl matching.
> I will update the documentation later today.
> Comments?

Updated version with improved test and documentation.

f.-

bin/varnishtest/tests/m00008.vtc | 41 ++++++++++++++++++++++++++++++++
doc/sphinx/reference/vmod_std.rst | 12 +++++++++
lib/libvcl/vcc_acl.c | 4 +++
lib/libvmod_std/vmod.vcc | 1 +
lib/libvmod_std/vmod_std_conversions.c | 23 ++++++++++++++++++
5 files changed, 81 insertions(+), 0 deletions(-)

diff --git a/bin/varnishtest/tests/m00008.vtc b/bin/varnishtest/tests/m00008.vtc
new file mode 100644
index 0000000..23df8b7
--- /dev/null
+++ b/bin/varnishtest/tests/m00008.vtc
@@ -0,0 +1,41 @@
+varnishtest "test vmod_std.ip conversion"
+
+server s1 {
+ rxreq
+ expect req.url == "/"
+ txresp
+
+ rxreq
+ expect req.url == "foo"
+ txresp
+
+ rxreq
+ expect req.url == "foo"
+ txresp
+} -start
+
+varnish v1 -vcl+backend {
+ import std from "${topbuild}/lib/libvmod_std/.libs/libvmod_std.so";
+
+ acl acl1 {
+ "localhost";
+ }
+
+ sub vcl_recv {
+ if (std.ip(req.http.ip) ~ acl1) {
+ set req.url = "/";
+ }
+ return (pass);
+ }
+} -start
+
+client c1 {
+ txreq -url "foo" -hdr "ip: 127.0.0.1"
+ rxresp
+
+ txreq -url "foo" -hdr "ip: unexistent"
+ rxresp
+
+ txreq -url "foo" -hdr "ip: 10.1.2.3"
+ rxresp
+} -run
diff --git a/doc/sphinx/reference/vmod_std.rst b/doc/sphinx/reference/vmod_std.rst
index a1ece16..474e158 100644
--- a/doc/sphinx/reference/vmod_std.rst
+++ b/doc/sphinx/reference/vmod_std.rst
@@ -151,6 +151,18 @@ Example
This will collapse several Cookie: headers into one, long
cookie header.

+ip
+--
+Prototype
+ ip(STRING s)
+Return value
+ IP
+Description
+ Converts the string *s* representing an IP address to a format
+ suitable to match against an ACL.
+ If *s* fails to parse the match will always fail.
+Example
+ if (std.ip(req.http.x-foo) ~ some_acl) { ... }

SEE ALSO
========
diff --git a/lib/libvcl/vcc_acl.c b/lib/libvcl/vcc_acl.c
index e6a1065..a4f3229 100644
--- a/lib/libvcl/vcc_acl.c
+++ b/lib/libvcl/vcc_acl.c
@@ -361,6 +361,10 @@ vcc_acl_emit(const struct vcc *tl, const char *acln, int anon)
c_is_a_silly_language(tl);

Fh(tl, 0, "\n");
+ Fh(tl, 0, "\tif (!p) {\n");
+ Fh(tl, 0, "\t\tVRT_acl_log(sp, \"NO_P %s\");\n", acln);
+ Fh(tl, 0, "\t\treturn(0);\n");
+ Fh(tl, 0, "\t}\n\n");
Fh(tl, 0, "\ta = p;\n");
Fh(tl, 0, "\tVRT_memmove(&fam, a + %zd, sizeof fam);\n",
offsetof(struct sockaddr, sa_family));
diff --git a/lib/libvmod_std/vmod.vcc b/lib/libvmod_std/vmod.vcc
index 0a71e5b..b411cac 100644
--- a/lib/libvmod_std/vmod.vcc
+++ b/lib/libvmod_std/vmod.vcc
@@ -38,3 +38,4 @@ Function STRING author(ENUM { phk, des, kristian, mithrandir })
Function DURATION duration(STRING, DURATION)
Function INT integer(STRING, INT)
Function VOID collect(HEADER)
+Function IP ip(STRING)
diff --git a/lib/libvmod_std/vmod_std_conversions.c b/lib/libvmod_std/vmod_std_conversions.c
index 149be81..aa85717 100644
--- a/lib/libvmod_std/vmod_std_conversions.c
+++ b/lib/libvmod_std/vmod_std_conversions.c
@@ -29,8 +29,11 @@

#include "config.h"

+#include <sys/types.h>
+#include <sys/socket.h>
#include <ctype.h>
#include <math.h>
+#include <netdb.h>
#include <stdlib.h>

#include "cache/cache.h"
@@ -117,3 +120,23 @@ vmod_integer(struct sess *sp, const char *p, int i)

return (r);
}
+
+struct sockaddr_storage * __match_proto__()
+vmod_ip(struct sess *sp, const char *hostname)
+{
+ struct sockaddr_storage *addr;
+ struct addrinfo hint, *res;
+
+ CHECK_OBJ_NOTNULL(sp, SESS_MAGIC);
+
+ memset(&hint, 0, sizeof(hint));
+ hint.ai_family = PF_UNSPEC;
+ hint.ai_socktype = SOCK_STREAM;
+ hint.ai_flags = AI_NUMERICHOST;
+ if (getaddrinfo(hostname, NULL, &hint, &res))
+ return (NULL);
+ addr = (void *)WS_Alloc(sp->req->ws, sizeof *addr);
+ memcpy(addr, res->ai_addr, sizeof *addr);
+ freeaddrinfo(res);
+ return (addr);
+}

_______________________________________________
varnish-dev mailing list
varnish-dev [at] varnish-cache
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev

phk at phk

Mar 21, 2012, 12:40 AM

Post #3 of 3 (223 views)
Permalink

Re: PATCH: add ip to std vmod [In reply to]

In message <20120320113640.1b8df40d.fgsch [at] lodoss>, "Federico G. Schwindt" w
rites:

>The code below adds the function ip to the std vmod allowing to use strings for acl matching.
>I will update the documentation later today.
>Comments?

The architecture we have decided for conversion functions are

std.TYPE(STRING, TYPE)

Where the second argument is the default value to return, if the
conversion fails.

I am not sure the VCC compiler is up to this for IP numbers right now,
because I don't think we have a way of saying "interpret this constant
string as an IP number" in the syntax right now.

--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk [at] FreeBSD | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.

_______________________________________________
varnish-dev mailing list
varnish-dev [at] varnish-cache
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads