Make named ACLs available to VMODs
    Poul-Henning Kamp 
    phk at phk.freebsd.dk
       
    Wed Feb 24 11:14:24 CET 2016
    
    
  
--------
In message <CABoVN9DdKHK1dVvByqAeDPQYTRP9Z+D1eAu8UZ1aBOLyQr4P1A at mail.gmail.com>
, Dridi Boukelmoune writes:
  -       VSLb(ctx->vsl, SLT_VCL_acl, "%s", msg);
  +       AN(msg);
  +       if (ctx->vsl != NULL)
  +               VSLb(ctx->vsl, SLT_VCL_acl, "%s", msg);
	  else
		  VSL(SLT_VCL_acl, 0, "%s", msg);
  +#define VRT_ACL_MAGIC  0x78329d96
  +       int             (*match)(VRT_CTX, VCL_IP);
  +};
  +
Use a typedef for the function pointer in vrt.h
Please have VCC also emit the __match_proto__(name of typedef) for the
ACL matchers.
  -.. TODO document ACL if patchwork #314 is merged
  +ACL
  +       C-type: ``int(acl_f)(VRT_CTX, VCL_IP)*``
  +
  +       A function that checks an IP address against the named ACL declared in
  +       VCL.
I don't undstand this bit, shouldn't that be the struct ?
  +               if (fmt == ACL)
  +                       sym = VCC_FindSymbol(tl, tl->t, SYM_ACL);
                  if (fmt == BACKEND)
                          sym = VCC_FindSymbol(tl, tl->t, SYM_BACKEND);
                  if (fmt == PROBE)
For clarity we should have some 'else' there, or possibly a switch instead.
  +int
  +VRT_acl_match(VRT_CTX, VCL_ACL acl, VCL_IP ip)
  +{
  +
  +       CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
  +       CHECK_OBJ_NOTNULL(acl, VRT_ACL_MAGIC);
  +       AN(ip);
  +       return (acl->match(ctx, ip));
  +}
  +
Do a VSA_Sane() in the ip, the acl-matcher function doesn't do it as far
as I remember.
-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.
    
    
More information about the varnish-dev
mailing list