[MEDIUM] acl: set types on all currently known ACL verbs
All currently known ACL verbs have been assigned a type which makes
it possible to detect inconsistencies, such as response values used
in request rules.
diff --git a/src/acl.c b/src/acl.c
index ffed826..30c30de 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -1102,9 +1102,9 @@
/* Note: must not be declared <const> as its list will be overwritten */
static struct acl_kw_list acl_kws = {{ },{
- { "always_true", acl_parse_nothing, acl_fetch_true, acl_match_nothing },
- { "always_false", acl_parse_nothing, acl_fetch_false, acl_match_nothing },
- { "wait_end", acl_parse_nothing, acl_fetch_wait_end, acl_match_nothing },
+ { "always_true", acl_parse_nothing, acl_fetch_true, acl_match_nothing, ACL_USE_NOTHING },
+ { "always_false", acl_parse_nothing, acl_fetch_false, acl_match_nothing, ACL_USE_NOTHING },
+ { "wait_end", acl_parse_nothing, acl_fetch_wait_end, acl_match_nothing, ACL_USE_NOTHING },
#if 0
{ "time", acl_parse_time, acl_fetch_time, acl_match_time },
#endif
diff --git a/src/backend.c b/src/backend.c
index ddedfd9..7fbc720 100644
--- a/src/backend.c
+++ b/src/backend.c
@@ -2138,7 +2138,7 @@
/* Note: must not be declared <const> as its list will be overwritten */
static struct acl_kw_list acl_kws = {{ },{
- { "nbsrv", acl_parse_int, acl_fetch_nbsrv, acl_match_int },
+ { "nbsrv", acl_parse_int, acl_fetch_nbsrv, acl_match_int, ACL_USE_NOTHING },
{ NULL, NULL, NULL, NULL },
}};
diff --git a/src/client.c b/src/client.c
index f3081c1..502ee97 100644
--- a/src/client.c
+++ b/src/client.c
@@ -536,14 +536,14 @@
/* Note: must not be declared <const> as its list will be overwritten */
static struct acl_kw_list acl_kws = {{ },{
- { "src_port", acl_parse_int, acl_fetch_sport, acl_match_int },
- { "src", acl_parse_ip, acl_fetch_src, acl_match_ip },
- { "dst", acl_parse_ip, acl_fetch_dst, acl_match_ip },
- { "dst_port", acl_parse_int, acl_fetch_dport, acl_match_int },
+ { "src_port", acl_parse_int, acl_fetch_sport, acl_match_int, ACL_USE_TCP_PERMANENT },
+ { "src", acl_parse_ip, acl_fetch_src, acl_match_ip, ACL_USE_TCP4_PERMANENT },
+ { "dst", acl_parse_ip, acl_fetch_dst, acl_match_ip, ACL_USE_TCP4_PERMANENT },
+ { "dst_port", acl_parse_int, acl_fetch_dport, acl_match_int, ACL_USE_TCP_PERMANENT },
#if 0
{ "src_limit", acl_parse_int, acl_fetch_sconn, acl_match_int },
#endif
- { "dst_conn", acl_parse_int, acl_fetch_dconn, acl_match_int },
+ { "dst_conn", acl_parse_int, acl_fetch_dconn, acl_match_int, ACL_USE_NOTHING },
{ NULL, NULL, NULL, NULL },
}};
diff --git a/src/proto_http.c b/src/proto_http.c
index 5b1221f..5b11cb2 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -5746,48 +5746,49 @@
/* Note: must not be declared <const> as its list will be overwritten */
static struct acl_kw_list acl_kws = {{ },{
- { "method", acl_parse_meth, acl_fetch_meth, acl_match_meth },
- { "req_ver", acl_parse_ver, acl_fetch_rqver, acl_match_str },
- { "resp_ver", acl_parse_ver, acl_fetch_stver, acl_match_str },
- { "status", acl_parse_int, acl_fetch_stcode, acl_match_int },
+ { "method", acl_parse_meth, acl_fetch_meth, acl_match_meth, ACL_USE_L7REQ_PERMANENT },
+ { "req_ver", acl_parse_ver, acl_fetch_rqver, acl_match_str, ACL_USE_L7REQ_VOLATILE },
+ { "resp_ver", acl_parse_ver, acl_fetch_stver, acl_match_str, ACL_USE_L7RTR_VOLATILE },
+ { "status", acl_parse_int, acl_fetch_stcode, acl_match_int, ACL_USE_L7RTR_PERMANENT },
- { "url", acl_parse_str, acl_fetch_url, acl_match_str },
- { "url_beg", acl_parse_str, acl_fetch_url, acl_match_beg },
- { "url_end", acl_parse_str, acl_fetch_url, acl_match_end },
- { "url_sub", acl_parse_str, acl_fetch_url, acl_match_sub },
- { "url_dir", acl_parse_str, acl_fetch_url, acl_match_dir },
- { "url_dom", acl_parse_str, acl_fetch_url, acl_match_dom },
- { "url_reg", acl_parse_reg, acl_fetch_url, acl_match_reg },
- { "url_ip", acl_parse_ip, acl_fetch_url_ip, acl_match_ip },
- { "url_port", acl_parse_int, acl_fetch_url_port, acl_match_int },
+ { "url", acl_parse_str, acl_fetch_url, acl_match_str, ACL_USE_L7REQ_VOLATILE },
+ { "url_beg", acl_parse_str, acl_fetch_url, acl_match_beg, ACL_USE_L7REQ_VOLATILE },
+ { "url_end", acl_parse_str, acl_fetch_url, acl_match_end, ACL_USE_L7REQ_VOLATILE },
+ { "url_sub", acl_parse_str, acl_fetch_url, acl_match_sub, ACL_USE_L7REQ_VOLATILE },
+ { "url_dir", acl_parse_str, acl_fetch_url, acl_match_dir, ACL_USE_L7REQ_VOLATILE },
+ { "url_dom", acl_parse_str, acl_fetch_url, acl_match_dom, ACL_USE_L7REQ_VOLATILE },
+ { "url_reg", acl_parse_reg, acl_fetch_url, acl_match_reg, ACL_USE_L7REQ_VOLATILE },
+ { "url_ip", acl_parse_ip, acl_fetch_url_ip, acl_match_ip, ACL_USE_L7REQ_VOLATILE },
+ { "url_port", acl_parse_int, acl_fetch_url_port, acl_match_int, ACL_USE_L7REQ_VOLATILE },
- { "hdr", acl_parse_str, acl_fetch_chdr, acl_match_str },
- { "hdr_reg", acl_parse_reg, acl_fetch_chdr, acl_match_reg },
- { "hdr_beg", acl_parse_str, acl_fetch_chdr, acl_match_beg },
- { "hdr_end", acl_parse_str, acl_fetch_chdr, acl_match_end },
- { "hdr_sub", acl_parse_str, acl_fetch_chdr, acl_match_sub },
- { "hdr_dir", acl_parse_str, acl_fetch_chdr, acl_match_dir },
- { "hdr_dom", acl_parse_str, acl_fetch_chdr, acl_match_dom },
- { "hdr_cnt", acl_parse_int, acl_fetch_chdr_cnt,acl_match_int },
- { "hdr_val", acl_parse_int, acl_fetch_chdr_val,acl_match_int },
+ /* note: we should set hdr* to use ACL_USE_HDR_VOLATILE, and chdr* to use L7REQ_VOLATILE */
+ { "hdr", acl_parse_str, acl_fetch_chdr, acl_match_str, ACL_USE_L7REQ_VOLATILE },
+ { "hdr_reg", acl_parse_reg, acl_fetch_chdr, acl_match_reg, ACL_USE_L7REQ_VOLATILE },
+ { "hdr_beg", acl_parse_str, acl_fetch_chdr, acl_match_beg, ACL_USE_L7REQ_VOLATILE },
+ { "hdr_end", acl_parse_str, acl_fetch_chdr, acl_match_end, ACL_USE_L7REQ_VOLATILE },
+ { "hdr_sub", acl_parse_str, acl_fetch_chdr, acl_match_sub, ACL_USE_L7REQ_VOLATILE },
+ { "hdr_dir", acl_parse_str, acl_fetch_chdr, acl_match_dir, ACL_USE_L7REQ_VOLATILE },
+ { "hdr_dom", acl_parse_str, acl_fetch_chdr, acl_match_dom, ACL_USE_L7REQ_VOLATILE },
+ { "hdr_cnt", acl_parse_int, acl_fetch_chdr_cnt,acl_match_int, ACL_USE_L7REQ_VOLATILE },
+ { "hdr_val", acl_parse_int, acl_fetch_chdr_val,acl_match_int, ACL_USE_L7REQ_VOLATILE },
- { "shdr", acl_parse_str, acl_fetch_shdr, acl_match_str },
- { "shdr_reg", acl_parse_reg, acl_fetch_shdr, acl_match_reg },
- { "shdr_beg", acl_parse_str, acl_fetch_shdr, acl_match_beg },
- { "shdr_end", acl_parse_str, acl_fetch_shdr, acl_match_end },
- { "shdr_sub", acl_parse_str, acl_fetch_shdr, acl_match_sub },
- { "shdr_dir", acl_parse_str, acl_fetch_shdr, acl_match_dir },
- { "shdr_dom", acl_parse_str, acl_fetch_shdr, acl_match_dom },
- { "shdr_cnt", acl_parse_int, acl_fetch_shdr_cnt,acl_match_int },
- { "shdr_val", acl_parse_int, acl_fetch_shdr_val,acl_match_int },
+ { "shdr", acl_parse_str, acl_fetch_shdr, acl_match_str, ACL_USE_L7RTR_VOLATILE },
+ { "shdr_reg", acl_parse_reg, acl_fetch_shdr, acl_match_reg, ACL_USE_L7RTR_VOLATILE },
+ { "shdr_beg", acl_parse_str, acl_fetch_shdr, acl_match_beg, ACL_USE_L7RTR_VOLATILE },
+ { "shdr_end", acl_parse_str, acl_fetch_shdr, acl_match_end, ACL_USE_L7RTR_VOLATILE },
+ { "shdr_sub", acl_parse_str, acl_fetch_shdr, acl_match_sub, ACL_USE_L7RTR_VOLATILE },
+ { "shdr_dir", acl_parse_str, acl_fetch_shdr, acl_match_dir, ACL_USE_L7RTR_VOLATILE },
+ { "shdr_dom", acl_parse_str, acl_fetch_shdr, acl_match_dom, ACL_USE_L7RTR_VOLATILE },
+ { "shdr_cnt", acl_parse_int, acl_fetch_shdr_cnt,acl_match_int, ACL_USE_L7RTR_VOLATILE },
+ { "shdr_val", acl_parse_int, acl_fetch_shdr_val,acl_match_int, ACL_USE_L7RTR_VOLATILE },
- { "path", acl_parse_str, acl_fetch_path, acl_match_str },
- { "path_reg", acl_parse_reg, acl_fetch_path, acl_match_reg },
- { "path_beg", acl_parse_str, acl_fetch_path, acl_match_beg },
- { "path_end", acl_parse_str, acl_fetch_path, acl_match_end },
- { "path_sub", acl_parse_str, acl_fetch_path, acl_match_sub },
- { "path_dir", acl_parse_str, acl_fetch_path, acl_match_dir },
- { "path_dom", acl_parse_str, acl_fetch_path, acl_match_dom },
+ { "path", acl_parse_str, acl_fetch_path, acl_match_str, ACL_USE_L7REQ_VOLATILE },
+ { "path_reg", acl_parse_reg, acl_fetch_path, acl_match_reg, ACL_USE_L7REQ_VOLATILE },
+ { "path_beg", acl_parse_str, acl_fetch_path, acl_match_beg, ACL_USE_L7REQ_VOLATILE },
+ { "path_end", acl_parse_str, acl_fetch_path, acl_match_end, ACL_USE_L7REQ_VOLATILE },
+ { "path_sub", acl_parse_str, acl_fetch_path, acl_match_sub, ACL_USE_L7REQ_VOLATILE },
+ { "path_dir", acl_parse_str, acl_fetch_path, acl_match_dir, ACL_USE_L7REQ_VOLATILE },
+ { "path_dom", acl_parse_str, acl_fetch_path, acl_match_dom, ACL_USE_L7REQ_VOLATILE },
{ NULL, NULL, NULL, NULL },
diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index d06b76a..3d93a34 100644
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -558,8 +558,8 @@
}};
static struct acl_kw_list acl_kws = {{ },{
- { "req_len", acl_parse_int, acl_fetch_req_len, acl_match_int },
- { "req_ssl_ver", acl_parse_dotted_ver, acl_fetch_req_ssl_ver, acl_match_int },
+ { "req_len", acl_parse_int, acl_fetch_req_len, acl_match_int, ACL_USE_L4REQ_VOLATILE },
+ { "req_ssl_ver", acl_parse_dotted_ver, acl_fetch_req_ssl_ver, acl_match_int, ACL_USE_L4REQ_VOLATILE },
{ NULL, NULL, NULL, NULL },
}};