Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / dd64f8d394330f04ccdf6081586c84feb5ff27ff / . / include / proto / acl.h
blob: fffce481564641097669b423d6dafc711a61b609 [file] [log] [blame]
Willy Tarreaua84d3742007-05-07 00:36:48 +0200[diff] [blame]1/*
2 include/proto/acl.h
3 This file provides interface definitions for ACL manipulation.
4
Willy Tarreau11382812008-07-09 16:18:21 +0200[diff] [blame]5 Copyright (C) 2000-2008 Willy Tarreau - w@1wt.eu
Willy Tarreaua84d3742007-05-07 00:36:48 +0200[diff] [blame]6
7 This library is free software; you can redistribute it and/or
8 modify it under the terms of the GNU Lesser General Public
9 License as published by the Free Software Foundation, version 2.1
10 exclusively.
11
12 This library is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 Lesser General Public License for more details.
16
17 You should have received a copy of the GNU Lesser General Public
18 License along with this library; if not, write to the Free Software
19 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20*/
21
22#ifndef _PROTO_ACL_H
23#define _PROTO_ACL_H
24
25#include <common/config.h>
26#include <types/acl.h>
27
28/*
29 * FIXME: we need destructor functions too !
30 */
31
Willy Tarreau11382812008-07-09 16:18:21 +0200[diff] [blame]32/* Negate an acl result. This turns (ACL_PAT_FAIL, ACL_PAT_MISS, ACL_PAT_PASS)
33 * into (ACL_PAT_PASS, ACL_PAT_MISS, ACL_PAT_FAIL).
34 */
35static inline int acl_neg(int res)
36{
37 return (3 >> res);
38}
39
40/* Convert an acl result to a boolean. Only ACL_PAT_PASS returns 1. */
41static inline int acl_pass(int res)
42{
43 return (res >> 1);
44}
Willy Tarreaua84d3742007-05-07 00:36:48 +0200[diff] [blame]45
46/* Return a pointer to the ACL <name> within the list starting at <head>, or
47 * NULL if not found.
48 */
49struct acl *find_acl_by_name(const char *name, struct list *head);
50
51/* Return a pointer to the ACL keyword <kw> within the list starting at <head>,
52 * or NULL if not found. Note that if <kw> contains an opening parenthesis,
53 * only the left part of it is checked.
54 */
55struct acl_keyword *find_acl_kw(const char *kw);
56
57/* Parse an ACL expression starting at <args>[0], and return it.
58 * Right now, the only accepted syntax is :
59 * <subject> [<value>...]
60 */
61struct acl_expr *parse_acl_expr(const char **args);
62
Krzysztof Piotr Oledzkia643baf2008-05-29 23:53:44 +0200[diff] [blame]63/* Purge everything in the acl <acl>, then return <acl>. */
64struct acl *prune_acl(struct acl *acl);
65
Willy Tarreaua84d3742007-05-07 00:36:48 +0200[diff] [blame]66/* Parse an ACL with the name starting at <args>[0], and with a list of already
67 * known ACLs in <acl>. If the ACL was not in the list, it will be added.
68 * A pointer to that ACL is returned.
69 *
70 * args syntax: <aclname> <acl_expr>
71 */
72struct acl *parse_acl(const char **args, struct list *known_acl);
73
74/* Purge everything in the acl_cond <cond>, then return <cond>. */
75struct acl_cond *prune_acl_cond(struct acl_cond *cond);
76
77/* Parse an ACL condition starting at <args>[0], relying on a list of already
78 * known ACLs passed in <known_acl>. The new condition is returned (or NULL in
79 * case of low memory). Supports multiple conditions separated by "or".
80 */
81struct acl_cond *parse_acl_cond(const char **args, struct list *known_acl, int pol);
82
Willy Tarreau11382812008-07-09 16:18:21 +0200[diff] [blame]83/* Execute condition <cond> and return either ACL_PAT_FAIL, ACL_PAT_MISS or
84 * ACL_PAT_PASS depending on the test results. This function only computes the
85 * condition, it does not apply the polarity required by IF/UNLESS, it's up to
86 * the caller to do this.
Willy Tarreaua84d3742007-05-07 00:36:48 +0200[diff] [blame]87 */
Willy Tarreaud41f8d82007-06-10 10:06:18 +0200[diff] [blame]88int acl_exec_cond(struct acl_cond *cond, struct proxy *px, struct session *l4, void *l7, int dir);
Willy Tarreaua84d3742007-05-07 00:36:48 +0200[diff] [blame]89
Willy Tarreaudd64f8d2008-07-27 22:02:32 +0200[diff] [blame^]90/* Reports a pointer to the first ACL used in condition <cond> which requires
91 * at least one of the USE_FLAGS in <require>. Returns NULL if none matches.
92 */
93struct acl *cond_find_require(struct acl_cond *cond, unsigned int require);
94
Willy Tarreaua84d3742007-05-07 00:36:48 +0200[diff] [blame]95/* Return a pointer to the ACL <name> within the list starting at <head>, or
96 * NULL if not found.
97 */
98struct acl *find_acl_by_name(const char *name, struct list *head);
99
100/*
101 * Registers the ACL keyword list <kwl> as a list of valid keywords for next
102 * parsing sessions.
103 */
104void acl_register_keywords(struct acl_kw_list *kwl);
105
106/*
107 * Unregisters the ACL keyword list <kwl> from the list of valid keywords.
108 */
109void acl_unregister_keywords(struct acl_kw_list *kwl);
110
111
112/*
113 *
114 * The following functions are general purpose ACL matching functions.
115 *
116 */
117
118
Willy Tarreau58393e12008-07-20 10:39:22 +0200[diff] [blame]119/* ignore the current line */
120int acl_parse_nothing(const char **text, struct acl_pattern *pattern, int *opaque);
121
Willy Tarreaua84d3742007-05-07 00:36:48 +0200[diff] [blame]122/* NB: For two strings to be identical, it is required that their lengths match */
123int acl_match_str(struct acl_test *test, struct acl_pattern *pattern);
124
125/* Checks that the integer in <test> is included between min and max */
Willy Tarreauae8b7962007-06-09 23:10:04 +0200[diff] [blame]126int acl_match_int(struct acl_test *test, struct acl_pattern *pattern);
Willy Tarreaua84d3742007-05-07 00:36:48 +0200[diff] [blame]127
128/* Parse an integer. It is put both in min and max. */
Willy Tarreauae8b7962007-06-09 23:10:04 +0200[diff] [blame]129int acl_parse_int(const char **text, struct acl_pattern *pattern, int *opaque);
Willy Tarreaua84d3742007-05-07 00:36:48 +0200[diff] [blame]130
Willy Tarreau4a26d2f2008-07-15 16:05:33 +0200[diff] [blame]131/* Parse an version. It is put both in min and max. */
132int acl_parse_dotted_ver(const char **text, struct acl_pattern *pattern, int *opaque);
133
Willy Tarreaua84d3742007-05-07 00:36:48 +0200[diff] [blame]134/* Parse a range of integers delimited by either ':' or '-'. If only one
135 * integer is read, it is set as both min and max.
136 */
Willy Tarreauae8b7962007-06-09 23:10:04 +0200[diff] [blame]137int acl_parse_range(const char **text, struct acl_pattern *pattern, int *opaque);
Willy Tarreaua84d3742007-05-07 00:36:48 +0200[diff] [blame]138
139/* Parse a string. It is allocated and duplicated. */
Willy Tarreauae8b7962007-06-09 23:10:04 +0200[diff] [blame]140int acl_parse_str(const char **text, struct acl_pattern *pattern, int *opaque);
Willy Tarreaua84d3742007-05-07 00:36:48 +0200[diff] [blame]141
Willy Tarreauf3d25982007-05-08 22:45:09 +0200[diff] [blame]142/* Parse a regex. It is allocated. */
Willy Tarreauae8b7962007-06-09 23:10:04 +0200[diff] [blame]143int acl_parse_reg(const char **text, struct acl_pattern *pattern, int *opaque);
Willy Tarreauf3d25982007-05-08 22:45:09 +0200[diff] [blame]144
Willy Tarreaua67fad92007-05-08 19:50:09 +0200[diff] [blame]145/* Parse an IP address and an optional mask in the form addr[/mask].
146 * The addr may either be an IPv4 address or a hostname. The mask
147 * may either be a dotted mask or a number of bits. Returns 1 if OK,
148 * otherwise 0.
149 */
Willy Tarreauae8b7962007-06-09 23:10:04 +0200[diff] [blame]150int acl_parse_ip(const char **text, struct acl_pattern *pattern, int *opaque);
Willy Tarreaua67fad92007-05-08 19:50:09 +0200[diff] [blame]151
Willy Tarreau58393e12008-07-20 10:39:22 +0200[diff] [blame]152/* always fake a data retrieval */
153int acl_fetch_nothing(struct proxy *px, struct session *l4, void *l7, int dir,
154 struct acl_expr *expr, struct acl_test *test);
155
156/* always return false */
157int acl_match_nothing(struct acl_test *test, struct acl_pattern *pattern);
158
Willy Tarreaua84d3742007-05-07 00:36:48 +0200[diff] [blame]159/* Checks that the pattern matches the end of the tested string. */
160int acl_match_end(struct acl_test *test, struct acl_pattern *pattern);
161
162/* Checks that the pattern matches the beginning of the tested string. */
163int acl_match_beg(struct acl_test *test, struct acl_pattern *pattern);
164
165/* Checks that the pattern is included inside the tested string. */
166int acl_match_sub(struct acl_test *test, struct acl_pattern *pattern);
167
168/* Checks that the pattern is included inside the tested string, but enclosed
169 * between slashes or at the beginning or end of the string. Slashes at the
170 * beginning or end of the pattern are ignored.
171 */
172int acl_match_dir(struct acl_test *test, struct acl_pattern *pattern);
173
174/* Checks that the pattern is included inside the tested string, but enclosed
175 * between dots or at the beginning or end of the string. Dots at the beginning
176 * or end of the pattern are ignored.
177 */
178int acl_match_dom(struct acl_test *test, struct acl_pattern *pattern);
179
Willy Tarreaua67fad92007-05-08 19:50:09 +0200[diff] [blame]180/* Check that the IPv4 address in <test> matches the IP/mask in pattern */
181int acl_match_ip(struct acl_test *test, struct acl_pattern *pattern);
182
Willy Tarreauf3d25982007-05-08 22:45:09 +0200[diff] [blame]183/* Executes a regex. It needs to change the data. If it is marked READ_ONLY
184 * then it will be allocated and duplicated in place so that others may use
185 * it later on. Note that this is embarrassing because we always try to avoid
186 * allocating memory at run time.
187 */
188int acl_match_reg(struct acl_test *test, struct acl_pattern *pattern);
189
Willy Tarreaua84d3742007-05-07 00:36:48 +0200[diff] [blame]190#endif /* _PROTO_ACL_H */
191
192/*
193 * Local variables:
194 * c-indent-level: 8
195 * c-basic-offset: 8
196 * End:
197 */