Blame - include/proto/acl.h - haproxy

blob: ace72dd9095380096ec298c4158101ad0cc584f5 [file] [log] [blame]

Willy Tarreau	a84d374	2007-05-07 00:36:48 +0200	[diff] [blame]	1	/*
				2	include/proto/acl.h
				3	This file provides interface definitions for ACL manipulation.
				4
				5	Copyright (C) 2000-2007 Willy Tarreau - w@1wt.eu
				6
				7	This library is free software; you can redistribute it and/or
				8	modify it under the terms of the GNU Lesser General Public
				9	License as published by the Free Software Foundation, version 2.1
				10	exclusively.
				11
				12	This library is distributed in the hope that it will be useful,
				13	but WITHOUT ANY WARRANTY; without even the implied warranty of
				14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
				15	Lesser General Public License for more details.
				16
				17	You should have received a copy of the GNU Lesser General Public
				18	License along with this library; if not, write to the Free Software
				19	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
				20	*/
				21
				22	#ifndef _PROTO_ACL_H
				23	#define _PROTO_ACL_H
				24
				25	#include <common/config.h>
				26	#include <types/acl.h>
				27
				28	/*
				29	* FIXME: we need destructor functions too !
				30	*/
				31
				32
				33	/* Return a pointer to the ACL <name> within the list starting at <head>, or
				34	* NULL if not found.
				35	*/
				36	struct acl find_acl_by_name(const char name, struct list *head);
				37
				38	/* Return a pointer to the ACL keyword <kw> within the list starting at <head>,
				39	* or NULL if not found. Note that if <kw> contains an opening parenthesis,
				40	* only the left part of it is checked.
				41	*/
				42	struct acl_keyword find_acl_kw(const char kw);
				43
				44	/* Parse an ACL expression starting at <args>[0], and return it.
				45	* Right now, the only accepted syntax is :
				46	* <subject> [<value>...]
				47	*/
				48	struct acl_expr parse_acl_expr(const char *args);
				49
				50	/* Parse an ACL with the name starting at <args>[0], and with a list of already
				51	* known ACLs in <acl>. If the ACL was not in the list, it will be added.
				52	* A pointer to that ACL is returned.
				53	*
				54	* args syntax: <aclname> <acl_expr>
				55	*/
				56	struct acl parse_acl(const char args, struct list known_acl);
				57
				58	/* Purge everything in the acl_cond <cond>, then return <cond>. */
				59	struct acl_cond prune_acl_cond(struct acl_cond cond);
				60
				61	/* Parse an ACL condition starting at <args>[0], relying on a list of already
				62	* known ACLs passed in <known_acl>. The new condition is returned (or NULL in
				63	* case of low memory). Supports multiple conditions separated by "or".
				64	*/
				65	struct acl_cond parse_acl_cond(const char args, struct list known_acl, int pol);
				66
				67	/* Execute condition <cond> and return 0 if test fails or 1 if test succeeds.
				68	* This function only computes the condition, it does not apply the polarity
				69	* required by IF/UNLESS, it's up to the caller to do this.
				70	*/
				71	int acl_exec_cond(struct acl_cond cond, struct proxy px, struct session l4, void l7);
				72
				73	/* Return a pointer to the ACL <name> within the list starting at <head>, or
				74	* NULL if not found.
				75	*/
				76	struct acl find_acl_by_name(const char name, struct list *head);
				77
				78	/*
				79	* Registers the ACL keyword list <kwl> as a list of valid keywords for next
				80	* parsing sessions.
				81	*/
				82	void acl_register_keywords(struct acl_kw_list *kwl);
				83
				84	/*
				85	* Unregisters the ACL keyword list <kwl> from the list of valid keywords.
				86	*/
				87	void acl_unregister_keywords(struct acl_kw_list *kwl);
				88
				89
				90	/*
				91	*
				92	* The following functions are general purpose ACL matching functions.
				93	*
				94	*/
				95
				96
				97	/* This one always returns 1 because its only purpose is to check that the
				98	* value is present, which is already checked by getval().
				99	*/
				100	int acl_match_pst(struct acl_test test, struct acl_pattern pattern);
				101
				102	/* NB: For two strings to be identical, it is required that their lengths match */
				103	int acl_match_str(struct acl_test test, struct acl_pattern pattern);
				104
				105	/* Checks that the integer in <test> is included between min and max */
				106	int acl_match_range(struct acl_test test, struct acl_pattern pattern);
				107	int acl_match_min(struct acl_test test, struct acl_pattern pattern);
				108	int acl_match_max(struct acl_test test, struct acl_pattern pattern);
				109
				110	/* Parse an integer. It is put both in min and max. */
				111	int acl_parse_int(const char text, struct acl_pattern pattern);
				112
				113	/* Parse a range of integers delimited by either ':' or '-'. If only one
				114	* integer is read, it is set as both min and max.
				115	*/
				116	int acl_parse_range(const char text, struct acl_pattern pattern);
				117
				118	/* Parse a string. It is allocated and duplicated. */
				119	int acl_parse_str(const char text, struct acl_pattern pattern);
				120
Willy Tarreau	f3d2598	2007-05-08 22:45:09 +0200	[diff] [blame]	121	/* Parse a regex. It is allocated. */
				122	int acl_parse_reg(const char text, struct acl_pattern pattern);
				123
Willy Tarreau	a67fad9	2007-05-08 19:50:09 +0200	[diff] [blame]	124	/* Parse an IP address and an optional mask in the form addr[/mask].
				125	* The addr may either be an IPv4 address or a hostname. The mask
				126	* may either be a dotted mask or a number of bits. Returns 1 if OK,
				127	* otherwise 0.
				128	*/
				129	int acl_parse_ip(const char text, struct acl_pattern pattern);
				130
Willy Tarreau	a84d374	2007-05-07 00:36:48 +0200	[diff] [blame]	131	/* Checks that the pattern matches the end of the tested string. */
				132	int acl_match_end(struct acl_test test, struct acl_pattern pattern);
				133
				134	/* Checks that the pattern matches the beginning of the tested string. */
				135	int acl_match_beg(struct acl_test test, struct acl_pattern pattern);
				136
				137	/* Checks that the pattern is included inside the tested string. */
				138	int acl_match_sub(struct acl_test test, struct acl_pattern pattern);
				139
				140	/* Checks that the pattern is included inside the tested string, but enclosed
				141	* between slashes or at the beginning or end of the string. Slashes at the
				142	* beginning or end of the pattern are ignored.
				143	*/
				144	int acl_match_dir(struct acl_test test, struct acl_pattern pattern);
				145
				146	/* Checks that the pattern is included inside the tested string, but enclosed
				147	* between dots or at the beginning or end of the string. Dots at the beginning
				148	* or end of the pattern are ignored.
				149	*/
				150	int acl_match_dom(struct acl_test test, struct acl_pattern pattern);
				151
Willy Tarreau	a67fad9	2007-05-08 19:50:09 +0200	[diff] [blame]	152	/* Check that the IPv4 address in <test> matches the IP/mask in pattern */
				153	int acl_match_ip(struct acl_test test, struct acl_pattern pattern);
				154
Willy Tarreau	f3d2598	2007-05-08 22:45:09 +0200	[diff] [blame]	155	/* Executes a regex. It needs to change the data. If it is marked READ_ONLY
				156	* then it will be allocated and duplicated in place so that others may use
				157	* it later on. Note that this is embarrassing because we always try to avoid
				158	* allocating memory at run time.
				159	*/
				160	int acl_match_reg(struct acl_test test, struct acl_pattern pattern);
				161
Willy Tarreau	a84d374	2007-05-07 00:36:48 +0200	[diff] [blame]	162	#endif /* _PROTO_ACL_H */
				163
				164	/*
				165	* Local variables:
				166	* c-indent-level: 8
				167	* c-basic-offset: 8
				168	* End:
				169	*/