You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by br...@apache.org on 2015/05/06 05:18:20 UTC
[1/2] trafficserver git commit: TS-3582: Change @dst_ip to @in_ip
Repository: trafficserver
Updated Branches:
refs/heads/master d8a753876 -> f28e76608
TS-3582: Change @dst_ip to @in_ip
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/48e3670c
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/48e3670c
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/48e3670c
Branch: refs/heads/master
Commit: 48e3670cfe60e1e1601aa56f3cb834645f7508df
Parents: d8a7538
Author: Brian Geffon <br...@apache.org>
Authored: Tue May 5 20:17:04 2015 -0700
Committer: Brian Geffon <br...@apache.org>
Committed: Tue May 5 20:17:04 2015 -0700
----------------------------------------------------------------------
proxy/http/remap/AclFiltering.cc | 16 ++++++++--------
proxy/http/remap/AclFiltering.h | 10 +++++-----
proxy/http/remap/RemapConfig.cc | 34 +++++++++++++++++-----------------
proxy/http/remap/RemapConfig.h | 2 +-
proxy/http/remap/UrlRewrite.cc | 18 ++++++++++++------
5 files changed, 43 insertions(+), 37 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/48e3670c/proxy/http/remap/AclFiltering.cc
----------------------------------------------------------------------
diff --git a/proxy/http/remap/AclFiltering.cc b/proxy/http/remap/AclFiltering.cc
index f05e41e..6a545f3 100644
--- a/proxy/http/remap/AclFiltering.cc
+++ b/proxy/http/remap/AclFiltering.cc
@@ -46,10 +46,10 @@ acl_filter_rule::reset(void)
src_ip_array[i].reset();
}
src_ip_valid = 0;
- for (i = (dst_ip_cnt = 0); i < ACL_FILTER_MAX_DST_IP; i++) {
- dst_ip_array[i].reset();
+ for (i = (in_ip_cnt = 0); i < ACL_FILTER_MAX_IN_IP; i++) {
+ in_ip_array[i].reset();
}
- dst_ip_valid = 0;
+ in_ip_valid = 0;
internal = 0;
}
@@ -96,9 +96,9 @@ acl_filter_rule::print(void)
{
int i;
printf("-----------------------------------------------------------------------------------------\n");
- printf("Filter \"%s\" status: allow_flag=%s, src_ip_valid=%s, dst_ip_valid=%s, internal=%s, active_queue_flag=%d\n",
+ printf("Filter \"%s\" status: allow_flag=%s, src_ip_valid=%s, in_ip_valid=%s, internal=%s, active_queue_flag=%d\n",
filter_name ? filter_name : "<NONAME>", allow_flag ? "true" : "false", src_ip_valid ? "true" : "false",
- dst_ip_valid ? "true" : "false", internal ? "true" : "false", (int)active_queue_flag);
+ in_ip_valid ? "true" : "false", internal ? "true" : "false", (int)active_queue_flag);
printf("standard methods=");
for (i = 0; i < HTTP_WKSIDX_METHODS_CNT; i++) {
if (standard_method_lookup[i]) {
@@ -116,10 +116,10 @@ acl_filter_rule::print(void)
printf("%s - %s", ats_ip_ntop(&src_ip_array[i].start.sa, b1, sizeof(b1)), ats_ip_ntop(&src_ip_array[i].end.sa, b2, sizeof(b2)));
}
printf("\n");
- printf("dst_ip_cnt=%d\n", dst_ip_cnt);
- for (i = 0; i < dst_ip_cnt; i++) {
+ printf("in_ip_cnt=%d\n", in_ip_cnt);
+ for (i = 0; i < in_ip_cnt; i++) {
ip_text_buffer b1, b2;
- printf("%s - %s", ats_ip_ntop(&dst_ip_array[i].start.sa, b1, sizeof(b1)), ats_ip_ntop(&dst_ip_array[i].end.sa, b2, sizeof(b2)));
+ printf("%s - %s", ats_ip_ntop(&in_ip_array[i].start.sa, b1, sizeof(b1)), ats_ip_ntop(&in_ip_array[i].end.sa, b2, sizeof(b2)));
}
printf("\n");
for (i = 0; i < argc; i++) {
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/48e3670c/proxy/http/remap/AclFiltering.h
----------------------------------------------------------------------
diff --git a/proxy/http/remap/AclFiltering.h b/proxy/http/remap/AclFiltering.h
index 0eb2ee2..345ede3 100644
--- a/proxy/http/remap/AclFiltering.h
+++ b/proxy/http/remap/AclFiltering.h
@@ -35,7 +35,7 @@
// ACL like filtering defs (per one remap rule)
static int const ACL_FILTER_MAX_SRC_IP = 128;
-static int const ACL_FILTER_MAX_DST_IP = 8;
+static int const ACL_FILTER_MAX_IN_IP = 8;
static int const ACL_FILTER_MAX_ARGV = 512;
struct src_ip_info_t {
@@ -72,7 +72,7 @@ public:
char *filter_name; // optional filter name
unsigned int allow_flag : 1, // action allow deny
src_ip_valid : 1, // src_ip range valid
- dst_ip_valid : 1,
+ in_ip_valid : 1,
active_queue_flag : 1, // filter is in active state (used by .useflt directive)
internal : 1; // filter internal HTTP requests
@@ -91,9 +91,9 @@ public:
int src_ip_cnt; // how many valid src_ip rules we have
src_ip_info_t src_ip_array[ACL_FILTER_MAX_SRC_IP];
- // dst_ip
- int dst_ip_cnt; // how many valid dst_ip rules we have
- src_ip_info_t dst_ip_array[ACL_FILTER_MAX_DST_IP];
+ // in_ip
+ int in_ip_cnt; // how many valid dst_ip rules we have
+ src_ip_info_t in_ip_array[ACL_FILTER_MAX_IN_IP];
acl_filter_rule();
~acl_filter_rule();
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/48e3670c/proxy/http/remap/RemapConfig.cc
----------------------------------------------------------------------
diff --git a/proxy/http/remap/RemapConfig.cc b/proxy/http/remap/RemapConfig.cc
index 1f458e2..3cacde1 100644
--- a/proxy/http/remap/RemapConfig.cc
+++ b/proxy/http/remap/RemapConfig.cc
@@ -470,10 +470,10 @@ remap_validate_filter_args(acl_filter_rule **rule_pp, const char **argv, int arg
}
}
- if (ul & REMAP_OPTFLG_DST_IP) { /* "dst_ip=" option */
- if (rule->dst_ip_cnt >= ACL_FILTER_MAX_DST_IP) {
- Debug("url_rewrite", "[validate_filter_args] Too many \"dst_ip=\" filters");
- snprintf(errStrBuf, errStrBufSize, "Defined more than %d \"dst_ip=\" filters!", ACL_FILTER_MAX_DST_IP);
+ if (ul & REMAP_OPTFLG_IN_IP) { /* "dst_ip=" option */
+ if (rule->in_ip_cnt >= ACL_FILTER_MAX_IN_IP) {
+ Debug("url_rewrite", "[validate_filter_args] Too many \"in_ip=\" filters");
+ snprintf(errStrBuf, errStrBufSize, "Defined more than %d \"in_ip=\" filters!", ACL_FILTER_MAX_IN_IP);
errStrBuf[errStrBufSize - 1] = 0;
if (new_rule_flg) {
delete rule;
@@ -481,7 +481,7 @@ remap_validate_filter_args(acl_filter_rule **rule_pp, const char **argv, int arg
}
return (const char *)errStrBuf;
}
- ipi = &rule->dst_ip_array[rule->dst_ip_cnt];
+ ipi = &rule->in_ip_array[rule->in_ip_cnt];
if (ul & REMAP_OPTFLG_INVERT)
ipi->invert = true;
ink_strlcpy(tmpbuf, argptr, sizeof(tmpbuf));
@@ -496,16 +496,16 @@ remap_validate_filter_args(acl_filter_rule **rule_pp, const char **argv, int arg
}
return (const char *)errStrBuf;
}
- for (j = 0; j < rule->dst_ip_cnt; j++) {
- if (rule->dst_ip_array[j].start == ipi->start && rule->dst_ip_array[j].end == ipi->end) {
+ for (j = 0; j < rule->in_ip_cnt; j++) {
+ if (rule->in_ip_array[j].start == ipi->start && rule->in_ip_array[j].end == ipi->end) {
ipi->reset();
ipi = NULL;
break; /* we have the same src_ip in the list */
}
}
if (ipi) {
- rule->dst_ip_cnt++;
- rule->dst_ip_valid = 1;
+ rule->in_ip_cnt++;
+ rule->in_ip_valid = 1;
}
}
@@ -581,18 +581,18 @@ remap_check_option(const char **argv, int argc, unsigned long findmode, int *_re
if (argptr)
*argptr = &argv[i][7];
ret_flags |= REMAP_OPTFLG_SRC_IP;
- } else if (!strncasecmp(argv[i], "dst_ip=~", 8)) {
- if ((findmode & REMAP_OPTFLG_DST_IP) != 0)
+ } else if (!strncasecmp(argv[i], "in_ip=~", 7)) {
+ if ((findmode & REMAP_OPTFLG_IN_IP) != 0)
idx = i;
if (argptr)
- *argptr = &argv[i][8];
- ret_flags |= (REMAP_OPTFLG_DST_IP | REMAP_OPTFLG_INVERT);
- } else if (!strncasecmp(argv[i], "dst_ip=", 7)) {
- if ((findmode & REMAP_OPTFLG_DST_IP) != 0)
+ *argptr = &argv[i][7];
+ ret_flags |= (REMAP_OPTFLG_IN_IP | REMAP_OPTFLG_INVERT);
+ } else if (!strncasecmp(argv[i], "in_ip=", 6)) {
+ if ((findmode & REMAP_OPTFLG_IN_IP) != 0)
idx = i;
if (argptr)
- *argptr = &argv[i][7];
- ret_flags |= REMAP_OPTFLG_DST_IP;
+ *argptr = &argv[i][6];
+ ret_flags |= REMAP_OPTFLG_IN_IP;
} else if (!strncasecmp(argv[i], "action=", 7)) {
if ((findmode & REMAP_OPTFLG_ACTION) != 0)
idx = i;
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/48e3670c/proxy/http/remap/RemapConfig.h
----------------------------------------------------------------------
diff --git a/proxy/http/remap/RemapConfig.h b/proxy/http/remap/RemapConfig.h
index 2dd0fff..6c810d5 100644
--- a/proxy/http/remap/RemapConfig.h
+++ b/proxy/http/remap/RemapConfig.h
@@ -38,7 +38,7 @@ class UrlRewrite;
#define REMAP_OPTFLG_SRC_IP 0x0010u /* "src_ip=" option (used for ACL filtering) */
#define REMAP_OPTFLG_ACTION 0x0020u /* "action=" option (used for ACL filtering) */
#define REMAP_OPTFLG_INTERNAL 0x0040u /* only allow internal requests to hit this remap */
-#define REMAP_OPTFLG_DST_IP 0x0080u /* "dst_ip=" option (used for ACL filtering)*/
+#define REMAP_OPTFLG_IN_IP 0x0080u /* "in_ip=" option (used for ACL filtering)*/
#define REMAP_OPTFLG_MAP_ID 0x0800u /* associate a map ID with this rule */
#define REMAP_OPTFLG_INVERT 0x80000000u /* "invert" the rule (for src_ip at least) */
#define REMAP_OPTFLG_ALL_FILTERS (REMAP_OPTFLG_METHOD | REMAP_OPTFLG_SRC_IP | REMAP_OPTFLG_ACTION | REMAP_OPTFLG_INTERNAL)
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/48e3670c/proxy/http/remap/UrlRewrite.cc
----------------------------------------------------------------------
diff --git a/proxy/http/remap/UrlRewrite.cc b/proxy/http/remap/UrlRewrite.cc
index 995fe9e..496cb28 100644
--- a/proxy/http/remap/UrlRewrite.cc
+++ b/proxy/http/remap/UrlRewrite.cc
@@ -452,15 +452,21 @@ UrlRewrite::PerformACLFiltering(HttpTransact::State *s, url_mapping *map)
}
}
- if (match && rp->dst_ip_valid) {
- Debug("url_rewrite", "match was true and we have specified a dst_ip field");
+ if (match && rp->in_ip_valid) {
+ Debug("url_rewrite", "match was true and we have specified a in_ip field");
match = false;
- for (int j = 0; j < rp->dst_ip_cnt && !match; j++) {
+ for (int j = 0; j < rp->in_ip_cnt && !match; j++) {
IpEndpoint incoming_addr;
incoming_addr.assign(s->state_machine->ua_session->get_netvc()->get_local_addr());
-
- bool in_range = rp->dst_ip_array[j].contains(incoming_addr);
- if (rp->dst_ip_array[j].invert) {
+ if (is_debug_tag_set("url_rewrite")) {
+ char buf1[128], buf2[128], buf3[128];
+ ats_ip_ntop(incoming_addr, buf1, sizeof(buf1));
+ ats_ip_ntop(rp->in_ip_array[j].start, buf2, sizeof(buf2));
+ ats_ip_ntop(rp->in_ip_array[j].end, buf3, sizeof(buf3));
+ Debug("url_rewrite", "Trying to match incoming address %s in range %s - %s.", buf1, buf2, buf3);
+ }
+ bool in_range = rp->in_ip_array[j].contains(incoming_addr);
+ if (rp->in_ip_array[j].invert) {
if (!in_range) {
match = true;
}
[2/2] trafficserver git commit: TS-3582: Change @dst_ip to @in_ip:
UPDATE DOCS
Posted by br...@apache.org.
TS-3582: Change @dst_ip to @in_ip: UPDATE DOCS
Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/f28e7660
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/f28e7660
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/f28e7660
Branch: refs/heads/master
Commit: f28e766080c8f88c2ed0d36400a2aee0b8e17396
Parents: 48e3670
Author: Brian Geffon <br...@apache.org>
Authored: Tue May 5 20:18:11 2015 -0700
Committer: Brian Geffon <br...@apache.org>
Committed: Tue May 5 20:18:11 2015 -0700
----------------------------------------------------------------------
doc/reference/configuration/remap.config.en.rst | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/trafficserver/blob/f28e7660/doc/reference/configuration/remap.config.en.rst
----------------------------------------------------------------------
diff --git a/doc/reference/configuration/remap.config.en.rst b/doc/reference/configuration/remap.config.en.rst
index 35e996f..f870fe0 100644
--- a/doc/reference/configuration/remap.config.en.rst
+++ b/doc/reference/configuration/remap.config.en.rst
@@ -393,14 +393,14 @@ Examples
map http://foo.example.com/ http://foo.example.com/ @action=deny @src_ip=1.2.3.4
map http://foo.example.com/ http://foo.example.com/ @action=allow @src_ip=127.0.0.1
- map http://foo.example.com/ http://foo.example.com/ @action=allow @src_ip=10.5.2.1 @dst_ip=72.209.23.4
+ map http://foo.example.com/ http://foo.example.com/ @action=allow @src_ip=10.5.2.1 @in_ip=72.209.23.4
map http://foo.example.com/ http://foo.example.com/ @action=allow @src_ip=127.0.0.1 @method=post @method=get @method=head
Note that these Acl filters will return a 403 response if the resource is restricted.
-The difference between ``@src_ip`` and ``@dst_ip`` is that the ``@src_ip`` is the client
-ip and the ``dst_ip`` is the ip address the client is connecting to (the incoming address).
+The difference between ``@src_ip`` and ``@in_ip`` is that the ``@src_ip`` is the client
+ip and the ``in_ip`` is the ip address the client is connecting to (the incoming address).
Named Filters
=============