00001 /** @file 00002 00003 A brief file description 00004 00005 @section license License 00006 00007 Licensed to the Apache Software Foundation (ASF) under one 00008 or more contributor license agreements. See the NOTICE file 00009 distributed with this work for additional information 00010 regarding copyright ownership. The ASF licenses this file 00011 to you under the Apache License, Version 2.0 (the 00012 "License"); you may not use this file except in compliance 00013 with the License. You may obtain a copy of the License at 00014 00015 http://www.apache.org/licenses/LICENSE-2.0 00016 00017 Unless required by applicable law or agreed to in writing, software 00018 distributed under the License is distributed on an "AS IS" BASIS, 00019 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00020 See the License for the specific language governing permissions and 00021 limitations under the License. 00022 */ 00023 00024 #ifndef _ACL_FILTERING_H_ 00025 #define _ACL_FILTERING_H_ 00026 00027 #include "Main.h" 00028 //#include "YAddr.h" 00029 00030 #include <string> 00031 #include <set> 00032 #include <vector> 00033 00034 // =============================================================================== 00035 // ACL like filtering defs (per one remap rule) 00036 00037 static int const ACL_FILTER_MAX_SRC_IP = 128; 00038 static int const ACL_FILTER_MAX_ARGV = 512; 00039 00040 struct src_ip_info_t { 00041 IpEndpoint start; ///< Minimum value in range. 00042 IpEndpoint end; ///< Maximum value in range. 00043 bool invert; ///< Should we "invert" the meaning of this IP range ("not in range") 00044 00045 void reset() { 00046 ink_zero(start); 00047 ink_zero(end); 00048 invert = false; 00049 } 00050 00051 /// @return @c true if @a ip is inside @a this range. 00052 bool contains(IpEndpoint const& ip) { 00053 return ats_ip_addr_cmp(&start, &ip) <= 0 && ats_ip_addr_cmp(&ip, &end) <= 0; 00054 } 00055 }; 00056 00057 /** 00058 * 00059 **/ 00060 class acl_filter_rule 00061 { 00062 private: 00063 void reset(void); 00064 00065 public: 00066 acl_filter_rule *next; 00067 int filter_name_size; // size of optional filter name 00068 char *filter_name; // optional filter name 00069 unsigned int allow_flag:1, // action allow deny 00070 src_ip_valid:1, // src_ip range valid 00071 active_queue_flag:1; // filter is in active state (used by .useflt directive) 00072 00073 // we need arguments as string array for directive processing 00074 int argc; // argument counter (only for filter defs) 00075 char *argv[ACL_FILTER_MAX_ARGV]; // argument strings (only for filter defs) 00076 00077 // methods 00078 bool method_restriction_enabled; 00079 std::vector<bool> standard_method_lookup; 00080 00081 typedef std::set<std::string> MethodMap; 00082 MethodMap nonstandard_methods; 00083 00084 // src_ip 00085 int src_ip_cnt; // how many valid src_ip rules we have 00086 src_ip_info_t src_ip_array[ACL_FILTER_MAX_SRC_IP]; 00087 acl_filter_rule(); 00088 ~acl_filter_rule(); 00089 int name(const char *_name = NULL); 00090 int add_argv(int _argc, char *_argv[]); 00091 void print(void); 00092 00093 static acl_filter_rule *find_byname(acl_filter_rule *list, const char *name); 00094 static void delete_byname(acl_filter_rule **list, const char *name); 00095 static void requeue_in_active_list(acl_filter_rule **list, acl_filter_rule *rp); 00096 static void requeue_in_passive_list(acl_filter_rule **list, acl_filter_rule *rp); 00097 }; 00098 00099 #endif
1.7.1