Arp.cc
Go to the documentation of this file.
1/*
2 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
3 *
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
7 */
8
9/* DEBUG: section 28 Access Control */
10
11#include "squid.h"
12
13#if USE_SQUID_EUI
14
15#include "acl/Arp.h"
16#include "acl/FilledChecklist.h"
17#include "cache_cf.h"
18#include "debug/Stream.h"
19#include "eui/Eui48.h"
20#include "globals.h"
21#include "ip/Address.h"
22
23#include <algorithm>
24
25ACLARP::ACLARP (char const *theClass) : class_ (theClass)
26{}
27
28char const *
30{
31 return class_;
32}
33
34bool
36{
37 return aclArpData.empty();
38}
39
40/* ==== BEGIN ARP ACL SUPPORT ============================================= */
41
42/*
43 * From: dale@server.ctam.bitmcnit.bryansk.su (Dale)
44 * To: wessels@nlanr.net
45 * Subject: Another Squid patch... :)
46 * Date: Thu, 04 Dec 1997 19:55:01 +0300
47 * ============================================================================
48 *
49 * Working on setting up a proper firewall for a network containing some
50 * Win'95 computers at our Univ, I've discovered that some smart students
51 * avoid the restrictions easily just changing their IP addresses in Win'95
52 * Control Panel... It has been getting boring, so I took Squid-1.1.18
53 * sources and added a new acl type for hard-wired access control:
54 *
55 * acl <name> arp <Ethernet address> ...
56 *
57 * For example,
58 *
59 * acl students arp 00:00:21:55:ed:22 00:00:21:ff:55:38
60 *
61 * NOTE: Linux code by David Luyer <luyer@ucs.uwa.edu.au>.
62 * Original (BSD-specific) code no longer works.
63 * Solaris code by R. Gancarz <radekg@solaris.elektrownia-lagisza.com.pl>
64 */
65
66static Eui::Eui48 *
67aclParseArpData(const char *t)
68{
69 char buf[256];
70 Eui::Eui48 *q = new Eui::Eui48;
71 debugs(28, 5, "aclParseArpData: " << t);
72
73 if (sscanf(t, "%[0-9a-fA-F:]", buf) != 1) {
74 debugs(28, DBG_CRITICAL, "ERROR: aclParseArpData: Bad ethernet address: '" << t << "'");
75 delete q;
76 return nullptr;
77 }
78
79 if (!q->decode(buf)) {
80 debugs(28, DBG_CRITICAL, "" << cfg_filename << " line " << config_lineno << ": " << config_input_line);
81 debugs(28, DBG_CRITICAL, "ERROR: aclParseArpData: Ignoring invalid ARP acl entry: cannot parse '" << buf << "'");
82 delete q;
83 return nullptr;
84 }
85
86 return q;
87}
88
89/*******************/
90/* aclParseArpList */
91/*******************/
92void
94{
95 while (const char *t = ConfigParser::strtokFile()) {
96 if (Eui::Eui48 *q = aclParseArpData(t)) {
97 aclArpData.insert(*q);
98 delete q;
99 }
100 }
101}
102
103int
105{
106 ACLFilledChecklist *checklist = Filled(cl);
107
108 /* IPv6 does not do ARP */
109 if (!checklist->src_addr.isIPv4()) {
110 debugs(14, 3, "ACLARP::match: IPv4 Required for ARP Lookups. Skipping " << checklist->src_addr );
111 return 0;
112 }
113
114 Eui::Eui48 lookingFor;
115 lookingFor.lookup(checklist->src_addr);
116 return (aclArpData.find(lookingFor) != aclArpData.end());
117}
118
121{
122 SBufList sl;
123 for (auto i = aclArpData.begin(); i != aclArpData.end(); ++i) {
124 char buf[48];
125 i->encode(buf,48);
126 sl.push_back(SBuf(buf));
127 }
128 return sl;
129}
130
131/* ==== END ARP ACL SUPPORT =============================================== */
132
133#endif /* USE_SQUID_EUI */
134
static Eui::Eui48 * aclParseArpData(const char *t)
Definition: Arp.cc:67
ACLFilledChecklist * Filled(ACLChecklist *checklist)
convenience and safety wrapper for dynamic_cast<ACLFilledChecklist*>
char config_input_line[BUFSIZ]
Definition: cache_cf.cc:274
const char * cfg_filename
Definition: cache_cf.cc:272
int config_lineno
Definition: cache_cf.cc:273
AclArpData_t aclArpData
Definition: Arp.h:35
bool empty() const override
Definition: Arp.cc:35
char const * class_
Definition: Arp.h:33
int match(ACLChecklist *checklist) override
Matches the actual data in checklist against this ACL.
Definition: Arp.cc:104
ACLARP(char const *)
Definition: Arp.cc:25
char const * typeString() const override
Definition: Arp.cc:29
SBufList dump() const override
Definition: Arp.cc:120
void parse() override
parses node representation in squid.conf; dies on failures
Definition: Arp.cc:93
Ip::Address src_addr
static char * strtokFile()
Definition: ConfigParser.cc:65
bool lookup(const Ip::Address &c)
Definition: Eui48.cc:135
bool decode(const char *asc)
Definition: Eui48.cc:97
bool isIPv4() const
Definition: Address.cc:158
Definition: SBuf.h:94
#define debugs(SECTION, LEVEL, CONTENT)
Definition: Stream.h:194
#define DBG_CRITICAL
Definition: Stream.h:37
std::list< SBuf > SBufList
Definition: forward.h:23

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors