Re: Problems compiling squid1.2.beta19 with --enable-arp-acl

--MimeMultipartBoundary
Content-Type: text/plain; charset=us-ascii

> You need FreeBSD (or maybe some very close cousin). I'll add
> a warning to the configure script when you enable ARP ACL's
> on non-FreeBSD systems.

The code below should work on Linux (it compiles, I have no need for it so
I haven't tested). It should also work on OSF/1, except that I put the
#ifdef __linux__. There could easily be a logic flaw (eg, maybe it's not
sa_family that gets set to ARPHRD_ETHER, but that's what it looked like in
net/ipv4/arp.c:arp_ioctl() in Linux). It's much simpler than the code in
there for FreeBSD, I don't see why the original code was so complex
(malloc, grab entire arp table, check ip against one mac address, free table,
each time a mac address was checked - and a linear walk through the arp
table, the arp_ioctl() method uses a hash table lookup inside the kernel
and one less system call) - I could be missing something, but I don't think
I am.

Oh - and I can't see how the original code or this code would work with
USE_SPLAY_TREE defined.

David.

*** O/squid-1.2.beta20/src/acl.c Fri Apr 24 06:51:04 1998
--- squid-1.2.beta20/src/acl.c Mon Apr 27 18:09:21 1998
***************
*** 2177,2183 ****
--- 2177,2188 ----
  #include "squid.h"
  
  #include <sys/sysctl.h>
+ #ifdef __linux__
+ #include <net/if_arp.h>
+ #include <sys/ioctl.h>
+ #else
  #include <net/if_dl.h>
+ #endif
  #include <net/route.h>
  #include <net/if.h>
  #include <netinet/if_ether.h>
***************
*** 2305,2310 ****
--- 2310,2342 ----
  }
  #endif /* USE_SPLAY_TREE */
  
+ #ifdef __linux__
+ static int
+ checkARP(u_long ip, char *eth)
+ {
+ struct arpreq arpReq;
+ struct sockaddr_in ipAddr;
+
+ ipAddr.sin_family = AF_INET;
+ ipAddr.sin_port = 0;
+ ipAddr.sin_addr.s_addr = ip;
+ memcpy(&arpReq.arp_pa, &ipAddr, sizeof(struct sockaddr_in));
+ arpReq.arp_dev[0] = '\0';
+ arpReq.arp_flags = 0;
+ /* any AF_INET socket will do... gives back hardware type, device, etc */
+ if(ioctl(HttpSockets[0], SIOCGARP, &arpReq) == -1) {
+ debug(28, 1) ("Non-ethernet interface returned from ARP query - %d",
+ arpReq.arp_ha.sa_family);
+ return 0;
+ } else if(arpReq.arp_ha.sa_family != ARPHRD_ETHER) {
+ debug(28, 1) ("Non-ethernet interface returned from ARP query - %d",
+ arpReq.arp_ha.sa_family);
+ /* update here and MAC address parsing to handle non-ethernet */
+ return 0;
+ } else
+ return !memcmp(&arpReq.arp_ha.sa_data, eth, 6);
+ }
+ #else
  static int
  checkARP(u_long ip, char *eth)
  {
***************
*** 2345,2350 ****
--- 2377,2383 ----
      xfree(buf);
      return 0;
  }
+ #endif
  
  static wordlist *
  aclDumpArpList(acl_arp_data * data)

--MimeMultipartBoundary--
Received on Tue Jul 29 2003 - 13:15:48 MDT