From 6d4e4e8dd2c6cb3af4ffffe552821d131fb7290d Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Tue, 11 Jun 2013 21:22:58 +0200 Subject: [PATCH] MEDIUM: acl: remove a lot of useless ACLs that are equivalent to their fetches The following 116 ACLs were removed because they're redundant with their fetch function since last commit which allows the fetch function to be used instead for types BOOL, INT and IP. Most places are now left with an empty ACL keyword list that was not removed so that it's easier to add other ACLs later. always_false, always_true, avg_queue, be_conn, be_id, be_sess_rate, connslots, nbsrv, queue, srv_conn, srv_id, srv_is_up, srv_sess_rate, res.comp, fe_conn, fe_id, fe_sess_rate, dst_conn, so_id, wait_end, http_auth, http_first_req, status, dst, dst_port, src, src_port, sc1_bytes_in_rate, sc1_bytes_out_rate, sc1_clr_gpc0, sc1_conn_cnt, sc1_conn_cur, sc1_conn_rate, sc1_get_gpc0, sc1_gpc0_rate, sc1_http_err_cnt, sc1_http_err_rate, sc1_http_req_cnt, sc1_http_req_rate, sc1_inc_gpc0, sc1_kbytes_in, sc1_kbytes_out, sc1_sess_cnt, sc1_sess_rate, sc1_tracked, sc1_trackers, sc2_bytes_in_rate, sc2_bytes_out_rate, sc2_clr_gpc0, sc2_conn_cnt, sc2_conn_cur, sc2_conn_rate, sc2_get_gpc0, sc2_gpc0_rate, sc2_http_err_cnt, sc2_http_err_rate, sc2_http_req_cnt, sc2_http_req_rate, sc2_inc_gpc0, sc2_kbytes_in, sc2_kbytes_out, sc2_sess_cnt, sc2_sess_rate, sc2_tracked, sc2_trackers, sc3_bytes_in_rate, sc3_bytes_out_rate, sc3_clr_gpc0, sc3_conn_cnt, sc3_conn_cur, sc3_conn_rate, sc3_get_gpc0, sc3_gpc0_rate, sc3_http_err_cnt, sc3_http_err_rate, sc3_http_req_cnt, sc3_http_req_rate, sc3_inc_gpc0, sc3_kbytes_in, sc3_kbytes_out, sc3_sess_cnt, sc3_sess_rate, sc3_tracked, sc3_trackers, src_bytes_in_rate, src_bytes_out_rate, src_clr_gpc0, src_conn_cnt, src_conn_cur, src_conn_rate, src_get_gpc0, src_gpc0_rate, src_http_err_cnt, src_http_err_rate, src_http_req_cnt, src_http_req_rate, src_inc_gpc0, src_kbytes_in, src_kbytes_out, src_sess_cnt, src_sess_rate, src_updt_conn_cnt, table_avl, table_cnt, ssl_c_ca_err, ssl_c_ca_err_depth, ssl_c_err, ssl_c_used, ssl_c_verify, ssl_c_version, ssl_f_version, ssl_fc, ssl_fc_alg_keysize, ssl_fc_has_crt, ssl_fc_has_sni, ssl_fc_use_keysize, --- src/acl.c | 2 -- src/backend.c | 11 ------- src/compression.c | 1 - src/frontend.c | 3 -- src/listener.c | 2 -- src/payload.c | 1 - src/proto_http.c | 5 --- src/proto_tcp.c | 4 --- src/session.c | 77 ----------------------------------------------- src/ssl_sock.c | 12 -------- 10 files changed, 118 deletions(-) diff --git a/src/acl.c b/src/acl.c index 8ba6f6f93..f2abd4418 100644 --- a/src/acl.c +++ b/src/acl.c @@ -2001,8 +2001,6 @@ static struct sample_fetch_kw_list smp_kws = {{ },{ * Please take care of keeping this list alphabetically sorted. */ static struct acl_kw_list acl_kws = {{ },{ - { "always_false", NULL, acl_parse_nothing, acl_match_nothing }, - { "always_true", NULL, acl_parse_nothing, acl_match_nothing }, { /* END */ }, }}; diff --git a/src/backend.c b/src/backend.c index 9f230186e..0392355fc 100644 --- a/src/backend.c +++ b/src/backend.c @@ -1599,17 +1599,6 @@ static struct sample_fetch_kw_list smp_kws = {{ },{ * Please take care of keeping this list alphabetically sorted. */ static struct acl_kw_list acl_kws = {{ },{ - { "avg_queue", NULL, acl_parse_int, acl_match_int }, - { "be_conn", NULL, acl_parse_int, acl_match_int }, - { "be_id", NULL, acl_parse_int, acl_match_int }, - { "be_sess_rate", NULL, acl_parse_int, acl_match_int }, - { "connslots", NULL, acl_parse_int, acl_match_int }, - { "nbsrv", NULL, acl_parse_int, acl_match_int }, - { "queue", NULL, acl_parse_int, acl_match_int }, - { "srv_conn", NULL, acl_parse_int, acl_match_int }, - { "srv_id", NULL, acl_parse_int, acl_match_int }, - { "srv_is_up", NULL, acl_parse_nothing, acl_match_nothing }, - { "srv_sess_rate", NULL, acl_parse_int, acl_match_int }, { /* END */ }, }}; diff --git a/src/compression.c b/src/compression.c index c8e914400..75b232baa 100644 --- a/src/compression.c +++ b/src/compression.c @@ -636,7 +636,6 @@ smp_fetch_res_comp_algo(struct proxy *px, struct session *l4, void *l7, unsigned /* Note: must not be declared as its list will be overwritten */ static struct acl_kw_list acl_kws = {{ },{ - { "res.comp", NULL, acl_parse_nothing, acl_match_nothing }, { /* END */ }, }}; diff --git a/src/frontend.c b/src/frontend.c index cb5d52b29..e0fd30ff7 100644 --- a/src/frontend.c +++ b/src/frontend.c @@ -268,9 +268,6 @@ static struct sample_fetch_kw_list smp_kws = {{ },{ * Please take care of keeping this list alphabetically sorted. */ static struct acl_kw_list acl_kws = {{ },{ - { "fe_conn", NULL, acl_parse_int, acl_match_int }, - { "fe_id", NULL, acl_parse_int, acl_match_int }, - { "fe_sess_rate", NULL, acl_parse_int, acl_match_int }, { /* END */ }, }}; diff --git a/src/listener.c b/src/listener.c index 32b5bad55..1ee95251c 100644 --- a/src/listener.c +++ b/src/listener.c @@ -653,8 +653,6 @@ static struct sample_fetch_kw_list smp_kws = {{ },{ * Please take care of keeping this list alphabetically sorted. */ static struct acl_kw_list acl_kws = {{ },{ - { "dst_conn", NULL, acl_parse_int, acl_match_int }, - { "so_id", NULL, acl_parse_int, acl_match_int }, { /* END */ }, }}; diff --git a/src/payload.c b/src/payload.c index 6031f79f3..207fbb06e 100644 --- a/src/payload.c +++ b/src/payload.c @@ -690,7 +690,6 @@ static struct acl_kw_list acl_kws = {{ },{ { "req_ssl_hello_type", "req.ssl_hello_type", acl_parse_int, acl_match_int }, { "req_ssl_sni", "req.ssl_sni", acl_parse_str, acl_match_str }, { "req_ssl_ver", "req.ssl_ver", acl_parse_dotted_ver, acl_match_int }, - { "wait_end", NULL, acl_parse_nothing, acl_match_nothing }, { /* END */ }, }}; diff --git a/src/proto_http.c b/src/proto_http.c index 2164a85b0..67b91ce22 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -10137,11 +10137,8 @@ static struct acl_kw_list acl_kws = {{ },{ { "hdr_sub", "req.hdr", acl_parse_str, acl_match_sub }, { "hdr_val", "req.hdr_val", acl_parse_int, acl_match_int }, - { "http_auth", NULL, acl_parse_nothing, acl_match_nothing }, { "http_auth_group", NULL, acl_parse_strcat, acl_match_auth }, - { "http_first_req", NULL, acl_parse_nothing, acl_match_nothing }, - { "method", NULL, acl_parse_meth, acl_match_meth }, { "path", "path", acl_parse_str, acl_match_str }, @@ -10180,8 +10177,6 @@ static struct acl_kw_list acl_kws = {{ },{ { "shdr_sub", "res.hdr", acl_parse_str, acl_match_sub }, { "shdr_val", "res.hdr_val", acl_parse_int, acl_match_int }, - { "status", NULL, acl_parse_int, acl_match_int }, - { "url", "url", acl_parse_str, acl_match_str }, { "url_beg", "url", acl_parse_str, acl_match_beg }, { "url_dir", "url", acl_parse_str, acl_match_dir }, diff --git a/src/proto_tcp.c b/src/proto_tcp.c index 956f803b5..ce8cae1e1 100644 --- a/src/proto_tcp.c +++ b/src/proto_tcp.c @@ -1742,10 +1742,6 @@ static struct cfg_kw_list cfg_kws = {{ },{ * Please take care of keeping this list alphabetically sorted. */ static struct acl_kw_list acl_kws = {{ },{ - { "dst", NULL, acl_parse_ip, acl_match_ip }, - { "dst_port", NULL, acl_parse_int, acl_match_int }, - { "src", NULL, acl_parse_ip, acl_match_ip }, - { "src_port", NULL, acl_parse_int, acl_match_int }, { /* END */ }, }}; diff --git a/src/session.c b/src/session.c index 5e0da25ab..f8d49e399 100644 --- a/src/session.c +++ b/src/session.c @@ -3936,83 +3936,6 @@ smp_fetch_table_avl(struct proxy *px, struct session *l4, void *l7, unsigned int * Please take care of keeping this list alphabetically sorted. */ static struct acl_kw_list acl_kws = {{ },{ - { "sc1_bytes_in_rate", NULL, acl_parse_int, acl_match_int }, - { "sc1_bytes_out_rate", NULL, acl_parse_int, acl_match_int }, - { "sc1_clr_gpc0", NULL, acl_parse_int, acl_match_int }, - { "sc1_conn_cnt", NULL, acl_parse_int, acl_match_int }, - { "sc1_conn_cur", NULL, acl_parse_int, acl_match_int }, - { "sc1_conn_rate", NULL, acl_parse_int, acl_match_int }, - { "sc1_get_gpc0", NULL, acl_parse_int, acl_match_int }, - { "sc1_gpc0_rate", NULL, acl_parse_int, acl_match_int }, - { "sc1_http_err_cnt", NULL, acl_parse_int, acl_match_int }, - { "sc1_http_err_rate", NULL, acl_parse_int, acl_match_int }, - { "sc1_http_req_cnt", NULL, acl_parse_int, acl_match_int }, - { "sc1_http_req_rate", NULL, acl_parse_int, acl_match_int }, - { "sc1_inc_gpc0", NULL, acl_parse_int, acl_match_int }, - { "sc1_kbytes_in", NULL, acl_parse_int, acl_match_int }, - { "sc1_kbytes_out", NULL, acl_parse_int, acl_match_int }, - { "sc1_sess_cnt", NULL, acl_parse_int, acl_match_int }, - { "sc1_sess_rate", NULL, acl_parse_int, acl_match_int }, - { "sc1_tracked", NULL, acl_parse_nothing, acl_match_nothing }, - { "sc1_trackers", NULL, acl_parse_int, acl_match_int }, - { "sc2_bytes_in_rate", NULL, acl_parse_int, acl_match_int }, - { "sc2_bytes_out_rate", NULL, acl_parse_int, acl_match_int }, - { "sc2_clr_gpc0", NULL, acl_parse_int, acl_match_int }, - { "sc2_conn_cnt", NULL, acl_parse_int, acl_match_int }, - { "sc2_conn_cur", NULL, acl_parse_int, acl_match_int }, - { "sc2_conn_rate", NULL, acl_parse_int, acl_match_int }, - { "sc2_get_gpc0", NULL, acl_parse_int, acl_match_int }, - { "sc2_gpc0_rate", NULL, acl_parse_int, acl_match_int }, - { "sc2_http_err_cnt", NULL, acl_parse_int, acl_match_int }, - { "sc2_http_err_rate", NULL, acl_parse_int, acl_match_int }, - { "sc2_http_req_cnt", NULL, acl_parse_int, acl_match_int }, - { "sc2_http_req_rate", NULL, acl_parse_int, acl_match_int }, - { "sc2_inc_gpc0", NULL, acl_parse_int, acl_match_int }, - { "sc2_kbytes_in", NULL, acl_parse_int, acl_match_int }, - { "sc2_kbytes_out", NULL, acl_parse_int, acl_match_int }, - { "sc2_sess_cnt", NULL, acl_parse_int, acl_match_int }, - { "sc2_sess_rate", NULL, acl_parse_int, acl_match_int }, - { "sc2_tracked", NULL, acl_parse_nothing, acl_match_nothing }, - { "sc2_trackers", NULL, acl_parse_int, acl_match_int }, - { "sc3_bytes_in_rate", NULL, acl_parse_int, acl_match_int }, - { "sc3_bytes_out_rate", NULL, acl_parse_int, acl_match_int }, - { "sc3_clr_gpc0", NULL, acl_parse_int, acl_match_int }, - { "sc3_conn_cnt", NULL, acl_parse_int, acl_match_int }, - { "sc3_conn_cur", NULL, acl_parse_int, acl_match_int }, - { "sc3_conn_rate", NULL, acl_parse_int, acl_match_int }, - { "sc3_get_gpc0", NULL, acl_parse_int, acl_match_int }, - { "sc3_gpc0_rate", NULL, acl_parse_int, acl_match_int }, - { "sc3_http_err_cnt", NULL, acl_parse_int, acl_match_int }, - { "sc3_http_err_rate", NULL, acl_parse_int, acl_match_int }, - { "sc3_http_req_cnt", NULL, acl_parse_int, acl_match_int }, - { "sc3_http_req_rate", NULL, acl_parse_int, acl_match_int }, - { "sc3_inc_gpc0", NULL, acl_parse_int, acl_match_int }, - { "sc3_kbytes_in", NULL, acl_parse_int, acl_match_int }, - { "sc3_kbytes_out", NULL, acl_parse_int, acl_match_int }, - { "sc3_sess_cnt", NULL, acl_parse_int, acl_match_int }, - { "sc3_sess_rate", NULL, acl_parse_int, acl_match_int }, - { "sc3_tracked", NULL, acl_parse_nothing, acl_match_nothing }, - { "sc3_trackers", NULL, acl_parse_int, acl_match_int }, - { "src_bytes_in_rate", NULL, acl_parse_int, acl_match_int }, - { "src_bytes_out_rate", NULL, acl_parse_int, acl_match_int }, - { "src_clr_gpc0", NULL, acl_parse_int, acl_match_int }, - { "src_conn_cnt", NULL, acl_parse_int, acl_match_int }, - { "src_conn_cur", NULL, acl_parse_int, acl_match_int }, - { "src_conn_rate", NULL, acl_parse_int, acl_match_int }, - { "src_get_gpc0", NULL, acl_parse_int, acl_match_int }, - { "src_gpc0_rate", NULL, acl_parse_int, acl_match_int }, - { "src_http_err_cnt", NULL, acl_parse_int, acl_match_int }, - { "src_http_err_rate", NULL, acl_parse_int, acl_match_int }, - { "src_http_req_cnt", NULL, acl_parse_int, acl_match_int }, - { "src_http_req_rate", NULL, acl_parse_int, acl_match_int }, - { "src_inc_gpc0", NULL, acl_parse_int, acl_match_int }, - { "src_kbytes_in", NULL, acl_parse_int, acl_match_int }, - { "src_kbytes_out", NULL, acl_parse_int, acl_match_int }, - { "src_sess_cnt", NULL, acl_parse_int, acl_match_int }, - { "src_sess_rate", NULL, acl_parse_int, acl_match_int }, - { "src_updt_conn_cnt", NULL, acl_parse_int, acl_match_int }, - { "table_avl", NULL, acl_parse_int, acl_match_int }, - { "table_cnt", NULL, acl_parse_int, acl_match_int }, { /* END */ }, }}; diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 7523246e0..160502c95 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -3125,9 +3125,6 @@ static struct sample_fetch_kw_list sample_fetch_keywords = {{ },{ * Please take care of keeping this list alphabetically sorted. */ static struct acl_kw_list acl_kws = {{ },{ - { "ssl_c_ca_err", NULL, acl_parse_int, acl_match_int }, - { "ssl_c_ca_err_depth", NULL, acl_parse_int, acl_match_int }, - { "ssl_c_err", NULL, acl_parse_int, acl_match_int }, { "ssl_c_i_dn", NULL, acl_parse_str, acl_match_str }, { "ssl_c_key_alg", NULL, acl_parse_str, acl_match_str }, { "ssl_c_notafter", NULL, acl_parse_str, acl_match_str }, @@ -3135,9 +3132,6 @@ static struct acl_kw_list acl_kws = {{ },{ { "ssl_c_sig_alg", NULL, acl_parse_str, acl_match_str }, { "ssl_c_s_dn", NULL, acl_parse_str, acl_match_str }, { "ssl_c_serial", NULL, acl_parse_bin, acl_match_bin }, - { "ssl_c_used", NULL, acl_parse_nothing, acl_match_nothing }, - { "ssl_c_verify", NULL, acl_parse_int, acl_match_int }, - { "ssl_c_version", NULL, acl_parse_int, acl_match_int }, { "ssl_f_i_dn", NULL, acl_parse_str, acl_match_str }, { "ssl_f_key_alg", NULL, acl_parse_str, acl_match_str }, { "ssl_f_notafter", NULL, acl_parse_str, acl_match_str }, @@ -3145,12 +3139,7 @@ static struct acl_kw_list acl_kws = {{ },{ { "ssl_f_sig_alg", NULL, acl_parse_str, acl_match_str }, { "ssl_f_s_dn", NULL, acl_parse_str, acl_match_str }, { "ssl_f_serial", NULL, acl_parse_bin, acl_match_bin }, - { "ssl_f_version", NULL, acl_parse_int, acl_match_int }, - { "ssl_fc", NULL, acl_parse_nothing, acl_match_nothing }, - { "ssl_fc_alg_keysize", NULL, acl_parse_int, acl_match_int }, { "ssl_fc_cipher", NULL, acl_parse_str, acl_match_str }, - { "ssl_fc_has_crt", NULL, acl_parse_nothing, acl_match_nothing }, - { "ssl_fc_has_sni", NULL, acl_parse_nothing, acl_match_nothing }, #ifdef OPENSSL_NPN_NEGOTIATED { "ssl_fc_npn", NULL, acl_parse_str, acl_match_str }, #endif @@ -3158,7 +3147,6 @@ static struct acl_kw_list acl_kws = {{ },{ { "ssl_fc_alpn", NULL, acl_parse_str, acl_match_str }, #endif { "ssl_fc_protocol", NULL, acl_parse_str, acl_match_str }, - { "ssl_fc_use_keysize", NULL, acl_parse_int, acl_match_int }, { "ssl_fc_sni", "ssl_fc_sni", acl_parse_str, acl_match_str }, { "ssl_fc_sni_end", "ssl_fc_sni", acl_parse_str, acl_match_end }, { "ssl_fc_sni_reg", "ssl_fc_sni", acl_parse_reg, acl_match_reg },