-
Notifications
You must be signed in to change notification settings - Fork 381
VIP4: Restrict VMOD function call sites
Teach the VCC to conditionally refuse $Function or $Method calls.
It started with the fact that VRT functions sometimes expect to be called under certain conditions but nothing really documents or enforces such conditions. These functions could at least assert that their requirements are met if that is not already the case, but this is outside of this VIP's scope.
VMOD functions defined by the ad-hoc VCC can however express this kind of requirements when that makes sense. Besides VMOD constructs like the $Event function that are not visible in VCL or $Object constructors that can only be used in vcl_init all VMOD functions can be called from anywhere.
If a VMOD function calls a VRT function that has a special requirement, the VMOD author could document it, and the VCC could enforce it.
A new $Restrict token followed by the type of restriction and its parameters.
Example:
$Function VOID restricted(...)
$Restrict context backend
By having a generic $Restrict token, we may later find other uses that could be ignored (with a warning) on older Varnish releases once implemented and extended.
Another example:
$Module mtstatus 3 Mean time status for Varnish Cache
$Event event_function
# Both functions use VRT_synth_page
$Function VOID mtstatus(REAL delta)
$Restrict routine synth
# This function gets the HTML contents from a file, it might be worth caching
$Function VOID html(file = "/usr/share/vmod-mtstatus/page.html")
$Restrict routine synth vcl_backend_error