/*
* Return 0, if not match.
* Return 1, if match black list.
* Return -1, if match white list.
*/
int
acl_match_host(const char *host)
{
struct cork_ip addr;
int ret = 0;
int err = cork_ip_init(&addr, host);
if (err) {
int host_len = strlen(host);
if (lookup_rule(&black_list_rules, host, host_len) != NULL)
ret = 1;
else if (lookup_rule(&white_list_rules, host, host_len) != NULL)
ret = -1;
return ret;
}
if (addr.version == 4) {
if (ipset_contains_ipv4(&black_list_ipv4, &(addr.ip.v4)))
ret = 1;
else if (ipset_contains_ipv4(&white_list_ipv4, &(addr.ip.v4)))
ret = -1;
} else if (addr.version == 6) {
if (ipset_contains_ipv6(&black_list_ipv6, &(addr.ip.v6)))
ret = 1;
else if (ipset_contains_ipv6(&white_list_ipv6, &(addr.ip.v6)))
ret = -1;
}
return ret;
}
bool
ipset_contains_ip(const struct ip_set *set, struct cork_ip *addr)
{
if (addr->version == 4) {
return ipset_contains_ipv4(set, &addr->ip.v4);
} else {
return ipset_contains_ipv6(set, &addr->ip.v6);
}
}
int
acl_contains_ip(const char * host) {
struct cork_ip addr;
int err = cork_ip_init(&addr, host);
if (err) {
return 0;
}
if (addr.version == 4) {
return ipset_contains_ipv4(&acl_ipv4_set, &(addr.ip.v4));
} else if (addr.version == 6) {
return ipset_contains_ipv6(&acl_ipv6_set, &(addr.ip.v6));
}
return 0;
}
int acl_match_ip(const char *ip)
{
struct cork_ip addr;
int ret = cork_ip_init(&addr, ip);
if (ret) {
return 0;
}
if (addr.version == 4) {
ret = ipset_contains_ipv4(&acl_ipv4_set, &(addr.ip.v4));
} else if (addr.version == 6) {
ret = ipset_contains_ipv6(&acl_ipv6_set, &(addr.ip.v6));
}
if (acl_mode == WHITE_LIST) {
ret = !ret;
}
return ret;
}
