static int
ip_acl_onload(noit_image_t *self) {
int i, cnt;
noit_conf_section_t *acl_c;
ip_acl_module_id = noit_check_register_module("ip_acl");
if(ip_acl_module_id < 0) return -1;
acl_c = noit_conf_get_sections(NULL, "/noit/acls//acl", &cnt);
if(acl_c) {
for(i=0; i<cnt; i++) {
char *name;
int j, rcnt, arcnt = 0;
noit_conf_section_t *rule_c;
if(noit_conf_get_string(acl_c[i], "@name", &name)) {
rule_c = noit_conf_get_sections(acl_c[i], "rule", &rcnt);
if(rule_c) {
btrie *acl = calloc(1, sizeof(*acl));
for(j=0; j<rcnt; j++) {
int mask = -1, rv;
char dirstr[16] = "unspecified";
char *cp, target[256] = "";
union {
struct in_addr addr4;
struct in6_addr addr6;
} a;
noit_conf_get_stringbuf(rule_c[j], "self::node()", target, sizeof(target));
if(NULL != (cp = strchr(target, '/'))) {
*cp++ = '\0';
mask = atoi(cp);
}
if(!noit_conf_get_stringbuf(rule_c[j], "@type", dirstr, sizeof(dirstr)) ||
(strcmp(dirstr, "deny") && strcmp(dirstr, "allow"))) {
noitL(noit_error, "Unknown acl rule type \"%s\" in acl \"%s\"\n",
dirstr, name);
}
else if(inet_pton(AF_INET, target, &a) == 1) {
if(mask == -1) mask = 32;
noit_add_route_ipv4(acl, &a.addr4, mask, strcmp(dirstr, "allow") ? DENY_PTR : ALLOW_PTR);
arcnt++;
}
else if(inet_pton(AF_INET6, target, &a) == 1) {
if(mask == -1) mask = 128;
noit_add_route_ipv6(acl, &a.addr6, mask, strcmp(dirstr, "allow") ? DENY_PTR : ALLOW_PTR);
arcnt++;
}
}
noitL(noit_error, "ACL %s/%p -> %d/%d rules\n", name, acl, arcnt, rcnt);
noit_hash_replace(&acls, name, strlen(name), acl, free, free_btrie);
free(rule_c);
}
}
}
free(acl_c);
}
return 0;
}
static int
reverse_check_onload(mtev_image_t *self) {
reverse_check_module_id = noit_check_register_module("reverse");
if(reverse_check_module_id < 0) return -1;
return 0;
}
static int
histogram_onload(mtev_image_t *self) {
histogram_module_id = noit_check_register_module("histogram");
if(histogram_module_id < 0) return -1;
return 0;
}
