/* * Return 0, if not match. * Return 1, if match black list. * Return -1, if match white list. */ int acl_match_host(const char *host) { struct cork_ip addr; int ret = 0; int err = cork_ip_init(&addr, host); if (err) { int host_len = strlen(host); if (lookup_rule(&black_list_rules, host, host_len) != NULL) ret = 1; else if (lookup_rule(&white_list_rules, host, host_len) != NULL) ret = -1; return ret; } if (addr.version == 4) { if (ipset_contains_ipv4(&black_list_ipv4, &(addr.ip.v4))) ret = 1; else if (ipset_contains_ipv4(&white_list_ipv4, &(addr.ip.v4))) ret = -1; } else if (addr.version == 6) { if (ipset_contains_ipv6(&black_list_ipv6, &(addr.ip.v6))) ret = 1; else if (ipset_contains_ipv6(&white_list_ipv6, &(addr.ip.v6))) ret = -1; } return ret; }
bool ipset_contains_ip(const struct ip_set *set, struct cork_ip *addr) { if (addr->version == 4) { return ipset_contains_ipv4(set, &addr->ip.v4); } else { return ipset_contains_ipv6(set, &addr->ip.v6); } }
int acl_contains_ip(const char * host) { struct cork_ip addr; int err = cork_ip_init(&addr, host); if (err) { return 0; } if (addr.version == 4) { return ipset_contains_ipv4(&acl_ipv4_set, &(addr.ip.v4)); } else if (addr.version == 6) { return ipset_contains_ipv6(&acl_ipv6_set, &(addr.ip.v6)); } return 0; }
int acl_match_ip(const char *ip) { struct cork_ip addr; int ret = cork_ip_init(&addr, ip); if (ret) { return 0; } if (addr.version == 4) { ret = ipset_contains_ipv4(&acl_ipv4_set, &(addr.ip.v4)); } else if (addr.version == 6) { ret = ipset_contains_ipv6(&acl_ipv6_set, &(addr.ip.v6)); } if (acl_mode == WHITE_LIST) { ret = !ret; } return ret; }