- for (i = 0; i < num; i++) {
- char *arg = para_strdup(acl_info[i]);
- char *p = strchr(arg, '/');
- struct in_addr addr;
- int netmask;
-
- if (!p)
- goto err;
- *p = '\0';
- if (!inet_pton(AF_INET, arg, &addr))
- goto err;
- netmask = atoi(++p);
- if (netmask < 0 || netmask > 32)
- goto err;
+ for (i = 0; i < num; i++)
+ if (parse_cidr(acl_info[i], addr, sizeof(addr), &mask) == NULL)
+ PARA_CRIT_LOG("ACL syntax error: %s, ignoring\n",
+ acl_info[i]);
+ else
+ acl_add_entry(acl, addr, mask);
+}
+
+/**
+ * Check whether the peer name of a given fd is allowed by an acl.
+ *
+ * \param fd File descriptor.
+ * \param acl The access control list.
+ * \param default_deny Whether \a acl is a whitelist.
+ *
+ * \return Positive if the peer of \a fd is permitted by \a acl, \p -E_ACL_PERM
+ * otherwise.
+ */
+int acl_check_access(int fd, struct list_head *acl, int default_deny)
+{
+ int match = acl_lookup(fd, acl);
+
+ return (!match || default_deny) && (match || !default_deny)?
+ 1 : -E_ACL_PERM;
+}
+
+/**
+ * Permit access for a range of IP addresses.
+ *
+ * \param addr The address to permit.
+ * \param netmask The netmask of the entry to be permitted.
+ * \param acl The access control list.
+ * \param default_deny Whether \a acl is a whitelist.
+ */
+void acl_allow(char *addr, int netmask,
+ struct list_head *acl, int default_deny)
+{
+ if (default_deny)