struct list_head node;
};
-
/**
* Return true if addr_1 matches addr_2 in the first `netmask' bits.
*/
*
* \return One if \a fd belongs to \a acl, zero otherwise.
*/
-int acl_lookup(int fd, struct list_head *acl)
+static int acl_lookup(int fd, struct list_head *acl)
{
struct access_info *ai, *tmp;
struct sockaddr_storage ss;
* \param addr The address to add.
* \param netmask The netmask to use for this entry.
*/
-void acl_add_entry(struct list_head *acl, struct in_addr addr,
+static void acl_add_entry(struct list_head *acl, struct in_addr addr,
int netmask)
{
struct access_info *ai = para_malloc(sizeof(struct access_info));
para_list_add(&ai->node, acl);
}
-
/**
* Delete an entry from an access control list.
*
* \param addr The address to delete.
* \param netmask The netmask of the entry to be removed from the list.
*/
-void acl_del_entry(struct list_head *acl, struct in_addr addr,
+static void acl_del_entry(struct list_head *acl, struct in_addr addr,
int netmask)
{
struct access_info *ai, *tmp;
}
}
+/**
+ * Check whether the peer name of a given fd is allowed by an acl.
+ *
+ * \param fd File descriptor.
+ * \param acl The access control list.
+ * \param default_deny Whether \a acl is a whitelist.
+ *
+ * \return Positive if the peer of \a fd is permitted by \a acl, \p -E_ACL_PERM
+ * otherwise.
+ */
+int acl_check_access(int fd, struct list_head *acl, int default_deny)
+{
+ int match = acl_lookup(fd, acl);
+
+ return (!match || default_deny) && (match || !default_deny)?
+ 1 : -E_ACL_PERM;
+}
+
+/**
+ * Permit access for a range of IP addresses.
+ *
+ * \param addr The address to permit.
+ * \param netmask The netmask of the entry to be permitted.
+ * \param acl The access control list.
+ * \param default_deny Whether \a acl is a whitelist.
+ */
+void acl_allow(struct in_addr addr, int netmask,
+ struct list_head *acl, int default_deny)
+{
+ if (default_deny)
+ acl_add_entry(acl, addr, netmask);
+ else
+ acl_del_entry(acl, addr, netmask);
+}
+
+/**
+ * Deny access for a range of IP addresses.
+ *
+ * \param addr The address to permit.
+ * \param netmask The netmask of the entry to be permitted.
+ * \param acl The access control list.
+ * \param default_deny Whether \a acl is a whitelist.
+ */
+void acl_deny(struct in_addr addr, int netmask,
+ struct list_head *acl, int default_deny)
+{
+ acl_allow(addr, netmask, acl, !default_deny);
+}