Support netmask subsets

This allows to specify sets of addresses which are defined by sharing
the least-common netmask value.

For example, if the allow list contains the following addresses:

        10.0.0.2/24  10.0.0.2/32

then the second address is redundant since it is already included
via the first one. The least-common netmask value is 24; with this
patch a command like

        para_client sender http deny 10.0.0.0/24

will catch both addresses.

diff --git a/acl.c b/acl.c
index 9bc83c2506f9083e577d8ff36d0c6953dd2d1285..ffcd168572fee34bcface386c57d7bf5f7cbadeb 100644 (file)
--- a/acl.c
+++ b/acl.c
@@ -90,13 +90,17 @@ static void acl_add_entry(struct list_head *acl, char *addr, int netmask)
  * \param addr The address to delete.
  * \param netmask The netmask of the entry to be removed from the list.
  */
-static void acl_del_entry(struct list_head *acl, char *addr, int netmask)
+static void acl_del_entry(struct list_head *acl, char *addr, unsigned netmask)
 {
        struct access_info *ai, *tmp;
+       struct in_addr to_delete;
+
+       inet_pton(AF_INET, addr, &to_delete);
 
        list_for_each_entry_safe(ai, tmp, acl, node) {
-               if (!strcmp(addr, inet_ntoa(ai->addr)) &&
-                               ai->netmask == netmask) {
+
+               if (v4_addr_match(to_delete.s_addr, ai->addr.s_addr,
+                                       PARA_MIN(netmask, ai->netmask))) {
                        PARA_NOTICE_LOG("removing %s/%i from access list\n",
                                        addr, ai->netmask);
                        list_del(&ai->node);