From: Gerrit Renker Date: Tue, 30 Jun 2009 08:20:19 +0000 (+0200) Subject: Support netmask subsets X-Git-Tag: v0.3.5~35^2 X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=commitdiff_plain;h=221bbcad6e453369e3eaf86850ec3c0cb37c1752;hp=0b36e0a77fc750af85e969efda7bda0931f389d0 Support netmask subsets This allows to specify sets of addresses which are defined by sharing the least-common netmask value. For example, if the allow list contains the following addresses: 10.0.0.2/24 10.0.0.2/32 then the second address is redundant since it is already included via the first one. The least-common netmask value is 24; with this patch a command like para_client sender http deny 10.0.0.0/24 will catch both addresses. --- diff --git a/acl.c b/acl.c index 9bc83c25..ffcd1685 100644 --- a/acl.c +++ b/acl.c @@ -90,13 +90,17 @@ static void acl_add_entry(struct list_head *acl, char *addr, int netmask) * \param addr The address to delete. * \param netmask The netmask of the entry to be removed from the list. */ -static void acl_del_entry(struct list_head *acl, char *addr, int netmask) +static void acl_del_entry(struct list_head *acl, char *addr, unsigned netmask) { struct access_info *ai, *tmp; + struct in_addr to_delete; + + inet_pton(AF_INET, addr, &to_delete); list_for_each_entry_safe(ai, tmp, acl, node) { - if (!strcmp(addr, inet_ntoa(ai->addr)) && - ai->netmask == netmask) { + + if (v4_addr_match(to_delete.s_addr, ai->addr.s_addr, + PARA_MIN(netmask, ai->netmask))) { PARA_NOTICE_LOG("removing %s/%i from access list\n", addr, ai->netmask); list_del(&ai->node);