blob: 616e72f8afe079cafa8c7c737bb5582c85c550d7 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
/* Copyright (C) 2011 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*!
* \file acl.h
*
* \author Marek Vavrusa <marek.vavrusa@nic.cz>
*
* \brief Access control lists.
*
* Simple access control list is implemented as a linked list, sorted by
* prefix length. This way, longest prefix match is always found first.
*
* \addtogroup common_lib
* @{
*/
#ifndef _KNOTD_ACL_H_
#define _KNOTD_ACL_H_
#include "common/lists.h"
#include "common/sockaddr.h"
/*! \brief ACL structure. */
typedef list_t acl_t;
/*! \brief Single ACL match. */
typedef struct acl_match {
node_t n;
sockaddr_t addr; /*!< \brief Address for comparison. */
void *val; /*!< \brief Associated value (or NULL). */
} acl_match_t;
/*!
* \brief Create a new ACL.
*
* \retval New ACL instance when successful.
* \retval NULL on errors.
*/
acl_t *acl_new();
/*!
* \brief Delete ACL structure.
*
* \param acl Pointer to ACL instance.
*/
void acl_delete(acl_t **acl);
/*!
* \brief Insert new ACL match.
*
* \param acl Pointer to ACL instance.
* \param addr IP address.
* \param val Value to be stored for given address (or NULL).
*
* \retval KNOT_EOK if successful.
* \retval KNOT_EINVAL
* \retval KNOT_ENOMEM
*/
int acl_insert(acl_t *acl, const sockaddr_t *addr, void *val);
/*!
* \brief Match address against ACL.
*
* \param acl Pointer to ACL instance.
* \param addr IP address.
*
* \retval Matching rule instance if found.
* \retval NULL if it didn't find a match.
*/
acl_match_t* acl_find(acl_t *acl, const sockaddr_t *addr);
/*!
* \brief Truncate ACL.
*
* All but the default rule will be dropped.
*
* \param acl Pointer to ACL instance.
*/
void acl_truncate(acl_t *acl);
#endif /* _KNOTD_ACL_H_ */
/*! @} */
|
