aclnew, aclset, aclsetc, acldelete, acldeletec, aclcheck, aclload, acldestroy - routines to implement network access control lists.
struct acl *a
aclset(struct acl *a, struct in_addr *adr, struct in_addr *mask)
aclsetc(struct acl *a, const char *cidr)
acldelete(struct acl *a, struct in_addr *adr, struct in_addr *mask)
acldeletec(struct acl *a, const char *cidr)
aclcheck(struct acl *a, struct in_addr *adr)
aclload(struct acl *a, const char *path)
acldestroy(struct acl *a)
These functions implement access control lists. These list are needed to allow or permit access to network bound functions to certain hosts or networks.
Creates a new empty acl and returns a pointer to it. This must be called before any subsequent call to the acl routines.
Adds the network address coded in adr with netmask mask to the acl a.
Adds the network address coded in cidr to the acl a. The argument cidr specifies the network address in CIDR notation (see below).
Deletes the entry given by adr and mask from the access list.
Does the same as acldelete, but with the address being in CIDR notation.
Checks if address adr with mask mask is covered by the list or not.
This function loads an entire acl a from a file specified by path. The format of the file is:
address[/len] [<whitespace> netmask]
with address being the address. If len is added, the address is in CIDR notation and the netmask is not used (if it is given a warning will be issued). If a neither netmask is given nor a length specified, a single host is assumed. Entries are positive entries i.e. if the entry exists, a host is permitted to access.
Lines that start with ``#'' or a single space or which are empty are treated as comment lines.
Destroys the given acl a and frees all memory.
CIDR (Classless Inter Domain Routing) Addresses are of the form address/length. This means that the length leftmost bits of the address form the network part of the final address and the rest the host part. As an example: 22.214.171.124/24 is equivalent to 126.96.36.199 netmask 255.255.255.0.
Note: if length is omitted, then it is taken as 32 which means that a single host is specified.
Note: If you wish to exclude e.g. one host from an entire class C net, then you have to split the net into several smaller pieces that add up to the class C net without that host. In a future revision some sort of exclude statement will possibly appear.
All functions return -1 on failure and 0 on success, except aclnew.
The acl*() functions are part of MCNTP, the diploma thesis Transport of NetNews via IP-multicast of the author.
Heiko W.Rupp (email@example.com)
None known yet. If you find any, then please report them to <firstname.lastname@example.org>
Table of Contents