Allow networks to be used instead of ip addresses when blessing is involved

author: Dirk Engling <erdgeist@erdgeist.org> 2024-03-29 03:30:13 +0100
committer: Dirk Engling <erdgeist@erdgeist.org> 2024-03-29 03:30:13 +0100
commit: 543ab73017b83e251924caca9aa37a0f892fe05f (patch)
tree: 7b58b9b4e1e7f05db81f25b50e062fb5ff36c421 /ot_accesslist.c
parent: ede702c7ffc90f1635c069d20c8a46b0b2a6ab66 (diff)
1 files changed, 22 insertions, 13 deletions
diff --git a/ot_accesslist.c b/ot_accesslist.c
index 7df503f..5bd81f0 100644
--- a/ot_accesslist.c
+++ b/ot_accesslist.c
@@ -21,6 +21,7 @@
 #include "scan.h"
 #include "ip6.h"
 #include "mmap.h"
+#include "fmt.h"
 /* Opentracker */
 #include "trackerlogic.h"
@@ -509,29 +510,37 @@ int proxylist_check_proxy( const ot_ip6 proxy, const ot_ip6 address ) {
 #endif
-static ot_ip6         g_adminip_addresses[OT_ADMINIP_MAX];
+static ot_net         g_admin_nets[OT_ADMINIP_MAX];
-static ot_permissions g_adminip_permissions[OT_ADMINIP_MAX];
+static ot_permissions g_admin_nets_permissions[OT_ADMINIP_MAX];
-static unsigned int   g_adminip_count = 0;
+static unsigned int   g_admin_nets_count = 0;
-int accesslist_blessip( ot_ip6 ip, ot_permissions permissions ) {
+int accesslist_bless_net( ot_net *net, ot_permissions permissions ) {
-  if( g_adminip_count >= OT_ADMINIP_MAX )
+  if( g_admin_nets_count >= OT_ADMINIP_MAX )
    return -1;
-  memcpy(g_adminip_addresses + g_adminip_count,ip,sizeof(ot_ip6));
+  memcpy(g_admin_nets + g_admin_nets_count, &net, sizeof(ot_net));
-  g_adminip_permissions[ g_adminip_count++ ] = permissions;
+  g_admin_nets_permissions[ g_admin_nets_count++ ] = permissions;
 #ifdef _DEBUG
  {
    char _debug[512];
-    int off = snprintf( _debug, sizeof(_debug), "Blessing ip address " );
+    int off = snprintf( _debug, sizeof(_debug), "Blessing ip net " );
-    off += fmt_ip6c(_debug+off, ip );
+    off += fmt_ip6c(_debug+off, net->address );
+    if( net->bits < 128) {
+      _debug[off++] = '/';
+      if( ip6_isv4mapped(net->address) )
+        off += fmt_long(_debug+off, net->bits-96);
+      else
+        off += fmt_long(_debug+off, net->bits);
+    }
    if( permissions & OT_PERMISSION_MAY_STAT       ) off += snprintf( _debug+off, 512-off, " may_fetch_stats" );
    if( permissions & OT_PERMISSION_MAY_LIVESYNC   ) off += snprintf( _debug+off, 512-off, " may_sync_live" );
    if( permissions & OT_PERMISSION_MAY_FULLSCRAPE ) off += snprintf( _debug+off, 512-off, " may_fetch_fullscrapes" );
    if( permissions & OT_PERMISSION_MAY_PROXY      ) off += snprintf( _debug+off, 512-off, " may_proxy" );
-    if( !permissions ) off += snprintf( _debug+off, sizeof(_debug)-off, " nothing\n" );
+    if( !permissions ) off += snprintf( _debug+off, sizeof(_debug)-off, " nothing" );
    _debug[off++] = '.';
+    _debug[off++] = '\n';
    (void)write( 2, _debug, off );
  }
 #endif
@@ -539,10 +548,10 @@ int accesslist_blessip( ot_ip6 ip, ot_permissions permissions ) {
  return 0;
 }
-int accesslist_isblessed( ot_ip6 ip, ot_permissions permissions ) {
+int accesslist_is_blessed( ot_ip6 ip, ot_permissions permissions ) {
  unsigned int i;
-  for( i=0; i<g_adminip_count; ++i )
+  for( i=0; i<g_admin_nets_count; ++i )
-    if( !memcmp( g_adminip_addresses + i, ip, sizeof(ot_ip6)) && ( g_adminip_permissions[ i ] & permissions ) )
+    if( address_in_net(ip, g_admin_nets + i) && (g_admin_nets_permissions[ i ] & permissions ))
      return 1;
  return 0;
 }
author	Dirk Engling <erdgeist@erdgeist.org>	2024-03-29 03:30:13 +0100
committer	Dirk Engling <erdgeist@erdgeist.org>	2024-03-29 03:30:13 +0100
commit	543ab73017b83e251924caca9aa37a0f892fe05f (patch)
tree	7b58b9b4e1e7f05db81f25b50e062fb5ff36c421 /ot_accesslist.c
parent	ede702c7ffc90f1635c069d20c8a46b0b2a6ab66 (diff)