diff --git a/libknet/internals.h b/libknet/internals.h index f8422a9c5..603511e69 100644 --- a/libknet/internals.h +++ b/libknet/internals.h @@ -129,35 +129,12 @@ struct knet_sock { * and socket has been removed from epoll */ }; -/* - * access lists - */ - -typedef enum { - CHECK_TYPE_ADDRESS, - CHECK_TYPE_MASK, - CHECK_TYPE_RANGE -} check_type_t; - -typedef enum { - CHECK_ACCEPT, - CHECK_REJECT -} check_acceptreject_t; - -struct acl_match_entry { - check_type_t type; - check_acceptreject_t acceptreject; - struct sockaddr_storage addr1; /* Actual IP address, mask top or low IP */ - struct sockaddr_storage addr2; /* high IP address or address bitmask */ - struct acl_match_entry *next; -}; - struct knet_fd_trackers { uint8_t transport; /* transport type (UDP/SCTP...) */ uint8_t data_type; /* internal use for transport to define what data are associated * to this fd */ void *data; /* pointer to the data */ - struct acl_match_entry *match_entry; + void *match_entry; /* pointer to access list match_entry list head */ }; #define KNET_MAX_FDS KNET_MAX_HOST * KNET_MAX_LINK * 4 diff --git a/libknet/links_acl.c b/libknet/links_acl.c index a91c309f0..e00b90c7a 100644 --- a/libknet/links_acl.c +++ b/libknet/links_acl.c @@ -28,7 +28,7 @@ int check_add(knet_handle_t knet_h, int sock, uint8_t transport, err = 0; break; case IP_PROTO: - err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[sock].match_entry, + err = ipcheck_addip((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sock].match_entry, ip1, ip2, type, acceptreject); break; default: @@ -48,7 +48,7 @@ int check_rm(knet_handle_t knet_h, int sock, uint8_t transport, err = 0; break; case IP_PROTO: - err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[sock].match_entry, + err = ipcheck_rmip((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sock].match_entry, ip1, ip2, type, acceptreject); break; default: @@ -64,7 +64,7 @@ void check_rmall(knet_handle_t knet_h, int sock, uint8_t transport) return; break; case IP_PROTO: - ipcheck_rmall(&knet_h->knet_transport_fd_tracker[sock].match_entry); + ipcheck_rmall((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sock].match_entry); break; default: break; @@ -83,7 +83,7 @@ int _link_add_default_acl(knet_handle_t knet_h, struct knet_link *kh_link) err = 0; break; case IP_PROTO: - err = ipcheck_addip(&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry, + err = ipcheck_addip((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry, &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT); break; default: @@ -105,7 +105,7 @@ int _link_rm_default_acl(knet_handle_t knet_h, struct knet_link *kh_link) err = 0; break; case IP_PROTO: - err = ipcheck_rmip(&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry, + err = ipcheck_rmip((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[kh_link->outsock].match_entry, &kh_link->dst_addr, &kh_link->dst_addr, CHECK_TYPE_ADDRESS, CHECK_ACCEPT); break; default: @@ -125,7 +125,7 @@ int _generic_filter_packet_by_acl(knet_handle_t knet_h, int sockfd, struct socka return 1; break; case IP_PROTO: - return ipcheck_validate(&knet_h->knet_transport_fd_tracker[sockfd].match_entry, checkip); + return ipcheck_validate((struct acl_match_entry **)&knet_h->knet_transport_fd_tracker[sockfd].match_entry, checkip); break; default: break; diff --git a/libknet/links_acl.h b/libknet/links_acl.h index 69e3807fd..fb493ef41 100644 --- a/libknet/links_acl.h +++ b/libknet/links_acl.h @@ -11,6 +11,25 @@ #include "internals.h" +typedef enum { + CHECK_TYPE_ADDRESS, + CHECK_TYPE_MASK, + CHECK_TYPE_RANGE +} check_type_t; + +typedef enum { + CHECK_ACCEPT, + CHECK_REJECT +} check_acceptreject_t; + +struct acl_match_entry { + check_type_t type; + check_acceptreject_t acceptreject; + struct sockaddr_storage addr1; /* Actual IP address, mask top or low IP */ + struct sockaddr_storage addr2; /* high IP address or address bitmask */ + struct acl_match_entry *next; +}; + int check_add(knet_handle_t knet_h, int sock, uint8_t transport, struct sockaddr_storage *ip1, struct sockaddr_storage *ip2, check_type_t type, check_acceptreject_t acceptreject); diff --git a/libknet/links_acl_ip.c b/libknet/links_acl_ip.c index edc3ae108..2aef14ba9 100644 --- a/libknet/links_acl_ip.c +++ b/libknet/links_acl_ip.c @@ -15,6 +15,7 @@ #include "internals.h" #include "logging.h" #include "transports.h" +#include "links_acl.h" #include "links_acl_ip.h" /* diff --git a/libknet/links_acl_ip.h b/libknet/links_acl_ip.h index 575b5ff8b..9e21e00f9 100644 --- a/libknet/links_acl_ip.h +++ b/libknet/links_acl_ip.h @@ -10,6 +10,7 @@ #define __KNET_LINKS_ACL_IP_H__ #include "internals.h" +#include "links_acl.h" int ipcheck_validate(struct acl_match_entry **match_entry_head, struct sockaddr_storage *checkip);