bughz/tinyproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

check_acl: do full_inet_pton() only once per ip

Browse Source 
if there's a long list of acl's, doing full_inet_pton() over
and over with the same IP isn't really efficient.
This commit is contained in:
rofl0r 2020-09-07 20:57:16 +01:00
parent 88153e944f
commit efa5892011
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/acl.c
View File

@ -305,16 +305,12 @@ STRING_TEST:
* 0 IP address is denied * 0 IP address is denied
* -1 neither allowed nor denied. * -1 neither allowed nor denied.
*/ */
static int check_numeric_acl (const struct acl_s *acl, const char *ip) static int check_numeric_acl (const struct acl_s *acl, uint8_t addr[IPV6_LEN])
{ {
uint8_t addr[IPV6_LEN], x, y; uint8_t x, y;
int i; int i;
assert (acl && acl->type == ACL_NUMERIC); assert (acl && acl->type == ACL_NUMERIC);
assert (ip && strlen (ip) > 0);
if (full_inet_pton (ip, &addr) <= 0)
return -1;
for (i = 0; i != IPV6_LEN; ++i) { for (i = 0; i != IPV6_LEN; ++i) {
x = addr[i] & acl->address.ip.mask[i]; x = addr[i] & acl->address.ip.mask[i];
@ -339,9 +335,10 @@ static int check_numeric_acl (const struct acl_s *acl, const char *ip)
int check_acl (const char *ip, union sockaddr_union *addr, vector_t access_list) int check_acl (const char *ip, union sockaddr_union *addr, vector_t access_list)
{ {
struct acl_s *acl; struct acl_s *acl;
int perm = 0; int perm = 0, is_numeric_addr;
size_t i; size_t i;
char string_addr[HOSTNAME_LENGTH]; char string_addr[HOSTNAME_LENGTH];
uint8_t numeric_addr[IPV6_LEN];
assert (ip != NULL); assert (ip != NULL);
assert (addr != NULL); assert (addr != NULL);
@ -354,6 +351,8 @@ int check_acl (const char *ip, union sockaddr_union *addr, vector_t access_list)
if (!access_list) if (!access_list)
return 1; return 1;
is_numeric_addr = (full_inet_pton (ip, &numeric_addr) > 0);
for (i = 0; i != (size_t) vector_length (access_list); ++i) { for (i = 0; i != (size_t) vector_length (access_list); ++i) {
acl = (struct acl_s *) vector_getentry (access_list, i, NULL); acl = (struct acl_s *) vector_getentry (access_list, i, NULL);
switch (acl->type) { switch (acl->type) {
@ -364,7 +363,10 @@ int check_acl (const char *ip, union sockaddr_union *addr, vector_t access_list)
case ACL_NUMERIC: case ACL_NUMERIC:
if (ip[0] == '\0') if (ip[0] == '\0')
continue; continue;
perm = check_numeric_acl (acl, ip);
perm = is_numeric_addr
? check_numeric_acl (acl, numeric_addr)
: -1;
break; break;
} }