From ee15a1e115be18a2d53e1a6474ebab62da2238d6 Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Fri, 27 Jan 2017 14:33:04 +0100 Subject: [PATCH] support exclusions in NetmaskGroup --- pdns/iputils.hh | 23 ++++++++++++++++------- pdns/test-iputils_hh.cc | 12 ++++++++++++ 2 files changed, 28 insertions(+), 7 deletions(-) diff --git a/pdns/iputils.hh b/pdns/iputils.hh index d0944d49b..0a3c2a7f7 100644 --- a/pdns/iputils.hh +++ b/pdns/iputils.hh @@ -788,7 +788,9 @@ public: bool match(const ComboAddress *ip) const { - return tree.match(*ip); + const auto &ret = tree.lookup(*ip); + if(ret) return ret->second; + return false; } bool match(const ComboAddress& ip) const @@ -797,15 +799,19 @@ public: } //! Add this string to the list of possible matches - void addMask(const string &ip) + void addMask(const string &ip, bool positive=true) { - addMask(Netmask(ip)); + if(!ip.empty() && ip[0] == '!') { + addMask(Netmask(ip.substr(1)), false); + } else { + addMask(Netmask(ip), positive); + } } //! Add this Netmask to the list of possible matches - void addMask(const Netmask& nm) + void addMask(const Netmask& nm, bool positive=true) { - tree.insert(nm); + tree.insert(nm).second=positive; } void clear() @@ -829,6 +835,8 @@ public: for(auto iter = tree.begin(); iter != tree.end(); ++iter) { if(iter != tree.begin()) str <<", "; + if(!((*iter)->second)) + str<<"!"; str<<(*iter)->first.toString(); } return str.str(); @@ -836,8 +844,9 @@ public: void toStringVector(vector* vec) const { - for(auto iter = tree.begin(); iter != tree.end(); ++iter) - vec->push_back((*iter)->first.toString()); + for(auto iter = tree.begin(); iter != tree.end(); ++iter) { + vec->push_back(((*iter)->second ? "" : "!") + (*iter)->first.toString()); + } } void toMasks(const string &ips) diff --git a/pdns/test-iputils_hh.cc b/pdns/test-iputils_hh.cc index 42f742467..6d0647f0c 100644 --- a/pdns/test-iputils_hh.cc +++ b/pdns/test-iputils_hh.cc @@ -208,6 +208,18 @@ BOOST_AUTO_TEST_CASE(test_NetmaskGroup) { BOOST_CHECK(ng.match(ComboAddress("fe80::1"))); BOOST_CHECK(!ng.match(ComboAddress("fe81::1"))); BOOST_CHECK_EQUAL(ng.toString(), "10.0.1.0/32, 127.0.0.0/8, 10.0.0.0/24, ::1/128, fe80::/16"); + + ng.addMask("172.16.0.0/16"); + BOOST_CHECK(ng.match(ComboAddress("172.16.1.1"))); + BOOST_CHECK(ng.match(ComboAddress("172.16.4.50"))); + ng.addMask("172.16.4.0/24", false); + BOOST_CHECK(ng.match(ComboAddress("172.16.1.1"))); + BOOST_CHECK(!ng.match(ComboAddress("172.16.4.50"))); + + BOOST_CHECK(ng.match(ComboAddress("172.16.10.80"))); + ng.addMask("!172.16.10.0/24"); + BOOST_CHECK(!ng.match(ComboAddress("172.16.10.80"))); + BOOST_CHECK_EQUAL(ng.toString(), "10.0.1.0/32, 127.0.0.0/8, 10.0.0.0/24, ::1/128, fe80::/16, 172.16.0.0/16, !172.16.4.0/24, !172.16.10.0/24"); } -- 2.49.0