/* ************************************************************************ ** ** Copyright (c) 2011 by ** Core|Vision B.V. ** Cereslaan 10b ** 5384 VT Heesch ** The Netherlands ** ** All Rights Reserved ** ************************************************************************ */ /* ************************************************************************ ** ** Project name: Dual Inventive: Utility Library ** Filename: cp3000-acl.h ** Author: Jack Weeland ** Date: November 16, 2011 ** File version: 1.00 of November 16, 2011 ** ************************************************************************ */ /* ************************************************************************ ** ** CP3000 - Access Control List ** ************************************************************************ */ #ifndef __CP3000_ACL_H #define __CP3000_ACL_H #include /* ** Definitions */ // Access control list typedef struct CP3000_ACL *cp3000_acl_t; /* ** Exported functions */ // Initialize and destroy an access control list cp3000_acl_t cp3000_acl_create(); int cp3000_acl_destroy(cp3000_acl_t); // Add an address (range) to the list // Paramters: // ACL // allow (non-zero) or deny access (if zero) // string with the address or address range // Returns: // '0' on success, '-1' on error // Note: // The address can take the following forms: // - hostname // - IP address in decimal dot notation // - IP address range in CIDR notation, e.g. "10.0.0.0/8" or // "192.168.1.0/24" // - IP address and mask, e.g. "10.0.0.0 mask 255.0.0.0" or // "192.168.1.0 255.255.255.0" (the word "mask" is optional) // - IP address range defined by start and end address, separated // by a hyphen. No check is made if the range yields a 'valid' // mask, so care must be taken. // Example: "192.168.1.0 - 192.168.1.255" // The current implementation only takes IPv4 addresses int cp3000_acl_add(cp3000_acl_t, int allow_or_deny, const char *s); // Test a device's peer address // Returns: // '0' on success, i.e. the device is allowed, // '> 0' if the device is denied or // '-1' on error int cp3000_acl_test(cp3000_acl_t, cp3000_device_t); #endif /* __CP3000_ACL_H */