Cross Reference: /bind-9.6-ESV-R11/lib/dns/acl.c

Lines Matching defs:acl
29 #include <dns/acl.h>
40 	dns_acl_t *acl;
48 	acl = isc_mem_get(mctx, sizeof(*acl));
49 	if (acl == NULL)
51 	acl->mctx = mctx;
52 	acl->name = NULL;
54 	result = isc_refcount_init(&acl->refcount, 1);
56 		isc_mem_put(mctx, acl, sizeof(*acl));
60 	result = dns_iptable_create(mctx, &acl->iptable);
62 		isc_mem_put(mctx, acl, sizeof(*acl));
66 	acl->elements = NULL;
67 	acl->alloc = 0;
68 	acl->length = 0;
69 	acl->has_negatives = ISC_FALSE;
71 	ISC_LINK_INIT(acl, nextincache);
75 	acl->magic = DNS_ACL_MAGIC;
77 	acl->elements = isc_mem_get(mctx, n * sizeof(dns_aclelement_t));
78 	if (acl->elements == NULL) {
82 	acl->alloc = n;
83 	memset(acl->elements, 0, n * sizeof(dns_aclelement_t));
84 	*target = acl;
88 	dns_acl_detach(&acl);
101 	dns_acl_t *acl = NULL;
102 	result = dns_acl_create(mctx, 0, &acl);
106 	result = dns_iptable_addprefix(acl->iptable, NULL, 0, ISC_TF(!neg));
108 		dns_acl_detach(&acl);
112 	*target = acl;
133  * If pos is ISC_TRUE, test whether acl is set to "{ any; }"
134  * If pos is ISC_FALSE, test whether acl is set to "{ none; }"
137 dns_acl_isanyornone(dns_acl_t *acl, isc_boolean_t pos)
140 	if (acl == NULL ||
141 	    acl->iptable == NULL ||
142 	    acl->iptable->radix == NULL ||
143 	    acl->iptable->radix->head == NULL ||
144 	    acl->iptable->radix->head->prefix == NULL)
147 	if (acl->length != 0 || acl->node_count != 1)
150 	if (acl->iptable->radix->head->prefix->bitlen == 0 &&
151 	    acl->iptable->radix->head->data[0] != NULL &&
152 	    acl->iptable->radix->head->data[0] ==
153 		    acl->iptable->radix->head->data[1] &&
154 	    *(isc_boolean_t *) (acl->iptable->radix->head->data[0]) == pos)
161  * Test whether acl is set to "{ any; }"
164 dns_acl_isany(dns_acl_t *acl)
166 	return (dns_acl_isanyornone(acl, ISC_TRUE));
170  * Test whether acl is set to "{ none; }"
173 dns_acl_isnone(dns_acl_t *acl)
175 	return (dns_acl_isanyornone(acl, ISC_FALSE));
187 	      const dns_acl_t *acl,
222 	result = isc_radix_search(acl->iptable->radix, &node, &pfx);
234 	for (i = 0; i < acl->length; i++) {
235 		dns_aclelement_t *e = &acl->elements[i];
319 		/* Duplicate nested acl. */
335 		/* reverse sense of positives if this is a negative acl */
471 	dns_acl_t *acl = *aclp;
473 	REQUIRE(DNS_ACL_VALID(acl));
474 	isc_refcount_decrement(&acl->refcount, &refs);
476 		destroy(acl);
529  * Return ISC_TRUE iff the acl 'a' is considered insecure, that is,