The FreeRADIUS server $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
|
BIO patricia trie filtering handlers. More...
#include <freeradius-devel/util/inet.h>
Go to the source code of this file.
Macros | |
#define | FR_BIO_NETWORK_ALLOW ((void *) (-1)) |
#define | FR_BIO_NETWORK_DENY ((void *) (-2)) |
Functions | |
fr_bio_t * | fr_bio_network_alloc (TALLOC_CTX *ctx, fr_ipaddr_t const *allow, fr_ipaddr_t const *deny, fr_bio_read_t discard, fr_bio_t *next)) |
Allocate a bio for filtering IP addresses. | |
fr_trie_t * | fr_bio_network_trie_alloc (TALLOC_CTX *ctx, int af, fr_ipaddr_t const *allow, fr_ipaddr_t const *deny) |
Create a patricia trie for doing network filtering. | |
BIO patricia trie filtering handlers.
Definition in file network.h.
fr_bio_t * fr_bio_network_alloc | ( | TALLOC_CTX * | ctx, |
fr_ipaddr_t const * | allow, | ||
fr_ipaddr_t const * | deny, | ||
fr_bio_read_t | discard, | ||
fr_bio_t * | next | ||
) |
Allocate a bio for filtering IP addresses.
This is used for unconnected UDP bios, where we filter packets based on source IP address.
It is also used for accept bios, where we filter new connections based on source IP address. The caller should chain this bio to the next FD bio, and then fr_bio_read() from the top-level bio. The result will be filtered or "clean" FDs.
A patricia trie (but not the bio) could also be used in an haproxy "activate" callback, where the callback gets the haproxy socket info, and then checks if the source is allowed. However, that patricia trie is a property of the main "accept" bio, and should be managed by the activate() callback for the haproxy bio.
Definition at line 92 of file network.c.
fr_trie_t * fr_bio_network_trie_alloc | ( | TALLOC_CTX * | ctx, |
int | af, | ||
fr_ipaddr_t const * | allow, | ||
fr_ipaddr_t const * | deny | ||
) |