check_acl: do full_inet_pton() only once per ip

if there's a long list of acl's, doing full_inet_pton() over and over with the same IP isn't really efficient.
author: rofl0r <rofl0r@users.noreply.github.com> 2020-09-07 20:57:16 +0100
committer: rofl0r <rofl0r@users.noreply.github.com> 2020-09-07 20:57:16 +0100
commit: efa5892011af588dd3adc5d67ab80cd02c330d68 (patch)
tree: ee705950d9a5d623ed28ea982474702910802710
parent: 88153e944f7d28f57cccc77f3228a3f54f78ce4e (diff)
1 files changed, 10 insertions, 8 deletions
diff --git a/src/acl.c b/src/acl.c
index 06c982b..15bc2a1 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -305,16 +305,12 @@ STRING_TEST:
  *   0  IP address is denied
  *  -1  neither allowed nor denied.
  */
-static int check_numeric_acl (const struct acl_s *acl, const char *ip)
+static int check_numeric_acl (const struct acl_s *acl, uint8_t addr[IPV6_LEN])
 {
-        uint8_t addr[IPV6_LEN], x, y;
+        uint8_t x, y;
         int i;
 
         assert (acl && acl->type == ACL_NUMERIC);
-        assert (ip && strlen (ip) > 0);
-
-        if (full_inet_pton (ip, &addr) <= 0)
-                return -1;
 
         for (i = 0; i != IPV6_LEN; ++i) {
                 x = addr[i] & acl->address.ip.mask[i];
@@ -339,9 +335,10 @@ static int check_numeric_acl (const struct acl_s *acl, const char *ip)
 int check_acl (const char *ip, union sockaddr_union *addr, vector_t access_list)
 {
         struct acl_s *acl;
-        int perm = 0;
+        int perm = 0, is_numeric_addr;
         size_t i;
         char string_addr[HOSTNAME_LENGTH];
+        uint8_t numeric_addr[IPV6_LEN];
 
         assert (ip != NULL);
         assert (addr != NULL);
@@ -354,6 +351,8 @@ int check_acl (const char *ip, union sockaddr_union *addr, vector_t access_list)
         if (!access_list)
                 return 1;
 
+        is_numeric_addr = (full_inet_pton (ip, &numeric_addr) > 0);
+
         for (i = 0; i != (size_t) vector_length (access_list); ++i) {
                 acl = (struct acl_s *) vector_getentry (access_list, i, NULL);
                 switch (acl->type) {
@@ -364,7 +363,10 @@ int check_acl (const char *ip, union sockaddr_union *addr, vector_t access_list)
                 case ACL_NUMERIC:
                         if (ip[0] == '\0')
                                 continue;
-                        perm = check_numeric_acl (acl, ip);
+
+                        perm = is_numeric_addr
+                               ? check_numeric_acl (acl, numeric_addr)
+                               : -1;
                         break;
                 }
author	rofl0r <rofl0r@users.noreply.github.com>	2020-09-07 20:57:16 +0100
committer	rofl0r <rofl0r@users.noreply.github.com>	2020-09-07 20:57:16 +0100
commit	efa5892011af588dd3adc5d67ab80cd02c330d68 (patch)
tree	ee705950d9a5d623ed28ea982474702910802710
parent	88153e944f7d28f57cccc77f3228a3f54f78ce4e (diff)