-
Notifications
You must be signed in to change notification settings - Fork 1
/
ip_filter.h
106 lines (94 loc) · 2.02 KB
/
ip_filter.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
/*
Copyright (c) 2012-2014 The SSDB Authors. All rights reserved.
Use of this source code is governed by a BSD-style license that can be
found in the LICENSE file.
*/
#ifndef ICOMET_IPFILTER_H
#define ICOMET_IPFILTER_H
#include <string>
#include <set>
// filter ip address
class IpFilter{
private:
bool deny_all;
bool allow_all;
bool empty_;
std::set<std::string> deny;
std::set<std::string> allow;
bool check_hit(const std::set<std::string> &m, const std::string &ip){
if(m.empty()){
return false;
}
std::set<std::string>::const_iterator it;
it = m.upper_bound(ip);
if(it == m.end()){
return false;
}
const std::string &prefix = *it;
int len = prefix.size() - 1;
if(prefix[len] == '='){
return prefix.compare(0, len, ip) == 0;
}else if(ip.size() > len){
return ip.compare(0, len, prefix, 0, len) == 0;
}
return false;
}
bool is_full_ip(const std::string &ip_prefix){
int n = 0;
for(int i=0; i<(int)ip_prefix.size(); i++){
if(ip_prefix[i] == '.'){
n ++;
}
}
return n == 3;
}
public:
IpFilter(){
deny_all = false;
allow_all = false;
empty_ = true;
}
bool empty(){
return empty_;
}
void add_allow(const std::string &ip_prefix){
if(ip_prefix == "all" || ip_prefix == "*"){
allow_all = true;
}else{
// '@' and '=' is greater than any char in ip
std::string prefix = ip_prefix + (is_full_ip(ip_prefix)? "=" : "@");
allow.insert(prefix);
}
empty_ = false;
}
void add_deny(const std::string &ip_prefix){
if(ip_prefix == "all" || ip_prefix == "*"){
deny_all = true;
}else{
// '@' and '=' is greater than any char in ip
std::string prefix = ip_prefix + (is_full_ip(ip_prefix)? "=" : "@");
deny.insert(prefix);
}
empty_ = false;
}
bool check_pass(const std::string &ip){
if(empty_){
return true;
}
// check specified allow/deny
if(check_hit(allow, ip)){
return true;
}
if(check_hit(deny, ip)){
return false;
}
if(deny_all){
return false;
}
if(allow_all){
return true;
}
return false;
}
};
#endif