[MEDIUM] smarter integer comparison support in ACLs
ACLs now support operators such as 'eq', 'le', 'lt', 'ge' and 'gt'
in order to give more flexibility to the language. Because of this
change, the 'dst_limit' keyword changed to 'dst_conn' and now requires
either a range or a test such as 'dst_conn lt 1000' which is more
understandable.
diff --git a/src/client.c b/src/client.c
index 7c77189..ddc630b 100644
--- a/src/client.c
+++ b/src/client.c
@@ -517,14 +517,14 @@
/* Note: must not be declared <const> as its list will be overwritten */
static struct acl_kw_list acl_kws = {{ },{
- { "src_port", acl_parse_range, acl_fetch_sport, acl_match_range },
- { "src", acl_parse_ip, acl_fetch_src, acl_match_ip },
- { "dst", acl_parse_ip, acl_fetch_dst, acl_match_ip },
- { "dst_port", acl_parse_range, acl_fetch_dport, acl_match_range },
+ { "src_port", acl_parse_int, acl_fetch_sport, acl_match_int },
+ { "src", acl_parse_ip, acl_fetch_src, acl_match_ip },
+ { "dst", acl_parse_ip, acl_fetch_dst, acl_match_ip },
+ { "dst_port", acl_parse_int, acl_fetch_dport, acl_match_int },
#if 0
- { "src_limit", acl_parse_int, acl_fetch_sconn, acl_match_max },
+ { "src_limit", acl_parse_int, acl_fetch_sconn, acl_match_int },
#endif
- { "dst_limit", acl_parse_int, acl_fetch_dconn, acl_match_max },
+ { "dst_conn", acl_parse_int, acl_fetch_dconn, acl_match_int },
{ NULL, NULL, NULL, NULL },
}};