Some of the ACL tests that need lookups - such as dst ip tests, where we
need to do the name->ip lookup, return 0 for no match, rather than -1
for can't compare.
Is this correct? It means that we will get false passes/misses on the
first test.
Any objection to these pausing the request until the lookup is done? It
will make some of the modular code a little easier (because we won't be
overloading the meaning of the response codes).
(The response codes are basically
0 - no match
1 - match
-1 - can't test.
-1 is currently only used by the auth code, IMO it should be used by any
acl match routine that needs to do a lookup.
Rob
Received on Fri Apr 27 2001 - 18:53:59 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:50 MST