acl bug/question

From: Robert Collins <>
Date: Sat, 28 Apr 2001 10:55:05 +1000

Some of the ACL tests that need lookups - such as dst ip tests, where we
need to do the name->ip lookup, return 0 for no match, rather than -1
for can't compare.

Is this correct? It means that we will get false passes/misses on the
first test.

Any objection to these pausing the request until the lookup is done? It
will make some of the modular code a little easier (because we won't be
overloading the meaning of the response codes).

(The response codes are basically
0 - no match
1 - match
-1 - can't test.

-1 is currently only used by the auth code, IMO it should be used by any
acl match routine that needs to do a lookup.

Received on Fri Apr 27 2001 - 18:53:59 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:13:50 MST