The problem might be that dstdom_regex is not necessarily a "fast" ACL lookup:
case ACL_DST_DOM_REGEX:
if ((ia = ipcacheCheckNumeric(r->host)) == NULL)
return aclMatchRegex(ae->data, r->host);
fqdn = fqdncache_gethostbyaddr(ia->in_addrs[0], FQDN_LOOKUP_IF_MISS);
if (fqdn)
return aclMatchRegex(ae->data, fqdn);
if (checklist->state[ACL_DST_DOMAIN] == ACL_LOOKUP_NONE) {
debug(28, 3) ("aclMatchAcl: Can't yet compare '%s' ACL for '%s'\n",
ae->name, inet_ntoa(ia->in_addrs[0]));
checklist->state[ACL_DST_DOMAIN] = ACL_LOOKUP_NEEDED;
return 0;
}
return aclMatchRegex(ae->data, "none");
/* NOTREACHED */
hence dstdom_regex won't always work.
Maybe delay pools should be using "slow" ACL lookups? Comments?
David.
Received on Wed Sep 15 1999 - 09:53:13 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:25 MST