1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE erlref SYSTEM "erlref.dtd">
<erlref>
<header>
<copyright>
<year>2005</year>
<year>2013</year>
<holder>Ericsson AB, All Rights Reserved</holder>
</copyright>
<legalnotice>
The contents of this file are subject to the Erlang Public License,
Version 1.1, (the "License"); you may not use this file except in
compliance with the License. You should have received a copy of the
Erlang Public License along with this software. If not, it can be
retrieved online at http://www.erlang.org/.
Software distributed under the License is distributed on an "AS IS"
basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See
the License for the specific language governing rights and limitations
under the License.
The Initial Developer of the Original Code is Ericsson AB.
</legalnotice>
<title>orber_acl</title>
<prepared></prepared>
<responsible></responsible>
<docno></docno>
<approved></approved>
<checked></checked>
<date>2005-05-19</date>
<rev>A</rev>
</header>
<module>orber_acl</module>
<modulesummary>Orber ACL operations</modulesummary>
<description>
<p>This module contains functions intended for analyzing Access
Control List (ACL) filters. The filters uses a extended format of
Classless Inter Domain Routing (CIDR).
For example, <c>"123.123.123.10"</c> limits
the connection to that particular host, while <c>"123.123.123.10/17"</c> allows
connections to or from any host equal to the 17 most significant bits. Orber
also allow the user to specify a certain port or port range, for example,
<c>"123.123.123.10/17#4001"</c> and <c>"123.123.123.10/17#4001/5001"</c>
respectively. IPv4 or none compressed IPv6 strings are accepted.</p>
</description>
<funcs>
<func>
<name>match(IP, Direction) -> boolean()</name>
<name>match(IP, Direction, GetInfo) -> Reply</name>
<fsummary>Verify if the IP address versus the current configuration</fsummary>
<type>
<v>IP = tuple() | [integer()]</v>
<v>Direction = tcp_in | ssl_in | tcp_out | ssl_out</v>
<v>GetInfo = boolean()</v>
<v>Reply = boolean() | {boolean(), [Interface], PortInfo}</v>
<v>Interface = string()</v>
<v>PortInfo = integer() | {integer(), integer()}</v>
</type>
<desc>
<p>If <c>GetInfo</c> is not supplied or set to false, this operation returns
a boolean which tells if the IPv4 or IPv6 address would pass the ACL
filter, defined by the <c>iiop_acl</c> configuration parameter, or not.
When <c>GetInfo</c> is set to true, a tuple which, besides the boolean
that tells if access was granted, also include the defined
interfaces and port(s). This operation requires that Orber is running and
can be used on a live node to determine if Orber has been properly configured.</p>
</desc>
</func>
<func>
<name>verify(IP, Filter, Family) -> Reply</name>
<fsummary>Verify if the IP address versus the Filter</fsummary>
<type>
<v>IP = string()</v>
<v>Filter = string()</v>
<v>Family = inet | inet6</v>
<v>Reply = true | {false, From, To} | {error, string()}</v>
<v>From = string()</v>
<v>To = string()</v>
</type>
<desc>
<p>This operation returns true if the IPv4 or IPv6 address would pass the
supplied ACL. If that is not the case, a tuple containing the accepted range
is returned. This operation should only be used for test purposes.</p>
</desc>
</func>
<func>
<name>range(Filter, Family) -> Reply</name>
<fsummary>Get range of Filter</fsummary>
<type>
<v>Filter = string()</v>
<v>Family = inet | inet6</v>
<v>Reply = {ok, From, To} | {error, string()}</v>
<v>From = string()</v>
<v>To = string()</v>
</type>
<desc>
<p>Returns the range of accepted IP addresses based on the supplied filter.
This operation should only be used for test purposes.</p>
</desc>
</func>
</funcs>
</erlref>
|