| 171 |
|
ACLRule rule = (ACLRule) _acl.get(i); |
| 172 |
|
if(rule._iprule) { |
| 173 |
|
// if this is an IP rule do a short comparison |
| 174 |
< |
if(compareShorts(ipaddr, rule._ipaddr)) { |
| 174 |
> |
// must specify the wildcarded rule first |
| 175 |
> |
if(compareShorts(rule._ipaddr, ipaddr)) { |
| 176 |
|
return rule._allow; |
| 177 |
|
} |
| 178 |
|
} |
| 233 |
|
ipaddr[i] = Short.parseShort(st.nextToken()); |
| 234 |
|
} |
| 235 |
|
catch(NumberFormatException e) { |
| 236 |
< |
// do nothing? |
| 236 |
> |
// do nothing... |
| 237 |
|
// we just want to leave it as -1 |
| 238 |
|
// -- actually, maybe we want to do more checks in here? |
| 239 |
|
// although in this code context it'll probably be ok, |
| 245 |
|
} |
| 246 |
|
|
| 247 |
|
/** |
| 248 |
< |
* Compares two short arrays. The array can contain a -1, which |
| 249 |
< |
* will always match any value -- it's a wildcard. They must be |
| 250 |
< |
* the same length to match. At the moment the order of the |
| 250 |
< |
* parameters does not matter. |
| 248 |
> |
* Compares two short arrays. The first array can contain a -1, |
| 249 |
> |
* which will always match any value -- it's a wildcard. |
| 250 |
> |
* They must be the same length to match. |
| 251 |
|
* |
| 252 |
< |
* @param first The first array to compare |
| 252 |
> |
* @param first The first array to compare (with -1 wildcard if required) |
| 253 |
|
* @param second The second array to compare |
| 254 |
|
* @result the result of the comparison |
| 255 |
|
*/ |
| 258 |
|
return false; |
| 259 |
|
} |
| 260 |
|
for(int i=0; i < first.length; i++) { |
| 261 |
< |
// -- might want to consider specify which is the wildcard one? |
| 262 |
< |
if(first[i] == -1 || second[i] == -1) { |
| 261 |
> |
if(first[i] == -1) { |
| 262 |
|
continue; |
| 263 |
|
} |
| 264 |
|
if(first[i] != second[i]) { |
| 265 |
|
return false; |
| 266 |
|
} |
| 267 |
+ |
} |
| 268 |
|
return true; |
| 269 |
|
} |
| 270 |
|
|
