#ifndef __acl_h_
#define __acl_h_

#include "common.h"

#define ACL_deny  -1
#define ACL_allow 1

class ACL {
 public:
  int acltype;
  int value; /* ACL_allow or ACL_deny */
  ACL *next;

  ACL();
  virtual int isMatch(DWORD ip) { return 0; }
  virtual void debug();
};

class ACLList {
 public:
  ACL *top;
  ACL *nextacl;

 public:
  ACLList();
  ~ACLList();
  void regist(ACL *acl);
  int set(char *s, int val);
  void debug();
  inline ACL *getACL() { return top; }
  inline void catACL(ACL *a) {
    nextacl = a;
    ACL *p = top;
    if (p) {
      while (p->next) {
	p = p->next;
      }
      p->next = a;
    } else {
      top = a;
    }
  }
};

#define ACL_NETWORK       1
#define ACL_NETWORK_RANGE 2

class ACLNetwork : public ACL {
  DWORD network, netmask;
 public:
  ACLNetwork(DWORD net, DWORD mask, int val) {
    acltype = ACL_NETWORK;
    network = net;
    netmask = mask;
    value = val;
  }

  int isMatch(DWORD ip);

  void debug();
};

class ACLNetworkRange : public ACL {
  UCHAR net1[4], net2[4];
  int netmask;
  int count;

 public:
  ACLNetworkRange(DWORD n1, DWORD n2, DWORD mask, int val) {
    int i;

    acltype = ACL_NETWORK_RANGE;
    netmask = mask;
    value = val;
    n1 &= netmask;
    n2 &= netmask;
    for(count = 0; count < 4; count++) {
      if (!(mask & 0xff)) break; 
      mask >>= 8;
    }
  
    for(i = 0; i < count; i++) {
      net1[i] = n1 & 0xff;
      net2[i] = n2 & 0xff;
      n1 >>= 8;
      n2 >>= 8;
    }
  }

  int isMatch(DWORD ip);
  void debug();
};

#endif /* __acl_h_ */