update

mongoose.c

@@ -6019,7 +6019,7 @@ uint32_t mg_crc32(uint32_t crc, const char *buf, size_t len) {
       0x9B64C2B0, 0x86D3D2D4, 0xA00AE278, 0xBDBDF21C};
   crc = ~crc;
   while (len--) {
-    uint8_t byte = *(uint8_t *)buf++;
+    uint8_t byte = *(uint8_t *) buf++;
     crc = crclut[(crc ^ byte) & 0x0F] ^ (crc >> 4);
     crc = crclut[(crc ^ (byte >> 4)) & 0x0F] ^ (crc >> 4);
   }
@@ -6044,14 +6044,20 @@ static int parse_net(const char *spec, uint32_t *net, uint32_t *mask) {
   return len;
 }
 
-int mg_check_ip_acl(struct mg_str acl, uint32_t remote_ip) {
+int mg_check_ip_acl(struct mg_str acl, struct mg_addr *remote_ip) {
   struct mg_str k, v;
   int allowed = acl.len == 0 ? '+' : '-';  // If any ACL is set, deny by default
-  while (mg_commalist(&acl, &k, &v)) {
-    uint32_t net, mask;
-    if (k.ptr[0] != '+' && k.ptr[0] != '-') return -1;
-    if (parse_net(&k.ptr[1], &net, &mask) == 0) return -2;
-    if ((mg_ntohl(remote_ip) & mask) == net) allowed = k.ptr[0];
+  uint32_t remote_ip4;
+  if (remote_ip->is_ip6) {
+    return -1;  // TODO(): handle IPv6 ACL and addresses
+  } else {  // IPv4
+    memcpy((void *) &remote_ip4, remote_ip->ip, sizeof(remote_ip4));
+    while (mg_commalist(&acl, &k, &v)) {
+      uint32_t net, mask;
+      if (k.ptr[0] != '+' && k.ptr[0] != '-') return -1;
+      if (parse_net(&k.ptr[1], &net, &mask) == 0) return -2;
+      if ((mg_ntohl(remote_ip4) & mask) == net) allowed = k.ptr[0];
+    }
   }
   return allowed == '+';
 }
@@ -6074,9 +6080,9 @@ uint64_t mg_millis(void) {
 #elif MG_ARCH == MG_ARCH_ZEPHYR
   return (uint64_t) k_uptime_get();
 #elif MG_ARCH == MG_ARCH_CMSIS_RTOS1
-  return (uint64_t)rt_time_get();
+  return (uint64_t) rt_time_get();
 #elif MG_ARCH == MG_ARCH_CMSIS_RTOS2
-  return (uint64_t)((osKernelGetTickCount() * 1000) / osKernelGetTickFreq());
+  return (uint64_t) ((osKernelGetTickCount() * 1000) / osKernelGetTickFreq());
 #elif MG_ARCH == MG_ARCH_RTTHREAD
   return (uint64_t) ((rt_tick_get() * 1000) / RT_TICK_PER_SECOND);
 #elif MG_ARCH == MG_ARCH_UNIX && defined(__APPLE__)

mongoose.h

@@ -858,7 +858,6 @@ bool mg_split(struct mg_str *s, struct mg_str *k, struct mg_str *v, char delim);
 char *mg_hex(const void *buf, size_t len, char *dst);
 void mg_unhex(const char *buf, size_t len, unsigned char *to);
 unsigned long mg_unhexn(const char *s, size_t len);
-int mg_check_ip_acl(struct mg_str acl, uint32_t remote_ip);
 bool mg_path_is_sane(const char *path);
 
 
@@ -1043,6 +1042,9 @@ uint64_t mg_millis(void);
 #define MG_IPADDR_PARTS(ADDR) \
   MG_U8P(ADDR)[0], MG_U8P(ADDR)[1], MG_U8P(ADDR)[2], MG_U8P(ADDR)[3]
 
+struct mg_addr;
+int mg_check_ip_acl(struct mg_str acl, struct mg_addr *remote_ip);
+
 // Linked list management macros
 #define LIST_ADD_HEAD(type_, head_, elem_) \
   do {                                     \

src/str.h

@@ -34,5 +34,4 @@ bool mg_split(struct mg_str *s, struct mg_str *k, struct mg_str *v, char delim);
 char *mg_hex(const void *buf, size_t len, char *dst);
 void mg_unhex(const char *buf, size_t len, unsigned char *to);
 unsigned long mg_unhexn(const char *s, size_t len);
-int mg_check_ip_acl(struct mg_str acl, uint32_t remote_ip);
 bool mg_path_is_sane(const char *path);

src/util.c

@@ -55,7 +55,7 @@ uint32_t mg_crc32(uint32_t crc, const char *buf, size_t len) {
       0x9B64C2B0, 0x86D3D2D4, 0xA00AE278, 0xBDBDF21C};
   crc = ~crc;
   while (len--) {
-    uint8_t byte = *(uint8_t *)buf++;
+    uint8_t byte = *(uint8_t *) buf++;
     crc = crclut[(crc ^ byte) & 0x0F] ^ (crc >> 4);
     crc = crclut[(crc ^ (byte >> 4)) & 0x0F] ^ (crc >> 4);
   }
@@ -80,14 +80,20 @@ static int parse_net(const char *spec, uint32_t *net, uint32_t *mask) {
   return len;
 }
 
-int mg_check_ip_acl(struct mg_str acl, uint32_t remote_ip) {
+int mg_check_ip_acl(struct mg_str acl, struct mg_addr *remote_ip) {
   struct mg_str k, v;
   int allowed = acl.len == 0 ? '+' : '-';  // If any ACL is set, deny by default
-  while (mg_commalist(&acl, &k, &v)) {
-    uint32_t net, mask;
-    if (k.ptr[0] != '+' && k.ptr[0] != '-') return -1;
-    if (parse_net(&k.ptr[1], &net, &mask) == 0) return -2;
-    if ((mg_ntohl(remote_ip) & mask) == net) allowed = k.ptr[0];
+  uint32_t remote_ip4;
+  if (remote_ip->is_ip6) {
+    return -1;  // TODO(): handle IPv6 ACL and addresses
+  } else {  // IPv4
+    memcpy((void *) &remote_ip4, remote_ip->ip, sizeof(remote_ip4));
+    while (mg_commalist(&acl, &k, &v)) {
+      uint32_t net, mask;
+      if (k.ptr[0] != '+' && k.ptr[0] != '-') return -1;
+      if (parse_net(&k.ptr[1], &net, &mask) == 0) return -2;
+      if ((mg_ntohl(remote_ip4) & mask) == net) allowed = k.ptr[0];
+    }
   }
   return allowed == '+';
 }
@@ -110,9 +116,9 @@ uint64_t mg_millis(void) {
 #elif MG_ARCH == MG_ARCH_ZEPHYR
   return (uint64_t) k_uptime_get();
 #elif MG_ARCH == MG_ARCH_CMSIS_RTOS1
-  return (uint64_t)rt_time_get();
+  return (uint64_t) rt_time_get();
 #elif MG_ARCH == MG_ARCH_CMSIS_RTOS2
-  return (uint64_t)((osKernelGetTickCount() * 1000) / osKernelGetTickFreq());
+  return (uint64_t) ((osKernelGetTickCount() * 1000) / osKernelGetTickFreq());
 #elif MG_ARCH == MG_ARCH_RTTHREAD
   return (uint64_t) ((rt_tick_get() * 1000) / RT_TICK_PER_SECOND);
 #elif MG_ARCH == MG_ARCH_UNIX && defined(__APPLE__)

src/util.h

@@ -30,6 +30,9 @@ uint64_t mg_millis(void);
 #define MG_IPADDR_PARTS(ADDR) \
   MG_U8P(ADDR)[0], MG_U8P(ADDR)[1], MG_U8P(ADDR)[2], MG_U8P(ADDR)[3]
 
+struct mg_addr;
+int mg_check_ip_acl(struct mg_str acl, struct mg_addr *remote_ip);
+
 // Linked list management macros
 #define LIST_ADD_HEAD(type_, head_, elem_) \
   do {                                     \

test/unit_test.c

@@ -1922,7 +1922,7 @@ static void test_str(void) {
 
 static void fn1(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {
   if (ev == MG_EV_ERROR) {
-    ASSERT(* (void **) fn_data == NULL);
+    ASSERT(*(void **) fn_data == NULL);
     *(char **) fn_data = mg_mprintf("%s", (char *) ev_data);
   }
   (void) c;
@@ -2543,16 +2543,18 @@ static void test_udp(void) {
 }
 
 static void test_check_ip_acl(void) {
-  uint32_t ip = mg_htonl(0x01020304);
-  ASSERT(mg_check_ip_acl(mg_str(NULL), ip) == 1);
-  ASSERT(mg_check_ip_acl(mg_str(""), ip) == 1);
-  ASSERT(mg_check_ip_acl(mg_str("invalid"), ip) == -1);
-  ASSERT(mg_check_ip_acl(mg_str("+hi"), ip) == -2);
-  ASSERT(mg_check_ip_acl(mg_str("+//"), ip) == -2);
-  ASSERT(mg_check_ip_acl(mg_str("-0.0.0.0/0"), ip) == 0);
-  ASSERT(mg_check_ip_acl(mg_str("-0.0.0.0/0,+1.0.0.0/8"), ip) == 1);
-  ASSERT(mg_check_ip_acl(mg_str("-0.0.0.0/0,+1.2.3.4"), ip) == 1);
-  ASSERT(mg_check_ip_acl(mg_str("-0.0.0.0/0,+1.0.0.0/16"), ip) == 0);
+  struct mg_addr ip = {{1,2,3,4}, 0, false};  // 1.2.3.4
+  ASSERT(mg_check_ip_acl(mg_str(NULL), &ip) == 1);
+  ASSERT(mg_check_ip_acl(mg_str(""), &ip) == 1);
+  ASSERT(mg_check_ip_acl(mg_str("invalid"), &ip) == -1);
+  ASSERT(mg_check_ip_acl(mg_str("+hi"), &ip) == -2);
+  ASSERT(mg_check_ip_acl(mg_str("+//"), &ip) == -2);
+  ASSERT(mg_check_ip_acl(mg_str("-0.0.0.0/0"), &ip) == 0);
+  ASSERT(mg_check_ip_acl(mg_str("-0.0.0.0/0,+1.0.0.0/8"), &ip) == 1);
+  ASSERT(mg_check_ip_acl(mg_str("-0.0.0.0/0,+1.2.3.4"), &ip) == 1);
+  ASSERT(mg_check_ip_acl(mg_str("-0.0.0.0/0,+1.0.0.0/16"), &ip) == 0);
+  ip.is_ip6 = true;
+  ASSERT(mg_check_ip_acl(mg_str("-0.0.0.0/0"), &ip) == -1);  // not yet supported
 }
 
 static void w3(struct mg_connection *c, int ev, void *ev_data, void *fn_data) {