whitelist

package
v1.121.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 19, 2026 License: MPL-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AddIP 

func AddIP(configDir string, ipStr string) error

AddIP adds an IP to the appropriate whitelist file Creates whitelist.d/99-manual.conf for manual additions

func IsIPInWhitelistFile added in v1.119.0 

func IsIPInWhitelistFile(ip string, entries map[string]WhitelistEntry) bool

IsIPInWhitelistFile returns true if ip is present as an exact key OR is contained within any CIDR entry in the typed map. 1:1 replacement for the pre-V119 exact-key `entries[ip]` pattern at callsites needing CIDR-aware membership (notably the daemon pre-ban guard).

The ip argument must be a single IP literal (e.g. "1.2.3.45"), not a CIDR. To check whether an exact CIDR string is in the file (e.g. "1.2.3.0/27" as a literal), use direct map lookup `_, ok := entries[cidr]` instead.

V119 A1: closes whitelist half of D-MANUAL-CIDR-LOAD-GAP — protects an IP inside a whitelisted /27 from being banned.

func LoadAllWhitelists 

func LoadAllWhitelists(configDir string) (map[string]bool, map[string]bool, error)

LoadAllWhitelists loads IPs from all whitelist sources and returns two map[string]bool sets for backward compatibility with pre-V119 callers (notably cmd/nftban-core/profile_sync.go which iterates keys for pprof diff profiling and does not perform membership tests).

New consumers needing CIDR semantics should call LoadAllWhitelistsTyped + IsIPInWhitelistFile instead.

V119: thin wrapper around LoadAllWhitelistsTyped (single scanning/parsing path, two return shapes) per the dual-API pattern in V119_MANUAL_CIDR_PREFLIGHT_PROFILE_SYNC_AUDIT.md §5.

func LoadAllWhitelistsTyped added in v1.119.0 

func LoadAllWhitelistsTyped(configDir string) (map[string]WhitelistEntry, map[string]WhitelistEntry, error)

LoadAllWhitelistsTyped loads IPs from all whitelist sources and returns map[string]WhitelistEntry preserving IsCIDR semantics. Use in tandem with IsIPInWhitelistFile for CIDR-aware membership checks.

V119 A1: closes whitelist half of D-MANUAL-CIDR-LOAD-GAP. Callers in V116 §4 allowlist (cmd_check.go, cmd_ban.go, daemon_handlers_ban.go) use this typed loader; profile_sync.go remains on legacy LoadAllWhitelists.

func RemoveIP 

func RemoveIP(configDir string, ipStr string) error

RemoveIP removes an IP from all whitelist files Note: This searches all .conf files and removes the IP

Types

type WhitelistEntry added in v1.119.0 

type WhitelistEntry struct {
	Value  string // exact normalized form as written: "1.2.3.4" or "1.2.3.0/27"
	IsCIDR bool   // true if Value contains "/"
}

WhitelistEntry is the typed loader output preserving IsCIDR semantics so the daemon pre-ban guard can detect IP-in-CIDR membership instead of the pre-V119 exact-key map[ip] match. Mirror of blacklist.BlacklistEntry — closes the symmetric whitelist half of D-MANUAL-CIDR-LOAD-GAP per V116_CAND3_MANUAL_CIDR_DESIGN_FIX_SCOPE.md §3.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.