whitelist

func IsIPInWhitelistFile ¶ added in v1.119.0

func IsIPInWhitelistFile(ip string, entries map[string]WhitelistEntry) bool

IsIPInWhitelistFile returns true if ip is present as an exact key OR is contained within any CIDR entry in the typed map. 1:1 replacement for the pre-V119 exact-key `entries[ip]` pattern at callsites needing CIDR-aware membership (notably the daemon pre-ban guard).

The ip argument must be a single IP literal (e.g. "1.2.3.45"), not a CIDR. To check whether an exact CIDR string is in the file (e.g. "1.2.3.0/27" as a literal), use direct map lookup `_, ok := entries[cidr]` instead.

V119 A1: closes whitelist half of D-MANUAL-CIDR-LOAD-GAP — protects an IP inside a whitelisted /27 from being banned.

func LoadAllWhitelists ¶

func LoadAllWhitelists(configDir string) (map[string]bool, map[string]bool, error)

LoadAllWhitelists loads IPs from all whitelist sources and returns two map[string]bool sets for backward compatibility with pre-V119 callers (notably cmd/nftban-core/profile_sync.go which iterates keys for pprof diff profiling and does not perform membership tests).

New consumers needing CIDR semantics should call LoadAllWhitelistsTyped + IsIPInWhitelistFile instead.

V119: thin wrapper around LoadAllWhitelistsTyped (single scanning/parsing path, two return shapes) per the dual-API pattern in V119_MANUAL_CIDR_PREFLIGHT_PROFILE_SYNC_AUDIT.md §5.

func LoadAllWhitelistsTyped ¶ added in v1.119.0

func LoadAllWhitelistsTyped(configDir string) (map[string]WhitelistEntry, map[string]WhitelistEntry, error)

LoadAllWhitelistsTyped loads IPs from all whitelist sources and returns map[string]WhitelistEntry preserving IsCIDR semantics. Use in tandem with IsIPInWhitelistFile for CIDR-aware membership checks.

V119 A1: closes whitelist half of D-MANUAL-CIDR-LOAD-GAP. Callers in V116 §4 allowlist (cmd_check.go, cmd_ban.go, daemon_handlers_ban.go) use this typed loader; profile_sync.go remains on legacy LoadAllWhitelists.