[GitHub] [trafficserver] bneradt commented on a diff in pull request #9541: Remove IpMap dependency from NetVConnection infrastructure.

["bneradt (via GitHub)" <gi...@apache.org>]

bneradt commented on code in PR #9541:
URL: https://github.com/apache/trafficserver/pull/9541#discussion_r1142287683


##########
iocore/net/SNIActionPerformer.cc:
##########
@@ -70,26 +69,26 @@ int
 SNI_IpAllow::SNIAction(TLSSNISupport *snis, ActionItem::Context const &ctx) const
 {
   // i.e, ip filtering is not required
-  if (ip_map.count() == 0) {
+  if (ip_addrs.count() == 0) {
     return SSL_TLSEXT_ERR_OK;
   }
 
   auto ssl_vc = dynamic_cast<SSLNetVConnection *>(snis);
-  auto ip     = ssl_vc->get_remote_endpoint();
+  auto ip     = swoc::IPAddr(ssl_vc->get_remote_endpoint());
 
   // check the allowed ips
-  if (ip_map.contains(ip)) {
+  if (ip_addrs.contains(ip)) {
     return SSL_TLSEXT_ERR_OK;
   } else {
-    char buff[256];
-    ats_ip_ntop(&ip.sa, buff, sizeof(buff));
-    Debug("ssl_sni", "%s is not allowed. Denying connection", buff);
+    swoc::LocalBufferWriter<256> w;
+    w.print("{} is not allowed - denyint connection\0", ip);

Review Comment:
   `denyint`:  I assume this should be `denying`



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@trafficserver.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org