+
+/* check_one_kline()
+ *
+ * This process needs to be kept in sync with find_kline() aka find_conf_by_address().
+ *
+ * inputs - pointer to kline to check
+ * outputs -
+ * side effects - all clients will be checked against given kline
+ */
+void
+check_one_kline(struct ConfItem *kline)
+{
+ struct Client *client_p;
+ rb_dlink_node *ptr;
+ rb_dlink_node *next_ptr;
+ int masktype;
+ int bits;
+ struct rb_sockaddr_storage sockaddr;
+ struct sockaddr_in ip4;
+
+ masktype = parse_netmask(kline->host, (struct sockaddr_storage *)&sockaddr, &bits);
+
+ RB_DLINK_FOREACH_SAFE(ptr, next_ptr, lclient_list.head)
+ {
+ int matched = 0;
+
+ client_p = ptr->data;
+
+ if(IsMe(client_p) || !IsPerson(client_p))
+ continue;
+
+ if(!match(kline->user, client_p->username))
+ continue;
+
+ /* match one kline */
+ switch (masktype) {
+ case HM_IPV4:
+ case HM_IPV6:
+ if (IsConfDoSpoofIp(client_p->localClient->att_conf) &&
+ IsConfKlineSpoof(client_p->localClient->att_conf))
+ continue;
+ if (client_p->localClient->ip.ss_family == AF_INET6 && sockaddr.ss_family == AF_INET &&
+ rb_ipv4_from_ipv6((struct sockaddr_in6 *)&client_p->localClient->ip, &ip4)
+ && comp_with_mask_sock((struct sockaddr *)&ip4, (struct sockaddr *)&sockaddr, bits))
+ matched = 1;
+ else if (client_p->localClient->ip.ss_family == sockaddr.ss_family &&
+ comp_with_mask_sock((struct sockaddr *)&client_p->localClient->ip,
+ (struct sockaddr *)&sockaddr, bits))
+ matched = 1;
+ break;
+ case HM_HOST:
+ if (match(kline->host, client_p->orighost))
+ matched = 1;
+ if (IsConfDoSpoofIp(client_p->localClient->att_conf) &&
+ IsConfKlineSpoof(client_p->localClient->att_conf))
+ continue;
+ if (match(kline->host, client_p->sockhost))
+ matched = 1;
+ break;
+ }
+
+ if (!matched)
+ continue;
+
+ if(IsExemptKline(client_p))
+ {
+ sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
+ "KLINE over-ruled for %s, client is kline_exempt [%s@%s]",
+ get_client_name(client_p, HIDE_IP),
+ kline->user, kline->host);
+ continue;
+ }
+
+ sendto_realops_snomask(SNO_GENERAL, L_ALL,
+ "KLINE active for %s",
+ get_client_name(client_p, HIDE_IP));
+
+ notify_banned_client(client_p, kline, K_LINED);
+ }
+}
+
+