Do not resolve hostname to IP on ACL destination

src/common.c

@@ -861,50 +861,62 @@ unsigned long getip(unsigned char *name){
 }
 #endif
 
-unsigned long getip46(int family, unsigned char *name,  struct sockaddr *sa){
-#ifndef NOIPV6
+int afdetect(unsigned char *name){
 	int ndots=0, ncols=0, nhex=0;
-	struct addrinfo *ai, hint;
 	int i;
-        RESOLVFUNC tmpresolv;
 
-	if(!sa) return 0;
-	if(!family) {
-		family = 4;
-#else
-		((struct sockaddr_in *)sa)->sin_family = AF_INET;
-		return (((struct sockaddr_in *)sa)->sin_addr.s_addr = getip(name))? AF_INET:0;
-#endif
-#ifndef NOIPV6
-	}
 	for(i=0; name[i]; i++){
 		if(name[i] == '.'){
 			if(++ndots > 3) {
-				break;
+				return -1;
 			}
 		}
 		else if(name[i] == ':'){
 			if(++ncols > 7) {
-				break;
+				return -1;
 			}
 		}
 		else if(name[i] == '%' || (name[i] >= 'a' && name[i] <= 'f') || (name[i] >= 'A' && name[i] <= 'F')){
 			nhex++;
 		}
 		else if(name[i] <'0' || name[i] >'9') {
-			break;
+				return -1;
 		}
 	}
-	if(!name[i]){
-		if(ndots == 3 && ncols == 0 && nhex == 0){
-			*SAFAMILY(sa)=(family == 6)?AF_INET6 : AF_INET;
-			return inet_pton(*SAFAMILY(sa), (char *)name, SAADDR(sa))? *SAFAMILY(sa) : 0; 
-		}
-		if(ncols >= 2) {
-			*SAFAMILY(sa)=AF_INET6;
-			return inet_pton(AF_INET6, (char *)name, SAADDR(sa))?(family==4? 0:AF_INET6) : 0;
-		}
+	if(ndots == 3 && ncols == 0 && nhex == 0){
+		return AF_INET;
 	}
+	if(ncols >= 2) {
+		return AF_INET6;
+	}
+	return -1;
+
+}
+
+unsigned long getip46(int family, unsigned char *name,  struct sockaddr *sa){
+#ifndef NOIPV6
+	int detect;
+	struct addrinfo *ai, hint;
+        RESOLVFUNC tmpresolv;
+
+	if(!sa) return 0;
+	if(!family) {
+		family = 4;
+#else
+		((struct sockaddr_in *)sa)->sin_family = AF_INET;
+		return (((struct sockaddr_in *)sa)->sin_addr.s_addr = getip(name))? AF_INET:0;
+#endif
+#ifndef NOIPV6
+	}
+
+	detect = afdetect(name);
+	if(detect != -1){
+		if(family == 4 && detect != 4) return 0;
+		*SAFAMILY(sa) = (family == 6)? AF_INET6 : detect;
+		return inet_pton(*SAFAMILY(sa), (char *)name, SAADDR(sa))? *SAFAMILY(sa) : 0; 
+	}
+
+
 	if((tmpresolv = resolvfunc)){
 		int f = (family == 6 || family == 64)?AF_INET6:AF_INET;
 		*SAFAMILY(sa) = f;

src/proxy.h

@@ -196,6 +196,7 @@ extern struct nserver nservers[MAXNSERVERS];
 extern struct nserver authnserver;
 unsigned long getip(unsigned char *name);
 unsigned long getip46(int family, unsigned char *name,  struct sockaddr *sa);
+int afdetect(unsigned char *name);
 unsigned long myresolver(int, unsigned char *, unsigned char *);
 unsigned long fakeresolver (int, unsigned char *, unsigned char*);
 int inithashtable(struct hashtable *hashtable, unsigned nhashsize);