From c33cf3efc075fd8732b4e466d622f803fb0ee931 Mon Sep 17 00:00:00 2001
From: Max Lv <max.c.lv@gmail.com>
Date: Mon, 21 Jan 2019 12:12:42 +0800
Subject: [PATCH] Fix #2267

---
 doc/shadowsocks-libev.asciidoc | 1 +
 src/acl.c                      | 5 +++++
 src/jconf.c                    | 2 ++
 src/jconf.h                    | 1 +
 src/local.c                    | 3 +++
 src/manager.c                  | 3 +++
 src/server.c                   | 3 +++
 7 files changed, 18 insertions(+)

diff --git a/doc/shadowsocks-libev.asciidoc b/doc/shadowsocks-libev.asciidoc
index c7306376..d6d4c530 100644
--- a/doc/shadowsocks-libev.asciidoc
+++ b/doc/shadowsocks-libev.asciidoc
@@ -177,6 +177,7 @@ The config file equivalent of command line options is listed as example below.
 | -m "aes-256-cfb"                    | "method": "aes-256-cfb"
 | -t 60                               | "timeout": 60
 | -a nobody                           | "user": "nobody"
+| --acl "/path/to/acl"                | "acl": "/path/to/acl"
 | --fast-open                         | "fast_open": true
 | --reuse-port                        | "reuse_port": true
 | --no-delay                          | "no_delay": true
diff --git a/src/acl.c b/src/acl.c
index 07373607..54b8d2b9 100644
--- a/src/acl.c
+++ b/src/acl.c
@@ -164,6 +164,11 @@ trimwhitespace(char *str)
 int
 init_acl(const char *path)
 {
+    if (path == NULL)
+    {
+        return -1;
+    }
+
     // initialize ipset
     ipset_init_library();
 
diff --git a/src/jconf.c b/src/jconf.c
index 5509be5b..1cbf6e53 100644
--- a/src/jconf.c
+++ b/src/jconf.c
@@ -330,6 +330,8 @@ read_jconf(const char *file)
                 conf.no_delay = value->u.boolean;
             } else if (strcmp(name, "workdir") == 0) {
                 conf.workdir = to_string(value);
+            } else if (strcmp(name, "acl") == 0) {
+                conf.acl = to_string(value);
             }
         }
     } else {
diff --git a/src/jconf.h b/src/jconf.h
index 59385719..bf41b05a 100644
--- a/src/jconf.h
+++ b/src/jconf.h
@@ -86,6 +86,7 @@ typedef struct {
     int ipv6_first;
     int no_delay;
     char *workdir;
+    char *acl;
 } jconf_t;
 
 jconf_t *read_jconf(const char *file);
diff --git a/src/local.c b/src/local.c
index 97ef76f8..845ab2a7 100644
--- a/src/local.c
+++ b/src/local.c
@@ -1683,6 +1683,9 @@ main(int argc, char **argv)
         if (ipv6first == 0) {
             ipv6first = conf->ipv6_first;
         }
+        if (acl == 0) {
+            acl = !init_acl(conf->acl);
+        }
     }
 
     if (remote_num == 0 || remote_port == NULL ||
diff --git a/src/manager.c b/src/manager.c
index 3ac9e416..82a5ab28 100644
--- a/src/manager.c
+++ b/src/manager.c
@@ -1054,6 +1054,9 @@ main(int argc, char **argv)
         {
             workdir = conf->workdir;
         }
+        if (acl == NULL) {
+            acl = conf->acl;
+        }
 #ifdef HAVE_SETRLIMIT
         if (nofile == 0) {
             nofile = conf->nofile;
diff --git a/src/server.c b/src/server.c
index febd7244..fc79b51d 100644
--- a/src/server.c
+++ b/src/server.c
@@ -1817,6 +1817,9 @@ main(int argc, char **argv)
         if (ipv6first == 0) {
             ipv6first = conf->ipv6_first;
         }
+        if (acl == 0) {
+            acl = !init_acl(conf->acl);
+        }
     }
 
     if (server_num == 0) {