Test VMOD ACLs using vmod-debug

bin/varnishtest/tests/m00023.vtc

+varnishtest "Test VMOD ACLs"
+
+varnish v1 -vcl {
+	import debug;
+
+	backend dummy {
+		.host = "${bad_ip}";
+	}
+
+	acl loopback {
+		"127"/24;
+	}
+
+	sub vcl_init {
+		if (!debug.match_acl(loopback, "127.0.0.127")) {
+			debug.init_fail();
+		}
+	}
+
+	sub vcl_recv {
+		if (debug.match_acl(loopback, client.ip)) {
+			return (synth(200));
+		}
+		return (synth(500));
+	}
+} -start
+
+client c1 {
+	txreq
+	rxresp
+	expect resp.status == 200
+} -run

lib/libvmod_debug/vmod.vcc

@@ -150,3 +150,7 @@ Reset to the previous snapshot of a workspace, taken from debug.workspace_snap.
 $Function VOID vcl_release_delay(DURATION)
 
 Hold a reference to the VCL when it goes cold for the given delay.
+
+$Function BOOL match_acl(ACL acl, IP ip)
+
+Perform an IP match against a named ACL.

lib/libvmod_debug/vmod_debug.c

@@ -36,6 +36,7 @@
 
 #include "vcl.h"
 #include "vrt.h"
+#include "vsa.h"
 #include "vsb.h"
 #include "vtim.h"
 #include "vcc_if.h"
@@ -466,3 +467,14 @@ vmod_vcl_release_delay(VRT_CTX, VCL_DURATION delay)
 	assert(delay > 0.0);
 	vcl_release_delay = delay;
 }
+
+VCL_BOOL
+vmod_match_acl(VRT_CTX, VCL_ACL acl, VCL_IP ip)
+{
+
+	CHECK_OBJ_ORNULL(ctx, VRT_CTX_MAGIC);
+	CHECK_OBJ_ORNULL(acl, VRT_ACL_MAGIC);
+	assert(VSA_Sane(ip));
+
+	return (VRT_acl_match(ctx, acl, ip));
+}