Adds support to suspicious and whitelist to Read and Write limits

The operators @ipMatch, @ipMatchF and @ipMatchFromFile were
added to the functions: SecReadStateLimit and SecReadStateLimit,
by using them it is possible to declare a suspicious list. When
a suspicious list is given, the {Read|Write}StateLimit will be
applied just to the IPs that belongs to that restricted list.
Note that the negative of those operators (e.g. !@ipMatch) can be
used to place a whitelist. The {Read|Write}StateLimit
restrictions will not be applied to those in the whitelist.
This current version the Sec{Read|Write}StateLimit can be used
varios times to add elements to both lists, however, the
last informed limit will be applied for the entire group. This
feature is experimental, and suggestions on how to improve it
are very welcome. For further discussion use the issue: #353.

apache2/msc_util.h

@@ -27,6 +27,7 @@
 
 #include "modsecurity.h"
 #include "re.h"
+#include "msc_tree.h"
 
 #ifdef WIN32
 #include <ws2tcpip.h>
@@ -148,4 +149,17 @@ unsigned char DSOLOCAL is_netmask_v4(char *ip_strv4);
 unsigned char DSOLOCAL is_netmask_v6(char *ip_strv6);
 
 int DSOLOCAL msc_headers_to_buffer(const apr_array_header_t *arr, char *buffer, int max_length);
+
+int DSOLOCAL ip_tree_from_file(TreeRoot **rtree, char *uri,
+    apr_pool_t *mp, char **error_msg);
+
+int DSOLOCAL tree_contains_ip(apr_pool_t *mp, TreeRoot *rtree,
+    const char *value, modsec_rec *msr, char **error_msg);
+
+int DSOLOCAL ip_list_from_param(apr_pool_t *pool,
+    char *param, msre_ipmatch **last, char **error_msg);
+
+int list_contains_ip(apr_pool_t *mp, msre_ipmatch *current,
+    const char *value, char **error_msg);
+
 #endif