mirror of
https://github.com/ntop/n2n.git
synced 2024-09-20 00:51:10 +02:00
readability code clean-up (#549)
This commit is contained in:
parent
ab4f507012
commit
de92fab878
|
@ -25,13 +25,13 @@
|
||||||
|
|
||||||
#include "n2n_typedefs.h"
|
#include "n2n_typedefs.h"
|
||||||
|
|
||||||
network_traffic_filter_t* create_network_traffic_filter();
|
network_traffic_filter_t* create_network_traffic_filter ();
|
||||||
|
|
||||||
void destroy_network_traffic_filter(network_traffic_filter_t* filter);
|
void destroy_network_traffic_filter (network_traffic_filter_t* filter);
|
||||||
|
|
||||||
void network_traffic_filter_add_rule(network_traffic_filter_t* filter, filter_rule_t* rules);
|
void network_traffic_filter_add_rule (network_traffic_filter_t* filter, filter_rule_t* rules);
|
||||||
|
|
||||||
//rule_str format: src_ip/len:[b_port,e_port],dst_ip/len:[s_port,e_port],TCP+/-,UDP+/-,ICMP+/-
|
//rule_str format: src_ip/len:[b_port,e_port],dst_ip/len:[s_port,e_port],TCP+/-,UDP+/-,ICMP+/-
|
||||||
uint8_t process_traffic_filter_rule_str(const char* rule_str, filter_rule_t* rule_struct);
|
uint8_t process_traffic_filter_rule_str (const char* rule_str, filter_rule_t* rule_struct);
|
||||||
|
|
||||||
#endif //N2N_NETWORK_TRAFFIC_FILTER_H
|
#endif //N2N_NETWORK_TRAFFIC_FILTER_H
|
||||||
|
|
|
@ -25,12 +25,11 @@
|
||||||
#define CLAER_CACHE_ACTIVE_COUNT 10
|
#define CLAER_CACHE_ACTIVE_COUNT 10
|
||||||
|
|
||||||
/* for [-Wmissing-declarations] */
|
/* for [-Wmissing-declarations] */
|
||||||
const char* get_filter_packet_proto_name(filter_packet_proto proto);
|
const char* get_filter_packet_proto_name (filter_packet_proto proto);
|
||||||
|
|
||||||
const char* get_filter_packet_proto_name(filter_packet_proto proto)
|
const char* get_filter_packet_proto_name (filter_packet_proto proto) {
|
||||||
{
|
|
||||||
switch (proto)
|
switch(proto) {
|
||||||
{
|
|
||||||
case FPP_ARP:
|
case FPP_ARP:
|
||||||
return "ARP";
|
return "ARP";
|
||||||
case FPP_TCP:
|
case FPP_TCP:
|
||||||
|
@ -48,26 +47,28 @@ const char* get_filter_packet_proto_name(filter_packet_proto proto)
|
||||||
|
|
||||||
|
|
||||||
/* for [-Wmissing-declarations] */
|
/* for [-Wmissing-declarations] */
|
||||||
const char* get_filter_packet_info_log_string(packet_address_proto_info_t* info);
|
const char* get_filter_packet_info_log_string (packet_address_proto_info_t* info);
|
||||||
|
|
||||||
|
const char* get_filter_packet_info_log_string (packet_address_proto_info_t* info) {
|
||||||
|
|
||||||
const char* get_filter_packet_info_log_string(packet_address_proto_info_t* info)
|
|
||||||
{
|
|
||||||
static char buf[1024] = {0};
|
static char buf[1024] = {0};
|
||||||
switch (info->proto)
|
|
||||||
{
|
switch(info->proto) {
|
||||||
case FPP_ARP:
|
case FPP_ARP:
|
||||||
case FPP_ICMP:
|
case FPP_ICMP:
|
||||||
case FPP_IGMP:
|
case FPP_IGMP:
|
||||||
return get_filter_packet_proto_name(info->proto);
|
return get_filter_packet_proto_name(info->proto);
|
||||||
case FPP_TCP:
|
case FPP_TCP:
|
||||||
case FPP_UDP:
|
case FPP_UDP: {
|
||||||
{
|
|
||||||
struct in_addr src, dst;
|
struct in_addr src, dst;
|
||||||
|
|
||||||
src.s_addr = info->src_ip;
|
src.s_addr = info->src_ip;
|
||||||
dst.s_addr = info->dst_ip;
|
dst.s_addr = info->dst_ip;
|
||||||
const char* proto = get_filter_packet_proto_name(info->proto);
|
const char* proto = get_filter_packet_proto_name(info->proto);
|
||||||
char src_ip[64] = {0}; char dst_ip[64] = {0};
|
char src_ip[64] = {0};
|
||||||
strcpy( src_ip, inet_ntoa(src)); strcpy(dst_ip, inet_ntoa(dst));
|
char dst_ip[64] = {0};
|
||||||
|
strcpy(src_ip, inet_ntoa(src));
|
||||||
|
strcpy(dst_ip, inet_ntoa(dst));
|
||||||
sprintf(buf, "%s\t%s:%d->%s:%d", proto, src_ip, info->src_port, dst_ip, info->dst_port);
|
sprintf(buf, "%s\t%s:%d->%s:%d", proto, src_ip, info->src_port, dst_ip, info->dst_port);
|
||||||
return buf;
|
return buf;
|
||||||
}
|
}
|
||||||
|
@ -77,48 +78,57 @@ const char* get_filter_packet_info_log_string(packet_address_proto_info_t* info)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* for [-Wmissing-declarations] */
|
/* for [-Wmissing-declarations] */
|
||||||
void collect_packet_info(packet_address_proto_info_t* out_info, unsigned char *buffer, int size);
|
void collect_packet_info (packet_address_proto_info_t* out_info, unsigned char *buffer, int size);
|
||||||
|
|
||||||
|
void collect_packet_info (packet_address_proto_info_t* out_info, unsigned char *buffer, int size) {
|
||||||
|
|
||||||
void collect_packet_info(packet_address_proto_info_t* out_info, unsigned char *buffer, int size) {
|
|
||||||
ether_hdr_t *hdr_ether = (ether_hdr_t*)buffer;
|
ether_hdr_t *hdr_ether = (ether_hdr_t*)buffer;
|
||||||
uint16_t ether_type = ntohs(hdr_ether->type);
|
uint16_t ether_type = ntohs(hdr_ether->type);
|
||||||
struct n2n_iphdr *hdr_ip = NULL;
|
struct n2n_iphdr *hdr_ip = NULL;
|
||||||
struct n2n_tcphdr *hdr_tcp = NULL;
|
struct n2n_tcphdr *hdr_tcp = NULL;
|
||||||
struct n2n_udphdr *udp_hdr = NULL;
|
struct n2n_udphdr *udp_hdr = NULL;
|
||||||
|
|
||||||
memset(out_info, 0, sizeof(packet_address_proto_info_t));
|
memset(out_info, 0, sizeof(packet_address_proto_info_t));
|
||||||
|
|
||||||
switch (ether_type) {
|
switch(ether_type) {
|
||||||
case 0x0800:
|
case 0x0800: {
|
||||||
{
|
buffer += sizeof(ether_hdr_t);
|
||||||
buffer += sizeof(ether_hdr_t); size -= sizeof(ether_hdr_t); if(size <= 0) return;
|
size -= sizeof(ether_hdr_t);
|
||||||
|
if(size <= 0) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
hdr_ip = (struct n2n_iphdr*)buffer;
|
hdr_ip = (struct n2n_iphdr*)buffer;
|
||||||
|
|
||||||
switch (hdr_ip->version)
|
switch(hdr_ip->version) {
|
||||||
{
|
case 4: {
|
||||||
case 4:
|
|
||||||
{
|
|
||||||
out_info->src_ip = hdr_ip->saddr;
|
out_info->src_ip = hdr_ip->saddr;
|
||||||
out_info->dst_ip = hdr_ip->daddr;
|
out_info->dst_ip = hdr_ip->daddr;
|
||||||
switch (hdr_ip->protocol) {
|
switch(hdr_ip->protocol) {
|
||||||
case 0x01:
|
case 0x01:
|
||||||
out_info->proto = FPP_ICMP;
|
out_info->proto = FPP_ICMP;
|
||||||
break;
|
break;
|
||||||
case 0x02:
|
case 0x02:
|
||||||
out_info->proto = FPP_IGMP;
|
out_info->proto = FPP_IGMP;
|
||||||
break;
|
break;
|
||||||
case 0x06:
|
case 0x06: {
|
||||||
{
|
|
||||||
out_info->proto = FPP_TCP;
|
out_info->proto = FPP_TCP;
|
||||||
buffer += hdr_ip->ihl * 4; size -= hdr_ip->ihl * 4; if(size <= 0) return;
|
buffer += hdr_ip->ihl * 4;
|
||||||
|
size -= hdr_ip->ihl * 4;
|
||||||
|
if(size <= 0) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
hdr_tcp = (struct n2n_tcphdr*)buffer;
|
hdr_tcp = (struct n2n_tcphdr*)buffer;
|
||||||
out_info->src_port = ntohs(hdr_tcp->source);
|
out_info->src_port = ntohs(hdr_tcp->source);
|
||||||
out_info->dst_port = ntohs(hdr_tcp->dest);
|
out_info->dst_port = ntohs(hdr_tcp->dest);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case 0x11:
|
case 0x11: {
|
||||||
{
|
|
||||||
out_info->proto = FPP_UDP;
|
out_info->proto = FPP_UDP;
|
||||||
buffer += hdr_ip->ihl * 4; size -= hdr_ip->ihl * 4; if(size <= 0) return;
|
buffer += hdr_ip->ihl * 4;
|
||||||
|
size -= hdr_ip->ihl * 4;
|
||||||
|
if(size <= 0) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
udp_hdr = (struct n2n_udphdr*)buffer;
|
udp_hdr = (struct n2n_udphdr*)buffer;
|
||||||
out_info->src_port = ntohs(udp_hdr->source);
|
out_info->src_port = ntohs(udp_hdr->source);
|
||||||
out_info->dst_port = ntohs(udp_hdr->dest);
|
out_info->dst_port = ntohs(udp_hdr->dest);
|
||||||
|
@ -129,8 +139,7 @@ void collect_packet_info(packet_address_proto_info_t* out_info, unsigned char *b
|
||||||
};
|
};
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case 6:
|
case 6: {
|
||||||
{
|
|
||||||
// TODO: IPV6 Not Support
|
// TODO: IPV6 Not Support
|
||||||
out_info->proto = FPP_UNKNOWN;
|
out_info->proto = FPP_UNKNOWN;
|
||||||
break;
|
break;
|
||||||
|
@ -152,18 +161,20 @@ void collect_packet_info(packet_address_proto_info_t* out_info, unsigned char *b
|
||||||
}
|
}
|
||||||
|
|
||||||
/* for [-Wmissing-declarations] */
|
/* for [-Wmissing-declarations] */
|
||||||
const char* get_filter_rule_info_log_string(filter_rule_t* rule);
|
const char* get_filter_rule_info_log_string (filter_rule_t* rule);
|
||||||
|
|
||||||
|
const char* get_filter_rule_info_log_string (filter_rule_t* rule) {
|
||||||
|
|
||||||
const char* get_filter_rule_info_log_string(filter_rule_t* rule)
|
|
||||||
{
|
|
||||||
static char buf[1024] = {0};
|
static char buf[1024] = {0};
|
||||||
char* print_start = buf;
|
char* print_start = buf;
|
||||||
char src_net[64] = {0}; char dst_net[64] = {0};
|
char src_net[64] = {0};
|
||||||
|
char dst_net[64] = {0};
|
||||||
struct in_addr src, dst;
|
struct in_addr src, dst;
|
||||||
|
|
||||||
src.s_addr = rule->key.src_net_cidr;
|
src.s_addr = rule->key.src_net_cidr;
|
||||||
dst.s_addr = rule->key.dst_net_cidr;
|
dst.s_addr = rule->key.dst_net_cidr;
|
||||||
strcpy(src_net, inet_ntoa(src)); strcpy(dst_net, inet_ntoa(dst));
|
strcpy(src_net, inet_ntoa(src));
|
||||||
|
strcpy(dst_net, inet_ntoa(dst));
|
||||||
print_start += sprintf(print_start, "%s/%d:[%d,%d],%s/%d:[%d,%d]",
|
print_start += sprintf(print_start, "%s/%d:[%d,%d],%s/%d:[%d,%d]",
|
||||||
src_net, rule->key.src_net_bit_len,
|
src_net, rule->key.src_net_bit_len,
|
||||||
rule->key.src_port_range.start_port, rule->key.src_port_range.end_port,
|
rule->key.src_port_range.start_port, rule->key.src_port_range.end_port,
|
||||||
|
@ -174,107 +185,119 @@ const char* get_filter_rule_info_log_string(filter_rule_t* rule)
|
||||||
rule->bool_accept_tcp ? '+' : '-', rule->bool_accept_udp ? '+' : '-', rule->bool_accept_icmp ? '+' : '-'
|
rule->bool_accept_tcp ? '+' : '-', rule->bool_accept_udp ? '+' : '-', rule->bool_accept_icmp ? '+' : '-'
|
||||||
#endif
|
#endif
|
||||||
);
|
);
|
||||||
if(rule->key.bool_tcp_configured)
|
if(rule->key.bool_tcp_configured) {
|
||||||
print_start += sprintf(print_start, ",TCP%c", rule->bool_accept_tcp ? '+' : '-');
|
print_start += sprintf(print_start, ",TCP%c", rule->bool_accept_tcp ? '+' : '-');
|
||||||
if(rule->key.bool_udp_configured)
|
}
|
||||||
|
|
||||||
|
if(rule->key.bool_udp_configured) {
|
||||||
print_start += sprintf(print_start, ",UDP%c", rule->bool_accept_udp ? '+' : '-');
|
print_start += sprintf(print_start, ",UDP%c", rule->bool_accept_udp ? '+' : '-');
|
||||||
if(rule->key.bool_icmp_configured)
|
}
|
||||||
|
|
||||||
|
if(rule->key.bool_icmp_configured) {
|
||||||
print_start += sprintf(print_start, ",ICMP%c", rule->bool_accept_icmp ? '+' : '-');
|
print_start += sprintf(print_start, ",ICMP%c", rule->bool_accept_icmp ? '+' : '-');
|
||||||
|
}
|
||||||
|
|
||||||
return buf;
|
return buf;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* for [-Wmissing-declarations] */
|
/* for [-Wmissing-declarations] */
|
||||||
uint8_t march_cidr_and_address(in_addr_t network, uint8_t net_bitlen, in_addr_t ip_addr);
|
uint8_t march_cidr_and_address (in_addr_t network, uint8_t net_bitlen, in_addr_t ip_addr);
|
||||||
|
|
||||||
|
uint8_t march_cidr_and_address (in_addr_t network, uint8_t net_bitlen, in_addr_t ip_addr) {
|
||||||
|
|
||||||
uint8_t march_cidr_and_address(in_addr_t network, uint8_t net_bitlen, in_addr_t ip_addr)
|
|
||||||
{
|
|
||||||
in_addr_t mask = 0, ip_addr_network = 0;
|
in_addr_t mask = 0, ip_addr_network = 0;
|
||||||
network = ntohl(network), ip_addr = ntohl(ip_addr);
|
|
||||||
|
network = ntohl(network);
|
||||||
|
ip_addr = ntohl(ip_addr);
|
||||||
uint32_t mask1 = net_bitlen != 0 ? ((~mask) << (32u-net_bitlen)) : 0;
|
uint32_t mask1 = net_bitlen != 0 ? ((~mask) << (32u-net_bitlen)) : 0;
|
||||||
ip_addr_network = ip_addr & mask1;
|
ip_addr_network = ip_addr & mask1;
|
||||||
if( network == ip_addr_network )
|
if(network == ip_addr_network) {
|
||||||
return net_bitlen + 1; // march 0.0.0.0/0 still march success, that case return 1
|
return net_bitlen + 1; // march 0.0.0.0/0 still march success, that case return 1
|
||||||
else
|
} else {
|
||||||
return 0;
|
return 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* for [-Wmissing-declarations] */
|
/* for [-Wmissing-declarations] */
|
||||||
uint8_t march_rule_and_cache_key(filter_rule_key_t *rule_key, packet_address_proto_info_t *pkt_addr_info);
|
uint8_t march_rule_and_cache_key (filter_rule_key_t *rule_key, packet_address_proto_info_t *pkt_addr_info);
|
||||||
|
|
||||||
// if ports march, compare cidr. if cidr ok, return sum of src&dst cidr net_bitlen. means always select larger net_bitlen record when multi record is marched.
|
// if ports march, compare cidr. if cidr ok, return sum of src&dst cidr net_bitlen. means always select larger net_bitlen record when multi record is marched.
|
||||||
uint8_t march_rule_and_cache_key(filter_rule_key_t *rule_key, packet_address_proto_info_t *pkt_addr_info)
|
uint8_t march_rule_and_cache_key (filter_rule_key_t *rule_key, packet_address_proto_info_t *pkt_addr_info) {
|
||||||
{
|
|
||||||
// march failed if proto is not configured at the rule.
|
// march failed if proto is not configured at the rule.
|
||||||
switch (pkt_addr_info->proto)
|
switch(pkt_addr_info->proto) {
|
||||||
{
|
|
||||||
case FPP_ICMP:
|
case FPP_ICMP:
|
||||||
if(!rule_key->bool_icmp_configured) return 0;
|
if(!rule_key->bool_icmp_configured) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case FPP_UDP:
|
case FPP_UDP:
|
||||||
if(!rule_key->bool_udp_configured) return 0;
|
if(!rule_key->bool_udp_configured) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case FPP_TCP:
|
case FPP_TCP:
|
||||||
if(!rule_key->bool_tcp_configured) return 0;
|
if(!rule_key->bool_tcp_configured) {
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
// ignore ports for ICMP proto.
|
// ignore ports for ICMP proto.
|
||||||
if( pkt_addr_info->proto == FPP_ICMP || (rule_key->src_port_range.start_port <= pkt_addr_info->src_port
|
if(pkt_addr_info->proto == FPP_ICMP || (rule_key->src_port_range.start_port <= pkt_addr_info->src_port
|
||||||
&& pkt_addr_info->src_port <= rule_key->src_port_range.end_port
|
&& pkt_addr_info->src_port <= rule_key->src_port_range.end_port
|
||||||
&& rule_key->dst_port_range.start_port <= pkt_addr_info->dst_port
|
&& rule_key->dst_port_range.start_port <= pkt_addr_info->dst_port
|
||||||
&& pkt_addr_info->dst_port <= rule_key->dst_port_range.end_port) )
|
&& pkt_addr_info->dst_port <= rule_key->dst_port_range.end_port)) {
|
||||||
{
|
|
||||||
uint8_t march_src_score = march_cidr_and_address(rule_key->src_net_cidr, rule_key->src_net_bit_len, pkt_addr_info->src_ip);
|
uint8_t march_src_score = march_cidr_and_address(rule_key->src_net_cidr, rule_key->src_net_bit_len, pkt_addr_info->src_ip);
|
||||||
uint8_t march_dst_score = march_cidr_and_address(rule_key->dst_net_cidr, rule_key->dst_net_bit_len, pkt_addr_info->dst_ip);
|
uint8_t march_dst_score = march_cidr_and_address(rule_key->dst_net_cidr, rule_key->dst_net_bit_len, pkt_addr_info->dst_ip);
|
||||||
if( march_src_score > 0 && march_dst_score > 0 )
|
if((march_src_score > 0) && (march_dst_score > 0)) {
|
||||||
return march_src_score + march_dst_score;
|
return march_src_score + march_dst_score;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return(0);
|
return(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* for [-Wmissing-declarations] */
|
/* for [-Wmissing-declarations] */
|
||||||
filter_rule_t* get_filter_rule(filter_rule_t **rules, packet_address_proto_info_t *pkt_addr_info);
|
filter_rule_t* get_filter_rule (filter_rule_t **rules, packet_address_proto_info_t *pkt_addr_info);
|
||||||
|
|
||||||
|
|
||||||
filter_rule_t* get_filter_rule(filter_rule_t **rules, packet_address_proto_info_t *pkt_addr_info)
|
filter_rule_t* get_filter_rule (filter_rule_t **rules, packet_address_proto_info_t *pkt_addr_info) {
|
||||||
{
|
|
||||||
filter_rule_t *item = 0, *tmp = 0, *marched_rule = 0;
|
filter_rule_t *item = 0, *tmp = 0, *marched_rule = 0;
|
||||||
int march_score = 0;
|
int march_score = 0;
|
||||||
|
|
||||||
HASH_ITER(hh, *rules, item, tmp) {
|
HASH_ITER(hh, *rules, item, tmp) {
|
||||||
/* ... it is safe to delete and free s here */
|
/* ... it is safe to delete and free s here */
|
||||||
uint8_t cur_march_score = march_rule_and_cache_key(&(item->key), pkt_addr_info);
|
uint8_t cur_march_score = march_rule_and_cache_key(&(item->key), pkt_addr_info);
|
||||||
if( cur_march_score > march_score )
|
if(cur_march_score > march_score) {
|
||||||
{
|
|
||||||
marched_rule = item;
|
marched_rule = item;
|
||||||
march_score = cur_march_score;
|
march_score = cur_march_score;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return marched_rule;
|
return marched_rule;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* for [-Wmissing-declarations] */
|
/* for [-Wmissing-declarations] */
|
||||||
void update_and_clear_cache_if_need(network_traffic_filter_t *filter);
|
void update_and_clear_cache_if_need (network_traffic_filter_t *filter);
|
||||||
|
|
||||||
void update_and_clear_cache_if_need(network_traffic_filter_t *filter)
|
void update_and_clear_cache_if_need (network_traffic_filter_t *filter) {
|
||||||
{
|
|
||||||
if( ++(filter->work_count_scene_last_clear) > CLEAR_CACHE_EVERY_X_COUNT)
|
if(++(filter->work_count_scene_last_clear) > CLEAR_CACHE_EVERY_X_COUNT) {
|
||||||
{
|
|
||||||
filter_rule_pair_cache_t *item = NULL, *tmp = NULL;
|
filter_rule_pair_cache_t *item = NULL, *tmp = NULL;
|
||||||
HASH_ITER(hh, filter->connections_rule_cache, item, tmp) {
|
HASH_ITER(hh, filter->connections_rule_cache, item, tmp) {
|
||||||
/* ... it is safe to delete and free s here */
|
/* ... it is safe to delete and free s here */
|
||||||
if( item->active_count < CLAER_CACHE_ACTIVE_COUNT )
|
if(item->active_count < CLAER_CACHE_ACTIVE_COUNT) {
|
||||||
{
|
|
||||||
traceEvent(TRACE_DEBUG, "### DELETE filter cache %s", get_filter_packet_info_log_string(&item->key));
|
traceEvent(TRACE_DEBUG, "### DELETE filter cache %s", get_filter_packet_info_log_string(&item->key));
|
||||||
HASH_DEL(filter->connections_rule_cache, item);
|
HASH_DEL(filter->connections_rule_cache, item);
|
||||||
free(item);
|
free(item);
|
||||||
}else{
|
} else {
|
||||||
item->active_count = 0;
|
item->active_count = 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -283,23 +306,22 @@ void update_and_clear_cache_if_need(network_traffic_filter_t *filter)
|
||||||
}
|
}
|
||||||
|
|
||||||
/* for [-Wmissing-declarations] */
|
/* for [-Wmissing-declarations] */
|
||||||
filter_rule_pair_cache_t* get_or_create_filter_rule_cache(network_traffic_filter_t *filter, packet_address_proto_info_t *pkt_addr_info);
|
filter_rule_pair_cache_t* get_or_create_filter_rule_cache (network_traffic_filter_t *filter, packet_address_proto_info_t *pkt_addr_info);
|
||||||
|
|
||||||
|
filter_rule_pair_cache_t* get_or_create_filter_rule_cache (network_traffic_filter_t *filter, packet_address_proto_info_t *pkt_addr_info) {
|
||||||
|
|
||||||
filter_rule_pair_cache_t* get_or_create_filter_rule_cache(network_traffic_filter_t *filter, packet_address_proto_info_t *pkt_addr_info)
|
|
||||||
{
|
|
||||||
filter_rule_pair_cache_t* rule_cache_find_result = 0;
|
filter_rule_pair_cache_t* rule_cache_find_result = 0;
|
||||||
HASH_FIND(hh, filter->connections_rule_cache, pkt_addr_info, sizeof(packet_address_proto_info_t), rule_cache_find_result);
|
HASH_FIND(hh, filter->connections_rule_cache, pkt_addr_info, sizeof(packet_address_proto_info_t), rule_cache_find_result);
|
||||||
if( !rule_cache_find_result )
|
if(!rule_cache_find_result) {
|
||||||
{
|
|
||||||
filter_rule_t* rule = get_filter_rule(&filter->rules, pkt_addr_info);
|
filter_rule_t* rule = get_filter_rule(&filter->rules, pkt_addr_info);
|
||||||
if( !rule )
|
if(!rule) {
|
||||||
return NULL;
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
rule_cache_find_result = malloc(sizeof(filter_rule_pair_cache_t));
|
rule_cache_find_result = malloc(sizeof(filter_rule_pair_cache_t));
|
||||||
memset(rule_cache_find_result, 0, sizeof(filter_rule_pair_cache_t));
|
memset(rule_cache_find_result, 0, sizeof(filter_rule_pair_cache_t));
|
||||||
rule_cache_find_result->key = *pkt_addr_info;
|
rule_cache_find_result->key = *pkt_addr_info;
|
||||||
switch(rule_cache_find_result->key.proto)
|
switch(rule_cache_find_result->key.proto) {
|
||||||
{
|
|
||||||
case FPP_ICMP:
|
case FPP_ICMP:
|
||||||
rule_cache_find_result->bool_allow_traffic = rule->bool_accept_icmp;
|
rule_cache_find_result->bool_allow_traffic = rule->bool_accept_icmp;
|
||||||
break;
|
break;
|
||||||
|
@ -318,72 +340,74 @@ filter_rule_pair_cache_t* get_or_create_filter_rule_cache(network_traffic_filter
|
||||||
}
|
}
|
||||||
++(rule_cache_find_result->active_count);
|
++(rule_cache_find_result->active_count);
|
||||||
update_and_clear_cache_if_need(filter);
|
update_and_clear_cache_if_need(filter);
|
||||||
|
|
||||||
return rule_cache_find_result;
|
return rule_cache_find_result;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* for [-Wmissing-declarations] */
|
/* for [-Wmissing-declarations] */
|
||||||
n2n_verdict filter_packet_from_peer(network_traffic_filter_t *filter, n2n_edge_t *eee, const n2n_sock_t *peer, uint8_t *payload, uint16_t payload_size);
|
n2n_verdict filter_packet_from_peer (network_traffic_filter_t *filter, n2n_edge_t *eee, const n2n_sock_t *peer, uint8_t *payload, uint16_t payload_size);
|
||||||
|
|
||||||
|
n2n_verdict filter_packet_from_peer (network_traffic_filter_t *filter, n2n_edge_t *eee, const n2n_sock_t *peer, uint8_t *payload, uint16_t payload_size) {
|
||||||
|
|
||||||
n2n_verdict filter_packet_from_peer(network_traffic_filter_t *filter, n2n_edge_t *eee, const n2n_sock_t *peer, uint8_t *payload, uint16_t payload_size)
|
|
||||||
{
|
|
||||||
filter_rule_pair_cache_t *cur_pkt_rule = 0;
|
filter_rule_pair_cache_t *cur_pkt_rule = 0;
|
||||||
packet_address_proto_info_t pkt_info;
|
packet_address_proto_info_t pkt_info;
|
||||||
|
|
||||||
collect_packet_info(&pkt_info, payload, payload_size);
|
collect_packet_info(&pkt_info, payload, payload_size);
|
||||||
cur_pkt_rule = get_or_create_filter_rule_cache(filter, &pkt_info);
|
cur_pkt_rule = get_or_create_filter_rule_cache(filter, &pkt_info);
|
||||||
if( cur_pkt_rule && !cur_pkt_rule->bool_allow_traffic)
|
if(cur_pkt_rule && !cur_pkt_rule->bool_allow_traffic) {
|
||||||
{
|
|
||||||
traceEvent(TRACE_DEBUG, "### DROP %s", get_filter_packet_info_log_string(&pkt_info));
|
traceEvent(TRACE_DEBUG, "### DROP %s", get_filter_packet_info_log_string(&pkt_info));
|
||||||
return N2N_DROP;
|
return N2N_DROP;
|
||||||
}
|
}
|
||||||
|
|
||||||
return N2N_ACCEPT;
|
return N2N_ACCEPT;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* for [-Wmissing-declarations] */
|
/* for [-Wmissing-declarations] */
|
||||||
n2n_verdict filter_packet_from_tap(network_traffic_filter_t *filter, n2n_edge_t *eee, uint8_t *payload, uint16_t payload_size);
|
n2n_verdict filter_packet_from_tap (network_traffic_filter_t *filter, n2n_edge_t *eee, uint8_t *payload, uint16_t payload_size);
|
||||||
|
|
||||||
|
n2n_verdict filter_packet_from_tap (network_traffic_filter_t *filter, n2n_edge_t *eee, uint8_t *payload, uint16_t payload_size) {
|
||||||
|
|
||||||
n2n_verdict filter_packet_from_tap(network_traffic_filter_t *filter, n2n_edge_t *eee, uint8_t *payload, uint16_t payload_size)
|
|
||||||
{
|
|
||||||
filter_rule_pair_cache_t *cur_pkt_rule = 0;
|
filter_rule_pair_cache_t *cur_pkt_rule = 0;
|
||||||
packet_address_proto_info_t pkt_info;
|
packet_address_proto_info_t pkt_info;
|
||||||
|
|
||||||
collect_packet_info(&pkt_info, payload, payload_size);
|
collect_packet_info(&pkt_info, payload, payload_size);
|
||||||
cur_pkt_rule = get_or_create_filter_rule_cache(filter, &pkt_info);
|
cur_pkt_rule = get_or_create_filter_rule_cache(filter, &pkt_info);
|
||||||
if( cur_pkt_rule && !cur_pkt_rule->bool_allow_traffic)
|
if(cur_pkt_rule && !cur_pkt_rule->bool_allow_traffic) {
|
||||||
{
|
|
||||||
traceEvent(TRACE_DEBUG, "### DROP %s", get_filter_packet_info_log_string(&pkt_info));
|
traceEvent(TRACE_DEBUG, "### DROP %s", get_filter_packet_info_log_string(&pkt_info));
|
||||||
return N2N_DROP;
|
return N2N_DROP;
|
||||||
}
|
}
|
||||||
|
|
||||||
return N2N_ACCEPT;
|
return N2N_ACCEPT;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* for [-Wmissing-declarations] */
|
/* for [-Wmissing-declarations] */
|
||||||
network_traffic_filter_t *create_network_traffic_filter();
|
network_traffic_filter_t *create_network_traffic_filter ();
|
||||||
|
|
||||||
|
network_traffic_filter_t *create_network_traffic_filter () {
|
||||||
|
|
||||||
network_traffic_filter_t *create_network_traffic_filter() {
|
|
||||||
network_traffic_filter_t *filter = malloc(sizeof(network_traffic_filter_t));
|
network_traffic_filter_t *filter = malloc(sizeof(network_traffic_filter_t));
|
||||||
|
|
||||||
memset(filter, 0, sizeof(network_traffic_filter_t));
|
memset(filter, 0, sizeof(network_traffic_filter_t));
|
||||||
filter->filter_packet_from_peer = filter_packet_from_peer;
|
filter->filter_packet_from_peer = filter_packet_from_peer;
|
||||||
filter->filter_packet_from_tap = filter_packet_from_tap;
|
filter->filter_packet_from_tap = filter_packet_from_tap;
|
||||||
|
|
||||||
return filter;
|
return filter;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* for [-Wmissing-declarations] */
|
/* for [-Wmissing-declarations] */
|
||||||
void destroy_network_traffic_filter(network_traffic_filter_t *filter);
|
void destroy_network_traffic_filter (network_traffic_filter_t *filter);
|
||||||
|
|
||||||
|
void destroy_network_traffic_filter (network_traffic_filter_t *filter) {
|
||||||
|
|
||||||
void destroy_network_traffic_filter(network_traffic_filter_t *filter) {
|
|
||||||
filter_rule_t *el = 0, *tmp = 0;
|
filter_rule_t *el = 0, *tmp = 0;
|
||||||
filter_rule_pair_cache_t* el1 = 0, * tmp1 = 0;
|
filter_rule_pair_cache_t* el1 = 0, * tmp1 = 0;
|
||||||
|
|
||||||
HASH_ITER(hh, filter->rules, el, tmp)
|
HASH_ITER(hh, filter->rules, el, tmp) {
|
||||||
{
|
|
||||||
HASH_DEL(filter->rules, el);
|
HASH_DEL(filter->rules, el);
|
||||||
free(el);
|
free(el);
|
||||||
}
|
}
|
||||||
|
|
||||||
HASH_ITER(hh, filter->connections_rule_cache, el1, tmp1)
|
HASH_ITER(hh, filter->connections_rule_cache, el1, tmp1) {
|
||||||
{
|
|
||||||
HASH_DEL(filter->connections_rule_cache, el1);
|
HASH_DEL(filter->connections_rule_cache, el1);
|
||||||
free(el);
|
free(el);
|
||||||
}
|
}
|
||||||
|
@ -392,10 +416,11 @@ void destroy_network_traffic_filter(network_traffic_filter_t *filter) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/* for [-Wmissing-declarations] */
|
/* for [-Wmissing-declarations] */
|
||||||
void network_traffic_filter_add_rule(network_traffic_filter_t* filter, filter_rule_t* rules);
|
void network_traffic_filter_add_rule (network_traffic_filter_t* filter, filter_rule_t* rules);
|
||||||
|
|
||||||
void network_traffic_filter_add_rule(network_traffic_filter_t* filter, filter_rule_t* rules) {
|
void network_traffic_filter_add_rule (network_traffic_filter_t* filter, filter_rule_t* rules) {
|
||||||
filter_rule_t *item=NULL, *tmp=NULL;
|
|
||||||
|
filter_rule_t *item = NULL, *tmp = NULL;
|
||||||
|
|
||||||
HASH_ITER(hh, rules, item, tmp) {
|
HASH_ITER(hh, rules, item, tmp) {
|
||||||
filter_rule_t *new_rule = malloc(sizeof(filter_rule_t));
|
filter_rule_t *new_rule = malloc(sizeof(filter_rule_t));
|
||||||
|
@ -406,67 +431,64 @@ void network_traffic_filter_add_rule(network_traffic_filter_t* filter, filter_ru
|
||||||
}
|
}
|
||||||
|
|
||||||
/* for [-Wmissing-declarations] */
|
/* for [-Wmissing-declarations] */
|
||||||
in_addr_t get_int32_addr_from_ip_string(const char* begin, const char* next_pos_of_last_char);
|
in_addr_t get_int32_addr_from_ip_string (const char* begin, const char* next_pos_of_last_char);
|
||||||
|
|
||||||
|
in_addr_t get_int32_addr_from_ip_string (const char* begin, const char* next_pos_of_last_char) {
|
||||||
|
|
||||||
in_addr_t get_int32_addr_from_ip_string(const char* begin, const char* next_pos_of_last_char)
|
|
||||||
{
|
|
||||||
char buf[16] = {0};
|
char buf[16] = {0};
|
||||||
if( next_pos_of_last_char - begin > 15 ) {
|
|
||||||
|
if((next_pos_of_last_char - begin) > 15) {
|
||||||
traceEvent(TRACE_WARNING, "Internal Error");
|
traceEvent(TRACE_WARNING, "Internal Error");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
memcpy(buf, begin, next_pos_of_last_char - begin);
|
memcpy(buf, begin, (next_pos_of_last_char - begin));
|
||||||
|
|
||||||
return inet_addr(buf);
|
return inet_addr(buf);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* for [-Wmissing-declarations] */
|
/* for [-Wmissing-declarations] */
|
||||||
int get_int32_from_number_string(const char* begin, const char* next_pos_of_last_char);
|
int get_int32_from_number_string (const char* begin, const char* next_pos_of_last_char);
|
||||||
|
|
||||||
|
int get_int32_from_number_string (const char* begin, const char* next_pos_of_last_char) {
|
||||||
|
|
||||||
int get_int32_from_number_string(const char* begin, const char* next_pos_of_last_char)
|
|
||||||
{
|
|
||||||
char buf[6] = {0};
|
char buf[6] = {0};
|
||||||
|
|
||||||
if( next_pos_of_last_char - begin > 5 ) // max is 65535, 5 char
|
if((next_pos_of_last_char - begin) > 5 ) { // max is 65535, 5 char
|
||||||
{
|
|
||||||
traceEvent(TRACE_WARNING, "Internal Error");
|
traceEvent(TRACE_WARNING, "Internal Error");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
memcpy(buf, begin, next_pos_of_last_char - begin);
|
memcpy(buf, begin, (next_pos_of_last_char - begin));
|
||||||
|
|
||||||
return atoi(buf);
|
return atoi(buf);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* for [-Wmissing-declarations] */
|
/* for [-Wmissing-declarations] */
|
||||||
void process_traffic_filter_proto(const char* begin, const char* next_pos_of_last_char, filter_rule_t *rule_struct);
|
void process_traffic_filter_proto (const char* begin, const char* next_pos_of_last_char, filter_rule_t *rule_struct);
|
||||||
|
|
||||||
|
void process_traffic_filter_proto (const char* begin, const char* next_pos_of_last_char, filter_rule_t *rule_struct) {
|
||||||
|
|
||||||
void process_traffic_filter_proto(const char* begin, const char* next_pos_of_last_char, filter_rule_t *rule_struct)
|
|
||||||
{
|
|
||||||
char buf[6] = {0};
|
char buf[6] = {0};
|
||||||
|
|
||||||
if( next_pos_of_last_char - begin > 5 ) // max length str is "ICMP+", 5 char
|
if((next_pos_of_last_char - begin) > 5 ) { // max length str is "ICMP+", 5 char
|
||||||
{
|
|
||||||
traceEvent(TRACE_WARNING, "Internal Error");
|
traceEvent(TRACE_WARNING, "Internal Error");
|
||||||
}
|
}
|
||||||
memcpy(buf, begin, next_pos_of_last_char - begin);
|
memcpy(buf, begin, (next_pos_of_last_char - begin));
|
||||||
|
|
||||||
if(strstr(buf, "TCP")){
|
if(strstr(buf, "TCP")) {
|
||||||
rule_struct->key.bool_tcp_configured = 1;
|
rule_struct->key.bool_tcp_configured = 1;
|
||||||
rule_struct->bool_accept_tcp = buf[3] == '+';
|
rule_struct->bool_accept_tcp = buf[3] == '+';
|
||||||
}
|
} else if(strstr(buf, "UDP")) {
|
||||||
else if(strstr(buf, "UDP")){
|
|
||||||
rule_struct->key.bool_udp_configured = 1;
|
rule_struct->key.bool_udp_configured = 1;
|
||||||
rule_struct->bool_accept_udp = buf[3] == '+';
|
rule_struct->bool_accept_udp = buf[3] == '+';
|
||||||
}
|
} else if(strstr(buf, "ICMP")) {
|
||||||
else if(strstr(buf, "ICMP"))
|
|
||||||
{
|
|
||||||
rule_struct->key.bool_icmp_configured = 1;
|
rule_struct->key.bool_icmp_configured = 1;
|
||||||
rule_struct->bool_accept_icmp = buf[4] == '+';
|
rule_struct->bool_accept_icmp = buf[4] == '+';
|
||||||
}
|
} else {
|
||||||
else
|
|
||||||
traceEvent(TRACE_WARNING, "Invalid Proto : %s", buf);
|
traceEvent(TRACE_WARNING, "Invalid Proto : %s", buf);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
typedef enum
|
typedef enum {
|
||||||
{
|
|
||||||
FPS_SRC_NET = 1,
|
FPS_SRC_NET = 1,
|
||||||
FPS_SRC_NET_BIT_LEN,
|
FPS_SRC_NET_BIT_LEN,
|
||||||
FPS_SRC_PORT_SINGLE,
|
FPS_SRC_PORT_SINGLE,
|
||||||
|
@ -480,37 +502,37 @@ typedef enum
|
||||||
FPS_DST_PORT_START,
|
FPS_DST_PORT_START,
|
||||||
FPS_DST_PORT_END,
|
FPS_DST_PORT_END,
|
||||||
FPS_PROTO
|
FPS_PROTO
|
||||||
} filter_process_stage;
|
} filter_process_stage;
|
||||||
|
|
||||||
/* for [-Wmissing-declarations] */
|
/* for [-Wmissing-declarations] */
|
||||||
uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rule_struct);
|
uint8_t process_traffic_filter_rule_str (const char *rule_str, filter_rule_t *rule_struct);
|
||||||
|
|
||||||
|
uint8_t process_traffic_filter_rule_str (const char *rule_str, filter_rule_t *rule_struct) {
|
||||||
|
|
||||||
uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rule_struct) {
|
|
||||||
const char *cur_pos = rule_str, *stage_begin_pos = rule_str;
|
const char *cur_pos = rule_str, *stage_begin_pos = rule_str;
|
||||||
filter_process_stage stage = FPS_SRC_NET;
|
filter_process_stage stage = FPS_SRC_NET;
|
||||||
while(1)
|
|
||||||
{
|
while(1) {
|
||||||
switch(stage)
|
switch(stage) {
|
||||||
{
|
case FPS_SRC_NET: {
|
||||||
case FPS_SRC_NET:
|
if((*cur_pos >= '0' && *cur_pos <= '9') || *cur_pos == '.') {
|
||||||
{
|
|
||||||
if( (*cur_pos >= '0' && *cur_pos <= '9') || *cur_pos == '.')
|
|
||||||
; // Normal FPS_SRC_NET, next char
|
; // Normal FPS_SRC_NET, next char
|
||||||
else if( *cur_pos == '/' ) {
|
} else if(*cur_pos == '/') {
|
||||||
// FPS_SRC_NET finish, next is FPS_SRC_NET_BIT_LEN
|
// FPS_SRC_NET finish, next is FPS_SRC_NET_BIT_LEN
|
||||||
rule_struct->key.src_net_cidr = get_int32_addr_from_ip_string(stage_begin_pos, cur_pos);
|
rule_struct->key.src_net_cidr = get_int32_addr_from_ip_string(stage_begin_pos, cur_pos);
|
||||||
stage_begin_pos = cur_pos + 1;
|
stage_begin_pos = cur_pos + 1;
|
||||||
stage = FPS_SRC_NET_BIT_LEN;
|
stage = FPS_SRC_NET_BIT_LEN;
|
||||||
} else if( *cur_pos == ':') {
|
} else if(*cur_pos == ':') {
|
||||||
// FPS_SRC_NET finish, ignore FPS_SRC_NET_BIT_LEN(default 32), next is one of FPS_SRC_PORT_RANGE/FPS_SRC_PORT_SINGLE
|
// FPS_SRC_NET finish, ignore FPS_SRC_NET_BIT_LEN(default 32), next is one of FPS_SRC_PORT_RANGE/FPS_SRC_PORT_SINGLE
|
||||||
rule_struct->key.src_net_cidr = get_int32_addr_from_ip_string(stage_begin_pos, cur_pos);
|
rule_struct->key.src_net_cidr = get_int32_addr_from_ip_string(stage_begin_pos, cur_pos);
|
||||||
rule_struct->key.src_net_bit_len = 32;
|
rule_struct->key.src_net_bit_len = 32;
|
||||||
stage_begin_pos = cur_pos + 1;
|
stage_begin_pos = cur_pos + 1;
|
||||||
if( *(cur_pos+1) == '[' )
|
if(*(cur_pos + 1) == '[') {
|
||||||
stage = FPS_SRC_PORT_RANGE;
|
stage = FPS_SRC_PORT_RANGE;
|
||||||
else
|
} else {
|
||||||
stage = FPS_SRC_PORT_SINGLE;
|
stage = FPS_SRC_PORT_SINGLE;
|
||||||
} else if( *cur_pos == ','){
|
}
|
||||||
|
} else if(*cur_pos == ',') {
|
||||||
// FPS_SRC_NET finish, ignore FPS_SRC_NET_BIT_LEN(default 32), ignore FPS_SRC_PORT(default all),
|
// FPS_SRC_NET finish, ignore FPS_SRC_NET_BIT_LEN(default 32), ignore FPS_SRC_PORT(default all),
|
||||||
// next is FPS_DST_NET
|
// next is FPS_DST_NET
|
||||||
rule_struct->key.src_net_cidr = get_int32_addr_from_ip_string(stage_begin_pos, cur_pos);
|
rule_struct->key.src_net_cidr = get_int32_addr_from_ip_string(stage_begin_pos, cur_pos);
|
||||||
|
@ -526,113 +548,109 @@ uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rul
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
case FPS_SRC_NET_BIT_LEN:
|
case FPS_SRC_NET_BIT_LEN: {
|
||||||
{
|
if((*cur_pos >= '0') && (*cur_pos <= '9')) {
|
||||||
if( *cur_pos >= '0' && *cur_pos <= '9')
|
|
||||||
; // Normal FPS_SRC_NET_BIT_LEN, next char
|
; // Normal FPS_SRC_NET_BIT_LEN, next char
|
||||||
else if( *cur_pos == ':') {
|
} else if(*cur_pos == ':') {
|
||||||
// FPS_SRC_NET_BIT_LEN finish, next is one of FPS_SRC_PORT_RANGE/FPS_SRC_PORT_SINGLE
|
// FPS_SRC_NET_BIT_LEN finish, next is one of FPS_SRC_PORT_RANGE/FPS_SRC_PORT_SINGLE
|
||||||
rule_struct->key.src_net_bit_len = get_int32_from_number_string(stage_begin_pos, cur_pos);
|
rule_struct->key.src_net_bit_len = get_int32_from_number_string(stage_begin_pos, cur_pos);
|
||||||
stage_begin_pos = cur_pos + 1;
|
stage_begin_pos = cur_pos + 1;
|
||||||
if( *(cur_pos+1) == '[' )
|
if(*(cur_pos + 1) == '[') {
|
||||||
stage = FPS_SRC_PORT_RANGE;
|
stage = FPS_SRC_PORT_RANGE;
|
||||||
else
|
} else {
|
||||||
stage = FPS_SRC_PORT_SINGLE;
|
stage = FPS_SRC_PORT_SINGLE;
|
||||||
}else if( *cur_pos == ','){
|
}
|
||||||
|
} else if(*cur_pos == ',') {
|
||||||
// FPS_SRC_NET_BIT_LEN finish, ignore FPS_SRC_PORT(default all), next is FPS_DST_NET
|
// FPS_SRC_NET_BIT_LEN finish, ignore FPS_SRC_PORT(default all), next is FPS_DST_NET
|
||||||
rule_struct->key.src_net_bit_len = get_int32_from_number_string(stage_begin_pos, cur_pos);;
|
rule_struct->key.src_net_bit_len = get_int32_from_number_string(stage_begin_pos, cur_pos);;
|
||||||
rule_struct->key.src_port_range.start_port = 0;
|
rule_struct->key.src_port_range.start_port = 0;
|
||||||
rule_struct->key.src_port_range.end_port = 65535;
|
rule_struct->key.src_port_range.end_port = 65535;
|
||||||
stage_begin_pos = cur_pos + 1;
|
stage_begin_pos = cur_pos + 1;
|
||||||
stage = FPS_DST_NET;
|
stage = FPS_DST_NET;
|
||||||
}else{
|
} else {
|
||||||
traceEvent(TRACE_WARNING, "process filter rule with error char %c at pos %d", *cur_pos, cur_pos - rule_str);
|
traceEvent(TRACE_WARNING, "process filter rule with error char %c at pos %d", *cur_pos, cur_pos - rule_str);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
case FPS_SRC_PORT_SINGLE:
|
case FPS_SRC_PORT_SINGLE: {
|
||||||
{
|
if((*cur_pos >= '0') && (*cur_pos <= '9')) {
|
||||||
if( *cur_pos >= '0' && *cur_pos <= '9')
|
|
||||||
; // Normal FPS_SRC_PORT_SINGLE, next char
|
; // Normal FPS_SRC_PORT_SINGLE, next char
|
||||||
else if(*cur_pos == ','){
|
} else if(*cur_pos == ',') {
|
||||||
// FPS_SRC_PORT_SINGLE finish, next is FPS_DST_NET
|
// FPS_SRC_PORT_SINGLE finish, next is FPS_DST_NET
|
||||||
rule_struct->key.src_port_range.start_port = get_int32_from_number_string(stage_begin_pos, cur_pos);
|
rule_struct->key.src_port_range.start_port = get_int32_from_number_string(stage_begin_pos, cur_pos);
|
||||||
rule_struct->key.src_port_range.end_port = rule_struct->key.src_port_range.start_port;
|
rule_struct->key.src_port_range.end_port = rule_struct->key.src_port_range.start_port;
|
||||||
stage_begin_pos = cur_pos + 1;
|
stage_begin_pos = cur_pos + 1;
|
||||||
stage = FPS_DST_NET;
|
stage = FPS_DST_NET;
|
||||||
}else{
|
} else {
|
||||||
traceEvent(TRACE_WARNING, "process filter rule with error char %c at pos %d", *cur_pos, cur_pos - rule_str);
|
traceEvent(TRACE_WARNING, "process filter rule with error char %c at pos %d", *cur_pos, cur_pos - rule_str);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
case FPS_SRC_PORT_RANGE:
|
case FPS_SRC_PORT_RANGE: {
|
||||||
{
|
if(*cur_pos == '[') {
|
||||||
if(*cur_pos == '[')
|
|
||||||
{
|
|
||||||
stage_begin_pos = cur_pos + 1;
|
stage_begin_pos = cur_pos + 1;
|
||||||
stage = FPS_SRC_PORT_START;
|
stage = FPS_SRC_PORT_START;
|
||||||
}else{
|
} else {
|
||||||
traceEvent(TRACE_WARNING, "process filter rule with error char %c at pos %d", *cur_pos, cur_pos - rule_str);
|
traceEvent(TRACE_WARNING, "process filter rule with error char %c at pos %d", *cur_pos, cur_pos - rule_str);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case FPS_SRC_PORT_START:
|
|
||||||
{
|
case FPS_SRC_PORT_START: {
|
||||||
if( *cur_pos >= '0' && *cur_pos <= '9')
|
if((*cur_pos >= '0') && (*cur_pos <= '9')) {
|
||||||
; // Normal FPS_SRC_PORT_START, next char
|
; // Normal FPS_SRC_PORT_START, next char
|
||||||
else if(*cur_pos == ',')
|
} else if(*cur_pos == ',') {
|
||||||
{
|
|
||||||
// FPS_SRC_PORT_START finish, next is FPS_SRC_PORT_END
|
// FPS_SRC_PORT_START finish, next is FPS_SRC_PORT_END
|
||||||
rule_struct->key.src_port_range.start_port = get_int32_from_number_string(stage_begin_pos, cur_pos);
|
rule_struct->key.src_port_range.start_port = get_int32_from_number_string(stage_begin_pos, cur_pos);
|
||||||
stage_begin_pos = cur_pos + 1;
|
stage_begin_pos = cur_pos + 1;
|
||||||
stage = FPS_SRC_PORT_END;
|
stage = FPS_SRC_PORT_END;
|
||||||
}else{
|
} else {
|
||||||
traceEvent(TRACE_WARNING, "process filter rule with error char %c at pos %d", *cur_pos, cur_pos - rule_str);
|
traceEvent(TRACE_WARNING, "process filter rule with error char %c at pos %d", *cur_pos, cur_pos - rule_str);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case FPS_SRC_PORT_END:
|
|
||||||
{
|
case FPS_SRC_PORT_END: {
|
||||||
if( *cur_pos >= '0' && *cur_pos <= '9')
|
if((*cur_pos >= '0') && (*cur_pos <= '9')) {
|
||||||
; // Normal FPS_SRC_PORT_END, next char
|
; // Normal FPS_SRC_PORT_END, next char
|
||||||
else if(*cur_pos == ']' && *(cur_pos + 1) == ',')
|
} else if((*cur_pos == ']') && (*(cur_pos + 1) == ',')) {
|
||||||
{
|
|
||||||
// FPS_SRC_PORT_END finish, next is FPS_DST_NET
|
// FPS_SRC_PORT_END finish, next is FPS_DST_NET
|
||||||
rule_struct->key.src_port_range.end_port = get_int32_from_number_string(stage_begin_pos, cur_pos);
|
rule_struct->key.src_port_range.end_port = get_int32_from_number_string(stage_begin_pos, cur_pos);
|
||||||
stage_begin_pos = cur_pos + 2;
|
stage_begin_pos = cur_pos + 2;
|
||||||
stage = FPS_DST_NET;
|
stage = FPS_DST_NET;
|
||||||
++cur_pos; //skip next char ','
|
++cur_pos; //skip next char ','
|
||||||
}else{
|
} else {
|
||||||
traceEvent(TRACE_WARNING, "process filter rule with error char %c at pos %d", *cur_pos, cur_pos - rule_str);
|
traceEvent(TRACE_WARNING, "process filter rule with error char %c at pos %d", *cur_pos, cur_pos - rule_str);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case FPS_DST_NET:
|
|
||||||
{
|
case FPS_DST_NET: {
|
||||||
if( (*cur_pos >= '0' && *cur_pos <= '9') || *cur_pos == '.')
|
if((*cur_pos >= '0' && *cur_pos <= '9') || *cur_pos == '.') {
|
||||||
; // Normal FPS_DST_NET, next char
|
; // Normal FPS_DST_NET, next char
|
||||||
else if( *cur_pos == '/' ) {
|
} else if(*cur_pos == '/') {
|
||||||
// FPS_DST_NET finish, next is FPS_DST_NET_BIT_LEN
|
// FPS_DST_NET finish, next is FPS_DST_NET_BIT_LEN
|
||||||
rule_struct->key.dst_net_cidr = get_int32_addr_from_ip_string(stage_begin_pos, cur_pos);
|
rule_struct->key.dst_net_cidr = get_int32_addr_from_ip_string(stage_begin_pos, cur_pos);
|
||||||
stage_begin_pos = cur_pos + 1;
|
stage_begin_pos = cur_pos + 1;
|
||||||
stage = FPS_DST_NET_BIT_LEN;
|
stage = FPS_DST_NET_BIT_LEN;
|
||||||
}else if( *cur_pos == ':') {
|
} else if(*cur_pos == ':') {
|
||||||
// FPS_DST_NET finish, ignore FPS_DST_NET_BIT_LEN(default 32), next is one of FPS_DST_PORT_RANGE/FPS_DST_PORT_SINGLE
|
// FPS_DST_NET finish, ignore FPS_DST_NET_BIT_LEN(default 32), next is one of FPS_DST_PORT_RANGE/FPS_DST_PORT_SINGLE
|
||||||
rule_struct->key.dst_net_cidr = get_int32_addr_from_ip_string(stage_begin_pos, cur_pos);
|
rule_struct->key.dst_net_cidr = get_int32_addr_from_ip_string(stage_begin_pos, cur_pos);
|
||||||
rule_struct->key.dst_net_bit_len = 32;
|
rule_struct->key.dst_net_bit_len = 32;
|
||||||
stage_begin_pos = cur_pos + 1;
|
stage_begin_pos = cur_pos + 1;
|
||||||
if( *(cur_pos+1) == '[' )
|
if(*(cur_pos + 1) == '[') {
|
||||||
stage = FPS_DST_PORT_RANGE;
|
stage = FPS_DST_PORT_RANGE;
|
||||||
else
|
} else {
|
||||||
stage = FPS_DST_PORT_SINGLE;
|
stage = FPS_DST_PORT_SINGLE;
|
||||||
}else if( *cur_pos == ',' || *cur_pos == 0){
|
}
|
||||||
|
} else if((*cur_pos == ',') || (*cur_pos == 0)) {
|
||||||
// FPS_DST_NET finish, ignore FPS_DST_NET_BIT_LEN(default 32), ignore FPS_DST_PORT(default all),
|
// FPS_DST_NET finish, ignore FPS_DST_NET_BIT_LEN(default 32), ignore FPS_DST_PORT(default all),
|
||||||
// next is FPS_PROTO
|
// next is FPS_PROTO
|
||||||
rule_struct->key.dst_net_cidr = get_int32_addr_from_ip_string(stage_begin_pos, cur_pos);
|
rule_struct->key.dst_net_cidr = get_int32_addr_from_ip_string(stage_begin_pos, cur_pos);
|
||||||
|
@ -647,120 +665,118 @@ uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rul
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case FPS_DST_NET_BIT_LEN:
|
|
||||||
{
|
case FPS_DST_NET_BIT_LEN: {
|
||||||
if( *cur_pos >= '0' && *cur_pos <= '9')
|
if((*cur_pos >= '0') && (*cur_pos <= '9')) {
|
||||||
; // Normal FPS_DST_NET_BIT_LEN, next char
|
; // Normal FPS_DST_NET_BIT_LEN, next char
|
||||||
else if( *cur_pos == ':') {
|
} else if(*cur_pos == ':') {
|
||||||
// FPS_DST_NET_BIT_LEN finish, next is one of FPS_DST_PORT_RANGE/FPS_DST_PORT_SINGLE
|
// FPS_DST_NET_BIT_LEN finish, next is one of FPS_DST_PORT_RANGE/FPS_DST_PORT_SINGLE
|
||||||
rule_struct->key.dst_net_bit_len = get_int32_from_number_string(stage_begin_pos, cur_pos);
|
rule_struct->key.dst_net_bit_len = get_int32_from_number_string(stage_begin_pos, cur_pos);
|
||||||
stage_begin_pos = cur_pos + 1;
|
stage_begin_pos = cur_pos + 1;
|
||||||
if( *(cur_pos+1) == '[' )
|
if(*(cur_pos + 1) == '[') {
|
||||||
stage = FPS_DST_PORT_RANGE;
|
stage = FPS_DST_PORT_RANGE;
|
||||||
else
|
} else {
|
||||||
stage = FPS_DST_PORT_SINGLE;
|
stage = FPS_DST_PORT_SINGLE;
|
||||||
}else if( *cur_pos == ',' || *cur_pos == 0){
|
}
|
||||||
|
} else if((*cur_pos == ',') || (*cur_pos == 0)) {
|
||||||
// FPS_DST_NET_BIT_LEN finish, ignore FPS_DST_PORT(default all), next is FPS_PROTO
|
// FPS_DST_NET_BIT_LEN finish, ignore FPS_DST_PORT(default all), next is FPS_PROTO
|
||||||
rule_struct->key.dst_net_bit_len = get_int32_from_number_string(stage_begin_pos, cur_pos);;
|
rule_struct->key.dst_net_bit_len = get_int32_from_number_string(stage_begin_pos, cur_pos);;
|
||||||
rule_struct->key.dst_port_range.start_port = 0;
|
rule_struct->key.dst_port_range.start_port = 0;
|
||||||
rule_struct->key.dst_port_range.end_port = 65535;
|
rule_struct->key.dst_port_range.end_port = 65535;
|
||||||
stage_begin_pos = cur_pos + 1;
|
stage_begin_pos = cur_pos + 1;
|
||||||
stage = FPS_PROTO;
|
stage = FPS_PROTO;
|
||||||
}else{
|
} else {
|
||||||
traceEvent(TRACE_WARNING, "process filter rule with error char %c at pos %d", *cur_pos, cur_pos - rule_str);
|
traceEvent(TRACE_WARNING, "process filter rule with error char %c at pos %d", *cur_pos, cur_pos - rule_str);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case FPS_DST_PORT_SINGLE:
|
|
||||||
{
|
case FPS_DST_PORT_SINGLE: {
|
||||||
if( *cur_pos >= '0' && *cur_pos <= '9')
|
if((*cur_pos >= '0') && (*cur_pos <= '9')) {
|
||||||
; // Normal FPS_DST_PORT_SINGLE, next char
|
; // Normal FPS_DST_PORT_SINGLE, next char
|
||||||
else if(*cur_pos == ',' || *cur_pos == 0){
|
} else if((*cur_pos == ',') || (*cur_pos == 0)) {
|
||||||
// FPS_DST_PORT_SINGLE finish, next is FPS_PROTO
|
// FPS_DST_PORT_SINGLE finish, next is FPS_PROTO
|
||||||
rule_struct->key.dst_port_range.start_port = get_int32_from_number_string(stage_begin_pos, cur_pos);
|
rule_struct->key.dst_port_range.start_port = get_int32_from_number_string(stage_begin_pos, cur_pos);
|
||||||
rule_struct->key.dst_port_range.end_port = rule_struct->key.dst_port_range.start_port;
|
rule_struct->key.dst_port_range.end_port = rule_struct->key.dst_port_range.start_port;
|
||||||
stage_begin_pos = cur_pos + 1;
|
stage_begin_pos = cur_pos + 1;
|
||||||
stage = FPS_PROTO;
|
stage = FPS_PROTO;
|
||||||
}else{
|
} else {
|
||||||
traceEvent(TRACE_WARNING, "process filter rule with error char %c at pos %d", *cur_pos, cur_pos - rule_str);
|
traceEvent(TRACE_WARNING, "process filter rule with error char %c at pos %d", *cur_pos, cur_pos - rule_str);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case FPS_DST_PORT_RANGE:
|
|
||||||
{
|
case FPS_DST_PORT_RANGE: {
|
||||||
if(*cur_pos == '[')
|
if(*cur_pos == '[') {
|
||||||
{
|
|
||||||
stage_begin_pos = cur_pos + 1;
|
stage_begin_pos = cur_pos + 1;
|
||||||
stage = FPS_DST_PORT_START;
|
stage = FPS_DST_PORT_START;
|
||||||
}else{
|
} else {
|
||||||
traceEvent(TRACE_WARNING, "process filter rule with error char %c at pos %d", *cur_pos, cur_pos - rule_str);
|
traceEvent(TRACE_WARNING, "process filter rule with error char %c at pos %d", *cur_pos, cur_pos - rule_str);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case FPS_DST_PORT_START:
|
|
||||||
{
|
case FPS_DST_PORT_START: {
|
||||||
if( *cur_pos >= '0' && *cur_pos <= '9')
|
if((*cur_pos >= '0') && (*cur_pos <= '9')) {
|
||||||
; // Normal FPS_DST_PORT_START, next char
|
; // Normal FPS_DST_PORT_START, next char
|
||||||
else if(*cur_pos == ',')
|
} else if(*cur_pos == ',') {
|
||||||
{
|
|
||||||
// FPS_DST_PORT_START finish, next is FPS_DST_PORT_END
|
// FPS_DST_PORT_START finish, next is FPS_DST_PORT_END
|
||||||
rule_struct->key.dst_port_range.start_port = get_int32_from_number_string(stage_begin_pos, cur_pos);
|
rule_struct->key.dst_port_range.start_port = get_int32_from_number_string(stage_begin_pos, cur_pos);
|
||||||
stage_begin_pos = cur_pos + 1;
|
stage_begin_pos = cur_pos + 1;
|
||||||
stage = FPS_DST_PORT_END;
|
stage = FPS_DST_PORT_END;
|
||||||
}else{
|
} else {
|
||||||
traceEvent(TRACE_WARNING, "process filter rule with error char %c at pos %d", *cur_pos, cur_pos - rule_str);
|
traceEvent(TRACE_WARNING, "process filter rule with error char %c at pos %d", *cur_pos, cur_pos - rule_str);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case FPS_DST_PORT_END:
|
|
||||||
{
|
case FPS_DST_PORT_END: {
|
||||||
if( *cur_pos >= '0' && *cur_pos <= '9')
|
if((*cur_pos >= '0') && (*cur_pos <= '9')) {
|
||||||
; // Normal FPS_DST_PORT_END, next char
|
; // Normal FPS_DST_PORT_END, next char
|
||||||
else if(*cur_pos == ']')
|
} else if(*cur_pos == ']') {
|
||||||
{
|
|
||||||
// FPS_DST_PORT_END finish, next is FPS_PROTO
|
// FPS_DST_PORT_END finish, next is FPS_PROTO
|
||||||
rule_struct->key.dst_port_range.end_port = get_int32_from_number_string(stage_begin_pos, cur_pos);
|
rule_struct->key.dst_port_range.end_port = get_int32_from_number_string(stage_begin_pos, cur_pos);
|
||||||
stage = FPS_PROTO;
|
stage = FPS_PROTO;
|
||||||
if(*(cur_pos + 1) == ',') {
|
if(*(cur_pos + 1) == ',') {
|
||||||
stage_begin_pos = cur_pos + 2;
|
stage_begin_pos = cur_pos + 2;
|
||||||
++cur_pos; //skip next char ','
|
++cur_pos; //skip next char ','
|
||||||
}else if(*(cur_pos + 1) != 0){
|
} else if(*(cur_pos + 1) != 0) {
|
||||||
traceEvent(TRACE_WARNING, "process filter rule with error char %c at pos %d", *cur_pos, cur_pos - rule_str);
|
traceEvent(TRACE_WARNING, "process filter rule with error char %c at pos %d", *cur_pos, cur_pos - rule_str);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
}else{
|
} else {
|
||||||
traceEvent(TRACE_WARNING, "process filter rule with error char %c at pos %d", *cur_pos, cur_pos - rule_str);
|
traceEvent(TRACE_WARNING, "process filter rule with error char %c at pos %d", *cur_pos, cur_pos - rule_str);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case FPS_PROTO:
|
|
||||||
{
|
case FPS_PROTO: {
|
||||||
if(*cur_pos != '-' && *cur_pos != '+' && *cur_pos != ',')
|
if((*cur_pos != '-') && (*cur_pos != '+') && (*cur_pos != ',')) {
|
||||||
; // Normal FPS_PROTO. next char
|
; // Normal FPS_PROTO. next char
|
||||||
else if( *cur_pos != ',' )
|
} else if(*cur_pos != ',') {
|
||||||
{
|
|
||||||
process_traffic_filter_proto(stage_begin_pos, cur_pos + 1, rule_struct);
|
process_traffic_filter_proto(stage_begin_pos, cur_pos + 1, rule_struct);
|
||||||
if( *(cur_pos+1) == 0 ) // end of whole rule string
|
if(*(cur_pos+1) == 0) { // end of whole rule string
|
||||||
break;
|
break;
|
||||||
else{ // new proto info, and skip next char ','
|
} else { // new proto info, and skip next char ','
|
||||||
stage_begin_pos = cur_pos + 2;
|
stage_begin_pos = cur_pos + 2;
|
||||||
++cur_pos;
|
++cur_pos;
|
||||||
}
|
}
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
traceEvent(TRACE_WARNING, "Internal Error: ',' should skiped", *cur_pos, cur_pos - rule_str);
|
traceEvent(TRACE_WARNING, "Internal Error: ',' should skiped", *cur_pos, cur_pos - rule_str);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if(0 == *cur_pos)
|
|
||||||
|
if(0 == *cur_pos) {
|
||||||
break;
|
break;
|
||||||
|
}
|
||||||
++cur_pos;
|
++cur_pos;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user