enoch/n2n
1
0
Fork 0
mirror of https://github.com/ntop/n2n.git synced 2024-09-19 16:41:11 +02:00
Code Issues Actions Packages Projects Releases 1 Wiki Activity

Deal with warnings at network_traffic_filter.c (#508)

Browse Source 
* Add new file 'network_traffic_filter.c/.h"

* Add feature to drop or accept specific packet transmit over edge network interface by rules.

* fix CMakeLists.txt typo

* Update Rule String Format

* replace -F (filter) with -R (rule) for traffic restrictions.

* Update edge help (-h)  message. Update documents.

* Pass Build on CircleCI and local Windows 10 VS2019

* Fix cmake build failed because of sn_selection

* fix operate void* cause vs2016 build failed

* Fix typo to pass build on windows.

* add inttypes.h for n2n_typedefs.h to pass windows build

* modify headers to pass build on windows.

* Deal with warnings at `network_traffic_filter.c`

* network filter without type cast
This commit is contained in:
joshuafc 2020-11-19 16:32:44 +08:00 committed by GitHub
parent 348d2baaf2
commit e66f913e81
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 103 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
include/n2n_typedefs.h
View File

@ -458,14 +458,52 @@ typedef enum {
/* *************************************************** */
typedef struct network_traffic_filter
typedef enum {
FPP_UNKNOWN=0,
FPP_ARP = 1,
FPP_TCP=2,
FPP_UDP=3,
FPP_ICMP=4,
FPP_IGMP=5
} filter_packet_proto;
typedef struct packet_address_proto_info{
in_addr_t src_ip;
uint16_t src_port;
in_addr_t dst_ip;
uint16_t dst_port;
filter_packet_proto proto;
}packet_address_proto_info_t;
typedef struct filter_rule_pair_cache
{
n2n_verdict (*filter_packet_from_peer)(struct network_traffic_filter* filter, n2n_edge_t *eee,
packet_address_proto_info_t key;
uint8_t bool_allow_traffic;
uint32_t active_count;
UT_hash_handle hh; /* makes this structure hashable */
} filter_rule_pair_cache_t;
struct network_traffic_filter;
typedef struct network_traffic_filter network_traffic_filter_t;
struct network_traffic_filter
{
n2n_verdict (*filter_packet_from_peer)(network_traffic_filter_t* filter, n2n_edge_t *eee,
const n2n_sock_t *peer, uint8_t *payload, uint16_t payload_size);
n2n_verdict (*filter_packet_from_tap)(struct network_traffic_filter* filter, n2n_edge_t *eee, uint8_t *payload, uint16_t payload_size);
n2n_verdict (*filter_packet_from_tap)(network_traffic_filter_t* filter, n2n_edge_t *eee, uint8_t *payload, uint16_t payload_size);
} network_traffic_filter_t;
filter_rule_t *rules;
filter_rule_pair_cache_t *connections_rule_cache;
uint32_t work_count_scene_last_clear;
};
/* *************************************************** */

110
src/network_traffic_filter.c
View File

@ -24,14 +24,8 @@
#define CLEAR_CACHE_EVERY_X_COUNT 10000
#define CLAER_CACHE_ACTIVE_COUNT 10
typedef enum {
FPP_UNKNOWN=0,
FPP_ARP = 1,
FPP_TCP=2,
FPP_UDP=3,
FPP_ICMP=4,
FPP_IGMP=5
} filter_packet_proto;
/* for [-Wmissing-declarations] */
const char* get_filter_packet_proto_name(filter_packet_proto proto);
const char* get_filter_packet_proto_name(filter_packet_proto proto)
{
@ -52,13 +46,9 @@ const char* get_filter_packet_proto_name(filter_packet_proto proto)
}
}
typedef struct packet_address_proto_info{
in_addr_t src_ip;
uint16_t src_port;
in_addr_t dst_ip;
uint16_t dst_port;
filter_packet_proto proto;
}packet_address_proto_info_t;
/* for [-Wmissing-declarations] */
const char* get_filter_packet_info_log_string(packet_address_proto_info_t* info);
const char* get_filter_packet_info_log_string(packet_address_proto_info_t* info)
{
@ -86,6 +76,9 @@ const char* get_filter_packet_info_log_string(packet_address_proto_info_t* info)
}
}
/* for [-Wmissing-declarations] */
void collect_packet_info(packet_address_proto_info_t* out_info, unsigned char *buffer, int size);
void collect_packet_info(packet_address_proto_info_t* out_info, unsigned char *buffer, int size) {
ether_hdr_t *hdr_ether = (ether_hdr_t*)buffer;
uint16_t ether_type = ntohs(hdr_ether->type);
@ -158,6 +151,9 @@ void collect_packet_info(packet_address_proto_info_t* out_info, unsigned char *b
};
}
/* for [-Wmissing-declarations] */
const char* get_filter_rule_info_log_string(filter_rule_t* rule);
const char* get_filter_rule_info_log_string(filter_rule_t* rule)
{
static char buf[1024] = {0};
@ -187,16 +183,10 @@ const char* get_filter_rule_info_log_string(filter_rule_t* rule)
return buf;
}
typedef struct filter_rule_pair_cache
{
packet_address_proto_info_t key;
uint8_t bool_allow_traffic;
uint32_t active_count;
UT_hash_handle hh; /* makes this structure hashable */
} filter_rule_pair_cache_t;
/* for [-Wmissing-declarations] */
uint8_t march_cidr_and_address(in_addr_t network, uint8_t net_bitlen, in_addr_t ip_addr);
uint8_t march_cidr_and_address(in_addr_t network, uint8_t net_bitlen, in_addr_t ip_addr)
{
@ -210,6 +200,9 @@ uint8_t march_cidr_and_address(in_addr_t network, uint8_t net_bitlen, in_addr_t
return 0;
}
/* for [-Wmissing-declarations] */
uint8_t march_rule_and_cache_key(filter_rule_key_t *rule_key, packet_address_proto_info_t *pkt_addr_info);
// if ports march, compare cidr. if cidr ok, return sum of src&dst cidr net_bitlen. means always select larger net_bitlen record when multi record is marched.
uint8_t march_rule_and_cache_key(filter_rule_key_t *rule_key, packet_address_proto_info_t *pkt_addr_info)
{
@ -244,6 +237,10 @@ uint8_t march_rule_and_cache_key(filter_rule_key_t *rule_key, packet_address_pro
return(0);
}
/* for [-Wmissing-declarations] */
filter_rule_t* get_filter_rule(filter_rule_t **rules, packet_address_proto_info_t *pkt_addr_info);
filter_rule_t* get_filter_rule(filter_rule_t **rules, packet_address_proto_info_t *pkt_addr_info)
{
filter_rule_t *item = 0, *tmp = 0, *marched_rule = 0;
@ -261,22 +258,11 @@ filter_rule_t* get_filter_rule(filter_rule_t **rules, packet_address_proto_info_
return marched_rule;
}
typedef struct network_traffic_filter_impl
{
n2n_verdict (*filter_packet_from_peer)(struct network_traffic_filter* filter, n2n_edge_t *eee,
const n2n_sock_t *peer, uint8_t *payload, uint16_t payload_size);
n2n_verdict (*filter_packet_from_tap)(struct network_traffic_filter* filter, n2n_edge_t *eee,
uint8_t *payload, uint16_t payload_size);
/* for [-Wmissing-declarations] */
void update_and_clear_cache_if_need(network_traffic_filter_t *filter);
filter_rule_t *rules;
filter_rule_pair_cache_t *connections_rule_cache;
uint32_t work_count_scene_last_clear;
}network_traffic_filter_impl_t;
void update_and_clear_cache_if_need(network_traffic_filter_impl_t *filter)
void update_and_clear_cache_if_need(network_traffic_filter_t *filter)
{
if( ++(filter->work_count_scene_last_clear) > CLEAR_CACHE_EVERY_X_COUNT)
{
@ -296,7 +282,10 @@ void update_and_clear_cache_if_need(network_traffic_filter_impl_t *filter)
}
}
filter_rule_pair_cache_t* get_or_create_filter_rule_cache(network_traffic_filter_impl_t *filter, packet_address_proto_info_t *pkt_addr_info)
/* for [-Wmissing-declarations] */
filter_rule_pair_cache_t* get_or_create_filter_rule_cache(network_traffic_filter_t *filter, packet_address_proto_info_t *pkt_addr_info);
filter_rule_pair_cache_t* get_or_create_filter_rule_cache(network_traffic_filter_t *filter, packet_address_proto_info_t *pkt_addr_info)
{
filter_rule_pair_cache_t* rule_cache_find_result = 0;
HASH_FIND(hh, filter->connections_rule_cache, pkt_addr_info, sizeof(packet_address_proto_info_t), rule_cache_find_result);
@ -332,8 +321,10 @@ filter_rule_pair_cache_t* get_or_create_filter_rule_cache(network_traffic_filter
return rule_cache_find_result;
}
/* for [-Wmissing-declarations] */
n2n_verdict filter_packet_from_peer(network_traffic_filter_t *filter, n2n_edge_t *eee, const n2n_sock_t *peer, uint8_t *payload, uint16_t payload_size);
n2n_verdict filter_packet_from_peer(network_traffic_filter_impl_t *filter, n2n_edge_t *eee, const n2n_sock_t *peer, uint8_t *payload, uint16_t payload_size)
n2n_verdict filter_packet_from_peer(network_traffic_filter_t *filter, n2n_edge_t *eee, const n2n_sock_t *peer, uint8_t *payload, uint16_t payload_size)
{
filter_rule_pair_cache_t *cur_pkt_rule = 0;
packet_address_proto_info_t pkt_info;
@ -348,8 +339,10 @@ n2n_verdict filter_packet_from_peer(network_traffic_filter_impl_t *filter, n2n_e
return N2N_ACCEPT;
}
/* for [-Wmissing-declarations] */
n2n_verdict filter_packet_from_tap(network_traffic_filter_t *filter, n2n_edge_t *eee, uint8_t *payload, uint16_t payload_size);
n2n_verdict filter_packet_from_tap(network_traffic_filter_impl_t *filter, n2n_edge_t *eee, uint8_t *payload, uint16_t payload_size)
n2n_verdict filter_packet_from_tap(network_traffic_filter_t *filter, n2n_edge_t *eee, uint8_t *payload, uint16_t payload_size)
{
filter_rule_pair_cache_t *cur_pkt_rule = 0;
packet_address_proto_info_t pkt_info;
@ -364,47 +357,57 @@ n2n_verdict filter_packet_from_tap(network_traffic_filter_impl_t *filter, n2n_ed
return N2N_ACCEPT;
}
/* for [-Wmissing-declarations] */
network_traffic_filter_t *create_network_traffic_filter();
network_traffic_filter_t *create_network_traffic_filter() {
network_traffic_filter_impl_t *filter = malloc(sizeof(network_traffic_filter_impl_t));
network_traffic_filter_t *filter = malloc(sizeof(network_traffic_filter_t));
memset(filter, 0, sizeof(network_traffic_filter_impl_t));
memset(filter, 0, sizeof(network_traffic_filter_t));
filter->filter_packet_from_peer = filter_packet_from_peer;
filter->filter_packet_from_tap = filter_packet_from_tap;
return filter;
}
/* for [-Wmissing-declarations] */
void destroy_network_traffic_filter(network_traffic_filter_t *filter);
void destroy_network_traffic_filter(network_traffic_filter_t *filter) {
network_traffic_filter_impl_t *_filter = filter;
filter_rule_t *el = 0, *tmp = 0;
filter_rule_pair_cache_t* el1 = 0, * tmp1 = 0;
HASH_ITER(hh, _filter->rules, el, tmp)
HASH_ITER(hh, filter->rules, el, tmp)
{
HASH_DEL(_filter->rules, el);
HASH_DEL(filter->rules, el);
free(el);
}
HASH_ITER(hh, _filter->connections_rule_cache, el1, tmp1)
HASH_ITER(hh, filter->connections_rule_cache, el1, tmp1)
{
HASH_DEL(_filter->connections_rule_cache, el1);
HASH_DEL(filter->connections_rule_cache, el1);
free(el);
}
free(filter);
}
/* for [-Wmissing-declarations] */
void network_traffic_filter_add_rule(network_traffic_filter_t* filter, filter_rule_t* rules);
void network_traffic_filter_add_rule(network_traffic_filter_t* filter, filter_rule_t* rules) {
filter_rule_t *item=NULL, *tmp=NULL;
HASH_ITER(hh, rules, item, tmp) {
network_traffic_filter_impl_t *_filter = filter;
filter_rule_t *new_rule = malloc(sizeof(filter_rule_t));
memcpy(new_rule, item, sizeof(filter_rule_t));
HASH_ADD(hh, _filter->rules, key, sizeof(filter_rule_key_t), new_rule);
HASH_ADD(hh, filter->rules, key, sizeof(filter_rule_key_t), new_rule);
traceEvent(TRACE_NORMAL, "### ADD network traffic filter %s", get_filter_rule_info_log_string(new_rule));
}
}
/* for [-Wmissing-declarations] */
in_addr_t get_int32_addr_from_ip_string(const char* begin, const char* next_pos_of_last_char);
in_addr_t get_int32_addr_from_ip_string(const char* begin, const char* next_pos_of_last_char)
{
char buf[16] = {0};
@ -416,6 +419,9 @@ in_addr_t get_int32_addr_from_ip_string(const char* begin, const char* next_pos_
return inet_addr(buf);
}
/* for [-Wmissing-declarations] */
int get_int32_from_number_string(const char* begin, const char* next_pos_of_last_char);
int get_int32_from_number_string(const char* begin, const char* next_pos_of_last_char)
{
char buf[6] = {0};
@ -429,6 +435,9 @@ int get_int32_from_number_string(const char* begin, const char* next_pos_of_last
return atoi(buf);
}
/* for [-Wmissing-declarations] */
void process_traffic_filter_proto(const char* begin, const char* next_pos_of_last_char, filter_rule_t *rule_struct);
void process_traffic_filter_proto(const char* begin, const char* next_pos_of_last_char, filter_rule_t *rule_struct)
{
char buf[6] = {0};
@ -473,6 +482,9 @@ typedef enum
FPS_PROTO
} filter_process_stage;
/* for [-Wmissing-declarations] */
uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rule_struct);
uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rule_struct) {
const char *cur_pos = rule_str, *stage_begin_pos = rule_str;
filter_process_stage stage = FPS_SRC_NET;