@ -27,10 +27,9 @@
/* for [-Wmissing-declarations] */
/* for [-Wmissing-declarations] */
const char * get_filter_packet_proto_name ( filter_packet_proto proto ) ;
const char * get_filter_packet_proto_name ( filter_packet_proto proto ) ;
const char * get_filter_packet_proto_name ( filter_packet_proto proto )
const char * get_filter_packet_proto_name ( filter_packet_proto proto ) {
{
switch ( proto )
switch ( proto ) {
{
case FPP_ARP :
case FPP_ARP :
return " ARP " ;
return " ARP " ;
case FPP_TCP :
case FPP_TCP :
@ -50,24 +49,26 @@ const char* get_filter_packet_proto_name(filter_packet_proto proto)
/* for [-Wmissing-declarations] */
/* for [-Wmissing-declarations] */
const char * get_filter_packet_info_log_string ( packet_address_proto_info_t * info ) ;
const char * get_filter_packet_info_log_string ( packet_address_proto_info_t * info ) ;
const char * get_filter_packet_info_log_string ( packet_address_proto_info_t * info )
const char * get_filter_packet_info_log_string ( packet_address_proto_info_t * info ) {
{
static char buf [ 1024 ] = { 0 } ;
static char buf [ 1024 ] = { 0 } ;
switch ( info - > proto )
{
switch ( info - > proto ) {
case FPP_ARP :
case FPP_ARP :
case FPP_ICMP :
case FPP_ICMP :
case FPP_IGMP :
case FPP_IGMP :
return get_filter_packet_proto_name ( info - > proto ) ;
return get_filter_packet_proto_name ( info - > proto ) ;
case FPP_TCP :
case FPP_TCP :
case FPP_UDP :
case FPP_UDP : {
{
struct in_addr src , dst ;
struct in_addr src , dst ;
src . s_addr = info - > src_ip ;
src . s_addr = info - > src_ip ;
dst . s_addr = info - > dst_ip ;
dst . s_addr = info - > dst_ip ;
const char * proto = get_filter_packet_proto_name ( info - > proto ) ;
const char * proto = get_filter_packet_proto_name ( info - > proto ) ;
char src_ip [ 64 ] = { 0 } ; char dst_ip [ 64 ] = { 0 } ;
char src_ip [ 64 ] = { 0 } ;
strcpy ( src_ip , inet_ntoa ( src ) ) ; strcpy ( dst_ip , inet_ntoa ( dst ) ) ;
char dst_ip [ 64 ] = { 0 } ;
strcpy ( src_ip , inet_ntoa ( src ) ) ;
strcpy ( dst_ip , inet_ntoa ( dst ) ) ;
sprintf ( buf , " %s \t %s:%d->%s:%d " , proto , src_ip , info - > src_port , dst_ip , info - > dst_port ) ;
sprintf ( buf , " %s \t %s:%d->%s:%d " , proto , src_ip , info - > src_port , dst_ip , info - > dst_port ) ;
return buf ;
return buf ;
}
}
@ -80,23 +81,26 @@ const char* get_filter_packet_info_log_string(packet_address_proto_info_t* info)
void collect_packet_info ( packet_address_proto_info_t * out_info , unsigned char * buffer , int size ) ;
void collect_packet_info ( packet_address_proto_info_t * out_info , unsigned char * buffer , int size ) ;
void collect_packet_info ( packet_address_proto_info_t * out_info , unsigned char * buffer , int size ) {
void collect_packet_info ( packet_address_proto_info_t * out_info , unsigned char * buffer , int size ) {
ether_hdr_t * hdr_ether = ( ether_hdr_t * ) buffer ;
ether_hdr_t * hdr_ether = ( ether_hdr_t * ) buffer ;
uint16_t ether_type = ntohs ( hdr_ether - > type ) ;
uint16_t ether_type = ntohs ( hdr_ether - > type ) ;
struct n2n_iphdr * hdr_ip = NULL ;
struct n2n_iphdr * hdr_ip = NULL ;
struct n2n_tcphdr * hdr_tcp = NULL ;
struct n2n_tcphdr * hdr_tcp = NULL ;
struct n2n_udphdr * udp_hdr = NULL ;
struct n2n_udphdr * udp_hdr = NULL ;
memset ( out_info , 0 , sizeof ( packet_address_proto_info_t ) ) ;
memset ( out_info , 0 , sizeof ( packet_address_proto_info_t ) ) ;
switch ( ether_type ) {
switch ( ether_type ) {
case 0x0800 :
case 0x0800 : {
{
buffer + = sizeof ( ether_hdr_t ) ;
buffer + = sizeof ( ether_hdr_t ) ; size - = sizeof ( ether_hdr_t ) ; if ( size < = 0 ) return ;
size - = sizeof ( ether_hdr_t ) ;
if ( size < = 0 ) {
return ;
}
hdr_ip = ( struct n2n_iphdr * ) buffer ;
hdr_ip = ( struct n2n_iphdr * ) buffer ;
switch ( hdr_ip - > version )
switch ( hdr_ip - > version ) {
{
case 4 : {
case 4 :
{
out_info - > src_ip = hdr_ip - > saddr ;
out_info - > src_ip = hdr_ip - > saddr ;
out_info - > dst_ip = hdr_ip - > daddr ;
out_info - > dst_ip = hdr_ip - > daddr ;
switch ( hdr_ip - > protocol ) {
switch ( hdr_ip - > protocol ) {
@ -106,19 +110,25 @@ void collect_packet_info(packet_address_proto_info_t* out_info, unsigned char *b
case 0x02 :
case 0x02 :
out_info - > proto = FPP_IGMP ;
out_info - > proto = FPP_IGMP ;
break ;
break ;
case 0x06 :
case 0x06 : {
{
out_info - > proto = FPP_TCP ;
out_info - > proto = FPP_TCP ;
buffer + = hdr_ip - > ihl * 4 ; size - = hdr_ip - > ihl * 4 ; if ( size < = 0 ) return ;
buffer + = hdr_ip - > ihl * 4 ;
size - = hdr_ip - > ihl * 4 ;
if ( size < = 0 ) {
return ;
}
hdr_tcp = ( struct n2n_tcphdr * ) buffer ;
hdr_tcp = ( struct n2n_tcphdr * ) buffer ;
out_info - > src_port = ntohs ( hdr_tcp - > source ) ;
out_info - > src_port = ntohs ( hdr_tcp - > source ) ;
out_info - > dst_port = ntohs ( hdr_tcp - > dest ) ;
out_info - > dst_port = ntohs ( hdr_tcp - > dest ) ;
break ;
break ;
}
}
case 0x11 :
case 0x11 : {
{
out_info - > proto = FPP_UDP ;
out_info - > proto = FPP_UDP ;
buffer + = hdr_ip - > ihl * 4 ; size - = hdr_ip - > ihl * 4 ; if ( size < = 0 ) return ;
buffer + = hdr_ip - > ihl * 4 ;
size - = hdr_ip - > ihl * 4 ;
if ( size < = 0 ) {
return ;
}
udp_hdr = ( struct n2n_udphdr * ) buffer ;
udp_hdr = ( struct n2n_udphdr * ) buffer ;
out_info - > src_port = ntohs ( udp_hdr - > source ) ;
out_info - > src_port = ntohs ( udp_hdr - > source ) ;
out_info - > dst_port = ntohs ( udp_hdr - > dest ) ;
out_info - > dst_port = ntohs ( udp_hdr - > dest ) ;
@ -129,8 +139,7 @@ void collect_packet_info(packet_address_proto_info_t* out_info, unsigned char *b
} ;
} ;
break ;
break ;
}
}
case 6 :
case 6 : {
{
// TODO: IPV6 Not Support
// TODO: IPV6 Not Support
out_info - > proto = FPP_UNKNOWN ;
out_info - > proto = FPP_UNKNOWN ;
break ;
break ;
@ -154,16 +163,18 @@ void collect_packet_info(packet_address_proto_info_t* out_info, unsigned char *b
/* for [-Wmissing-declarations] */
/* for [-Wmissing-declarations] */
const char * get_filter_rule_info_log_string ( filter_rule_t * rule ) ;
const char * get_filter_rule_info_log_string ( filter_rule_t * rule ) ;
const char * get_filter_rule_info_log_string ( filter_rule_t * rule )
const char * get_filter_rule_info_log_string ( filter_rule_t * rule ) {
{
static char buf [ 1024 ] = { 0 } ;
static char buf [ 1024 ] = { 0 } ;
char * print_start = buf ;
char * print_start = buf ;
char src_net [ 64 ] = { 0 } ; char dst_net [ 64 ] = { 0 } ;
char src_net [ 64 ] = { 0 } ;
char dst_net [ 64 ] = { 0 } ;
struct in_addr src , dst ;
struct in_addr src , dst ;
src . s_addr = rule - > key . src_net_cidr ;
src . s_addr = rule - > key . src_net_cidr ;
dst . s_addr = rule - > key . dst_net_cidr ;
dst . s_addr = rule - > key . dst_net_cidr ;
strcpy ( src_net , inet_ntoa ( src ) ) ; strcpy ( dst_net , inet_ntoa ( dst ) ) ;
strcpy ( src_net , inet_ntoa ( src ) ) ;
strcpy ( dst_net , inet_ntoa ( dst ) ) ;
print_start + = sprintf ( print_start , " %s/%d:[%d,%d],%s/%d:[%d,%d] " ,
print_start + = sprintf ( print_start , " %s/%d:[%d,%d],%s/%d:[%d,%d] " ,
src_net , rule - > key . src_net_bit_len ,
src_net , rule - > key . src_net_bit_len ,
rule - > key . src_port_range . start_port , rule - > key . src_port_range . end_port ,
rule - > key . src_port_range . start_port , rule - > key . src_port_range . end_port ,
@ -174,12 +185,18 @@ const char* get_filter_rule_info_log_string(filter_rule_t* rule)
rule - > bool_accept_tcp ? ' + ' : ' - ' , rule - > bool_accept_udp ? ' + ' : ' - ' , rule - > bool_accept_icmp ? ' + ' : ' - '
rule - > bool_accept_tcp ? ' + ' : ' - ' , rule - > bool_accept_udp ? ' + ' : ' - ' , rule - > bool_accept_icmp ? ' + ' : ' - '
# endif
# endif
) ;
) ;
if ( rule - > key . bool_tcp_configured )
if ( rule - > key . bool_tcp_configured ) {
print_start + = sprintf ( print_start , " ,TCP%c " , rule - > bool_accept_tcp ? ' + ' : ' - ' ) ;
print_start + = sprintf ( print_start , " ,TCP%c " , rule - > bool_accept_tcp ? ' + ' : ' - ' ) ;
if ( rule - > key . bool_udp_configured )
}
if ( rule - > key . bool_udp_configured ) {
print_start + = sprintf ( print_start , " ,UDP%c " , rule - > bool_accept_udp ? ' + ' : ' - ' ) ;
print_start + = sprintf ( print_start , " ,UDP%c " , rule - > bool_accept_udp ? ' + ' : ' - ' ) ;
if ( rule - > key . bool_icmp_configured )
}
if ( rule - > key . bool_icmp_configured ) {
print_start + = sprintf ( print_start , " ,ICMP%c " , rule - > bool_accept_icmp ? ' + ' : ' - ' ) ;
print_start + = sprintf ( print_start , " ,ICMP%c " , rule - > bool_accept_icmp ? ' + ' : ' - ' ) ;
}
return buf ;
return buf ;
}
}
@ -188,35 +205,43 @@ const char* get_filter_rule_info_log_string(filter_rule_t* rule)
/* for [-Wmissing-declarations] */
/* for [-Wmissing-declarations] */
uint8_t march_cidr_and_address ( in_addr_t network , uint8_t net_bitlen , in_addr_t ip_addr ) ;
uint8_t march_cidr_and_address ( in_addr_t network , uint8_t net_bitlen , in_addr_t ip_addr ) ;
uint8_t march_cidr_and_address ( in_addr_t network , uint8_t net_bitlen , in_addr_t ip_addr )
uint8_t march_cidr_and_address ( in_addr_t network , uint8_t net_bitlen , in_addr_t ip_addr ) {
{
in_addr_t mask = 0 , ip_addr_network = 0 ;
in_addr_t mask = 0 , ip_addr_network = 0 ;
network = ntohl ( network ) , ip_addr = ntohl ( ip_addr ) ;
network = ntohl ( network ) ;
ip_addr = ntohl ( ip_addr ) ;
uint32_t mask1 = net_bitlen ! = 0 ? ( ( ~ mask ) < < ( 32u - net_bitlen ) ) : 0 ;
uint32_t mask1 = net_bitlen ! = 0 ? ( ( ~ mask ) < < ( 32u - net_bitlen ) ) : 0 ;
ip_addr_network = ip_addr & mask1 ;
ip_addr_network = ip_addr & mask1 ;
if ( network = = ip_addr_network )
if ( network = = ip_addr_network ) {
return net_bitlen + 1 ; // march 0.0.0.0/0 still march success, that case return 1
return net_bitlen + 1 ; // march 0.0.0.0/0 still march success, that case return 1
else
} else {
return 0 ;
return 0 ;
}
}
}
/* for [-Wmissing-declarations] */
/* for [-Wmissing-declarations] */
uint8_t march_rule_and_cache_key ( filter_rule_key_t * rule_key , packet_address_proto_info_t * pkt_addr_info ) ;
uint8_t march_rule_and_cache_key ( filter_rule_key_t * rule_key , packet_address_proto_info_t * pkt_addr_info ) ;
// if ports march, compare cidr. if cidr ok, return sum of src&dst cidr net_bitlen. means always select larger net_bitlen record when multi record is marched.
// if ports march, compare cidr. if cidr ok, return sum of src&dst cidr net_bitlen. means always select larger net_bitlen record when multi record is marched.
uint8_t march_rule_and_cache_key ( filter_rule_key_t * rule_key , packet_address_proto_info_t * pkt_addr_info )
uint8_t march_rule_and_cache_key ( filter_rule_key_t * rule_key , packet_address_proto_info_t * pkt_addr_info ) {
{
// march failed if proto is not configured at the rule.
// march failed if proto is not configured at the rule.
switch ( pkt_addr_info - > proto )
switch ( pkt_addr_info - > proto ) {
{
case FPP_ICMP :
case FPP_ICMP :
if ( ! rule_key - > bool_icmp_configured ) return 0 ;
if ( ! rule_key - > bool_icmp_configured ) {
return 0 ;
}
break ;
break ;
case FPP_UDP :
case FPP_UDP :
if ( ! rule_key - > bool_udp_configured ) return 0 ;
if ( ! rule_key - > bool_udp_configured ) {
return 0 ;
}
break ;
break ;
case FPP_TCP :
case FPP_TCP :
if ( ! rule_key - > bool_tcp_configured ) return 0 ;
if ( ! rule_key - > bool_tcp_configured ) {
return 0 ;
}
break ;
break ;
default :
default :
return 0 ;
return 0 ;
@ -226,13 +251,13 @@ uint8_t march_rule_and_cache_key(filter_rule_key_t *rule_key, packet_address_pro
if ( pkt_addr_info - > proto = = FPP_ICMP | | ( rule_key - > src_port_range . start_port < = pkt_addr_info - > src_port
if ( pkt_addr_info - > proto = = FPP_ICMP | | ( rule_key - > src_port_range . start_port < = pkt_addr_info - > src_port
& & pkt_addr_info - > src_port < = rule_key - > src_port_range . end_port
& & pkt_addr_info - > src_port < = rule_key - > src_port_range . end_port
& & rule_key - > dst_port_range . start_port < = pkt_addr_info - > dst_port
& & rule_key - > dst_port_range . start_port < = pkt_addr_info - > dst_port
& & pkt_addr_info - > dst_port < = rule_key - > dst_port_range . end_port ) )
& & pkt_addr_info - > dst_port < = rule_key - > dst_port_range . end_port ) ) {
{
uint8_t march_src_score = march_cidr_and_address ( rule_key - > src_net_cidr , rule_key - > src_net_bit_len , pkt_addr_info - > src_ip ) ;
uint8_t march_src_score = march_cidr_and_address ( rule_key - > src_net_cidr , rule_key - > src_net_bit_len , pkt_addr_info - > src_ip ) ;
uint8_t march_dst_score = march_cidr_and_address ( rule_key - > dst_net_cidr , rule_key - > dst_net_bit_len , pkt_addr_info - > dst_ip ) ;
uint8_t march_dst_score = march_cidr_and_address ( rule_key - > dst_net_cidr , rule_key - > dst_net_bit_len , pkt_addr_info - > dst_ip ) ;
if ( march_src_score > 0 & & march_dst_score > 0 )
if ( ( march_src_score > 0 ) & & ( march_dst_score > 0 ) ) {
return march_src_score + march_dst_score ;
return march_src_score + march_dst_score ;
}
}
}
return ( 0 ) ;
return ( 0 ) ;
}
}
@ -241,20 +266,20 @@ uint8_t march_rule_and_cache_key(filter_rule_key_t *rule_key, packet_address_pro
filter_rule_t * get_filter_rule ( filter_rule_t * * rules , packet_address_proto_info_t * pkt_addr_info ) ;
filter_rule_t * get_filter_rule ( filter_rule_t * * rules , packet_address_proto_info_t * pkt_addr_info ) ;
filter_rule_t * get_filter_rule ( filter_rule_t * * rules , packet_address_proto_info_t * pkt_addr_info )
filter_rule_t * get_filter_rule ( filter_rule_t * * rules , packet_address_proto_info_t * pkt_addr_info ) {
{
filter_rule_t * item = 0 , * tmp = 0 , * marched_rule = 0 ;
filter_rule_t * item = 0 , * tmp = 0 , * marched_rule = 0 ;
int march_score = 0 ;
int march_score = 0 ;
HASH_ITER ( hh , * rules , item , tmp ) {
HASH_ITER ( hh , * rules , item , tmp ) {
/* ... it is safe to delete and free s here */
/* ... it is safe to delete and free s here */
uint8_t cur_march_score = march_rule_and_cache_key ( & ( item - > key ) , pkt_addr_info ) ;
uint8_t cur_march_score = march_rule_and_cache_key ( & ( item - > key ) , pkt_addr_info ) ;
if ( cur_march_score > march_score )
if ( cur_march_score > march_score ) {
{
marched_rule = item ;
marched_rule = item ;
march_score = cur_march_score ;
march_score = cur_march_score ;
}
}
}
}
return marched_rule ;
return marched_rule ;
}
}
@ -262,15 +287,13 @@ filter_rule_t* get_filter_rule(filter_rule_t **rules, packet_address_proto_info_
/* for [-Wmissing-declarations] */
/* for [-Wmissing-declarations] */
void update_and_clear_cache_if_need ( network_traffic_filter_t * filter ) ;
void update_and_clear_cache_if_need ( network_traffic_filter_t * filter ) ;
void update_and_clear_cache_if_need ( network_traffic_filter_t * filter )
void update_and_clear_cache_if_need ( network_traffic_filter_t * filter ) {
{
if ( + + ( filter - > work_count_scene_last_clear ) > CLEAR_CACHE_EVERY_X_COUNT )
if ( + + ( filter - > work_count_scene_last_clear ) > CLEAR_CACHE_EVERY_X_COUNT ) {
{
filter_rule_pair_cache_t * item = NULL , * tmp = NULL ;
filter_rule_pair_cache_t * item = NULL , * tmp = NULL ;
HASH_ITER ( hh , filter - > connections_rule_cache , item , tmp ) {
HASH_ITER ( hh , filter - > connections_rule_cache , item , tmp ) {
/* ... it is safe to delete and free s here */
/* ... it is safe to delete and free s here */
if ( item - > active_count < CLAER_CACHE_ACTIVE_COUNT )
if ( item - > active_count < CLAER_CACHE_ACTIVE_COUNT ) {
{
traceEvent ( TRACE_DEBUG , " ### DELETE filter cache %s " , get_filter_packet_info_log_string ( & item - > key ) ) ;
traceEvent ( TRACE_DEBUG , " ### DELETE filter cache %s " , get_filter_packet_info_log_string ( & item - > key ) ) ;
HASH_DEL ( filter - > connections_rule_cache , item ) ;
HASH_DEL ( filter - > connections_rule_cache , item ) ;
free ( item ) ;
free ( item ) ;
@ -285,21 +308,20 @@ void update_and_clear_cache_if_need(network_traffic_filter_t *filter)
/* for [-Wmissing-declarations] */
/* for [-Wmissing-declarations] */
filter_rule_pair_cache_t * get_or_create_filter_rule_cache ( network_traffic_filter_t * filter , packet_address_proto_info_t * pkt_addr_info ) ;
filter_rule_pair_cache_t * get_or_create_filter_rule_cache ( network_traffic_filter_t * filter , packet_address_proto_info_t * pkt_addr_info ) ;
filter_rule_pair_cache_t * get_or_create_filter_rule_cache ( network_traffic_filter_t * filter , packet_address_proto_info_t * pkt_addr_info )
filter_rule_pair_cache_t * get_or_create_filter_rule_cache ( network_traffic_filter_t * filter , packet_address_proto_info_t * pkt_addr_info ) {
{
filter_rule_pair_cache_t * rule_cache_find_result = 0 ;
filter_rule_pair_cache_t * rule_cache_find_result = 0 ;
HASH_FIND ( hh , filter - > connections_rule_cache , pkt_addr_info , sizeof ( packet_address_proto_info_t ) , rule_cache_find_result ) ;
HASH_FIND ( hh , filter - > connections_rule_cache , pkt_addr_info , sizeof ( packet_address_proto_info_t ) , rule_cache_find_result ) ;
if ( ! rule_cache_find_result )
if ( ! rule_cache_find_result ) {
{
filter_rule_t * rule = get_filter_rule ( & filter - > rules , pkt_addr_info ) ;
filter_rule_t * rule = get_filter_rule ( & filter - > rules , pkt_addr_info ) ;
if ( ! rule )
if ( ! rule ) {
return NULL ;
return NULL ;
}
rule_cache_find_result = malloc ( sizeof ( filter_rule_pair_cache_t ) ) ;
rule_cache_find_result = malloc ( sizeof ( filter_rule_pair_cache_t ) ) ;
memset ( rule_cache_find_result , 0 , sizeof ( filter_rule_pair_cache_t ) ) ;
memset ( rule_cache_find_result , 0 , sizeof ( filter_rule_pair_cache_t ) ) ;
rule_cache_find_result - > key = * pkt_addr_info ;
rule_cache_find_result - > key = * pkt_addr_info ;
switch ( rule_cache_find_result - > key . proto )
switch ( rule_cache_find_result - > key . proto ) {
{
case FPP_ICMP :
case FPP_ICMP :
rule_cache_find_result - > bool_allow_traffic = rule - > bool_accept_icmp ;
rule_cache_find_result - > bool_allow_traffic = rule - > bool_accept_icmp ;
break ;
break ;
@ -318,42 +340,43 @@ filter_rule_pair_cache_t* get_or_create_filter_rule_cache(network_traffic_filter
}
}
+ + ( rule_cache_find_result - > active_count ) ;
+ + ( rule_cache_find_result - > active_count ) ;
update_and_clear_cache_if_need ( filter ) ;
update_and_clear_cache_if_need ( filter ) ;
return rule_cache_find_result ;
return rule_cache_find_result ;
}
}
/* for [-Wmissing-declarations] */
/* for [-Wmissing-declarations] */
n2n_verdict filter_packet_from_peer ( network_traffic_filter_t * filter , n2n_edge_t * eee , const n2n_sock_t * peer , uint8_t * payload , uint16_t payload_size ) ;
n2n_verdict filter_packet_from_peer ( network_traffic_filter_t * filter , n2n_edge_t * eee , const n2n_sock_t * peer , uint8_t * payload , uint16_t payload_size ) ;
n2n_verdict filter_packet_from_peer ( network_traffic_filter_t * filter , n2n_edge_t * eee , const n2n_sock_t * peer , uint8_t * payload , uint16_t payload_size )
n2n_verdict filter_packet_from_peer ( network_traffic_filter_t * filter , n2n_edge_t * eee , const n2n_sock_t * peer , uint8_t * payload , uint16_t payload_size ) {
{
filter_rule_pair_cache_t * cur_pkt_rule = 0 ;
filter_rule_pair_cache_t * cur_pkt_rule = 0 ;
packet_address_proto_info_t pkt_info ;
packet_address_proto_info_t pkt_info ;
collect_packet_info ( & pkt_info , payload , payload_size ) ;
collect_packet_info ( & pkt_info , payload , payload_size ) ;
cur_pkt_rule = get_or_create_filter_rule_cache ( filter , & pkt_info ) ;
cur_pkt_rule = get_or_create_filter_rule_cache ( filter , & pkt_info ) ;
if ( cur_pkt_rule & & ! cur_pkt_rule - > bool_allow_traffic )
if ( cur_pkt_rule & & ! cur_pkt_rule - > bool_allow_traffic ) {
{
traceEvent ( TRACE_DEBUG , " ### DROP %s " , get_filter_packet_info_log_string ( & pkt_info ) ) ;
traceEvent ( TRACE_DEBUG , " ### DROP %s " , get_filter_packet_info_log_string ( & pkt_info ) ) ;
return N2N_DROP ;
return N2N_DROP ;
}
}
return N2N_ACCEPT ;
return N2N_ACCEPT ;
}
}
/* for [-Wmissing-declarations] */
/* for [-Wmissing-declarations] */
n2n_verdict filter_packet_from_tap ( network_traffic_filter_t * filter , n2n_edge_t * eee , uint8_t * payload , uint16_t payload_size ) ;
n2n_verdict filter_packet_from_tap ( network_traffic_filter_t * filter , n2n_edge_t * eee , uint8_t * payload , uint16_t payload_size ) ;
n2n_verdict filter_packet_from_tap ( network_traffic_filter_t * filter , n2n_edge_t * eee , uint8_t * payload , uint16_t payload_size )
n2n_verdict filter_packet_from_tap ( network_traffic_filter_t * filter , n2n_edge_t * eee , uint8_t * payload , uint16_t payload_size ) {
{
filter_rule_pair_cache_t * cur_pkt_rule = 0 ;
filter_rule_pair_cache_t * cur_pkt_rule = 0 ;
packet_address_proto_info_t pkt_info ;
packet_address_proto_info_t pkt_info ;
collect_packet_info ( & pkt_info , payload , payload_size ) ;
collect_packet_info ( & pkt_info , payload , payload_size ) ;
cur_pkt_rule = get_or_create_filter_rule_cache ( filter , & pkt_info ) ;
cur_pkt_rule = get_or_create_filter_rule_cache ( filter , & pkt_info ) ;
if ( cur_pkt_rule & & ! cur_pkt_rule - > bool_allow_traffic )
if ( cur_pkt_rule & & ! cur_pkt_rule - > bool_allow_traffic ) {
{
traceEvent ( TRACE_DEBUG , " ### DROP %s " , get_filter_packet_info_log_string ( & pkt_info ) ) ;
traceEvent ( TRACE_DEBUG , " ### DROP %s " , get_filter_packet_info_log_string ( & pkt_info ) ) ;
return N2N_DROP ;
return N2N_DROP ;
}
}
return N2N_ACCEPT ;
return N2N_ACCEPT ;
}
}
@ -361,11 +384,13 @@ n2n_verdict filter_packet_from_tap(network_traffic_filter_t *filter, n2n_edge_t
network_traffic_filter_t * create_network_traffic_filter ( ) ;
network_traffic_filter_t * create_network_traffic_filter ( ) ;
network_traffic_filter_t * create_network_traffic_filter ( ) {
network_traffic_filter_t * create_network_traffic_filter ( ) {
network_traffic_filter_t * filter = malloc ( sizeof ( network_traffic_filter_t ) ) ;
network_traffic_filter_t * filter = malloc ( sizeof ( network_traffic_filter_t ) ) ;
memset ( filter , 0 , sizeof ( network_traffic_filter_t ) ) ;
memset ( filter , 0 , sizeof ( network_traffic_filter_t ) ) ;
filter - > filter_packet_from_peer = filter_packet_from_peer ;
filter - > filter_packet_from_peer = filter_packet_from_peer ;
filter - > filter_packet_from_tap = filter_packet_from_tap ;
filter - > filter_packet_from_tap = filter_packet_from_tap ;
return filter ;
return filter ;
}
}
@ -373,17 +398,16 @@ network_traffic_filter_t *create_network_traffic_filter() {
void destroy_network_traffic_filter ( network_traffic_filter_t * filter ) ;
void destroy_network_traffic_filter ( network_traffic_filter_t * filter ) ;
void destroy_network_traffic_filter ( network_traffic_filter_t * filter ) {
void destroy_network_traffic_filter ( network_traffic_filter_t * filter ) {
filter_rule_t * el = 0 , * tmp = 0 ;
filter_rule_t * el = 0 , * tmp = 0 ;
filter_rule_pair_cache_t * el1 = 0 , * tmp1 = 0 ;
filter_rule_pair_cache_t * el1 = 0 , * tmp1 = 0 ;
HASH_ITER ( hh , filter - > rules , el , tmp )
HASH_ITER ( hh , filter - > rules , el , tmp ) {
{
HASH_DEL ( filter - > rules , el ) ;
HASH_DEL ( filter - > rules , el ) ;
free ( el ) ;
free ( el ) ;
}
}
HASH_ITER ( hh , filter - > connections_rule_cache , el1 , tmp1 )
HASH_ITER ( hh , filter - > connections_rule_cache , el1 , tmp1 ) {
{
HASH_DEL ( filter - > connections_rule_cache , el1 ) ;
HASH_DEL ( filter - > connections_rule_cache , el1 ) ;
free ( el ) ;
free ( el ) ;
}
}
@ -395,6 +419,7 @@ void destroy_network_traffic_filter(network_traffic_filter_t *filter) {
void network_traffic_filter_add_rule ( network_traffic_filter_t * filter , filter_rule_t * rules ) ;
void network_traffic_filter_add_rule ( network_traffic_filter_t * filter , filter_rule_t * rules ) ;
void network_traffic_filter_add_rule ( network_traffic_filter_t * filter , filter_rule_t * rules ) {
void network_traffic_filter_add_rule ( network_traffic_filter_t * filter , filter_rule_t * rules ) {
filter_rule_t * item = NULL , * tmp = NULL ;
filter_rule_t * item = NULL , * tmp = NULL ;
HASH_ITER ( hh , rules , item , tmp ) {
HASH_ITER ( hh , rules , item , tmp ) {
@ -408,65 +433,62 @@ void network_traffic_filter_add_rule(network_traffic_filter_t* filter, filter_ru
/* for [-Wmissing-declarations] */
/* for [-Wmissing-declarations] */
in_addr_t get_int32_addr_from_ip_string ( const char * begin , const char * next_pos_of_last_char ) ;
in_addr_t get_int32_addr_from_ip_string ( const char * begin , const char * next_pos_of_last_char ) ;
in_addr_t get_int32_addr_from_ip_string ( const char * begin , const char * next_pos_of_last_char )
in_addr_t get_int32_addr_from_ip_string ( const char * begin , const char * next_pos_of_last_char ) {
{
char buf [ 16 ] = { 0 } ;
char buf [ 16 ] = { 0 } ;
if ( next_pos_of_last_char - begin > 15 ) {
if ( ( next_pos_of_last_char - begin ) > 15 ) {
traceEvent ( TRACE_WARNING , " Internal Error " ) ;
traceEvent ( TRACE_WARNING , " Internal Error " ) ;
return - 1 ;
return - 1 ;
}
}
memcpy ( buf , begin , next_pos_of_last_char - begin ) ;
memcpy ( buf , begin , ( next_pos_of_last_char - begin ) ) ;
return inet_addr ( buf ) ;
return inet_addr ( buf ) ;
}
}
/* for [-Wmissing-declarations] */
/* for [-Wmissing-declarations] */
int get_int32_from_number_string ( const char * begin , const char * next_pos_of_last_char ) ;
int get_int32_from_number_string ( const char * begin , const char * next_pos_of_last_char ) ;
int get_int32_from_number_string ( const char * begin , const char * next_pos_of_last_char )
int get_int32_from_number_string ( const char * begin , const char * next_pos_of_last_char ) {
{
char buf [ 6 ] = { 0 } ;
char buf [ 6 ] = { 0 } ;
if ( next_pos_of_last_char - begin > 5 ) // max is 65535, 5 char
if ( ( next_pos_of_last_char - begin ) > 5 ) { // max is 65535, 5 char
{
traceEvent ( TRACE_WARNING , " Internal Error " ) ;
traceEvent ( TRACE_WARNING , " Internal Error " ) ;
return 0 ;
return 0 ;
}
}
memcpy ( buf , begin , next_pos_of_last_char - begin ) ;
memcpy ( buf , begin , ( next_pos_of_last_char - begin ) ) ;
return atoi ( buf ) ;
return atoi ( buf ) ;
}
}
/* for [-Wmissing-declarations] */
/* for [-Wmissing-declarations] */
void process_traffic_filter_proto ( const char * begin , const char * next_pos_of_last_char , filter_rule_t * rule_struct ) ;
void process_traffic_filter_proto ( const char * begin , const char * next_pos_of_last_char , filter_rule_t * rule_struct ) ;
void process_traffic_filter_proto ( const char * begin , const char * next_pos_of_last_char , filter_rule_t * rule_struct )
void process_traffic_filter_proto ( const char * begin , const char * next_pos_of_last_char , filter_rule_t * rule_struct ) {
{
char buf [ 6 ] = { 0 } ;
char buf [ 6 ] = { 0 } ;
if ( next_pos_of_last_char - begin > 5 ) // max length str is "ICMP+", 5 char
if ( ( next_pos_of_last_char - begin ) > 5 ) { // max length str is "ICMP+", 5 char
{
traceEvent ( TRACE_WARNING , " Internal Error " ) ;
traceEvent ( TRACE_WARNING , " Internal Error " ) ;
}
}
memcpy ( buf , begin , next_pos_of_last_char - begin ) ;
memcpy ( buf , begin , ( next_pos_of_last_char - begin ) ) ;
if ( strstr ( buf , " TCP " ) ) {
if ( strstr ( buf , " TCP " ) ) {
rule_struct - > key . bool_tcp_configured = 1 ;
rule_struct - > key . bool_tcp_configured = 1 ;
rule_struct - > bool_accept_tcp = buf [ 3 ] = = ' + ' ;
rule_struct - > bool_accept_tcp = buf [ 3 ] = = ' + ' ;
}
} else if ( strstr ( buf , " UDP " ) ) {
else if ( strstr ( buf , " UDP " ) ) {
rule_struct - > key . bool_udp_configured = 1 ;
rule_struct - > key . bool_udp_configured = 1 ;
rule_struct - > bool_accept_udp = buf [ 3 ] = = ' + ' ;
rule_struct - > bool_accept_udp = buf [ 3 ] = = ' + ' ;
}
} else if ( strstr ( buf , " ICMP " ) ) {
else if ( strstr ( buf , " ICMP " ) )
{
rule_struct - > key . bool_icmp_configured = 1 ;
rule_struct - > key . bool_icmp_configured = 1 ;
rule_struct - > bool_accept_icmp = buf [ 4 ] = = ' + ' ;
rule_struct - > bool_accept_icmp = buf [ 4 ] = = ' + ' ;
}
} else {
else
traceEvent ( TRACE_WARNING , " Invalid Proto : %s " , buf ) ;
traceEvent ( TRACE_WARNING , " Invalid Proto : %s " , buf ) ;
}
}
}
typedef enum
typedef enum {
{
FPS_SRC_NET = 1 ,
FPS_SRC_NET = 1 ,
FPS_SRC_NET_BIT_LEN ,
FPS_SRC_NET_BIT_LEN ,
FPS_SRC_PORT_SINGLE ,
FPS_SRC_PORT_SINGLE ,
@ -486,17 +508,16 @@ typedef enum
uint8_t process_traffic_filter_rule_str ( const char * rule_str , filter_rule_t * rule_struct ) ;
uint8_t process_traffic_filter_rule_str ( const char * rule_str , filter_rule_t * rule_struct ) ;
uint8_t process_traffic_filter_rule_str ( const char * rule_str , filter_rule_t * rule_struct ) {
uint8_t process_traffic_filter_rule_str ( const char * rule_str , filter_rule_t * rule_struct ) {
const char * cur_pos = rule_str , * stage_begin_pos = rule_str ;
const char * cur_pos = rule_str , * stage_begin_pos = rule_str ;
filter_process_stage stage = FPS_SRC_NET ;
filter_process_stage stage = FPS_SRC_NET ;
while ( 1 )
{
while ( 1 ) {
switch ( stage )
switch ( stage ) {
{
case FPS_SRC_NET : {
case FPS_SRC_NET :
if ( ( * cur_pos > = ' 0 ' & & * cur_pos < = ' 9 ' ) | | * cur_pos = = ' . ' ) {
{
if ( ( * cur_pos > = ' 0 ' & & * cur_pos < = ' 9 ' ) | | * cur_pos = = ' . ' )
; // Normal FPS_SRC_NET, next char
; // Normal FPS_SRC_NET, next char
else if ( * cur_pos = = ' / ' ) {
} else if ( * cur_pos = = ' / ' ) {
// FPS_SRC_NET finish, next is FPS_SRC_NET_BIT_LEN
// FPS_SRC_NET finish, next is FPS_SRC_NET_BIT_LEN
rule_struct - > key . src_net_cidr = get_int32_addr_from_ip_string ( stage_begin_pos , cur_pos ) ;
rule_struct - > key . src_net_cidr = get_int32_addr_from_ip_string ( stage_begin_pos , cur_pos ) ;
stage_begin_pos = cur_pos + 1 ;
stage_begin_pos = cur_pos + 1 ;
@ -506,10 +527,11 @@ uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rul
rule_struct - > key . src_net_cidr = get_int32_addr_from_ip_string ( stage_begin_pos , cur_pos ) ;
rule_struct - > key . src_net_cidr = get_int32_addr_from_ip_string ( stage_begin_pos , cur_pos ) ;
rule_struct - > key . src_net_bit_len = 32 ;
rule_struct - > key . src_net_bit_len = 32 ;
stage_begin_pos = cur_pos + 1 ;
stage_begin_pos = cur_pos + 1 ;
if ( * ( cur_pos + 1 ) = = ' [ ' )
if ( * ( cur_pos + 1 ) = = ' [ ' ) {
stage = FPS_SRC_PORT_RANGE ;
stage = FPS_SRC_PORT_RANGE ;
else
} else {
stage = FPS_SRC_PORT_SINGLE ;
stage = FPS_SRC_PORT_SINGLE ;
}
} else if ( * cur_pos = = ' , ' ) {
} else if ( * cur_pos = = ' , ' ) {
// FPS_SRC_NET finish, ignore FPS_SRC_NET_BIT_LEN(default 32), ignore FPS_SRC_PORT(default all),
// FPS_SRC_NET finish, ignore FPS_SRC_NET_BIT_LEN(default 32), ignore FPS_SRC_PORT(default all),
// next is FPS_DST_NET
// next is FPS_DST_NET
@ -526,18 +548,18 @@ uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rul
break ;
break ;
}
}
case FPS_SRC_NET_BIT_LEN :
case FPS_SRC_NET_BIT_LEN : {
{
if ( ( * cur_pos > = ' 0 ' ) & & ( * cur_pos < = ' 9 ' ) ) {
if ( * cur_pos > = ' 0 ' & & * cur_pos < = ' 9 ' )
; // Normal FPS_SRC_NET_BIT_LEN, next char
; // Normal FPS_SRC_NET_BIT_LEN, next char
else if ( * cur_pos = = ' : ' ) {
} else if ( * cur_pos = = ' : ' ) {
// FPS_SRC_NET_BIT_LEN finish, next is one of FPS_SRC_PORT_RANGE/FPS_SRC_PORT_SINGLE
// FPS_SRC_NET_BIT_LEN finish, next is one of FPS_SRC_PORT_RANGE/FPS_SRC_PORT_SINGLE
rule_struct - > key . src_net_bit_len = get_int32_from_number_string ( stage_begin_pos , cur_pos ) ;
rule_struct - > key . src_net_bit_len = get_int32_from_number_string ( stage_begin_pos , cur_pos ) ;
stage_begin_pos = cur_pos + 1 ;
stage_begin_pos = cur_pos + 1 ;
if ( * ( cur_pos + 1 ) = = ' [ ' )
if ( * ( cur_pos + 1 ) = = ' [ ' ) {
stage = FPS_SRC_PORT_RANGE ;
stage = FPS_SRC_PORT_RANGE ;
else
} else {
stage = FPS_SRC_PORT_SINGLE ;
stage = FPS_SRC_PORT_SINGLE ;
}
} else if ( * cur_pos = = ' , ' ) {
} else if ( * cur_pos = = ' , ' ) {
// FPS_SRC_NET_BIT_LEN finish, ignore FPS_SRC_PORT(default all), next is FPS_DST_NET
// FPS_SRC_NET_BIT_LEN finish, ignore FPS_SRC_PORT(default all), next is FPS_DST_NET
rule_struct - > key . src_net_bit_len = get_int32_from_number_string ( stage_begin_pos , cur_pos ) ; ;
rule_struct - > key . src_net_bit_len = get_int32_from_number_string ( stage_begin_pos , cur_pos ) ; ;
@ -552,11 +574,10 @@ uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rul
break ;
break ;
}
}
case FPS_SRC_PORT_SINGLE :
case FPS_SRC_PORT_SINGLE : {
{
if ( ( * cur_pos > = ' 0 ' ) & & ( * cur_pos < = ' 9 ' ) ) {
if ( * cur_pos > = ' 0 ' & & * cur_pos < = ' 9 ' )
; // Normal FPS_SRC_PORT_SINGLE, next char
; // Normal FPS_SRC_PORT_SINGLE, next char
else if ( * cur_pos = = ' , ' ) {
} else if ( * cur_pos = = ' , ' ) {
// FPS_SRC_PORT_SINGLE finish, next is FPS_DST_NET
// FPS_SRC_PORT_SINGLE finish, next is FPS_DST_NET
rule_struct - > key . src_port_range . start_port = get_int32_from_number_string ( stage_begin_pos , cur_pos ) ;
rule_struct - > key . src_port_range . start_port = get_int32_from_number_string ( stage_begin_pos , cur_pos ) ;
rule_struct - > key . src_port_range . end_port = rule_struct - > key . src_port_range . start_port ;
rule_struct - > key . src_port_range . end_port = rule_struct - > key . src_port_range . start_port ;
@ -569,10 +590,8 @@ uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rul
break ;
break ;
}
}
case FPS_SRC_PORT_RANGE :
case FPS_SRC_PORT_RANGE : {
{
if ( * cur_pos = = ' [ ' ) {
if ( * cur_pos = = ' [ ' )
{
stage_begin_pos = cur_pos + 1 ;
stage_begin_pos = cur_pos + 1 ;
stage = FPS_SRC_PORT_START ;
stage = FPS_SRC_PORT_START ;
} else {
} else {
@ -581,12 +600,11 @@ uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rul
}
}
break ;
break ;
}
}
case FPS_SRC_PORT_START :
{
case FPS_SRC_PORT_START : {
if ( * cur_pos > = ' 0 ' & & * cur_pos < = ' 9 ' )
if ( ( * cur_pos > = ' 0 ' ) & & ( * cur_pos < = ' 9 ' ) ) {
; // Normal FPS_SRC_PORT_START, next char
; // Normal FPS_SRC_PORT_START, next char
else if ( * cur_pos = = ' , ' )
} else if ( * cur_pos = = ' , ' ) {
{
// FPS_SRC_PORT_START finish, next is FPS_SRC_PORT_END
// FPS_SRC_PORT_START finish, next is FPS_SRC_PORT_END
rule_struct - > key . src_port_range . start_port = get_int32_from_number_string ( stage_begin_pos , cur_pos ) ;
rule_struct - > key . src_port_range . start_port = get_int32_from_number_string ( stage_begin_pos , cur_pos ) ;
stage_begin_pos = cur_pos + 1 ;
stage_begin_pos = cur_pos + 1 ;
@ -597,12 +615,11 @@ uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rul
}
}
break ;
break ;
}
}
case FPS_SRC_PORT_END :
{
case FPS_SRC_PORT_END : {
if ( * cur_pos > = ' 0 ' & & * cur_pos < = ' 9 ' )
if ( ( * cur_pos > = ' 0 ' ) & & ( * cur_pos < = ' 9 ' ) ) {
; // Normal FPS_SRC_PORT_END, next char
; // Normal FPS_SRC_PORT_END, next char
else if ( * cur_pos = = ' ] ' & & * ( cur_pos + 1 ) = = ' , ' )
} else if ( ( * cur_pos = = ' ] ' ) & & ( * ( cur_pos + 1 ) = = ' , ' ) ) {
{
// FPS_SRC_PORT_END finish, next is FPS_DST_NET
// FPS_SRC_PORT_END finish, next is FPS_DST_NET
rule_struct - > key . src_port_range . end_port = get_int32_from_number_string ( stage_begin_pos , cur_pos ) ;
rule_struct - > key . src_port_range . end_port = get_int32_from_number_string ( stage_begin_pos , cur_pos ) ;
stage_begin_pos = cur_pos + 2 ;
stage_begin_pos = cur_pos + 2 ;
@ -614,11 +631,11 @@ uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rul
}
}
break ;
break ;
}
}
case FPS_DST_NET :
{
case FPS_DST_NET : {
if ( ( * cur_pos > = ' 0 ' & & * cur_pos < = ' 9 ' ) | | * cur_pos = = ' . ' )
if ( ( * cur_pos > = ' 0 ' & & * cur_pos < = ' 9 ' ) | | * cur_pos = = ' . ' ) {
; // Normal FPS_DST_NET, next char
; // Normal FPS_DST_NET, next char
else if ( * cur_pos = = ' / ' ) {
} else if ( * cur_pos = = ' / ' ) {
// FPS_DST_NET finish, next is FPS_DST_NET_BIT_LEN
// FPS_DST_NET finish, next is FPS_DST_NET_BIT_LEN
rule_struct - > key . dst_net_cidr = get_int32_addr_from_ip_string ( stage_begin_pos , cur_pos ) ;
rule_struct - > key . dst_net_cidr = get_int32_addr_from_ip_string ( stage_begin_pos , cur_pos ) ;
stage_begin_pos = cur_pos + 1 ;
stage_begin_pos = cur_pos + 1 ;
@ -628,11 +645,12 @@ uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rul
rule_struct - > key . dst_net_cidr = get_int32_addr_from_ip_string ( stage_begin_pos , cur_pos ) ;
rule_struct - > key . dst_net_cidr = get_int32_addr_from_ip_string ( stage_begin_pos , cur_pos ) ;
rule_struct - > key . dst_net_bit_len = 32 ;
rule_struct - > key . dst_net_bit_len = 32 ;
stage_begin_pos = cur_pos + 1 ;
stage_begin_pos = cur_pos + 1 ;
if ( * ( cur_pos + 1 ) = = ' [ ' )
if ( * ( cur_pos + 1 ) = = ' [ ' ) {
stage = FPS_DST_PORT_RANGE ;
stage = FPS_DST_PORT_RANGE ;
else
} else {
stage = FPS_DST_PORT_SINGLE ;
stage = FPS_DST_PORT_SINGLE ;
} else if ( * cur_pos = = ' , ' | | * cur_pos = = 0 ) {
}
} else if ( ( * cur_pos = = ' , ' ) | | ( * cur_pos = = 0 ) ) {
// FPS_DST_NET finish, ignore FPS_DST_NET_BIT_LEN(default 32), ignore FPS_DST_PORT(default all),
// FPS_DST_NET finish, ignore FPS_DST_NET_BIT_LEN(default 32), ignore FPS_DST_PORT(default all),
// next is FPS_PROTO
// next is FPS_PROTO
rule_struct - > key . dst_net_cidr = get_int32_addr_from_ip_string ( stage_begin_pos , cur_pos ) ;
rule_struct - > key . dst_net_cidr = get_int32_addr_from_ip_string ( stage_begin_pos , cur_pos ) ;
@ -647,19 +665,20 @@ uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rul
}
}
break ;
break ;
}
}
case FPS_DST_NET_BIT_LEN :
{
case FPS_DST_NET_BIT_LEN : {
if ( * cur_pos > = ' 0 ' & & * cur_pos < = ' 9 ' )
if ( ( * cur_pos > = ' 0 ' ) & & ( * cur_pos < = ' 9 ' ) ) {
; // Normal FPS_DST_NET_BIT_LEN, next char
; // Normal FPS_DST_NET_BIT_LEN, next char
else if ( * cur_pos = = ' : ' ) {
} else if ( * cur_pos = = ' : ' ) {
// FPS_DST_NET_BIT_LEN finish, next is one of FPS_DST_PORT_RANGE/FPS_DST_PORT_SINGLE
// FPS_DST_NET_BIT_LEN finish, next is one of FPS_DST_PORT_RANGE/FPS_DST_PORT_SINGLE
rule_struct - > key . dst_net_bit_len = get_int32_from_number_string ( stage_begin_pos , cur_pos ) ;
rule_struct - > key . dst_net_bit_len = get_int32_from_number_string ( stage_begin_pos , cur_pos ) ;
stage_begin_pos = cur_pos + 1 ;
stage_begin_pos = cur_pos + 1 ;
if ( * ( cur_pos + 1 ) = = ' [ ' )
if ( * ( cur_pos + 1 ) = = ' [ ' ) {
stage = FPS_DST_PORT_RANGE ;
stage = FPS_DST_PORT_RANGE ;
else
} else {
stage = FPS_DST_PORT_SINGLE ;
stage = FPS_DST_PORT_SINGLE ;
} else if ( * cur_pos = = ' , ' | | * cur_pos = = 0 ) {
}
} else if ( ( * cur_pos = = ' , ' ) | | ( * cur_pos = = 0 ) ) {
// FPS_DST_NET_BIT_LEN finish, ignore FPS_DST_PORT(default all), next is FPS_PROTO
// FPS_DST_NET_BIT_LEN finish, ignore FPS_DST_PORT(default all), next is FPS_PROTO
rule_struct - > key . dst_net_bit_len = get_int32_from_number_string ( stage_begin_pos , cur_pos ) ; ;
rule_struct - > key . dst_net_bit_len = get_int32_from_number_string ( stage_begin_pos , cur_pos ) ; ;
rule_struct - > key . dst_port_range . start_port = 0 ;
rule_struct - > key . dst_port_range . start_port = 0 ;
@ -672,11 +691,11 @@ uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rul
}
}
break ;
break ;
}
}
case FPS_DST_PORT_SINGLE :
{
case FPS_DST_PORT_SINGLE : {
if ( * cur_pos > = ' 0 ' & & * cur_pos < = ' 9 ' )
if ( ( * cur_pos > = ' 0 ' ) & & ( * cur_pos < = ' 9 ' ) ) {
; // Normal FPS_DST_PORT_SINGLE, next char
; // Normal FPS_DST_PORT_SINGLE, next char
else if ( * cur_pos = = ' , ' | | * cur_pos = = 0 ) {
} else if ( ( * cur_pos = = ' , ' ) | | ( * cur_pos = = 0 ) ) {
// FPS_DST_PORT_SINGLE finish, next is FPS_PROTO
// FPS_DST_PORT_SINGLE finish, next is FPS_PROTO
rule_struct - > key . dst_port_range . start_port = get_int32_from_number_string ( stage_begin_pos , cur_pos ) ;
rule_struct - > key . dst_port_range . start_port = get_int32_from_number_string ( stage_begin_pos , cur_pos ) ;
rule_struct - > key . dst_port_range . end_port = rule_struct - > key . dst_port_range . start_port ;
rule_struct - > key . dst_port_range . end_port = rule_struct - > key . dst_port_range . start_port ;
@ -688,10 +707,9 @@ uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rul
}
}
break ;
break ;
}
}
case FPS_DST_PORT_RANGE :
{
case FPS_DST_PORT_RANGE : {
if ( * cur_pos = = ' [ ' )
if ( * cur_pos = = ' [ ' ) {
{
stage_begin_pos = cur_pos + 1 ;
stage_begin_pos = cur_pos + 1 ;
stage = FPS_DST_PORT_START ;
stage = FPS_DST_PORT_START ;
} else {
} else {
@ -700,12 +718,11 @@ uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rul
}
}
break ;
break ;
}
}
case FPS_DST_PORT_START :
{
case FPS_DST_PORT_START : {
if ( * cur_pos > = ' 0 ' & & * cur_pos < = ' 9 ' )
if ( ( * cur_pos > = ' 0 ' ) & & ( * cur_pos < = ' 9 ' ) ) {
; // Normal FPS_DST_PORT_START, next char
; // Normal FPS_DST_PORT_START, next char
else if ( * cur_pos = = ' , ' )
} else if ( * cur_pos = = ' , ' ) {
{
// FPS_DST_PORT_START finish, next is FPS_DST_PORT_END
// FPS_DST_PORT_START finish, next is FPS_DST_PORT_END
rule_struct - > key . dst_port_range . start_port = get_int32_from_number_string ( stage_begin_pos , cur_pos ) ;
rule_struct - > key . dst_port_range . start_port = get_int32_from_number_string ( stage_begin_pos , cur_pos ) ;
stage_begin_pos = cur_pos + 1 ;
stage_begin_pos = cur_pos + 1 ;
@ -716,12 +733,11 @@ uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rul
}
}
break ;
break ;
}
}
case FPS_DST_PORT_END :
{
case FPS_DST_PORT_END : {
if ( * cur_pos > = ' 0 ' & & * cur_pos < = ' 9 ' )
if ( ( * cur_pos > = ' 0 ' ) & & ( * cur_pos < = ' 9 ' ) ) {
; // Normal FPS_DST_PORT_END, next char
; // Normal FPS_DST_PORT_END, next char
else if ( * cur_pos = = ' ] ' )
} else if ( * cur_pos = = ' ] ' ) {
{
// FPS_DST_PORT_END finish, next is FPS_PROTO
// FPS_DST_PORT_END finish, next is FPS_PROTO
rule_struct - > key . dst_port_range . end_port = get_int32_from_number_string ( stage_begin_pos , cur_pos ) ;
rule_struct - > key . dst_port_range . end_port = get_int32_from_number_string ( stage_begin_pos , cur_pos ) ;
stage = FPS_PROTO ;
stage = FPS_PROTO ;
@ -738,29 +754,29 @@ uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rul
}
}
break ;
break ;
}
}
case FPS_PROTO :
{
case FPS_PROTO : {
if ( * cur_pos ! = ' - ' & & * cur_pos ! = ' + ' & & * cur_pos ! = ' , ' )
if ( ( * cur_pos ! = ' - ' ) & & ( * cur_pos ! = ' + ' ) & & ( * cur_pos ! = ' , ' ) ) {
; // Normal FPS_PROTO. next char
; // Normal FPS_PROTO. next char
else if ( * cur_pos ! = ' , ' )
} else if ( * cur_pos ! = ' , ' ) {
{
process_traffic_filter_proto ( stage_begin_pos , cur_pos + 1 , rule_struct ) ;
process_traffic_filter_proto ( stage_begin_pos , cur_pos + 1 , rule_struct ) ;
if ( * ( cur_pos + 1 ) = = 0 ) // end of whole rule string
if ( * ( cur_pos + 1 ) = = 0 ) { // end of whole rule string
break ;
break ;
else { // new proto info, and skip next char ','
} else { // new proto info, and skip next char ','
stage_begin_pos = cur_pos + 2 ;
stage_begin_pos = cur_pos + 2 ;
+ + cur_pos ;
+ + cur_pos ;
}
}
}
} else {
else {
traceEvent ( TRACE_WARNING , " Internal Error: ',' should skiped " , * cur_pos , cur_pos - rule_str ) ;
traceEvent ( TRACE_WARNING , " Internal Error: ',' should skiped " , * cur_pos , cur_pos - rule_str ) ;
return 0 ;
return 0 ;
}
}
break ;
break ;
}
}
}
}
if ( 0 = = * cur_pos )
if ( 0 = = * cur_pos ) {
break ;
break ;
}
+ + cur_pos ;
+ + cur_pos ;
}
}