diff --git a/include/n2n_typedefs.h b/include/n2n_typedefs.h index cf1dba5..52df1d2 100644 --- a/include/n2n_typedefs.h +++ b/include/n2n_typedefs.h @@ -458,14 +458,52 @@ typedef enum { /* *************************************************** */ -typedef struct network_traffic_filter +typedef enum { + FPP_UNKNOWN=0, + FPP_ARP = 1, + FPP_TCP=2, + FPP_UDP=3, + FPP_ICMP=4, + FPP_IGMP=5 +} filter_packet_proto; + + +typedef struct packet_address_proto_info{ + in_addr_t src_ip; + uint16_t src_port; + in_addr_t dst_ip; + uint16_t dst_port; + filter_packet_proto proto; +}packet_address_proto_info_t; + +typedef struct filter_rule_pair_cache { - n2n_verdict (*filter_packet_from_peer)(struct network_traffic_filter* filter, n2n_edge_t *eee, + packet_address_proto_info_t key; + + uint8_t bool_allow_traffic; + + uint32_t active_count; + + UT_hash_handle hh; /* makes this structure hashable */ +} filter_rule_pair_cache_t; + +struct network_traffic_filter; +typedef struct network_traffic_filter network_traffic_filter_t; + +struct network_traffic_filter +{ + n2n_verdict (*filter_packet_from_peer)(network_traffic_filter_t* filter, n2n_edge_t *eee, const n2n_sock_t *peer, uint8_t *payload, uint16_t payload_size); - n2n_verdict (*filter_packet_from_tap)(struct network_traffic_filter* filter, n2n_edge_t *eee, uint8_t *payload, uint16_t payload_size); + n2n_verdict (*filter_packet_from_tap)(network_traffic_filter_t* filter, n2n_edge_t *eee, uint8_t *payload, uint16_t payload_size); + + filter_rule_t *rules; + + filter_rule_pair_cache_t *connections_rule_cache; -} network_traffic_filter_t; + uint32_t work_count_scene_last_clear; + +}; /* *************************************************** */ diff --git a/src/network_traffic_filter.c b/src/network_traffic_filter.c index 26dd3b4..7e6cd26 100644 --- a/src/network_traffic_filter.c +++ b/src/network_traffic_filter.c @@ -24,14 +24,8 @@ #define CLEAR_CACHE_EVERY_X_COUNT 10000 #define CLAER_CACHE_ACTIVE_COUNT 10 -typedef enum { - FPP_UNKNOWN=0, - FPP_ARP = 1, - FPP_TCP=2, - FPP_UDP=3, - FPP_ICMP=4, - FPP_IGMP=5 -} filter_packet_proto; +/* for [-Wmissing-declarations] */ +const char* get_filter_packet_proto_name(filter_packet_proto proto); const char* get_filter_packet_proto_name(filter_packet_proto proto) { @@ -52,13 +46,9 @@ const char* get_filter_packet_proto_name(filter_packet_proto proto) } } -typedef struct packet_address_proto_info{ - in_addr_t src_ip; - uint16_t src_port; - in_addr_t dst_ip; - uint16_t dst_port; - filter_packet_proto proto; -}packet_address_proto_info_t; + +/* for [-Wmissing-declarations] */ +const char* get_filter_packet_info_log_string(packet_address_proto_info_t* info); const char* get_filter_packet_info_log_string(packet_address_proto_info_t* info) { @@ -86,6 +76,9 @@ const char* get_filter_packet_info_log_string(packet_address_proto_info_t* info) } } +/* for [-Wmissing-declarations] */ +void collect_packet_info(packet_address_proto_info_t* out_info, unsigned char *buffer, int size); + void collect_packet_info(packet_address_proto_info_t* out_info, unsigned char *buffer, int size) { ether_hdr_t *hdr_ether = (ether_hdr_t*)buffer; uint16_t ether_type = ntohs(hdr_ether->type); @@ -158,6 +151,9 @@ void collect_packet_info(packet_address_proto_info_t* out_info, unsigned char *b }; } +/* for [-Wmissing-declarations] */ +const char* get_filter_rule_info_log_string(filter_rule_t* rule); + const char* get_filter_rule_info_log_string(filter_rule_t* rule) { static char buf[1024] = {0}; @@ -187,16 +183,10 @@ const char* get_filter_rule_info_log_string(filter_rule_t* rule) return buf; } -typedef struct filter_rule_pair_cache -{ - packet_address_proto_info_t key; - - uint8_t bool_allow_traffic; - uint32_t active_count; - UT_hash_handle hh; /* makes this structure hashable */ -} filter_rule_pair_cache_t; +/* for [-Wmissing-declarations] */ +uint8_t march_cidr_and_address(in_addr_t network, uint8_t net_bitlen, in_addr_t ip_addr); uint8_t march_cidr_and_address(in_addr_t network, uint8_t net_bitlen, in_addr_t ip_addr) { @@ -210,6 +200,9 @@ uint8_t march_cidr_and_address(in_addr_t network, uint8_t net_bitlen, in_addr_t return 0; } +/* for [-Wmissing-declarations] */ +uint8_t march_rule_and_cache_key(filter_rule_key_t *rule_key, packet_address_proto_info_t *pkt_addr_info); + // if ports march, compare cidr. if cidr ok, return sum of src&dst cidr net_bitlen. means always select larger net_bitlen record when multi record is marched. uint8_t march_rule_and_cache_key(filter_rule_key_t *rule_key, packet_address_proto_info_t *pkt_addr_info) { @@ -244,6 +237,10 @@ uint8_t march_rule_and_cache_key(filter_rule_key_t *rule_key, packet_address_pro return(0); } +/* for [-Wmissing-declarations] */ +filter_rule_t* get_filter_rule(filter_rule_t **rules, packet_address_proto_info_t *pkt_addr_info); + + filter_rule_t* get_filter_rule(filter_rule_t **rules, packet_address_proto_info_t *pkt_addr_info) { filter_rule_t *item = 0, *tmp = 0, *marched_rule = 0; @@ -261,22 +258,11 @@ filter_rule_t* get_filter_rule(filter_rule_t **rules, packet_address_proto_info_ return marched_rule; } -typedef struct network_traffic_filter_impl -{ - n2n_verdict (*filter_packet_from_peer)(struct network_traffic_filter* filter, n2n_edge_t *eee, - const n2n_sock_t *peer, uint8_t *payload, uint16_t payload_size); - - n2n_verdict (*filter_packet_from_tap)(struct network_traffic_filter* filter, n2n_edge_t *eee, - uint8_t *payload, uint16_t payload_size); - filter_rule_t *rules; +/* for [-Wmissing-declarations] */ +void update_and_clear_cache_if_need(network_traffic_filter_t *filter); - filter_rule_pair_cache_t *connections_rule_cache; - - uint32_t work_count_scene_last_clear; -}network_traffic_filter_impl_t; - -void update_and_clear_cache_if_need(network_traffic_filter_impl_t *filter) +void update_and_clear_cache_if_need(network_traffic_filter_t *filter) { if( ++(filter->work_count_scene_last_clear) > CLEAR_CACHE_EVERY_X_COUNT) { @@ -296,7 +282,10 @@ void update_and_clear_cache_if_need(network_traffic_filter_impl_t *filter) } } -filter_rule_pair_cache_t* get_or_create_filter_rule_cache(network_traffic_filter_impl_t *filter, packet_address_proto_info_t *pkt_addr_info) +/* for [-Wmissing-declarations] */ +filter_rule_pair_cache_t* get_or_create_filter_rule_cache(network_traffic_filter_t *filter, packet_address_proto_info_t *pkt_addr_info); + +filter_rule_pair_cache_t* get_or_create_filter_rule_cache(network_traffic_filter_t *filter, packet_address_proto_info_t *pkt_addr_info) { filter_rule_pair_cache_t* rule_cache_find_result = 0; HASH_FIND(hh, filter->connections_rule_cache, pkt_addr_info, sizeof(packet_address_proto_info_t), rule_cache_find_result); @@ -332,8 +321,10 @@ filter_rule_pair_cache_t* get_or_create_filter_rule_cache(network_traffic_filter return rule_cache_find_result; } +/* for [-Wmissing-declarations] */ +n2n_verdict filter_packet_from_peer(network_traffic_filter_t *filter, n2n_edge_t *eee, const n2n_sock_t *peer, uint8_t *payload, uint16_t payload_size); -n2n_verdict filter_packet_from_peer(network_traffic_filter_impl_t *filter, n2n_edge_t *eee, const n2n_sock_t *peer, uint8_t *payload, uint16_t payload_size) +n2n_verdict filter_packet_from_peer(network_traffic_filter_t *filter, n2n_edge_t *eee, const n2n_sock_t *peer, uint8_t *payload, uint16_t payload_size) { filter_rule_pair_cache_t *cur_pkt_rule = 0; packet_address_proto_info_t pkt_info; @@ -348,8 +339,10 @@ n2n_verdict filter_packet_from_peer(network_traffic_filter_impl_t *filter, n2n_e return N2N_ACCEPT; } +/* for [-Wmissing-declarations] */ +n2n_verdict filter_packet_from_tap(network_traffic_filter_t *filter, n2n_edge_t *eee, uint8_t *payload, uint16_t payload_size); -n2n_verdict filter_packet_from_tap(network_traffic_filter_impl_t *filter, n2n_edge_t *eee, uint8_t *payload, uint16_t payload_size) +n2n_verdict filter_packet_from_tap(network_traffic_filter_t *filter, n2n_edge_t *eee, uint8_t *payload, uint16_t payload_size) { filter_rule_pair_cache_t *cur_pkt_rule = 0; packet_address_proto_info_t pkt_info; @@ -364,47 +357,57 @@ n2n_verdict filter_packet_from_tap(network_traffic_filter_impl_t *filter, n2n_ed return N2N_ACCEPT; } +/* for [-Wmissing-declarations] */ +network_traffic_filter_t *create_network_traffic_filter(); + network_traffic_filter_t *create_network_traffic_filter() { - network_traffic_filter_impl_t *filter = malloc(sizeof(network_traffic_filter_impl_t)); + network_traffic_filter_t *filter = malloc(sizeof(network_traffic_filter_t)); - memset(filter, 0, sizeof(network_traffic_filter_impl_t)); + memset(filter, 0, sizeof(network_traffic_filter_t)); filter->filter_packet_from_peer = filter_packet_from_peer; filter->filter_packet_from_tap = filter_packet_from_tap; return filter; } +/* for [-Wmissing-declarations] */ +void destroy_network_traffic_filter(network_traffic_filter_t *filter); + void destroy_network_traffic_filter(network_traffic_filter_t *filter) { - network_traffic_filter_impl_t *_filter = filter; filter_rule_t *el = 0, *tmp = 0; filter_rule_pair_cache_t* el1 = 0, * tmp1 = 0; - HASH_ITER(hh, _filter->rules, el, tmp) + HASH_ITER(hh, filter->rules, el, tmp) { - HASH_DEL(_filter->rules, el); + HASH_DEL(filter->rules, el); free(el); } - HASH_ITER(hh, _filter->connections_rule_cache, el1, tmp1) + HASH_ITER(hh, filter->connections_rule_cache, el1, tmp1) { - HASH_DEL(_filter->connections_rule_cache, el1); + HASH_DEL(filter->connections_rule_cache, el1); free(el); } free(filter); } +/* for [-Wmissing-declarations] */ +void network_traffic_filter_add_rule(network_traffic_filter_t* filter, filter_rule_t* rules); + void network_traffic_filter_add_rule(network_traffic_filter_t* filter, filter_rule_t* rules) { filter_rule_t *item=NULL, *tmp=NULL; HASH_ITER(hh, rules, item, tmp) { - network_traffic_filter_impl_t *_filter = filter; filter_rule_t *new_rule = malloc(sizeof(filter_rule_t)); memcpy(new_rule, item, sizeof(filter_rule_t)); - HASH_ADD(hh, _filter->rules, key, sizeof(filter_rule_key_t), new_rule); + HASH_ADD(hh, filter->rules, key, sizeof(filter_rule_key_t), new_rule); traceEvent(TRACE_NORMAL, "### ADD network traffic filter %s", get_filter_rule_info_log_string(new_rule)); } } +/* for [-Wmissing-declarations] */ +in_addr_t get_int32_addr_from_ip_string(const char* begin, const char* next_pos_of_last_char); + in_addr_t get_int32_addr_from_ip_string(const char* begin, const char* next_pos_of_last_char) { char buf[16] = {0}; @@ -416,6 +419,9 @@ in_addr_t get_int32_addr_from_ip_string(const char* begin, const char* next_pos_ return inet_addr(buf); } +/* for [-Wmissing-declarations] */ +int get_int32_from_number_string(const char* begin, const char* next_pos_of_last_char); + int get_int32_from_number_string(const char* begin, const char* next_pos_of_last_char) { char buf[6] = {0}; @@ -429,6 +435,9 @@ int get_int32_from_number_string(const char* begin, const char* next_pos_of_last return atoi(buf); } +/* for [-Wmissing-declarations] */ +void process_traffic_filter_proto(const char* begin, const char* next_pos_of_last_char, filter_rule_t *rule_struct); + void process_traffic_filter_proto(const char* begin, const char* next_pos_of_last_char, filter_rule_t *rule_struct) { char buf[6] = {0}; @@ -473,6 +482,9 @@ typedef enum FPS_PROTO } filter_process_stage; +/* for [-Wmissing-declarations] */ +uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rule_struct); + uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rule_struct) { const char *cur_pos = rule_str, *stage_begin_pos = rule_str; filter_process_stage stage = FPS_SRC_NET;