kdxcxs
/
n2n
mirror of https://github.com/ntop/n2n.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Deal with warnings at `network_traffic_filter.c` (#508) 

* Add new file 'network_traffic_filter.c/.h"

* Add feature to drop or accept specific packet transmit over edge network interface by rules.

* fix CMakeLists.txt typo

* Update Rule String Format

* replace -F (filter) with -R (rule) for traffic restrictions.

* Update edge help (-h)  message. Update documents.

* Pass Build on CircleCI and local Windows 10 VS2019

* Fix cmake build failed because of sn_selection

* fix operate void* cause vs2016 build failed

* Fix typo to pass build on windows.

* add inttypes.h for n2n_typedefs.h to pass windows build

* modify headers to pass build on windows.

* Deal with warnings at `network_traffic_filter.c`

* network filter without type cast
pull/526/head
joshuafc 4 years ago
committed by GitHub
parent
348d2baaf2
commit
e66f913e81
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 103 additions and 53 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 46
      include/n2n_typedefs.h
  2. 110
      src/network_traffic_filter.c

46
include/n2n_typedefs.h
View File

@ -458,14 +458,52 @@ typedef enum {
/* *************************************************** */ /* *************************************************** */
typedef struct network_traffic_filter typedef enum {
FPP_UNKNOWN=0,
FPP_ARP = 1,
FPP_TCP=2,
FPP_UDP=3,
FPP_ICMP=4,
FPP_IGMP=5
} filter_packet_proto;
typedef struct packet_address_proto_info{
in_addr_t src_ip;
uint16_t src_port;
in_addr_t dst_ip;
uint16_t dst_port;
filter_packet_proto proto;
}packet_address_proto_info_t;
typedef struct filter_rule_pair_cache
{
packet_address_proto_info_t key;
uint8_t bool_allow_traffic;
uint32_t active_count;
UT_hash_handle hh; /* makes this structure hashable */
} filter_rule_pair_cache_t;
struct network_traffic_filter;
typedef struct network_traffic_filter network_traffic_filter_t;
struct network_traffic_filter
{ {
n2n_verdict (*filter_packet_from_peer)(struct network_traffic_filter* filter, n2n_edge_t *eee, n2n_verdict (*filter_packet_from_peer)(network_traffic_filter_t* filter, n2n_edge_t *eee,
const n2n_sock_t *peer, uint8_t *payload, uint16_t payload_size); const n2n_sock_t *peer, uint8_t *payload, uint16_t payload_size);
n2n_verdict (*filter_packet_from_tap)(struct network_traffic_filter* filter, n2n_edge_t *eee, uint8_t *payload, uint16_t payload_size); n2n_verdict (*filter_packet_from_tap)(network_traffic_filter_t* filter, n2n_edge_t *eee, uint8_t *payload, uint16_t payload_size);
filter_rule_t *rules;
} network_traffic_filter_t; filter_rule_pair_cache_t *connections_rule_cache;
uint32_t work_count_scene_last_clear;
};
/* *************************************************** */ /* *************************************************** */

110
src/network_traffic_filter.c
View File

@ -24,14 +24,8 @@
#define CLEAR_CACHE_EVERY_X_COUNT 10000 #define CLEAR_CACHE_EVERY_X_COUNT 10000
#define CLAER_CACHE_ACTIVE_COUNT 10 #define CLAER_CACHE_ACTIVE_COUNT 10
typedef enum { /* for [-Wmissing-declarations] */
FPP_UNKNOWN=0, const char* get_filter_packet_proto_name(filter_packet_proto proto);
FPP_ARP = 1,
FPP_TCP=2,
FPP_UDP=3,
FPP_ICMP=4,
FPP_IGMP=5
} filter_packet_proto;
const char* get_filter_packet_proto_name(filter_packet_proto proto) const char* get_filter_packet_proto_name(filter_packet_proto proto)
{ {
@ -52,13 +46,9 @@ const char* get_filter_packet_proto_name(filter_packet_proto proto)
} }
} }
typedef struct packet_address_proto_info{
in_addr_t src_ip; /* for [-Wmissing-declarations] */
uint16_t src_port; const char* get_filter_packet_info_log_string(packet_address_proto_info_t* info);
in_addr_t dst_ip;
uint16_t dst_port;
filter_packet_proto proto;
}packet_address_proto_info_t;
const char* get_filter_packet_info_log_string(packet_address_proto_info_t* info) const char* get_filter_packet_info_log_string(packet_address_proto_info_t* info)
{ {
@ -86,6 +76,9 @@ const char* get_filter_packet_info_log_string(packet_address_proto_info_t* info)
} }
} }
/* for [-Wmissing-declarations] */
void collect_packet_info(packet_address_proto_info_t* out_info, unsigned char *buffer, int size);
void collect_packet_info(packet_address_proto_info_t* out_info, unsigned char *buffer, int size) { void collect_packet_info(packet_address_proto_info_t* out_info, unsigned char *buffer, int size) {
ether_hdr_t *hdr_ether = (ether_hdr_t*)buffer; ether_hdr_t *hdr_ether = (ether_hdr_t*)buffer;
uint16_t ether_type = ntohs(hdr_ether->type); uint16_t ether_type = ntohs(hdr_ether->type);
@ -158,6 +151,9 @@ void collect_packet_info(packet_address_proto_info_t* out_info, unsigned char *b
}; };
} }
/* for [-Wmissing-declarations] */
const char* get_filter_rule_info_log_string(filter_rule_t* rule);
const char* get_filter_rule_info_log_string(filter_rule_t* rule) const char* get_filter_rule_info_log_string(filter_rule_t* rule)
{ {
static char buf[1024] = {0}; static char buf[1024] = {0};
@ -187,16 +183,10 @@ const char* get_filter_rule_info_log_string(filter_rule_t* rule)
return buf; return buf;
} }
typedef struct filter_rule_pair_cache
{
packet_address_proto_info_t key;
uint8_t bool_allow_traffic;
uint32_t active_count;
UT_hash_handle hh; /* makes this structure hashable */ /* for [-Wmissing-declarations] */
} filter_rule_pair_cache_t; uint8_t march_cidr_and_address(in_addr_t network, uint8_t net_bitlen, in_addr_t ip_addr);
uint8_t march_cidr_and_address(in_addr_t network, uint8_t net_bitlen, in_addr_t ip_addr) uint8_t march_cidr_and_address(in_addr_t network, uint8_t net_bitlen, in_addr_t ip_addr)
{ {
@ -210,6 +200,9 @@ uint8_t march_cidr_and_address(in_addr_t network, uint8_t net_bitlen, in_addr_t
return 0; return 0;
} }
/* for [-Wmissing-declarations] */
uint8_t march_rule_and_cache_key(filter_rule_key_t *rule_key, packet_address_proto_info_t *pkt_addr_info);
// if ports march, compare cidr. if cidr ok, return sum of src&dst cidr net_bitlen. means always select larger net_bitlen record when multi record is marched. // if ports march, compare cidr. if cidr ok, return sum of src&dst cidr net_bitlen. means always select larger net_bitlen record when multi record is marched.
uint8_t march_rule_and_cache_key(filter_rule_key_t *rule_key, packet_address_proto_info_t *pkt_addr_info) uint8_t march_rule_and_cache_key(filter_rule_key_t *rule_key, packet_address_proto_info_t *pkt_addr_info)
{ {
@ -244,6 +237,10 @@ uint8_t march_rule_and_cache_key(filter_rule_key_t *rule_key, packet_address_pro
return(0); return(0);
} }
/* for [-Wmissing-declarations] */
filter_rule_t* get_filter_rule(filter_rule_t **rules, packet_address_proto_info_t *pkt_addr_info);
filter_rule_t* get_filter_rule(filter_rule_t **rules, packet_address_proto_info_t *pkt_addr_info) filter_rule_t* get_filter_rule(filter_rule_t **rules, packet_address_proto_info_t *pkt_addr_info)
{ {
filter_rule_t *item = 0, *tmp = 0, *marched_rule = 0; filter_rule_t *item = 0, *tmp = 0, *marched_rule = 0;
@ -261,22 +258,11 @@ filter_rule_t* get_filter_rule(filter_rule_t **rules, packet_address_proto_info_
return marched_rule; return marched_rule;
} }
typedef struct network_traffic_filter_impl
{
n2n_verdict (*filter_packet_from_peer)(struct network_traffic_filter* filter, n2n_edge_t *eee,
const n2n_sock_t *peer, uint8_t *payload, uint16_t payload_size);
n2n_verdict (*filter_packet_from_tap)(struct network_traffic_filter* filter, n2n_edge_t *eee,
uint8_t *payload, uint16_t payload_size);
filter_rule_t *rules; /* for [-Wmissing-declarations] */
void update_and_clear_cache_if_need(network_traffic_filter_t *filter);
filter_rule_pair_cache_t *connections_rule_cache; void update_and_clear_cache_if_need(network_traffic_filter_t *filter)
uint32_t work_count_scene_last_clear;
}network_traffic_filter_impl_t;
void update_and_clear_cache_if_need(network_traffic_filter_impl_t *filter)
{ {
if( ++(filter->work_count_scene_last_clear) > CLEAR_CACHE_EVERY_X_COUNT) if( ++(filter->work_count_scene_last_clear) > CLEAR_CACHE_EVERY_X_COUNT)
{ {
@ -296,7 +282,10 @@ void update_and_clear_cache_if_need(network_traffic_filter_impl_t *filter)
} }
} }
filter_rule_pair_cache_t* get_or_create_filter_rule_cache(network_traffic_filter_impl_t *filter, packet_address_proto_info_t *pkt_addr_info) /* for [-Wmissing-declarations] */
filter_rule_pair_cache_t* get_or_create_filter_rule_cache(network_traffic_filter_t *filter, packet_address_proto_info_t *pkt_addr_info);
filter_rule_pair_cache_t* get_or_create_filter_rule_cache(network_traffic_filter_t *filter, packet_address_proto_info_t *pkt_addr_info)
{ {
filter_rule_pair_cache_t* rule_cache_find_result = 0; filter_rule_pair_cache_t* rule_cache_find_result = 0;
HASH_FIND(hh, filter->connections_rule_cache, pkt_addr_info, sizeof(packet_address_proto_info_t), rule_cache_find_result); HASH_FIND(hh, filter->connections_rule_cache, pkt_addr_info, sizeof(packet_address_proto_info_t), rule_cache_find_result);
@ -332,8 +321,10 @@ filter_rule_pair_cache_t* get_or_create_filter_rule_cache(network_traffic_filter
return rule_cache_find_result; return rule_cache_find_result;
} }
/* for [-Wmissing-declarations] */
n2n_verdict filter_packet_from_peer(network_traffic_filter_t *filter, n2n_edge_t *eee, const n2n_sock_t *peer, uint8_t *payload, uint16_t payload_size);
n2n_verdict filter_packet_from_peer(network_traffic_filter_impl_t *filter, n2n_edge_t *eee, const n2n_sock_t *peer, uint8_t *payload, uint16_t payload_size) n2n_verdict filter_packet_from_peer(network_traffic_filter_t *filter, n2n_edge_t *eee, const n2n_sock_t *peer, uint8_t *payload, uint16_t payload_size)
{ {
filter_rule_pair_cache_t *cur_pkt_rule = 0; filter_rule_pair_cache_t *cur_pkt_rule = 0;
packet_address_proto_info_t pkt_info; packet_address_proto_info_t pkt_info;
@ -348,8 +339,10 @@ n2n_verdict filter_packet_from_peer(network_traffic_filter_impl_t *filter, n2n_e
return N2N_ACCEPT; return N2N_ACCEPT;
} }
/* for [-Wmissing-declarations] */
n2n_verdict filter_packet_from_tap(network_traffic_filter_t *filter, n2n_edge_t *eee, uint8_t *payload, uint16_t payload_size);
n2n_verdict filter_packet_from_tap(network_traffic_filter_impl_t *filter, n2n_edge_t *eee, uint8_t *payload, uint16_t payload_size) n2n_verdict filter_packet_from_tap(network_traffic_filter_t *filter, n2n_edge_t *eee, uint8_t *payload, uint16_t payload_size)
{ {
filter_rule_pair_cache_t *cur_pkt_rule = 0; filter_rule_pair_cache_t *cur_pkt_rule = 0;
packet_address_proto_info_t pkt_info; packet_address_proto_info_t pkt_info;
@ -364,47 +357,57 @@ n2n_verdict filter_packet_from_tap(network_traffic_filter_impl_t *filter, n2n_ed
return N2N_ACCEPT; return N2N_ACCEPT;
} }
/* for [-Wmissing-declarations] */
network_traffic_filter_t *create_network_traffic_filter();
network_traffic_filter_t *create_network_traffic_filter() { network_traffic_filter_t *create_network_traffic_filter() {
network_traffic_filter_impl_t *filter = malloc(sizeof(network_traffic_filter_impl_t)); network_traffic_filter_t *filter = malloc(sizeof(network_traffic_filter_t));
memset(filter, 0, sizeof(network_traffic_filter_impl_t)); memset(filter, 0, sizeof(network_traffic_filter_t));
filter->filter_packet_from_peer = filter_packet_from_peer; filter->filter_packet_from_peer = filter_packet_from_peer;
filter->filter_packet_from_tap = filter_packet_from_tap; filter->filter_packet_from_tap = filter_packet_from_tap;
return filter; return filter;
} }
/* for [-Wmissing-declarations] */
void destroy_network_traffic_filter(network_traffic_filter_t *filter);
void destroy_network_traffic_filter(network_traffic_filter_t *filter) { void destroy_network_traffic_filter(network_traffic_filter_t *filter) {
network_traffic_filter_impl_t *_filter = filter;
filter_rule_t *el = 0, *tmp = 0; filter_rule_t *el = 0, *tmp = 0;
filter_rule_pair_cache_t* el1 = 0, * tmp1 = 0; filter_rule_pair_cache_t* el1 = 0, * tmp1 = 0;
HASH_ITER(hh, _filter->rules, el, tmp) HASH_ITER(hh, filter->rules, el, tmp)
{ {
HASH_DEL(_filter->rules, el); HASH_DEL(filter->rules, el);
free(el); free(el);
} }
HASH_ITER(hh, _filter->connections_rule_cache, el1, tmp1) HASH_ITER(hh, filter->connections_rule_cache, el1, tmp1)
{ {
HASH_DEL(_filter->connections_rule_cache, el1); HASH_DEL(filter->connections_rule_cache, el1);
free(el); free(el);
} }
free(filter); free(filter);
} }
/* for [-Wmissing-declarations] */
void network_traffic_filter_add_rule(network_traffic_filter_t* filter, filter_rule_t* rules);
void network_traffic_filter_add_rule(network_traffic_filter_t* filter, filter_rule_t* rules) { void network_traffic_filter_add_rule(network_traffic_filter_t* filter, filter_rule_t* rules) {
filter_rule_t *item=NULL, *tmp=NULL; filter_rule_t *item=NULL, *tmp=NULL;
HASH_ITER(hh, rules, item, tmp) { HASH_ITER(hh, rules, item, tmp) {
network_traffic_filter_impl_t *_filter = filter;
filter_rule_t *new_rule = malloc(sizeof(filter_rule_t)); filter_rule_t *new_rule = malloc(sizeof(filter_rule_t));
memcpy(new_rule, item, sizeof(filter_rule_t)); memcpy(new_rule, item, sizeof(filter_rule_t));
HASH_ADD(hh, _filter->rules, key, sizeof(filter_rule_key_t), new_rule); HASH_ADD(hh, filter->rules, key, sizeof(filter_rule_key_t), new_rule);
traceEvent(TRACE_NORMAL, "### ADD network traffic filter %s", get_filter_rule_info_log_string(new_rule)); traceEvent(TRACE_NORMAL, "### ADD network traffic filter %s", get_filter_rule_info_log_string(new_rule));
} }
} }
/* for [-Wmissing-declarations] */
in_addr_t get_int32_addr_from_ip_string(const char* begin, const char* next_pos_of_last_char);
in_addr_t get_int32_addr_from_ip_string(const char* begin, const char* next_pos_of_last_char) in_addr_t get_int32_addr_from_ip_string(const char* begin, const char* next_pos_of_last_char)
{ {
char buf[16] = {0}; char buf[16] = {0};
@ -416,6 +419,9 @@ in_addr_t get_int32_addr_from_ip_string(const char* begin, const char* next_pos_
return inet_addr(buf); return inet_addr(buf);
} }
/* for [-Wmissing-declarations] */
int get_int32_from_number_string(const char* begin, const char* next_pos_of_last_char);
int get_int32_from_number_string(const char* begin, const char* next_pos_of_last_char) int get_int32_from_number_string(const char* begin, const char* next_pos_of_last_char)
{ {
char buf[6] = {0}; char buf[6] = {0};
@ -429,6 +435,9 @@ int get_int32_from_number_string(const char* begin, const char* next_pos_of_last
return atoi(buf); return atoi(buf);
} }
/* for [-Wmissing-declarations] */
void process_traffic_filter_proto(const char* begin, const char* next_pos_of_last_char, filter_rule_t *rule_struct);
void process_traffic_filter_proto(const char* begin, const char* next_pos_of_last_char, filter_rule_t *rule_struct) void process_traffic_filter_proto(const char* begin, const char* next_pos_of_last_char, filter_rule_t *rule_struct)
{ {
char buf[6] = {0}; char buf[6] = {0};
@ -473,6 +482,9 @@ typedef enum
FPS_PROTO FPS_PROTO
} filter_process_stage; } filter_process_stage;
/* for [-Wmissing-declarations] */
uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rule_struct);
uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rule_struct) { uint8_t process_traffic_filter_rule_str(const char *rule_str, filter_rule_t *rule_struct) {
const char *cur_pos = rule_str, *stage_begin_pos = rule_str; const char *cur_pos = rule_str, *stage_begin_pos = rule_str;
filter_process_stage stage = FPS_SRC_NET; filter_process_stage stage = FPS_SRC_NET;

Write Preview
Loading…
Cancel
Save