@ -24,14 +24,8 @@
# define CLEAR_CACHE_EVERY_X_COUNT 10000
# define CLAER_CACHE_ACTIVE_COUNT 10
typedef enum {
FPP_UNKNOWN = 0 ,
FPP_ARP = 1 ,
FPP_TCP = 2 ,
FPP_UDP = 3 ,
FPP_ICMP = 4 ,
FPP_IGMP = 5
} filter_packet_proto ;
/* for [-Wmissing-declarations] */
const char * get_filter_packet_proto_name ( filter_packet_proto proto ) ;
const char * get_filter_packet_proto_name ( filter_packet_proto proto )
{
@ -52,13 +46,9 @@ const char* get_filter_packet_proto_name(filter_packet_proto proto)
}
}
typedef struct packet_address_proto_info {
in_addr_t src_ip ;
uint16_t src_port ;
in_addr_t dst_ip ;
uint16_t dst_port ;
filter_packet_proto proto ;
} packet_address_proto_info_t ;
/* for [-Wmissing-declarations] */
const char * get_filter_packet_info_log_string ( packet_address_proto_info_t * info ) ;
const char * get_filter_packet_info_log_string ( packet_address_proto_info_t * info )
{
@ -86,6 +76,9 @@ const char* get_filter_packet_info_log_string(packet_address_proto_info_t* info)
}
}
/* for [-Wmissing-declarations] */
void collect_packet_info ( packet_address_proto_info_t * out_info , unsigned char * buffer , int size ) ;
void collect_packet_info ( packet_address_proto_info_t * out_info , unsigned char * buffer , int size ) {
ether_hdr_t * hdr_ether = ( ether_hdr_t * ) buffer ;
uint16_t ether_type = ntohs ( hdr_ether - > type ) ;
@ -158,6 +151,9 @@ void collect_packet_info(packet_address_proto_info_t* out_info, unsigned char *b
} ;
}
/* for [-Wmissing-declarations] */
const char * get_filter_rule_info_log_string ( filter_rule_t * rule ) ;
const char * get_filter_rule_info_log_string ( filter_rule_t * rule )
{
static char buf [ 1024 ] = { 0 } ;
@ -187,16 +183,10 @@ const char* get_filter_rule_info_log_string(filter_rule_t* rule)
return buf ;
}
typedef struct filter_rule_pair_cache
{
packet_address_proto_info_t key ;
uint8_t bool_allow_traffic ;
uint32_t active_count ;
UT_hash_handle hh ; /* makes this structure hashable */
} filter_rule_pair_cache_t ;
/* for [-Wmissing-declarations] */
uint8_t march_cidr_and_address ( in_addr_t network , uint8_t net_bitlen , in_addr_t ip_addr ) ;
uint8_t march_cidr_and_address ( in_addr_t network , uint8_t net_bitlen , in_addr_t ip_addr )
{
@ -210,6 +200,9 @@ uint8_t march_cidr_and_address(in_addr_t network, uint8_t net_bitlen, in_addr_t
return 0 ;
}
/* for [-Wmissing-declarations] */
uint8_t march_rule_and_cache_key ( filter_rule_key_t * rule_key , packet_address_proto_info_t * pkt_addr_info ) ;
// if ports march, compare cidr. if cidr ok, return sum of src&dst cidr net_bitlen. means always select larger net_bitlen record when multi record is marched.
uint8_t march_rule_and_cache_key ( filter_rule_key_t * rule_key , packet_address_proto_info_t * pkt_addr_info )
{
@ -244,6 +237,10 @@ uint8_t march_rule_and_cache_key(filter_rule_key_t *rule_key, packet_address_pro
return ( 0 ) ;
}
/* for [-Wmissing-declarations] */
filter_rule_t * get_filter_rule ( filter_rule_t * * rules , packet_address_proto_info_t * pkt_addr_info ) ;
filter_rule_t * get_filter_rule ( filter_rule_t * * rules , packet_address_proto_info_t * pkt_addr_info )
{
filter_rule_t * item = 0 , * tmp = 0 , * marched_rule = 0 ;
@ -261,22 +258,11 @@ filter_rule_t* get_filter_rule(filter_rule_t **rules, packet_address_proto_info_
return marched_rule ;
}
typedef struct network_traffic_filter_impl
{
n2n_verdict ( * filter_packet_from_peer ) ( struct network_traffic_filter * filter , n2n_edge_t * eee ,
const n2n_sock_t * peer , uint8_t * payload , uint16_t payload_size ) ;
n2n_verdict ( * filter_packet_from_tap ) ( struct network_traffic_filter * filter , n2n_edge_t * eee ,
uint8_t * payload , uint16_t payload_size ) ;
filter_rule_t * rules ;
/* for [-Wmissing-declarations] */
void update_and_clear_cache_if_need ( network_traffic_filter_t * filter ) ;
filter_rule_pair_cache_t * connections_rule_cache ;
uint32_t work_count_scene_last_clear ;
} network_traffic_filter_impl_t ;
void update_and_clear_cache_if_need ( network_traffic_filter_impl_t * filter )
void update_and_clear_cache_if_need ( network_traffic_filter_t * filter )
{
if ( + + ( filter - > work_count_scene_last_clear ) > CLEAR_CACHE_EVERY_X_COUNT )
{
@ -296,7 +282,10 @@ void update_and_clear_cache_if_need(network_traffic_filter_impl_t *filter)
}
}
filter_rule_pair_cache_t * get_or_create_filter_rule_cache ( network_traffic_filter_impl_t * filter , packet_address_proto_info_t * pkt_addr_info )
/* for [-Wmissing-declarations] */
filter_rule_pair_cache_t * get_or_create_filter_rule_cache ( network_traffic_filter_t * filter , packet_address_proto_info_t * pkt_addr_info ) ;
filter_rule_pair_cache_t * get_or_create_filter_rule_cache ( network_traffic_filter_t * filter , packet_address_proto_info_t * pkt_addr_info )
{
filter_rule_pair_cache_t * rule_cache_find_result = 0 ;
HASH_FIND ( hh , filter - > connections_rule_cache , pkt_addr_info , sizeof ( packet_address_proto_info_t ) , rule_cache_find_result ) ;
@ -332,8 +321,10 @@ filter_rule_pair_cache_t* get_or_create_filter_rule_cache(network_traffic_filter
return rule_cache_find_result ;
}
/* for [-Wmissing-declarations] */
n2n_verdict filter_packet_from_peer ( network_traffic_filter_t * filter , n2n_edge_t * eee , const n2n_sock_t * peer , uint8_t * payload , uint16_t payload_size ) ;
n2n_verdict filter_packet_from_peer ( network_traffic_filter_impl_t * filter , n2n_edge_t * eee , const n2n_sock_t * peer , uint8_t * payload , uint16_t payload_size )
n2n_verdict filter_packet_from_peer ( network_traffic_filter_t * filter , n2n_edge_t * eee , const n2n_sock_t * peer , uint8_t * payload , uint16_t payload_size )
{
filter_rule_pair_cache_t * cur_pkt_rule = 0 ;
packet_address_proto_info_t pkt_info ;
@ -348,8 +339,10 @@ n2n_verdict filter_packet_from_peer(network_traffic_filter_impl_t *filter, n2n_e
return N2N_ACCEPT ;
}
/* for [-Wmissing-declarations] */
n2n_verdict filter_packet_from_tap ( network_traffic_filter_t * filter , n2n_edge_t * eee , uint8_t * payload , uint16_t payload_size ) ;
n2n_verdict filter_packet_from_tap ( network_traffic_filter_impl_t * filter , n2n_edge_t * eee , uint8_t * payload , uint16_t payload_size )
n2n_verdict filter_packet_from_tap ( network_traffic_filter_t * filter , n2n_edge_t * eee , uint8_t * payload , uint16_t payload_size )
{
filter_rule_pair_cache_t * cur_pkt_rule = 0 ;
packet_address_proto_info_t pkt_info ;
@ -364,47 +357,57 @@ n2n_verdict filter_packet_from_tap(network_traffic_filter_impl_t *filter, n2n_ed
return N2N_ACCEPT ;
}
/* for [-Wmissing-declarations] */
network_traffic_filter_t * create_network_traffic_filter ( ) ;
network_traffic_filter_t * create_network_traffic_filter ( ) {
network_traffic_filter_impl_t * filter = malloc ( sizeof ( network_traffic_filter_impl_t ) ) ;
network_traffic_filter_t * filter = malloc ( sizeof ( network_traffic_filter_t ) ) ;
memset ( filter , 0 , sizeof ( network_traffic_filter_impl_ t ) ) ;
memset ( filter , 0 , sizeof ( network_traffic_filter_t ) ) ;
filter - > filter_packet_from_peer = filter_packet_from_peer ;
filter - > filter_packet_from_tap = filter_packet_from_tap ;
return filter ;
}
/* for [-Wmissing-declarations] */
void destroy_network_traffic_filter ( network_traffic_filter_t * filter ) ;
void destroy_network_traffic_filter ( network_traffic_filter_t * filter ) {
network_traffic_filter_impl_t * _filter = filter ;
filter_rule_t * el = 0 , * tmp = 0 ;
filter_rule_pair_cache_t * el1 = 0 , * tmp1 = 0 ;
HASH_ITER ( hh , _ filter- > rules , el , tmp )
HASH_ITER ( hh , filter - > rules , el , tmp )
{
HASH_DEL ( _ filter- > rules , el ) ;
HASH_DEL ( filter - > rules , el ) ;
free ( el ) ;
}
HASH_ITER ( hh , _ filter- > connections_rule_cache , el1 , tmp1 )
HASH_ITER ( hh , filter - > connections_rule_cache , el1 , tmp1 )
{
HASH_DEL ( _ filter- > connections_rule_cache , el1 ) ;
HASH_DEL ( filter - > connections_rule_cache , el1 ) ;
free ( el ) ;
}
free ( filter ) ;
}
/* for [-Wmissing-declarations] */
void network_traffic_filter_add_rule ( network_traffic_filter_t * filter , filter_rule_t * rules ) ;
void network_traffic_filter_add_rule ( network_traffic_filter_t * filter , filter_rule_t * rules ) {
filter_rule_t * item = NULL , * tmp = NULL ;
HASH_ITER ( hh , rules , item , tmp ) {
network_traffic_filter_impl_t * _filter = filter ;
filter_rule_t * new_rule = malloc ( sizeof ( filter_rule_t ) ) ;
memcpy ( new_rule , item , sizeof ( filter_rule_t ) ) ;
HASH_ADD ( hh , _ filter- > rules , key , sizeof ( filter_rule_key_t ) , new_rule ) ;
HASH_ADD ( hh , filter - > rules , key , sizeof ( filter_rule_key_t ) , new_rule ) ;
traceEvent ( TRACE_NORMAL , " ### ADD network traffic filter %s " , get_filter_rule_info_log_string ( new_rule ) ) ;
}
}
/* for [-Wmissing-declarations] */
in_addr_t get_int32_addr_from_ip_string ( const char * begin , const char * next_pos_of_last_char ) ;
in_addr_t get_int32_addr_from_ip_string ( const char * begin , const char * next_pos_of_last_char )
{
char buf [ 16 ] = { 0 } ;
@ -416,6 +419,9 @@ in_addr_t get_int32_addr_from_ip_string(const char* begin, const char* next_pos_
return inet_addr ( buf ) ;
}
/* for [-Wmissing-declarations] */
int get_int32_from_number_string ( const char * begin , const char * next_pos_of_last_char ) ;
int get_int32_from_number_string ( const char * begin , const char * next_pos_of_last_char )
{
char buf [ 6 ] = { 0 } ;
@ -429,6 +435,9 @@ int get_int32_from_number_string(const char* begin, const char* next_pos_of_last
return atoi ( buf ) ;
}
/* for [-Wmissing-declarations] */
void process_traffic_filter_proto ( const char * begin , const char * next_pos_of_last_char , filter_rule_t * rule_struct ) ;
void process_traffic_filter_proto ( const char * begin , const char * next_pos_of_last_char , filter_rule_t * rule_struct )
{
char buf [ 6 ] = { 0 } ;
@ -473,6 +482,9 @@ typedef enum
FPS_PROTO
} filter_process_stage ;
/* for [-Wmissing-declarations] */
uint8_t process_traffic_filter_rule_str ( const char * rule_str , filter_rule_t * rule_struct ) ;
uint8_t process_traffic_filter_rule_str ( const char * rule_str , filter_rule_t * rule_struct ) {
const char * cur_pos = rule_str , * stage_begin_pos = rule_str ;
filter_process_stage stage = FPS_SRC_NET ;