void safemode::create_rules() { safemode_rules.clear(); //process include/exclude in order of rules, global first, then character specific add_rules( global_rules ); add_rules( character_rules ); }
StateMachinePtr construct_asm(BindingsPtr bindings, NodePtr root, const AbstractStateMachineTable& asmt) { assert(root && root->get_op() == Op::abstract_state_machine); assert(root->size() == 4 || root->size() == 5); int argi = 0; std::string name = root->get_operand(argi++)->get_token().get_text(); std::string base_sm; if (root->size() == 5) { base_sm = root->get_operand(argi++)->get_token().get_text(); } NodePtr vars = root->get_operand(argi++); NodePtr funcs = root->get_operand(argi++); NodePtr rules = root->get_operand(argi++); StateMachinePtr sm = std::make_shared<StateMachine>(bindings, name); if (base_sm != "") { AbstractStateMachineTable::const_iterator it = asmt.find(base_sm); if (it == asmt.end()) { throw Exception(root->get_operand(1)->get_location(), "no such abstract state machine"); } sm->import_asm(it->second); } assert(vars->get_op() == Op::sm_vars); if (vars->size() > 0) { add_vars(sm, vars->get_operand(0)); } assert(funcs->get_op() == Op::sm_functions); if (funcs->size() > 0) { add_functions(sm, funcs->get_operand(0)); } add_rules(sm, bindings, rules); return sm; }
static void add_rules(StateMachinePtr sm, BindingsPtr bindings, NodePtr root) { if (root->get_op() == Op::sm_rules) { add_rules(sm, bindings, root->get_operand(0)); root = root->get_operand(1); } assert(root->get_op() == Op::sm_rule); if (root->size() == 1) { // handler root = root->get_operand(0); assert(root->get_op() == Op::ON); assert(root->get_operand(0)->get_op() == Op::CLOSE); root = root->get_operand(1); assert(root->get_op() == Op::sm_handler); if (root->size() == 1) { StateSet states; sm->add_close_handler(states, root->get_operand(0)); } else { StateSet states(sm->get_nofstates()); get_states(sm, root->get_operand(0), states); sm->add_close_handler(states, root->get_operand(1)); } } else { // regular rule NodePtr smcond = root->get_operand(0); StateMachineRulePtr rule; NodePtr node_expr; if (smcond->size() == 2) { NodePtr tree_expr = smcond->get_operand(0); NodeTypeSet nodetypes(nof_node_types(bindings)); get_node_expression(bindings, smcond->get_operand(1), nodetypes, node_expr); rule = std::make_shared<StateMachineRule>(sm, tree_expr, nodetypes, bindings->get_rules()); } else { if (smcond->get_operand(0)->get_op() == Op::cfg_node_expression) { NodeTypeSet nodetypes(nof_node_types(bindings)); get_node_expression(bindings, smcond->get_operand(0), nodetypes, node_expr); rule = std::make_shared<StateMachineRule>(sm, nodetypes, bindings->get_rules()); } else { NodePtr tree_expr = smcond->get_operand(0); rule = std::make_shared<StateMachineRule>(sm, tree_expr, bindings->get_rules()); } } if (node_expr) { rule->add_node_condition(node_expr); } if (root->get_operand(1)->get_op() == Op::sm_block) { NodePtr smblock = root->get_operand(1); rule->add_alternative(create_alternative(sm, smblock)); } else { add_alternatives(sm, rule, bindings, root->get_operand(1)); } sm->add_rule(rule); } }
void do_add_sa(struct shaft_conn *conn, char * rules) { u_int status, id, type; Buffer msg; id = conn->msg_id++; buffer_init(&msg); buffer_put_char(&msg, SHAFT_ADD_SA); buffer_put_int(&msg, id); send_msg(conn->fd_out, &msg); add_rules(rules); buffer_clear(&msg); status = get_status(conn->fd_in, id); if (status != SHAFT_OK) fatal("Couldn't add SA"); }
int acl_init(int is_ipv4) { unsigned int i; struct rte_acl_rule *acl_base_ipv4 = NULL, *acl_base_ipv6 = NULL; unsigned int acl_num_ipv4 = 0, acl_num_ipv6 = 0; struct rte_acl_ctx *acl_ctx; if (check_acl_config() != 0) { acl_log("Failed to get valid ACL options\n"); return -1; } dump_acl_config(); if (is_ipv4) { /* Load rules from the input file */ if (add_rules(acl_parm_config.rule_ipv4_name, &acl_base_ipv4, &acl_num_ipv4, sizeof(struct acl4_rule), &parse_cb_ipv4vlan_rule) < 0) { acl_log("Failed to add ipv4 rules\n"); return -1; } acl_log("IPv4 ACL entries %u:\n", acl_num_ipv4); dump_ipv4_rules((struct acl4_rule *)acl_base_ipv4, acl_num_ipv4, 1); for (i = 0; i < NB_SOCKETS; i++) { if ((acl_ctx = setup_acl(acl_base_ipv4, acl_num_ipv4, 0, i)) != NULL) { ipv4_acx[i] = acl_ctx; } else if (acl_num_ipv4 == 0) { ipv4_acx[i] = NULL; } else { acl_log("setup_acl failed for ipv4 with " "socketid %d, keeping previous rules " "for that socket\n", i); } } #ifdef L3FWDACL_DEBUG if (acl_base_ipv4) { acl_config.rule_ipv4 = (struct acl4_rule *)acl_base_ipv4; } #else free(acl_base_ipv4); #endif } else { if (add_rules(acl_parm_config.rule_ipv6_name, &acl_base_ipv6, &acl_num_ipv6, sizeof(struct acl6_rule), &parse_cb_ipv6_rule) < 0) { acl_log("Failed to add ipv6 rules\n"); return -1; } acl_log("IPv6 ACL entries %u:\n", acl_num_ipv6); dump_ipv6_rules((struct acl6_rule *)acl_base_ipv6, acl_num_ipv6, 1); for (i = 0; i < NB_SOCKETS; i++) { if ((acl_ctx = setup_acl(acl_base_ipv6, acl_num_ipv6, 1, i)) != NULL) { ipv6_acx[i] = acl_ctx; } else if (acl_num_ipv6 == 0) { ipv6_acx[i] = NULL; } else { acl_log("setup_acl failed for ipv6 with " "socketid %d, keeping previous rules " "for that socket\n", i); } } #ifdef L3FWDACL_DEBUG if (acl_base_ipv6) { acl_config.rule_ipv6 = (struct acl6_rule *)acl_base_ipv6; } #else free(acl_base_ipv6); #endif } int socketid, lcore_id; for (lcore_id = 0; lcore_id < RTE_MAX_LCORE; lcore_id++) { if (rte_lcore_is_enabled(lcore_id) == 0) continue; if (numa_on) socketid = rte_lcore_to_socket_id(lcore_id); else socketid = 0; rte_atomic64_cmpset( (uintptr_t *)&lcore_conf[lcore_id].new_acx_ipv4, (uintptr_t)lcore_conf[lcore_id].new_acx_ipv4, (uintptr_t)ipv4_acx[socketid]); rte_atomic64_cmpset( (uintptr_t *)&lcore_conf[lcore_id].new_acx_ipv6, (uintptr_t)lcore_conf[lcore_id].new_acx_ipv6, (uintptr_t)ipv6_acx[socketid]); } return 0; }
// // init_rules // create the rule table // void init_rules(char rules[255][20]) { int i,j; for (i = 0; i < 256; ++i) for (j = 0; j < 20; ++j) rules[i][j] = 0; add_rules(rules,0b00000000,""); // 0 add_rules(rules,0b11111111,""); // ~0 add_rules(rules,0b00000001,"eda"); // 1 add_rules(rules,0b11111110,"ade"); // ~1 add_rules(rules,0b00000011,"fed dbf"); // 2 add_rules(rules,0b11111100,"def fbd"); // ~2 add_rules(rules,0b00100001,"eda jif"); // 3 add_rules(rules,0b11011110,"ade fij"); // ~3 add_rules(rules,0b10000001,"eda gkj"); // 4 add_rules(rules,0b01111110,"ade jkg"); // ~4 add_rules(rules,0b00001110,"fhg fdh fad"); // 5 add_rules(rules,0b11110001,"ghf hdf daf"); // ~5 add_rules(rules,0b10000011,"fed fdb gkj"); // 6 add_rules(rules,0b01111100,"def bdf jkg"); // ~6 add_rules(rules,0b10010010,"bfa ile gkj"); // 7 add_rules(rules,0b01101101,"afb eli jkg"); // ~7 add_rules(rules,0b00001111,"ehg feg"); // 8 add_rules(rules,0b11110000,"ghe gef"); // ~8 add_rules(rules,0b01001101,"elk eka akg agb"); // 9 add_rules(rules,0b10110010,"kle ake gka bga"); // ~9 add_rules(rules,0b10011001,"ild ida ckj cjb"); // 10 add_rules(rules,0b01100110,"dli adi jkc bjc"); // ~10 add_rules(rules,0b10001101,"hkj hja hae ajb"); // 11 add_rules(rules,0b01110010,"jkh ajh eah bja"); // ~11 add_rules(rules,0b00011110,"ile hgf hfd dfa"); // 12 add_rules(rules,0b11100001,"eli fgh dfh afd"); // ~12 add_rules(rules,0b01101001,"eda bcg lkh jif"); // 13 add_rules(rules,0b10010110,"ade gcb hkl fij"); // ~13 add_rules(rules,0b01001110,"lkg lga lad agf"); // 14 add_rules(rules,0b10110001,"gkl agl dal fga"); // ~14 }
BOOL add_rules_name(const char *main_name, const char *config, int chain) { char buf[1024], *p, *p2, *section = NULL; BOOL result = FALSE; DWORD n; section = (char *)malloc(MAX_SECTION_SIZE); if (section == NULL) { liberr("malloc"); goto done; } /* 1. get ruleset string */ GetPrivateProfileString("_main_", main_name, "", buf, sizeof(buf), config); if (*buf == '\0') goto done; // no rules // reset all rules for chain if (!DeviceIoControl(g_device, IOCTL_CMD_CLEARCHAIN, &chain, sizeof(chain), NULL, 0, &n, NULL)) { winerr("DeviceIoControl"); goto done; } if (chain != 0) { // set chain name int len = sizeof(int) + MAX_PATH; char *data = (char *)malloc(len); if (data == NULL) { liberr("malloc"); goto done; } *(int *)data = chain; // try to extract environment variables from p to main_name ExpandEnvironmentStrings(main_name, data + sizeof(int), MAX_PATH); len = sizeof(int) + strlen(data + sizeof(int)) + 1; if (!DeviceIoControl(g_device, IOCTL_CMD_SETCHAINPNAME, data, len, NULL, 0, &n, NULL)) { winerr("DeviceIoControl"); free(data); goto done; } free(data); } /* 2. for each word in main_name string */ p = buf; while (p != NULL) { p2 = strchr(p, ' '); if (p2 != NULL) { while (*p2 == ' ') *(p2++) = '\0'; } if (*p != '\0') { // get section by name in p GetPrivateProfileSection(p, section, MAX_SECTION_SIZE, config); if (*section == '\0') error("\"%s\": unexistant or empty section %s", config, p); else add_rules(config, section, p, chain); } p = p2; } result = TRUE; done: free(section); return result; }