void filter_clear(void) {
FILTERS_LOCK;
struct filter_list **l = GBL_FILTERS;
while (*l) {
filter_unload(l);
}
FILTERS_UNLOCK;
}
/*
* uload the filter chain
*/
void gtkui_stop_filter(void)
{
DEBUG_MSG("gtk_stop_filter");
filter_unload(GBL_FILTERS);
gtkui_message("Filters were unloaded");
}
/*
* uload the filter chain
*/
static void curses_stop_filter(void)
{
DEBUG_MSG("curses_stop_filter");
filter_unload(GBL_FILTERS);
curses_message("Filters were unloaded");
}
int filter_load(router_t r) {
char *filterfile;
FILE *f;
long size;
char *buf;
nad_t nad;
int i, nfilters, filter, from, to, what, redirect, error, log;
acl_t list_tail, acl;
log_debug(ZONE, "loading filter");
if(r->filter != NULL)
filter_unload(r);
filterfile = config_get_one(r->config, "aci.filter", 0);
if(filterfile == NULL)
filterfile = CONFIG_DIR "/router-filter.xml";
f = fopen(filterfile, "rb");
if(f == NULL) {
log_write(r->log, LOG_NOTICE, "couldn't open filter file %s: %s", filterfile, strerror(errno));
r->filter_load = time(NULL);
return 0;
}
fseek(f, 0, SEEK_END);
size = ftell(f);
fseek(f, 0, SEEK_SET);
buf = (char *) malloc(sizeof(char) * size);
if (fread(buf, 1, size, f) != size || ferror(f)) {
log_write(r->log, LOG_ERR, "couldn't read from filter file: %s", strerror(errno));
free(buf);
fclose(f);
return 1;
}
fclose(f);
nad = nad_parse(buf, size);
if(nad == NULL) {
log_write(r->log, LOG_ERR, "couldn't parse filter file");
free(buf);
return 1;
}
free(buf);
list_tail = NULL;
log_debug(ZONE, "building filter list");
nfilters = 0;
filter = nad_find_elem(nad, 0, -1, "rule", 1);
while(filter >= 0) {
from = nad_find_attr(nad, filter, -1, "from", NULL);
to = nad_find_attr(nad, filter, -1, "to", NULL);
what = nad_find_attr(nad, filter, -1, "what", NULL);
redirect = nad_find_attr(nad, filter, -1, "redirect", NULL);
error = nad_find_attr(nad, filter, -1, "error", NULL);
log = nad_find_attr(nad, filter, -1, "log", NULL);
acl = (acl_t) calloc(1, sizeof(struct acl_s));
if(from >= 0) {
if (NAD_AVAL_L(nad, from) == 0 )
acl->from = NULL;
else {
acl->from = (char *) malloc(sizeof(char) * (NAD_AVAL_L(nad, from) + 1));
sprintf(acl->from, "%.*s", NAD_AVAL_L(nad, from), NAD_AVAL(nad, from));
}
}
if(to >= 0) {
if (NAD_AVAL_L(nad, to) == 0 )
acl->to = NULL;
else {
acl->to = (char *) malloc(sizeof(char) * (NAD_AVAL_L(nad, to) + 1));
sprintf(acl->to, "%.*s", NAD_AVAL_L(nad, to), NAD_AVAL(nad, to));
}
}
if(what >= 0) {
if (NAD_AVAL_L(nad, what) == 0 || strncmp(NAD_AVAL(nad, what), "*", NAD_AVAL_L(nad, what)) == 0)
acl->what = NULL;
else {
acl->what = (char *) malloc(sizeof(char) * (NAD_AVAL_L(nad, what) + 1));
sprintf(acl->what, "%.*s", NAD_AVAL_L(nad, what), NAD_AVAL(nad, what));
}
}
if(redirect >= 0) {
if (NAD_AVAL_L(nad, redirect) == 0)
acl->redirect = NULL;
else {
acl->redirect_len = NAD_AVAL_L(nad, redirect);
acl->redirect = (char *) malloc(sizeof(char) * (acl->redirect_len + 1));
sprintf(acl->redirect, "%.*s", acl->redirect_len, NAD_AVAL(nad, redirect));
acl->error = stanza_err_REDIRECT;
}
}
if(error >= 0) {
acl->error = stanza_err_NOT_ALLOWED;
for(i=0; _stanza_errors[i].code != NULL; i++) {
if(_stanza_errors[i].name != NULL && strncmp(_stanza_errors[i].name, NAD_AVAL(nad, error), NAD_AVAL_L(nad, error)) == 0) {
acl->error = stanza_err_BAD_REQUEST + i;
break;
}
}
}
if(log >= 0) {
acl->log = ! strncasecmp(NAD_AVAL(nad, log), "YES", NAD_AVAL_L(nad, log));
acl->log |= ! strncasecmp(NAD_AVAL(nad, log), "ON", NAD_AVAL_L(nad, log));
}
if(list_tail != NULL) {
list_tail->next = acl;
list_tail = acl;
}
/* record the head of the list */
if(r->filter == NULL) {
r->filter = acl;
list_tail = acl;
}
log_debug(ZONE, "added %s rule: from=%s, to=%s, what=%s, redirect=%s, error=%d, log=%s", (acl->error?"deny":"allow"), acl->from, acl->to, acl->what, acl->redirect, acl->error, (acl->log?"yes":"no"));
nfilters++;
filter = nad_find_elem(nad, filter, -1, "rule", 0);
}
nad_free(nad);
log_write(r->log, LOG_NOTICE, "loaded filters (%d rules)", nfilters);
r->filter_load = time(NULL);
return 0;
}
