int link_level (unsigned ip, int color) { if (color == 0) { return 32; } if (color == 1) { int i; int l = 0; for (i = 0; i < rules_num; i++) if (network[i].type == 1) { struct netrule *A = &network[i]; if (check_rule (A, ip) && A->level1 > l) { l = A->level1; } } return l; } if (color == 2) { int i; int l = 0; for (i = 0; i < rules_num; i++) if (network[i].type == 2) { struct netrule *A = &network[i]; if (check_rule (A, ip) && A->level2 > l) { l = A->level2; } } return l; } return 0; }
int check_common_rule (struct netrule *A, unsigned ip1, unsigned ip2) { assert (A->type); if (A->type == 1) { return check_rule (A, ip1) && check_rule (A, ip2); } else { return 2 * (check_rule (A, ip1) && check_rule (A, ip2) && ((ip1 & ~(A->mask2)) == (ip2 & ~(A->mask2)))); } }
void context::flush_add_rules() { datalog::rule_manager& rm = get_rule_manager(); scoped_proof_mode _scp(m, generate_proof_trace()?PGM_FINE:PGM_DISABLED); while (m_rule_fmls_head < m_rule_fmls.size()) { expr* fml = m_rule_fmls[m_rule_fmls_head].get(); proof* p = generate_proof_trace()?m.mk_asserted(fml):0; rm.mk_rule(fml, p, m_rule_set, m_rule_names[m_rule_fmls_head]); ++m_rule_fmls_head; } rule_set::iterator it = m_rule_set.begin(), end = m_rule_set.end(); rule_ref r(m_rule_manager); for (; it != end; ++it) { r = *it; check_rule(r); } }
int dp_can_connect_str(str *domain, int rec_level) { struct rdata* head; struct rdata* l; struct naptr_rdata* naptr; struct naptr_rdata* next_naptr; int ret; str newdomain; char uri[MAX_URI_SIZE]; struct avp_stack stack; int last_order = -1; int failed = 0; int found_anything = 0; str pattern, replacement, result; stack_reset(&stack); /* If we're in a recursive call, set the domain-replacement */ if ( rec_level > 0 ) { stack_push(&stack, domain_replacement_name.s.s, domain->s); stack.succeeded = 0; } if (rec_level > MAX_DDDS_RECURSIONS) { LM_ERR("too many indirect NAPTRs. Aborting at %.*s.\n", domain->len, ZSW(domain->s)); return(DP_DDDS_RET_DNSERROR); } LM_INFO("looking up Domain itself: %.*s\n",domain->len, ZSW(domain->s)); ret = check_rule(domain,"D2P+sip:dom", 11, &stack); if (ret == 1) { LM_INFO("found a match on domain itself\n"); stack_to_avp(&stack); return(DP_DDDS_RET_POSITIVE); } else if (ret == 0) { LM_INFO("no match on domain itself.\n"); stack_reset(&stack); /* If we're in a recursive call, set the domain-replacement */ if ( rec_level > 0 ) { stack_push(&stack, domain_replacement_name.s.s, (char *) domain->s); stack.succeeded = 0; } } else { return(DP_DDDS_RET_DNSERROR); /* actually: DB error */ } LM_INFO("doing DDDS with %.*s\n",domain->len, ZSW(domain->s)); head = get_record(domain->s, T_NAPTR, RES_ONLY_TYPE); if (head == 0) { LM_NOTICE("no NAPTR record found for %.*s.\n", domain->len, ZSW(domain->s)); return(DP_DDDS_RET_NOTFOUND); } LM_DBG("found the following NAPTRs: \n"); for (l = head; l; l = l->next) { if (l->type != T_NAPTR) { LM_DBG("found non-NAPTR record.\n"); continue; /*should never happen*/ } naptr = (struct naptr_rdata*)l->rdata; if (naptr == 0) { LM_CRIT("null rdata\n"); continue; } LM_DBG("order %u, pref %u, flen %u, flags '%.*s', slen %u, " "services '%.*s', rlen %u, regexp '%.*s', repl '%s'\n", naptr->order, naptr->pref, naptr->flags_len, (int)(naptr->flags_len), ZSW(naptr->flags), naptr->services_len, (int)(naptr->services_len), ZSW(naptr->services), naptr->regexp_len, (int)(naptr->regexp_len), ZSW(naptr->regexp), ZSW(naptr->repl) ); } LM_DBG("sorting...\n"); naptr_sort(&head); for (l = head; l; l = l->next) { if (l->type != T_NAPTR) continue; /*should never happen*/ naptr = (struct naptr_rdata*)l->rdata; if (naptr == 0) { LM_CRIT("null rdata\n"); continue; } LM_DBG("considering order %u, pref %u, flen %u, flags '%.*s', slen %u, " "services '%.*s', rlen %u, regexp '%.*s', repl '%s'\n", naptr->order, naptr->pref, naptr->flags_len, (int)(naptr->flags_len), ZSW(naptr->flags), naptr->services_len, (int)(naptr->services_len), ZSW(naptr->services), naptr->regexp_len, (int)(naptr->regexp_len), ZSW(naptr->regexp), ZSW(naptr->repl) ); /* * New order? then we check whether the had success during the last one. * If yes, we can leave the loop. */ if (last_order != naptr->order) { last_order = naptr->order; failed = 0; if (stack_succeeded(&stack)) { LM_INFO("we don't need to consider further orders " "(starting with %d).\n",last_order); break; } } else if (failed) { LM_INFO("order %d has already failed.\n",last_order); continue; } /* * NAPTRs we don't care about */ if (!IS_D2PNAPTR(naptr)) continue; /* * once we've been here, don't return DP_DDDS_RET_NOTFOUND */ found_anything = 1; next_naptr = NULL; if (l->next && (l->next->type == T_NAPTR)) { next_naptr = (struct naptr_rdata*)l->next->rdata; } /* * Non-terminal? */ if ((naptr->services_len == 7) && !strncasecmp("D2P+SIP", naptr->services,7) && (naptr->flags_len == 0)){ LM_INFO("found non-terminal NAPTR\n"); /* * This needs to be the only record with this order. */ if (next_naptr && (next_naptr->order == naptr->order) && IS_D2PNAPTR(next_naptr)) { LM_ERR("non-terminal NAPTR needs to be the only one " "with this order %.*s.\n", domain->len, ZSW(domain->s)); return(DP_DDDS_RET_DNSERROR); } newdomain.s = naptr->repl; newdomain.len = strlen(naptr->repl); ret = dp_can_connect_str(&newdomain, rec_level + 1); if (ret == DP_DDDS_RET_POSITIVE) /* succeeded, we're done. */ return(ret); if (ret == DP_DDDS_RET_NEGATIVE) /* found rules, did not work */ continue; /* look for more rules */ if (ret == DP_DDDS_RET_DNSERROR) /* errors during lookup */ return(ret); /* report them */ if (ret == DP_DDDS_RET_NOTFOUND) /* no entries in linked domain? */ return(ret); /* ok, fine. go with that */ continue; /* not reached */ } /* * wrong kind of terminal */ if ((naptr->flags_len != 1) || (tolower(naptr->flags[0]) != 'u')) { LM_ERR("terminal NAPTR needs flag = 'u' and not '%.*s'.\n", (int)naptr->flags_len, ZSW(naptr->flags)); /* * It's not that clear what we should do now: Ignore this records or regard it as failed. * We go with "ignore" for now. */ continue; } if (parse_naptr_regexp(&(naptr->regexp[0]), naptr->regexp_len, &pattern, &replacement) < 0) { LM_ERR("parsing of NAPTR regexp failed\n"); continue; } result.s = &(uri[0]); result.len = MAX_URI_SIZE; /* Avoid making copies of pattern and replacement */ pattern.s[pattern.len] = (char)0; replacement.s[replacement.len] = (char)0; if (reg_replace(pattern.s, replacement.s, domain->s, &result) < 0) { pattern.s[pattern.len] = '!'; replacement.s[replacement.len] = '!'; LM_ERR("regexp replace failed\n"); continue; } LM_INFO("resulted in replacement: '%.*s'\n", result.len, ZSW(result.s)); pattern.s[pattern.len] = '!'; replacement.s[replacement.len] = '!'; ret = check_rule(&result,naptr->services,naptr->services_len, &stack); if (ret == 1) { LM_INFO("positive return\n"); } else if (ret == 0) { LM_INFO("check_rule failed.\n"); stack_reset(&stack); /* If we're in a recursive call, set the domain-replacement */ if ( rec_level > 0 ) { stack_push(&stack, domain_replacement_name.s.s, (char *) domain->s); stack.succeeded = 0; } failed = 1; } else { return(DP_DDDS_RET_DNSERROR); } } if (stack_succeeded(&stack)) { LM_INFO("calling stack_to_avp.\n"); stack_to_avp(&stack); return(DP_DDDS_RET_POSITIVE); } LM_INFO("returning %d.\n", (found_anything ? DP_DDDS_RET_NEGATIVE : DP_DDDS_RET_NOTFOUND)); return( found_anything ? DP_DDDS_RET_NEGATIVE : DP_DDDS_RET_NOTFOUND ); }