IPSET * ipset_copy( IPSET *ipsp ) { IPSET * newset = ipset_new(); IP_PORT *ip_port; for(ip_port =(IP_PORT*)sflist_first( &ipsp->ip_list ); ip_port !=NULL; ip_port =(IP_PORT*)sflist_next( &ipsp->ip_list ) ) { ipset_add(newset, &ip_port->ip, &ip_port->portset, ip_port->notflag); } return newset; }
void test_ip4set_parsing(void) { char **curip; int ret; char *ips[] = { "12.24.24.1/32,!24.24.24.1", "[0.0.0.0/0.0.2.0,241.242.241.22]", "138.26.1.24", "1.1.1.1", "1.1.1.1/16", "1.1.1.1/255.255.255.255", "z/24", "0/0", "0.0.0.0/0.0.0.0", "0.0.0.0/0.0.2.0", NULL }; for(curip = ips; curip[0] != NULL; curip++) { IPSET *ipset = ipset_new(IPV4_FAMILY); /* network byte order stuff */ if((ret = ip4_setparse(ipset, curip[0])) != 0) { ipset_free(ipset); fprintf(stderr, "Unable to parse %s with ret %d\n", curip[0], ret); } else { printf("-[%s]\n ", curip[0]); ipset_print(ipset); printf("---------------------\n "); } } return; }
IPSET * ipset_copy( IPSET *ipsp ) { int family; IPSET * newset = NULL; CIDRBLOCK *cbp; CIDRBLOCK6 *cbp6; if(ipsp) { family = ipset_family( ipsp ); newset = ipset_new(family) ; if( family == IPV4_FAMILY ) { for(cbp =(CIDRBLOCK*)sflist_first( &ipsp->cidr_list ); cbp !=NULL; cbp =(CIDRBLOCK*)sflist_next( &ipsp->cidr_list ) ) { ipset_add(newset, &cbp->ip, &cbp->mask, &cbp->portset, cbp->notflag, family); } } else { for(cbp6 =(CIDRBLOCK6*)sflist_first( &ipsp->cidr_list ); cbp6 !=NULL; cbp6 =(CIDRBLOCK6*)sflist_next( &ipsp->cidr_list ) ) { ipset_add(newset, &cbp6->ip, &cbp6->mask, &cbp6->portset, cbp6->notflag, family); } } } return newset; }
ip_set_t * ipset_load(GInputStream *stream, GError **err) { ip_set_t *set; ipset_node_id_t node; set = ipset_new(); if (set == NULL) return NULL; GError *suberror = NULL; node = ipset_node_cache_load (stream, ipset_cache, &suberror); if (suberror != NULL) { g_propagate_error(err, suberror); ipset_free(set); return NULL; } set->set_bdd = node; return set; }
static void FlowPSParseOption(PS_CONFIG *config, char *fname, int lineno, char *key, char *value) { int ivalue; if(!key || !value) { FatalError("%s:(%d) Invalid command line arguments!\n"); } if(s_debug > 1) flow_printf("key: %s value: %s\n", key, value); if(!strcasecmp(key, "scoreboard-memcap-talker")) { ivalue = atoi(value); config->sb_memcap_talker = ivalue; } else if(!strcasecmp(key, "scoreboard-memcap-scanner")) { ivalue = atoi(value); config->sb_memcap_scanner = ivalue; } else if(!strcasecmp(key,"unique-memcap")) { ivalue = atoi(value); config->ut_memcap = ivalue; } else if(!strcasecmp(key,"server-memcap")) { ivalue = atoi(value); config->server_memcap = ivalue; } else if(!strcasecmp(key, "scoreboard-rows-talker")) { ivalue = atoi(value); config->sb_rows_talker = ivalue; } else if(!strcasecmp(key, "scoreboard-rows-scanner")) { ivalue = atoi(value); config->sb_rows_scanner = ivalue; } else if(!strcasecmp(key,"unique-rows")) { ivalue = atoi(value); config->ut_rows = ivalue; } else if(!strcasecmp(key,"server-rows")) { ivalue = atoi(value); config->server_rows = ivalue; } else if(!strcasecmp(key, "server-watchnet")) { IPSET *ipset = ipset_new(IPV4_FAMILY); if(!ipset || ip4_setparse(ipset, value) !=0) { FatalError("%s(%d) Unable to create an IPSet from %s\n", file_name,file_line,value); } config->server_watchnet_ipv4 = ipset; } else if(!strcasecmp(key, "src-ignore-net")) { IPSET *ipset = ipset_new(IPV4_FAMILY); if(!ipset || ip4_setparse(ipset, value) !=0) { FatalError("%s(%d) Unable to create an IPSet from %s\n", file_name,file_line,value); } config->src_ignore_ipv4 = ipset; } else if(!strcasecmp(key, "dst-ignore-net")) { IPSET *ipset = ipset_new(IPV4_FAMILY); if(!ipset || ip4_setparse(ipset, value) !=0) { FatalError("%s(%d) Unable to create an IPSet from %s\n", file_name,file_line,value); } config->dst_ignore_ipv4 = ipset; } else if(!strcasecmp(key, "tcp-penalties")) { if(toggle_option(key, value, &config->tcp_penalties)) { FatalError("%s(%d) Error processing %s directive (value = %s)\n", file_name,file_line,key,value); } } else if(!strcasecmp(key, "server-learning-time")) { ivalue = atoi(value); config->server_learning_time = ivalue; } else if(!strcasecmp(key, "server-ignore-limit")) { ivalue = atoi(value); config->server_ignore_limit = ivalue; } else if(!strcasecmp(key, "server-scanner-limit")) { ivalue = atoi(value); config->server_scanner_limit = ivalue; } else if(!strcasecmp(key, "talker-fixed-threshold")) { ivalue = atoi(value); config->limit_talker.fixed = ivalue; } else if(!strcasecmp(key, "talker-sliding-threshold")) { ivalue = atoi(value); config->limit_talker.sliding = ivalue; } else if(!strcasecmp(key, "talker-fixed-window")) { ivalue = atoi(value); config->limit_talker.fixed_size = ivalue; } else if(!strcasecmp(key, "talker-sliding-window")) { ivalue = atoi(value); config->limit_talker.sliding_size = ivalue; } else if(!strcasecmp(key, "talker-sliding-scale-factor")) { config->limit_talker.window_scale = (float)strtod(value, NULL); } else if(!strcasecmp(key, "scanner-fixed-threshold")) { ivalue = atoi(value); config->limit_scanner.fixed = ivalue; } else if(!strcasecmp(key, "scanner-sliding-threshold")) { ivalue = atoi(value); config->limit_scanner.sliding = ivalue; } else if(!strcasecmp(key, "scanner-fixed-window")) { ivalue = atoi(value); config->limit_scanner.fixed_size = ivalue; } else if(!strcasecmp(key, "scanner-sliding-window")) { ivalue = atoi(value); config->limit_scanner.sliding_size = ivalue; } else if(!strcasecmp(key, "scanner-sliding-scale-factor")) { config->limit_scanner.window_scale = (float)strtod(value, NULL); } else if(!strcasecmp(key, "base-score")) { config->base_score = atoi(value); } else if(!strcasecmp(key, "dumpall")) { config->dumpall = atoi(value); } else if(!strcasecmp(key, "alert-mode")) { if(!strcasecmp(value, "once")) { config->alert_once = 1; } else if(!strcasecmp(value, "all")) { config->alert_once = 0; } else { FatalError("%s(%d) Bad option to %s => %s\n", file_name, file_line, key, value); } } else if(!strcasecmp(key, "output-mode")) { if(!strcasecmp(value, "msg")) { config->output_mode = VARIABLEMSG; } else if(!strcasecmp(value, "pktkludge")) { config->output_mode = PKTKLUDGE; } else { FatalError("%s(%d) Bad option to %s => %s\n", file_name, file_line, key, value); } } else { FatalError("%s(%d) Unknown Arguments: key(%s) value(%s)\n", fname, lineno, key, value); } }
// ----------------------------- void test_ipset() { int i,k; IPSET * ipset, * ipset6; IPSET * ipset_copyp, * ipset6_copyp; unsigned ipaddress, mask; unsigned short mask6[8]; unsigned short ipaddress6[8]; unsigned port_lo, port_hi; PORTSET portset; printf("IPSET testing\n"); ipset = ipset_new(IPV4_FAMILY); ipset6 = ipset_new(IPV6_FAMILY); srand( time(0) ); for(i=0;i<MAXIP;i++) { if( i % 2 ) { ipaddress = rand() * rand(); mask = 0xffffff00; port_lo = rand(); port_hi = rand() % 5 + port_lo; portset_init(&portset); portset_add(&portset, port_lo, port_hi); ipset_add( ipset, &ipaddress, &mask, &portset, 0, IPV4_FAMILY ); //class C cidr blocks if( !ipset_contains( ipset, &ipaddress, &port_lo, IPV4_FAMILY ) ) printf("error with ipset_contains\n"); } else { for(k=0;k<8;k++) ipaddress6[k] = (char) (rand() % (1<<16)); for(k=0;k<8;k++) mask6[k] = 0xffff; port_lo = rand(); port_hi = rand() % 5 + port_lo; portset_init(&portset); portset_add(&portset, port_lo, port_hi); ipset_add( ipset6, ipaddress6, mask6, &portset, 0, IPV6_FAMILY ); if( !ipset_contains( ipset6, &ipaddress6, &port_lo, IPV6_FAMILY ) ) printf("error with ipset6_contains\n"); } } ipset_copyp = ipset_copy( ipset ); ipset6_copyp = ipset_copy( ipset6 ); printf("-----IP SET-----\n"); ipset_print( ipset ); printf("\n"); printf("-----IP SET6-----\n"); ipset_print( ipset6 ); printf("\n"); printf("-----IP SET COPY -----\n"); ipset_print( ipset_copyp ); printf("\n"); printf("-----IP SET6 COPY -----\n"); ipset_print( ipset6_copyp ); printf("\n"); printf("IP set testing completed\n"); }