static void parse_timeline(char *document, struct session *session)
{
xmlDocPtr doc;
xmlNodePtr current;
doc = xmlReadMemory(document, strlen(document), "timeline.xml",
NULL, XML_PARSE_NOERROR);
if (doc == NULL)
return;
current = xmlDocGetRootElement(doc);
if (current == NULL) {
fprintf(stderr, "empty document\n");
xmlFreeDoc(doc);
return;
}
if (xmlStrcmp(current->name, (const xmlChar *) "statuses")) {
fprintf(stderr, "unexpected document type\n");
xmlFreeDoc(doc);
return;
}
current = current->xmlChildrenNode;
while (current != NULL) {
if ((!xmlStrcmp(current->name, (const xmlChar *)"status")))
parse_statuses(session, doc, current);
current = current->next;
}
xmlFreeDoc(doc);
return;
}
int parse_timeline(char *filename, statuses *tl){
xmlDocPtr doc;
int result = 0;
if(parse_xml_file(filename,&doc) == -1)
result = -1;
xmlNode *root_element = xmlDocGetRootElement(doc);
if(root_element->type==XML_ELEMENT_NODE
&& strcmp(root_element->name,"statuses")==0){
if(parse_statuses(&doc,root_element, tl) < 0)
result = -1;
}
else{
result = -1;
/*
parse_error(&doc,root_element);
*/
}
xmlFreeDoc(doc);
xmlCleanupParser();
return result;
}
/* Function which parses command options; returns true if it
ate an option */
static int
parse(int c, char **argv, int invert, unsigned int *flags,
const struct ipt_entry *entry,
unsigned int *nfcache,
struct ipt_entry_match **match)
{
struct ipt_conntrack_info *sinfo = (struct ipt_conntrack_info *)(*match)->data;
char *protocol = NULL;
unsigned int naddrs = 0;
struct in_addr *addrs = NULL;
switch (c) {
case '1':
check_inverse(optarg, &invert, &optind, 0);
parse_states(argv[optind-1], sinfo);
if (invert) {
sinfo->invflags |= IPT_CONNTRACK_STATE;
}
sinfo->flags |= IPT_CONNTRACK_STATE;
break;
case '2':
check_inverse(optarg, &invert, &optind, 0);
if(invert)
sinfo->invflags |= IPT_CONNTRACK_PROTO;
/* Canonicalize into lower case */
for (protocol = argv[optind-1]; *protocol; protocol++)
*protocol = tolower(*protocol);
protocol = argv[optind-1];
sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum = parse_protocol(protocol);
if (sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum == 0
&& (sinfo->invflags & IPT_INV_PROTO))
exit_error(PARAMETER_PROBLEM,
"rule would never match protocol");
sinfo->flags |= IPT_CONNTRACK_PROTO;
break;
case '3':
check_inverse(optarg, &invert, &optind, 9);
if (invert)
sinfo->invflags |= IPT_CONNTRACK_ORIGSRC;
parse_hostnetworkmask(argv[optind-1], &addrs,
&sinfo->sipmsk[IP_CT_DIR_ORIGINAL],
&naddrs);
if(naddrs > 1)
exit_error(PARAMETER_PROBLEM,
"multiple IP addresses not allowed");
if(naddrs == 1) {
sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip = addrs[0].s_addr;
}
sinfo->flags |= IPT_CONNTRACK_ORIGSRC;
break;
case '4':
check_inverse(optarg, &invert, &optind, 0);
if (invert)
sinfo->invflags |= IPT_CONNTRACK_ORIGDST;
parse_hostnetworkmask(argv[optind-1], &addrs,
&sinfo->dipmsk[IP_CT_DIR_ORIGINAL],
&naddrs);
if(naddrs > 1)
exit_error(PARAMETER_PROBLEM,
"multiple IP addresses not allowed");
if(naddrs == 1) {
sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip = addrs[0].s_addr;
}
sinfo->flags |= IPT_CONNTRACK_ORIGDST;
break;
case '5':
check_inverse(optarg, &invert, &optind, 0);
if (invert)
sinfo->invflags |= IPT_CONNTRACK_REPLSRC;
parse_hostnetworkmask(argv[optind-1], &addrs,
&sinfo->sipmsk[IP_CT_DIR_REPLY],
&naddrs);
if(naddrs > 1)
exit_error(PARAMETER_PROBLEM,
"multiple IP addresses not allowed");
if(naddrs == 1) {
sinfo->tuple[IP_CT_DIR_REPLY].src.ip = addrs[0].s_addr;
}
sinfo->flags |= IPT_CONNTRACK_REPLSRC;
break;
case '6':
check_inverse(optarg, &invert, &optind, 0);
if (invert)
sinfo->invflags |= IPT_CONNTRACK_REPLDST;
parse_hostnetworkmask(argv[optind-1], &addrs,
&sinfo->dipmsk[IP_CT_DIR_REPLY],
&naddrs);
if(naddrs > 1)
exit_error(PARAMETER_PROBLEM,
"multiple IP addresses not allowed");
if(naddrs == 1) {
sinfo->tuple[IP_CT_DIR_REPLY].dst.ip = addrs[0].s_addr;
}
sinfo->flags |= IPT_CONNTRACK_REPLDST;
break;
case '7':
check_inverse(optarg, &invert, &optind, 0);
parse_statuses(argv[optind-1], sinfo);
if (invert) {
sinfo->invflags |= IPT_CONNTRACK_STATUS;
}
sinfo->flags |= IPT_CONNTRACK_STATUS;
break;
case '8':
check_inverse(optarg, &invert, &optind, 0);
parse_expires(argv[optind-1], sinfo);
if (invert) {
sinfo->invflags |= IPT_CONNTRACK_EXPIRES;
}
sinfo->flags |= IPT_CONNTRACK_EXPIRES;
break;
default:
return 0;
}
*flags = sinfo->flags;
return 1;
}
static void conntrack_parse(struct xt_option_call *cb)
{
struct xt_conntrack_info *sinfo = cb->data;
xtables_option_parse(cb);
switch (cb->entry->id) {
case O_CTSTATE:
parse_states(cb->arg, sinfo);
if (cb->invert)
sinfo->invflags |= XT_CONNTRACK_STATE;
break;
case O_CTPROTO:
if (cb->invert)
sinfo->invflags |= XT_CONNTRACK_PROTO;
sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum = cb->val.protocol;
if (sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.protonum == 0
&& (sinfo->invflags & XT_INV_PROTO))
xtables_error(PARAMETER_PROBLEM,
"rule would never match protocol");
sinfo->flags |= XT_CONNTRACK_PROTO;
break;
case O_CTORIGSRC:
if (cb->invert)
sinfo->invflags |= XT_CONNTRACK_ORIGSRC;
sinfo->tuple[IP_CT_DIR_ORIGINAL].src.ip = cb->val.haddr.ip;
sinfo->flags |= XT_CONNTRACK_ORIGSRC;
break;
case O_CTORIGDST:
if (cb->invert)
sinfo->invflags |= XT_CONNTRACK_ORIGDST;
sinfo->tuple[IP_CT_DIR_ORIGINAL].dst.ip = cb->val.haddr.ip;
sinfo->flags |= XT_CONNTRACK_ORIGDST;
break;
case O_CTREPLSRC:
if (cb->invert)
sinfo->invflags |= XT_CONNTRACK_REPLSRC;
sinfo->tuple[IP_CT_DIR_REPLY].src.ip = cb->val.haddr.ip;
sinfo->flags |= XT_CONNTRACK_REPLSRC;
break;
case O_CTREPLDST:
if (cb->invert)
sinfo->invflags |= XT_CONNTRACK_REPLDST;
sinfo->tuple[IP_CT_DIR_REPLY].dst.ip = cb->val.haddr.ip;
sinfo->flags |= XT_CONNTRACK_REPLDST;
break;
case O_CTSTATUS:
parse_statuses(cb->arg, sinfo);
if (cb->invert)
sinfo->invflags |= XT_CONNTRACK_STATUS;
sinfo->flags |= XT_CONNTRACK_STATUS;
break;
case O_CTEXPIRE:
sinfo->expires_min = cb->val.u32_range[0];
sinfo->expires_max = cb->val.u32_range[0];
if (cb->nvals >= 2)
sinfo->expires_max = cb->val.u32_range[1];
if (cb->invert)
sinfo->invflags |= XT_CONNTRACK_EXPIRES;
sinfo->flags |= XT_CONNTRACK_EXPIRES;
break;
}
}
