/*
Port string can be:
25
25 26
25-28
25 28-29
25,26 27 30-35
portset is a list of port ranges. A port range can be a single port (25-25).
*/
static int port_parse(char *portstr, PORTSET *portset)
{
unsigned port_lo = 0, port_hi = 0;
char *p;
char *pc;
char *phi;
p = portstr;
/* Get first range in list */
pc = strstr(portstr, " ");
if ( !pc )
pc = strstr(portstr, "\t");
if ( pc )
*pc = '\0';
while ( p && *p )
{
while ( isspace(*p) )
p++;
if ( *p == 0 )
break;
/* Get high port */
phi = strstr(p, "-");
if ( phi )
{
*phi++ = '\0';
port_lo = atoi(p);
port_hi = atoi(phi);
}
else
{
port_hi = port_lo = atoi(p);
}
portset_add(portset, port_lo, port_hi);
if ( !pc )
{
p = NULL;
}
else
{
p = pc + 1;
pc = strstr(p, " ");
if ( !pc )
pc = strstr(p, "\t");
}
}
return 0;
}
static int ip4_parse(char *ipstr, int network_order, int *not_flag, unsigned *host,
unsigned *mask, PORTSET *portset)
{
char *saved, *s_copy, *maskptr, *endp, *portptr = NULL, *addrend;
struct in_addr addrstuff;
if(!ipstr || !not_flag || !host || !mask)
return -1;
if(*ipstr == '\0')
return -3;
saved = s_copy = strdup(ipstr);
if(!s_copy)
{
return -2;
}
else
{
while(isspace((int)*s_copy))
s_copy++;
if(*s_copy == '\0')
{
free(saved);
return -3;
}
if(*s_copy == '!')
{
*not_flag = 1;
s_copy++;
if(*s_copy == '\0')
{
free(saved);
return -3;
}
}
else
{
*not_flag = 0;
}
endp = strstr(s_copy, "]");
if (endp)
{
/* Removing trailing ']' */
*endp = 0;
}
endp = strstr(s_copy, ",");
if (endp)
{
/* Removing trailing ',' */
*endp = 0;
}
maskptr = strstr(s_copy, "/");
portptr = strstr(s_copy, ":");
if(!maskptr)
{
/* assume this is a host */
*mask = 0xFFFFFFFF;
}
else
{
*maskptr = '\0';
maskptr++;
}
if(!portptr)
{
/* no port */
}
else
{
*portptr = '\0';
portptr++;
}
/* this will just be the address part as *maskptr and *portptr == '\0'
* we shouldn't find anything after moving past trailing whitespace
*/
addrend = strpbrk(s_copy, " \t");
if (addrend != NULL)
{
while (isspace((int)(*addrend)))
addrend++;
if (*addrend != '\0')
{
free(saved);
return -1;
}
}
if(strncmp(s_copy, "0", 1) == 0 || strncmp(s_copy, "0.0.0.0", 7) == 0)
{
*host = 0;
}
else if((addrstuff.s_addr = inet_addr(s_copy)) == -1)
{
if(!strncmp(s_copy, "255.255.255.255", 15))
{
addrstuff.s_addr = INADDR_BROADCAST;
}
else
{
/* invalid ip address! */
free(saved);
return -3;
}
}
else
{
*host = ntohl(addrstuff.s_addr);
}
if(maskptr)
{
char *maskend;
while (isspace((int)(*maskptr)))
maskptr++;
if(*maskptr == '\0')
{
/* Nothing beyond the / -- no bits in CIDR */
free(saved);
return -3;
}
/* make sure if there are spaces at the end that we don't find
* any more stuff, like another address that wasn't separated
* with a comma
*/
maskend = strpbrk(maskptr, " \t");
if (maskend != NULL)
{
while (isspace((int)(*maskend)))
maskend++;
if (*maskend != '\0')
{
free(saved);
return -1;
}
}
if(strstr(maskptr, "."))
{
if(strncmp(maskptr, "0", 1) == 0 || strncmp(maskptr, "0.0.0.0", 7) == 0)
{
*mask = 0;
}
else if((addrstuff.s_addr = inet_addr(maskptr)) == -1)
{
if(strncmp(maskptr, "255.255.255.255", 15) == 0)
{
addrstuff.s_addr = INADDR_BROADCAST;
}
else
{
/* invalid ip address! */
free(saved);
return -3;
}
}
else
{
*mask = ntohl(addrstuff.s_addr);
}
}
else
{
int blocksize = atoi(maskptr);
int i;
if(blocksize == 0)
{
*mask = 0;
}
else if(blocksize < 1 || blocksize > 32)
{
free(saved);
return -4;
}
else
{
*mask = 0;
for(i=0;i<blocksize;i++)
{
(*mask) |= (1 << 31) >> i;
}
}
}
}
if(portptr)
{
while (isspace((int)(*portptr)))
portptr++;
if (*portptr == '\0')
{
free(saved);
return -5;
}
if (port_parse(portptr, portset) != 0)
{
free(saved);
return -6;
}
}
else
{
/* Make sure we have at least one port range in list, but an invalid port range */
portset_add(portset, 0, 0);
}
}
/* convert the arguments by default */
if(network_order)
{
*mask = htonl(*mask);
*host = htonl(*host);
}
free(saved);
return 0;
}
/*
Port string can be:
25
25 26
25-28
25 28-29
25,26 27 30-35
portset is a list of port ranges. A port range can be a single port (25-25).
*/
static int port_parse(char *portstr, PORTSET *portset)
{
unsigned port_lo = 0, port_hi = 0;
char *port1;
char *port_begin;
char *port_end;
char *port2;
char *portset_end;
port_begin = portstr;
portset_end = port_begin + strlen(port_begin);
while (isspace((int)(*port_begin)))
port_begin++;
port_end = strpbrk(port_begin, " \t");
if (port_end == NULL)
port_end = portset_end;
else
*port_end = '\0';
while (port_begin != portset_end)
{
port1 = port_begin;
port2 = strstr(port_begin, "-");
if (port2)
{
unsigned int i;
*port2 = '\0';
port2++;
if (*port1 == '\0' || *port2 == '\0')
return -1;
for (i = 0; i < strlen(port1); i++)
{
if (!isdigit((int)port1[i]))
return -2;
}
for (i = 0; i < strlen(port2); i++)
{
if (!isdigit((int)port2[i]))
return -2;
}
port_lo = atoi(port1);
port_hi = atoi(port2);
}
else
{
unsigned int i;
if (*port1 == '\0')
return -1;
for (i = 0; i < strlen(port1); i++)
{
if (!isdigit((int)port1[i]))
return -2;
}
port_hi = port_lo = atoi(port1);
}
/* check to see if port is out of range */
if ( port_hi > 65535 || port_lo > 65535)
return -3;
/* swap ports if necessary */
if (port_hi < port_lo)
{
unsigned tmp;
tmp = port_hi;
port_hi = port_lo;
port_lo = tmp;
}
portset_add(portset, port_lo, port_hi);
/* Move to next port/port range */
port_begin = port_end;
if (port_begin != portset_end)
port_begin++;
while (isspace((int)(*port_begin)))
port_begin++;
port_end = strpbrk(port_begin, " \t");
if (port_end == NULL)
port_end = portset_end;
else
*port_end = '\0';
}
return 0;
}
// -----------------------------
void test_ipset()
{
int i,k;
IPSET * ipset, * ipset6;
IPSET * ipset_copyp, * ipset6_copyp;
unsigned ipaddress, mask;
unsigned short mask6[8];
unsigned short ipaddress6[8];
unsigned port_lo, port_hi;
PORTSET portset;
printf("IPSET testing\n");
ipset = ipset_new(IPV4_FAMILY);
ipset6 = ipset_new(IPV6_FAMILY);
srand( time(0) );
for(i=0;i<MAXIP;i++)
{
if( i % 2 )
{
ipaddress = rand() * rand();
mask = 0xffffff00;
port_lo = rand();
port_hi = rand() % 5 + port_lo;
portset_init(&portset);
portset_add(&portset, port_lo, port_hi);
ipset_add( ipset, &ipaddress, &mask, &portset, 0, IPV4_FAMILY ); //class C cidr blocks
if( !ipset_contains( ipset, &ipaddress, &port_lo, IPV4_FAMILY ) )
printf("error with ipset_contains\n");
}
else
{
for(k=0;k<8;k++) ipaddress6[k] = (char) (rand() % (1<<16));
for(k=0;k<8;k++) mask6[k] = 0xffff;
port_lo = rand();
port_hi = rand() % 5 + port_lo;
portset_init(&portset);
portset_add(&portset, port_lo, port_hi);
ipset_add( ipset6, ipaddress6, mask6, &portset, 0, IPV6_FAMILY );
if( !ipset_contains( ipset6, &ipaddress6, &port_lo, IPV6_FAMILY ) )
printf("error with ipset6_contains\n");
}
}
ipset_copyp = ipset_copy( ipset );
ipset6_copyp = ipset_copy( ipset6 );
printf("-----IP SET-----\n");
ipset_print( ipset );
printf("\n");
printf("-----IP SET6-----\n");
ipset_print( ipset6 );
printf("\n");
printf("-----IP SET COPY -----\n");
ipset_print( ipset_copyp );
printf("\n");
printf("-----IP SET6 COPY -----\n");
ipset_print( ipset6_copyp );
printf("\n");
printf("IP set testing completed\n");
}
static int ip4_parse(char *ipstr, int network_order, int *not_flag, unsigned *host,
unsigned *mask, PORTSET *portset)
{
char *saved, *s_copy, *maskptr, *endp, *portptr = NULL;
struct in_addr addrstuff;
if(!ipstr || !not_flag || !host || !mask)
return -1;
if(*ipstr == '\0')
return -3;
saved = s_copy = strdup(ipstr);
if(!s_copy)
{
return -2;
}
else
{
while(isspace((int)*s_copy))
s_copy++;
if(*s_copy == '\0')
{
free(saved);
return -3;
}
if(*s_copy == '!')
{
*not_flag = 1;
s_copy++;
if(*s_copy == '\0')
{
free(saved);
return -3;
}
}
else
{
*not_flag = 0;
}
if( (endp = strstr(s_copy, "]")) )
{
/* Removing trailing ']' */
*endp = 0;
}
if( (endp = strstr(s_copy, ",")) )
{
/* Removing trailing ',' */
*endp = 0;
}
portptr = strstr(s_copy, ":");
maskptr = strstr(s_copy, "/");
if(!maskptr)
{
/* assume this is a host */
*mask = 0xFFFFFFFF;
}
else
{
*maskptr = '\0';
maskptr++;
}
if(!portptr)
{
/* no port */
}
else
{
*portptr = '\0';
portptr++;
}
if(!strncmp(s_copy, "0", 1) || !strncmp(s_copy, "0.0.0.0", 7))
{
*host = 0;
}
else if((addrstuff.s_addr = inet_addr(s_copy)) == -1)
{
if(!strncmp(s_copy, "255.255.255.255", 15))
{
addrstuff.s_addr = INADDR_BROADCAST;
}
else
{
/* invalid ip address! */
free(saved);
return -3;
}
}
else
{
*host = ntohl(addrstuff.s_addr);
}
if(maskptr)
{
if(*maskptr == '\0')
{
/* Nothing beyond the / -- no bits in CIDR */
free(saved);
return -3;
}
if(strstr(maskptr, "."))
{
if(!strncmp(maskptr, "0", 1) || !strncmp(maskptr, "0.0.0.0", 7))
{
*mask = 0;
}
else if((addrstuff.s_addr = inet_addr(maskptr)) == -1)
{
if(!strncmp(maskptr, "255.255.255.255", 15))
{
addrstuff.s_addr = INADDR_BROADCAST;
}
else
{
/* invalid ip address! */
free(saved);
return -3;
}
}
else
{
memcpy(mask, &addrstuff.s_addr, sizeof(unsigned));
}
}
else
{
int blocksize = atoi(maskptr);
int i;
if(blocksize == 0)
{
*mask = 0;
}
else if(blocksize < 1 || blocksize > 32)
{
free(saved);
return -4;
}
else
{
*mask = 0;
for(i=0;i<blocksize;i++)
{
(*mask) |= (1 << 31) >> i;
}
}
}
}
if(portptr)
{
port_parse(portptr, portset);
}
else
{
/* Make sure we have at least one port range in list, but an invalid port range */
portset_add(portset, 0, 0);
}
}
/* convert the arguments by default */
if(network_order)
{
*mask = htonl(*mask);
*host = htonl(*host);
}
free(saved);
return 0;
}
static int ip_parse(char *ipstr, sfip_t *ip, char *not_flag, PORTSET *portset, char **endIP)
{
char *port_str;
char *comma;
char *end_bracket;
if (*ipstr == '!')
{
ipstr++;
*not_flag = 1;
}
else
{
*not_flag = 0;
}
comma = strchr(ipstr, ',');
end_bracket = strrchr(ipstr, ']');
if (comma)
{
*comma = '\0';
}
else if (end_bracket)
{
*end_bracket = '\0';
}
if (sfip_pton(ipstr, ip) != SFIP_SUCCESS)
return -1;
/* Just to get the IP string out of the way */
port_str = strtok(ipstr, " \t");
/* Is either the port after the 1st space, or NULL */
port_str = strtok(NULL, " \t");
while (port_str)
{
if (!comma)
{
comma = strchr(port_str, ',');
if (comma)
*comma = '\0';
}
if (!end_bracket)
{
end_bracket = strrchr(port_str, ']');
if (end_bracket)
*end_bracket = '\0';
}
port_parse(port_str, portset);
port_str = strtok(NULL, " \t");
}
if (portset->port_list.count == 0)
{
/* Make sure we have at least one port range in list, but
* an invalid port range to convey all is good. */
portset_add(portset, 0, 0);
}
if (comma)
{
*endIP = comma;
*comma = ',';
}
else if (end_bracket)
{
*end_bracket = ']';
*endIP = end_bracket;
}
else
{
/* Didn't see the comma or end bracket, so set endIP now */
*endIP = port_str;
}
return 0;
}
static int port_parse(char *portstr, PORTSET *portset)
{
unsigned port_lo = 0, port_hi = 0;
char *port1;
char *port_begin;
char *port_end;
char *port2 = '\0';
port_begin = strdup(portstr);
port1 = port_begin;
port2 = strstr(port_begin, "-");
{
if (*port1 == '\0')
{
free(port_begin);
return -1;
}
if (port2)
{
*port2 = '\0';
port2++;
}
port_lo = strtoul(port1, &port_end, 10);
if (port_end == port1)
{
free(port_begin);
return -2;
}
if (port2)
{
port_hi = strtoul(port2, &port_end, 10);
if (port_end == port2)
{
free(port_begin);
return -3;
}
}
else
{
port_hi = port_lo;
}
/* check to see if port is out of range */
if ( port_hi > MAXPORTS-1 || port_lo > MAXPORTS-1)
{
free(port_begin);
return -4;
}
/* swap ports if necessary */
if (port_hi < port_lo)
{
unsigned tmp;
tmp = port_hi;
port_hi = port_lo;
port_lo = tmp;
}
portset_add(portset, port_lo, port_hi);
}
free(port_begin);
return 0;
}