static void
expire_dynamic_trigger(void *data)
{
banrecord_t *rec = data;
struct in_addr sin;
prefix_t *pfx;
patricia_node_t *node;
trigger_t *t = rec->trigger;
run_triggers(ACTION_UNBAN, rec->trigger, &rec->pkt, rec);
switch (t->type) {
case TRIGGER_SRC:
sin.s_addr = rec->pkt.pkt_src.s_addr;
break;
case TRIGGER_DST:
default:
sin.s_addr = rec->pkt.pkt_dst.s_addr;
break;
};
pfx = New_Prefix(AF_INET, &sin, 32);
node = patricia_lookup(banrecord_trie, pfx);
patricia_remove(banrecord_trie, node);
Deref_Prefix(pfx);
free(rec);
}
Route *New_Route (u_char *dest, int bitlen, void *attr)
{
Route *tmp = New (Route);
tmp->prefix = New_Prefix (AF_INET, dest, bitlen);
tmp->attr = attr;
return (tmp);
}
void
add_ipv4_entry(struct route_table *rt, struct route_entry_v4 *e)
{
patricia_node_t *node;
uint32_t ip = htonl(e->ip);
int bitlen = 32 - ntz(e->netmask);
prefix_t *pref = New_Prefix(AF_INET, &ip, bitlen);
node = patricia_lookup (rt->ipv4_table, pref);
Deref_Prefix (pref);
node->data = (void*) e;
}
struct route_entry_v4
*ipv4_lookup(const struct route_table *rt, uint32_t ip)
{
ip = htonl(ip);
prefix_t *pref = New_Prefix(AF_INET, &ip, 32);
patricia_node_t *node = patricia_search_best(rt->ipv4_table, pref);
Deref_Prefix (pref);
if (node != NULL){
return (struct route_entry_v4*) node->data;
}
return NULL;
}
static banrecord_t *
ban_find(uint32_t ip)
{
prefix_t *pfx;
patricia_node_t *node;
struct in_addr sin;
sin.s_addr = ip;
pfx = New_Prefix(AF_INET, &sin, 32);
node = patricia_search_exact(banrecord_trie, pfx);
Deref_Prefix(pfx);
return node != NULL ? node->data : NULL;
}
static banrecord_t *
trigger_ban(trigger_t *t, packet_info_t *packet, iprecord_t *irec)
{
banrecord_t *rec;
prefix_t *pfx;
patricia_node_t *node;
struct in_addr sin;
switch (t->type) {
case TRIGGER_SRC:
sin.s_addr = packet->pkt_src.s_addr;
break;
case TRIGGER_DST:
default:
sin.s_addr = packet->pkt_dst.s_addr;
break;
};
if (ban_find(sin.s_addr) != NULL)
return NULL;
rec = calloc(sizeof(banrecord_t), 1);
rec->trigger = t;
memcpy(&rec->irec, irec, sizeof(iprecord_t));
memcpy(&rec->pkt, packet, sizeof(packet_info_t));
rec->added = mowgli_eventloop_get_time(eventloop);
rec->expiry_ts = rec->added + (t->expiry ? t->expiry : expiry);
pfx = New_Prefix(AF_INET, &sin, 32);
node = patricia_lookup(banrecord_trie, pfx);
node->data = rec;
Deref_Prefix(pfx);
run_triggers(ACTION_BAN, t, packet, rec);
rec->timer = mowgli_timer_add_once(eventloop, "expire_dynamic_trigger", expire_dynamic_trigger, rec, (t->expiry ? t->expiry : expiry));
return rec;
}
/* ascii2prefix
*/
prefix_t *
ascii2prefix (int family, char *string)
{
u_long bitlen, maxbitlen = 0;
char *cp;
struct in_addr sin;
#ifdef HAVE_IPV6
struct in6_addr sin6;
#endif /* HAVE_IPV6 */
int result;
char save[MAXLINE];
if (string == NULL)
return (NULL);
/* easy way to handle both families */
if (family == 0) {
family = AF_INET;
#ifdef HAVE_IPV6
if (strchr (string, ':')) family = AF_INET6;
#endif /* HAVE_IPV6 */
}
if (family == AF_INET) {
maxbitlen = 32;
}
#ifdef HAVE_IPV6
else if (family == AF_INET6) {
maxbitlen = 128;
}
#endif /* HAVE_IPV6 */
if ((cp = strchr (string, '/')) != NULL) {
bitlen = atol (cp + 1);
/* *cp = '\0'; */
/* copy the string to save. Avoid destroying the string */
assert (cp - string < MAXLINE);
memcpy (save, string, cp - string);
save[cp - string] = '\0';
string = save;
if (bitlen < 0 || bitlen > maxbitlen)
bitlen = maxbitlen;
}
else {
bitlen = maxbitlen;
}
if (family == AF_INET) {
if ((result = my_inet_pton (AF_INET, string, &sin)) <= 0)
return (NULL);
return (New_Prefix (AF_INET, &sin, bitlen));
}
#ifdef HAVE_IPV6
else if (family == AF_INET6) {
// Get rid of this with next IPv6 upgrade
#if defined(NT) && !defined(HAVE_INET_NTOP)
inet6_addr(string, &sin6);
return (New_Prefix (AF_INET6, &sin6, bitlen));
#else
if ((result = inet_pton (AF_INET6, string, &sin6)) <= 0)
return (NULL);
#endif /* NT */
return (New_Prefix (AF_INET6, &sin6, bitlen));
}
#endif /* HAVE_IPV6 */
else
return (NULL);
}
