static void expire_dynamic_trigger(void *data) { banrecord_t *rec = data; struct in_addr sin; prefix_t *pfx; patricia_node_t *node; trigger_t *t = rec->trigger; run_triggers(ACTION_UNBAN, rec->trigger, &rec->pkt, rec); switch (t->type) { case TRIGGER_SRC: sin.s_addr = rec->pkt.pkt_src.s_addr; break; case TRIGGER_DST: default: sin.s_addr = rec->pkt.pkt_dst.s_addr; break; }; pfx = New_Prefix(AF_INET, &sin, 32); node = patricia_lookup(banrecord_trie, pfx); patricia_remove(banrecord_trie, node); Deref_Prefix(pfx); free(rec); }
Route *New_Route (u_char *dest, int bitlen, void *attr) { Route *tmp = New (Route); tmp->prefix = New_Prefix (AF_INET, dest, bitlen); tmp->attr = attr; return (tmp); }
void add_ipv4_entry(struct route_table *rt, struct route_entry_v4 *e) { patricia_node_t *node; uint32_t ip = htonl(e->ip); int bitlen = 32 - ntz(e->netmask); prefix_t *pref = New_Prefix(AF_INET, &ip, bitlen); node = patricia_lookup (rt->ipv4_table, pref); Deref_Prefix (pref); node->data = (void*) e; }
struct route_entry_v4 *ipv4_lookup(const struct route_table *rt, uint32_t ip) { ip = htonl(ip); prefix_t *pref = New_Prefix(AF_INET, &ip, 32); patricia_node_t *node = patricia_search_best(rt->ipv4_table, pref); Deref_Prefix (pref); if (node != NULL){ return (struct route_entry_v4*) node->data; } return NULL; }
static banrecord_t * ban_find(uint32_t ip) { prefix_t *pfx; patricia_node_t *node; struct in_addr sin; sin.s_addr = ip; pfx = New_Prefix(AF_INET, &sin, 32); node = patricia_search_exact(banrecord_trie, pfx); Deref_Prefix(pfx); return node != NULL ? node->data : NULL; }
static banrecord_t * trigger_ban(trigger_t *t, packet_info_t *packet, iprecord_t *irec) { banrecord_t *rec; prefix_t *pfx; patricia_node_t *node; struct in_addr sin; switch (t->type) { case TRIGGER_SRC: sin.s_addr = packet->pkt_src.s_addr; break; case TRIGGER_DST: default: sin.s_addr = packet->pkt_dst.s_addr; break; }; if (ban_find(sin.s_addr) != NULL) return NULL; rec = calloc(sizeof(banrecord_t), 1); rec->trigger = t; memcpy(&rec->irec, irec, sizeof(iprecord_t)); memcpy(&rec->pkt, packet, sizeof(packet_info_t)); rec->added = mowgli_eventloop_get_time(eventloop); rec->expiry_ts = rec->added + (t->expiry ? t->expiry : expiry); pfx = New_Prefix(AF_INET, &sin, 32); node = patricia_lookup(banrecord_trie, pfx); node->data = rec; Deref_Prefix(pfx); run_triggers(ACTION_BAN, t, packet, rec); rec->timer = mowgli_timer_add_once(eventloop, "expire_dynamic_trigger", expire_dynamic_trigger, rec, (t->expiry ? t->expiry : expiry)); return rec; }
/* ascii2prefix */ prefix_t * ascii2prefix (int family, char *string) { u_long bitlen, maxbitlen = 0; char *cp; struct in_addr sin; #ifdef HAVE_IPV6 struct in6_addr sin6; #endif /* HAVE_IPV6 */ int result; char save[MAXLINE]; if (string == NULL) return (NULL); /* easy way to handle both families */ if (family == 0) { family = AF_INET; #ifdef HAVE_IPV6 if (strchr (string, ':')) family = AF_INET6; #endif /* HAVE_IPV6 */ } if (family == AF_INET) { maxbitlen = 32; } #ifdef HAVE_IPV6 else if (family == AF_INET6) { maxbitlen = 128; } #endif /* HAVE_IPV6 */ if ((cp = strchr (string, '/')) != NULL) { bitlen = atol (cp + 1); /* *cp = '\0'; */ /* copy the string to save. Avoid destroying the string */ assert (cp - string < MAXLINE); memcpy (save, string, cp - string); save[cp - string] = '\0'; string = save; if (bitlen < 0 || bitlen > maxbitlen) bitlen = maxbitlen; } else { bitlen = maxbitlen; } if (family == AF_INET) { if ((result = my_inet_pton (AF_INET, string, &sin)) <= 0) return (NULL); return (New_Prefix (AF_INET, &sin, bitlen)); } #ifdef HAVE_IPV6 else if (family == AF_INET6) { // Get rid of this with next IPv6 upgrade #if defined(NT) && !defined(HAVE_INET_NTOP) inet6_addr(string, &sin6); return (New_Prefix (AF_INET6, &sin6, bitlen)); #else if ((result = inet_pton (AF_INET6, string, &sin6)) <= 0) return (NULL); #endif /* NT */ return (New_Prefix (AF_INET6, &sin6, bitlen)); } #endif /* HAVE_IPV6 */ else return (NULL); }