int
comp_with_mask_sock(struct sockaddr *addr, struct sockaddr *dest, unsigned int mask)
{
void *iaddr = NULL;
void *idest = NULL;
switch(addr->sa_family)
{
case AF_INET:
{
iaddr = &((struct sockaddr_in *)(void *)addr)->sin_addr;
idest = &((struct sockaddr_in *)(void *)dest)->sin_addr;
break;
}
#ifdef RB_IPV6
case AF_INET6:
{
iaddr = &((struct sockaddr_in6 *)(void *)addr)->sin6_addr;
idest = &((struct sockaddr_in6 *)(void *)dest)->sin6_addr;
break;
}
#endif
default:
return 0; /* don't know how this would happen */
}
return (comp_with_mask(iaddr, idest, mask));
}
int
match_cidr(const char *s1, const char *s2)
{
struct rb_sockaddr_storage ipaddr, maskaddr;
char mask[BUFSIZE];
char address[NICKLEN + USERLEN + HOSTLEN + 6];
char *ipmask;
char *ip;
char *len;
void *ipptr, *maskptr;
int cidrlen, aftype;
strcpy(mask, s1);
strcpy(address, s2);
ipmask = strrchr(mask, '@');
if(ipmask == NULL)
return 0;
*ipmask++ = '\0';
ip = strrchr(address, '@');
if(ip == NULL)
return 0;
*ip++ = '\0';
len = strrchr(ipmask, '/');
if(len == NULL)
return 0;
*len++ = '\0';
cidrlen = atoi(len);
if(cidrlen == 0)
return 0;
if(strchr(ip, ':') && strchr(ipmask, ':'))
{
aftype = AF_INET6;
ipptr = &((struct sockaddr_in6 *) &ipaddr)->sin6_addr;
maskptr = &((struct sockaddr_in6 *) &maskaddr)->sin6_addr;
}
else if(!strchr(ip, ':') && !strchr(ipmask, ':'))
{
aftype = AF_INET;
ipptr = &((struct sockaddr_in *) &ipaddr)->sin_addr;
maskptr = &((struct sockaddr_in *) &maskaddr)->sin_addr;
}
else
return 0;
rb_inet_pton(aftype, ip, ipptr);
rb_inet_pton(aftype, ipmask, maskptr);
if(comp_with_mask(ipptr, maskptr, cidrlen) && match(mask, address))
return 1;
else
return 0;
}
static int
nullable_validator_any(packet_info_t *packet, iprecord_t *irec, nullable_t *e)
{
char srcaddr[IN6ADDRSZ], dstaddr[IN6ADDRSZ], ip[IN6ADDRSZ];
memcpy(srcaddr, &packet->pkt_src, INADDRSZ);
memcpy(dstaddr, &packet->pkt_dst, INADDRSZ);
memcpy(ip, &e->ip, INADDRSZ);
if (comp_with_mask(srcaddr, ip, e->cidrlen))
return 1;
if (comp_with_mask(dstaddr, ip, e->cidrlen))
return 1;
return 0;
}
static int
threshold_validator_dst(packet_info_t *packet, iprecord_t *irec, threshold_t *e)
{
char dstaddr[IN6ADDRSZ], ip[IN6ADDRSZ];
memcpy(dstaddr, &packet->pkt_dst, INADDRSZ);
memcpy(ip, &e->ip, INADDRSZ);
return comp_with_mask(dstaddr, ip, e->cidrlen);
}
static int
threshold_validator_any(packet_info_t *packet, iprecord_t *irec, threshold_t *e)
{
char srcaddr[IN6ADDRSZ], dstaddr[IN6ADDRSZ], ip[IN6ADDRSZ], temp[IN6ADDRSZ];
memcpy(srcaddr, &packet->pkt_src, INADDRSZ);
memcpy(dstaddr, &packet->pkt_dst, INADDRSZ);
memcpy(ip, &e->ip, INADDRSZ);
inet_ntop(AF_INET, &e->ip, temp, IN6ADDRSZ);
DPRINTF("thres: looking up %s/%d\n", temp, e->cidrlen);
if (comp_with_mask(srcaddr, ip, e->cidrlen))
return 1;
if (comp_with_mask(dstaddr, ip, e->cidrlen))
return 1;
return 0;
}
static int
exempt_validator_src(packet_info_t *packet, iprecord_t *irec, exempt_t *e)
{
char srcaddr[IN6ADDRSZ], ip[IN6ADDRSZ];
memcpy(srcaddr, &packet->pkt_src, INADDRSZ);
memcpy(ip, &e->ip, INADDRSZ);
return comp_with_mask(srcaddr, ip, e->cidrlen);
}
/*
* match_ips()
*
* Input - cidr ip mask, address
*/
int
match_ips(const char *s1, const char *s2)
{
struct rb_sockaddr_storage ipaddr, maskaddr;
char mask[IRCD_BUFSIZE];
char address[HOSTLEN + 1];
char *len;
void *ipptr, *maskptr;
int cidrlen, aftype;
rb_strlcpy(mask, s1, sizeof(mask));
rb_strlcpy(address, s2, sizeof(address));
len = strrchr(mask, '/');
if(len == NULL)
return 0;
*len++ = '\0';
cidrlen = atoi(len);
if(cidrlen <= 0)
return 0;
#ifdef RB_IPV6
if(strchr(mask, ':') && strchr(address, ':'))
{
if(cidrlen > 128)
return 0;
aftype = AF_INET6;
ipptr = &((struct sockaddr_in6 *)&ipaddr)->sin6_addr;
maskptr = &((struct sockaddr_in6 *)&maskaddr)->sin6_addr;
}
else
#endif
if(!strchr(mask, ':') && !strchr(address, ':'))
{
if(cidrlen > 32)
return 0;
aftype = AF_INET;
ipptr = &((struct sockaddr_in *)&ipaddr)->sin_addr;
maskptr = &((struct sockaddr_in *)&maskaddr)->sin_addr;
}
else
return 0;
if(rb_inet_pton(aftype, address, ipptr) <= 0)
return 0;
if(rb_inet_pton(aftype, mask, maskptr) <= 0)
return 0;
if(comp_with_mask(ipptr, maskptr, cidrlen))
return 1;
else
return 0;
}
int
match_cidr(const char *s1, const char *s2)
{
struct irc_inaddr ipaddr, maskaddr;
char mask[BUFSIZE];
char address[NICKLEN + USERLEN + HOSTLEN + 6];
char *ipmask;
char *ip;
char *len;
int cidrlen, aftype;
strcpy(mask, s1);
strcpy(address, s2);
ipmask = strrchr(mask, '@');
if(ipmask == NULL)
return 0;
*ipmask++ = '\0';
ip = strrchr(address, '@');
if(ip == NULL)
return 0;
*ip++ = '\0';
len = strrchr(ipmask, '/');
if(len == NULL)
return 0;
*len++ = '\0';
cidrlen = atoi(len);
if(cidrlen == 0)
return 0;
#ifdef IPV6
if(strchr(ip, ':') && strchr(ipmask, ':'))
aftype = AF_INET6;
else
#endif
if(!strchr(ip, ':') && !strchr(ipmask, ':'))
aftype = AF_INET;
else
return 0;
inetpton(aftype, ip, &ipaddr);
inetpton(aftype, ipmask, &maskaddr);
if(comp_with_mask(&IN_ADDR(ipaddr), &IN_ADDR(maskaddr), cidrlen) && match(mask, address))
return 1;
else
return 0;
}
int
comp_with_mask_sock(struct sockaddr *addr, struct sockaddr *dest, unsigned int mask)
{
void *iaddr = NULL;
void *idest = NULL;
if(addr->sa_family == AF_INET)
{
iaddr = &((struct sockaddr_in *) addr)->sin_addr;
idest = &((struct sockaddr_in *) dest)->sin_addr;
}
else
{
iaddr = &((struct sockaddr_in6 *) addr)->sin6_addr;
idest = &((struct sockaddr_in6 *) dest)->sin6_addr;
}
return (comp_with_mask(iaddr, idest, mask));
}
int comp_with_mask_sock(struct sockaddr *addr, struct sockaddr *dest, u_int mask)
{
void *iaddr = NULL;
void *idest = NULL;
if (addr->sa_family == AF_INET)
{
iaddr = &((struct sockaddr_in *)(void *)addr)->sin_addr;
idest = &((struct sockaddr_in *)(void *)dest)->sin_addr;
}
#ifdef RB_IPV6
else
{
iaddr = &((struct sockaddr_in6 *)(void *)addr)->sin6_addr;
idest = &((struct sockaddr_in6 *)(void *)dest)->sin6_addr;
}
#endif
return (comp_with_mask(iaddr, idest, mask));
}
/* match_cidr()
*
* Input - mask, address
* Ouput - 1 = Matched 0 = Did not match
*/
int
match_cidr(const char *s1, const char *s2)
{
struct irc_ssaddr ipaddr, maskaddr;
char address[NICKLEN + USERLEN + HOSTLEN + 6];
char mask[NICKLEN + USERLEN + HOSTLEN + 6];
char *ipmask, *ip, *len;
int cidrlen, aftype;
struct addrinfo hints, *res;
/* Unlikely to ever overflow, but we may as well be consistant - stu */
strlcpy(mask, s1, sizeof(mask));
strlcpy(address, s2, sizeof(address));
ipmask = strrchr(mask, '@');
if (ipmask == NULL)
return(0);
*ipmask++ = '\0';
ip = strrchr(address, '@');
if (ip == NULL)
return(0);
*ip++ = '\0';
len = strrchr(ipmask, '/');
if (len == NULL)
return(0);
*len++ = '\0';
cidrlen = atoi(len);
if (cidrlen == 0)
return(0);
#ifdef IPV6
if (strchr(ip, ':') && strchr(ipmask, ':'))
aftype = AF_INET6;
else
#endif
if (!strchr(ip, ':') && !strchr(ipmask, ':'))
aftype = AF_INET;
else
return(0);
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_flags = AI_NUMERICHOST;
irc_getaddrinfo(ip, NULL, &hints, &res);
if (res)
{
memcpy(&ipaddr, res->ai_addr, res->ai_addrlen);
ipaddr.ss_len = res->ai_addrlen;
ipaddr.ss.ss_family = res->ai_family;
irc_freeaddrinfo(res);
}
irc_getaddrinfo(ipmask, NULL, &hints, &res);
if (res)
{
memcpy(&maskaddr, res->ai_addr, res->ai_addrlen);
maskaddr.ss_len = res->ai_addrlen;
maskaddr.ss.ss_family = res->ai_family;
irc_freeaddrinfo(res);
}
if (comp_with_mask(&ipaddr, &maskaddr, cidrlen) && match(mask, address))
return(1);
else
return(0);
}
