int link_level (unsigned ip, int color) {
if (color == 0) {
return 32;
}
if (color == 1) {
int i;
int l = 0;
for (i = 0; i < rules_num; i++) if (network[i].type == 1) {
struct netrule *A = &network[i];
if (check_rule (A, ip) && A->level1 > l) {
l = A->level1;
}
}
return l;
}
if (color == 2) {
int i;
int l = 0;
for (i = 0; i < rules_num; i++) if (network[i].type == 2) {
struct netrule *A = &network[i];
if (check_rule (A, ip) && A->level2 > l) {
l = A->level2;
}
}
return l;
}
return 0;
}
int check_common_rule (struct netrule *A, unsigned ip1, unsigned ip2) {
assert (A->type);
if (A->type == 1) {
return check_rule (A, ip1) && check_rule (A, ip2);
} else {
return 2 * (check_rule (A, ip1) && check_rule (A, ip2) && ((ip1 & ~(A->mask2)) == (ip2 & ~(A->mask2))));
}
}
void context::flush_add_rules() {
datalog::rule_manager& rm = get_rule_manager();
scoped_proof_mode _scp(m, generate_proof_trace()?PGM_FINE:PGM_DISABLED);
while (m_rule_fmls_head < m_rule_fmls.size()) {
expr* fml = m_rule_fmls[m_rule_fmls_head].get();
proof* p = generate_proof_trace()?m.mk_asserted(fml):0;
rm.mk_rule(fml, p, m_rule_set, m_rule_names[m_rule_fmls_head]);
++m_rule_fmls_head;
}
rule_set::iterator it = m_rule_set.begin(), end = m_rule_set.end();
rule_ref r(m_rule_manager);
for (; it != end; ++it) {
r = *it;
check_rule(r);
}
}
int dp_can_connect_str(str *domain, int rec_level) {
struct rdata* head;
struct rdata* l;
struct naptr_rdata* naptr;
struct naptr_rdata* next_naptr;
int ret;
str newdomain;
char uri[MAX_URI_SIZE];
struct avp_stack stack;
int last_order = -1;
int failed = 0;
int found_anything = 0;
str pattern, replacement, result;
stack_reset(&stack);
/* If we're in a recursive call, set the domain-replacement */
if ( rec_level > 0 ) {
stack_push(&stack, domain_replacement_name.s.s, domain->s);
stack.succeeded = 0;
}
if (rec_level > MAX_DDDS_RECURSIONS) {
LM_ERR("too many indirect NAPTRs. Aborting at %.*s.\n", domain->len,
ZSW(domain->s));
return(DP_DDDS_RET_DNSERROR);
}
LM_INFO("looking up Domain itself: %.*s\n",domain->len, ZSW(domain->s));
ret = check_rule(domain,"D2P+sip:dom", 11, &stack);
if (ret == 1) {
LM_INFO("found a match on domain itself\n");
stack_to_avp(&stack);
return(DP_DDDS_RET_POSITIVE);
} else if (ret == 0) {
LM_INFO("no match on domain itself.\n");
stack_reset(&stack);
/* If we're in a recursive call, set the domain-replacement */
if ( rec_level > 0 ) {
stack_push(&stack, domain_replacement_name.s.s, (char *) domain->s);
stack.succeeded = 0;
}
} else {
return(DP_DDDS_RET_DNSERROR); /* actually: DB error */
}
LM_INFO("doing DDDS with %.*s\n",domain->len, ZSW(domain->s));
head = get_record(domain->s, T_NAPTR, RES_ONLY_TYPE);
if (head == 0) {
LM_NOTICE("no NAPTR record found for %.*s.\n",
domain->len, ZSW(domain->s));
return(DP_DDDS_RET_NOTFOUND);
}
LM_DBG("found the following NAPTRs: \n");
for (l = head; l; l = l->next) {
if (l->type != T_NAPTR) {
LM_DBG("found non-NAPTR record.\n");
continue; /*should never happen*/
}
naptr = (struct naptr_rdata*)l->rdata;
if (naptr == 0) {
LM_CRIT("null rdata\n");
continue;
}
LM_DBG("order %u, pref %u, flen %u, flags '%.*s', slen %u, "
"services '%.*s', rlen %u, regexp '%.*s', repl '%s'\n",
naptr->order, naptr->pref,
naptr->flags_len, (int)(naptr->flags_len), ZSW(naptr->flags),
naptr->services_len,
(int)(naptr->services_len), ZSW(naptr->services), naptr->regexp_len,
(int)(naptr->regexp_len), ZSW(naptr->regexp),
ZSW(naptr->repl)
);
}
LM_DBG("sorting...\n");
naptr_sort(&head);
for (l = head; l; l = l->next) {
if (l->type != T_NAPTR) continue; /*should never happen*/
naptr = (struct naptr_rdata*)l->rdata;
if (naptr == 0) {
LM_CRIT("null rdata\n");
continue;
}
LM_DBG("considering order %u, pref %u, flen %u, flags '%.*s', slen %u, "
"services '%.*s', rlen %u, regexp '%.*s', repl '%s'\n",
naptr->order, naptr->pref,
naptr->flags_len, (int)(naptr->flags_len), ZSW(naptr->flags),
naptr->services_len,
(int)(naptr->services_len), ZSW(naptr->services), naptr->regexp_len,
(int)(naptr->regexp_len), ZSW(naptr->regexp),
ZSW(naptr->repl)
);
/*
* New order? then we check whether the had success during the last one.
* If yes, we can leave the loop.
*/
if (last_order != naptr->order) {
last_order = naptr->order;
failed = 0;
if (stack_succeeded(&stack)) {
LM_INFO("we don't need to consider further orders "
"(starting with %d).\n",last_order);
break;
}
} else if (failed) {
LM_INFO("order %d has already failed.\n",last_order);
continue;
}
/*
* NAPTRs we don't care about
*/
if (!IS_D2PNAPTR(naptr))
continue;
/*
* once we've been here, don't return DP_DDDS_RET_NOTFOUND
*/
found_anything = 1;
next_naptr = NULL;
if (l->next && (l->next->type == T_NAPTR)) {
next_naptr = (struct naptr_rdata*)l->next->rdata;
}
/*
* Non-terminal?
*/
if ((naptr->services_len == 7) && !strncasecmp("D2P+SIP", naptr->services,7) && (naptr->flags_len == 0)){
LM_INFO("found non-terminal NAPTR\n");
/*
* This needs to be the only record with this order.
*/
if (next_naptr && (next_naptr->order == naptr->order) && IS_D2PNAPTR(next_naptr)) {
LM_ERR("non-terminal NAPTR needs to be the only one "
"with this order %.*s.\n", domain->len, ZSW(domain->s));
return(DP_DDDS_RET_DNSERROR);
}
newdomain.s = naptr->repl;
newdomain.len = strlen(naptr->repl);
ret = dp_can_connect_str(&newdomain, rec_level + 1);
if (ret == DP_DDDS_RET_POSITIVE) /* succeeded, we're done. */
return(ret);
if (ret == DP_DDDS_RET_NEGATIVE) /* found rules, did not work */
continue; /* look for more rules */
if (ret == DP_DDDS_RET_DNSERROR) /* errors during lookup */
return(ret); /* report them */
if (ret == DP_DDDS_RET_NOTFOUND) /* no entries in linked domain? */
return(ret); /* ok, fine. go with that */
continue; /* not reached */
}
/*
* wrong kind of terminal
*/
if ((naptr->flags_len != 1) || (tolower(naptr->flags[0]) != 'u')) {
LM_ERR("terminal NAPTR needs flag = 'u' and not '%.*s'.\n",
(int)naptr->flags_len, ZSW(naptr->flags));
/*
* It's not that clear what we should do now: Ignore this records or regard it as failed.
* We go with "ignore" for now.
*/
continue;
}
if (parse_naptr_regexp(&(naptr->regexp[0]), naptr->regexp_len,
&pattern, &replacement) < 0) {
LM_ERR("parsing of NAPTR regexp failed\n");
continue;
}
result.s = &(uri[0]);
result.len = MAX_URI_SIZE;
/* Avoid making copies of pattern and replacement */
pattern.s[pattern.len] = (char)0;
replacement.s[replacement.len] = (char)0;
if (reg_replace(pattern.s, replacement.s, domain->s,
&result) < 0) {
pattern.s[pattern.len] = '!';
replacement.s[replacement.len] = '!';
LM_ERR("regexp replace failed\n");
continue;
}
LM_INFO("resulted in replacement: '%.*s'\n", result.len, ZSW(result.s));
pattern.s[pattern.len] = '!';
replacement.s[replacement.len] = '!';
ret = check_rule(&result,naptr->services,naptr->services_len, &stack);
if (ret == 1) {
LM_INFO("positive return\n");
} else if (ret == 0) {
LM_INFO("check_rule failed.\n");
stack_reset(&stack);
/* If we're in a recursive call, set the domain-replacement */
if ( rec_level > 0 ) {
stack_push(&stack, domain_replacement_name.s.s, (char *) domain->s);
stack.succeeded = 0;
}
failed = 1;
} else {
return(DP_DDDS_RET_DNSERROR);
}
}
if (stack_succeeded(&stack)) {
LM_INFO("calling stack_to_avp.\n");
stack_to_avp(&stack);
return(DP_DDDS_RET_POSITIVE);
}
LM_INFO("returning %d.\n",
(found_anything ? DP_DDDS_RET_NEGATIVE : DP_DDDS_RET_NOTFOUND));
return( found_anything ? DP_DDDS_RET_NEGATIVE : DP_DDDS_RET_NOTFOUND );
}
