void Tokenizer::shiftFilepath()
{
// do not call shift file in the middle of a block comment
BOOST_ASSERT(!mBlockComment);
// we do not support files with whitespaces in the beggining
skipWhiteSpaces();
mpCurrent.reset(new Token);
mpCurrent->setLine(line());
mpCurrent->setBeginColumn(column());
mpCurrent->setType(Token::TYPE_FILEPATH);
while (!eof())
{
auto ch = mpInput->get();
if (!isPortableFilepathChar(ch))
{
mpInput->clear();
mpInput->unget();
break;
}
absorbed(ch);
mpCurrent->addChar(ch);
}
mpCurrent->setEndColumn(column());
}
/**
* @brief Retrieves the action out of the given user-rule suffix.
* The user rule suffix should contain the action as it first field (maybe after some spaces and tabs),
* and the action should be one of the following constant strings: ACCEPT_STRING, DROP_STRING.
* The function promotes the user rule suffix to the first whitespace after the action.
*
* @param userRulePtr - a pointer to the user-rule suffix, which is a string of maximum length USER_RULE_MAX_LENGTH - 1.
* @param action - out parameter, which will contain the rule's action in kernel-format.
*
* @return TRUE for success, FALSE for failure.
*/
Bool getActionFromUserRule(char ** userRulePtr, unsigned short * action, int userRuleNum)
{
char actionString[USER_RULE_MAX_LENGTH] = "";
skipWhiteSpaces(userRulePtr);
if (sscanf(*userRulePtr, "%s", actionString) != 1)
{
printf("User-rule #%d: invalid action.\n", userRuleNum);
return FALSE;
}
if (strcmp(actionString, ACCEPT_STRING) == 0)
{
*action = ACTION_ACCEPT;
}
else if (strcmp(actionString, DROP_STRING) == 0)
{
*action = ACTION_DROP;
}
else
{
printf("User-rule #%d: invalid action. The valid actions are: %s, %s.\n", userRuleNum, ACCEPT_STRING, DROP_STRING);
return FALSE;
}
*userRulePtr += strlen(actionString);
return TRUE;
}
/**
* @brief Retrieves the ack out of the given user-rule suffix.
* The user rule suffix should contain the ack as it first field (maybe after some spaces and tabs),
* and the ack should be one of the following constant strings: YES_STRING, NO_STRING, ANY_STRING.
* The function promotes the user rule suffix to the first whitespace after the ack.
*
* @param userRulePtr - a pointer to the user-rule suffix, which is a string of maximum length USER_RULE_MAX_LENGTH - 1.
* @param ack - out parameter, which will contain the rule's ack in kernel-format.
*
* @return TRUE for success, FALSE for failure.
*/
Bool getAckFromUserRule(char ** userRulePtr, unsigned short * ack, int userRuleNum)
{
char ackStr[USER_RULE_MAX_LENGTH] = "";
skipWhiteSpaces(userRulePtr);
if (sscanf(*userRulePtr, "%s", ackStr) != 1)
{
printf("User-rule #%d: invalid ack.\n", userRuleNum);
return FALSE;
}
if (strcmp(ackStr, YES_STRING) == 0)
{
*ack = ACK_YES;
}
else if (strcmp(ackStr, NO_STRING) == 0)
{
*ack = ACK_NO;
}
else if (strcmp(ackStr, ANY_STRING) == 0)
{
*ack = ACK_ANY;
}
else
{
printf("User-rule #%d: invalid ack. The valid values for ack are: %s, %s, %s.\n",
userRuleNum, YES_STRING, NO_STRING, ANY_STRING);
return FALSE;
}
*userRulePtr += strlen(ackStr);
return TRUE;
}
/**
* @brief Retrieves the port out of the given user-rule suffix.
* The user rule suffix should contain the port as it first field (maybe after some spaces and tabs),
* and the port should be either the constant string PORT_ABOVE_1023_STRING, ANY_STRING, or an unsigned short.
* The function promotes the user rule suffix to the first whitespace after the port.
*
* @param userRulePtr - a pointer to the user-rule suffix, which is a string of maximum length USER_RULE_MAX_LENGTH - 1.
* @param port - out parameter, which will contain the rule's port in kernel-format.
*
* @return TRUE for success, FALSE for failure.
*/
Bool getPortFromUserRule(char ** userRulePtr, unsigned short * port, int userRuleNum)
{
char portStr[USER_RULE_MAX_LENGTH] = "";
char tempStr[3] = "";
skipWhiteSpaces(userRulePtr);
if (sscanf(*userRulePtr, "%s", portStr) != 1)
{
printf("User-rule #%d: invalid port.\n", userRuleNum);
return FALSE;
}
if (strcmp(portStr, PORT_ABOVE_1023_STRING) == 0)
{
*port = PORT_ABOVE_1023;
}
else if (strcmp(portStr, ANY_STRING) == 0)
{
*port = PORT_ANY;
}
else if (sscanf(portStr, "%hu%2s", port, tempStr) != 1)
{
printf("User-rule #%d: invalid port: Valid port should be '%s', '%s' or an unsigned short.\n", userRuleNum, ANY_STRING, PORT_ABOVE_1023_STRING);
return FALSE;
}
*userRulePtr += strlen(portStr);
return TRUE;
}
/**
* @brief Retrieves the direction out of the given user-rule suffix.
* The user rule suffix should contain the direction as it first field (maybe after some spaces and tabs),
* and the direction should be one of the following constant strings: IN_STRING, OUT_STRING, OUT_STRING.
* The function promotes the user rule suffix to the first whitespace after the direction.
*
* @param userRulePtr - a pointer to the user-rule suffix, which is a string of maximum length USER_RULE_MAX_LENGTH - 1.
* @param direction - out parameter, which will contain the rule's direction in kernel-format.
*
* @return TRUE for success, FALSE for failure.
*/
Bool getDirectionFromUserRule(char ** userRulePtr, unsigned short * direction, int userRuleNum)
{
char directionStr[USER_RULE_MAX_LENGTH] = "";
skipWhiteSpaces(userRulePtr);
if (sscanf(*userRulePtr, "%100s", directionStr) != 1)
{
printf("User-rule #%d: invalid direction.\n", userRuleNum);
return FALSE;
}
if (strcmp(directionStr, IN_STRING) == 0)
{
*direction = DIRECTION_IN;
}
else if (strcmp(directionStr, OUT_STRING) == 0)
{
*direction = DIRECTION_OUT;
}
else if (strcmp(directionStr, ANY_STRING) == 0)
{
*direction = DIRECTION_ANY;
}
else
{
printf("User-rule #%d: invalid direction. Valid directions are: %s, %s, %s.\n",
userRuleNum, IN_STRING, OUT_STRING, ANY_STRING);
return FALSE;
}
*userRulePtr += strlen(directionStr);
return TRUE;
}
/**
* @brief Retrieves the subnet's ip and prefix-size out of the given user-rule suffix.
* The user rule suffix should contain the subnet as it first field (maybe after some spaces and tabs),
* and the subnet should be ANY_STRING or of the format <ip>/<prefix-size>.
* The function promotes the user rule suffix to the first whitespace after the subnet.
*
* @param userRulePtr - a pointer to the user-rule suffix, which is a string of maximum length USER_RULE_MAX_LENGTH - 1.
* @param ip - out parameter, which will contain the subnet's ip.
* @param prefixSize - out parameter, which will contain the size of the subnet's prefix.
*
* @return TRUE for success, FALSE for failure.
*/
Bool getSubnetFromUserRule(char ** userRulePtr, unsigned int * ip, unsigned short * prefixSize, int userRuleNum)
{
char subnetStr[USER_RULE_MAX_LENGTH] = "";
char * slashPtr = NULL;
int slashIndex = 0;
char ipStr[USER_RULE_MAX_LENGTH] = "";
char prefixSizeStr[USER_RULE_MAX_LENGTH] = "";
skipWhiteSpaces(userRulePtr);
/* Retrieving the subnet */
if (sscanf(*userRulePtr, "%s", subnetStr) != 1)
{
printf("User-rule #%d: invalid subnet.\n", userRuleNum);
return FALSE;
}
if (strcmp(subnetStr, ANY_STRING) == 0)
{
*ip = 0;
*prefixSize = 0;
*userRulePtr += strlen(subnetStr);
return TRUE;
}
/* Retrieving the slash index in order to distinguish between the ip and the prefix size */
slashPtr = strchr(subnetStr, (int)'/');
if (NULL == slashPtr)
{
/* Only IP */
slashIndex = strlen(subnetStr);
*prefixSize = PREFIX_SIZE_MAX;
}
else
{
/* IP/nps */
slashIndex = slashPtr - (char *)subnetStr;
/* Retrieving the prefix size */
strncpy(prefixSizeStr, slashPtr + 1, strlen(subnetStr) - slashIndex);
if (!getPrefixSizeFromString(prefixSizeStr, prefixSize))
{
printf("User-rule #%d: invalid prefix size: %s\n", userRuleNum, prefixSizeStr);
return FALSE;
}
}
/* Retrieving the ip */
strncpy(ipStr, subnetStr, slashIndex);
ipStr[slashIndex] = 0;
if (!getIpAddrFromString(ipStr, ip))
{
printf("User-rule #%d: invalid ip: %s\n", userRuleNum, ipStr);
return FALSE;
}
*userRulePtr += strlen(subnetStr);
return TRUE;
}
/**
* @brief Retrieves the protocol out of the given user-rule suffix.
* The user rule suffix should contain the protocol as it first field (maybe after some spaces and tabs),
* and the protocol should be one of the following constant strings:
* ICMP_STRING, TCP_STRING, UDP_STRING, OTHER_STRING, ANY_STRING.
* The function promotes the user rule suffix to the first whitespace after the protocol.
*
* @param userRulePtr - a pointer to the user-rule suffix, which is a string of maximum length USER_RULE_MAX_LENGTH - 1.
* @param protocol - out parameter, which will contain the rule's protocol in kernel-format.
*
* @return TRUE for success, FALSE for failure.
*/
Bool getProtocolFromUserRule(char ** userRulePtr, unsigned short * protocol, int userRuleNum)
{
char protocolStr[USER_RULE_MAX_LENGTH] = "";
skipWhiteSpaces(userRulePtr);
if (sscanf(*userRulePtr, "%s", protocolStr) != 1)
{
printf("User-rule #%d: invalid protocol.\n", userRuleNum);
return FALSE;
}
if (strcmp(protocolStr, TCP_STRING) == 0)
{
*protocol = PROT_TCP;
}
else if (strcmp(protocolStr, ICMP_STRING) == 0)
{
*protocol = PROT_ICMP;
}
else if (strcmp(protocolStr, UDP_STRING) == 0)
{
*protocol = PROT_UDP;
}
else if (strcmp(protocolStr, OTHER_STRING) == 0)
{
*protocol = PROT_OTHER;
}
else if (strcmp(protocolStr, ANY_STRING) == 0)
{
*protocol = PROT_ANY;
}
else
{
printf("User-rule #%d: invalid protocol: The only valid protocols are: %s, %s, %s, %s, %s\n",
userRuleNum, ICMP_STRING, TCP_STRING, UDP_STRING, OTHER_STRING, ANY_STRING);
return FALSE;
}
*userRulePtr += strlen(protocolStr);
return TRUE;
}
void Tokenizer::shift()
{
mpCurrent.reset();
if (mBlockComment)
{
skipEOL();
}
else
{
skipWhiteSpaces();
if (mpInput->eof())
return;
}
mpCurrent.reset(new Token);
mpCurrent->setLine(line());
mpCurrent->setBeginColumn(column());
if (mBlockComment)
{
consumeCStyleBlockComment();
return;
}
auto ch = mpInput->get();
if (isLetter(ch) || isUnderscore(ch))
{
consumeIdentifier(ch);
}
else if (isBiwiseOperatorSymbol(ch))
{
mpCurrent->setType(Token::TYPE_BITWISE_OPERATOR);
absorbed(ch);
mpCurrent->addChar(ch);
mpCurrent->setEndColumn(column());
}
else if (isDot(ch) && consumeDot(ch))
{
// nothing
}
else if ((isDecimalDigit(ch) || isDot(ch) || isSign(ch)) && consumeNumber(ch))
{
// nothing
}
else if (isQuotationMark(ch))
{
if (!consumeString(ch))
shift();
}
else if (isCStyleInitialCommentChar(ch))
{
consumeComment(ch);
}
else if (isArrowSymbol(ch) && consumeArrow(ch))
{
// nothing
}
else if (isBracket(ch))
{
mpCurrent->setType(Token::TYPE_BRACKET);
absorbed(ch);
mpCurrent->addChar(ch);
mpCurrent->setEndColumn(column());
}
else if (isAngleBracket(ch))
{
mpCurrent->setType(Token::TYPE_ANGLE_BRACKET);
absorbed(ch);
mpCurrent->addChar(ch);
mpCurrent->setEndColumn(column());
}
else if (isDelimiter(ch))
{
mpCurrent->setType(Token::TYPE_DELIMITER);
absorbed(ch);
mpCurrent->addChar(ch);
mpCurrent->setEndColumn(column());
}
else if (isOperator(ch) && consumeEqualOperator(ch))
{
// nothing
}
else if (isOperator(ch))
{
mpCurrent->setType(Token::TYPE_OPERATOR);
absorbed(ch);
mpCurrent->addChar(ch);
mpCurrent->setEndColumn(column());
}
else if (isAsterisk(ch))
{
mpCurrent->setType(Token::TYPE_ASTERISK);
absorbed(ch);
mpCurrent->addChar(ch);
mpCurrent->setEndColumn(column());
}
else
{
mpCurrent.reset();
}
}
void XMLStreamDecoder::handleData () {
State before = mState;
while (true) {
if (mState != before && mStateChange) {
mStateChange ();
}
before = mState;
if (mState == XS_Closed || mState == XS_Error) return;
skipWhiteSpaces (mInputBuffer);
switch (mState) {
case XS_Start:{
int code = xml::xmlBeginning(mInputBuffer);
if (code == 0) return;
if (code < 0) {
mErrorText = "Invalid XML Begin";
mError = error::BadDeserialization;
mState = XS_Error;
continue;
}
// we have enough
mInputBuffer.l_truncate(code);
mState = XS_ReadXmlBegin;
continue;
}
case XS_ReadXmlBegin: {
int code = xml::fullTag (mInputBuffer);
if (code < 0) {
mErrorText = "Invalid Start Element";
mError = error::BadDeserialization;
mState = XS_Error;
continue;
}
if (code == 0) return;
// we have enough
Error e = fillElement (mInputBuffer.const_c_array(), code, &mOpener);
if (e) {
mError = e;
mErrorText = "Invalid Start element";
mState = XS_Error;
continue;
}
mInputBuffer.l_truncate(code);
mState = XS_ReadOpener;
continue;
}
case XS_ReadOpener:{
int code = xml::fullTag (mInputBuffer);
if (code < 0) {
mErrorText = "InvalidElement";
mError = error::BadDeserialization;
mState = XS_Error;
continue;
}
if (code == 0) return;
if (mInputBuffer[0] == '<' && mInputBuffer[1] == '/') {
mInputBuffer.l_truncate(code);
mState = XS_Closed;
continue;
}
code = xml::completionDetection(mInputBuffer);
if (code < 0) {
mErrorText = "Invalid Element";
mError = error::BadDeserialization;
mState = XS_Error;
continue;
}
if (code == 0) return;
XMLChunk chunk = xml::parseDocument(mInputBuffer.const_c_array(), code);
if (chunk.error() || chunk.children().size() != 1){
mErrorText = "Invalid Element";
mError = error::BadDeserialization;
mState = XS_Error;
continue;
}
if (mChunkRead){
mChunkRead (chunk.children()[0]);
}
mInputBuffer.l_truncate(code);
continue;
}
default:
assert (!"Should not come here!");
return;
}
}
}
/**
* @brief Builds a kernel-rule out of the given user-rule, and adds it to the kernel rules buffer.
*
* @param kernelRules - out parameter, which will hold the kernel rule.
* @param userRule - the user rule from which the kernel rule should be built. Must end with a newline character.
*
* @return the number of bytes written to the kernelRules buffer, or 0 in case of failure.
*/
int addKernelRuleByUserRule(char * kernelRules, char * userRule, int userRuleNum)
{
/* Variable declarations */
char name[20] = "";
unsigned short direction = 0;
unsigned int srcIp = 0;
unsigned short srcPrefixSize = 0;
unsigned int dstIp = 0;
unsigned short dstPrefixSize = 0;
unsigned short protocol = 0;
unsigned short srcPort = 0;
unsigned short dstPort = 0;
unsigned short ack = 0;
unsigned short action = 0;
int sprintfResult = 0;
/* Retrieving the fields of the kernel rules from the user rule */
if (!getNameFromUserRule(&userRule, name, userRuleNum))
{
return 0;
}
if (!getDirectionFromUserRule(&userRule, &direction, userRuleNum))
{
return 0;
}
if (!getSubnetFromUserRule(&userRule, &srcIp, &srcPrefixSize, userRuleNum))
{
return 0;
}
if (!getSubnetFromUserRule(&userRule, &dstIp, &dstPrefixSize, userRuleNum))
{
return 0;
}
if (!getProtocolFromUserRule(&userRule, &protocol, userRuleNum))
{
return 0;
}
if (!getPortFromUserRule(&userRule, &srcPort, userRuleNum))
{
return 0;
}
if (!getPortFromUserRule(&userRule, &dstPort, userRuleNum))
{
return 0;
}
if (!getAckFromUserRule(&userRule, &ack, userRuleNum))
{
return 0;
}
if (!getActionFromUserRule(&userRule, &action, userRuleNum))
{
return 0;
}
skipWhiteSpaces(&userRule);
if (!isEndOfLine(userRule))
{
printf("User-rule #%d: too many arguments.\n", userRuleNum);
return 0;
}
if (!verifyRuleMakeSense(userRuleNum, protocol, ack, srcPort, dstPort))
{
return 0;
}
/* Writing the fields into the kernel rule buffer */
sprintfResult = sprintf(kernelRules, "%s %hu %d %hu %d %hu %hu %hu %hu %hu %hu\n",
name, direction, srcIp, srcPrefixSize, dstIp, dstPrefixSize, protocol,
srcPort, dstPort, ack, action);
if (sprintfResult == -1)
{
printf("User-rule #%d: Error in sprintf.\n", userRuleNum);
return 0;
}
return sprintfResult;
}
