void create_mod_pkt(unsigned char *link_pkt,struct cooking_data *flow,mapid_pkthdr_t *pkt_head) { unsigned char *ret_data; unsigned int ret_size; ether_header* eth = NULL; ip_header* ip = NULL; tcp_header* tcp = NULL; int ether_len = 0, ip_len = 0, tcp_len = 0; eth = (ether_header*)link_pkt; ether_len = sizeof(ether_header); ip = (ip_header*)(link_pkt + ether_len); ip_len = (ip->ver_ihl & 0xf) * 4; tcp = (tcp_header*)(link_pkt + ether_len + ip_len); tcp_len = tcp->off * 4; tcp->seq = 0; if (flow->client_ready && flow->server_ready && flow->collect != BOTH_SIDE) { DEBUG_CMD(Debug_Message("client and server are ready but we dont collect both")); } if (flow->client_ready) { ret_data = flow->ret_client_data; ret_size = flow->client_size; } else { ret_data = flow->ret_server_data; ret_size = flow->server_size; } if (ret_size > (unsigned int)flow->threshold){ DEBUG_CMD(Debug_Message("Packet size is greater than Threshold : %d", ret_size - flow->threshold)); } ip->tlen = ntohs(ret_size + ip_len + tcp_len); //fprintf(stderr, "flow->mod_pkt_size old %d new %d\n", flow->mod_pkt_size, (sizeof(char) * (ret_size +ether_len + ip_len + tcp_len))); /* DEL if (flow->mod_pkt_size < (sizeof(char)*(ret_size + ether_len + ip_len + tcp_len))) { flow->mod_pkt = realloc(flow->mod_pkt,(sizeof(char)*(ret_size + ether_len + ip_len + tcp_len))); flow->mod_pkt_size = (sizeof(char) * (ret_size + ether_len + ip_len + tcp_len)); } */ // memset(link_pkt, 0, (sizeof(char) * (ret_size + ether_len + ip_len + tcp_len))); // memcpy(link_pkt, eth, ether_len); // memcpy(&link_pkt[ether_len], ip, ip_len); // memcpy(&link_pkt[ether_len + ip_len], tcp, tcp_len); memcpy(&link_pkt[ether_len + ip_len + tcp_len], ret_data, ret_size); //flow->client_headers = flow->ret_client_headers; //flow->server_headers = flow->ret_server_headers; pkt_head->caplen = pkt_head->wlen = ret_size + ether_len + ip_len + tcp_len; //DEL memcpy(link_pkt, flow->mod_pkt, pkt_head->caplen); flow->cooked = 1; //printf("create_mod_pkt: pkt_head->caplen: %d\n", pkt_head->caplen); }
void interface_no_acl(const char *cmdline) /* no ip access-group <acl> [in|out] */ { arglist *args; char *dev; acl_chain chain = chain_in; char *listno; dev = librouter_device_cli_to_linux(interface_edited->cish_string, interface_major, interface_minor); args = librouter_make_args(cmdline); listno = args->argv[3]; if (args->argc == 4) chain = chain_both; else { if (strcasecmp(args->argv[4], "in") == 0) chain = chain_in; else if (strcasecmp(args->argv[4], "out") == 0) chain = chain_out; } if ((chain == chain_in) || (chain == chain_both)) { if (librouter_acl_matched_exists(listno, dev, 0, "INPUT")) { sprintf(buf, "/bin/iptables -D INPUT -i %s -j %s", dev, listno); DEBUG_CMD(buf); system(buf); } if (librouter_acl_matched_exists(listno, dev, 0, "FORWARD")) { sprintf(buf, "/bin/iptables -D FORWARD -i %s -j %s", dev, listno); DEBUG_CMD(buf); system(buf); } } if ((chain == chain_out) || (chain == chain_both)) { if (librouter_acl_matched_exists(listno, 0, dev, "OUTPUT")) { sprintf(buf, "/bin/iptables -D OUTPUT -o %s -j %s", dev, listno); DEBUG_CMD(buf); system(buf); } if (librouter_acl_matched_exists(listno, 0, dev, "FORWARD")) { sprintf(buf, "/bin/iptables -D FORWARD -o %s -j %s", dev, listno); DEBUG_CMD(buf); system(buf); } } librouter_destroy_args(args); free(dev); }
static void cmd_stats (char *device, int pid, MAPI_UNUSED uid_t uid, int sock) /*removed id, id==pid here */ //dev = device //if = IPC id used to send ack message back to client { struct mapiipcbuf buf; char *devtype; mapidrv *drv; int err = 0; char* dev=device; struct mapi_stat stats; if (running_shutdown) err = MAPI_SHUTTING_DOWN; //Decide which driver to use for (drv = drvlist; drv != NULL; drv = drv->next) { if (drv->device != NULL) if (strcmp (dev, drv->device) == 0) { //DEBUG_CMD(Debug_Message("Using driver %s for %s", drv->name, dev)); break; } } if (drv == NULL) { DEBUG_CMD(Debug_Message("No driver found for %s", dev)); report_error (MAPID_NO_DRIVER, pid, sock); return; } //Calls driver if (err == 0) { mapidrv_stats = get_drv_funct (drv->handle, "mapidrv_stats"); err = mapidrv_stats (drv->devid, &devtype, &stats); } if (err != 0) { buf.mtype = pid; buf.cmd = MAPI_STATS_ERR; buf.remote_errorcode=err; buf.fd = 0; mapiipc_daemon_write ((struct mapiipcbuf *) &buf, sock); return; } else { //Send ack back to user buf.mtype = pid; memcpy ((char *)buf.data, &stats, sizeof(struct mapi_stat)); buf.cmd = MAPI_STATS_ACK; buf.fd = 0; } mapiipc_daemon_write (&buf, sock); }
static int dist_init(mapidflib_function_instance_t *instance, MAPI_UNUSED int flow_descr) { mapiFunctArg* fargs=instance->args; int fid,fd; char *minstr, *maxstr, *intervalstr; dist_internal_t *i=instance->internal_data=malloc(sizeof(dist_internal_t)); dist_t *dist=instance->result.data; fd=getargint(&fargs); fid=getargint(&fargs); minstr = getargstr(&fargs); maxstr = getargstr(&fargs); intervalstr = getargstr(&fargs); dist->min=fhlp_str2ull(minstr); dist->max=fhlp_str2ull(maxstr); i->interval=fhlp_str2ull(intervalstr); i->num=ceil(((double)(dist->max-dist->min)/(double)i->interval)); i->res_instance=fhlp_get_function_instance(instance->hwinfo->gflist,fd,fid); dist->intervals=i->num; DEBUG_CMD(Debug_Message("Distribution: num=%lld", i->num)); dist_reset(instance); return 0; }
static void * load_driver(const char *dir, const char *name) { char *path, *msg; void *handle= NULL; if (asprintf(&path, "%s/%s", dir, name) < 0) { DEBUG_CMD(Debug_Message("asprintf failed")); } handle = dlopen(path, RTLD_NOW); if (!handle) { msg = dlerror(); DEBUG_CMD(Debug_Message("Error loading driver: %s", msg ? msg : "unknown reason")); } free(path); return handle; }
static void cmd_delete_offline_device(char *dev, int pid, int sock) { mapidrv *drv; struct mapiipcbuf buf; long file_size; for (drv = drvlist; drv != NULL; drv = drv->next) { if (drv->device != NULL) if (strcmp(dev, drv->device) == 0) { break; } } if (drv == NULL) { DEBUG_CMD(Debug_Message("No device found for %s", dev)); report_error(MAPID_NO_DEVICE, pid, sock); return; } if (drv->offline != 0) { mapidrv_delete_device = get_drv_funct(drv->handle, "mapidrv_delete_device"); mapidrv_delete_device(drv->devid); drv->active=0; } buf.mtype = pid; buf.cmd = DELETE_OFFLINE_DEVICE_ACK; buf.fd = -1; if (log_to_file) { file_size = acquire_write_lock(log_fd_info); write_to_file(log_fd_info, "MAPID: offline device %s was deleted at ", dev); write_date(log_fd_info); write_newline(log_fd_info, "\n"); release_write_lock(log_fd_info, file_size); } if (log_to_syslog) log_message("offline device %s was deleted", dev); DEBUG_CMD(Debug_Message("Deleted offline device %s", dev)); mapiipc_daemon_write((struct mapiipcbuf *) &buf, sock); }
/* * Private function to * Configure coefficients using array. */ static void set_color_coefficients(disp_adapter_t *adapter, int layer, short coef[]) { omap_ctx_t *o_ctx= adapter->ms_ctx; TRACE; if (layer > 1) { DEBUG_MSG("layer out of range"); return; } *OMAP_DISPC_VID_CONV_COEF(layer,0) = (coef[0]&0x7FF) | ((coef[1] &0x7FF) << 16); DEBUG_CMD(disp_printf(adapter, "OMAP_DISPC_VID_CONV_COEF0 layer %d %x", layer, *OMAP_DISPC_VID_CONV_COEF(layer,0) )); *OMAP_DISPC_VID_CONV_COEF(layer,1) = (coef[2]&0x7FF) | ((coef[3] &0x7FF) << 16); DEBUG_CMD(disp_printf(adapter, "OMAP_DISPC_VID_CONV_COEF1 layer %d %x", layer, *OMAP_DISPC_VID_CONV_COEF(layer,1) )); *OMAP_DISPC_VID_CONV_COEF(layer,2) = (coef[4]&0x7FF) | ((coef[5] &0x7FF) << 16); DEBUG_CMD(disp_printf(adapter, "OMAP_DISPC_VID_CONV_COEF2 layer %d %x", layer, *OMAP_DISPC_VID_CONV_COEF(layer,2) )); *OMAP_DISPC_VID_CONV_COEF(layer,3) = (coef[6]&0x7FF) | ((coef[7] &0x7FF) << 16); DEBUG_CMD(disp_printf(adapter, "OMAP_DISPC_VID_CONV_COEF3 layer %d %x", layer, *OMAP_DISPC_VID_CONV_COEF(layer,3) )); *OMAP_DISPC_VID_CONV_COEF(layer,4) = (coef[8]&0x7FF) ; DEBUG_CMD(disp_printf(adapter, "OMAP_DISPC_VID_CONV_COEF4 layer %d %x", layer, *OMAP_DISPC_VID_CONV_COEF(layer,4) )); }
/* * Configure coefficients using Ry, RCr, RCb, Gy, GCr, GCb, By, BCr, BCb * Normally used for custom yuv coefficients, maybe from configuration file */ void set_custom_color_coefficients(disp_adapter_t *adapter, int layer, short ry, short rcr, short rcb, short gy, short gcr, short gcb, short by, short bcr, short bcb) { omap_ctx_t *o_ctx= adapter->ms_ctx; TRACE; if (layer > 1) { DEBUG_MSG("layer out of range"); return; } *OMAP_DISPC_VID_CONV_COEF(layer,0) = (ry&0x7FF) | ((rcr &0x7FF) << 16); DEBUG_CMD(disp_printf(adapter, "OMAP_DISPC_VID_CONV_COEF0 layer %d %x", layer, *OMAP_DISPC_VID_CONV_COEF(layer,0) )); *OMAP_DISPC_VID_CONV_COEF(layer,1) = (rcb&0x7FF) | ((gy &0x7FF) << 16); DEBUG_CMD(disp_printf(adapter, "OMAP_DISPC_VID_CONV_COEF1 layer %d %x", layer, *OMAP_DISPC_VID_CONV_COEF(layer,1) )); *OMAP_DISPC_VID_CONV_COEF(layer,2) = (gcr&0x7FF) | ((gcb &0x7FF) << 16); DEBUG_CMD(disp_printf(adapter, "OMAP_DISPC_VID_CONV_COEF2 layer %d %x", layer, *OMAP_DISPC_VID_CONV_COEF(layer,2) )); *OMAP_DISPC_VID_CONV_COEF(layer,3) = (by&0x7FF) | ((bcr &0x7FF) << 16); DEBUG_CMD(disp_printf(adapter, "OMAP_DISPC_VID_CONV_COEF3 layer %d %x", layer, *OMAP_DISPC_VID_CONV_COEF(layer,3) )); *OMAP_DISPC_VID_CONV_COEF(layer,3) = (bcb&0x7FF) ; DEBUG_CMD(disp_printf(adapter, "OMAP_DISPC_VID_CONV_COEF4 layer %d %x", layer, *OMAP_DISPC_VID_CONV_COEF(layer,4) )); }
/* * Set up color conversions coefficients table for YUV to RGB * Returns * 0x0: Limited range selected: 16 subtracted from Y before color space conversion * 0x1: Full range selected: Y is not modified before the color space conversion * Note: Constistent with Bit 11 in DISPC_VIDn_ATTRIBUTES */ int set_yuv_to_rgb_conversion(disp_adapter_t *adapter, int layer, int entry) { omap_ctx_t *o_ctx= adapter->ms_ctx; TRACE; if (layer > 1) { DEBUG_MSG("layer out of range"); return -1; } DEBUG_CMD(disp_printf(adapter, "Set YUV conversion coefficients table %s ", color_coefficients_table[entry].name)); set_color_coefficients(adapter, layer, color_coefficients_table[entry].coefficients); return color_coefficients_table[entry].range; }
static int bpf_cleanup(mapidflib_function_instance_t *instance) { // Clear filter int result; PassFilter_t command; command.WriteHW = TRUE; sprintf(command.achFilterString, "DeleteFilter = %u", ((struct bpf_internal_data *)instance->internal_data)->filter_id); // Hack to see if card is closed char namebuff[16]; result = NTCI_GetDeviceName(((struct bpf_internal_data *)instance->internal_data)->napatechhandle, namebuff, 16); if (result == NTCI_ERRCODE_SUCCESS) { if((result = NTCI_PacketClassification(((struct bpf_internal_data *)instance->internal_data)->napatechhandle, //((napa_nt_adapterinfo_t *)instance->hwinfo->adapterinfo)->napatechhandle, STID_PASS_FILTER, &command)) != NTCI_ERRCODE_SUCCESS) { FilterError_t error; result = NTCI_PacketClassification(((struct bpf_internal_data *)instance->internal_data)->napatechhandle, //((napa_nt_adapterinfo_t *)instance->hwinfo->adapterinfo)->napatechhandle, STID_GET_FILTER_ERROR, &error); DEBUG_CMD(Debug_Message("%s",error.achFilterError1)); // stderr DEBUG_CMD(Debug_Message("%s",error.achFilterError2)); // stderr DEBUG_CMD(Debug_Message("%s",error.achFilterError3)); // stderr return 1; // FIXME: errorcode } } else { printf("ERROR: Card closed, cannot free filter with id %u\n", ((struct bpf_internal_data *)instance->internal_data)->filter_id); // TODO: delete the filter anyway, maybe re-opening the card to delete and re-close. Or maybe even calling NtplTool (dirty) } if (instance->internal_data != NULL) { free(((struct bpf_internal_data *)instance->internal_data)->expression); free(instance->internal_data); } return 0; }
/** * closes a flow described by fd * if send_reply is non-zero, a response is sent to client's mapi stub, * (send_reply=0 is used for local clean-ups) */ static void cmd_close_flow(int fd, int pid, int sock, int send_reply) { struct flow *f; struct client *cl; struct mapiipcbuf buf; long file_size; f=(struct flow*)flist_get(flowlist, fd); if (f) { /* to avoid reading memory after it's freed */ int tmpfd = f->fd; /* prevent closing flows of other processes */ if (pid != f->id) { DEBUG_CMD(Debug_Message( "Proc %d tried to close flow %d, which belongs to proc %d", pid, f->fd, f->id)); report_error(MAPI_INVALID_FLOW, pid, sock); return; } cleanup_flow(f); while(__sync_lock_test_and_set(&clientlist_lock,1)); cl = flist_get(clientlist, pid); f = (struct flow *) flist_remove(cl->flowlist, fd); cl->numflows--; clientlist_lock = 0; //send an ACK that flow closed if (send_reply) { buf.mtype = pid; buf.cmd = CLOSE_FLOW_ACK; buf.fd = tmpfd; mapiipc_daemon_write((struct mapiipcbuf *) &buf, sock); if (log_to_file) { file_size = acquire_write_lock(log_fd_info); write_to_file(log_fd_info, "MAPID: flow %d was closed at ", buf.fd); write_date(log_fd_info); write_newline(log_fd_info, "\n"); release_write_lock(log_fd_info, file_size); } if (log_to_syslog) log_message("flow %d was closed", buf.fd); } } else { report_error(MAPI_INVALID_FLOW, pid, sock); } }
void do_accesslist_policy(const char *cmdline) { arglist *args; char *target; char cmd[256]; FILE *procfile; procfile = fopen("/proc/net/ip_tables_names", "r"); args = librouter_make_args(cmdline); if (strcmp(args->argv[1], "accept") == 0) { target = "ACCEPT"; if (!procfile) goto bailout; /* doesnt need to load modules! */ } else { if (strcmp(args->argv[1], "drop") == 0) { target = "DROP"; } else target = "REJECT"; } if (procfile) fclose(procfile); sprintf(cmd, "/bin/iptables -P INPUT %s", target); DEBUG_CMD(cmd); system(cmd); sprintf(cmd, "/bin/iptables -P OUTPUT %s", target); DEBUG_CMD(cmd); system(cmd); sprintf(cmd, "/bin/iptables -P FORWARD %s", target); DEBUG_CMD(cmd); system(cmd); bailout: librouter_destroy_args(args); }
static int anonymizeip_process(mapidflib_function_instance_t *instance, MAPI_UNUSED unsigned char* dev_pkt, unsigned char* link_pkt, MAPI_UNUSED mapid_pkthdr_t* pkt_head) { struct ip *ip; struct ip6_hdr *ip6; uint64_t orig6[2], anon6[2]; anonip_inst_t *i = instance->internal_data; unsigned int len = instance->hwinfo->cap_length; switch(instance->hwinfo->link_type) { case DLT_EN10MB: // Ethernet ip = (struct ip *)(link_pkt + sizeof(ether_header)); len -= sizeof(ether_header); break; case DLT_CHDLC: // PoS ip = (struct ip *)(link_pkt + 4); len -= 4; break; default: DEBUG_CMD(Debug_Message("Link layer not supported")); exit(-1); } if (len < sizeof(struct ip)) return 0; switch(ip->ip_v) { case 4: ip->ip_src.s_addr = htonl(anonymize(&i->anon_instance, ntohl(ip->ip_src.s_addr))); ip->ip_dst.s_addr = htonl(anonymize(&i->anon_instance, ntohl(ip->ip_dst.s_addr))); break; case 6: if (len < sizeof(struct ip6_hdr)) return 0; ip6 = (struct ip6_hdr *)ip; //See panonymizer.h for IPv6 support memcpy(orig6, &ip6->ip6_src, 16); anonymize_v6(&i->anon_instance, orig6, anon6); memcpy(&ip6->ip6_src, anon6, 16); memcpy(orig6, &ip6->ip6_dst, 16); anonymize_v6(&i->anon_instance, orig6, anon6); memcpy(&ip6->ip6_dst, anon6, 16); break; default: return 0; } return 1; }
/* * Returns a pointer to a function inside a driver * drv = pointer to driver * funct = name of function */ void *drv_get_funct(void *drv, const char *funct) { char *msg= NULL; void *my_funct = (void *) dlsym(drv, funct); if (my_funct == NULL) { msg = (char *) dlerror(); DEBUG_CMD(Debug_Message("ERROR: drv_get_funct: %s", msg)); dlclose(drv); exit(EXIT_FAILURE); } return my_funct; }
static void * get_drv_funct(void *drv, const char *funct) //Returns a pointer to a function inside a driver //drv = pointer to driver //funct = name of function { char *msg= NULL; void *my_funct = dlsym(drv, funct); if (my_funct == NULL) { msg = dlerror(); DEBUG_CMD(Debug_Message("ERROR: get_drv_funct: %s", msg)); dlclose(drv); exit(EXIT_FAILURE); } return my_funct; }
static void cmd_read_results(int fd, int fid, int pid, int sock) //Read results from a function //fd = flow descriptor //fid = function ID { mapidrv *drv = get_drv(fd); mapid_result_t *result; struct mapiipcbuf buf; int err; char *p = (char *)buf.data; if (drv == NULL) { /* driver not found(should be handled in create_flow), or invalid flow id */ DEBUG_CMD(Debug_Message("cmd_read_results: no driver found")); report_error(MAPI_INVALID_FLOW, pid, sock); return; } mapidrv_read_results = get_drv_funct(drv->handle, "mapidrv_read_results"); err = mapidrv_read_results(drv->devid, fd, fid, &result); if (err != 0) { report_error(err, pid, sock); return; } buf.mtype = get_id(fd); buf.cmd = READ_RESULT_ACK; buf.fd = fd; //Copy result data if (result->funct_res_size + 2*sizeof(mapid_shm_t) < DATA_SIZE) { memcpy(p, &result->shm, sizeof(mapid_shm_t)); p += sizeof (result->shm); memcpy(p, &result->shm_spinlock, sizeof(mapid_shm_t)); if (result->funct_res_size > 0) { p += sizeof (result->shm); memcpy(p, result->funct_res, result->funct_res_size); } buf.size = result->funct_res_size + 2*sizeof(mapid_shm_t); } else { //TODO: Return proper error message } mapiipc_daemon_write(&buf, sock); }
char *pc_get_param(conf_category_entry_t *entry, const char *name) { conf_parameter_t *p; if (entry == NULL) { DEBUG_CMD(Debug_Message("pc_get_param: NULL category")); exit(1); } p = entry->params; while (p != NULL) { if (strcmp(p->name, name) == 0) return p->value; else p = p->next; } return NULL; }
static int dist_instance(mapidflib_function_instance_t *instance, MAPI_UNUSED int fd, MAPI_UNUSED mapidflib_flow_mod_t *flow_mod) { int afd,fid; unsigned long long min,max,interval; char *minstr, *maxstr, *intervalstr; mapiFunctArg* fargs=instance->args; afd=getargint(&fargs); fid=getargint(&fargs); minstr = getargstr(&fargs); maxstr = getargstr(&fargs); intervalstr = getargstr(&fargs); if(fhlp_get_function_instance(instance->hwinfo->gflist,afd,fid)==NULL) return MFUNCT_INVALID_ARGUMENT_1; if(minstr) min=fhlp_str2ull(minstr); else return MFUNCT_INVALID_ARGUMENT_3; if(maxstr) max=fhlp_str2ull(maxstr); else return MFUNCT_INVALID_ARGUMENT_4; if(interval) interval=fhlp_str2ull(intervalstr); else return MFUNCT_INVALID_ARGUMENT_5; if(min>max) return MFUNCT_INVALID_ARGUMENT; if(interval>(max-min)) return MFUNCT_INVALID_ARGUMENT_4; instance->def->shm_size=sizeof(unsigned long long)*(ceil((double)(max-min)/(double)interval)+1)+sizeof(dist_t); DEBUG_CMD(Debug_Message("SIZE: %d", instance->def->shm_size)); return 0; };
static void cmd_load_library(char *lib, int pid, int sock) { struct mapiipcbuf buf; int err; mapidrv *drv = drvlist; //Call each driver and tell it to load the new library while (drv) { mapidrv_load_library = get_drv_funct(drv->handle, "mapidrv_load_library"); err = mapidrv_load_library(lib); if (err != 0) { DEBUG_CMD(Debug_Message("Could not load library %s", lib)); } drv = drv->next; } buf.mtype = pid; buf.cmd = LOAD_LIBRARY_ACK; mapiipc_daemon_write((struct mapiipcbuf *) &buf, sock); }
static void cmd_connect(int fd, int pid, int sock) //Connect to flow //fd = flow descriptor { struct mapiipcbuf buf; int err = 0; mapidrv *drv = get_drv(fd); long file_size; if (drv == NULL) { /* driver not found(should be handled in create_flow), or invalid flow id */ DEBUG_CMD(Debug_Message("cmd_connect: no driver found")); report_error(MAPI_INVALID_FLOW, pid, sock); return; } if (err == 0) { mapidrv_connect = get_drv_funct(drv->handle, "mapidrv_connect"); err = mapidrv_connect(drv->devid, fd); } if (err != 0) { report_error(err, pid, sock); return; } buf.cmd = CONNECT_ACK; buf.mtype = get_id(fd); /* should be == pid */ buf.fd = fd; if (log_to_file) { file_size = acquire_write_lock(log_fd_info); write_to_file(log_fd_info, "MAPID: connect to flow %d at ", fd); write_date(log_fd_info); write_newline(log_fd_info, "\n"); release_write_lock(log_fd_info, file_size); } if (log_to_syslog) log_message("connect to flow %d", fd); mapiipc_daemon_write((struct mapiipcbuf *) &buf, sock); }
static int bpf_instance(mapidflib_function_instance_t *instance, MAPI_UNUSED int fd, MAPI_UNUSED mapidflib_flow_mod_t *flow_mod) { mapiFunctArg* fargs=instance->args; char *str = getargstr(&fargs); if (instance->hwinfo->offline != 0) // Cant use packet classification on offline streams return -1; // FIXME: errorcode /* * Checking Arguments */ if(str == NULL) return MFUNCT_INVALID_ARGUMENT_1; if(strlen(str) < 1) // could also force a maximum length for the filter expression return MFUNCT_INVALID_ARGUMENT_1; /* * Dummy BPF filter compilation in order to check filter is OK. */ /* if((pcap = pcap_open_dead(instance->hwinfo->link_type, instance->hwinfo->cap_length)) == NULL){ DEBUG_CMD(Debug_Message("pcap_open_dead failed")); return PCAP_OPEN_DEAD_ERR; } temp = malloc(sizeof(struct bpf_filter)); if(pcap_compile(pcap, ((struct bpf_program*)&((struct bpf_filter *)temp)->compiled), str, 1, 0)) { DEBUG_CMD(Debug_Message("bpf compilation error: %s str: \"%s\"", pcap_geterr(pcap), str)); free(temp); return PCAP_BPF_ERR; } pcap_close(pcap); pcap_freecode((struct bpf_program *)&((struct bpf_filter *)temp)->compiled); free(temp); */ /* NOTE: The filter should really be applied in init() and only checked for validity here, but as there is no way to test-compile the expression and check for resources it's done here. */ int result; PassFilter_t command; command.WriteHW = TRUE; sprintf(command.achFilterString, str); //"Capture[Priority=0;Feed=0]=ALL"); if((result = NTCI_PacketClassification(((napa_nt_adapterinfo_t *)instance->hwinfo->adapterinfo)->napatechhandle, STID_PASS_FILTER, &command)) != NTCI_ERRCODE_SUCCESS) { printf("----got errorcode %d\n",result); FilterError_t error; result = NTCI_PacketClassification(((napa_nt_adapterinfo_t *)instance->hwinfo->adapterinfo)->napatechhandle, STID_GET_FILTER_ERROR, &error); DEBUG_CMD(Debug_Message("%s",error.achFilterError1)); // stderr DEBUG_CMD(Debug_Message("%s",error.achFilterError2)); // stderr DEBUG_CMD(Debug_Message("%s",error.achFilterError3)); // stderr return MFUNCT_COULD_NOT_APPLY_FUNCT; // FIXME: errorcode } instance->internal_data = malloc(sizeof(struct bpf_internal_data)); struct bpf_internal_data *idata = (struct bpf_internal_data *)instance->internal_data; idata->napatechhandle = ((napa_nt_adapterinfo_t *)instance->hwinfo->adapterinfo)->napatechhandle; idata->expression = strdup(command.achFilterString); idata->filter_id = command.ReturnData.u.FilterIndex.FilterId; idata->group_index = command.ReturnData.u.FilterIndex.u.GroupIndex; DEBUG_CMD(Debug_Message("BPF_NTPL: %s\n\tFilterId: %u GroupIndex: 0x%lx", idata->expression, idata->filter_id, idata->group_index)); return 0; }
static int strsearch_init(mapidflib_function_instance_t *instance, MAPI_UNUSED int fd) //Initializes the function { char *str, *strbak; int off, dpth; unsigned char *tmpstr, *tstrbak; unsigned char *ret; // holds the final parsed string int len=0; // length of the final parsed string unsigned short pattern_ctr = 0; char hexpair[3]; mapiFunctArg* fargs; struct mapid_strsearch_pattern *pattern = NULL; struct mapid_strsearch_pattern *lastptrn, *tmpptrn = NULL; fargs=instance->args; str = getargstr(&fargs); off = getargint(&fargs); dpth = getargint(&fargs); /* parse pattern * * Non printable characters or general binary content can be specified by * using pipes enclosing the binary data which are represented in hex * values for each byte. For example, 'abcd' is the same as '|61 62 63 * 64|' or 'ab|63 64|' or '|61|b|6364|. If the pipe character needs to be * searched, it should be preceeded by a '\'. */ strbak = str; // backup pointer tstrbak = tmpstr = (unsigned char *)malloc(strlen(str)*sizeof(char)); ret=tmpstr; hexpair[2]='\0'; while(*str!='\0') { // Two pipes "||" separates two match strings. // A||B will match both a packet with either A or B in it. if (*str == '|' && *(str+1) == '|') // Should be safe since last char will be '\0' { if (!isEscaped(str)) { len=tmpstr-ret; if (len <= 0) { // Empty OR node, skip str += 2; continue; } if((dpth > 0) && (dpth < len)) { DEBUG_CMD(Debug_Message("The depth (%d) is less than the size of the pattern (%d)", dpth, len)); return MDLIB_STRSEARCH_DEPTH_LESS_THAN_PTRN_ERR; } tmpptrn = malloc(sizeof(struct mapid_strsearch_pattern)); tmpptrn->str = (unsigned char *)malloc(len * sizeof(char)); tmpptrn->slen = len; tmpptrn->offset = off; tmpptrn->depth = dpth; memcpy(tmpptrn->str, ret, len); //compute Boyer-Moore's shift and skip tables tmpptrn->shift = make_shift((char *)ret, len); tmpptrn->skip = make_skip((char *)ret, len); tmpptrn->next = NULL; if (pattern == NULL) { pattern = tmpptrn; lastptrn = tmpptrn; } else { lastptrn->next = tmpptrn; lastptrn = tmpptrn; } tmpptrn = NULL; ret = tmpstr; pattern_ctr++; } else { *tmpstr=*str; tmpstr++; } str++; } // '|' means that hex mode begins unless it is escaped \| // every hex number consists of two characters ,e.g A is written as 0A else if(*str=='|') { if(!isEscaped(str)) { int hexcount=0; str++; //parse until closing '|' while(*str!='|') { if(*str=='\0') { return MDLIB_STRSEARCH_UNTERMINATED_PIPE_ERR; } // |AC DE| => ignore white spaces between hex numbers if(*str==' ') { str++; continue; } //convert hex to character hexpair[hexcount++]=*str; if(hexcount==2) { hexcount=0; sscanf(hexpair,"%x",(int *)tmpstr); tmpstr++; } str++; } } else { *tmpstr=*str; tmpstr++; } } // special case for escape character '\\' else if(*str=='\\') { if(isEscaped(str)) { *tmpstr=*str; tmpstr++; } } else { *tmpstr=*str; tmpstr++; } str++; } len=tmpstr-ret; /* end of pattern parsing */ /* Arne: Will fix it later funct = fhlp_get_first(); while (funct) { if(strcmp(funct->name,"STR_SEARCH")==0) if(funct->internal_data) if(memcmp(((struct mapid_strsearch *)funct->internal_data)->str, ret, ((struct mapid_strsearch *)funct->internal_data)->slen) == 0) if(((struct mapid_strsearch *)funct->internal_data)->offset == off && ((struct mapid_strsearch *)funct->internal_data)->depth == dpth){ instance->internal_data = funct->internal_data; printf("added optimised string search: %s offset: %d depth: %d\n",strbak, off, dpth); return 0; } funct = funct->next; } */ if((dpth > 0) && (dpth < len)) { DEBUG_CMD(Debug_Message("The depth (%d) is less than the size of the pattern (%d)", dpth, len)); return MDLIB_STRSEARCH_DEPTH_LESS_THAN_PTRN_ERR; } if (len > 0) { tmpptrn = malloc(sizeof(struct mapid_strsearch_pattern)); tmpptrn->str = (unsigned char *)malloc(len * sizeof(char)); tmpptrn->slen = len; tmpptrn->offset = off; tmpptrn->depth = dpth; memcpy(tmpptrn->str, ret, len); //compute Boyer-Moore's shift and skip tables tmpptrn->shift = make_shift((char *)ret, len); tmpptrn->skip = make_skip((char *)ret, len); tmpptrn->next = NULL; if (pattern == NULL) pattern = tmpptrn; else lastptrn->next = tmpptrn; pattern_ctr++; } if (pattern == NULL) { // Invalid search term return MDLIB_STRSEARCH_NOT_A_VALID_SEARCH_STRING; } instance->internal_data = malloc(sizeof(struct mapid_strsearch)); /* ((struct mapid_strsearch *)instance->internal_data)->str = (unsigned char *)malloc(len * sizeof(char)); ((struct mapid_strsearch *)instance->internal_data)->slen = len; ((struct mapid_strsearch *)instance->internal_data)->offset = off; ((struct mapid_strsearch *)instance->internal_data)->depth = dpth; memcpy(((struct mapid_strsearch *)instance->internal_data)->str, ret, len); //compute Boyer-Moore's shift and skip tables ((struct mapid_strsearch *)instance->internal_data)->shift = make_shift((char *)ret, len); ((struct mapid_strsearch *)instance->internal_data)->skip = make_skip((char *)ret, len); */ ((struct mapid_strsearch *)instance->internal_data)->pattern = pattern; ((struct mapid_strsearch *)instance->internal_data)->num_patterns = pattern_ctr; ((struct mapid_strsearch *)instance->internal_data)->currentIteration = 0; DEBUG_CMD(Debug_Message("added string search: %s offset: %d depth: %d nodes: %u", strbak, off, dpth, pattern_ctr)); free(tstrbak); return 0; }
static int cook_init(mapidflib_function_instance_t *instance, MAPI_UNUSED int fd) { struct cooking_data *data; if (nids_not_inited) { pcap_t *desc; struct nids_chksum_ctl *nochksumchk; desc = malloc(sizeof(pcap_t)); desc->fd = 1; desc->linktype = instance->hwinfo->link_type; desc->bufsize = instance->hwinfo->cap_length; nids_params.pcap_desc = desc; nids_params.tcp_workarounds = 1; /* disable checksum checking for all packets */ nochksumchk = malloc(sizeof(struct nids_chksum_ctl)); nochksumchk->netaddr = 0; nochksumchk->mask = 0; nochksumchk->action = NIDS_DONT_CHKSUM; nids_register_chksum_ctl(nochksumchk, 1); if (!nids_init()) { DEBUG_CMD(Debug_Message("NIDS Error: %s", nids_errbuf)); return -1; } nids_register_tcp(mapi_tcp_callback); nids_not_inited = 0; } data = (struct cooking_data *)(instance->internal_data); /* //check if uncook is applied functs = flist_get(instance->hwinfo->gflist->fflist, fd); for (fid=1; (funct=flist_get(functs, fid)); fid++) { if (!strcmp(funct->instance->def->name, "UNCOOK")) data->keep_headers = 1; } */ //printf("Cooking : %s keeping headers %d \n", (data->keep_headers)?"":"NOT", fd); if (data->threshold <= 0) { data->threshold = 32000; //default value 32K } if (data->threshold < 1600) instance->hwinfo->cap_length = 1600; else instance->hwinfo->cap_length = data->threshold + 100;//+100 for headers data->ret_client_data = malloc(sizeof(char) * data->threshold); data->ret_server_data = malloc(sizeof(char) * data->threshold); data->client_ready = 0; data->server_ready = 0; //data->ni = nids_mapi_init(&desc, instance->hwinfo->link_type); //data->ni = nids_create(); return 0; }
void mapi_tcp_callback(struct tcp_stream *a_tcp, MAPI_UNUSED void **param) { struct tcp_flow_data *td = a_tcp->user; struct cooking_data *flow = td->flow; //printf("tcp_callback : "); if (a_tcp->nids_state == NIDS_JUST_EST) { //fprintf(stderr, "callback: established\n"); switch (flow->collect) { case SERVER_SIDE: a_tcp->server.collect++; a_tcp->client.collect--; break; case CLIENT_SIDE: a_tcp->client.collect++; a_tcp->server.collect--; break; case BOTH_SIDE: a_tcp->server.collect++; a_tcp->client.collect++; break; default: ; } //printf("callback: just established\n"); return; } if (a_tcp->nids_state == NIDS_DATA) { // printf("data\n"); struct half_stream *hlf; //flist_t **heads; unsigned char **ret_data; unsigned int *ret_size; int *ready; if (a_tcp->client.count_new) { hlf = &a_tcp->client; //heads = &flow->ret_client_headers; ret_data = &flow->ret_client_data; ret_size = &flow->client_size; ready = &flow->client_ready; if (flow->collect == SERVER_SIDE) DEBUG_CMD(Debug_Message("Asked for server data but got client's")); } else { hlf = &a_tcp->server; //heads = &flow->ret_server_headers; ret_data = &flow->ret_server_data; ret_size = &flow->server_size; ready = &flow->server_ready; if (flow->collect == CLIENT_SIDE) DEBUG_CMD(Debug_Message("Asked for client data but got server's")); } if (td->discard) { return; } if (hlf->count - hlf->offset >= flow->threshold) { //we have enough data //*heads = hlf->headers; memcpy(*ret_data, hlf->data, flow->threshold); *ret_size = flow->threshold; *ready = 1; nids_discard(a_tcp, flow->threshold); if (flow->ret_once) td->discard = 1; } else { //keep them nids_discard(a_tcp, 0); } return; } if (a_tcp->nids_state == NIDS_CLOSE || a_tcp->nids_state == NIDS_RESET || a_tcp->nids_state == NIDS_TIMED_OUT || a_tcp->nids_state == NIDS_EXITING) { int server_bytes, client_bytes; //printf("call_back: close\n"); //flow->ret_server_headers = a_tcp->server.headers; //flow->ret_client_headers = a_tcp->client.headers; server_bytes = a_tcp->server.count - a_tcp->server.offset; client_bytes = a_tcp->client.count - a_tcp->client.offset; if (server_bytes > 0 && flow->collect != CLIENT_SIDE) { //flow->ret_server_data = malloc(sizeof(unsigned char) * server_bytes); memcpy(flow->ret_server_data, a_tcp->server.data, flow->threshold); flow->server_size = server_bytes; flow->server_ready = 1; } if (client_bytes > 0 && flow->collect != SERVER_SIDE) { //flow->ret_client_data = malloc(sizeof(unsigned char) * client_bytes); memcpy(flow->ret_client_data, a_tcp->client.data, flow->threshold); flow->client_size = client_bytes; flow->client_ready = 1; } } }
static void cmd_create_flow(char *device, int pid, uid_t uid, int sock) /*removed id, id==pid here */ //Create a new flow //dev = device //if = IPC id used to send ack message back to client { struct flow *fl = (struct flow *) malloc(sizeof(struct flow)); struct client *cl; struct mapiipcbuf buf; char *devtype; mapidrv *drv; int err = 0; char* dev=device; long file_size; fl->id = pid; fl->fd = ++fdseed; fl->drv = NULL; fl->uid = uid; fl->offline = 0; if (running_shutdown) err = MAPI_SHUTTING_DOWN; //Decide which driver to use for (drv = drvlist; drv != NULL; drv = drv->next) { if (drv->device != NULL) if (strcmp(dev, drv->device) == 0) { fl->drv = drv; DEBUG_CMD(Debug_Message("Using driver %s for %s", drv->name, dev)); break; } } if (fl->drv == NULL) { DEBUG_CMD(Debug_Message("No driver found for %s", dev)); report_error(MAPID_NO_DRIVER, pid, sock); free(fl); return; } ++flows; //total number of currently registered flows //Calls driver if (err == 0) { mapidrv_create_flow = get_drv_funct(fl->drv->handle, "mapidrv_create_flow"); err = mapidrv_create_flow(drv->devid, fl->fd, &devtype); } if (err != 0) { /* flow wasn't created */ /* we can't leave the flow in place, but we need it for errno... */ /* cleanup? */ flows--; report_error(err, pid, sock); free(fl); return; } else { flist_append(flowlist, fl->fd, fl); //check if this is the first time we hear from this client cl = flist_get(clientlist, pid); if (cl == NULL) { cl = (struct client *) malloc(sizeof(struct client)); cl->pid = pid; cl->sock = sock; // init the list that holds references to the flows of this client if ((cl->flowlist = malloc(sizeof(flist_t))) == NULL) { DEBUG_CMD(Debug_Message( "ERROR: cmd_create_flow - malloc new client struct: %s", strerror(errno))); exit(EXIT_FAILURE); } flist_init(cl->flowlist); if ((cl->devicelist = malloc(sizeof(flist_t))) == NULL) { DEBUG_CMD(Debug_Message( "ERROR: cmd_create_flow - malloc new client struct: %s", strerror(errno))); exit(EXIT_FAILURE); } flist_init(cl->devicelist); cl->numflows = 0; cl->numdevs = 0; flist_append(clientlist, pid, cl); } // save a reference to the newly created flow to client's flow list cl->numflows++; flist_append(cl->flowlist, fl->fd, fl); //Send ack back to user buf.mtype = pid; strcpy((char *)buf.data, devtype); buf.cmd = CREATE_FLOW_ACK; buf.fd = fl->fd; if (log_to_file) { file_size = acquire_write_lock(log_fd_info); write_to_file(log_fd_info, "MAPID: new flow was created ( device: %s, fd: %d ) at ", device, fl->fd); write_date(log_fd_info); write_newline(log_fd_info, "\n"); release_write_lock(log_fd_info, file_size); } if (log_to_syslog) log_message("new flow was created ( device: %s, fd: %d )", device, fl->fd); } mapiipc_daemon_write(&buf, sock); }
static void cmd_create_offline_device(char *dev, int format, int pid, int sock) //Create a new flow //dev = device //if = IPC id used to send ack message back to client { struct mapiipcbuf buf; mapidrv *drv, *drv2, *lok; int err; int file; struct client *cl; char *format_; long file_size; //Get file descriptor buf.mtype = pid; buf.cmd = SEND_FD; mapiipc_daemon_write((struct mapiipcbuf *) &buf, sock); file = mapiipc_read_fd(sock); //Decide which driver to use for (drv = drvlist; drv != NULL; drv = drv->next) { if (drv->format == format) { DEBUG_CMD(Debug_Message("Using driver %s for %s", drv->name, dev)); break; } } if (drv == NULL) { DEBUG_CMD(Debug_Message("ERROR: No driver found for %s", dev)); report_error(MAPID_NO_DRIVER, pid, sock); return; } //Calls driver //First create new "device" for the file drv2 = malloc(sizeof(mapidrv)); drv2->device = malloc(strlen(dev)+7); sprintf(drv2->device, "%s@%d", dev, deviceid); lok=drvlist; while (lok->next!=NULL) lok = lok->next; lok->next = drv2; drv2->next=NULL; drv2->handle = drv->handle; drv2->name = strdup(drv->name); drv2->format = drv->format; drv2->devid = -deviceid++; drv2->offline = 1; drv2->active = 1; drv2->description = strdup(drv->description); drv2->offline_status = DEVICE_SETUP; mapidrv_add_device = get_drv_funct(drv->handle, "mapidrv_add_device"); err = mapidrv_add_device(dev, file, drv2->devid, gflist, &drv2->offline_status); if (err != 0) { report_error(err, pid, sock); return; } // save a reference to the newly created flow to client's flow list cl = flist_get(clientlist, pid); if (cl == NULL) { cl = (struct client *) malloc(sizeof(struct client)); cl->pid = pid; cl->sock = sock; // init the list that holds references to the flows of this client if ((cl->flowlist = malloc(sizeof(flist_t))) == NULL) { DEBUG_CMD(Debug_Message( "ERROR: cmd_create_flow - malloc new client struct: %s", strerror(errno))); exit(EXIT_FAILURE); } if ((cl->devicelist = malloc(sizeof(flist_t))) == NULL) { DEBUG_CMD(Debug_Message( "ERROR: cmd_create_flow - malloc new client struct: %s", strerror(errno))); exit(EXIT_FAILURE); } flist_init(cl->flowlist); flist_init(cl->devicelist); cl->numflows = 0; flist_append(clientlist, pid, cl); } flist_append(cl->devicelist, drv2->devid, drv->handle); cl->numdevs++; //Send ack back to user buf.mtype = pid; buf.cmd = CREATE_OFFLINE_DEVICE_ACK; strcpy((char *)buf.data, drv2->device); buf.fd = -1; if (format == 0) format_ = strdup("MFF_PCAP"); else if (format == 1) format_ = strdup("MFF_RAW"); else if (format == 2) format_ = strdup("MFF_DAG_ERF"); else if (format == 4) format_ = strdup("MFF_NAPATECH"); if (log_to_file) { file_size = acquire_write_lock(log_fd_info); write_to_file( log_fd_info, "MAPID: new offline device was created ( tracefile: %s, format: %s, device name returned: %s ) at ", dev, format_, buf.data); write_date(log_fd_info); write_newline(log_fd_info, "\n"); release_write_lock(log_fd_info, file_size); } if (log_to_syslog) log_message( "new offline device was created ( tracefile: %s, format: %s, device name returned: %s )", dev, format_, buf.data); free(format_); mapiipc_daemon_write((struct mapiipcbuf *) &buf, sock); }
static int res2file_instance(mapidflib_function_instance_t *instance, MAPI_UNUSED int flow_descr, mapidflib_flow_mod_t *flow_mod) { char *head, *savestr; int file; char *fids,*s; int type,fd,fid,save; char buf[DATA_SIZE],*cfids; char *types,*t,*t2,buf2[DATA_SIZE]; int min=0; int reset = -1; mapiFunctArg* fargs=instance->args; if(!(types = getargstr(&fargs))) return(MFUNCT_INVALID_ARGUMENT_1); if(!(fids = getargstr(&fargs))) return(MFUNCT_INVALID_ARGUMENT_2); if(!(head = getargstr(&fargs))) return(MFUNCT_INVALID_ARGUMENT_3); if((file = getargint(&fargs)) < 0) return(MFUNCT_INVALID_ARGUMENT_4); else { struct stat sbuf; if(fstat(file, &sbuf) == -1) { DEBUG_CMD(Debug_Message("Cannot fstat() file descriptor %d", file)); return(MFUNCT_INVALID_ARGUMENT_4); } } if((savestr = getargstr(&fargs)) == NULL) return(MFUNCT_INVALID_ARGUMENT_5); if((save=parse_save(savestr))<0) return MFUNCT_INVALID_ARGUMENT_5; reset = getargint(&fargs); if(!(reset == 0 || reset == 1)) return(MFUNCT_INVALID_ARGUMENT_6); //Loop through fids and types and verify strncpy(buf,fids,DATA_SIZE); cfids=buf; strncpy(buf2,types,DATA_SIZE); t=buf2; while((s=strchr(cfids,','))!=NULL) { *s='\0'; if((t2=strchr(t,','))==NULL) return MFUNCT_INVALID_ARGUMENT_1; *t2='\0'; sscanf(cfids,"%d@%d",&fid,&fd); if(fhlp_get_function_instance(instance->hwinfo->gflist,fd,fid)==NULL) return MFUNCT_INVALID_ARGUMENT_2; if(min==0 || min>fid) min=fid; sscanf(t,"%d",&type); if(type!=R2F_RAW && type!=R2F_ULLSTR && type!=R2F_ULLSEC && type!=R2F_STATS) return MFUNCT_INVALID_ARGUMENT_2; cfids=s+1; t=t2+1; } sscanf(cfids,"%d@%d",&fid,&fd); if(fhlp_get_function_instance(instance->hwinfo->gflist,fd,fid)==NULL) return MFUNCT_INVALID_ARGUMENT_2; if(save==PERIODIC) { //Move res2file in front of the other functions results are read from flow_mod->reorder=min; } return 0; };
void do_accesslist_mac(const char *cmdline) { int crsr; arglist *args; acl_mode mode; acl_action action; char *acl, cmd[256]; mode = add_acl; args = librouter_make_args(cmdline); acl = args->argv[1]; if (!librouter_acl_exists(acl)) { sprintf(cmd, "/bin/iptables -N %s", acl); system(cmd); } crsr = 2; if (!strcmp(args->argv[crsr], "insert")) { mode = insert_acl; ++crsr; } else if (!strcmp(args->argv[crsr], "no")) { mode = remove_acl; ++crsr; } if (!strcmp(args->argv[crsr], "accept")) action = acl_accept; else if (!strcmp(args->argv[crsr], "drop")) action = acl_drop; else if (!strcmp(args->argv[crsr], "reject")) action = acl_reject; else if (!strcmp(args->argv[crsr], "log")) action = acl_log; else { fprintf(stderr, "%% Illegal action type, use accept, drop, reject, log or tcpmss\n"); librouter_destroy_args(args); return; } crsr += 2; sprintf(cmd, "/bin/iptables "); switch (mode) { case insert_acl: strcat(cmd, "-I "); break; case remove_acl: strcat(cmd, "-D "); break; default: strcat(cmd, "-A "); break; } strcat(cmd, acl); strcat(cmd, " -m mac --mac-source "); strcat(cmd, args->argv[crsr]); switch (action) { case acl_accept: strcat(cmd, " -j ACCEPT"); break; case acl_drop: strcat(cmd, " -j DROP"); break; case acl_reject: strcat(cmd, " -j REJECT"); break; case acl_log: strcat(cmd, " -j LOG"); break; case acl_tcpmss: break; }DEBUG_CMD(cmd); system(cmd); librouter_destroy_args(args); }
// Wait for an allowed client to connect to the server // if(block) then wait until a right client is connected // else return immediately int UDPConnection::WaitForClient(int block){ if(m_ConMode!=CONMODE_SERVER){ ERROR_MSG("Server not initialized\n"); return FALSE; } DEBUG_MSG("Waiting for client\n"); #ifdef WIN32 SetBlockMode(block); #endif // Recieve data int first = 1; while((block==1)||(first==1)){ if(first==0) sleep(1); DEBUG_MSG("Waiting for client\n"); struct sockaddr_in client; int client_ln = sizeof(client); int n_read = recvfrom(m_socket, m_buffer, MAX_FULL_BUFFER_SIZE, (block==0? MSG_DONTWAIT: 0), (struct sockaddr *)&client, (socklen_t*)&client_ln); if(n_read<0){ ERROR_MSG((block!=0?"Error while fetching data\n":"No client present\n")); return FALSE; } int i; for(i=0;i<m_nb_allowed_client;i++){ if(EqualIP(&client,&(m_allowed_client[i]))){ memcpy(&m_client,&client,client_ln); m_Connected = true; DEBUG_MSG("Sending accept connection: "); DEBUG_CMD(PrintIP(&m_client)); if(!SendMessage(ACCEPT_CONNECTION,NULL,0)){ ERROR_MSG("Sending accpeting connection\n"); m_Connected = false; } DEBUG_MSG("Client found: "); DEBUG_CMD(PrintIP(&client)); DEBUG_MSG("\n"); return TRUE; } } if(!SendMessage(REFUSE_CONNECTION,NULL,0)){ ERROR_MSG("Sending refusing connection\n"); } ERROR_MSG("Unallowed client was found: "); ERROR_CMD(PrintIP(&client)); first = 0; } return FALSE; }
void interface_acl(const char *cmdline) /* ip access-group <acl> <in|out> */ { arglist *args; char *dev; acl_chain chain = chain_in; char *listno; dev = librouter_device_cli_to_linux(interface_edited->cish_string, interface_major, interface_minor); args = librouter_make_args(cmdline); listno = args->argv[2]; if (strcasecmp(args->argv[3], "in") == 0) chain = chain_in; else if (strcasecmp(args->argv[3], "out") == 0) chain = chain_out; if (!librouter_acl_exists(listno)) { printf("%% access-list %s undefined\n", listno); free(dev); librouter_destroy_args(args); return; } if ((chain == chain_in) && (librouter_acl_matched_exists(0, dev, 0, "INPUT") || librouter_acl_matched_exists(0, dev, 0, "FORWARD"))) { printf("%% inbound access-list already defined.\n"); free(dev); librouter_destroy_args(args); return; } if ((chain == chain_out) && (librouter_acl_matched_exists(0, 0, dev, "OUTPUT") || librouter_acl_matched_exists(0, 0, dev, "FORWARD"))) { printf("%% outbound access-list already defined.\n"); free(dev); librouter_destroy_args(args); return; } if (chain == chain_in) { sprintf(buf, "/bin/iptables -A INPUT -i %s -j %s", dev, listno); DEBUG_CMD(buf); system(buf); sprintf(buf, "/bin/iptables -A FORWARD -i %s -j %s", dev, listno); DEBUG_CMD(buf); system(buf); } else { sprintf(buf, "/bin/iptables -A OUTPUT -o %s -j %s", dev, listno); DEBUG_CMD(buf); system(buf); sprintf(buf, "/bin/iptables -A FORWARD -o %s -j %s", dev, listno); DEBUG_CMD(buf); system(buf); } librouter_destroy_args(args); free(dev); }