Exemplo n.º 1
0
int
main(int argc, const char **argv)
{
    long  num_tests;
    long  num_elements;
    long  i;

    if (argc != 3)
    {
        fprintf(stderr, "Usage: ipv4-set-size [# tests] [# elements]\n");
        return -1;
    }

    num_tests = atol(argv[1]);
    num_elements = atol(argv[2]);

    fprintf(stderr, "Creating %lu sets with %lu elements each.\n",
            num_tests, num_elements);

    ipset_init_library();
    srandom(time(NULL));

    for (i = 0; i < num_tests; i++)
    {
        one_test(num_elements);
    }

    return 0;
}
Exemplo n.º 2
0
int init_acl(const char *path)
{
    // initialize ipset
    ipset_init_library();
    ipset_init(&acl_ip_set);

    // initialize array
    cork_string_array_init(&acl_domain_array);

    FILE *f = fopen(path, "r");
    if (f == NULL) {
        LOGE("Invalid acl path.");
        return -1;
    }

    char line[256];
    while(!feof(f))
    {
        if (fgets(line, 256, f))
        {
            // Trim the newline
            int len = strlen(line);
            if (len > 0 && line[len - 1] == '\n')
            {
                line[len - 1] = '\0';
            }

            char *host = NULL;
            int cidr;
            parse_addr_cidr(line, &host, &cidr);

            if (cidr == -1)
            {
                cork_string_array_append(&acl_domain_array, host);
            }
            else
            {
                struct cork_ipv4 addr;
                int err = cork_ipv4_init(&addr, host);
                if (!err)
                {
                    if (cidr >= 0)
                        ipset_ipv4_add_network(&acl_ip_set, &addr, cidr);
                    else
                        ipset_ipv4_add(&acl_ip_set, &addr);
                }
            }

            if (host != NULL) free(host);
        }
    }

    fclose(f);

    return 0;
}
Exemplo n.º 3
0
int init_acl(const char *path, int mode)
{
    acl_mode = mode;

    // initialize ipset
    ipset_init_library();
    ipset_init(&acl_ipv4_set);
    ipset_init(&acl_ipv6_set);

    FILE *f = fopen(path, "r");
    if (f == NULL) {
        LOGE("Invalid acl path.");
        return -1;
    }

    char line[256];
    while (!feof(f))
        if (fgets(line, 256, f)) {
            // Trim the newline
            int len = strlen(line);
            if (len > 0 && line[len - 1] == '\n') {
                line[len - 1] = '\0';
            }

            char host[256];
            int cidr;
            parse_addr_cidr(line, host, &cidr);

            struct cork_ip addr;
            int err = cork_ip_init(&addr, host);
            if (!err) {
                if (addr.version == 4) {
                    if (cidr >= 0) {
                        ipset_ipv4_add_network(&acl_ipv4_set, &(addr.ip.v4), cidr);
                    } else {
                        ipset_ipv4_add(&acl_ipv4_set, &(addr.ip.v4));
                    }
                } else if (addr.version == 6) {
                    if (cidr >= 0) {
                        ipset_ipv6_add_network(&acl_ipv6_set, &(addr.ip.v6), cidr);
                    } else {
                        ipset_ipv6_add(&acl_ipv6_set, &(addr.ip.v6));
                    }
                }
            }
        }

    fclose(f);

    return 0;
}
Exemplo n.º 4
0
int
main(int argc, const char **argv)
{
    int  number_failed;
    Suite  *suite = ipset_suite();
    SRunner  *runner = srunner_create(suite);

    ipset_init_library();

    srunner_run_all(runner, CK_NORMAL);
    number_failed = srunner_ntests_failed(runner);
    srunner_free(runner);

    return (number_failed == 0)? EXIT_SUCCESS: EXIT_FAILURE;
}
Exemplo n.º 5
0
int
init_acl(const char *path)
{
    // initialize ipset
    ipset_init_library();

    ipset_init(&white_list_ipv4);
    ipset_init(&white_list_ipv6);
    ipset_init(&black_list_ipv4);
    ipset_init(&black_list_ipv6);
    ipset_init(&outbound_block_list_ipv4);
    ipset_init(&outbound_block_list_ipv6);

    cork_dllist_init(&black_list_rules);
    cork_dllist_init(&white_list_rules);
    cork_dllist_init(&outbound_block_list_rules);

    struct ip_set *list_ipv4  = &black_list_ipv4;
    struct ip_set *list_ipv6  = &black_list_ipv6;
    struct cork_dllist *rules = &black_list_rules;

    FILE *f = fopen(path, "r");
    if (f == NULL) {
        LOGE("Invalid acl path.");
        return -1;
    }

    char buf[257];
    while (!feof(f))
        if (fgets(buf, 256, f)) {
            // Trim the newline
            int len = strlen(buf);
            if (len > 0 && buf[len - 1] == '\n') {
                buf[len - 1] = '\0';
            }

            char *comment = strchr(buf, '#');
            if (comment) {
                *comment = '\0';
            }

            char *line = trimwhitespace(buf);
            if (strlen(line) == 0) {
                continue;
            }

            if (strcmp(line, "[outbound_block_list]") == 0) {
                list_ipv4 = &outbound_block_list_ipv4;
                list_ipv6 = &outbound_block_list_ipv6;
                rules     = &outbound_block_list_rules;
                continue;
            } else if (strcmp(line, "[black_list]") == 0
                       || strcmp(line, "[bypass_list]") == 0) {
                list_ipv4 = &black_list_ipv4;
                list_ipv6 = &black_list_ipv6;
                rules     = &black_list_rules;
                continue;
            } else if (strcmp(line, "[white_list]") == 0
                       || strcmp(line, "[proxy_list]") == 0) {
                list_ipv4 = &white_list_ipv4;
                list_ipv6 = &white_list_ipv6;
                rules     = &white_list_rules;
                continue;
            } else if (strcmp(line, "[reject_all]") == 0
                       || strcmp(line, "[bypass_all]") == 0) {
                acl_mode = WHITE_LIST;
                continue;
            } else if (strcmp(line, "[accept_all]") == 0
                       || strcmp(line, "[proxy_all]") == 0) {
                acl_mode = BLACK_LIST;
                continue;
            } else if (strcmp(line, "[remote_dns]") == 0) {
                continue;
            }

            char host[257];
            int cidr;
            parse_addr_cidr(line, host, &cidr);

            struct cork_ip addr;
            int err = cork_ip_init(&addr, host);
            if (!err) {
                if (addr.version == 4) {
                    if (cidr >= 0) {
                        ipset_ipv4_add_network(list_ipv4, &(addr.ip.v4), cidr);
                    } else {
                        ipset_ipv4_add(list_ipv4, &(addr.ip.v4));
                    }
                } else if (addr.version == 6) {
                    if (cidr >= 0) {
                        ipset_ipv6_add_network(list_ipv6, &(addr.ip.v6), cidr);
                    } else {
                        ipset_ipv6_add(list_ipv6, &(addr.ip.v6));
                    }
                }
            } else {
                rule_t *rule = new_rule();
                accept_rule_arg(rule, line);
                init_rule(rule);
                add_rule(rules, rule);
            }
        }

    fclose(f);

    return 0;
}
Exemplo n.º 6
0
int
main(int argc, char **argv)
{
    ipset_init_library();

    /*
     * Parse the command-line options.
     */

    GError  *error = NULL;
    GOptionContext  *context;

    context = g_option_context_new("INPUT FILES");
    g_option_context_add_main_entries(context, entries, NULL);

    if (!g_option_context_parse(context, &argc, &argv, &error))
    {
        fprintf(stderr, "Error parsing command-line options: %s\n",
                error->message);
        exit(1);
    }

    /*
     * Verify that the user specified at least one SiLK file to read.
     */

    if (argc <= 1)
    {
#if GLIB_MINOR_VERSION < 14
        fprintf(stderr, "ERROR: You need to specify at "
                "least one input file.\n");
#else
        fprintf(stderr, "ERROR: You need to specify at "
                "least one input file.\n\n%s",
                g_option_context_get_help(context, TRUE, NULL));
#endif
        exit(1);
    }

    /*
     * Set up logging.
     */

    g_log_set_handler("ipset", G_LOG_LEVEL_DEBUG,
                      ignore_log_message, NULL);

    /*
     * Read in the IP set files specified on the command line.
     */

    ip_set_t  set;
    ipset_init(&set);

    int  i;
    for (i = 1; i < argc; i++)
    {
        const char  *filename = argv[i];
        FILE  *stream;
        gboolean  close_stream;

        /*
         * Create a FILE object for the file.
         */

        if (strcmp(filename, "-") == 0)
        {
            fprintf(stderr, "Opening stdin...\n");
            filename = "stdin";

            stream = stdin;
            close_stream = FALSE;
        }

        else
        {
            fprintf(stderr, "Opening file %s...\n", filename);

            stream = fopen(filename, "rb");
            if (stream == NULL)
            {
                fprintf(stderr, "Cannot open file %s:\n  %s\n",
                        filename, strerror(errno));
                exit(1);
            }

            close_stream = TRUE;
        }

        /*
         * Read in one IP address per line in the file.
         */

        gsize  ip_count = 0;

#define MAX_LINELENGTH  4096

        gchar  line[MAX_LINELENGTH];

        while (fgets(line, MAX_LINELENGTH, stream) != NULL)
        {
            /*
             * Reserve enough space for an IPv6 address.
             */

            guint32  addr[4];
            int  rc;

            /*
             * Try to parse the line as an IPv4 address.  If that
             * works, add it to the set.
             */

            rc = inet_pton(AF_INET, line, addr);
            if (rc == 1)
            {
                ipset_ipv4_add(&set, addr);
                g_free(line);
                continue;
            }

            /*
             * If that didn't work, try IPv6.
             */

            rc = inet_pton(AF_INET6, line, addr);
            if (rc == 1)
            {
                ipset_ipv6_add(&set, addr);
                g_free(line);
                continue;
            }

            /*
             * Otherwise, we've got an error.
             */

            fprintf(stderr, "\"%s\" is not a valid IP address.\n", line);
            exit(1);
        }

        if (ferror(stream))
        {
            /*
             * There was an error reading from the stream.
             */

            fprintf(stderr, "Error reading from %s:\n  %s\n",
                    filename, strerror(errno));
            exit(1);
        }

        fprintf(stderr, "Read %" G_GSIZE_FORMAT " IP addresses from %s.\n",
                ip_count, filename);

        /*
         * Free the streams before opening the next file.
         */

        if (close_stream)
        {
            fclose(stream);
        }
    }

    fprintf(stderr, "Set uses %" G_GSIZE_FORMAT " bytes of memory.\n",
            ipset_memory_size(&set));

    /*
     * Serialize the IP set to the desired output file.
     */

    FILE  *ostream;
    gboolean  close_ostream;

    if ((output_filename == NULL) ||
        (strcmp(output_filename, "-") == 0))
    {
        fprintf(stderr, "Writing to stdout...\n");

        ostream = stdout;
        output_filename = "stdout";
        close_ostream = FALSE;
    }

    else
    {
        fprintf(stderr, "Writing to file %s...\n", output_filename);

        ostream = fopen(output_filename, "wb");
        if (ostream == NULL)
        {
            fprintf(stderr, "Cannot open file %s:\n  %s\n",
                    output_filename, strerror(errno));
            exit(1);
        }

        close_ostream = TRUE;
    }

    if (!ipset_save(ostream, &set, &error))
    {
        fprintf(stderr, "Error saving IP set:\n  %s\n",
                error->message);
        exit(1);
    }

    /*
     * Close the output stream for exiting.
     */

    if (close_ostream)
    {
        fclose(ostream);
    }

    return 0;
}