/** * Find a connection in a table. * * \return The connection if found, NULL if it doesn't exist */ conn_t *tcptable_find(conntable_t * ct, conn_t * c) { conn_t *bucket; #if DEBUG assert(ct != NULL); assert(c != NULL); #endif bucket = ct->buckets[tcptable_hash(c)]; while (bucket != NULL) { if ((c->protocol == bucket->protocol) && ipv6_equal(&c->ip_dst, &bucket->ip_dst) && (c->port_dst == bucket->port_dst) && ipv6_equal(&c->ip_src, &bucket->ip_src) && (c->port_src == bucket->port_src) ) { return bucket; } bucket = bucket->next; } return NULL; }
int addresslist_append6(struct addresslist *adrlist, uint8_t proto, struct in6_addr *saddr_begin, struct in6_addr *saddr_end, struct in6_addr *daddr_begin, struct in6_addr *daddr_end, uint16_t sport_begin, uint16_t sport_end, uint16_t dport_begin, uint16_t dport_end) { struct address_tuple *newtuple; struct in6_addr saddr, daddr; uint16_t sport, dport; uint64_t saddr_num, daddr_num, sport_num, dport_num; uint64_t addr_num, port_num; uint64_t tuple_num, n; saddr_num = ipv6_sub(saddr_end, saddr_begin) + 1; daddr_num = ipv6_sub(daddr_end, daddr_begin) + 1; sport_num = sport_end - sport_begin+ 1; dport_num = dport_end - dport_begin+ 1; addr_num = lcm(saddr_num, daddr_num); port_num = lcm(sport_num, dport_num); tuple_num = lcm(addr_num, port_num); if (adrlist->tuple_limit < (adrlist->ntuple + tuple_num)) { fprintf(stderr, "too large flowlist: %lu: [%s-%s]:%d-%d - [%s-%s]:%d-%d\n", adrlist->ntuple + tuple_num, ip6_sprintf(saddr_begin), ip6_sprintf(saddr_end), sport_begin, sport_end, ip6_sprintf(daddr_begin), ip6_sprintf(daddr_end), dport_begin, dport_end); return -1; } if (adrlist->tuple == NULL) { newtuple = malloc(sizeof(struct address_tuple) * tuple_num); memset(newtuple, 0, sizeof(struct address_tuple) * tuple_num); } else { newtuple = realloc(adrlist->tuple, sizeof(struct address_tuple) * (adrlist->ntuple + tuple_num)); memset(newtuple + adrlist->ntuple, 0, sizeof(struct address_tuple) * tuple_num); } if (newtuple == NULL) { fprintf(stderr, "Cannot allocate memory. number of session is %lu\n", adrlist->ntuple + tuple_num); return -1; } adrlist->tuple = newtuple; saddr = *saddr_begin; daddr = *daddr_begin; sport = sport_begin; dport = dport_begin; for (n = 0; n < tuple_num; ) { if (exists_in_addresses(AF_INET, &saddr, adrlist->exclude_saddr, adrlist->exclude_saddr_num) || exists_in_addresses(AF_INET, &daddr, adrlist->exclude_daddr, adrlist->exclude_daddr_num)) { tuple_num--; } else { newtuple[adrlist->ntuple + n].saddr.af = AF_INET6; newtuple[adrlist->ntuple + n].saddr.a.addr6 = saddr; newtuple[adrlist->ntuple + n].daddr.af = AF_INET6; newtuple[adrlist->ntuple + n].daddr.a.addr6 = daddr; newtuple[adrlist->ntuple + n].sport = sport; newtuple[adrlist->ntuple + n].dport = dport; newtuple[adrlist->ntuple + n].proto = proto; l2random(&newtuple[adrlist->ntuple + n].saddr.a.addr6, sizeof(newtuple[adrlist->ntuple + n].saddr.a.addr6), &newtuple[adrlist->ntuple + n].seaddr); l2random(&newtuple[adrlist->ntuple + n].daddr.a.addr6, sizeof(newtuple[adrlist->ntuple + n].daddr.a.addr6), &newtuple[adrlist->ntuple + n].deaddr); n++; } /* increment addresses and ports */ if (ipv6_equal(&saddr, saddr_end)) saddr = *saddr_begin; else ipv6_increment(&saddr); if (ipv6_equal(&daddr, daddr_end)) daddr = *daddr_begin; else ipv6_increment(&daddr); if (sport == sport_end) sport = sport_begin; else sport++; if (dport == dport_end) dport = dport_begin; else dport++; } adrlist->ntuple += tuple_num; adrlist->sorted = 0; return 0; }
/** * Thread which process addresses on tls push queue (tls_push_queue member * of ::nuauthdatas) which need an authentication. * * Lock is only needed when modifications are done, because when this thread * work (push mode) it's the only one who can modify the hash. * * Use a switch: * - #WARN_MESSAGE: call warn_clients() (and may call ip_authentication_workers()) * - #INSERT_MESSAGE: call add_client() */ void *push_worker(GMutex * mutex) { struct msg_addr_set *global_msg = g_new0(struct msg_addr_set, 1); struct nu_srv_message *msg = g_new0(struct nu_srv_message, 1); struct internal_message *message; GTimeVal tv; msg->type = SRV_REQUIRED_PACKET; msg->option = 0; msg->length = htons(4); global_msg->msg = msg; g_async_queue_ref(nuauthdatas->tls_push_queue); /* wait for message */ while (g_mutex_trylock(mutex)) { g_mutex_unlock(mutex); /* wait a message during POP_DELAY */ g_get_current_time(&tv); g_time_val_add(&tv, POP_DELAY); message = g_async_queue_timed_pop(nuauthdatas->tls_push_queue, &tv); if (message == NULL) continue; switch (message->type) { case WARN_MESSAGE: global_msg->addr = (((auth_pckt_t *) message->datas)->header).saddr; global_msg->found = FALSE; /* search in client array */ warn_clients(global_msg, NULL, NULL); /* do we have found something */ if (!ipv6_equal(&global_msg->addr, &in6addr_any)) { if (global_msg->found == FALSE) { /* if we do ip authentication send request to pool */ if (nuauthconf-> do_ip_authentication) { thread_pool_push (nuauthdatas-> ip_authentication_workers, message->datas, NULL); } else { g_free(message->datas); } } else { /* free header */ g_free(message->datas); } } break; case INSERT_MESSAGE: { struct tls_insert_data *data = message->datas; if (data->data) { add_client(data->socket, data->data); } g_free(data); } break; default: g_message("lost"); } g_free(message); } g_free(msg); g_free(global_msg); g_async_queue_unref(nuauthdatas->tls_push_queue); return NULL; }
int main(int argc, char* args[]) { if (argc < 2) { cout << "no input file.\n"; return -1; } test::inner_test::test_conf conf(args[1]); assert(conf.int_val()==-123); assert(conf.bool_val()==false); assert(conf.week_val()==test::inner_test::test_conf::SUN); assert(!conf.has_string_val()); assert(conf.has_real_val()); assert(conf.real_val()==-32134.5643); assert(conf.string_list().size()==3); assert(conf.string_list()[0]=="foo"); assert(conf.string_list()[1]=="bar"); assert(conf.string_list()[2]=="baz"); vector<string> string0_list_val(1,"foo"); assert(conf.set_string0_list(string0_list_val)==false); assert(conf.string0_list().size()==0); vector<int> int1_list_val(5); assert(conf.set_int1_list(int1_list_val)==false); assert(conf.int1_list().size()==1); assert(conf.int1_list()[0]==10); vector<int> int1_list_val2; int1_list_val2.push_back(3); assert(conf.set_int1_list(int1_list_val2)==true); assert(conf.int1_list().size()==1); assert(conf.int1_list()[0]==3); assert(conf.set("int1_list={1}")==true); assert(conf.int1_list().size()==1); assert(conf.int1_list()[0]==1); assert(conf.bool9_list().size()==9); assert(conf.bool9_list()[8]==true); assert(conf.real_llist().size()==5); assert(conf.real_llist()[3].size()==0); assert(conf.real_llist()[4][2]==1323.0); assert(boost::get<1>(conf.stri_list()[1])==-1234); assert(boost::get<0>(conf.rib_tuple())==1.234); assert(boost::get<1>(conf.rib_tuple())==5); assert(boost::get<2>(conf.rib_tuple())==true); assert(boost::get<0>(boost::get<0>(conf.string_tuple()))=="hoge"); assert(boost::get<0>(conf.week_fruits())==test::inner_test::test_conf::MON); assert(boost::get<1>(conf.week_fruits()).size()==4); assert(boost::get<1>(conf.week_fruits())[0]==test::inner_test::test_conf::Apple); assert(!conf.has_int_defval()); assert(!conf.has_int_defval2()); assert(conf.int_defval()==5); assert(conf.int_defval2()==0); assert(conf.bool_defval()==true); assert(conf.bool_defval2()==false); assert(conf.string_defval()=="hello"); assert(conf.string_defval2()==""); assert(conf.real_defval()==1.0123); assert(conf.real_defval2()==0.0); assert(boost::get<0>(conf.rib_tuple_def())==-3.14); assert(boost::get<1>(conf.rib_tuple_def())==5); assert(boost::get<2>(conf.rib_tuple_def())==false); assert(conf.stri_list_def().size()==3); assert(boost::get<0>(conf.stri_list_def()[1])=="hoge"); assert(boost::get<1>(conf.stri_list_def()[2])==1234); time_t t_ = 0; struct tm t = *localtime(&t_); assert(tm_equal(t,conf.date_value())); t.tm_year = 2003-1900; t.tm_mon = 12-1; t.tm_mday = 31; t.tm_hour = 0; t.tm_min = 0; t.tm_sec = 0; assert(tm_equal(t,conf.date_value2())); t.tm_year = 2008-1900; t.tm_mon = 1-1; t.tm_mday = 3; t.tm_hour = 17; t.tm_min = 20; t.tm_sec = 0; assert(tm_equal(t,conf.date_value3())); t.tm_year = 1972-1900; t.tm_mon = 9-1; t.tm_mday = 24; t.tm_hour = 5; t.tm_min = 12; t.tm_sec = 30; assert(tm_equal(t,conf.date_value4())); assert(conf.ipv4_value().s_addr==0); assert(conf.ipv4_value2().s_addr==inet_addr("192.168.0.1")); assert(conf.ipv4_value3().s_addr==inet_addr("4.3.2.1")); struct in6_addr ipv6 = {{{0}}}; assert(ipv6_equal(ipv6,conf.ipv6_value())); inet_pton(AF_INET6, "dead:beaf::1", &ipv6); assert(ipv6_equal(ipv6,conf.ipv6_value2())); inet_pton(AF_INET6, "dead:1234:ffff:ffff:2311:1111:0000:0232", &ipv6); assert(ipv6_equal(ipv6,conf.ipv6_value3())); inet_pton(AF_INET6, "::", &ipv6); assert(ipv6_equal(ipv6,conf.ipv6_value4())); inet_pton(AF_INET6, "::1", &ipv6); assert(ipv6_equal(ipv6,conf.ipv6_value5())); inet_pton(AF_INET6, "1:2:3::", &ipv6); assert(ipv6_equal(ipv6,conf.ipv6_value6())); inet_pton(AF_INET6, "1:2:3:4:5:6:7:8", &ipv6); assert(ipv6_equal(ipv6,conf.ipv6_value7())); // test set method conf.set_int_val(321); assert(conf.int_val()==321); assert(conf.string_val()==""); conf.set_string_val("hoge"); assert(conf.string_val()=="hoge"); assert(conf.set_uint_ranval3(123)==true); assert(conf.uint_ranval3()==123); assert(conf.set_uint_ranval3(11)==false); assert(conf.uint_ranval3()==123); vector<tuple<string,int> > stri_list_def_val; assert(conf.set_stri_list_def(stri_list_def_val)==false); assert(conf.stri_list_def().size()==3); // test general setter assert(conf.set("uint_ranval3 = 200;")==true); assert(conf.uint_ranval3()==200); assert(conf.set("uint_ranval3 = 150; string_val = \"foo\"")==true); assert(conf.uint_ranval3()==150); assert(conf.string_val()=="foo"); assert(conf.set("int_val=1;")==true); assert(conf.int_val()==1); // 範囲外のデータはセットできない assert(conf.set("uint_ranval3 = 0; int_val=-123;")==false); assert(conf.uint_ranval3()==150); assert(conf.int_val()==1); // const項目はsetできない assert(conf.set("ipv4_value=1.2.3.4")==false); assert(conf.ipv4_value().s_addr==0); // default値のチェック assert(conf.int_ranval4()==3); assert(conf.int_ranval5()==0); assert(conf.int_ranval6()==-10); // range_vals: real[32.5~100.3],uint[100 ~ ],int[~-10] = 32.5, 100, -30; assert(boost::get<0>(conf.range_vals())==32.5); assert(boost::get<1>(conf.range_vals())==100); assert(boost::get<2>(conf.range_vals())==-30); assert(conf.set_range_vals(boost::make_tuple(double(0.0),(unsigned int)100,int(-20)))==false); // ranval_list:list[2]<int[-10~10]> { vector<int> ranval_list_val = conf.ranval_list(); assert(ranval_list_val.size()==2); assert(ranval_list_val[0] = 3); assert(ranval_list_val[1] = -4); ranval_list_val[1] = 100; // 配列要素の範囲違反 assert(conf.set_ranval_list(ranval_list_val)==false); } { // 配列の長さが違反 vector<int> ranval_list_val(3); assert(conf.set_ranval_list(ranval_list_val)==false); } conf.dump(cout); return 0; }