int ipset_print( IPSET * ipc )
{
char ip_str[80];
PORTRANGE * pr;
if( !ipc ) return 0;
{
IP_PORT * p;
printf("IPSET\n");
for( p =(IP_PORT*)sflist_first( &ipc->ip_list );
p!=0;
p =(IP_PORT*)sflist_next( &ipc->ip_list ) )
{
SnortSnprintf(ip_str, 80, "%s", sfip_to_str(&p->ip));
printf("CIDR BLOCK: %c%s", p->notflag ? '!' : ' ', ip_str);
for( pr=(PORTRANGE*)sflist_first(&p->portset.port_list);
pr != 0;
pr=(PORTRANGE*)sflist_next(&p->portset.port_list) )
{
printf(" %d", pr->port_lo);
if ( pr->port_hi != pr->port_lo )
printf("-%d", pr->port_hi);
}
printf("\n");
}
}
return 0;
}
/*!
* A function to print the thresholding objects to stdout.
*
*/
int sfthd_show_objects(ThresholdObjects *thd_objs)
{
SFGHASH * sfthd_hash;
THD_ITEM * sfthd_item;
THD_NODE * sfthd_node;
int gen_id;
SFGHASH_NODE * item_hash_node;
tSfPolicyId policyId;
for(gen_id=0;gen_id < THD_MAX_GENID ; gen_id++ )
{
sfthd_hash = thd_objs->sfthd_array[gen_id];
if (sfthd_hash == NULL)
continue;
printf("...GEN_ID = %u\n",gen_id);
for(item_hash_node = sfghash_findfirst( sfthd_hash );
item_hash_node != 0;
item_hash_node = sfghash_findnext( sfthd_hash ) )
{
/* Check for any Permanent sig_id objects for this gen_id */
sfthd_item = (THD_ITEM*)item_hash_node->data;
printf(".....GEN_ID = %u, SIG_ID = %u, Policy = %u\n",gen_id,sfthd_item->sig_id, sfthd_item->policyId);
/* For each permanent thresholding object, test/add/update the thd object */
/* We maintain a list of thd objects for each gen_id+sig_id */
/* each object has it's own unique thd_id */
for( sfthd_node = (THD_NODE*)sflist_first(sfthd_item->sfthd_node_list);
sfthd_node != 0;
sfthd_node = (THD_NODE*)sflist_next(sfthd_item->sfthd_node_list) )
{
printf(".........THD_ID =%d\n",sfthd_node->thd_id );
if( sfthd_node->type == THD_TYPE_SUPPRESS )
printf(".........type =Suppress\n");
if( sfthd_node->type == THD_TYPE_LIMIT )
printf(".........type =Limit\n");
if( sfthd_node->type == THD_TYPE_THRESHOLD )
printf(".........type =Threshold\n");
if( sfthd_node->type == THD_TYPE_BOTH )
printf(".........type =Both\n");
printf(".........tracking=%d\n",sfthd_node->tracking);
printf(".........priority=%d\n",sfthd_node->priority);
if( sfthd_node->type == THD_TYPE_SUPPRESS )
{
printf(".........ip =%s\n",
sfip_to_str(&sfthd_node->ip_address));
printf(".........mask =%d\n",
sfip_bits(&sfthd_node->ip_address));
printf(".........not_flag=%d\n",sfthd_node->ip_mask);
}
else
{
printf(".........count =%d\n",sfthd_node->count);
printf(".........seconds =%d\n",sfthd_node->seconds);
}
}
}
}
return 0;
}
static int AddIPtoList(sfip_t *ipAddr, void *info, ReputationConfig *config)
{
int iRet;
int iFinalRet = IP_INSERT_SUCCESS;
/*This variable is used to check whether a more generic address
* overrides specific address
*/
uint32_t usageBeforeAdd;
uint32_t usageAfterAdd;
#ifndef SUP_IP6
if (ipAddr->family == AF_INET6)
{
return RT_INSERT_FAILURE;
}
#endif
if (ipAddr->family == AF_INET)
{
ipAddr->ip32[0] = ntohl(ipAddr->ip32[0]);
}
else if (ipAddr->family == AF_INET6)
{
int i;
for(i = 0; i < 4 ; i++)
ipAddr->ip32[i] = ntohl(ipAddr->ip32[i]);
}
#ifdef DEBUG_MSGS
if (NULL != sfrt_lookup((void *)ipAddr, config->iplist))
{
DebugMessage(DEBUG_REPUTATION, "Find address before insert: %s \n",sfip_to_str(ipAddr) );
}
else
{
DebugMessage(DEBUG_REPUTATION, "Can't find address before insert: %s \n",sfip_to_str(ipAddr) );
}
#endif
usageBeforeAdd = sfrt_usage(config->iplist);
/*Check whether the same or more generic address is already in the table*/
if (NULL != sfrt_lookup((void *)ipAddr, config->iplist))
{
iFinalRet = IP_INSERT_DUPLICATE;
}
#ifdef SUP_IP6
iRet = sfrt_insert((void *)ipAddr, (unsigned char)ipAddr->bits, (void *)info, RT_FAVOR_TIME, config->iplist);
#else
iRet = sfrt_insert((void *)&(ipAddr->ip.u6_addr32[0]), (unsigned char)ipAddr->bits, (void *)info, RT_FAVOR_TIME, config->iplist);
#endif
if (RT_SUCCESS == iRet)
{
totalNumEntries++;
#ifdef DEBUG_MSGS
DebugMessage(DEBUG_REPUTATION, "Number of entries input: %d, in table: %d \n",
totalNumEntries,sfrt_num_entries(config->iplist) );
DebugMessage(DEBUG_REPUTATION, "Memory allocated: %d \n",sfrt_usage(config->iplist) );
if (NULL != sfrt_lookup((void *)ipAddr, config->iplist))
{
DebugMessage(DEBUG_REPUTATION, "Find address after insert: %s \n",sfip_to_str(ipAddr) );
}
#endif
}
else if (MEM_ALLOC_FAILURE == iRet)
{
iFinalRet = IP_MEM_ALLOC_FAILURE;
DEBUG_WRAP( DebugMessage(DEBUG_REPUTATION, "Insert error: %d for address: %s \n",iRet, sfip_to_str(ipAddr) ););
