int ipset_print( IPSET * ipc ) { char ip_str[80]; PORTRANGE * pr; if( !ipc ) return 0; { IP_PORT * p; printf("IPSET\n"); for( p =(IP_PORT*)sflist_first( &ipc->ip_list ); p!=0; p =(IP_PORT*)sflist_next( &ipc->ip_list ) ) { SnortSnprintf(ip_str, 80, "%s", sfip_to_str(&p->ip)); printf("CIDR BLOCK: %c%s", p->notflag ? '!' : ' ', ip_str); for( pr=(PORTRANGE*)sflist_first(&p->portset.port_list); pr != 0; pr=(PORTRANGE*)sflist_next(&p->portset.port_list) ) { printf(" %d", pr->port_lo); if ( pr->port_hi != pr->port_lo ) printf("-%d", pr->port_hi); } printf("\n"); } } return 0; }
/*! * A function to print the thresholding objects to stdout. * */ int sfthd_show_objects(ThresholdObjects *thd_objs) { SFGHASH * sfthd_hash; THD_ITEM * sfthd_item; THD_NODE * sfthd_node; int gen_id; SFGHASH_NODE * item_hash_node; tSfPolicyId policyId; for(gen_id=0;gen_id < THD_MAX_GENID ; gen_id++ ) { sfthd_hash = thd_objs->sfthd_array[gen_id]; if (sfthd_hash == NULL) continue; printf("...GEN_ID = %u\n",gen_id); for(item_hash_node = sfghash_findfirst( sfthd_hash ); item_hash_node != 0; item_hash_node = sfghash_findnext( sfthd_hash ) ) { /* Check for any Permanent sig_id objects for this gen_id */ sfthd_item = (THD_ITEM*)item_hash_node->data; printf(".....GEN_ID = %u, SIG_ID = %u, Policy = %u\n",gen_id,sfthd_item->sig_id, sfthd_item->policyId); /* For each permanent thresholding object, test/add/update the thd object */ /* We maintain a list of thd objects for each gen_id+sig_id */ /* each object has it's own unique thd_id */ for( sfthd_node = (THD_NODE*)sflist_first(sfthd_item->sfthd_node_list); sfthd_node != 0; sfthd_node = (THD_NODE*)sflist_next(sfthd_item->sfthd_node_list) ) { printf(".........THD_ID =%d\n",sfthd_node->thd_id ); if( sfthd_node->type == THD_TYPE_SUPPRESS ) printf(".........type =Suppress\n"); if( sfthd_node->type == THD_TYPE_LIMIT ) printf(".........type =Limit\n"); if( sfthd_node->type == THD_TYPE_THRESHOLD ) printf(".........type =Threshold\n"); if( sfthd_node->type == THD_TYPE_BOTH ) printf(".........type =Both\n"); printf(".........tracking=%d\n",sfthd_node->tracking); printf(".........priority=%d\n",sfthd_node->priority); if( sfthd_node->type == THD_TYPE_SUPPRESS ) { printf(".........ip =%s\n", sfip_to_str(&sfthd_node->ip_address)); printf(".........mask =%d\n", sfip_bits(&sfthd_node->ip_address)); printf(".........not_flag=%d\n",sfthd_node->ip_mask); } else { printf(".........count =%d\n",sfthd_node->count); printf(".........seconds =%d\n",sfthd_node->seconds); } } } } return 0; }
static int AddIPtoList(sfip_t *ipAddr, void *info, ReputationConfig *config) { int iRet; int iFinalRet = IP_INSERT_SUCCESS; /*This variable is used to check whether a more generic address * overrides specific address */ uint32_t usageBeforeAdd; uint32_t usageAfterAdd; #ifndef SUP_IP6 if (ipAddr->family == AF_INET6) { return RT_INSERT_FAILURE; } #endif if (ipAddr->family == AF_INET) { ipAddr->ip32[0] = ntohl(ipAddr->ip32[0]); } else if (ipAddr->family == AF_INET6) { int i; for(i = 0; i < 4 ; i++) ipAddr->ip32[i] = ntohl(ipAddr->ip32[i]); } #ifdef DEBUG_MSGS if (NULL != sfrt_lookup((void *)ipAddr, config->iplist)) { DebugMessage(DEBUG_REPUTATION, "Find address before insert: %s \n",sfip_to_str(ipAddr) ); } else { DebugMessage(DEBUG_REPUTATION, "Can't find address before insert: %s \n",sfip_to_str(ipAddr) ); } #endif usageBeforeAdd = sfrt_usage(config->iplist); /*Check whether the same or more generic address is already in the table*/ if (NULL != sfrt_lookup((void *)ipAddr, config->iplist)) { iFinalRet = IP_INSERT_DUPLICATE; } #ifdef SUP_IP6 iRet = sfrt_insert((void *)ipAddr, (unsigned char)ipAddr->bits, (void *)info, RT_FAVOR_TIME, config->iplist); #else iRet = sfrt_insert((void *)&(ipAddr->ip.u6_addr32[0]), (unsigned char)ipAddr->bits, (void *)info, RT_FAVOR_TIME, config->iplist); #endif if (RT_SUCCESS == iRet) { totalNumEntries++; #ifdef DEBUG_MSGS DebugMessage(DEBUG_REPUTATION, "Number of entries input: %d, in table: %d \n", totalNumEntries,sfrt_num_entries(config->iplist) ); DebugMessage(DEBUG_REPUTATION, "Memory allocated: %d \n",sfrt_usage(config->iplist) ); if (NULL != sfrt_lookup((void *)ipAddr, config->iplist)) { DebugMessage(DEBUG_REPUTATION, "Find address after insert: %s \n",sfip_to_str(ipAddr) ); } #endif } else if (MEM_ALLOC_FAILURE == iRet) { iFinalRet = IP_MEM_ALLOC_FAILURE; DEBUG_WRAP( DebugMessage(DEBUG_REPUTATION, "Insert error: %d for address: %s \n",iRet, sfip_to_str(ipAddr) ););