/* ********************************************************************
* Function: DisplayReputationConfig
*
* Display the configuration for the Reputation preprocessor.
*
* Arguments:
*
* ReputationConfig *config: Reputation preprocessor configuration.
*
* RETURNS: Nothing.
*********************************************************************/
static void DisplayReputationConfig(ReputationConfig *config)
{
if (config == NULL)
return;
_dpd.logMsg(" Memcap: %d %s \n",
config->memcap,
config->memcap
== REPUTATION_DEFAULT_MEMCAP ?
"(Default) M bytes" : "M bytes" );
_dpd.logMsg(" Total number of entries used: %d \n",
sfrt_num_entries(config->iplist));
_dpd.logMsg(" Total memory allocated: %d bytes\n",
sfrt_usage(config->iplist));
_dpd.logMsg(" Scan local network: %s\n",
config->scanlocal ?
"ENABLED":"DISABLED (Default)");
_dpd.logMsg(" Reputation priority: %s \n",
config->priority
== WHITELISTED?
REPUTATION_WHITELIST_KEYWORD "(Default)" : REPUTATION_BLACKLIST_KEYWORD );
_dpd.logMsg(" Nested IP: %s %s \n",
NestedIPKeyword[config->nestedIP],
config->nestedIP
== INNER?
"(Default)" : "" );
_dpd.logMsg("\n");
}
uint32_t SFAT_NumberOfHosts(void)
{
tTargetBasedPolicyConfig *pConfig = &targetBasedPolicyConfig;
if (pConfig->curr.lookupTable)
{
return sfrt_num_entries(pConfig->curr.lookupTable);
}
return 0;
}
static int AddIPtoList(sfip_t *ipAddr, void *info, ReputationConfig *config)
{
int iRet;
int iFinalRet = IP_INSERT_SUCCESS;
/*This variable is used to check whether a more generic address
* overrides specific address
*/
uint32_t usageBeforeAdd;
uint32_t usageAfterAdd;
#ifndef SUP_IP6
if (ipAddr->family == AF_INET6)
{
return RT_INSERT_FAILURE;
}
#endif
if (ipAddr->family == AF_INET)
{
ipAddr->ip32[0] = ntohl(ipAddr->ip32[0]);
}
else if (ipAddr->family == AF_INET6)
{
int i;
for(i = 0; i < 4 ; i++)
ipAddr->ip32[i] = ntohl(ipAddr->ip32[i]);
}
#ifdef DEBUG_MSGS
if (NULL != sfrt_lookup((void *)ipAddr, config->iplist))
{
DebugMessage(DEBUG_REPUTATION, "Find address before insert: %s \n",sfip_to_str(ipAddr) );
}
else
{
DebugMessage(DEBUG_REPUTATION, "Can't find address before insert: %s \n",sfip_to_str(ipAddr) );
}
#endif
usageBeforeAdd = sfrt_usage(config->iplist);
/*Check whether the same or more generic address is already in the table*/
if (NULL != sfrt_lookup((void *)ipAddr, config->iplist))
{
iFinalRet = IP_INSERT_DUPLICATE;
}
#ifdef SUP_IP6
iRet = sfrt_insert((void *)ipAddr, (unsigned char)ipAddr->bits, (void *)info, RT_FAVOR_TIME, config->iplist);
#else
iRet = sfrt_insert((void *)&(ipAddr->ip.u6_addr32[0]), (unsigned char)ipAddr->bits, (void *)info, RT_FAVOR_TIME, config->iplist);
#endif
if (RT_SUCCESS == iRet)
{
totalNumEntries++;
#ifdef DEBUG_MSGS
DebugMessage(DEBUG_REPUTATION, "Number of entries input: %d, in table: %d \n",
totalNumEntries,sfrt_num_entries(config->iplist) );
DebugMessage(DEBUG_REPUTATION, "Memory allocated: %d \n",sfrt_usage(config->iplist) );
if (NULL != sfrt_lookup((void *)ipAddr, config->iplist))
{
DebugMessage(DEBUG_REPUTATION, "Find address after insert: %s \n",sfip_to_str(ipAddr) );
}
#endif
}
else if (MEM_ALLOC_FAILURE == iRet)
{
iFinalRet = IP_MEM_ALLOC_FAILURE;
DEBUG_WRAP( DebugMessage(DEBUG_REPUTATION, "Insert error: %d for address: %s \n",iRet, sfip_to_str(ipAddr) ););
