int main(int argc, char **argv)
{
int rv;
appSetup(argc, argv);
/* read input file */
if (ip_ranges) {
if (buildIPSetRanges(in_stream)) {
return 1;
}
} else {
if (buildIPSetWildcards(in_stream)) {
return 1;
}
}
skIPSetClean(ipset);
/* write output to stream */
rv = skIPSetWrite(ipset, out_stream);
if (rv) {
if (SKIPSET_ERR_FILEIO == rv) {
skStreamPrintLastErr(out_stream,
skStreamGetLastReturnValue(out_stream),
&skAppPrintErr);
} else {
skAppPrintErr("Unable to write IPset to '%s': %s",
skStreamGetPathname(out_stream),skIPSetStrerror(rv));
}
return 1;
}
skStreamDestroy(&in_stream);
skStreamDestroy(&out_stream);
/* done */
return 0;
}
/*
* buildIPSetRanges(stream);
*
* Read IP addresses from the stream named by 'stream' and use them
* to build the global ipset. Allow the input to support ranges of
* IPs. Return 0 on success or -1 on failure.
*/
static int
buildIPSetRanges(
skstream_t *stream)
{
#if SK_ENABLE_IPV6
int saw_integer = 0;
#endif
int lc = 0;
char line_buf[512];
char *sep;
skipaddr_t ip;
skipaddr_t ip_min;
skipaddr_t ip_max;
uint32_t prefix;
const int delim_is_space = isspace((int)delimiter);
int rv;
/* read until end of file */
while ((rv = skStreamGetLine(stream, line_buf, sizeof(line_buf), &lc))
!= SKSTREAM_ERR_EOF)
{
switch (rv) {
case SKSTREAM_OK:
/* good, we got our line */
break;
case SKSTREAM_ERR_LONG_LINE:
/* bad: line was longer than sizeof(line_buf) */
skAppPrintErr("Input line %d too long. ignored",
lc);
continue;
default:
/* unexpected error */
skStreamPrintLastErr(stream, rv, &skAppPrintErr);
goto END;
}
/* support whitespace separators */
if (!delim_is_space) {
sep = strchr(line_buf, delimiter);
} else {
/* ignore leading whitespace */
sep = line_buf;
while (isspace((int)*sep)) {
++sep;
}
sep = strchr(sep, delimiter);
if (sep) {
/* allow a lone IP to have trailing whitespace */
char *cp = sep;
while (isspace((int)*cp)) {
++cp;
}
if (*cp == '\0') {
sep = NULL;
}
}
}
if (sep == NULL) {
/* parse as IP with possible CIDR designation */
rv = skStringParseCIDR(&ip, &prefix, line_buf);
if (rv != 0) {
skAppPrintErr("Invalid IP on line %d: %s",
lc, skStringParseStrerror(rv));
goto END;
}
#if SK_ENABLE_IPV6
/* do not allow integers mixed with IPv6 addresses */
if (saw_integer) {
if (skipaddrIsV6(&ip)) {
skAppPrintErr("Error on line %d: %s",
lc, SETBUILD_ERR_MIX_INT_V6);
rv = -1;
goto END;
}
} else if (SETBUILD_BUF_IS_INT(line_buf)) {
saw_integer = 1;
if (skIPSetIsV6(ipset)) {
skAppPrintErr("Error on line %d: %s",
lc, SETBUILD_ERR_MIX_INT_V6);
rv = -1;
goto END;
}
}
#endif /* SK_ENABLE_IPV6 */
rv = skIPSetInsertAddress(ipset, &ip, prefix);
if (rv) {
skAppPrintErr("Error adding IP on line %d to IPset: %s",
lc, skIPSetStrerror(rv));
goto END;
}
continue;
}
/* parse two IP addresses */
*sep = '\0';
++sep;
rv = skStringParseIP(&ip_min, line_buf);
if (rv != 0) {
skAppPrintErr("Invalid minimum IP on line %d: %s",
lc, skStringParseStrerror(rv));
goto END;
}
rv = skStringParseIP(&ip_max, sep);
if (rv != 0) {
skAppPrintErr("Invalid maximum IP on line %d: %s",
lc, skStringParseStrerror(rv));
goto END;
}
if (skipaddrCompare(&ip_min, &ip_max) > 0) {
skAppPrintErr("Invalid IP range on line %d: min > max",
lc);
rv = -1;
goto END;
}
#if SK_ENABLE_IPV6
/* do not allow integers mixed with IPv6 addresses */
if (saw_integer) {
if (skipaddrIsV6(&ip_min) || skipaddrIsV6(&ip_max)) {
skAppPrintErr("Error on line %d: %s",
lc, SETBUILD_ERR_MIX_INT_V6);
rv = -1;
goto END;
}
} else if (SETBUILD_BUF_IS_INT(line_buf) || SETBUILD_BUF_IS_INT(sep)) {
saw_integer = 1;
if (skIPSetIsV6(ipset)) {
skAppPrintErr("Error on line %d: %s",
lc, SETBUILD_ERR_MIX_INT_V6);
rv = -1;
goto END;
}
}
#endif /* SK_ENABLE_IPV6 */
rv = skIPSetInsertRange(ipset, &ip_min, &ip_max);
if (rv) {
skAppPrintErr("Error adding IP range on line %d to IPset: %s",
lc, skIPSetStrerror(rv));
goto END;
}
}
/* success */
rv = 0;
END:
if (rv != 0) {
return -1;
}
return 0;
}
/*
* buildIPSetWildcards(stream);
*
* Read IP addresses from the stream named by 'stream' and use them
* to build the global ipset. Allow the input to contain
* IPWildcards. Return 0 on success or -1 on failure.
*/
static int
buildIPSetWildcards(
skstream_t *stream)
{
#if SK_ENABLE_IPV6
int saw_integer = 0;
#endif
int lc = 0;
char line_buf[512];
skIPWildcard_t ipwild;
skipaddr_t ip;
uint32_t prefix;
char *cp;
int rv;
/* read until end of file */
while ((rv = skStreamGetLine(stream, line_buf, sizeof(line_buf), &lc))
!= SKSTREAM_ERR_EOF)
{
switch (rv) {
case SKSTREAM_OK:
/* good, we got our line */
break;
case SKSTREAM_ERR_LONG_LINE:
/* bad: line was longer than sizeof(line_buf) */
skAppPrintErr("Input line %d too long. ignored",
lc);
continue;
default:
/* unexpected error */
skStreamPrintLastErr(stream, rv, &skAppPrintErr);
goto END;
}
/* first, attempt to parse as a CIDR block */
rv = skStringParseCIDR(&ip, &prefix, line_buf);
if (rv == 0) {
#if SK_ENABLE_IPV6
/* do not allow integers mixed with IPv6 addresses */
if (saw_integer) {
if (skipaddrIsV6(&ip)) {
skAppPrintErr("Error on line %d: %s",
lc, SETBUILD_ERR_MIX_INT_V6);
rv = -1;
goto END;
}
} else if (SETBUILD_BUF_IS_INT(line_buf)) {
saw_integer = 1;
if (skIPSetIsV6(ipset)) {
skAppPrintErr("Error on line %d: %s",
lc, SETBUILD_ERR_MIX_INT_V6);
rv = -1;
goto END;
}
}
#endif /* SK_ENABLE_IPV6 */
rv = skIPSetInsertAddress(ipset, &ip, prefix);
if (rv) {
skAppPrintErr("Error adding IP on line %d to IPset: %s",
lc, skIPSetStrerror(rv));
goto END;
}
continue;
}
/* else parse the line as an IPWildcard */
rv = skStringParseIPWildcard(&ipwild, line_buf);
if (rv != 0) {
/* failed to parse an IPWildcard. See if the user has
* entered two IP addresses, and if so, suggest they use
* the --ip-ranges switch. */
int rv2;
rv2 = skStringParseIP(&ip, line_buf);
if (rv2 > 0) {
/* parsed an IP and there is extra text after the IP
* address; check to see if it is another IP addr */
#if SK_ENABLE_IPV6
if (skipaddrIsV6(&ip)
&& ((cp = strchr(line_buf + rv2, ':')) != NULL))
{
while (isxdigit((int) *(cp - 1))) {
--cp;
}
if (skStringParseIP(&ip, cp) == 0) {
skAppPrintErr(("Invalid IP on line %d: "
SUGGEST_IP_RANGES),
lc);
goto END;
}
}
#endif
if (!skipaddrIsV6(&ip)
&& ((cp = strchr(line_buf + rv2, '.')) != NULL))
{
while (isxdigit((int) *(cp - 1))) {
--cp;
}
if (skStringParseIP(&ip, cp) == 0) {
skAppPrintErr(("Invalid IP on line %d: "
SUGGEST_IP_RANGES),
lc);
goto END;
}
}
}
/* report initial error */
skAppPrintErr("Invalid IP Wildcard on line %d: %s",
lc, skStringParseStrerror(rv));
goto END;
}
#if SK_ENABLE_IPV6
/* do not allow integers mixed with IPv6 addresses */
if (saw_integer && skIPWildcardIsV6(&ipwild)) {
skAppPrintErr("Error on line %d: %s",
lc, SETBUILD_ERR_MIX_INT_V6);
rv = -1;
goto END;
}
#endif /* SK_ENABLE_IPV6 */
rv = skIPSetInsertIPWildcard(ipset, &ipwild);
if (rv) {
skAppPrintErr("Error adding IP Wildcard on line %d to IPset: %s",
lc, skIPSetStrerror(rv));
goto END;
}
}
/* success */
rv = 0;
END:
if (rv != 0) {
return -1;
}
return 0;
}
int main(int argc, char **argv)
{
char errbuf[2 * PATH_MAX];
const char *filename = NULL;
skstream_t *stream = NULL;
skIPWildcard_t ipwild;
skipset_t *input_set = NULL;
skipset_t *wild_set = NULL;
char buf[64];
int found_match = 0; /* application return value */
int rv;
appSetup(argc, argv); /* never returns on error */
/* Build an IP wildcard from the pattern argument */
rv = skStringParseIPWildcard(&ipwild, pattern);
if (rv) {
skAppPrintErr("Invalid IP '%s': %s",
pattern, skStringParseStrerror(rv));
skAppUsage();
}
if (count && !quiet) {
/* Create an IPset containing the IPwildcard */
if ((rv = skIPSetCreate(&wild_set, skIPWildcardIsV6(&ipwild)))
|| (rv = skIPSetInsertIPWildcard(wild_set, &ipwild))
|| (rv = skIPSetClean(wild_set)))
{
skAppPrintErr("Unable to create temporary IPset: %s",
skIPSetStrerror(rv));
return EXIT_FAILURE;
}
}
/* Iterate over the set files */
while ((filename = appNextInput(argc, argv)) != NULL) {
/* Load the input set */
if ((rv = skStreamCreate(&stream, SK_IO_READ, SK_CONTENT_SILK))
|| (rv = skStreamBind(stream, filename))
|| (rv = skStreamOpen(stream)))
{
skStreamLastErrMessage(stream, rv, errbuf, sizeof(errbuf));
skAppPrintErr("Unable to read IPset from '%s': %s",
filename, errbuf);
skStreamDestroy(&stream);
continue;
}
rv = skIPSetRead(&input_set, stream);
if (rv) {
if (SKIPSET_ERR_FILEIO == rv) {
skStreamLastErrMessage(stream,
skStreamGetLastReturnValue(stream),
errbuf, sizeof(errbuf));
} else {
strncpy(errbuf, skIPSetStrerror(rv), sizeof(errbuf));
}
skAppPrintErr("Unable to read IPset from '%s': %s",
filename, errbuf);
skStreamDestroy(&stream);
continue;
}
skStreamDestroy(&stream);
if (quiet || !count) {
/* Only need to check for a match */
if (skIPSetCheckIPWildcard(input_set, &ipwild)) {
found_match = 1;
if (quiet) {
goto done;
}
printf("%s\n", filename);
}
} else {
/* Need a count of IPs, so intersect */
rv = skIPSetIntersect(input_set, wild_set);
if (rv) {
skAppPrintErr("Unable to intersect IPsets: %s",
skIPSetStrerror(rv));
skIPSetDestroy(&input_set);
skIPSetDestroy(&wild_set);
return EXIT_FAILURE;
}
printf("%s:%s\n",
filename,
skIPSetCountIPsString(input_set, buf, sizeof(buf)));
if ('0' != buf[0]) {
found_match = 1;
}
}
skIPSetDestroy(&input_set);
}
done:
/* done */
skIPSetDestroy(&input_set);
skIPSetDestroy(&wild_set);
return ((found_match) ? 0 : 1);
}