int main(int argc, char **argv) { int rv; appSetup(argc, argv); /* read input file */ if (ip_ranges) { if (buildIPSetRanges(in_stream)) { return 1; } } else { if (buildIPSetWildcards(in_stream)) { return 1; } } skIPSetClean(ipset); /* write output to stream */ rv = skIPSetWrite(ipset, out_stream); if (rv) { if (SKIPSET_ERR_FILEIO == rv) { skStreamPrintLastErr(out_stream, skStreamGetLastReturnValue(out_stream), &skAppPrintErr); } else { skAppPrintErr("Unable to write IPset to '%s': %s", skStreamGetPathname(out_stream),skIPSetStrerror(rv)); } return 1; } skStreamDestroy(&in_stream); skStreamDestroy(&out_stream); /* done */ return 0; }
/* * buildIPSetRanges(stream); * * Read IP addresses from the stream named by 'stream' and use them * to build the global ipset. Allow the input to support ranges of * IPs. Return 0 on success or -1 on failure. */ static int buildIPSetRanges( skstream_t *stream) { #if SK_ENABLE_IPV6 int saw_integer = 0; #endif int lc = 0; char line_buf[512]; char *sep; skipaddr_t ip; skipaddr_t ip_min; skipaddr_t ip_max; uint32_t prefix; const int delim_is_space = isspace((int)delimiter); int rv; /* read until end of file */ while ((rv = skStreamGetLine(stream, line_buf, sizeof(line_buf), &lc)) != SKSTREAM_ERR_EOF) { switch (rv) { case SKSTREAM_OK: /* good, we got our line */ break; case SKSTREAM_ERR_LONG_LINE: /* bad: line was longer than sizeof(line_buf) */ skAppPrintErr("Input line %d too long. ignored", lc); continue; default: /* unexpected error */ skStreamPrintLastErr(stream, rv, &skAppPrintErr); goto END; } /* support whitespace separators */ if (!delim_is_space) { sep = strchr(line_buf, delimiter); } else { /* ignore leading whitespace */ sep = line_buf; while (isspace((int)*sep)) { ++sep; } sep = strchr(sep, delimiter); if (sep) { /* allow a lone IP to have trailing whitespace */ char *cp = sep; while (isspace((int)*cp)) { ++cp; } if (*cp == '\0') { sep = NULL; } } } if (sep == NULL) { /* parse as IP with possible CIDR designation */ rv = skStringParseCIDR(&ip, &prefix, line_buf); if (rv != 0) { skAppPrintErr("Invalid IP on line %d: %s", lc, skStringParseStrerror(rv)); goto END; } #if SK_ENABLE_IPV6 /* do not allow integers mixed with IPv6 addresses */ if (saw_integer) { if (skipaddrIsV6(&ip)) { skAppPrintErr("Error on line %d: %s", lc, SETBUILD_ERR_MIX_INT_V6); rv = -1; goto END; } } else if (SETBUILD_BUF_IS_INT(line_buf)) { saw_integer = 1; if (skIPSetIsV6(ipset)) { skAppPrintErr("Error on line %d: %s", lc, SETBUILD_ERR_MIX_INT_V6); rv = -1; goto END; } } #endif /* SK_ENABLE_IPV6 */ rv = skIPSetInsertAddress(ipset, &ip, prefix); if (rv) { skAppPrintErr("Error adding IP on line %d to IPset: %s", lc, skIPSetStrerror(rv)); goto END; } continue; } /* parse two IP addresses */ *sep = '\0'; ++sep; rv = skStringParseIP(&ip_min, line_buf); if (rv != 0) { skAppPrintErr("Invalid minimum IP on line %d: %s", lc, skStringParseStrerror(rv)); goto END; } rv = skStringParseIP(&ip_max, sep); if (rv != 0) { skAppPrintErr("Invalid maximum IP on line %d: %s", lc, skStringParseStrerror(rv)); goto END; } if (skipaddrCompare(&ip_min, &ip_max) > 0) { skAppPrintErr("Invalid IP range on line %d: min > max", lc); rv = -1; goto END; } #if SK_ENABLE_IPV6 /* do not allow integers mixed with IPv6 addresses */ if (saw_integer) { if (skipaddrIsV6(&ip_min) || skipaddrIsV6(&ip_max)) { skAppPrintErr("Error on line %d: %s", lc, SETBUILD_ERR_MIX_INT_V6); rv = -1; goto END; } } else if (SETBUILD_BUF_IS_INT(line_buf) || SETBUILD_BUF_IS_INT(sep)) { saw_integer = 1; if (skIPSetIsV6(ipset)) { skAppPrintErr("Error on line %d: %s", lc, SETBUILD_ERR_MIX_INT_V6); rv = -1; goto END; } } #endif /* SK_ENABLE_IPV6 */ rv = skIPSetInsertRange(ipset, &ip_min, &ip_max); if (rv) { skAppPrintErr("Error adding IP range on line %d to IPset: %s", lc, skIPSetStrerror(rv)); goto END; } } /* success */ rv = 0; END: if (rv != 0) { return -1; } return 0; }
/* * buildIPSetWildcards(stream); * * Read IP addresses from the stream named by 'stream' and use them * to build the global ipset. Allow the input to contain * IPWildcards. Return 0 on success or -1 on failure. */ static int buildIPSetWildcards( skstream_t *stream) { #if SK_ENABLE_IPV6 int saw_integer = 0; #endif int lc = 0; char line_buf[512]; skIPWildcard_t ipwild; skipaddr_t ip; uint32_t prefix; char *cp; int rv; /* read until end of file */ while ((rv = skStreamGetLine(stream, line_buf, sizeof(line_buf), &lc)) != SKSTREAM_ERR_EOF) { switch (rv) { case SKSTREAM_OK: /* good, we got our line */ break; case SKSTREAM_ERR_LONG_LINE: /* bad: line was longer than sizeof(line_buf) */ skAppPrintErr("Input line %d too long. ignored", lc); continue; default: /* unexpected error */ skStreamPrintLastErr(stream, rv, &skAppPrintErr); goto END; } /* first, attempt to parse as a CIDR block */ rv = skStringParseCIDR(&ip, &prefix, line_buf); if (rv == 0) { #if SK_ENABLE_IPV6 /* do not allow integers mixed with IPv6 addresses */ if (saw_integer) { if (skipaddrIsV6(&ip)) { skAppPrintErr("Error on line %d: %s", lc, SETBUILD_ERR_MIX_INT_V6); rv = -1; goto END; } } else if (SETBUILD_BUF_IS_INT(line_buf)) { saw_integer = 1; if (skIPSetIsV6(ipset)) { skAppPrintErr("Error on line %d: %s", lc, SETBUILD_ERR_MIX_INT_V6); rv = -1; goto END; } } #endif /* SK_ENABLE_IPV6 */ rv = skIPSetInsertAddress(ipset, &ip, prefix); if (rv) { skAppPrintErr("Error adding IP on line %d to IPset: %s", lc, skIPSetStrerror(rv)); goto END; } continue; } /* else parse the line as an IPWildcard */ rv = skStringParseIPWildcard(&ipwild, line_buf); if (rv != 0) { /* failed to parse an IPWildcard. See if the user has * entered two IP addresses, and if so, suggest they use * the --ip-ranges switch. */ int rv2; rv2 = skStringParseIP(&ip, line_buf); if (rv2 > 0) { /* parsed an IP and there is extra text after the IP * address; check to see if it is another IP addr */ #if SK_ENABLE_IPV6 if (skipaddrIsV6(&ip) && ((cp = strchr(line_buf + rv2, ':')) != NULL)) { while (isxdigit((int) *(cp - 1))) { --cp; } if (skStringParseIP(&ip, cp) == 0) { skAppPrintErr(("Invalid IP on line %d: " SUGGEST_IP_RANGES), lc); goto END; } } #endif if (!skipaddrIsV6(&ip) && ((cp = strchr(line_buf + rv2, '.')) != NULL)) { while (isxdigit((int) *(cp - 1))) { --cp; } if (skStringParseIP(&ip, cp) == 0) { skAppPrintErr(("Invalid IP on line %d: " SUGGEST_IP_RANGES), lc); goto END; } } } /* report initial error */ skAppPrintErr("Invalid IP Wildcard on line %d: %s", lc, skStringParseStrerror(rv)); goto END; } #if SK_ENABLE_IPV6 /* do not allow integers mixed with IPv6 addresses */ if (saw_integer && skIPWildcardIsV6(&ipwild)) { skAppPrintErr("Error on line %d: %s", lc, SETBUILD_ERR_MIX_INT_V6); rv = -1; goto END; } #endif /* SK_ENABLE_IPV6 */ rv = skIPSetInsertIPWildcard(ipset, &ipwild); if (rv) { skAppPrintErr("Error adding IP Wildcard on line %d to IPset: %s", lc, skIPSetStrerror(rv)); goto END; } } /* success */ rv = 0; END: if (rv != 0) { return -1; } return 0; }
int main(int argc, char **argv) { char errbuf[2 * PATH_MAX]; const char *filename = NULL; skstream_t *stream = NULL; skIPWildcard_t ipwild; skipset_t *input_set = NULL; skipset_t *wild_set = NULL; char buf[64]; int found_match = 0; /* application return value */ int rv; appSetup(argc, argv); /* never returns on error */ /* Build an IP wildcard from the pattern argument */ rv = skStringParseIPWildcard(&ipwild, pattern); if (rv) { skAppPrintErr("Invalid IP '%s': %s", pattern, skStringParseStrerror(rv)); skAppUsage(); } if (count && !quiet) { /* Create an IPset containing the IPwildcard */ if ((rv = skIPSetCreate(&wild_set, skIPWildcardIsV6(&ipwild))) || (rv = skIPSetInsertIPWildcard(wild_set, &ipwild)) || (rv = skIPSetClean(wild_set))) { skAppPrintErr("Unable to create temporary IPset: %s", skIPSetStrerror(rv)); return EXIT_FAILURE; } } /* Iterate over the set files */ while ((filename = appNextInput(argc, argv)) != NULL) { /* Load the input set */ if ((rv = skStreamCreate(&stream, SK_IO_READ, SK_CONTENT_SILK)) || (rv = skStreamBind(stream, filename)) || (rv = skStreamOpen(stream))) { skStreamLastErrMessage(stream, rv, errbuf, sizeof(errbuf)); skAppPrintErr("Unable to read IPset from '%s': %s", filename, errbuf); skStreamDestroy(&stream); continue; } rv = skIPSetRead(&input_set, stream); if (rv) { if (SKIPSET_ERR_FILEIO == rv) { skStreamLastErrMessage(stream, skStreamGetLastReturnValue(stream), errbuf, sizeof(errbuf)); } else { strncpy(errbuf, skIPSetStrerror(rv), sizeof(errbuf)); } skAppPrintErr("Unable to read IPset from '%s': %s", filename, errbuf); skStreamDestroy(&stream); continue; } skStreamDestroy(&stream); if (quiet || !count) { /* Only need to check for a match */ if (skIPSetCheckIPWildcard(input_set, &ipwild)) { found_match = 1; if (quiet) { goto done; } printf("%s\n", filename); } } else { /* Need a count of IPs, so intersect */ rv = skIPSetIntersect(input_set, wild_set); if (rv) { skAppPrintErr("Unable to intersect IPsets: %s", skIPSetStrerror(rv)); skIPSetDestroy(&input_set); skIPSetDestroy(&wild_set); return EXIT_FAILURE; } printf("%s:%s\n", filename, skIPSetCountIPsString(input_set, buf, sizeof(buf))); if ('0' != buf[0]) { found_match = 1; } } skIPSetDestroy(&input_set); } done: /* done */ skIPSetDestroy(&input_set); skIPSetDestroy(&wild_set); return ((found_match) ? 0 : 1); }