IPSET * ipset_copy( IPSET *ipsp )
{
IPSET * newset = ipset_new();
IP_PORT *ip_port;
for(ip_port =(IP_PORT*)sflist_first( &ipsp->ip_list );
ip_port !=NULL;
ip_port =(IP_PORT*)sflist_next( &ipsp->ip_list ) )
{
ipset_add(newset, &ip_port->ip, &ip_port->portset, ip_port->notflag);
}
return newset;
}
IPSET * ipset_copy( IPSET *ipsp )
{
int family;
IPSET * newset = NULL;
CIDRBLOCK *cbp;
CIDRBLOCK6 *cbp6;
if(ipsp)
{
family = ipset_family( ipsp );
newset = ipset_new(family) ;
if( family == IPV4_FAMILY )
{
for(cbp =(CIDRBLOCK*)sflist_first( &ipsp->cidr_list );
cbp !=NULL;
cbp =(CIDRBLOCK*)sflist_next( &ipsp->cidr_list ) )
{
ipset_add(newset, &cbp->ip, &cbp->mask, &cbp->portset, cbp->notflag, family);
}
}
else
{
for(cbp6 =(CIDRBLOCK6*)sflist_first( &ipsp->cidr_list );
cbp6 !=NULL;
cbp6 =(CIDRBLOCK6*)sflist_next( &ipsp->cidr_list ) )
{
ipset_add(newset, &cbp6->ip, &cbp6->mask, &cbp6->portset, cbp6->notflag, family);
}
}
}
return newset;
}
int ip4_setparse(IPSET *ipset, char *ipstr)
{
char *s_copy, *startIP, *endIP;
int parse_count = 0;
int set_not_flag = 0;
int item_not_flag;
unsigned host, mask;
PORTSET portset;
s_copy = strdup(ipstr);
if(!s_copy)
return -2;
if (*s_copy == '!')
{
set_not_flag = 1;
s_copy++;
}
startIP = s_copy;
while (startIP)
{
while (isspace((int)*startIP) || (*startIP == '[') )
{
startIP++;
}
if ((*startIP == ']') || (*startIP == '\0'))
break;
/* if not found, endIP will be NULL */
endIP = strstr(startIP, ",");
if (endIP)
*endIP = '\0';
portset_init(&portset);
if(ip4_parse(startIP, 0, &item_not_flag, &host, &mask, &portset) != 0)
{
free(s_copy);
return -5;
}
if(ipset_add(ipset, &host, &mask, &portset,
(item_not_flag ^ set_not_flag), IPV4_FAMILY) != 0)
{
free(s_copy);
return -6;
}
parse_count++;
if (endIP)
endIP++;
startIP = endIP;
}
free(s_copy);
if (!parse_count)
return -7;
return 0;
}
// -----------------------------
void test_ipset()
{
int i,k;
IPSET * ipset, * ipset6;
IPSET * ipset_copyp, * ipset6_copyp;
unsigned ipaddress, mask;
unsigned short mask6[8];
unsigned short ipaddress6[8];
unsigned port_lo, port_hi;
PORTSET portset;
printf("IPSET testing\n");
ipset = ipset_new(IPV4_FAMILY);
ipset6 = ipset_new(IPV6_FAMILY);
srand( time(0) );
for(i=0;i<MAXIP;i++)
{
if( i % 2 )
{
ipaddress = rand() * rand();
mask = 0xffffff00;
port_lo = rand();
port_hi = rand() % 5 + port_lo;
portset_init(&portset);
portset_add(&portset, port_lo, port_hi);
ipset_add( ipset, &ipaddress, &mask, &portset, 0, IPV4_FAMILY ); //class C cidr blocks
if( !ipset_contains( ipset, &ipaddress, &port_lo, IPV4_FAMILY ) )
printf("error with ipset_contains\n");
}
else
{
for(k=0;k<8;k++) ipaddress6[k] = (char) (rand() % (1<<16));
for(k=0;k<8;k++) mask6[k] = 0xffff;
port_lo = rand();
port_hi = rand() % 5 + port_lo;
portset_init(&portset);
portset_add(&portset, port_lo, port_hi);
ipset_add( ipset6, ipaddress6, mask6, &portset, 0, IPV6_FAMILY );
if( !ipset_contains( ipset6, &ipaddress6, &port_lo, IPV6_FAMILY ) )
printf("error with ipset6_contains\n");
}
}
ipset_copyp = ipset_copy( ipset );
ipset6_copyp = ipset_copy( ipset6 );
printf("-----IP SET-----\n");
ipset_print( ipset );
printf("\n");
printf("-----IP SET6-----\n");
ipset_print( ipset6 );
printf("\n");
printf("-----IP SET COPY -----\n");
ipset_print( ipset_copyp );
printf("\n");
printf("-----IP SET6 COPY -----\n");
ipset_print( ipset6_copyp );
printf("\n");
printf("IP set testing completed\n");
}
int ip4_setparse(IPSET *ipset, char *ipstr)
{
char *s_copy, *startIP, *endIP;
int parse_count = 0;
int set_not_flag = 0;
int item_not_flag;
unsigned host, mask;
PORTSET portset;
s_copy = strdup(ipstr);
if(!s_copy)
return -2;
if (*s_copy == '!')
{
set_not_flag = 1;
s_copy++;
}
startIP = s_copy;
while (startIP)
{
while (isspace((int)*startIP) || (*startIP == '[') )
{
startIP++;
}
if ((*startIP == ']') || (*startIP == '\0'))
break;
endIP = startIP;
/* The following two loops and conditional address bug 30042 */
/* Traverse the IP */
while(isdigit((int)*endIP) || (*endIP == '.') || (*endIP == '/'))
{
endIP++;
}
/* Skip any whitespace after the IP or CIDR block */
while(isspace((int)*endIP) || (*endIP == '[') || (*endIP == ']'))
{
endIP++;
}
if(*endIP != ',' && *endIP)
{
FatalError("ip4_setparse: only commas are allowed as "
"delimiters in the IP list: %s\n", ipstr);
}
portset_init(&portset);
if(ip4_parse(startIP, 0, &item_not_flag, &host, &mask, &portset) != 0)
{
free(s_copy);
return -5;
}
if(ipset_add(ipset, &host, &mask, &portset,
(item_not_flag ^ set_not_flag), IPV4_FAMILY) != 0)
{
free(s_copy);
return -6;
}
parse_count++;
if(*endIP)
{
endIP++;
}
startIP = endIP;
}
free(s_copy);
if (!parse_count)
return -7;
return 0;
}
int ipset_parse(IPSET *ipset, char *ipstr)
{
char *copy, *startIP, *endIP;
int parse_count = 0;
char set_not_flag = 0;
char item_not_flag;
char open_bracket = 0;
sfip_t ip;
PORTSET portset;
copy = strdup(ipstr);
if(!copy)
return -2;
startIP = copy;
if (*startIP == '!')
{
set_not_flag = 1;
startIP++;
}
while (startIP)
{
if (*startIP == '[')
{
open_bracket++;
startIP++;
if (!*startIP)
break;
}
if ((*startIP == ']') || (*startIP == '\0'))
{
open_bracket--;
break;
}
portset_init(&portset);
if(ip_parse(startIP, &ip, &item_not_flag, &portset, &endIP) != 0)
{
free(copy);
return -5;
}
if(ipset_add(ipset, &ip, &portset, (item_not_flag ^ set_not_flag)) != 0)
{
free(copy);
return -6;
}
parse_count++;
if (endIP && (*endIP != ']'))
{
endIP++;
}
startIP = endIP;
}
free(copy);
if (!parse_count)
return -7;
if (open_bracket)
return -8;
return 0;
}