示例#1
0
int read_network_file (char *filename) {
  FILE *f = fopen (filename, "rt");
  if (!f) {
    fprintf (stderr, "can not open network file (error %m)\n");
    return 0;
  }
  char buf[256];
  while (!feof (f)) {
    if (rules_num >= MAX_RULES) {
      fclose (f);
      return rules_num;
    }
    fgets (buf, 255, f);
    rules_num += read_rule(buf, &network[rules_num]);
  }
  if (verbosity) {
    fprintf (stderr, "Read %d rules from network description file\n", rules_num);
  }
  fclose (f);
  return rules_num;
}
示例#2
0
static int read_common_rules(xmlNode *root, cp_ruleset_t **dst,
                             cp_read_actions_func read_actions, cp_free_actions_func free_actions)
{
    cp_ruleset_t *rs = NULL;
    cp_rule_t *r, *last = NULL;
    xmlNode *n;
    int res = RES_OK;

    if (!dst) return RES_INTERNAL_ERR;
    else *dst = NULL;
    if (!root) return RES_INTERNAL_ERR;

    if (cmp_node(root, "ruleset", common_policy_ns) < 0) {
        ERROR_LOG("document is not a ruleset \n");
        return RES_INTERNAL_ERR;
    }

    rs = (cp_ruleset_t*)cds_malloc(sizeof(cp_ruleset_t));
    if (!rs) return RES_MEMORY_ERR;
    *dst = rs;
    memset(rs, 0, sizeof(*rs));


    /* read rules in ruleset */
    n = root->children;
    while (n) {
        if (n->type == XML_ELEMENT_NODE) {
            if (cmp_node(n, "rule", common_policy_ns) >= 0) {
                res = read_rule(n, &r, read_actions, free_actions);
                if (res == 0) {
                    if (r) LINKED_LIST_ADD(rs->rules, last, r);
                }
                else break;
            }
        }
        n = n->next;
    }

    return res;
}
int main(int argc, char *argv[])
{
  ns_rule_handle_h *rh = NULL;
  uint32_t prio = 0,rule_read = 0;
  char *endptr;
  ns_rule_key_size_t key_size = SUPPORTED_TCAM_KEY_SIZE;
  ns_nfm_ret_t ret;
  unsigned int host_id = 15;
  unsigned int device = 0;

  ns_log_init(NS_LOG_COLOR | NS_LOG_CONSOLE);
  ns_log_lvl_set(NS_LOG_LVL_INFO);

  int c;
  while ((c = getopt_long(argc, argv, "l:hi:d:k:rn:", __long_options, NULL)) != -1) {
    switch (c) {
      case 'l':
        ns_log_lvl_set((unsigned int)strtoul(optarg,0,0));
        break;
      case 'i':
        host_id = (unsigned int)strtoul(optarg,0,0);
        if (host_id > 31) {
          fprintf(stderr, "Host_id %d is out of range (0-31)\n", device);
          exit(1);
        }
        break;
      case 'd':
        device = (unsigned int)strtoul(optarg,0,0);
        if (device > 3) {
          fprintf(stderr, "Device %d is out of range (0-3)\n", device);
          exit(1);
        }
        break;
      case 'k':
        key_size = strtoul(optarg, &endptr, 0);
        if (*endptr != '\0') {
          fprintf(stderr, "Invalid keysize %s\n", optarg);
          return 1;
        }
        if (key_size != SUPPORTED_TCAM_KEY_SIZE) {
                                        fprintf(stderr, "Invalid keysize %s, please use " SUPPORTED_TCAM_KEY_SIZE_STR "\n", optarg);
          print_usage(argv[0]);
        }
        break;
      case 'r':
        // Read Rule
        rule_read = 1;
        break;
      case 'n':
        // Rule name to be read or written
        strcpy(rnames, optarg);
        break;
      case 'h':
      default:
        print_usage(argv[0]);
    }
  }

  if (optind != argc)
    print_usage(argv[0]);

  // Init the rules lib
  rh = ns_rules_init(RULESD_Q_NAME, RQNAME, device);
  if (!rh) {
    fprintf(stderr, "ns_rules_init() failed\n");
    return 1;
  }

  if(!rule_read) {
    if (key_size == SUPPORTED_TCAM_KEY_SIZE) {
      /*
       * Reset the configuration.  This is ignored if there was no
       * configuration.  Note that this also flushes the rules from the
       * hardware.
       */
      ret = ns_rules_config_reset(rh);
      if (ret != NS_NFM_SUCCESS) {
        fprintf(stderr, "failure @ %s: %d\n", __FILE__, __LINE__);
        goto fail;
      }

      // Set the desired lookup key size
      ret = ns_rules_config_set_key_size(rh, key_size);
      if (ret != NS_NFM_SUCCESS) {
        fprintf(stderr, "failure @ %s: %d\n", __FILE__, __LINE__);
        goto fail;
      }
    }

    // Send config to rulesd
    ret = ns_rules_setup(rh);
    if (ret != NS_NFM_SUCCESS) {
      fprintf(stderr, "failure @ %s: %d\n", __FILE__, __LINE__);
      goto fail;
    }

    // Add a single rule to send traffic to host.
    // Prepare to add the rule
    //sprintf(rnames[num], "v6sample %d", num);
    ret = add_rule(rh, rnames, prio, SEND_ACTION_VIA_HOST,
        FST_30_MINUTE_LIST_NUM, host_id);
    if (ret != NS_NFM_SUCCESS) {
      fprintf(stderr, "failure @ %s: %d\n", __FILE__, __LINE__);
      goto fail;
    }

    // Commit
    ret = ns_rule_commit_rulesdb(rh);
    if (ret != NS_NFM_SUCCESS) {
      fprintf(stderr, "failure @ %s: %d\n", __FILE__, __LINE__);
      goto fail;
    }
  }
  else {

    if(read_rule(rh, rnames)) {
      fprintf(stderr, "failure to read rules @ %s: %d\n", __FILE__, __LINE__);
    }
  }

  // Dump
  ret = ns_rule_dump_rules(rh);
  if (ret != NS_NFM_SUCCESS) {
    fprintf(stderr, "failure @ %s: %d\n", __FILE__, __LINE__);
    goto fail;
  }

  // Close the rules library.
  ret = ns_rules_close(rh);
  if (ret != NS_NFM_SUCCESS) {
    fprintf(stderr, "failure @ %s: %d\n", __FILE__, __LINE__);
    goto fail;
  }

  return 0;

fail:
  ns_rules_close(rh);
  return 1;
}