int ValidateSet(char *cidr, BGPDATA BGP) { skIPWildcard_t ipwild; int rv = skStringParseIPWildcard(&ipwild,cidr); if (rv != 0) { skAppPrintErr("Invalid IP Wildcard: %s", skStringParseStrerror(rv)); return 0; } rv = skIPSetCheckIPWildcard(BGP.ipset, &ipwild); return rv; }
/* * status = processInputFile(filein); * * For every line in 'filein', look up the address in Country Code * map and print out the corresponding country code. There should * be as many lines of output as there are of input. */ static int processInputFile( const char *f_name) { char final_delim[] = {'\0', '\0'}; char line[2048]; skstream_t *stream = NULL; skIPWildcardIterator_t iter; skIPWildcard_t ipwild; skipaddr_t ip; int retval = 1; int rv; int lc = 0; char cc[32]; char ipbuf[SK_NUM2DOT_STRLEN]; if (!app_opt.no_final_delimiter) { final_delim[0] = app_opt.column_separator; } /* open input */ if ((rv = skStreamCreate(&stream, SK_IO_READ, SK_CONTENT_TEXT)) || (rv = skStreamBind(stream, f_name)) || (rv = skStreamSetCommentStart(stream, "#")) || (rv = skStreamOpen(stream))) { skStreamPrintLastErr(stream, rv, &skAppPrintErr); goto END; } /* read until end of file */ while ((rv = skStreamGetLine(stream, line, sizeof(line), &lc)) != SKSTREAM_ERR_EOF) { switch (rv) { case SKSTREAM_OK: /* good, we got our line */ break; case SKSTREAM_ERR_LONG_LINE: /* bad: line was longer than sizeof(line) */ skAppPrintErr("Input line %d too long. ignored", lc); continue; default: /* unexpected error */ skStreamPrintLastErr(stream, rv, &skAppPrintErr); goto END; } /* parse the line: fill in octet_bitmap */ rv = skStringParseIPWildcard(&ipwild, line); if (rv && rv != SKUTILS_ERR_EMPTY) { /* error */ skAppPrintErr("Error on line %d: %s\n", lc, skStringParseStrerror(rv)); goto END; } #if SK_ENABLE_IPV6 if (skIPWildcardIsV6(&ipwild)) { continue; } #endif /* SK_ENABLE_IPV6 */ skIPWildcardIteratorBind(&iter, &ipwild); while (skIPWildcardIteratorNext(&iter, &ip) == SK_ITERATOR_OK) { skCountryLookupName(&ip, cc, sizeof(cc)); if (!app_opt.print_ips) { skStreamPrint(out, "%s\n", cc); } else { skipaddrString(ipbuf, &ip, ip_flags); if (app_opt.no_columns) { skStreamPrint(out, "%s%c%s%s\n", ipbuf, app_opt.column_separator, cc, final_delim); } else { skStreamPrint(out, "%15s%c%2s%s\n", ipbuf, app_opt.column_separator, cc, final_delim); } } } } retval = 0; END: skStreamDestroy(&stream); return retval; }
/* * buildIPSetWildcards(stream); * * Read IP addresses from the stream named by 'stream' and use them * to build the global ipset. Allow the input to contain * IPWildcards. Return 0 on success or -1 on failure. */ static int buildIPSetWildcards( skstream_t *stream) { #if SK_ENABLE_IPV6 int saw_integer = 0; #endif int lc = 0; char line_buf[512]; skIPWildcard_t ipwild; skipaddr_t ip; uint32_t prefix; char *cp; int rv; /* read until end of file */ while ((rv = skStreamGetLine(stream, line_buf, sizeof(line_buf), &lc)) != SKSTREAM_ERR_EOF) { switch (rv) { case SKSTREAM_OK: /* good, we got our line */ break; case SKSTREAM_ERR_LONG_LINE: /* bad: line was longer than sizeof(line_buf) */ skAppPrintErr("Input line %d too long. ignored", lc); continue; default: /* unexpected error */ skStreamPrintLastErr(stream, rv, &skAppPrintErr); goto END; } /* first, attempt to parse as a CIDR block */ rv = skStringParseCIDR(&ip, &prefix, line_buf); if (rv == 0) { #if SK_ENABLE_IPV6 /* do not allow integers mixed with IPv6 addresses */ if (saw_integer) { if (skipaddrIsV6(&ip)) { skAppPrintErr("Error on line %d: %s", lc, SETBUILD_ERR_MIX_INT_V6); rv = -1; goto END; } } else if (SETBUILD_BUF_IS_INT(line_buf)) { saw_integer = 1; if (skIPSetIsV6(ipset)) { skAppPrintErr("Error on line %d: %s", lc, SETBUILD_ERR_MIX_INT_V6); rv = -1; goto END; } } #endif /* SK_ENABLE_IPV6 */ rv = skIPSetInsertAddress(ipset, &ip, prefix); if (rv) { skAppPrintErr("Error adding IP on line %d to IPset: %s", lc, skIPSetStrerror(rv)); goto END; } continue; } /* else parse the line as an IPWildcard */ rv = skStringParseIPWildcard(&ipwild, line_buf); if (rv != 0) { /* failed to parse an IPWildcard. See if the user has * entered two IP addresses, and if so, suggest they use * the --ip-ranges switch. */ int rv2; rv2 = skStringParseIP(&ip, line_buf); if (rv2 > 0) { /* parsed an IP and there is extra text after the IP * address; check to see if it is another IP addr */ #if SK_ENABLE_IPV6 if (skipaddrIsV6(&ip) && ((cp = strchr(line_buf + rv2, ':')) != NULL)) { while (isxdigit((int) *(cp - 1))) { --cp; } if (skStringParseIP(&ip, cp) == 0) { skAppPrintErr(("Invalid IP on line %d: " SUGGEST_IP_RANGES), lc); goto END; } } #endif if (!skipaddrIsV6(&ip) && ((cp = strchr(line_buf + rv2, '.')) != NULL)) { while (isxdigit((int) *(cp - 1))) { --cp; } if (skStringParseIP(&ip, cp) == 0) { skAppPrintErr(("Invalid IP on line %d: " SUGGEST_IP_RANGES), lc); goto END; } } } /* report initial error */ skAppPrintErr("Invalid IP Wildcard on line %d: %s", lc, skStringParseStrerror(rv)); goto END; } #if SK_ENABLE_IPV6 /* do not allow integers mixed with IPv6 addresses */ if (saw_integer && skIPWildcardIsV6(&ipwild)) { skAppPrintErr("Error on line %d: %s", lc, SETBUILD_ERR_MIX_INT_V6); rv = -1; goto END; } #endif /* SK_ENABLE_IPV6 */ rv = skIPSetInsertIPWildcard(ipset, &ipwild); if (rv) { skAppPrintErr("Error adding IP Wildcard on line %d to IPset: %s", lc, skIPSetStrerror(rv)); goto END; } } /* success */ rv = 0; END: if (rv != 0) { return -1; } return 0; }
int main(int argc, char **argv) { char errbuf[2 * PATH_MAX]; const char *filename = NULL; skstream_t *stream = NULL; skIPWildcard_t ipwild; skipset_t *input_set = NULL; skipset_t *wild_set = NULL; char buf[64]; int found_match = 0; /* application return value */ int rv; appSetup(argc, argv); /* never returns on error */ /* Build an IP wildcard from the pattern argument */ rv = skStringParseIPWildcard(&ipwild, pattern); if (rv) { skAppPrintErr("Invalid IP '%s': %s", pattern, skStringParseStrerror(rv)); skAppUsage(); } if (count && !quiet) { /* Create an IPset containing the IPwildcard */ if ((rv = skIPSetCreate(&wild_set, skIPWildcardIsV6(&ipwild))) || (rv = skIPSetInsertIPWildcard(wild_set, &ipwild)) || (rv = skIPSetClean(wild_set))) { skAppPrintErr("Unable to create temporary IPset: %s", skIPSetStrerror(rv)); return EXIT_FAILURE; } } /* Iterate over the set files */ while ((filename = appNextInput(argc, argv)) != NULL) { /* Load the input set */ if ((rv = skStreamCreate(&stream, SK_IO_READ, SK_CONTENT_SILK)) || (rv = skStreamBind(stream, filename)) || (rv = skStreamOpen(stream))) { skStreamLastErrMessage(stream, rv, errbuf, sizeof(errbuf)); skAppPrintErr("Unable to read IPset from '%s': %s", filename, errbuf); skStreamDestroy(&stream); continue; } rv = skIPSetRead(&input_set, stream); if (rv) { if (SKIPSET_ERR_FILEIO == rv) { skStreamLastErrMessage(stream, skStreamGetLastReturnValue(stream), errbuf, sizeof(errbuf)); } else { strncpy(errbuf, skIPSetStrerror(rv), sizeof(errbuf)); } skAppPrintErr("Unable to read IPset from '%s': %s", filename, errbuf); skStreamDestroy(&stream); continue; } skStreamDestroy(&stream); if (quiet || !count) { /* Only need to check for a match */ if (skIPSetCheckIPWildcard(input_set, &ipwild)) { found_match = 1; if (quiet) { goto done; } printf("%s\n", filename); } } else { /* Need a count of IPs, so intersect */ rv = skIPSetIntersect(input_set, wild_set); if (rv) { skAppPrintErr("Unable to intersect IPsets: %s", skIPSetStrerror(rv)); skIPSetDestroy(&input_set); skIPSetDestroy(&wild_set); return EXIT_FAILURE; } printf("%s:%s\n", filename, skIPSetCountIPsString(input_set, buf, sizeof(buf))); if ('0' != buf[0]) { found_match = 1; } } skIPSetDestroy(&input_set); } done: /* done */ skIPSetDestroy(&input_set); skIPSetDestroy(&wild_set); return ((found_match) ? 0 : 1); }