示例#1
0
文件: virtual.c 项目: OPSF/uClinux
void
show_virtual_private() 
{
    char allowed[SUBNETTOT_BUF];
    char disallowed[SUBNETTOT_BUF];
    char all_ok[256] = ""; /* arbitrary limit */
    char all_ko[256] = ""; /* arbitrary limit */
    int i,truncok=0,truncko=0;

    if (private_net_ok!=NULL) {
	for (i=0;i<private_net_ok_len;i++) {
	    subnettot(&private_net_ok[i], 0, allowed, sizeof(allowed));
	    if(i!=0)
		strcat(all_ok, ", ");
	    if( (strlen(all_ok) + strlen(allowed)) <= 255)
		strcat(all_ok, allowed);
	    else {
		truncok = 1;
		i = private_net_ok_len;
	    }
	};
    } else all_ok[0] = '\0';

    if (private_net_ko!=NULL) {
	for (i=0;i<private_net_ko_len;i++) {
	    subnettot(&private_net_ko[i], 0, disallowed, sizeof(disallowed));
	    if(i!=0)
		strcat(all_ko, ", ");
	    if( (strlen(all_ko) + strlen(disallowed)) <= 255)
		strcat(all_ko, disallowed);
	    else {
		truncko = 1;
		i = private_net_ko_len;
	    };
	};
    } else all_ko[0] = '\0';

    whack_log(RC_COMMENT, "virtual_private (%%priv):");
    whack_log(RC_COMMENT, "- allowed %d subnet%s: %s",
	      private_net_ok_len,
	      (private_net_ok_len == 1) ? "" : "s", all_ok );
	
    whack_log(RC_COMMENT, "- disallowed %d subnet%s: %s",
	      private_net_ko_len,
	      (private_net_ko_len == 1) ? "" : "s", all_ko );
    if (truncok || truncko)
	whack_log(RC_COMMENT, "WARNING: some virtual_private entries were not shown, do you really need that many?");
    if (!truncok && !truncko && !strlen(all_ok)) {
	whack_log(RC_COMMENT, "WARNING: Either virtual_private= is not specified, or there is a syntax\n");
	whack_log(RC_COMMENT, "         error in that line. 'left/rightsubnet=vhost:%%priv' will not work!");
    }
    if (!truncok && !truncko && !strlen(all_ko)) {
	whack_log(RC_COMMENT, "WARNING: Disallowed subnets in virtual_private= is empty. If you have\n");
	whack_log(RC_COMMENT, "         private address space in internal use, it should be excluded!");
    }
}
示例#2
0
static int starter_print_connname(struct starter_config *cfg,
				  struct starter_conn *conn)
{
	char lt[SUBNETTOT_BUF], rt[SUBNETTOT_BUF];

	subnettot(&conn->left.subnet,  0, lt, SUBNETTOT_BUF);
	subnettot(&conn->right.subnet, 0, rt, SUBNETTOT_BUF);
	printf("conn name=%s leftsubnet=%s rightsubnet=%s\n",
	       conn->name, lt, rt);

	return 0; /* success */
}
示例#3
0
static void show_virtual_private_kind(const char *kind,
	const ip_subnet *private_net,
	int private_net_len)
{
	if (private_net != NULL) {
		bool trunc = FALSE;
		char all[256] = "";  /* arbitrary limit */
		int i;

		for (i = 0; i < private_net_len; i++) {
			char sn[SUBNETTOT_BUF];
			const char *sep = *all == '\0'? "" : ", ";

			subnettot(&private_net[i], 0, sn, sizeof(sn));
			if (strlen(all) + strlen(sep) +  strlen(sn) <
					sizeof(all)) {
				strcat(all, sep);	/* safe: see allocation above */
				strcat(all, sn);	/* safe: see allocation above */
			} else {
				trunc = TRUE;
				break;
			}
		}
		whack_log(RC_COMMENT, "- %s subnet%s: %s",
			kind, i == 1? "" : "s", all);
		if (trunc)
			whack_log(RC_COMMENT, "showing only %d of %d!",
				i, private_net_len);
	}
}
示例#4
0
bool dag_network::matchesIfPrefix(const ip_address v6)
{
    char b1[ADDRTOT_BUF], b2[SUBNETTOT_BUF];
    addrtot(&v6, 0, b1, sizeof(b1));
    for(int i=0; i<mIfFilter_max && i<DAG_IFWILDCARD_MAX; i++) {
        bool matched = addrinsubnet(&v6, &mIfFilter[i]);
        subnettot(&mIfFilter[i], 0, b2, sizeof(b2));
        debug->debug(RPL_DEBUG_NETLINK, "matching addr:%s against %s: result: %s\n",
                     b1, b2, matched ? "matched" : "failed");
        if(matched) return true;
    }
    return false;
}
示例#5
0
int main(int argc, char *argv[])
{
	ip_subnet s;
	char buf[100];
	char buf2[100];
	const char *oops;
	size_t n;
	int af;
	char *p;

	if (argc < 2) {
		fprintf(stderr, "Usage: %s [-6] addr/mask\n", argv[0]);
		fprintf(stderr, "   or: %s -r\n", argv[0]);
		exit(2);
	}

	if (strcmp(argv[1], "-r") == 0) {
		regress();
		fprintf(stderr, "regress() returned?!?\n");
		exit(1);
	}

	af = AF_INET;
	p = argv[1];
	if (strcmp(argv[1], "-6") == 0) {
		af = AF_INET6;
		p = argv[2];
	} else if (strchr(argv[1], ':') != NULL)
		af = AF_INET6;
	oops = ttosubnet(p, 0, af, &s);
	if (oops != NULL) {
		fprintf(stderr, "%s: conversion failed: %s\n", argv[0], oops);
		exit(1);
	}
	n = subnettot(&s, 0, buf, sizeof(buf));
	if (n > sizeof(buf)) {
		fprintf(stderr, "%s: reverse conversion of ", argv[0]);
		(void) addrtot(&s.addr, 0, buf2, sizeof(buf2));
		fprintf(stderr, "%s/", buf2);
		fprintf(stderr, "%d", s.maskbits);
		fprintf(stderr, " failed: need %ld bytes, have only %ld\n",
						(long)n, (long)sizeof(buf));
		exit(1);
	}
	printf("%s\n", buf);

	exit(0);
}
示例#6
0
void dag_network::add_childnode(rpl_node          *announcing_peer,
                                network_interface *iface,
                                ip_subnet prefix)
{
    prefix_node &pre = this->dag_children[prefix];
    char b1[256];
    subnettot(&prefix, 0, b1, 256);

    if(!pre.is_installed()) {
        dao_needed = true;
        pre.set_debug(this->debug);
        pre.set_prefix(prefix);
        pre.set_announcer(announcing_peer);

        announcing_peer->add_route_via_node(prefix, iface);
        set_dao_needed();
        pre.set_installed(true);
    }
#if 0
    debug->verbose("added child node %s/%s from %s\n",
                   b1, pre.node_name(),
                   announcing_peer->node_name());
#endif
}
示例#7
0
文件: confwrite.c 项目: OPSF/uClinux
void confwrite_side(FILE *out,
		    struct starter_conn *conn,
		    struct starter_end *end,
		    char   *side)
{
    char databuf[2048];  /* good for a 12288 bit rsa key */
    int  keyingtype;

    if(conn->manualkey) {
	keyingtype=kv_manual;
    } else {
	keyingtype=kv_auto;
    }

    switch(end->addrtype) {
    case KH_NOTSET:
	/* nothing! */
	break;
	
    case KH_DEFAULTROUTE:
	fprintf(out, "\t%s=%%defaultroute\n",side);
	break;
	
    case KH_ANY:
	fprintf(out, "\t%s=%%any\n",side);
	break;
	
    case KH_IFACE:
	if(end->strings_set[KSCF_IP]) {
	    fprintf(out, "\t%s=%s\n",side, end->strings[KSCF_IP]);
	}
	break;
	
    case KH_OPPO:
	fprintf(out, "\t%s=%%opportunistic\n",side);   
	break;
	
    case KH_OPPOGROUP:
	fprintf(out, "\t%s=%%opportunisticgroup\n",side);   
	break;
	
    case KH_GROUP:
	fprintf(out, "\t%s=%%group\n",side);   
	break;

    case KH_IPHOSTNAME:
	if(end->strings_set[KSCF_IP]) {
	    fprintf(out, "\t%s=%s\n",side, end->strings[KSCF_IP]);
	}
	break;

    case KH_IPADDR:
	addrtot(&end->addr, 0, databuf, ADDRTOT_BUF);
	fprintf(out, "\t%s=%s\n", side, databuf);
	break;
    }

    if(end->strings_set[KSCF_ID] && end->id) {
	fprintf(out, "\t%sid=\"%s\"\n",     side, end->id);
    }

    switch(end->nexttype) {
    case KH_NOTSET:
	/* nothing! */
	break;
	
    case KH_DEFAULTROUTE:
	fprintf(out, "\t%snexthop=%%defaultroute\n",side);
	break;
	
    case KH_IPADDR:
	addrtot(&end->nexthop, 0, databuf, ADDRTOT_BUF);
	fprintf(out, "\t%snexthop=%s\n", side, databuf);
	break;

    default:
	break;
    }

    if(end->has_client) {
	if(isvalidsubnet(&end->subnet)
	   && (!subnetishost(&end->subnet)
	       || !addrinsubnet(&end->addr, &end->subnet)))
	{
	    subnettot(&end->subnet, 0, databuf, SUBNETTOT_BUF);
	    fprintf(out, "\t%ssubnet=%s\n", side, databuf);
	}
    }

    if(end->rsakey1) {
	fprintf(out, "\t%srsakey=%s\n", side, end->rsakey1);
    }

    if(end->rsakey2) {
	fprintf(out, "\t%srsakey2=%s\n", side, end->rsakey2);
    }

    if(end->port || end->protocol) {
	char b2[32];
	
	strcpy(b2, "%any");
	strcpy(databuf, "%any");

	if(end->port) {
	    sprintf(b2, "%u", end->port);
	}
	if(end->protocol) {
	    sprintf(databuf, "%u", end->protocol);
	}
	    
	fprintf(out, "\t%sprotoport=%s/%s\n", side,
		databuf, b2);
    }

    if(end->cert) {
	fprintf(out, "\t%scert=%s\n", side, end->cert);
    }

    if(!isanyaddr(&end->sourceip)) {
	addrtot(&end->sourceip, 0, databuf, ADDRTOT_BUF);
	fprintf(out, "\t%ssourceip=%s\n", side, databuf);
    }

    confwrite_int(out, side,
		  kv_conn|kv_leftright,
		  keyingtype,
		  end->options, end->options_set, end->strings);
    confwrite_str(out, side, kv_conn|kv_leftright,
		  keyingtype,
		  end->strings, end->strings_set);

}
示例#8
0
/*
 * Process an incoming DAG Advertisement Object.
 * the DAO is the upward announcement.
 *
 */
void dag_network::receive_dao(network_interface *iface,
                              struct in6_addr from,
                              struct in6_addr ip6_to,
                              const time_t    now,
                              const struct nd_rpl_dao *dao,
                              unsigned char *data, int dao_len)
{
    /* it has already been checked to be at least sizeof(*dio) */
    //int dao_payload_len = dao_len - sizeof(*dao);

    /* increment stat of number of packets processed */
    this->mStats[PS_PACKET_RECEIVED]++;
    this->mStats[PS_DAO_PACKET_RECEIVED]++;

    /* validate this packet, if possible */
    bool secure = this->check_security(dao, dao_len);

    rpl_node *peer;

    /* find the node entry from this source IP, and update seen time */
    /* this will create the node if it does not already exist! */
    if((peer = this->update_child(iface, from, ip6_to, now)) == NULL) {
        return;
    }

    if(mActive == false) {
	this->mStats[PS_PACKETS_WATCHED]++;
	return;
    }

    /* look for the suboptions, process them */
    rpl_dao decoded_dao(data, dao_len, this);
    unsigned int addrcount = 0;

    struct rpl_dao_target *rpltarget;
    while((rpltarget = decoded_dao.rpltarget()) != NULL) {
        char addrfound[SUBNETTOT_BUF];
        unsigned char v6bytes[16];
        int prefixbytes = ((rpltarget->rpl_dao_prefixlen+7) / 8);
        ip_subnet prefix;
        prefix.maskbits = rpltarget->rpl_dao_prefixlen;
        memset(v6bytes, 0, 16);
        memcpy(v6bytes, rpltarget->rpl_dao_prefix, prefixbytes);
        initaddr(v6bytes, 16, AF_INET6, &prefix.addr);

        addrcount++;

        subnettot(&prefix, 0, addrfound, sizeof(addrfound));


        /* need to look at dag_members, and see if the child node already
         * exists, and add if not
         */
        debug->verbose("  recv DAO rpltarget re: network %s, target %s (added)\n",
                       addrfound, peer->node_name());

        add_childnode(peer, iface, prefix);
    }
    maybe_send_dao();

    /* now send a DAO-ACK back this the node, using the interface it arrived on, if asked to. */
    if(RPL_DAO_K(dao->rpl_flags)) {
        debug->verbose("sending DAOACK about %u networks, to %s\n",
                       addrcount, peer->node_name());
        iface->send_daoack(*peer, *this, dao->rpl_daoseq);
    }

    /* increment stat of number of packets processed */
    this->mStats[PS_PACKET_PROCESSED]++;
}
示例#9
0
const char *dag_network::prefix_name() {
    if(mPrefixName[0] == '\0') {
        subnettot(&mPrefix, 0, mPrefixName, sizeof(mPrefixName));
    }
    return mPrefixName;
};