Context Navigation

rules_mgmt.c @ 12

Revision 10, 16.3 KB (checked in by andreu, 17 years ago)
prefix v6 ok
Property svn:eol-style set to `native`

Line
1	/*
2	* File: rules_mgmt.c
3	*
4	* Authors: ANDREU François-Xavier
5	*
6	* Copyright (C) 2005 GIP RENATER
7	*/
8
9	/ This file is part of renetcol.*
10	*
11	* renetcol is free software; you can redistribute it and/or modify
12	* it under the terms of the GNU General Public License as published by
13	* the Free Software Foundation; either version 2 of the License, or
14	* (at your option) any later version.
15	*
16	* renetcol is distributed in the hope that it will be useful,
17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19	* GNU General Public License for more details.
20	*
21	* You should have received a copy of the GNU General Public License
22	* along with renetcol; if not, write to the Free Software
23	* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
24	*/
25
26	#include <syslog.h>
27	#include "rules_mgmt.h"
28
29	void
30	printRuleDef(RuleDefPtr rdPtr)
31	{
32	if (rdPtr != NULL){
33	fprintf(stderr, " ft: %hu\n", rdPtr->fieldType);
34	fprintf(stderr, " check: %hu\n", rdPtr->check);
35	fprintf(stderr, " operator: %hu\n", rdPtr->operator);
36	if (rdPtr->value!=NULL) {
37	switch (rdPtr->value->valueLength){
38	case 1:
39	fprintf(stderr, " char value: %hu\n", rdPtr->value->stor.cvalue);
40	break;
41	case 2:
42	fprintf(stderr, " short value: %hu\n", rdPtr->value->stor.svalue);
43	break;
44	case 4:
45	fprintf(stderr, " long value: %lu\n", rdPtr->value->stor.lvalue);
46	break;
47	case 16:
48	fprintf(stderr, " 16 bytes : ");
49	fprintf(stderr, "%hx:", ntohl(rdPtr->value->stor.tabAdd6[0])>>16);
50	fprintf(stderr, "%hx:", ntohl(rdPtr->value->stor.tabAdd6[0])<<16>>16);
51	fprintf(stderr, "%hx:", ntohl(rdPtr->value->stor.tabAdd6[1])>>16);
52	fprintf(stderr, "%hx:", ntohl(rdPtr->value->stor.tabAdd6[1])<<16>>16);
53	fprintf(stderr, "%hx:", ntohl(rdPtr->value->stor.tabAdd6[2])>>16);
54	fprintf(stderr, "%hx:", ntohl(rdPtr->value->stor.tabAdd6[2])<<16>>16);
55	fprintf(stderr, "%hx:", ntohl(rdPtr->value->stor.tabAdd6[3])>>16);
56	fprintf(stderr, "%hx\n", ntohl(rdPtr->value->stor.tabAdd6[3])<<16>>16);
57	break;
58	default:
59	fprintf(stderr," no check\n");
60	break;
61	}
62	} else {
63	fprintf(stderr," no check\n");
64	}
65	printRuleDef(rdPtr->next);
66	}
67	}
68
69	void
70	printRule(RulesPtr rPtr)
71	{
72	if (rPtr!=NULL){
73	fprintf(stderr, "\nid: %hu\n", rPtr->id);
74	if (rPtr->prev) { fprintf(stderr, "\nid prev: %hu\n", rPtr->prev->id);}
75	if (rPtr->next) { fprintf(stderr, "\nid next: %hu\n", rPtr->next->id);}
76	fprintf(stderr, "Name: %s\n", rPtr->ruleName);
77	/ puts (asctime (& rPtr->begin)); /
78	/ puts (asctime (& rPtr->end)); /
79	printRuleDef(rPtr->def);
80	if (rPtr->host){
81	printHostDef(rPtr->host);
82	}
83	invPrintFieldSet(rPtr->fieldToRecord);
84	printRule(rPtr->next);
85	}
86	}
87
88	/*
89	*
90	*/
91	unsigned short
92	getNewId(RulesPtr rPtr){
93	RulesPtr tmp = rPtr;
94	unsigned short ctr = 0;
95
96	while (tmp){
97	if (tmp->id > ctr){
98	ctr = tmp->id;
99	}
100	tmp = tmp->next;
101	}
102	return ctr+1;
103	}
104
105	void
106	freeValue(ValuesPtr vPtr)
107	{
108	free(vPtr);
109	vPtr = NULL;
110	}
111
112	void
113	freeRuleDef(RuleDefPtr rdPtr)
114	{
115	RuleDefPtr tmp;
116	if (rdPtr) {
117	tmp = rdPtr->next;
118	freeValue(rdPtr->value);
119	free(rdPtr);
120	rdPtr = NULL;
121	freeRuleDef(tmp);
122	}
123	}
124
125	void
126	freeRule(RulesPtr rPtr)
127	{
128	if (rPtr->def) {freeRuleDef(rPtr->def);}
129	if (rPtr->fieldToRecord) {freeField(rPtr->fieldToRecord);}
130	if (rPtr->host) {freeRemoteHost(rPtr->host);}
131	if (rPtr->fileName) {freeFile(rPtr->fileName);}
132	if (rPtr->db) {freeDb(rPtr->db);}
133	free(rPtr);
134	rPtr = NULL;
135	}
136
137	RulesPtr
138	delRule(RulesPtr rPtr, RulesPtr firstrPtr)
139	{
140	RulesPtr tmp = NULL;
141	if (rPtr==firstrPtr) {
142	if (rPtr->next) {
143	tmp = rPtr->next;
144	tmp->prev = NULL;
145	freeRule(rPtr);
146	return tmp;
147	}else{
148	freeRule(rPtr);
149	return NULL;
150	}
151	} else {
152	if (rPtr->prev->next) { rPtr->prev->next = rPtr->next;}
153	if (rPtr->next) {rPtr->next->prev = rPtr->prev;}
154	freeRule(rPtr);
155	return firstrPtr;
156	}
157	}
158
159	RulesPtr
160	getRules(RulesPtr rPtr, char *filename)
161	{
162	FILE *ruleFile;
163	RulesPtr tmp = NULL;
164	RulesPtr tmp2 = NULL;
165	time_t hour;
166	char line[512];
167	char lineCopy[512];
168	char str1[256];
169	char str2[256];
170	char strTok[1];
171	char strName[100];
172	char strOutputType[20];
173	int cptLine;
174
175	if (!(ruleFile = fopen(filename, "r"))) {
176	syslog(LOG_ERR, "error during %s opening\n", filename);
177	exit(1);
178	}
179	cptLine=0;
180	time (& hour);
181	/ tmp->begin = localtime (& hour); /
182	/ tmp->end = localtime (& hour); /
183	/ strptime( begin, "%Y%m%d%H%M%S", & tmp->begin); /
184	/ strptime( end, "%Y%m%d%H%M%S", & tmp->end); /
185	while ( fgets(line, 512, ruleFile) != 0) {
186	if ( strspn(line, "#") == 0 ) {
187	strcpy(lineCopy, line);
188	if (strncmp("N", lineCopy, 1) == 0){
189	if (sscanf(line, "%1s %s\n",
190	strTok,
191	strName) == 0) {
192	syslog(LOG_ERR, "Error in file %s, line %d\n",
193	filename, cptLine);
194	exit(1);
195	} else {
196	rPtr = tmp;
197	tmp = NULL;
198	tmp = (RulesPtr) malloc(sizeof(struct Rules));
199	if (tmp==NULL) {
200	syslog(LOG_ERR, "ERROR in malloc in getRule function\n");
201	exit(1);
202	} else {
203	tmp->id = getNewId(rPtr);
204	tmp->def = NULL;
205	tmp->fieldToRecord = NULL;
206	tmp->host = NULL;
207	tmp->fileName = NULL;
208	tmp->db = NULL;
209	tmp->next = rPtr;
210	/ rPtr->prev = tmp; /
211	tmp->prev = NULL;
212	}
213	tmp->ruleName = (char ) malloc((strlen(strName)+1)sizeof(char));
214	strcpy(tmp->ruleName, strName);
215	}
216	}
217	if (strncmp("O", lineCopy, 1) == 0){
218	if (sscanf(line, "%1s %s %s %s\n",
219	strTok,
220	strOutputType,
221	str1,
222	str2) == 0) {
223	syslog(LOG_ERR, "Error in file %s, line %d\n",
224	filename, cptLine);
225	exit(1);
226	} else {
227	/ switch output type /
228	if (strcmp("file", strOutputType) == 0){
229	tmp->type = 1;
230	tmp->fileName = addFileDef(tmp->fileName, str1, str2);
231	}
232	if (strcmp("socket", strOutputType) == 0){
233	tmp->type = 2;
234	tmp->host = addRemoteHostDef(tmp->host, str1, str2);
235	}
236	if (strcmp("base", strOutputType) == 0){
237	tmp->type = 3;
238	tmp->db = addDataBase(tmp->db, str1, str2);
239	}
240	}
241	}
242	if (strncmp("C", lineCopy, 1) == 0){
243	tmp->def = addRuleDef(tmp->def, lineCopy);
244	}
245	if (strncmp("A", lineCopy, 1) == 0){
246	syslog(LOG_INFO,"Aggregation mode isn't yet implemented\n");
247	}
248	if (strncmp("R", lineCopy, 1) == 0){
249	tmp->fieldToRecord = addFields(tmp->fieldToRecord, lineCopy);
250	}
251	cptLine++;
252	}
253	/ tmp->prev = NULL; /
254	}
255	tmp2 = tmp;
256	for ( ; tmp2; tmp2=tmp2->next) {
257	if (tmp2->next) {
258	tmp2->next->prev = tmp2;
259	}
260	}
261	fclose(ruleFile);
262	return tmp;
263	}
264
265	RulesPtr
266	getLightRules(RulesPtr rPtr, char *filename)
267	{
268	FILE *ruleFile;
269	RulesPtr tmp = NULL;
270	RulesPtr tmp2 = NULL;
271	time_t hour;
272	char line[512];
273	char lineCopy[512];
274	char str1[256];
275	char str2[256];
276	char strTok[1];
277	char strName[100];
278	char strOutputType[20];
279	int cptLine;
280
281	if (!(ruleFile = fopen(filename, "r"))) {
282	syslog(LOG_ERR, "error during %s opening\n", filename);
283	exit(1);
284	}
285	cptLine=0;
286	time (& hour);
287	/ tmp->begin = localtime (& hour); /
288	/ tmp->end = localtime (& hour); /
289	/ strptime( begin, "%Y%m%d%H%M%S", & tmp->begin); /
290	/ strptime( end, "%Y%m%d%H%M%S", & tmp->end); /
291	while ( fgets(line, 512, ruleFile) != 0) {
292	if ( strspn(line, "#") == 0 ) {
293	strcpy(lineCopy, line);
294	fprintf(stderr,"ligne en cours : %d\n", cptLine);
295	if (strncmp("N", lineCopy, 1) == 0){
296	if (sscanf(line, "%1s %s\n",
297	strTok,
298	strName) == 0) {
299	syslog(LOG_ERR, "Error in file %s, line %d\n",
300	filename, cptLine);
301	exit(1);
302	} else {
303	rPtr = tmp;
304	tmp = NULL;
305	tmp = (RulesPtr) malloc(sizeof(struct Rules));
306	if (tmp==NULL) {
307	syslog(LOG_ERR, "ERROR in malloc in getRule function\n");
308	exit(1);
309	} else {
310	tmp->id = getNewId(rPtr);
311	tmp->def = NULL;
312	tmp->fieldToRecord = NULL;
313	tmp->host = NULL;
314	tmp->fileName = NULL;
315	tmp->db = NULL;
316	tmp->next = rPtr;
317	tmp->prev = NULL;
318	}
319	tmp->ruleName = (char ) malloc((strlen(strName)+1)sizeof(char));
320	strcpy(tmp->ruleName, strName);
321	}
322	}
323	if (strncmp("O", lineCopy, 1) == 0){
324	if (sscanf(line, "%1s %s %s %s\n",
325	strTok,
326	strOutputType,
327	str1,
328	str2) == 0) {
329	syslog(LOG_ERR, "Error in file %s, line %d\n",
330	filename, cptLine);
331	exit(1);
332	} else {
333	/ switch output type /
334	if (strcmp("file", strOutputType) == 0){
335	tmp->type = 1;
336	}
337	if (strcmp("socket", strOutputType) == 0){
338	tmp->type = 2;
339	}
340	if (strcmp("base", strOutputType) == 0){
341	tmp->type = 3;
342	}
343	}
344	}
345	if (strncmp("C", lineCopy, 1) == 0){
346	tmp->def = addRuleDef(tmp->def, lineCopy);
347	}
348	if (strncmp("A", lineCopy, 1) == 0){
349	syslog(LOG_INFO,"Aggregation mode isn't yet implemented");
350	}
351	if (strncmp("R", lineCopy, 1) == 0){
352	tmp->fieldToRecord = addFields(tmp->fieldToRecord, lineCopy);
353	}
354	cptLine++;
355	fprintf(stderr,"ligne : %d\n", cptLine);
356	}
357	}
358	tmp2 = tmp;
359	for ( ; tmp2; tmp2=tmp2->next) {
360	if (tmp2->next) {
361	tmp2->next->prev = tmp2;
362	}
363	}
364	fclose(ruleFile);
365	return tmp;
366	}
367
368	FilePtr
369	addFileDef(FilePtr fPtr, char str1, char* *str2)
370	{
371	/ fprintf(stderr,"add file def: %s %s \n", str1, str2); /
372	return NULL;
373	}
374
375	RemoteHostPtr
376	addRemoteHostDef(RemoteHostPtr rPtr, char str1, char* *str2)
377	{
378	RemoteHostPtr tmp = NULL;
379	tmp = (RemoteHostPtr) malloc(sizeof(struct RemoteHost));
380	if (tmp==NULL) {
381	syslog(LOG_ERR, "ERROR in malloc in addRemoteHostDef function");
382	exit(1);
383	} else {
384	tmp->hostAddressPtr = (struct sockaddr_storage*)
385	malloc(sizeof(struct sockaddr_storage));
386	if (tmp->hostAddressPtr==NULL) {
387	syslog(LOG_ERR, "ERROR in malloc in addRemoteHostDef function");
388	exit(1);
389	} else {
390	if ((tmp->sockId=create_socket( str1, str2, tmp->hostAddressPtr))==0)
391	return NULL;
392	tmp->next = rPtr;
393	}
394	}
395	return tmp;
396	}
397
398	DbPtr
399	addDataBase(DbPtr dPtr, char str1, char* *str2){
400	syslog(LOG_INFO,"DB output not in this release");
401	return NULL;
402	}
403
404	FieldPtr
405	addFields (FieldPtr fp, char *ftr)
406	{
407	/ for each token "R" in the tests string /
408	/ build a field structure /
409	/ return a list of field /
410	static char * fields;
411	fields = strtok(ftr, "R");
412	while (fields != NULL) {
413	unsigned short type;
414	unsigned short length;
415	if (sscanf(fields, " %hu %hu ", &type, &length) == 0) {
416	syslog(LOG_ERR,
417	"Errors in definition of fields to record: wrong syntax");
418	exit(1);
419	} else {
420	if (type == 0){
421	return NULL; / all fields must be recorded /
422	} else {
423	fp = addField(fp, type, length);
424	}
425	}
426	fields = strtok(NULL, "R");
427	}
428	return fp;
429	}
430
431	RuleDefPtr
432	addRuleDef(RuleDefPtr rdPtr, char *tests)
433	{
434	/ for each token "C" in the tests string /
435	/ build a rule_def struct /
436	/ return the list of rule_def /
437	RuleDefPtr tmp = NULL;
438	static char * fields;
439	unsigned short operatorToNumber = 0;
440
441	fields = strtok(tests, "C");
442	while (fields != NULL) {
443	static unsigned short ft;
444	char operator[2];
445	char value[42];
446	tmp = (RuleDefPtr) malloc(sizeof(struct RuleDef));
447	if (tmp==NULL) {
448	syslog(LOG_ERR, "ERROR in malloc in addRuleDef function");
449	exit(1);
450	} else {
451	if (sscanf(fields, " %hu %1s %s", &ft, operator, value)==0) {
452	syslog(LOG_ERR, "Errors in Tests definition : wrong syntax");
453	exit(1);
454	}
455	/ operator possibilities : > < = b t (belong, table) /
456	if (strcmp(operator,">")==0) {
457	operatorToNumber = 0; / FIXME why operatorToNumber ? /
458	tmp->operator = 0;
459	}
460	if (strcmp(operator,"<")==0) {
461	operatorToNumber = 1;
462	tmp->operator = 1;
463	}
464	if (strcmp(operator,"=")==0) {
465	operatorToNumber = 2;
466	tmp->operator = 2;
467	}
468	tmp->fieldType = ft;
469	tmp->value = NULL;
470	if ((ft==1) \|\| (ft==25)){
471	tmp->value = addValue(tmp->value, operatorToNumber, value);
472	} else if ((ft==8) \|\| (ft==12) \|\| (ft==15) \|\| (ft==18) ){
473	tmp->value = addAddress(tmp->value, operatorToNumber, value);
474	} else if ((ft==27) \|\| (ft==28) \|\| (ft==62) \|\| (ft==63) ){
475	tmp->value = addV6Address(tmp->value, operatorToNumber, value);
476	} else if ((ft==60)){
477	tmp->value = addCValue(tmp->value, operatorToNumber, value);
478	} else {
479	syslog(LOG_INFO,
480	"You can't compare the field <%hu> in this release, sorry",
481	ft);
482	}
483	tmp->check = 0;
484	tmp->next = rdPtr;
485	if (rdPtr!=NULL) { rdPtr->prev = tmp;}
486	tmp->prev = NULL;
487	rdPtr=tmp;
488	}
489	fields = strtok(NULL, "C");
490	}
491	return tmp;
492	}
493
494	ValuesPtr
495	addAddress(ValuesPtr vPtr, unsigned short op, char *val)
496	{
497	ValuesPtr tmp;
498	unsigned short v0, v1, v2, v3;
499	unsigned char buffer4[4];
500	/ static unsigned short mask; /
501	tmp = (ValuesPtr) malloc(sizeof(struct Values));
502	if (tmp==NULL) {
503	syslog(LOG_ERR, "ERROR in malloc in addAddress function");
504	exit(1);
505	} else {
506	if (sscanf(val, "%hu.%hu.%hu.%hu", &v0, &v1, &v2, &v3) == 0) {
507	syslog(LOG_ERR, "Errors in Tests definition : wrong IPv4 value");
508	exit(1);
509	}
510	buffer4[3] = (unsigned char)v0;
511	buffer4[2] = (unsigned char)v1;
512	buffer4[1] = (unsigned char)v2;
513	buffer4[0] = (unsigned char)v3;
514	tmp->valueLength = 4;
515	tmp->stor.lvalue = ((unsigned* long*)(&buffer4));
516	tmp->mask = 32;
517	tmp->next = vPtr;
518	}
519	return tmp;
520	}
521
522	ValuesPtr
523	addV6Address(ValuesPtr vPtr, unsigned short op, char *val)
524	{
525	ValuesPtr tmp;
526	struct in6_addr v6addr;
527	char netw_form[16];
528	int result;
529	static char value[30];
530	static char mask[4];
531	static char *token;
532	int lg = 0;
533	int lgMask = 0;
534	tmp = (ValuesPtr) malloc(sizeof(struct Values));
535	if (tmp==NULL) {
536	syslog(LOG_ERR, "ERROR in malloc in addV6Address function");
537	exit(1);
538	} else {
539	if ( (token=memccpy(value, val, '/', strlen(val)))==NULL) {
540	/ address case /
541	fprintf(stderr,"address case\n");
542	result = inet_pton(AF_INET6, val, netw_form);
543	switch(result) {
544	case 0 :
545	syslog(LOG_ERR," inet_pton : Invalid IPv6 Address");
546	exit(1);
547	break;
548	case -1:
549	syslog(LOG_ERR," inet_pton : AF unknown");
550	exit(1);
551	break;
552	}
553	memcpy(&v6addr, netw_form, sizeof(netw_form));
554	tmp->valueLength = 16;
555	tmp->mask = 128;
556	tmp->stor.tabAdd6[0] = v6addr.s6_addr32[0];
557	tmp->stor.tabAdd6[1] = v6addr.s6_addr32[1];
558	tmp->stor.tabAdd6[2] = v6addr.s6_addr32[2];
559	tmp->stor.tabAdd6[3] = v6addr.s6_addr32[3];
560	tmp->next = vPtr;
561	} else {
562	fprintf(stderr,"prefix case\n");
563	lg = strlen(value);
564	lgMask = strlen(token);
565	value[lg-1-lgMask] = '\0';
566	strcpy( mask, strchr(val,'/')+1);
567	fprintf(stderr,"apres strcpy: %s et %d\n", value, atoi(mask));
568	result = inet_pton(AF_INET6, value, netw_form);
569	switch(result) {
570	case 0 :
571	syslog(LOG_ERR," inet_pton : Invalid IPv6 Address");
572	exit(1);
573	break;
574	case -1:
575	syslog(LOG_ERR," inet_pton : AF unknown");
576	exit(1);
577	break;
578	}
579	memcpy(&v6addr, netw_form, sizeof(netw_form));
580	tmp->valueLength = 16;
581	fprintf(stderr,"ici\n");
582	tmp->mask = atoi(mask);
583	fprintf(stderr,"la %hu\n", tmp->mask);
584	tmp->stor.tabAdd6[0] = v6addr.s6_addr32[0];
585	tmp->stor.tabAdd6[1] = v6addr.s6_addr32[1];
586	tmp->stor.tabAdd6[2] = v6addr.s6_addr32[2];
587	tmp->stor.tabAdd6[3] = v6addr.s6_addr32[3];
588	tmp->next = vPtr;
589	fprintf(stderr,"plus la\n");
590	}
591	}
592	return tmp;
593	}
594
595	ValuesPtr
596	addValue(ValuesPtr vPtr, unsigned short op, char *val)
597	{
598	ValuesPtr tmp;
599	char value[10];
600
601	tmp = (ValuesPtr) malloc(sizeof(struct Values));
602	if (tmp==NULL) {
603	syslog(LOG_ERR, "ERROR in malloc in addValue function");
604	exit(1);
605	} else {
606	if (sscanf(val, "%s", value) == 0) {
607	syslog(LOG_ERR, "Errors in Tests definition : wrong short value");
608	exit(1);
609	}
610	tmp->valueLength = 2;
611	tmp->stor.svalue = (unsigned short) atoi(value);
612	tmp->next = vPtr;
613	}
614	return tmp;
615	}
616
617	ValuesPtr
618	addCValue(ValuesPtr vPtr, unsigned short op, char *val)
619	{
620	ValuesPtr tmp;
621	char value[10];
622
623	tmp = (ValuesPtr) malloc(sizeof(struct Values));
624	if (tmp==NULL) {
625	syslog(LOG_ERR, "ERROR in malloc in addValue function");
626	exit(1);
627	} else {
628	if (sscanf(val, "%s", value) == 0) {
629	syslog(LOG_ERR, "Errors in Tests definition : wrong char value");
630	exit(1);
631	}
632	tmp->valueLength = 1;
633	tmp->stor.cvalue = (unsigned short) atoi(value);
634	tmp->next = vPtr;
635	}
636	return tmp;
637	}

Note: See TracBrowser for help on using the browser.

Context Navigation

root/trunk/src/rules_mgmt.c @ 12

Download in other formats: