Context Navigation

rules_mgmt.c @ 6

Revision 2, 14.5 KB (checked in by andreu, 17 years ago)
First RENETCOL CVS Integration
Property svn:eol-style set to `native`

Line
1	/*
2	* File: rules_mgmt.c
3	*
4	* Authors: ANDREU François-Xavier
5	*
6	* Copyright (C) 2005 GIP RENATER
7	*/
8
9	/ This file is part of renetcol.*
10	*
11	* renetcol is free software; you can redistribute it and/or modify
12	* it under the terms of the GNU General Public License as published by
13	* the Free Software Foundation; either version 2 of the License, or
14	* (at your option) any later version.
15	*
16	* renetcol is distributed in the hope that it will be useful,
17	* but WITHOUT ANY WARRANTY; without even the implied warranty of
18	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19	* GNU General Public License for more details.
20	*
21	* You should have received a copy of the GNU General Public License
22	* along with renetcol; if not, write to the Free Software
23	* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
24	*/
25
26	#include <syslog.h>
27	#include "rules_mgmt.h"
28
29	void
30	printRuleDef(RuleDefPtr rdPtr)
31	{
32	if (rdPtr != NULL){
33	fprintf(stderr, " ft: %hu\n", rdPtr->fieldType);
34	fprintf(stderr, " check: %hu\n", rdPtr->check);
35	fprintf(stderr, " operator: %hu\n", rdPtr->operator);
36	if (rdPtr->value!=NULL) {
37	switch (rdPtr->value->valueLength){
38	case 1:
39	fprintf(stderr, " char value: %hu\n", rdPtr->value->stor.cvalue);
40	break;
41	case 2:
42	fprintf(stderr, " short value: %hu\n", rdPtr->value->stor.svalue);
43	break;
44	case 4:
45	fprintf(stderr, " long value: %lu\n", rdPtr->value->stor.lvalue);
46	break;
47	case 16:
48	fprintf(stderr, " 16 bytes : ");
49	fprintf(stderr, "%hx:", ntohl(rdPtr->value->stor.tabAdd6[0])>>16);
50	fprintf(stderr, "%hx:", ntohl(rdPtr->value->stor.tabAdd6[0])<<16>>16);
51	fprintf(stderr, "%hx:", ntohl(rdPtr->value->stor.tabAdd6[1])>>16);
52	fprintf(stderr, "%hx:", ntohl(rdPtr->value->stor.tabAdd6[1])<<16>>16);
53	fprintf(stderr, "%hx:", ntohl(rdPtr->value->stor.tabAdd6[2])>>16);
54	fprintf(stderr, "%hx:", ntohl(rdPtr->value->stor.tabAdd6[2])<<16>>16);
55	fprintf(stderr, "%hx:", ntohl(rdPtr->value->stor.tabAdd6[3])>>16);
56	fprintf(stderr, "%hx\n", ntohl(rdPtr->value->stor.tabAdd6[3])<<16>>16);
57	break;
58	default:
59	fprintf(stderr," no check\n");
60	break;
61	}
62	} else {
63	fprintf(stderr," no check\n");
64	}
65	printRuleDef(rdPtr->next);
66	}
67	}
68
69	void
70	printRule(RulesPtr rPtr)
71	{
72	if (rPtr!=NULL){
73	fprintf(stderr, "\nid: %hu\n", rPtr->id);
74	fprintf(stderr, "Name: %s\n", rPtr->ruleName);
75	/ puts (asctime (& rPtr->begin)); /
76	/ puts (asctime (& rPtr->end)); /
77	printRuleDef(rPtr->def);
78	if (rPtr->host){
79	printHostDef(rPtr->host);
80	}
81	invPrintFieldSet(rPtr->fieldToRecord);
82	printRule(rPtr->next);
83	}
84	}
85
86	/*
87	*
88	*/
89	unsigned short
90	getNewId(RulesPtr rPtr){
91	RulesPtr tmp = rPtr;
92	unsigned short ctr = 0;
93
94	while (tmp){
95	if (tmp->id > ctr){
96	ctr = tmp->id;
97	}
98	tmp = tmp->next;
99	}
100	return ctr+1;
101	}
102
103	void
104	freeValue(ValuesPtr vPtr)
105	{
106	free(vPtr);
107	vPtr = NULL;
108	}
109
110	void
111	freeRuleDef(RuleDefPtr rdPtr)
112	{
113	RuleDefPtr tmp;
114	if (rdPtr) {
115	tmp = rdPtr->next;
116	freeValue(rdPtr->value);
117	free(rdPtr);
118	rdPtr = NULL;
119	freeRuleDef(tmp);
120	}
121	}
122
123	void
124	freeRule(RulesPtr rPtr)
125	{
126	if (rPtr->def) {freeRuleDef(rPtr->def);}
127	if (rPtr->fieldToRecord) {freeField(rPtr->fieldToRecord);}
128	if (rPtr->host) {freeRemoteHost(rPtr->host);}
129	if (rPtr->fileName) {freeFile(rPtr->fileName);}
130	if (rPtr->db) {freeDb(rPtr->db);}
131	free(rPtr);
132	rPtr = NULL;
133	}
134
135	RulesPtr
136	delRule(RulesPtr rPtr, RulesPtr firstrPtr)
137	{
138	RulesPtr tmp = NULL;
139	if (rPtr->prev!=NULL) {
140	rPtr->prev->next = rPtr->next;
141	if (rPtr->next) {rPtr->next->prev = rPtr->prev;}
142	freeRule(rPtr);
143	return firstrPtr;
144	} else {
145	if (rPtr->next) {
146	rPtr->next->prev = NULL;
147	tmp = rPtr->next;
148	}
149	freeRule(rPtr);
150	return tmp;
151	}
152	}
153
154	RulesPtr
155	getRules(RulesPtr rPtr, char *filename)
156	{
157	FILE *ruleFile;
158	RulesPtr tmp = NULL;
159	time_t hour;
160	char line[512];
161	char lineCopy[512];
162	char str1[256];
163	char str2[256];
164	char strTok[1];
165	char strName[100];
166	char strOutputType[20];
167	int cptLine;
168
169	if (!(ruleFile = fopen(filename, "r"))) {
170	fprintf (stderr, "error during %s opening\n", filename);
171	exit(1);
172	}
173	cptLine=0;
174	time (& hour);
175	/ tmp->begin = localtime (& hour); /
176	/ tmp->end = localtime (& hour); /
177	/ strptime( begin, "%Y%m%d%H%M%S", & tmp->begin); /
178	/ strptime( end, "%Y%m%d%H%M%S", & tmp->end); /
179	while ( fgets(line, 512, ruleFile) != 0) {
180	if ( strspn(line, "#") == 0 ) {
181	strcpy(lineCopy, line);
182	if (strncmp("N", lineCopy, 1) == 0){
183	if (sscanf(line, "%1s %s\n",
184	strTok,
185	strName) == 0) {
186	fprintf(stderr, "Error in file %s, line %d\n",
187	filename, cptLine);
188	exit(1);
189	} else {
190	rPtr = tmp;
191	tmp = NULL;
192	tmp = (RulesPtr) malloc(sizeof(struct Rules));
193	if (tmp==NULL) {
194	fprintf(stderr, "ERROR in malloc in getRule function\n");
195	exit(1);
196	} else {
197	tmp->id = getNewId(rPtr);
198	tmp->def = NULL;
199	tmp->fieldToRecord = NULL;
200	tmp->host = NULL;
201	tmp->fileName = NULL;
202	tmp->db = NULL;
203	tmp->next = rPtr;
204	tmp->prev = NULL;
205	}
206	tmp->ruleName = (char ) malloc((strlen(strName)+1)sizeof(char));
207	strcpy(tmp->ruleName, strName);
208	}
209	}
210	if (strncmp("O", lineCopy, 1) == 0){
211	if (sscanf(line, "%1s %s %s %s\n",
212	strTok,
213	strOutputType,
214	str1,
215	str2) == 0) {
216	fprintf(stderr, "Error in file %s, line %d\n",
217	filename, cptLine);
218	exit(1);
219	} else {
220	/ switch output type /
221	if (strcmp("file", strOutputType) == 0){
222	tmp->type = 1;
223	tmp->fileName = addFileDef(tmp->fileName, str1, str2);
224	}
225	if (strcmp("socket", strOutputType) == 0){
226	tmp->type = 2;
227	tmp->host = addRemoteHostDef(tmp->host, str1, str2);
228	}
229	if (strcmp("base", strOutputType) == 0){
230	tmp->type = 3;
231	tmp->db = addDataBase(tmp->db, str1, str2);
232	}
233	}
234	}
235	if (strncmp("C", lineCopy, 1) == 0){
236	tmp->def = addRuleDef(tmp->def, lineCopy);
237	}
238	if (strncmp("A", lineCopy, 1) == 0){
239	syslog(LOG_INFO,"Aggregation mode isn't yet implemented\n");
240	}
241	if (strncmp("R", lineCopy, 1) == 0){
242	tmp->fieldToRecord = addFields(tmp->fieldToRecord, lineCopy);
243	}
244	cptLine++;
245	}
246	/ if (rPtr!=NULL) { rPtr->prev = tmp;} /
247	/ tmp->prev = NULL; /
248	}
249	return tmp;
250	}
251
252	RulesPtr
253	getLightRules(RulesPtr rPtr, char *filename)
254	{
255	FILE *ruleFile;
256	RulesPtr tmp = NULL;
257	time_t hour;
258	char line[512];
259	char lineCopy[512];
260	char str1[256];
261	char str2[256];
262	char strTok[1];
263	char strName[100];
264	char strOutputType[20];
265	int cptLine;
266
267	if (!(ruleFile = fopen(filename, "r"))) {
268	fprintf (stderr, "error during %s opening\n", filename);
269	exit(1);
270	}
271	cptLine=0;
272	time (& hour);
273	/ tmp->begin = localtime (& hour); /
274	/ tmp->end = localtime (& hour); /
275	/ strptime( begin, "%Y%m%d%H%M%S", & tmp->begin); /
276	/ strptime( end, "%Y%m%d%H%M%S", & tmp->end); /
277	while ( fgets(line, 512, ruleFile) != 0) {
278	if ( strspn(line, "#") == 0 ) {
279	strcpy(lineCopy, line);
280	if (strncmp("N", lineCopy, 1) == 0){
281	if (sscanf(line, "%1s %s\n",
282	strTok,
283	strName) == 0) {
284	fprintf(stderr, "Error in file %s, line %d\n",
285	filename, cptLine);
286	exit(1);
287	} else {
288	rPtr = tmp;
289	tmp = NULL;
290	tmp = (RulesPtr) malloc(sizeof(struct Rules));
291	if (tmp==NULL) {
292	fprintf(stderr, "ERROR in malloc in getRule function\n");
293	exit(1);
294	} else {
295	tmp->id = getNewId(rPtr);
296	tmp->def = NULL;
297	tmp->fieldToRecord = NULL;
298	tmp->host = NULL;
299	tmp->fileName = NULL;
300	tmp->db = NULL;
301	tmp->next = rPtr;
302	tmp->prev = NULL;
303	}
304	tmp->ruleName = (char ) malloc((strlen(strName)+1)sizeof(char));
305	strcpy(tmp->ruleName, strName);
306	}
307	}
308	if (strncmp("O", lineCopy, 1) == 0){
309	if (sscanf(line, "%1s %s %s %s\n",
310	strTok,
311	strOutputType,
312	str1,
313	str2) == 0) {
314	fprintf(stderr, "Error in file %s, line %d\n",
315	filename, cptLine);
316	exit(1);
317	} else {
318	/ switch output type /
319	if (strcmp("file", strOutputType) == 0){
320	tmp->type = 1;
321	}
322	if (strcmp("socket", strOutputType) == 0){
323	tmp->type = 2;
324	}
325	if (strcmp("base", strOutputType) == 0){
326	tmp->type = 3;
327	}
328	}
329	}
330	if (strncmp("C", lineCopy, 1) == 0){
331	tmp->def = addRuleDef(tmp->def, lineCopy);
332	}
333	if (strncmp("A", lineCopy, 1) == 0){
334	syslog(LOG_INFO,"Aggregation mode isn't yet implemented\n");
335	}
336	if (strncmp("R", lineCopy, 1) == 0){
337	tmp->fieldToRecord = addFields(tmp->fieldToRecord, lineCopy);
338	}
339	cptLine++;
340	}
341	/ if (rPtr!=NULL) { rPtr->prev = tmp;} /
342	/ tmp->prev = NULL; /
343	}
344	return tmp;
345	}
346
347	FilePtr
348	addFileDef(FilePtr fPtr, char str1, char* *str2)
349	{
350	fprintf(stderr,"add file def: %s %s \n", str1, str2);
351	return NULL;
352	}
353
354	RemoteHostPtr
355	addRemoteHostDef(RemoteHostPtr rPtr, char str1, char* *str2)
356	{
357	RemoteHostPtr tmp = NULL;
358	tmp = (RemoteHostPtr) malloc(sizeof(struct RemoteHost));
359	if (tmp==NULL) {
360	fprintf(stderr, "ERROR in malloc in addRemoteHostDef function\n");
361	exit(1);
362	} else {
363	tmp->hostAddressPtr = (struct sockaddr_in*)
364	malloc(sizeof(struct sockaddr_in));
365	if (tmp->hostAddressPtr==NULL) {
366	fprintf(stderr, "ERROR in malloc in addRemoteHostDef function\n");
367	exit(1);
368	} else {
369	tmp->sockId = create_socket( str1, atoi(str2), tmp->hostAddressPtr);
370	tmp->next = rPtr;
371	}
372	}
373	return tmp;
374	}
375
376	DbPtr
377	addDataBase(DbPtr dPtr, char str1, char* *str2){
378	fprintf(stderr,"add DB def: %s %s \n", str1, str2);
379	return NULL;
380	}
381
382	FieldPtr
383	addFields (FieldPtr fp, char *ftr)
384	{
385	/ for each token "R" in the tests string /
386	/ build a field structure /
387	/ return a list of field /
388	static char * fields;
389	fields = strtok(ftr, "R");
390	while (fields != NULL) {
391	unsigned short type;
392	unsigned short length;
393	if (sscanf(fields, " %hu %hu ", &type, &length) == 0) {
394	fprintf(stderr,
395	"Errors in definition of fields to record: wrong syntax\n");
396	exit(1);
397	} else {
398	if (type == 0){
399	return NULL; / all fields must be recorded /
400	} else {
401	fp = addField(fp, type, length);
402	}
403	}
404	fields = strtok(NULL, "R");
405	}
406	return fp;
407	}
408
409	RuleDefPtr
410	addRuleDef(RuleDefPtr rdPtr, char *tests)
411	{
412	/ for each token "C" in the tests string /
413	/ build a rule_def struct /
414	/ return the list of rule_def /
415	RuleDefPtr tmp = NULL;
416	static char * fields;
417	unsigned short operatorToNumber = 0;
418
419	fields = strtok(tests, "C");
420	while (fields != NULL) {
421	static unsigned short ft;
422	char operator[2];
423	char value[30];
424	tmp = (RuleDefPtr) malloc(sizeof(struct RuleDef));
425	if (tmp==NULL) {
426	fprintf(stderr, "ERROR in malloc in addRuleDef function\n");
427	exit(1);
428	} else {
429	if (sscanf(fields, " %hu %1s %s ", &ft, operator, value) == 0) {
430	fprintf(stderr, "Errors in Tests definition : wrong syntax\n");
431	exit(1);
432	}
433	/ operator possibilities : > < = b t (belong, table) /
434	if (strcmp(operator,">")==0) {
435	operatorToNumber = 0; / FIXME why operatorToNumber ? /
436	tmp->operator = 0;
437	}
438	if (strcmp(operator,"<")==0) {
439	operatorToNumber = 1;
440	tmp->operator = 1;
441	}
442	if (strcmp(operator,"=")==0) {
443	operatorToNumber = 2;
444	tmp->operator = 2;
445	}
446	tmp->fieldType = ft;
447	tmp->value = NULL;
448	if ((ft==1) \|\| (ft==25)){
449	tmp->value = addValue(tmp->value, operatorToNumber, value);
450	} else if ((ft==8) \|\| (ft==12) \|\| (ft==15) \|\| (ft==18) ){
451	tmp->value = addAddress(tmp->value, operatorToNumber, value);
452	} else if ((ft==27) \|\| (ft==28) \|\| (ft==62) \|\| (ft==63) ){
453	tmp->value = addV6Address(tmp->value, operatorToNumber, value);
454	} else if ((ft==60)){
455	tmp->value = addCValue(tmp->value, operatorToNumber, value);
456	} else {
457	syslog(LOG_INFO,
458	"You can't compare the field <%hu> currently, sorry\n",
459	ft);
460	}
461	tmp->check = 0;
462	tmp->next = rdPtr;
463	if (rdPtr!=NULL) { rdPtr->prev = tmp;}
464	tmp->prev = NULL;
465	rdPtr=tmp;
466	}
467	fields = strtok(NULL, "C");
468	}
469	return tmp;
470	}
471
472	ValuesPtr
473	addAddress(ValuesPtr vPtr, unsigned short op, char *val)
474	{
475	ValuesPtr tmp;
476	unsigned short v0, v1, v2, v3;
477	unsigned char buffer4[4];
478
479	tmp = (ValuesPtr) malloc(sizeof(struct Values));
480	if (tmp==NULL) {
481	fprintf(stderr, "ERROR in malloc in addAddress function\n");
482	exit(1);
483	} else {
484	if (sscanf(val, "%hu.%hu.%hu.%hu", &v0, &v1, &v2, &v3) == 0) {
485	fprintf(stderr, "Errors in Tests definition : wrong IPv4 value\n");
486	exit(1);
487	}
488	buffer4[3] = (unsigned char)v0;
489	buffer4[2] = (unsigned char)v1;
490	buffer4[1] = (unsigned char)v2;
491	buffer4[0] = (unsigned char)v3;
492	tmp->valueLength = 4;
493	tmp->stor.lvalue = ((unsigned* long*)(&buffer4));
494	tmp->next = vPtr;
495	}
496	return tmp;
497	}
498
499	ValuesPtr
500	addV6Address(ValuesPtr vPtr, unsigned short op, char *val)
501	{
502	ValuesPtr tmp;
503	struct in6_addr v6addr;
504	char netw_form[16];
505	int result;
506
507	tmp = (ValuesPtr) malloc(sizeof(struct Values));
508	if (tmp==NULL) {
509	fprintf(stderr, "ERROR in malloc in addV6Address function\n");
510	exit(1);
511	} else {
512	result = inet_pton(AF_INET6, val, netw_form);
513	switch(result) {
514	case 0 :
515	printf(" inet_pton : Invalid IPv6 Address\n");
516	exit(1);
517	break;
518	case -1:
519	printf(" inet_pton : AF unknown \n");
520	exit(1);
521	break;
522	}
523	memcpy(&v6addr, netw_form, sizeof(netw_form));
524	tmp->valueLength = 16;
525	tmp->stor.tabAdd6[0] = v6addr.s6_addr32[0];
526	tmp->stor.tabAdd6[1] = v6addr.s6_addr32[1];
527	tmp->stor.tabAdd6[2] = v6addr.s6_addr32[2];
528	tmp->stor.tabAdd6[3] = v6addr.s6_addr32[3];
529	tmp->next = vPtr;
530	}
531	return tmp;
532	}
533
534	ValuesPtr
535	addValue(ValuesPtr vPtr, unsigned short op, char *val)
536	{
537	ValuesPtr tmp;
538	char value[10];
539
540	tmp = (ValuesPtr) malloc(sizeof(struct Values));
541	if (tmp==NULL) {
542	fprintf(stderr, "ERROR in malloc in addValue function\n");
543	exit(1);
544	} else {
545	if (sscanf(val, "%s", value) == 0) {
546	fprintf(stderr, "Errors in Tests definition : wrong short value\n");
547	exit(1);
548	}
549	tmp->valueLength = 2;
550	tmp->stor.svalue = (unsigned short) atoi(value);
551	tmp->next = vPtr;
552	}
553	return tmp;
554	}
555
556	ValuesPtr
557	addCValue(ValuesPtr vPtr, unsigned short op, char *val)
558	{
559	ValuesPtr tmp;
560	char value[10];
561
562	tmp = (ValuesPtr) malloc(sizeof(struct Values));
563	if (tmp==NULL) {
564	fprintf(stderr, "ERROR in malloc in addValue function\n");
565	exit(1);
566	} else {
567	if (sscanf(val, "%s", value) == 0) {
568	fprintf(stderr, "Errors in Tests definition : wrong char value\n");
569	exit(1);
570	}
571	tmp->valueLength = 1;
572	tmp->stor.cvalue = (unsigned short) atoi(value);
573	tmp->next = vPtr;
574	}
575	return tmp;
576	}

Note: See TracBrowser for help on using the browser.

Context Navigation

root/trunk/src/rules_mgmt.c @ 6

Download in other formats: