📄 rules.c
字号:
* Steve Beaty <beaty@emess.mscd.edu> */ /* * * if the address is the (v4) broadcast address, inet_addr * * returns -1 which usually signifies an error, but in the * * broadcast address case, is correct. we'd use inet_aton() * * here, but it's less portable. */ if(!strncmp(toks[1], "255.255.255.255", 15)) { address_data->netmask = INADDR_BROADCAST; } else if((address_data->netmask = inet_addr(toks[1])) == -1) { FatalError("ERROR %s (%d) => Rule netmask (%s) didn't x-late, WTF?\n", file_name, file_line, toks[1]); } } break; default: FatalError("ERROR %s (%d) => Unrecognized IP address/netmask %s\n", file_name, file_line, addr); break; }#ifndef WORDS_BIGENDIAN /* * since PC's store things the "wrong" way, shuffle the bytes into the * right order. Non-CIDR netmasks are already correct. */ if(cidr) { address_data->netmask = htonl(address_data->netmask); }#endif /* convert names to IP addrs */ if(isalpha((int) toks[0][0])) { /* get the hostname and fill in the host_info struct */ if((host_info = gethostbyname(toks[0]))) { bcopy(host_info->h_addr, (char *) &sin.sin_addr, host_info->h_length); } else if((sin.sin_addr.s_addr = inet_addr(toks[0])) == INADDR_NONE) { FatalError("ERROR %s (%d) => Couldn't resolve hostname %s\n", file_name, file_line, toks[0]); } address_data->ip_addr = ((u_long) (sin.sin_addr.s_addr) & (address_data->netmask)); return 1; } /* convert the IP addr into its 32-bit value */ /* broadcast address fix from Steve Beaty <beaty@emess.mscd.edu> */ /* * * if the address is the (v4) broadcast address, inet_addr returns -1 * * which usually signifies an error, but in the broadcast address case, * * is correct. we'd use inet_aton() here, but it's less portable. */ if(!strncmp(toks[0], "255.255.255.255", 15)) { address_data->ip_addr = INADDR_BROADCAST; } else if((address_data->ip_addr = inet_addr(toks[0])) == -1) { FatalError("ERROR %s (%d) => Rule IP addr (%s) didn't x-late, WTF?\n", file_name, file_line, toks[0]); } else { /* set the final homenet address up */ address_data->ip_addr = ((u_long) (address_data->ip_addr) & (address_data->netmask)); } for(i=0;i<num_toks;i++) { free(toks[i]); } return 0;}/**************************************************************************** * * Function: ParsePort(char *, u_short *) * * Purpose: Convert the port string over to an integer value * * Arguments: prule_port => port rule string * port => converted integer value of the port * * Returns: 0 for a normal port number, 1 for an "any" port * ***************************************************************************/int ParsePort(char *prule_port, u_short * hi_port, u_short * lo_port, char *proto, int *not_flag){ int i; char **toks; /* token dbl buffer */ int num_toks; /* number of tokens found by mSplit() */ char *rule_port; /* port string */ *not_flag = 0; /* check for variable */ if(!strncmp(prule_port, "$", 1)) { if((rule_port = VarGet(prule_port + 1)) == NULL) { FatalError("ERROR %s (%d) => Undefined variable %s\n", file_name, file_line, prule_port); } } else rule_port = prule_port; if(rule_port[0] == '(') { /* user forgot to put a port number in for this rule */ FatalError("[!] ERROR %s(%d) => Bad port number: \"%s\"\n", file_name, file_line, rule_port); } /* check for wildcards */ if(!strncasecmp(rule_port, "any", 3)) { *hi_port = 0; *lo_port = 0; return 1; } if(rule_port[0] == '!') { *not_flag = 1; rule_port++; } if(rule_port[0] == ':') { *lo_port = 0; } toks = mSplit(rule_port, ":", 2, &num_toks, 0); switch(num_toks) { case 1: *hi_port = ConvPort(toks[0], proto); if(rule_port[0] == ':') { *lo_port = 0; } else { *lo_port = *hi_port; if(index(rule_port, ':') != NULL) { *hi_port = 65535; } } break; case 2: *lo_port = ConvPort(toks[0], proto); if(toks[1][0] == 0) *hi_port = 65535; else *hi_port = ConvPort(toks[1], proto); break; default: FatalError("[!] ERROR %s (%d) => port conversion failed on \"%s\"\n", file_name, file_line, rule_port); } for(i=0;i<num_toks;i++) { free(toks[i]); } return 0;}/**************************************************************************** * * Function: ConvPort(char *, char *) * * Purpose: Convert the port string over to an integer value * * Arguments: port => port string * proto => converted integer value of the port * * Returns: the port number * ***************************************************************************/int ConvPort(char *port, char *proto){ int conv; /* storage for the converted number */ struct servent *service_info; /* * convert a "word port" (http, ftp, imap, whatever) to its corresponding * numeric port value */ if(isalpha((int) port[0]) != 0) { service_info = getservbyname(port, proto); if(service_info != NULL) { conv = ntohs(service_info->s_port); return conv; } else { FatalError("ERROR %s (%d) => getservbyname() failed on \"%s\"\n", file_name, file_line, port); } } if(!isdigit((int) port[0])) { FatalError("ERROR %s (%d) => Invalid port: %s\n", file_name, file_line, port); } /* convert the value */ conv = atoi(port); /* make sure it's in bounds */ if((conv >= 0) && (conv < 65536)) { return conv; } else { FatalError("ERROR %s (%d) => bad port number: %s", file_name, file_line, port); } return 0;}/**************************************************************************** * * Function: ParseMessage(char *) * * Purpose: Stuff the alert message onto the rule * * Arguments: msg => the msg string * * Returns: void function * ***************************************************************************/void ParseMessage(char *msg){ char *ptr; char *end; int size; /* figure out where the message starts */ ptr = index(msg, '"'); if(ptr == NULL) { ptr = msg; } else ptr++; end = index(ptr, '"'); if(end != NULL) *end = 0; while(isspace((int) *ptr)) ptr++; /* find the end of the alert string */ size = strlen(msg) + 1; /* alloc space for the string and put it in the rule */ if(size > 0) { otn_tmp->message = strdup(ptr); /*otn_tmp->message = (char *) calloc((sizeof(char) * size), sizeof(char)); strncpy(otn_tmp->message, ptr, size); otn_tmp->message[size] = 0;*/#ifdef DEBUG printf("Rule message set to: %s\n", otn_tmp->message);#endif } else { ErrorMessage("ERROR %s (%d): bad alert message size %d\n", file_name, file_line, size); } return;}/**************************************************************************** * * Function: ParseLogto(char *) * * Purpose: stuff the special log filename onto the proper rule option * * Arguments: filename => the file name * * Returns: void function * ***************************************************************************/void ParseLogto(char *filename){ char *sptr; char *eptr; /* grab everything between the starting " and the end one */ sptr = index(filename, '"'); eptr = strrchr(filename, '"'); if(sptr != NULL && eptr != NULL) { /* increment past the first quote */ sptr++; /* zero out the second one */ *eptr = 0; } else { sptr = filename; } /* malloc up a nice shiny clean buffer */ otn_tmp->logto = (char *) calloc(strlen(sptr) + 1, sizeof(char)); bzero((char *) otn_tmp->logto, strlen(sptr) + 1); strncpy(otn_tmp->logto, sptr, strlen(sptr)+1); return;}/**************************************************************************** * * Function: ParseActivates(char *) * * Purpose: Set an activation link record * * Arguments: act_num => rule number to be activated * * Returns: void function * ****************************************************************************/void ParseActivates(char *act_num){ /* * allocate a new node on the RTN get rid of whitespace at the front of * the list */ while(!isdigit((int) *act_num)) act_num++; otn_tmp->activates = atoi(act_num); return;}/**************************************************************************** * * Function: ParseActivatedBy(char *) * * Purpose: Set an activation link record * * Arguments: act_by => rule number to be activated * * Returns: void function * ****************************************************************************/void ParseActivatedBy(char *act_by){ ActivateList *al_ptr; al_ptr = rtn_tmp->activate_list; if(al_ptr == NULL) { rtn_tmp->activate_list = (ActivateList *) calloc(sizeof(ActivateList), sizeof(char)); if(rtn_tmp->activate_list == NULL) { FatalError("ERROR: ParseActivatedBy() calloc failed: %s\n", strerror(errno)); } al_ptr = rtn_tmp->activate_list; } else { while(al_ptr->next != NULL) { al_ptr = al_ptr->next; } al_ptr->next = (ActivateList *) calloc(sizeof(ActivateList), sizeof(char)); al_ptr = al_ptr->next; if(al_ptr == NULL) { FatalError("ERROR: ParseActivatedBy() calloc failed: %s\n", strerror(errno)); } } /* get rid of whitespace at the front of the list */ while(!isdigit((int) *act_by)) act_by++; /* set the RTN list node number */ al_ptr->activated_by = atoi(act_by); /* set the OTN list node number */ otn_tmp->activated_by = atoi(act_by); return;}void ParseCount(char *num){ while(!isdigit((int) *num)) num++; otn_tmp->activation_counter = atoi(num);#ifdef DEBUG printf("Set activation counter to %d\n", otn_tmp->activation_counter);#endif return;}/**************************************************************************** * * Function: XferHeader(RuleTreeNode *, RuleTreeNode *) * * Purpose: Transfer the rule block header data from point A to point B * * Arguments: rule => the place to xfer from * rtn => the place to xfer to * * Returns: void function * ***************************************************************************/void XferHeader(RuleTreeNode * rule, RuleTreeNode * rtn){ rtn->type = rule->type; rtn->sip = rule->sip; rtn->dip = rule->dip; rtn->hsp = rule->hsp; rtn->lsp = rule->lsp; rtn->hdp = rule->hdp; rtn->ldp = rule->ldp; rtn->flags = rule->flags;}/**************************************************************************** * * Function: TestHeader(RuleTreeNode *, RuleTreeNode *) * * Purpose: Check to see if the two header blocks are identical * * Arguments: rule => uh * rtn => uuuuhhhhh.... * * Returns: 1 if they match, 0 if they don't * ***************************************************************************/int TestHeader(RuleTreeNode * rule, RuleTreeNode * rtn){ IpAddrSet *rul⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -