sfportobject.c

著名的入侵检测系统snort的最新版本的源码

        for(poi=(PortObjectItem*)sflist_firstpos(po->item_list,&pos);
            poi != 0;
            poi=(PortObjectItem*)sflist_nextpos(po->item_list,&pos) )
		{
            if( !( poi->flags & PORT_OBJECT_NOT_FLAG)  )
                continue; /* should not happen */
         
            if( poi->type == PORT_OBJECT_PORT  ) 
			{
              if( parray[poi->lport] ) 
				  cnt--;
              parray[poi->lport] =0;
			}

            else if( poi->type == PORT_OBJECT_RANGE )
			{
              int k;

              for(k=poi->lport;k<=poi->hport;k++)
              {
                 if( parray[k] )
		     cnt--;
                 parray[k] = 0;
              }
			}
		}
	}

     *nports = cnt;
         
     return parray; 
}
             
/*
 *  Make a list of ports form the char array, each char is either 
 *  on or off.
 */
static 
SF_LIST * PortObjectItemListFromCharPortArray( char * parray, int n )
{
   int i, lport ,hport;
   SF_LIST        * plist;
   PortObjectItem * poi;

   plist = sflist_new();
   if( !plist )
       return 0;

   for(i=0;i<n;i++)
   {
       if( parray[i] == 0 ) continue;

       /* Either a port or the start of a range */
       lport = hport = i;

       for(i++;i<n;i++) 
       {
           if( parray[i] )
           {
               hport = i;
               continue;
           }
           break;
      }
   
      poi = PortObjectItemNew();
      if( !poi )
      {
          sflist_free_all(plist,free);
          return 0;
      }

      if( hport == lport ) 
      {
          poi->type = PORT_OBJECT_PORT;
          poi->lport = (unsigned short)lport;
      }
      else
      {
          poi->type = PORT_OBJECT_RANGE;
          poi->lport =(unsigned short)lport;
          poi->hport =(unsigned short)hport;
      }
   
      if( sflist_add_tail( plist, poi ) )
      {
          sflist_free_all( plist, free );
          return 0;
      }
   }
  
   return plist;
}
          
/*
 *  Removes Ports in B from A ... A = A - B
 */
int PortObjectRemovePorts( PortObject * a,  PortObject * b )
{
     int i;
     int nportsa;
     int nportsb;
     SF_LIST * plist;
     static char pA[SFPO_MAX_PORTS];
     static char pB[SFPO_MAX_PORTS];
     
     memset(pA,0,SFPO_MAX_PORTS);
     memset(pB,0,SFPO_MAX_PORTS);
     
     /* Create a char array of ports */
     PortObjectCharPortArray ( pA, a, &nportsa );
     
     /* Create a char array of ports */
     PortObjectCharPortArray ( pB, b, &nportsb );

     for(i=0;i<SFPO_MAX_PORTS;i++)
     {
        if( pB[i] ) pA[i] = 0; /* remove portB from A */
     }
     
     /* Convert the array into a Port Object list */
     plist = PortObjectItemListFromCharPortArray( pA, SFPO_MAX_PORTS );
     
     /* Release the old port list */
     sflist_free_all( a->item_list, free );
     
     /* Replace the old PortObject list */
     a->item_list = plist;

     return 0;
}

/*
 *   Normalize a port object 
 *   
 *   The reduces multiple references to a given port to a single unique reference
 *   This function should be used on each PortObject, once it's completed. After
 *   the normalized PortObject is created, the input PortObject may be deleted.
 */
int  PortObjectNormalize (PortObject * po )
{
     SF_LIST * plist;
     int nports = 0; 
    
     static char parray[SFPO_MAX_PORTS];
  
     if( PortObjectHasAny ( po ) )
     {
         return  0; /* ANY =65K */
     }
	 
     memset(parray,0,SFPO_MAX_PORTS);
  
     /* Create a char array of ports */
     PortObjectCharPortArray ( parray, po, &nports );
  
     /* Convert the array into a Port Object list */
     plist = PortObjectItemListFromCharPortArray( parray, SFPO_MAX_PORTS );
     if( !plist ) 
         return -1; 
             
     /* Release the old port list */
     sflist_free_all( po->item_list, free );
     
     /* Replace the old PortObject list */
     po->item_list = plist;
     
     return nports;
}

/*
*    Negate an entire PortObject
*/
int  PortObjectNegate (PortObject * po )
{
	 int i;
     SF_LIST * plist;
     int nports = 0; 
    
     static char parray[SFPO_MAX_PORTS];
  
     if( PortObjectHasAny ( po ) )
     {
         return  0; /* ANY =65K */
     }
	 
     memset(parray,0,SFPO_MAX_PORTS);
  
     /* Create a char array of ports */
     PortObjectCharPortArray ( parray, po, &nports );

	 for(i=0;i<SFPO_MAX_PORTS;i++)
	 {
		 if(  parray[i] ) /* negate */
			  parray[i] = 0;
		 else 
			  parray[i] = 1; 
	 }
  
     /* Convert the array into a Port Object list */
     plist = PortObjectItemListFromCharPortArray( parray, SFPO_MAX_PORTS );
     
     /* Release the old port list */
     sflist_free_all( po->item_list, free );
     
     /* Replace the old PortObject list */
     po->item_list = plist;
     
     return nports;
}


/* 
   PortObjects should be normalized, prior to testing
*/
static
int PortObjectItemsEqual(PortObjectItem * a, PortObjectItem * b ) 
{
    if( a->type != b->type )
        return 0;

    switch( a->type )
    {
        case PORT_OBJECT_ANY:
            return 1;
        case PORT_OBJECT_PORT:
            if( a->lport == b->lport )
                return 1;
            break;
        case PORT_OBJECT_RANGE:
            if( a->lport == b->lport && a->hport == b->hport )
                return 1;
            break;
    }

    return 0;
}

/* 
   PortObjects should be normalized, prior to testing
*/
int PortObjectEqual( PortObject * a, PortObject *b )
{
    PortObjectItem *pa;
    PortObjectItem *pb;
	SF_LNODE * posa;
	SF_LNODE * posb;
    
    if( a->item_list->count != b->item_list->count )
        return 0;
    
    pa = (PortObjectItem*)sflist_firstpos(a->item_list,&posa);
    pb = (PortObjectItem*)sflist_firstpos(b->item_list,&posb);
    
    while( pa && pb )
    {
      if( !PortObjectItemsEqual( pa, pb) )
          return 0;
      
      pa = (PortObjectItem*)sflist_nextpos(a->item_list,&posa);
      pb = (PortObjectItem*)sflist_nextpos(b->item_list,&posb);
    }
    
    if( pa || pb ) /* both are not done - cannot match */
        return 0;
    
    return 1; /* match */
}

/*
   Dup and Append PortObjectItems from pob to poa
*/
PortObject * PortObjectAppend(PortObject * poa, PortObject * pob )
{
   PortObjectItem * poia;
   PortObjectItem * poib;
   
   for( poib = (PortObjectItem*) sflist_first(pob->item_list);
        poib!= 0;
        poib = (PortObjectItem*)sflist_next(pob->item_list) )
   {
       poia = PortObjectItemNew();
	  
       if(!poia)
		   return 0;
       
       memcpy(poia,poib,sizeof(PortObjectItem));
      
       sflist_add_tail(poa->item_list,poia);
   }
   return poa;
}
/* Dup and append rule list numbers from pob to poa */
PortObject * PortObjectAppendRules(PortObject * poa, PortObject * pob )
{
   int * prid;
   int * prid2;
   SF_LNODE * lpos;
   
   for( prid = (int*) sflist_firstpos(pob->rule_list,&lpos);
        prid!= 0;
        prid = (int*)sflist_nextpos(pob->rule_list,&lpos) )
   {
       prid2 = calloc( 1, sizeof(int));
       if( !prid2 )
           return 0;
       *prid2 = *prid;
       sflist_add_tail(poa->rule_list,prid2);
   }
   return poa;
}
/* Dup and append rule list numbers from pob to poa */
PortObject2 * PortObjectAppendRules2(PortObject2 * poa, PortObject * pob )
{
   int * prid;
   int * prid2;
   SF_LNODE * lpos;
   
   for( prid = (int*) sflist_firstpos(pob->rule_list,&lpos);
        prid!= 0;
        prid = (int*)sflist_nextpos(pob->rule_list,&lpos) )
   {
       prid2 = calloc( 1, sizeof(int));
       if( !prid2 )
           return 0;
       *prid2 = *prid;
       if( sfghash_add(poa->rule_hash,prid2,prid2) != SFGHASH_OK )
       {
           free(prid2);
       }
   }
   return poa;
}
/* Dup and append rule list numbers from pob to poa */
PortObject2 * PortObjectAppendRules3(PortObject2 * poa, PortObject2 * pob )
{
   int * prid;
   int * prid2;
   SFGHASH_NODE * node;
   
   for( node = sfghash_findfirst(pob->rule_hash);
        node!= NULL;
        node = sfghash_findnext(pob->rule_hash) )
   {
       prid = node->data;
       if( !prid )
          continue;

       prid2 = calloc( 1, sizeof(int));
       if( !prid2 )
           return 0;
       
       *prid2 = *prid;
       if( sfghash_add(poa->rule_hash,prid2,prid2) != SFGHASH_OK )
       {
         free( prid2 );
       }
   }
   return poa;
}
/*
 *  Append Ports and Rules from pob to poa
 */
PortObject * PortObjectAppendEx(PortObject * poa, PortObject * pob )
{
   // LogMessage("PortObjectAppendEx: appending ports\n");
   if( !PortObjectAppend( poa, pob ) ) return 0;
   
   //LogMessage("PortObjectAppendEx: appending rules\n");
   if( !PortObjectAppendRules( poa, pob ) ) return 0;

   return poa;
}
/*
 *  Append Ports and Rules from pob to poa
 */
PortObject2 * PortObjectAppendEx2(PortObject2 * poa, PortObject * pob )
{
   // LogMessage("PortObjectAppendEx: appending ports\n");
   if( !PortObjectAppend((PortObject*) poa, pob ) ) return 0;

  //  LogMessage("PortObjectAppendEx: appending rules\n");
   if( !PortObjectAppendRules2( poa, pob ) ) return 0;

   return poa;
}

/*
    PORT TABLE FUNCTIONS
*/

/*
    Create a new table
*/
PortTable * PortTableNew(void)
{
    PortTable *  p;

    p = (PortTable*) calloc(1,sizeof(PortTable));
    if(!p)
        return 0;

	p->pt_polist = sflist_new();
    if(!p->pt_polist )
    {
        free(p);
        return 0;
    }
    
	p->pt_lrc      =  PTBL_LRC_DEFAULT; /* 10 rules, user should really control these */
	p->pt_optimize =  1; /* if disabled, only one merged rule group is used */

    return p;
}
PortObject * PortTableFindInputPortObjectName(PortTable * pt, char * po_name)
{
	SF_LNODE  * lpos;
    PortObject * po;

    if( !pt ) return NULL;
    if( !po_name ) return NULL;
    
    /* Normalize each of the input port objects */
	for(po =(PortObject*)sflist_firstpos(pt->pt_polist,&lpos);
	    po!=0;
	    po =(PortObject*)sflist_nextpos(pt->pt_polist,&lpos) )
	{
        if( po->name )
        {
            if( strcmp(po->name,po_name)==0 )
            {
                return po;
            }
        }
    }
    return NULL; 
}

/* 
 * Find PortObject by PortItem Info 
 */
PortObject * PortTableFindInputPortObjectPorts( PortTable * pt, PortObject * pox )
{
	SF_LNODE  * lpos;
    PortObject * po;

    if( !pt ) return NULL;
    if( !pox ) return NULL;
    
	for(po =(PortObject*)sflist_firstpos(pt->pt_polist,&lpos);
	    po!=0;
	    po =(PortObject*)sflist_nextpos(pt->pt_polist,&lpos) )
	{
        if( PortObjectEqual( po, pox ) )
        {
            return po;
        }
    }
    return NULL; 
}


int PortTableNormalizeInputPortObjects( PortTable *p )
{
	SF_LNODE  * lpos;
    PortObject * po;

    /* Normalize each of the input port objects */
	for(po =(PortObject*)sflist_firstpos(p->pt_polist,&lpos);
	    po!=0;
	    po =(PortObject*)sflist_nextpos(p->pt_polist,&lpos) )
	{
        PortObjectNormalize(po);
    }
 return 0;
}

int PortObjectAddRule( PortObject * po , int rule )
{
    int * pruleid;
  
    //LogMessage("Adding Rule %d to Port Object '%s'\n",rule,po->name);
    if( !po )
        return -1;

    if( !po->rule_list )
        return -1;

    /* Add rule index to rule list */
    pruleid = calloc(1,sizeof(int));
    if( !pruleid )
    {
      return -1;
    }
    
    *pruleid = rule;
    
    sflist_add_tail( po->rule_list, pruleid );

    return 0; 
}

/*
    Add Users PortObjects to the Table

    We save the users port object, so it's no longer the users.
*/
int PortTableAddObject( PortTable *p, PortObject * po )
{
	SF_LNODE   * lpos;
    PortObject * pox;