ipaddrset.c

著名的入侵检测系统snort的最新版本的源码

                }
                else
                {
                    FatalError("ERROR %s(%d): Invalid CIDR block for IP addr "
                            "%s\n", file_name, file_line, addr);
                           
                }
            }
            else
            {
                /* convert the netmask into its 32-bit value */

                /* broadcast address fix from 
                 * Steve Beaty <beaty@emess.mscd.edu> 
                 */

                /*
                 * if the address is the (v4) broadcast address, inet_addr *
                 * returns -1 which usually signifies an error, but in the *
                 * broadcast address case, is correct.  we'd use inet_aton() *
                 * here, but it's less portable.
                 */
                if(!strncmp(toks[1], "255.255.255.255", 15))
                {
                    address_data->netmask = INADDR_BROADCAST;
                }
                else if((address_data->netmask = inet_addr(toks[1])) == -1)
                {
                    FatalError("ERROR %s(%d): Unable to parse rule netmask "
                            "(%s)\n", file_name, file_line, toks[1]);
                }
                /* Set nmask so we don't try to do a host lookup below.
                 * The value of 0 is irrelevant. */
                nmask = 0;
            }
            break;

        default:
            FatalError("ERROR %s(%d) => Unrecognized IP address/netmask %s\n",
                    file_name, file_line, addr);
            break;
    }
    sin.sin_addr.s_addr = inet_addr(toks[0]);

#ifndef WORDS_BIGENDIAN
    /*
     * since PC's store things the "wrong" way, shuffle the bytes into the
     * right order.  Non-CIDR netmasks are already correct.
     */
    if(cidr)
    {
        address_data->netmask = htonl(address_data->netmask);
    }
#endif
    /* broadcast address fix from Steve Beaty <beaty@emess.mscd.edu> */
    /* Changed location */
    if(!strncmp(toks[0], "255.255.255.255", 15))
    {
        address_data->ip_addr = INADDR_BROADCAST;
        broadcast_addr_set = 1;
    }
    else if (nmask == -1)
    {
        /* Try to do a host lookup if the address didn't
         * convert to a valid IP and there were not any
         * mask bits specified (CIDR or dot notation). */
        if(sin.sin_addr.s_addr == INADDR_NONE)
        {
            /* get the hostname and fill in the host_info struct */
            host_info = gethostbyname(toks[0]);
            if (host_info)
            {
                /* protecting against malicious DNS servers */
                if(host_info->h_length <= sizeof(sin.sin_addr))
                {
                    bcopy(host_info->h_addr, (char *) &sin.sin_addr, host_info->h_length);
                }
                else
                {
                    bcopy(host_info->h_addr, (char *) &sin.sin_addr, sizeof(sin.sin_addr));
                }
            }
            /* Using h_errno */
            else if(h_errno == HOST_NOT_FOUND)
            /*else if((sin.sin_addr.s_addr = inet_addr(toks[0])) == INADDR_NONE)*/
            {
                FatalError("ERROR %s(%d): Couldn't resolve hostname %s\n",
                    file_name, file_line, toks[0]);
            }
        }
        else
        {
            /* It was a valid IP address with no netmask specified. */
            /* Noop */
        }
    }
    else
    {
        if(sin.sin_addr.s_addr == INADDR_NONE)
        {
            /* It was not a valid IP address but had a valid netmask. */
            FatalError("ERROR %s(%d): Rule IP addr (%s) didn't translate\n",
                file_name, file_line, toks[0]);
        }
    }

    /* Only set this if we haven't set it above as 255.255.255.255 */
    if (!broadcast_addr_set)
    {
        address_data->ip_addr = ((u_long) (sin.sin_addr.s_addr) &
            (address_data->netmask));
    }
    mSplitFree(&toks, num_toks);

    /* Add new IP address to address set */
    if(!negate) 
    {
        IpAddrNode *idx;

        if(!ias->iplist) 
        {
            ias->iplist = address_data;
        }
        else 
        {
            for(idx = ias->iplist; idx->next; idx=idx->next) ;

            idx->next = address_data;
        }
    }
    else
    {
        IpAddrNode *idx;

        if(!ias->neg_iplist) 
        {
            ias->neg_iplist = address_data;
        }
        else 
        {
            for(idx = ias->neg_iplist; idx->next; idx=idx->next) ;

            idx->next = address_data;
        }

        address_data->addr_flags |= EXCEPT_IP;
    }
    
    return 0;
} 


void IpAddrSetBuild(char *addr, IpAddrSet *ret, int neg_list) 
{
    char *tok, *end, *tmp;
    int neg_ip;

    while(*addr) 
    {
        /* Skip whitespace and leading commas */
        for(; *addr && (isspace((int)*addr) || *addr == ','); addr++) ;

        /* Handle multiple negations (such as if someone negates variable that
         * contains a negated IP */
        neg_ip = 0;
        for(; *addr == '!'; addr++) 
             neg_ip = !neg_ip;

        /* Find end of this token */
        for(end = addr+1; 
           *end && !isspace((int)*end) && *end != ']' && *end != ',';
            end++) ;

        tok = SnortStrndup(addr, end - addr);

        if(!tok)    
        {
            FatalError("%s(%d) => Failed to allocate memory for parsing '%s'\n", 
                           file_name, file_line, addr);
        }

        if(*addr == '[') 
        {
            int brack_count = 0;
            char *list_tok;
    
            /* Find corresponding ending bracket */
            for(end = addr; *end; end++) 
            {
                if(*end == '[') 
                    brack_count++;
                else if(*end == ']')
                    brack_count--;
    
                if(!brack_count)
                    break;
            }
    
            if(!*end) 
            {
                FatalError("%s(%d) => Unterminated IP List '%s'\n", 
                           file_name, file_line, addr);
            }
        
            addr++;

            list_tok = SnortStrndup(addr, end - addr);

            if(!list_tok)    
            {
                FatalError("%s(%d) => Failed to allocate memory for parsing '%s'\n", 
                               file_name, file_line, addr);
            }

            IpAddrSetBuild(list_tok, ret, neg_ip ^ neg_list);
            free(list_tok);
        }
        else if(*addr == '$') 
        {
            if((tmp = VarGet(tok + 1)) == NULL)
            {
                FatalError("%s(%d) => Undefined variable %s\n", file_name, 
                        file_line, addr);
            }
            
            IpAddrSetBuild(tmp, ret, neg_list ^ neg_ip); 
        }
        else if(*addr == ']')
        {
            if(!(*(addr+1))) 
            {
                /* Succesfully reached the end of this list */
                free(tok);
                return;
            }

            FatalError("%s(%d) => Mismatched bracket in '%s'\n", 
                           file_name, file_line, addr);
        }
        else 
        {
            /* Skip leading commas */
            for(; *addr && (*addr == ',' || isspace((int)*addr)); addr++) ;

            ParseIP(tok, ret, neg_list ^ neg_ip);

            if(ret->iplist && !ret->iplist->ip_addr && !ret->iplist->netmask) 
                 ret->iplist->addr_flags |= ANY_SRC_IP;
                
            /* Note: the neg_iplist is not checked for '!any' here since
             * ParseIP should have already FatalError'ed on it. */
        }
        
        free(tok);

        if(*end)
            addr = end + 1;   
        else break;
    }

    return;
}
#endif


IpAddrSet *IpAddrSetParse(char *addr) 
{
    IpAddrSet *ret;
#ifdef SUP_IP6
    int ret_code;
#endif

    DEBUG_WRAP(DebugMessage(DEBUG_CONFIGRULES,"Got address string: %s\n", 
                addr););

    ret = (IpAddrSet*)SnortAlloc(sizeof(IpAddrSet));

#ifdef SUP_IP6 
    if((ret_code = sfvt_add_to_var(vartable, ret, addr)) != SFIP_SUCCESS) 
    {
        if(ret_code == SFIP_LOOKUP_FAILURE)
            FatalError("%s(%d) => Undefined variable in the string: %s\n",
                file_name, file_line, addr);
        else if(ret_code == SFIP_CONFLICT)
            FatalError("%s(%d) => Negated IP ranges that equal to or are"
                " more-specific than non-negated ranges are not allowed."
                " Consider inverting the logic: %s.\n", 
                file_name, file_line, addr);
        else
            FatalError("%s(%d) => Unable to process the IP address: %s\n",
                file_name, file_line, addr);
    }
#else

    IpAddrSetBuild(addr, ret, 0);

#endif

    return ret;
}

#ifndef SUP_IP6
int IpAddrSetContains(IpAddrSet *ias, struct in_addr test_addr)
{
    IpAddrNode *index;
    u_int32_t raw_addr;
    int match = 0;

    raw_addr = test_addr.s_addr;

    if(!ias->iplist) 
        match = 1;

    for(index = ias->iplist; index != NULL; index = index->next)
    {
        if(index->ip_addr == (raw_addr & index->netmask)) 
        {
            match = 1;
            break;
        }
    }   

    if(!match) 
        return 0;

    if(!ias->neg_iplist) 
        return 1;

    for(index = ias->neg_iplist; index != NULL; index = index->next)
    {
        if(index->ip_addr == (raw_addr & index->netmask)) 
            return 0;
    }

    return 1;
}
#endif // SUP_IP6