32 if(acl->
from != NULL) free(acl->
from);
33 if(acl->
to != NULL) free(acl->
to);
34 if(acl->
what != NULL) free(acl->
what);
36 if(acl->
dump != NULL) free(acl->
dump);
44 const char *filterfile;
49 int i, nfilters, filter, from, to, what, redirect, error, log, dump;
58 if(filterfile == NULL)
59 filterfile = CONFIG_DIR
"/router-filter.xml";
61 f = fopen(filterfile,
"rb");
63 log_write(r->
log, LOG_NOTICE,
"couldn't open filter file %s: %s", filterfile, strerror(errno));
68 fseek(f, 0, SEEK_END);
71 log_write(r->
log, LOG_NOTICE,
"couldn't seek filter file %s: %s", filterfile, strerror(errno));
76 log_write(r->
log, LOG_NOTICE,
"empty filter file %s", filterfile);
80 fseek(f, 0, SEEK_SET);
82 buf = (
char *) malloc(
sizeof(
char) * size);
84 if (fread(buf, 1, size, f) != size || ferror(f)) {
85 log_write(r->
log, LOG_ERR,
"couldn't read from filter file: %s", strerror(errno));
95 log_write(r->
log, LOG_ERR,
"couldn't parse filter file");
117 acl = (
acl_t) calloc(1,
sizeof(
struct acl_s));
123 acl->
from = (
char *) malloc(
sizeof(
char) * (
NAD_AVAL_L(nad, from) + 1));
131 acl->
to = (
char *) malloc(
sizeof(
char) * (
NAD_AVAL_L(nad, to) + 1));
139 acl->
what = (
char *) malloc(
sizeof(
char) * (
NAD_AVAL_L(nad, what) + 1));
170 acl->
dump = (
char *) malloc(
sizeof(
char) * (
NAD_AVAL_L(nad, dump) + 1));
175 if(list_tail != NULL) {
176 list_tail->
next = acl;
186 log_debug(
ZONE,
"added %s rule: from=%s, to=%s, what=%s, redirect=%s, error=%d, log=%s", (acl->
error?
"deny":
"allow"), acl->
from, acl->
to, acl->
what, acl->
redirect, acl->
error, (acl->
log?
"yes":
"no"));
195 log_write(r->log, LOG_NOTICE,
"loaded filters (%d rules)", nfilters);
197 r->filter_load = time(NULL);
204 int ato, afrom, error = 0;
205 char *cur, *to = NULL, *from = NULL;
210 to = (
char *) malloc(
sizeof(
char) * (
NAD_AVAL_L(nad, ato) + 1));
212 cur = strstr(to,
"@");
214 cur = strstr(cur,
"/");
216 cur = strstr(to,
"/");
217 if(cur != NULL) *cur =
'\0';
220 from = (
char *) malloc(
sizeof(
char) * (
NAD_AVAL_L(nad, afrom) + 1));
222 cur = strstr(from,
"@");
224 cur = strstr(cur,
"/");
226 cur = strstr(from,
"/");
227 if(cur != NULL) *cur =
'\0';
230 for(acl = r->
filter; acl != NULL; acl = acl->
next) {
231 if( from == NULL && acl->
from != NULL)
continue;
232 if( to == NULL && acl->
to != NULL )
continue;
233 if( from != NULL && acl->
from == NULL)
continue;
234 if( to != NULL && acl->
to == NULL )
continue;
235 if( from != NULL && acl->
from != NULL && fnmatch(acl->
from, from, 0) != 0 )
continue;
236 if( to != NULL && acl->
to != NULL && fnmatch(acl->
to, to, 0) != 0 )
continue;
239 if( acl->
dump != NULL ) {
243 fd = fopen(acl->
dump,
"a");
245 log_write(r->
log, LOG_ERR,
"filter: cannot open dump file %s: \"%s\", disabling dump for this rule.", acl->
dump, strerror(errno));
250 fwrite(out, len, 1, fd);
252 fwrite(
"\n", 1, 1, fd);
257 if (acl->
redirect)
log_write(r->
log, LOG_NOTICE,
"filter: redirect packet from=%s to=%s - rule (from=%s to=%s what=%s), new to=%s", from, to, acl->
from, acl->
to, acl->
what, acl->
redirect);
258 else log_write(r->
log, LOG_NOTICE,
"filter: %s packet from=%s to=%s - rule (from=%s to=%s what=%s)",(acl->
error?
"deny":
"allow"), from, to, acl->
from, acl->
to, acl->
what);
265 if(to != NULL) free(to);
266 if(from != NULL) free(from);
struct _stanza_error_st _stanza_errors[]
if you change these, reflect your changes in the defines in util.h
int filter_load(router_t r)
int nad_find_attr(nad_t nad, unsigned int elem, int ns, const char *name, const char *val)
get a matching attr on this elem, both name and optional val
void nad_set_attr(nad_t nad, unsigned int elem, int ns, const char *name, const char *val, int vallen)
create, update, or zap any matching attr on this elem
void log_write(log_t log, int level, const char *msgfmt,...)
void nad_print(nad_t nad, unsigned int elem, const char **xml, int *len)
create a string representation of the given element (and children), point references to it ...
void nad_free(nad_t nad)
free that nad
nad_t nad_parse(const char *buf, int len)
create a nad from raw xml
#define stanza_err_BAD_REQUEST
#define stanza_err_REDIRECT
#define stanza_err_NOT_ALLOWED
void filter_unload(router_t r)
filter manager
int nad_find_elem(nad_t nad, unsigned int elem, int ns, const char *name, int depth)
locate the next elem at a given depth with an optional matching name
int filter_packet(router_t r, nad_t nad)
const char * config_get_one(config_t c, const char *key, int num)
get config value n for this key
int nad_find_elem_path(nad_t nad, unsigned int elem, int ns, const char *name)
find elem using XPath like query name – "name" for the child tag of that name "name/name" for a sub ...