From 20955311d12966b49b3cdf62217d7508af9a4e9a Mon Sep 17 00:00:00 2001 From: erdgeist <> Date: Wed, 26 Aug 2009 21:22:24 +0000 Subject: Introducing the concept of vectors of nets into opentracker --- ot_accesslist.c | 126 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ot_accesslist.h | 42 +++++++++++++++++++ 2 files changed, 168 insertions(+) diff --git a/ot_accesslist.c b/ot_accesslist.c index cdf7731..4df7edb 100644 --- a/ot_accesslist.c +++ b/ot_accesslist.c @@ -143,6 +143,132 @@ void accesslist_deinit( void ) { } #endif +int address_in_net( const ot_ip6 address, const ot_net *net ) { + int bits = net->bits; + int result = memcmp( address, &net->address, bits >> 3 ); + if( !result && ( bits & 7 ) ) + result = ( ( 0x7f00 >> ( bits & 7 ) ) & address[bits>>3] ) - net->address[bits>>3]; + return result == 0; +} + +void *set_value_for_net( const ot_net *net, ot_vector *vector, const void *value, const size_t member_size ) { + size_t i; + int exactmatch; + + /* Caller must have a concept of ot_net in it's member */ + if( member_size < sizeof(ot_net) ) + return 0; + + /* Check each net in vector for overlap */ + uint8_t *member = ((uint8_t*)vector->data); + for( i=0; isize; ++i ) { + if( address_in_net( *(ot_ip6*)member, net ) || + address_in_net( net->address, (ot_net*)member ) ) + return 0; + member += member_size; + } + + member = vector_find_or_insert( vector, (void*)net, member_size, sizeof(ot_net), &exactmatch ); + if( member ) { + memcpy( member, net, sizeof(ot_net)); + memcpy( member + sizeof(ot_net), value, member_size - sizeof(ot_net)); + } + + return member; +} + +/* Takes a vector filled with { ot_net net, uint8_t[x] value }; + Returns value associated with the net, or NULL if not found */ +void *get_value_for_net( const ot_ip6 address, const ot_vector *vector, const size_t member_size ) { + int exactmatch; + /* This binary search will return a pointer to the first non-containing network... */ + ot_net *net = binary_search( address, vector->data, vector->size, member_size, sizeof(ot_ip6), &exactmatch ); + if( !net ) + return NULL; + /* ... so we'll need to move back one step unless we've exactly hit the first address in network */ + if( !exactmatch && ( (void*)net > vector->data ) ) + --net; + if( !address_in_net( address, net ) ) + return NULL; + return (void*)net; +} + +#ifdef WANT_FULLLOG_NETWORKS +static ot_vector g_lognets_list; +ot_log *g_logchain_first, *g_logchain_last; + +static pthread_mutex_t g_lognets_list_mutex = PTHREAD_MUTEX_INITIALIZER; +void loglist_add_network( const ot_net *net ) { + pthread_mutex_lock(&g_lognets_list_mutex); + set_value_for_net( net, &g_lognets_list, NULL, sizeof(ot_net)); + pthread_mutex_unlock(&g_lognets_list_mutex); +} + +void loglist_reset( ) { + pthread_mutex_lock(&g_lognets_list_mutex); + free( g_lognets_list.data ); + g_lognets_list.data = 0; + g_lognets_list.size = g_lognets_list.space = 0; + pthread_mutex_unlock(&g_lognets_list_mutex); +} + +int loglist_check_address( const ot_ip6 address ) { + int result; + pthread_mutex_lock(&g_lognets_list_mutex); + result = ( NULL != get_value_for_net( address, &g_lognets_list, sizeof(ot_net)) ); + pthread_mutex_unlock(&g_lognets_list_mutex); + return result; +} +#endif + +#ifdef WANT_IP_FROM_PROXY +typedef struct { + ot_net *proxy; + ot_vector networks; +} ot_proxymap; + +static ot_vector g_proxies_list; +static pthread_mutex_t g_proxies_list_mutex = PTHREAD_MUTEX_INITIALIZER; + +int proxylist_add_network( const ot_net *proxy, const ot_net *net ) { + ot_proxymap *map; + int exactmatch, result = 1; + pthread_mutex_lock(&g_proxies_list_mutex); + + /* If we have a direct hit, use and extend the vector there */ + map = binary_search( proxy, g_proxies_list.data, g_proxies_list.size, sizeof(ot_proxymap), sizeof(ot_net), &exactmatch ); + + if( !map || !exactmatch ) { + /* else see, if we've got overlapping networks + and get a new empty vector if not */ + ot_vector empty; + memset( &empty, 0, sizeof( ot_vector ) ); + map = set_value_for_net( proxy, &g_proxies_list, &empty, sizeof(ot_proxymap)); + } + + if( map && set_value_for_net( net, &map->networks, NULL, sizeof(ot_net) ) ) + result = 1; + + pthread_mutex_unlock(&g_proxies_list_mutex); + return result; +} + +int proxylist_check_proxy( const ot_ip6 proxy, const ot_ip6 address ) { + int result = 0; + ot_proxymap *map; + + pthread_mutex_lock(&g_proxies_list_mutex); + + if( ( map = get_value_for_net( proxy, &g_proxies_list, sizeof(ot_proxymap) ) ) ) + if( !address || get_value_for_net( address, &map->networks, sizeof(ot_net) ) ) + result = 1; + + pthread_mutex_unlock(&g_proxies_list_mutex); + return result; +} + +#endif + static ot_ip6 g_adminip_addresses[OT_ADMINIP_MAX]; static ot_permissions g_adminip_permissions[OT_ADMINIP_MAX]; static unsigned int g_adminip_count = 0; diff --git a/ot_accesslist.h b/ot_accesslist.h index 5954a4a..a1e4ad2 100644 --- a/ot_accesslist.h +++ b/ot_accesslist.h @@ -24,6 +24,48 @@ extern char *g_accesslist_filename; #define accesslist_hashisvalid( hash ) 1 #endif +/* Test if an address is subset of an ot_net, return value is considered a bool */ +int address_in_net( const ot_ip6 address, const ot_net *net ); + +/* Store a value into a vector of struct { ot_net net, uint8_t[x] value } member; + returns NULL + if member_size is too small, or + if one of the nets inside the vector are a subnet of _net_, or + if _net_ is a subnet of one of the nets inside the vector, or + if the vector could not be resized + returns pointer to new member in vector for success + member_size can be sizeof(ot_net) to reduce the lookup to a boolean mapping +*/ +void *set_value_for_net( const ot_net *net, ot_vector *vector, const void *value, const size_t member_size ); + +/* Takes a vector filled with struct { ot_net net, uint8_t[x] value } member; + Returns pointer to _member_ associated with the net, or NULL if not found + member_size can be sizeof(ot_net) to reduce the lookup to a boolean mapping +*/ +void *get_value_for_net( const ot_ip6 address, const ot_vector *vector, const size_t member_size ); + + +#ifdef WANT_IP_FROM_PROXY +int proxylist_add_network( const ot_net *proxy, const ot_net *net ); +int proxylist_check_network( const ot_ip6 *proxy, const ot_ip6 address /* can be NULL to only check proxy */ ); +#endif + +#ifdef WANT_FULLLOG_NETWORKS +typedef struct ot_log ot_log; +struct ot_log { + ot_ip6 ip; + uint8_t *data; + size_t size; + ot_time time; + ot_log *next; +}; +extern ot_log *g_logchain_first, *g_logchain_last; + +void loglist_add_network( const ot_net *net ); +void loglist_reset( ); +int loglist_check_address( const ot_ip6 address ); +#endif + typedef enum { OT_PERMISSION_MAY_FULLSCRAPE = 0x1, OT_PERMISSION_MAY_STAT = 0x2, -- cgit v1.2.3