32 if(acl->
from != NULL) free(acl->
from);
33 if(acl->
to != NULL) free(acl->
to);
34 if(acl->
what != NULL) free(acl->
what);
43 const char *filterfile;
48 int i, nfilters, filter, from, to, what, redirect, error, log;
57 if(filterfile == NULL)
58 filterfile = CONFIG_DIR
"/router-filter.xml";
60 f = fopen(filterfile,
"rb");
62 log_write(r->
log, LOG_NOTICE,
"couldn't open filter file %s: %s", filterfile, strerror(errno));
67 fseek(f, 0, SEEK_END);
69 fseek(f, 0, SEEK_SET);
71 buf = (
char *) malloc(
sizeof(
char) * size);
73 if (fread(buf, 1, size, f) != size || ferror(f)) {
74 log_write(r->
log, LOG_ERR,
"couldn't read from filter file: %s", strerror(errno));
84 log_write(r->
log, LOG_ERR,
"couldn't parse filter file");
105 acl = (
acl_t) calloc(1,
sizeof(
struct acl_s));
111 acl->
from = (
char *) malloc(
sizeof(
char) * (
NAD_AVAL_L(nad, from) + 1));
119 acl->
to = (
char *) malloc(
sizeof(
char) * (
NAD_AVAL_L(nad, to) + 1));
127 acl->
what = (
char *) malloc(
sizeof(
char) * (
NAD_AVAL_L(nad, what) + 1));
155 if(list_tail != NULL) {
156 list_tail->
next = acl;
166 log_debug(
ZONE,
"added %s rule: from=%s, to=%s, what=%s, redirect=%s, error=%d, log=%s", (acl->
error?
"deny":
"allow"), acl->
from, acl->
to, acl->
what, acl->
redirect, acl->
error, (acl->
log?
"yes":
"no"));
175 log_write(r->log, LOG_NOTICE,
"loaded filters (%d rules)", nfilters);
177 r->filter_load = time(NULL);
184 int ato, afrom, error = 0;
185 char *cur, *to = NULL, *from = NULL;
190 to = (
char *) malloc(
sizeof(
char) * (
NAD_AVAL_L(nad, ato) + 1));
192 cur = strstr(to,
"@");
194 cur = strstr(cur,
"/");
196 cur = strstr(to,
"/");
197 if(cur != NULL) *cur =
'\0';
200 from = (
char *) malloc(
sizeof(
char) * (
NAD_AVAL_L(nad, afrom) + 1));
202 cur = strstr(from,
"@");
204 cur = strstr(cur,
"/");
206 cur = strstr(from,
"/");
207 if(cur != NULL) *cur =
'\0';
210 for(acl = r->
filter; acl != NULL; acl = acl->
next) {
211 if( from == NULL && acl->
from != NULL)
continue;
212 if( to == NULL && acl->
to != NULL )
continue;
213 if( from != NULL && acl->
from == NULL)
continue;
214 if( to != NULL && acl->
to == NULL )
continue;
215 if( from != NULL && acl->
from != NULL && fnmatch(acl->
from, from, 0) != 0 )
continue;
216 if( to != NULL && acl->
to != NULL && fnmatch(acl->
to, to, 0) != 0 )
continue;
220 if (acl->
redirect)
log_write(r->
log, LOG_NOTICE,
"filter: redirect packet from=%s to=%s - rule (from=%s to=%s what=%s), new to=%s", from, to, acl->
from, acl->
to, acl->
what, acl->
redirect);
221 else log_write(r->
log, LOG_NOTICE,
"filter: %s packet from=%s to=%s - rule (from=%s to=%s what=%s)",(acl->
error?
"deny":
"allow"), from, to, acl->
from, acl->
to, acl->
what);
228 if(to != NULL) free(to);
229 if(from != NULL) free(from);
struct _stanza_error_st _stanza_errors[]
if you change these, reflect your changes in the defines in util.h
int filter_load(router_t r)
int nad_find_elem(nad_t nad, int elem, int ns, const char *name, int depth)
locate the next elem at a given depth with an optional matching name
void log_write(log_t log, int level, const char *msgfmt,...)
void nad_free(nad_t nad)
free that nad
void nad_set_attr(nad_t nad, int elem, int ns, const char *name, const char *val, int vallen)
create, update, or zap any matching attr on this elem
nad_t nad_parse(const char *buf, int len)
create a nad from raw xml
#define stanza_err_BAD_REQUEST
#define stanza_err_REDIRECT
#define stanza_err_NOT_ALLOWED
void filter_unload(router_t r)
filter manager
int filter_packet(router_t r, nad_t nad)
const char * config_get_one(config_t c, const char *key, int num)
get config value n for this key
int nad_find_attr(nad_t nad, int elem, int ns, const char *name, const char *val)
get a matching attr on this elem, both name and optional val
int nad_find_elem_path(nad_t nad, int elem, int ns, const char *name)
find elem using XPath like query name – "name" for the child tag of that name "name/name" for a sub ...