23 RCSID(
"$Id: 8b391effef219c41edc35047db39d1c08c61a058 $")
25 #include <freeradius-devel/util/base16.h>
26 #include <freeradius-devel/util/misc.h>
27 #include <freeradius-devel/util/pair.h>
47 #define RAD_MAX_FILTER_LEN 6
53 #define IPX_NODE_ADDR_LEN 6
55 #if ! defined( false )
57 # define true (! false)
285 {
L(
"ftp-data"), 20 },
287 {
L(
"hostname"), 101 },
288 {
L(
"kerberos"), 88 },
290 {
L(
"nameserver"), 42 },
411 net->
net = htonl(strtol(argv[0], NULL, 16));
431 if ((memcmp(p,
"0X", 2) == 0) ||
432 (memcmp(p,
"0x", 2) == 0)) p += 2;
448 if (argc == 3)
return 3;
492 token = strtoul(argv[5], NULL, 16);
555 if (argc == 0)
return 0;
565 while ((argc > 0) && (flags != 0x03)) {
577 if (slen < 0)
return -1;
584 if (flags & 0x02)
goto duplicate;
588 if (slen < 0)
return -1;
635 while (*str && (
count < 4) && (netmask == 0)) {
641 case '0':
case '1':
case '2':
case '3':
642 case '4':
case '5':
case '6':
case '7':
645 ip[
count] += (*str) -
'0';
652 if (ip[
count] > 255) {
667 if ((masklen < 0) || (masklen > 32)) {
671 str += strspn(str,
"0123456789");
687 if (ip[
count] > 255) {
710 }
else if ((*ipaddr & 0x80000000) == 0) {
712 }
else if ((*ipaddr & 0xc0000000) == 0x80000000) {
714 }
else if ((*ipaddr & 0xe0000000) == 0xc0000000) {
721 *ipaddr = htonl(*ipaddr);
743 if (strspn(str,
"0123456789") == strlen(str)) {
749 if ((token < 0) || (token > 65535)) {
755 *port = htons(*port);
761 #define IP_SRC_ADDR_FLAG (1 << 0)
762 #define IP_DEST_ADDR_FLAG (1 << 1)
763 #define IP_SRC_PORT_FLAG (1 << 2)
764 #define IP_DEST_PORT_FLAG (1 << 3)
765 #define IP_PROTO_FLAG (1 << 4)
766 #define IP_EST_FLAG (1 << 5)
768 #define DONE_FLAGS (IP_SRC_ADDR_FLAG | IP_DEST_ADDR_FLAG | \
769 IP_SRC_PORT_FLAG | IP_DEST_PORT_FLAG | \
770 IP_PROTO_FLAG | IP_EST_FLAG)
812 if (argc == 0)
return 0;
829 fr_strerror_printf(
"Insufficient arguments for '%s' when parsing 'abinary' IP type", argv[0]);
834 if (slen < 0)
return slen;
844 if (argc < 2)
goto insufficient;
847 if (slen < 0)
return slen;
857 if (argc < 3)
goto insufficient;
861 if (slen < 0)
return slen;
871 if (argc < 3)
goto insufficient;
875 if (slen < 0)
return slen;
893 if (strspn(argv[0],
"0123456789") == strlen(argv[0])) {
894 token = atoi(argv[0]);
903 filter->
proto = token;
940 if (argc == 0)
return 0;
959 fr_strerror_printf(
"Insufficient arguments for '%s' when parsing 'abinary' IPv6 type", argv[0]);
963 if (
fr_inet_pton6(&ipaddr, argv[1], strlen(argv[1]),
false,
false,
true) < 0)
return -1;
964 memcpy(&filter->
srcip, ipaddr.
addr.v6.s6_addr, 16);
974 if (argc < 2)
goto insufficient;
976 if (
fr_inet_pton6(&ipaddr, argv[1], strlen(argv[1]),
false,
false,
true) < 0)
return -1;
977 memcpy(&filter->
dstip, ipaddr.
addr.v6.s6_addr, 16);
987 if (argc < 3)
goto insufficient;
991 if (slen < 0)
return slen;
1001 if (argc < 3)
goto insufficient;
1005 if (slen < 0)
return slen;
1023 if (strspn(argv[0],
"0123456789") == strlen(argv[0])) {
1024 token = atoi(argv[0]);
1033 filter->
proto = token;
1088 if (argc == 0)
return 0;
1109 if (strspn(argv[0],
"0123456789") != strlen(argv[0])) {
1115 slen = atoi(argv[0]);
1116 if (slen > 65535)
goto invalid;
1124 if (slen !=
sizeof(filter->
mask)) {
1132 if (token !=
sizeof(filter->
value)) {
1138 filter->
len = htons(filter->
len);
1143 if (argc == 3)
return 0;
1155 fr_strerror_printf(
"Duplicate field '%s' when parsing 'abinary' generic type", argv[0]);
1162 if (flags & 0x01)
goto duplicate;
1168 if (flags & 0x02)
goto duplicate;
1169 filter->
more = htons( 1 );
1228 memset(&filter, 0,
sizeof(filter));
1300 size =
sizeof(filter);
1304 if (slen < 0)
goto fail;
1330 uint64_t aligned[256 /
sizeof(uint64_t)];
1332 static char const *action[] = {
"drop",
"forward"};
1333 static char const *direction[] = {
"out",
"in"};
1338 if (data_len < 4)
return -1;
1346 memcpy(aligned,
data, data_len);
1352 size =
sizeof(filter->ip);
1356 size =
sizeof(filter->ipx);
1360 size =
sizeof(filter->generic);
1364 size =
sizeof(filter->ipv6);
1371 if (data_len < size)
return -size;
1382 if (filter->ip.srcip) {
1384 ((
uint8_t const *) &filter->ip.srcip)[0],
1385 ((
uint8_t const *) &filter->ip.srcip)[1],
1386 ((
uint8_t const *) &filter->ip.srcip)[2],
1387 ((
uint8_t const *) &filter->ip.srcip)[3],
1388 filter->ip.srcmask);
1391 if (filter->ip.dstip) {
1393 ((
uint8_t const *) &filter->ip.dstip)[0],
1394 ((
uint8_t const *) &filter->ip.dstip)[1],
1395 ((
uint8_t const *) &filter->ip.dstip)[2],
1396 ((
uint8_t const *) &filter->ip.dstip)[3],
1397 filter->ip.dstmask);
1405 ntohs(filter->ip.srcport));
1411 ntohs(filter->ip.dstport));
1414 if (filter->ip.established) {
1424 if (filter->ipx.src.net) {
1426 (
unsigned int)ntohl(filter->ipx.src.net),
1427 filter->ipx.src.node[0], filter->ipx.src.node[1],
1428 filter->ipx.src.node[2], filter->ipx.src.node[3],
1429 filter->ipx.src.node[4], filter->ipx.src.node[5]);
1434 ntohs(filter->ipx.src.socket));
1439 if (filter->ipx.dst.net) {
1441 (
unsigned int)ntohl(filter->ipx.dst.net),
1442 filter->ipx.dst.node[0], filter->ipx.dst.node[1],
1443 filter->ipx.dst.node[2], filter->ipx.dst.node[3],
1444 filter->ipx.dst.node[4], filter->ipx.dst.node[5]);
1449 ntohs(filter->ipx.dst.socket));
1461 len = ntohs(filter->generic.len);
1462 if (len >=
sizeof(filter->generic.mask)) {
1469 for (i = 0; i < len; i++) {
1476 for (i = 0; i < len; i++) {
1482 if (filter->generic.more != 0) {
1495 memset(&ipaddr, 0,
sizeof(ipaddr));
1496 ipaddr.
af = AF_INET6;
1497 memcpy(&ipaddr.
addr.v6.s6_addr, filter->ipv6.srcip,
sizeof(filter->ipv6.srcip));
1498 ipaddr.
prefix = filter->ipv6.srcmask;
1508 memset(&ipaddr, 0,
sizeof(ipaddr));
1509 ipaddr.
af = AF_INET6;
1510 memcpy(&ipaddr.
addr.v6.s6_addr, filter->ipv6.dstip,
sizeof(filter->ipv6.dstip));
1511 ipaddr.
prefix = filter->ipv6.dstmask;
1523 ntohs(filter->ipv6.srcport));
1529 ntohs(filter->ipv6.dstport));
1532 if (filter->ipv6.established) {
#define IP_DEST_ADDR_FLAG
uint8_t value[RAD_MAX_FILTER_LEN]
static fr_table_num_sorted_t const filterType[]
ssize_t fr_radius_decode_abinary(fr_pair_t *vp, uint8_t const *data, size_t data_len)
Print an Ascend binary filter attribute to a string,.
static size_t filterPortType_len
static int ascend_parse_ipx(int argc, char **argv, ascend_ipx_filter_t *filter)
static int ascend_parse_ip(int argc, char **argv, ascend_ip_filter_t *filter)
static size_t filterType_len
static int ascend_parse_ipx_net(int argc, char **argv, ascend_ipx_net_t *net, uint8_t *comp)
static size_t filterCompare_len
uint8_t node[IPX_NODE_ADDR_LEN]
static int ascend_parse_generic(int argc, char **argv, ascend_generic_filter_t *filter)
#define IPX_NODE_ADDR_LEN
uint8_t mask[RAD_MAX_FILTER_LEN]
static fr_table_num_sorted_t const filterPortType[]
static fr_table_num_sorted_t const filterCompare[]
static int ascend_parse_ipv6(int argc, char **argv, ascend_ipv6_filter_t *filter)
static int ascend_parse_port(uint16_t *port, char *compare, char *str)
static size_t filterKeywords_len
#define IP_DEST_PORT_FLAG
static size_t filterProtoName_len
ssize_t fr_radius_encode_abinary(fr_pair_t const *vp, fr_dbuff_t *dbuff)
Encode a string to abinary.
static fr_table_num_sorted_t const filterProtoName[]
static int ascend_parse_ipaddr(uint32_t *ipaddr, char *str)
#define RAD_MAX_FILTER_LEN
static fr_table_num_sorted_t const filterKeywords[]
static int const char char buffer[256]
#define fr_base16_decode(_err, _out, _in, _no_trailing)
#define L(_str)
Helper for initialising arrays of string literals.
#define fr_dbuff_in_memcpy(_dbuff_or_marker, _in, _inlen)
Copy exactly _inlen bytes into a dbuff or marker.
#define FR_DBUFF_TMP(_start, _len_or_end)
Creates a compound literal to pass into functions which accept a dbuff.
int fr_dict_str_to_argv(char *str, char **argv, int max_argc)
int fr_inet_pton6(fr_ipaddr_t *out, char const *value, ssize_t inlen, bool resolve, bool fallback, bool mask)
Parse an IPv6 address or IPv6 prefix in presentation format (and others)
char * fr_inet_ntop_prefix(char out[static FR_IPADDR_PREFIX_STRLEN], size_t outlen, fr_ipaddr_t const *addr)
Print a fr_ipaddr_t as a CIDR style network prefix.
uint8_t prefix
Prefix length - Between 0-32 for IPv4 and 0-128 for IPv6.
union fr_ipaddr_t::@121 addr
#define FR_IPADDR_PREFIX_STRLEN
Like FR_IPADDR_STRLEN but with space for a prefix.
int fr_pair_value_strdup(fr_pair_t *vp, char const *src, bool tainted)
Copy data into an "string" data type.
#define RADIUS_MAX_STRING_LENGTH
static int8_t comp(void const *a, void const *b)
#define FR_SBUFF_IN(_start, _len_or_end)
#define FR_SBUFF_IN_SPRINTF_RETURN(...)
#define FR_SBUFF_OUT(_start, _len_or_end)
#define FR_SBUFF_IN_STRCPY_RETURN(...)
fr_aka_sim_id_type_t type
Stores an attribute, a value and various bits of other data.
#define fr_table_value_by_str(_table, _name, _def)
Convert a string to a value using a sorted or ordered table.
#define fr_table_str_by_value(_table, _number, _def)
Convert an integer to a string.
An element in a lexicographically sorted array of name to num mappings.
char * talloc_bstrndup(TALLOC_CTX *ctx, char const *in, size_t inlen)
Binary safe strndup function.
#define fr_strerror_printf(_fmt,...)
Log to thread local error buffer.
#define fr_strerror_const(_msg)