The FreeRADIUS server  $Id: 15bac2a4c627c01d1aa2047687b3418955ac7f00 $
Data Structures | Functions
network.c File Reference

BIO patricia trie filtering handlers. More...

#include <freeradius-devel/util/value.h>
#include <freeradius-devel/util/trie.h>
#include <freeradius-devel/bio/bio_priv.h>
#include <freeradius-devel/bio/fd_priv.h>
#include <freeradius-devel/bio/network.h>
+ Include dependency graph for network.c:

Go to the source code of this file.

Data Structures

struct  fr_bio_network_t
 The network filtering bio. More...
 

Functions

fr_bio_tfr_bio_network_alloc (TALLOC_CTX *ctx, fr_ipaddr_t const *allow, fr_ipaddr_t const *deny, fr_bio_read_t discard, fr_bio_t *next)
 Allocate a bio for filtering IP addresses. More...
 
static ssize_t fr_bio_network_read (fr_bio_t *bio, void *packet_ctx, void *buffer, size_t size)
 Read a UDP packet, and only return packets from allowed sources. More...
 
fr_trie_tfr_bio_network_trie_alloc (TALLOC_CTX *ctx, int af, fr_ipaddr_t const *allow, fr_ipaddr_t const *deny)
 Create a patricia trie for doing network filtering. More...
 

Detailed Description

BIO patricia trie filtering handlers.

Id
706c10c109be7e1a9b9568c193153b72559c6278
Copyright
2024 Network RADIUS SAS (legal.nosp@m.@net.nosp@m.workr.nosp@m.adiu.nosp@m.s.com)

Definition in file network.c.

Data Structure Documentation

◆ fr_bio_network_t

struct fr_bio_network_t

The network filtering bio.

Definition at line 35 of file network.c.

+ Collaboration diagram for fr_bio_network_t:
Data Fields
fr_bio_read_t discard callback to run when discarding a packet due to filtering
FR_BIO_COMMON
size_t offset where fr_bio_fd_packet_ctx_t is stored
fr_trie_t const * trie patricia trie for filtering

Function Documentation

◆ fr_bio_network_alloc()

fr_bio_t* fr_bio_network_alloc ( TALLOC_CTX *  ctx,
fr_ipaddr_t const *  allow,
fr_ipaddr_t const *  deny,
fr_bio_read_t  discard,
fr_bio_t next 
)

Allocate a bio for filtering IP addresses.

This is used for unconnected UDP bios, where we filter packets based on source IP address.

It is also used for accept bios, where we filter new connections based on source IP address. The caller should chain this bio to the next FD bio, and then fr_bio_read() from the top-level bio. The result will be filtered or "clean" FDs.

A patricia trie (but not the bio) could also be used in an haproxy "activate" callback, where the callback gets the haproxy socket info, and then checks if the source is allowed. However, that patricia trie is a property of the main "accept" bio, and should be managed by the activate() callback for the haproxy bio.

Definition at line 92 of file network.c.

+ Here is the call graph for this function:

◆ fr_bio_network_read()

static ssize_t fr_bio_network_read ( fr_bio_t bio,
void *  packet_ctx,
void *  buffer,
size_t  size 
)
static

Read a UDP packet, and only return packets from allowed sources.

Definition at line 48 of file network.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ fr_bio_network_trie_alloc()

fr_trie_t* fr_bio_network_trie_alloc ( TALLOC_CTX *  ctx,
int  af,
fr_ipaddr_t const *  allow,
fr_ipaddr_t const *  deny 
)

Create a patricia trie for doing network filtering.

Definition at line 166 of file network.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:
Generated by   doxygen 1.9.1