From bccc10d50d180cd6ab4685b45e52c182c2ac5a34 Mon Sep 17 00:00:00 2001 From: Alexander Astashov Date: Fri, 3 Aug 2018 01:53:47 +0300 Subject: [PATCH] issues/682 v4 (#727) Added support for host addresses in whitelist. Closes #682 --- .gitignore | 1 + src/fast_library.cpp | 9 +++------ src/fast_library.h | 2 +- src/fastnetmon.cpp | 24 +++++++++++++++++------- 4 files changed, 22 insertions(+), 14 deletions(-) diff --git a/.gitignore b/.gitignore index f14285f0..7ea5909f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ *.pyc __pycache__ *.DS_Store +src/build/ diff --git a/src/fast_library.cpp b/src/fast_library.cpp index 91c5cda0..3b9d1580 100644 --- a/src/fast_library.cpp +++ b/src/fast_library.cpp @@ -208,13 +208,10 @@ uint32_t convert_cidr_to_binary_netmask(unsigned int cidr) { } -bool is_cidr_subnet(const char* subnet) { +bool is_cidr_subnet(std::string subnet) { boost::cmatch what; - if (regex_match(subnet, what, regular_expression_cidr_pattern)) { - return true; - } else { - return false; - } + + return regex_match(subnet.c_str(), what, regular_expression_cidr_pattern); } bool is_v4_host(std::string host) { diff --git a/src/fast_library.h b/src/fast_library.h index 5d88d62e..f0cf02c9 100644 --- a/src/fast_library.h +++ b/src/fast_library.h @@ -68,7 +68,7 @@ uint64_t MurmurHash64A(const void* key, int len, uint64_t seed); std::string print_tcp_flags(uint8_t flag_value); int timeval_subtract(struct timeval* result, struct timeval* x, struct timeval* y); bool folder_exists(std::string path); -bool is_cidr_subnet(const char* subnet); +bool is_cidr_subnet(std::string subnet); bool is_v4_host(std::string host); bool file_exists(std::string path); uint32_t convert_cidr_to_binary_netmask(unsigned int cidr); diff --git a/src/fastnetmon.cpp b/src/fastnetmon.cpp index fe37be00..c267877e 100644 --- a/src/fastnetmon.cpp +++ b/src/fastnetmon.cpp @@ -1493,18 +1493,28 @@ void zeroify_all_flow_counters() { bool load_our_networks_list() { if (file_exists(white_list_path)) { + unsigned int network_entries = 0; std::vector network_list_from_config = read_file_to_vector(white_list_path); for (std::vector::iterator ii = network_list_from_config.begin(); ii != network_list_from_config.end(); ++ii) { - if (ii->length() > 0 && is_cidr_subnet(ii->c_str())) { - make_and_lookup(whitelist_tree_ipv4, const_cast(ii->c_str())); - } else { - logger << log4cpp::Priority::ERROR << "Can't parse line from whitelist: " << *ii; + std::string text_subnet = *ii; + if (text_subnet.empty()) { + continue; } + if (is_v4_host(text_subnet)) { + logger << log4cpp::Priority::INFO << "Assuming /32 netmask for " << text_subnet; + text_subnet += "/32"; + } else if (!is_cidr_subnet(text_subnet)) { + logger << log4cpp::Priority::ERROR << "Can't parse line from whitelist: " << text_subnet; + continue; + } + network_entries++; + make_and_lookup(whitelist_tree_ipv4, const_cast (text_subnet.c_str())); + } - logger << log4cpp::Priority::INFO << "We loaded " << network_list_from_config.size() + logger << log4cpp::Priority::INFO << "We loaded " << network_entries << " networks from whitelist file"; } @@ -1600,7 +1610,7 @@ bool load_our_networks_list() { for (std::vector::iterator ii = networks_list_ipv4_as_string.begin(); ii != networks_list_ipv4_as_string.end(); ++ii) { - if (!is_cidr_subnet(ii->c_str())) { + if (!is_cidr_subnet(*ii)) { logger << log4cpp::Priority::ERROR << "Can't parse line from subnet list: '" << *ii << "'"; continue; } @@ -1633,7 +1643,7 @@ bool load_our_networks_list() { for (std::vector::iterator ii = networks_list_ipv6_as_string.begin(); ii != networks_list_ipv6_as_string.end(); ++ii) { - + // TODO: add IPv6 subnet format validation make_and_lookup_ipv6(lookup_tree_ipv6, (char*)ii->c_str()); }