issues/682 v4 (#727)

Added support for host addresses in whitelist.  Closes #682
This commit is contained in:
Alexander Astashov 2018-08-03 01:53:47 +03:00 committed by Pavel Odintsov
parent a330d92b8c
commit bccc10d50d
4 changed files with 22 additions and 14 deletions

1
.gitignore vendored

@ -1,3 +1,4 @@
*.pyc
__pycache__
*.DS_Store
src/build/

@ -208,13 +208,10 @@ uint32_t convert_cidr_to_binary_netmask(unsigned int cidr) {
}
bool is_cidr_subnet(const char* subnet) {
bool is_cidr_subnet(std::string subnet) {
boost::cmatch what;
if (regex_match(subnet, what, regular_expression_cidr_pattern)) {
return true;
} else {
return false;
}
return regex_match(subnet.c_str(), what, regular_expression_cidr_pattern);
}
bool is_v4_host(std::string host) {

@ -68,7 +68,7 @@ uint64_t MurmurHash64A(const void* key, int len, uint64_t seed);
std::string print_tcp_flags(uint8_t flag_value);
int timeval_subtract(struct timeval* result, struct timeval* x, struct timeval* y);
bool folder_exists(std::string path);
bool is_cidr_subnet(const char* subnet);
bool is_cidr_subnet(std::string subnet);
bool is_v4_host(std::string host);
bool file_exists(std::string path);
uint32_t convert_cidr_to_binary_netmask(unsigned int cidr);

@ -1493,18 +1493,28 @@ void zeroify_all_flow_counters() {
bool load_our_networks_list() {
if (file_exists(white_list_path)) {
unsigned int network_entries = 0;
std::vector<std::string> network_list_from_config = read_file_to_vector(white_list_path);
for (std::vector<std::string>::iterator ii = network_list_from_config.begin();
ii != network_list_from_config.end(); ++ii) {
if (ii->length() > 0 && is_cidr_subnet(ii->c_str())) {
make_and_lookup(whitelist_tree_ipv4, const_cast<char*>(ii->c_str()));
} else {
logger << log4cpp::Priority::ERROR << "Can't parse line from whitelist: " << *ii;
std::string text_subnet = *ii;
if (text_subnet.empty()) {
continue;
}
if (is_v4_host(text_subnet)) {
logger << log4cpp::Priority::INFO << "Assuming /32 netmask for " << text_subnet;
text_subnet += "/32";
} else if (!is_cidr_subnet(text_subnet)) {
logger << log4cpp::Priority::ERROR << "Can't parse line from whitelist: " << text_subnet;
continue;
}
network_entries++;
make_and_lookup(whitelist_tree_ipv4, const_cast<char*> (text_subnet.c_str()));
}
logger << log4cpp::Priority::INFO << "We loaded " << network_list_from_config.size()
logger << log4cpp::Priority::INFO << "We loaded " << network_entries
<< " networks from whitelist file";
}
@ -1600,7 +1610,7 @@ bool load_our_networks_list() {
for (std::vector<std::string>::iterator ii = networks_list_ipv4_as_string.begin();
ii != networks_list_ipv4_as_string.end(); ++ii) {
if (!is_cidr_subnet(ii->c_str())) {
if (!is_cidr_subnet(*ii)) {
logger << log4cpp::Priority::ERROR << "Can't parse line from subnet list: '" << *ii << "'";
continue;
}
@ -1633,7 +1643,7 @@ bool load_our_networks_list() {
for (std::vector<std::string>::iterator ii = networks_list_ipv6_as_string.begin();
ii != networks_list_ipv6_as_string.end(); ++ii) {
// TODO: add IPv6 subnet format validation
make_and_lookup_ipv6(lookup_tree_ipv6, (char*)ii->c_str());
}