NuFW: Nubase Library

void clear_ipv6 ( struct in6_addr * ipv6 )

Set IPv6 address to "empty" address ("::")

Definition at line 47 of file ipv6.c.

int compare_ipv6_with_mask	(	const struct in6_addr *	addr1,
		const struct in6_addr *	addr2,
		const struct in6_addr *	mask
	)

Compare addr1 with (addr2 & netmask)

Returns:: 0 if they match, integer different than zero otherwise (memcmp result)

Definition at line 234 of file ipv6.c.

Referenced by match_ip(), and parse_ips().

void create_ipv6_netmask	(	struct in6_addr *	netmask,
		int	mask
	)

Create an IPv6 netmask

Definition at line 257 of file ipv6.c.

Referenced by parse_ips().

void do_log_area_printf	(	int	area,
		int	priority,
		char *	format,
		va_list	args
	)

Display a message to log, the syntax for format is the same as printf(). The priority is used for syslog.

Definition at line 93 of file log.c.

References debug_areas, debug_level, log_engine, LOG_TO_SYSLOG, MAX_DEBUG_LEVEL, MIN_DEBUG_LEVEL, and syslog_priority_map.

Referenced by log_area_printf(), and log_printf().

void format_ipv6	(	const struct in6_addr *	addr,
		char *	buffer,
		size_t	buflen,
		uint8_t *	protocol
	)

Format IPv6 address in specified string buffer. Use IPv4 format ("192.168.0.1") for IPv4 in IPv6 address (ffff:192.168.0.2).

If protocol is not NULL, it will contains the address family: AF_INET (IPv4) or AF_INET6 (IPv6).

Returns new allocated string.

Definition at line 123 of file ipv6.c.

References is_ipv4(), and SECURE_STRNCPY.

Referenced by add_client(), auth_error_log(), create_message_autherr(), create_message_packet(), create_message_session(), parse_ips(), sasl_parse_user_os(), sasl_user_check(), set_source0_address(), str_print_tracking_t(), tls_nufw_accept(), tls_sasl_connect(), tls_user_accept(), user_check_and_decide(), user_packet_logs(), user_session_logs(), and warn_clients().

Here is the call graph for this function:

int get_icmp_headers	(	tracking_t *	tracking,
		const unsigned char *	dgram,
		unsigned int	dgram_size
	)

Fill ICMP fields (type and code) of the connection tracking (tracking_t) structure.

Parameters:

	tracking	Pointer to a connection tracking
	dgram	Pointer to packet datas
	dgram_size	Number of bytes in the packet

Returns:: If an error occurs return 1, else returns 0

Definition at line 288 of file packet_parser.c.

References tracking_t::code, tracking_t::dest, tracking_t::source, and tracking_t::type.

Referenced by parse_dgram().

int get_icmpv6_headers	(	tracking_t *	tracking,
		const unsigned char *	dgram,
		unsigned int	dgram_size
	)

Parse ICMPv6 header: extract type and code fields for the connection tracking (tracking_t) structure.

Parameters:

	tracking	Pointer to a connection tracking
	dgram	Pointer to packet datas
	dgram_size	Number of bytes in the packet

Returns:: If an error occurs return 1, else returns 0

Definition at line 317 of file packet_parser.c.

References tracking_t::code, tracking_t::dest, tracking_t::source, and tracking_t::type.

Referenced by parse_dgram().

unsigned int get_ip_headers	(	tracking_t *	tracking,
		const unsigned char *	dgram,
		unsigned int	dgram_size
	)

Fill IP fields (saddr, daddr and protocol) of the a connection tracking (tracking_t) structure.

Parameters:

	tracking	Pointer to a connection tracking
	dgram	Pointer to packet datas
	dgram_size	Number of bytes in the packet

Returns:: Offset to next type of headers, or 0 if the packet is not recognized

Definition at line 56 of file packet_parser.c.

References tracking_t::daddr, tracking_t::protocol, tracking_t::saddr, and uint32_to_ipv6().

Referenced by parse_dgram().

Here is the call graph for this function:

tcp_state_t get_tcp_headers	(	tracking_t *	tracking,
		const unsigned char *	dgram,
		unsigned int	dgram_size
	)

Fill TCP fields (source and dest) of the connection tracking (tracking_t) structure.

Parameters:

	tracking	Pointer to a connection tracking
	dgram	Pointer to packet datas
	dgram_size	Number of bytes in the packet

Returns:: State of the TCP connection (TCP_STATE_OPEN, TCP_STATE_ESTABLISHED, TCP_STATE_CLOSE), or TCP_STATE_UNKNOW if an error occurs.

Definition at line 244 of file packet_parser.c.

References tracking_t::code, tracking_t::dest, tracking_t::source, TCP_STATE_CLOSE, TCP_STATE_ESTABLISHED, TCP_STATE_OPEN, TCP_STATE_UNKNOW, and tracking_t::type.

Referenced by parse_dgram().

int get_udp_headers	(	tracking_t *	tracking,
		const unsigned char *	dgram,
		unsigned int	dgram_size
	)

Fill UDP fields (source and dest) of a connection tracking (tracking_t) structure.

Parameters:

	tracking	Pointer to a connection tracking
	dgram	Pointer to packet datas
	dgram_size	Number of bytes in the packet

Returns:: If an error occurs return 1, else returns 0

Definition at line 212 of file packet_parser.c.

References tracking_t::code, tracking_t::dest, tracking_t::source, and tracking_t::type.

Referenced by parse_dgram().

int getsockname_ipv6	(	int	fileno,
		struct in6_addr *	addr
	)

Get socket "name" (local address) as IPv6 address

Returns:: 0 on error, 1 on success

Definition at line 155 of file ipv6.c.

References clear_ipv6(), and ipv4_to_ipv6().

Referenced by tls_sasl_connect().

Here is the call graph for this function:

int hex2ipv6	(	const char *	text,
		struct in6_addr *	ip
	)

Convert an IPv6 address as hexadecimal without ":" separator (32 characters) into in6_addr structure.

Returns:: Returns 0 on failure, or 1 on error.

Definition at line 188 of file ipv6.c.

References READ, and SECURE_STRNCPY.

void init_log_engine ( const char * log_id )

Initialize log engine: initialize syslog if it's used (see log_engine).

Definition at line 77 of file log.c.

References log_engine, LOG_FACILITY, LOG_TO_SYSLOG, and SYSLOG_OPTS.

Referenced by main().

void ipv4_to_ipv6	(	const struct in_addr	ipv4,
		struct in6_addr *	ipv6
	)

Convert IPv4 address (as in_addr struture) to IPv6 address: add 96 bits prefix "::ffff:" to get IPv6 address "::ffff:a.b.c.d".

Definition at line 75 of file ipv6.c.

References uint32_to_ipv6().

Referenced by generate_inaddr_list(), getsockname_ipv6(), parse_ips(), tls_nufw_accept(), and tls_user_accept().

Here is the call graph for this function:

int ipv6_equal	(	const struct in6_addr *	ipa,
		const struct in6_addr *	ipb
	)

Compare two IPv6 addresses.

Returns:: 1 on equality, 0 otherwise.

Definition at line 224 of file ipv6.c.

Referenced by check_inaddr_in_array(), get_nufw_server_by_addr(), init_client_struct(), localid_insert_message(), push_worker(), tcptable_find(), tracking_equal(), user_check_and_decide(), and user_request().

void ipv6_to_ipv4	(	const struct in6_addr *	ipv6,
		struct in_addr *	ipv4
	)

Convert IPv6 address (as in6_addr struture) to IPv4 address (in_addr): copy 32 bits address.

Definition at line 84 of file ipv6.c.

Referenced by acl_check().

int is_ipv4 ( const struct in6_addr * addr )

Check if a IPv6 address is a IPv4 or not.

Returns:: 1 for IPv4 and 0 for IPv6

Definition at line 98 of file ipv6.c.

Referenced by acl_check(), format_ipv6(), formatINET(), ipv6_to_sql(), and send_auth_response().

LLIST_HEAD ( config_table_list )

void log_area_printf	(	debug_area_t	area,
		debug_level_t	priority,
		char *	format,
			...
	)

Display a message to log, the syntax for format is the same as printf(). The priority is used for syslog.

Definition at line 127 of file log.c.

References do_log_area_printf().

Referenced by auth_packet_to_decision(), auth_process_answer(), auth_request_send(), authsrv(), configure_app(), create_thread(), init_x509_filenames(), install_signals(), look_for_tcp_flags(), main(), nufw_cleanup(), nufw_hard_cleanup(), nufw_stop_thread(), packetsrv(), packetsrv_ipq_process(), padd(), psearch_and_destroy(), shutdown_tls(), tls_connect(), tls_crl_update_each_session(), and tls_nufw_accept().

Here is the call graph for this function:

void log_printf	(	debug_level_t	priority,
		char *	format,
			...
	)

Display a message to log, the syntax for format is the same as printf(). The priority is used for syslog.

Definition at line 140 of file log.c.

References DEBUG_AREA_ALL, and do_log_area_printf().

Referenced by nufw_daemonize(), process_hup(), process_usr1(), and process_usr2().

Here is the call graph for this function:

struct config_table_t* nubase_config_table_append	(	char *	key,
		char *	value
	)

Definition at line 83 of file config-table.c.

References nubase_config_table_get().

Referenced by nubase_config_table_set().

Here is the call graph for this function:

void nubase_config_table_destroy ( void )

Definition at line 104 of file config-table.c.

References config_table_t::key, config_table_t::list, and config_table_t::value.

Referenced by main(), and nuauth_reload().

char* nubase_config_table_get ( char * key )

Definition at line 44 of file config-table.c.

References config_table_t::key, config_table_t::list, and config_table_t::value.

Referenced by init_module_from_conf(), init_nuauthconf(), main(), nubase_config_table_append(), nubase_config_table_get_alwaysstring(), nubase_config_table_get_or_default(), nubase_config_table_set(), and tls_common_init().

char* nubase_config_table_get_alwaysstring ( char * key )

Definition at line 57 of file config-table.c.

References nubase_config_table_get().

Referenced by main().

Here is the call graph for this function:

char* nubase_config_table_get_or_default	(	char *	key,
		char *	replace
	)

Definition at line 67 of file config-table.c.

References nubase_config_table_get().

Referenced by conf_get_int_default(), init_module_from_conf(), init_nuauthconf(), load_modules(), main(), nubase_config_table_get_or_default_int(), and tls_common_init().

Here is the call graph for this function:

int nubase_config_table_get_or_default_int	(	char *	key,
		int	defint
	)

Definition at line 142 of file config-table.c.

References nubase_config_table_get_or_default(), and str_itoa().

Referenced by g_module_check_init(), init_module_from_conf(), init_nuauthconf(), tls_common_init(), tls_nufw_init(), tls_user_init(), and tls_user_setcert_auth_params().

Here is the call graph for this function:

void nubase_config_table_print	(	void *	userdata,
		void()(void data, char *keyeqval)	func
	)

Definition at line 154 of file config-table.c.

References config_table_t::key, config_table_t::list, secure_snprintf(), and config_table_t::value.

Here is the call graph for this function:

struct config_table_t* nubase_config_table_set	(	char *	key,
		char *	value
	)

Definition at line 123 of file config-table.c.

References config_table_t::key, config_table_t::list, nubase_config_table_append(), and nubase_config_table_get().

Referenced by main().

Here is the call graph for this function:

void nubase_log_engine_set ( int engine )

Definition at line 84 of file log.c.

References log_engine.

int secure_snprintf	(	char *	buffer,
		size_t	buffer_size,
		char *	format,
			...
	)

Function snprintf() which check buffer overflow, and always write a '\0' to the end of the buffer.

Parameters:

	buffer	Buffer where characters are written
	buffer_size	Buffer size (in bytes), usually equals to sizeof(buffer)
	format	Format string (see printf() documentation)

Returns:: Returns FALSE if a buffer overflow occurs, TRUE is everything goes fine.

Definition at line 50 of file strings.c.

References FALSE, and TRUE.

Referenced by acl_check(), add_user_information(), build_insert_request(), compute_run_pid(), compute_user_config_path(), copy_filename(), create_message_autherr(), create_message_packet(), create_message_session(), destroy_user_connections(), feed_target_nuauth(), get_user_groups(), get_user_id(), ip_authentication(), ipv6_to_sql(), ldap_conn_init(), log_state_close(), log_state_established(), log_state_open(), mysql_close_open_user_sessions(), nu_client_load_ca(), nu_client_load_key(), nubase_config_table_print(), pgsql_close_open_user_sessions(), pgsql_insert(), pgsql_update_close(), pgsql_update_state(), sasl_user_check(), send_os(), set_nufw_infos(), set_os_infos(), user_check(), and user_session_logs().

char* str_extract_until	(	char *	str,
		int	c
	)

Function which extracts a string until char 'c' is found

Parameters:

	str	input string
	c	character to match the string until

Returns:: Returns NULL if error, or the new allocated string

Definition at line 78 of file strings.c.

char* str_itoa ( int i )

Definition at line 184 of file strings.c.

Referenced by conf_get_int_default(), init_nuauthconf(), main(), and nubase_config_table_get_or_default_int().

int str_to_int	(	const char *	text,
		int *	value
	)

Convert a string to integer number (value in INT_MIN..INT_MAX). Skip spaces before number value if any. Return 0 on error, 1 otherwise.

Definition at line 157 of file strings.c.

References str_to_long().

Here is the call graph for this function:

int str_to_long	(	const char *	text,
		long *	value
	)

Convert a string to a signed long integer number. Skip spaces before first digit. Return 0 on error, 1 otherwise.

Definition at line 113 of file strings.c.

References err.

Referenced by str_to_int().

int str_to_uint32	(	const char *	text,
		uint32_t *	value
	)

Convert a string to a 32-bit unsigned integer (value in 0..4294967295). Skip spaces before number value if any. Returns 0 on error, 1 otherwise.

Definition at line 173 of file strings.c.

References str_to_ulong().

Referenced by parse_field_file(), parse_group_file(), and parse_group_list().

Here is the call graph for this function:

int str_to_ulong	(	const char *	text,
		unsigned long *	value
	)

Convert a string to an unsigned long integer number. Skip spaces before first digit. Return 0 on error, 1 otherwise.

Definition at line 135 of file strings.c.

References err.

Referenced by str_to_uint32().

void uint32_to_ipv6	(	const uint32_t	ipv4,
		struct in6_addr *	ipv6
	)

Convert IPv4 address (as 32-bit unsigned integer) to IPv6 address: add 96 bits prefix "::ffff:" to get IPv6 address "::ffff:a.b.c.d".

Definition at line 56 of file ipv6.c.

Referenced by authpckt_conntrack_v3(), build_conntrack_msg_from_mysql(), get_ip_headers(), ipv4_to_ipv6(), tcptable_read(), and user_process_field_ipv4().

int debug_areas

Debug areas, default value: DEFAULT_DEBUG_AREAS (all areas)

Definition at line 56 of file log.c.

Referenced by do_log_area_printf(), init_nuauthconf(), and main().

int debug_level

Debug level, default valut: DEFAULT_DEBUG_LEVEL

Definition at line 55 of file log.c.

Referenced by do_log_area_printf(), init_nuauthconf(), main(), process_usr1(), and process_usr2().

int log_engine

Log engine used:

if equals to LOG_TO_SYSLOG, use syslog
else use printf()
See also:
log_printf()

Definition at line 53 of file log.c.

Referenced by do_log_area_printf(), init_log_engine(), main(), nubase_log_engine_set(), and nufw_daemonize().

int syslog_priority_map[MAX_DEBUG_LEVEL-MIN_DEBUG_LEVEL+1]

Initial value:

 {
        LOG_FACILITY || LOG_ALERT,      
        LOG_FACILITY || LOG_CRIT,       
        LOG_FACILITY || LOG_WARNING,    
        LOG_FACILITY || LOG_WARNING,    
        LOG_FACILITY || LOG_NOTICE,     
        LOG_FACILITY || LOG_NOTICE,     
        LOG_FACILITY || LOG_INFO,       
        LOG_FACILITY || LOG_DEBUG,      
        LOG_FACILITY || LOG_DEBUG       
}

Convert NuFW verbosity level to syslog priority.

Definition at line 62 of file log.c.

Referenced by do_log_area_printf().

Nubase Library

Files

Functions

Variables

Detailed Description

Function Documentation

Variable Documentation


Files
file	config-table.c
	Configuration file parsing function.
file	ipv6.c
	IPv6 related function.
file	log.c
	Initialize and write messages in log.
file	packet_parser.c
	Functions to parse a network packet.
file	strings.c
	String utility functions.
Functions
	LLIST_HEAD (config_table_list)
char *	nubase_config_table_get (char *key)
char *	nubase_config_table_get_alwaysstring (char *key)
char *	nubase_config_table_get_or_default (char key, char replace)
config_table_t *	nubase_config_table_append (char key, char value)
void	nubase_config_table_destroy (void)
config_table_t *	nubase_config_table_set (char key, char value)
int	nubase_config_table_get_or_default_int (char *key, int defint)
void	nubase_config_table_print (void userdata, void(func)(void data, char keyeqval))
void	clear_ipv6 (struct in6_addr *ipv6)
void	uint32_to_ipv6 (const uint32_t ipv4, struct in6_addr *ipv6)
void	ipv4_to_ipv6 (const struct in_addr ipv4, struct in6_addr *ipv6)
void	ipv6_to_ipv4 (const struct in6_addr ipv6, struct in_addr ipv4)
int	is_ipv4 (const struct in6_addr *addr)
void	format_ipv6 (const struct in6_addr addr, char buffer, size_t buflen, uint8_t *protocol)
int	getsockname_ipv6 (int fileno, struct in6_addr *addr)
int	hex2ipv6 (const char text, struct in6_addr ip)
int	ipv6_equal (const struct in6_addr ipa, const struct in6_addr ipb)
int	compare_ipv6_with_mask (const struct in6_addr addr1, const struct in6_addr addr2, const struct in6_addr *mask)
void	create_ipv6_netmask (struct in6_addr *netmask, int mask)
void	init_log_engine (const char *log_id)
void	nubase_log_engine_set (int engine)
void	do_log_area_printf (int area, int priority, char *format, va_list args)
void	log_area_printf (debug_area_t area, debug_level_t priority, char *format,...)
void	log_printf (debug_level_t priority, char *format,...)
unsigned int	get_ip_headers (tracking_t tracking, const unsigned char dgram, unsigned int dgram_size)
int	get_udp_headers (tracking_t tracking, const unsigned char dgram, unsigned int dgram_size)
tcp_state_t	get_tcp_headers (tracking_t tracking, const unsigned char dgram, unsigned int dgram_size)
int	get_icmp_headers (tracking_t tracking, const unsigned char dgram, unsigned int dgram_size)
int	get_icmpv6_headers (tracking_t tracking, const unsigned char dgram, unsigned int dgram_size)
int	secure_snprintf (char buffer, size_t buffer_size, char format,...)
char *	str_extract_until (char *str, int c)
int	str_to_long (const char text, long value)
int	str_to_ulong (const char text, unsigned long value)
int	str_to_int (const char text, int value)
int	str_to_uint32 (const char text, uint32_t value)
char *	str_itoa (int i)
Variables
int	log_engine
int	debug_level
int	debug_areas
int	syslog_priority_map [MAX_DEBUG_LEVEL-MIN_DEBUG_LEVEL+1]