diff options
author | Christian Grothoff <christian@grothoff.org> | 2015-05-22 13:27:02 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2015-05-22 13:27:02 +0000 |
commit | 37d9ce1d4544050396b44a1a1ba94429cb86267a (patch) | |
tree | 0bd7899469182f78d6d7255722484958597b446a | |
parent | bad29fd9a1cc3b1c7df7b992212568918c961b52 (diff) | |
download | gnunet-37d9ce1d4544050396b44a1a1ba94429cb86267a.tar.gz gnunet-37d9ce1d4544050396b44a1a1ba94429cb86267a.zip |
do not generate wildcard '.' transitions in policy regex, be precise
-rw-r--r-- | src/tun/regex.c | 17 | ||||
-rw-r--r-- | src/tun/test_regex.c | 23 |
2 files changed, 25 insertions, 15 deletions
diff --git a/src/tun/regex.c b/src/tun/regex.c index 25bd9fbf8..5c8897491 100644 --- a/src/tun/regex.c +++ b/src/tun/regex.c | |||
@@ -1,6 +1,6 @@ | |||
1 | /* | 1 | /* |
2 | This file is part of GNUnet | 2 | This file is part of GNUnet |
3 | Copyright (C) 2012, 2013 Christian Grothoff (and other contributing authors) | 3 | Copyright (C) 2012, 2013, 2015 Christian Grothoff (and other contributing authors) |
4 | 4 | ||
5 | GNUnet is free software; you can redistribute it and/or modify | 5 | GNUnet is free software; you can redistribute it and/or modify |
6 | it under the terms of the GNU General Public License as published | 6 | it under the terms of the GNU General Public License as published |
@@ -27,6 +27,11 @@ | |||
27 | #include "gnunet_util_lib.h" | 27 | #include "gnunet_util_lib.h" |
28 | #include "gnunet_tun_lib.h" | 28 | #include "gnunet_tun_lib.h" |
29 | 29 | ||
30 | /** | ||
31 | * 'wildcard', matches all possible values (for HEX encoding). | ||
32 | */ | ||
33 | #define DOT "(0|1|2|3|4|5|6|7|8|9|A|B|C|D|E|F)" | ||
34 | |||
30 | 35 | ||
31 | /** | 36 | /** |
32 | * Create a regex in @a rxstr from the given @a ip and @a netmask. | 37 | * Create a regex in @a rxstr from the given @a ip and @a netmask. |
@@ -92,7 +97,7 @@ nibble_to_regex (uint8_t value, | |||
92 | switch (mask) | 97 | switch (mask) |
93 | { | 98 | { |
94 | case 0: | 99 | case 0: |
95 | return GNUNET_strdup ("."); /* wildcard */ | 100 | return GNUNET_strdup (DOT); |
96 | case 8: | 101 | case 8: |
97 | GNUNET_asprintf (&ret, | 102 | GNUNET_asprintf (&ret, |
98 | "(%X|%X|%X|%X|%X|%X|%X|%X)", | 103 | "(%X|%X|%X|%X|%X|%X|%X|%X)", |
@@ -236,7 +241,7 @@ compute_policy (unsigned int start, | |||
236 | char middlehp[33+2]; /* 16 * 2 + 0-terminator + () */ | 241 | char middlehp[33+2]; /* 16 * 2 + 0-terminator + () */ |
237 | char middlelp[33+2]; /* 16 * 2 + 0-terminator + () */ | 242 | char middlelp[33+2]; /* 16 * 2 + 0-terminator + () */ |
238 | char afterp[36+2]; /* 16 * 2 + 3 dots + 0-terminator + () */ | 243 | char afterp[36+2]; /* 16 * 2 + 3 dots + 0-terminator + () */ |
239 | char dots[4]; | 244 | char dots[5 * strlen (DOT)]; |
240 | char buf[3]; | 245 | char buf[3]; |
241 | char *middle; | 246 | char *middle; |
242 | char *ret; | 247 | char *ret; |
@@ -311,7 +316,7 @@ compute_policy (unsigned int start, | |||
311 | strcpy (afterp, after); | 316 | strcpy (afterp, after); |
312 | dots[0] = '\0'; | 317 | dots[0] = '\0'; |
313 | for (xstep=step/16;xstep>0;xstep/=16) | 318 | for (xstep=step/16;xstep>0;xstep/=16) |
314 | strcat (dots, "."); | 319 | strcat (dots, DOT); |
315 | if (step >= 16) | 320 | if (step >= 16) |
316 | { | 321 | { |
317 | if (strlen (middlel) > 0) | 322 | if (strlen (middlel) > 0) |
@@ -516,7 +521,7 @@ port_to_regex (const struct GNUNET_STRINGS_PortPolicy *pp) | |||
516 | ( (1 == pp->start_port) && | 521 | ( (1 == pp->start_port) && |
517 | (0xFFFF == pp->end_port) && | 522 | (0xFFFF == pp->end_port) && |
518 | (GNUNET_NO == pp->negate_portrange)) ) | 523 | (GNUNET_NO == pp->negate_portrange)) ) |
519 | return GNUNET_strdup ("...."); | 524 | return GNUNET_strdup (DOT DOT DOT DOT); |
520 | if ( (pp->start_port == pp->end_port) && | 525 | if ( (pp->start_port == pp->end_port) && |
521 | (GNUNET_NO == pp->negate_portrange)) | 526 | (GNUNET_NO == pp->negate_portrange)) |
522 | { | 527 | { |
@@ -685,7 +690,7 @@ ipv6_to_regex (const struct GNUNET_STRINGS_IPv6NetworkPolicy *v6) | |||
685 | * Convert an exit policy to a regular expression. The exit policy | 690 | * Convert an exit policy to a regular expression. The exit policy |
686 | * specifies a set of subnets this peer is willing to serve as an | 691 | * specifies a set of subnets this peer is willing to serve as an |
687 | * exit for; the resulting regular expression will match the | 692 | * exit for; the resulting regular expression will match the |
688 | * IPv4 address strings as returned by 'GNUNET_TUN_ipv4toregexsearch'. | 693 | * IPv4 address strings as returned by #GNUNET_TUN_ipv4toregexsearch(). |
689 | * | 694 | * |
690 | * @param policy exit policy specification | 695 | * @param policy exit policy specification |
691 | * @return regular expression, NULL on error | 696 | * @return regular expression, NULL on error |
diff --git a/src/tun/test_regex.c b/src/tun/test_regex.c index 162a73b4b..f3cf7f7e1 100644 --- a/src/tun/test_regex.c +++ b/src/tun/test_regex.c | |||
@@ -25,6 +25,11 @@ | |||
25 | #include "platform.h" | 25 | #include "platform.h" |
26 | #include "gnunet_tun_lib.h" | 26 | #include "gnunet_tun_lib.h" |
27 | 27 | ||
28 | /** | ||
29 | * 'wildcard', matches all possible values (for HEX encoding). | ||
30 | */ | ||
31 | #define DOT "(0|1|2|3|4|5|6|7|8|9|A|B|C|D|E|F)" | ||
32 | |||
28 | 33 | ||
29 | static int | 34 | static int |
30 | test_iptoregex (const char *ipv4, | 35 | test_iptoregex (const char *ipv4, |
@@ -144,31 +149,31 @@ main (int argc, char *argv[]) | |||
144 | "6-0031-E1E173F951BE00000000000000000000"); | 149 | "6-0031-E1E173F951BE00000000000000000000"); |
145 | error += | 150 | error += |
146 | test_policy4toregex ("192.1.2.0/24:80;", | 151 | test_policy4toregex ("192.1.2.0/24:80;", |
147 | "4-0050-C00102.."); | 152 | "4-0050-C00102" DOT DOT); |
148 | error += | 153 | error += |
149 | test_policy4toregex ("192.1.0.0/16;", | 154 | test_policy4toregex ("192.1.0.0/16;", |
150 | "4-....-C001...."); | 155 | "4-" DOT DOT DOT DOT "-C001" DOT DOT DOT DOT); |
151 | error += | 156 | error += |
152 | test_policy4toregex ("192.1.0.0/16:80-81;", | 157 | test_policy4toregex ("192.1.0.0/16:80-81;", |
153 | "4-(0050|0051)-C001...."); | 158 | "4-(0050|0051)-C001" DOT DOT DOT DOT); |
154 | error += | 159 | error += |
155 | test_policy4toregex ("192.1.0.0/8:!3-65535;", | 160 | test_policy4toregex ("192.1.0.0/8:!3-65535;", |
156 | "4-000(0|1|2)-C0......"); | 161 | "4-000(0|1|2)-C0" DOT DOT DOT DOT DOT DOT); |
157 | error += | 162 | error += |
158 | test_policy4toregex ("192.1.0.0/8:!25-56;", | 163 | test_policy4toregex ("192.1.0.0/8:!25-56;", |
159 | "4-(0(0(0.|1(0|1|2|3|4|5|6|7|8)|3(9|A|B|C|D|E|F)|(4|5|6|7|8|9|A|B|C|D|E|F).)|(1|2|3|4|5|6|7|8|9|A|B|C|D|E|F)..)|(1|2|3|4|5|6|7|8|9|A|B|C|D|E|F)...)-C0......"); | 164 | "4-(0(0(0"DOT"|1(0|1|2|3|4|5|6|7|8)|3(9|A|B|C|D|E|F)|(4|5|6|7|8|9|A|B|C|D|E|F)"DOT")|(1|2|3|4|5|6|7|8|9|A|B|C|D|E|F)"DOT DOT")|(1|2|3|4|5|6|7|8|9|A|B|C|D|E|F)"DOT DOT DOT")-C0"DOT DOT DOT DOT DOT DOT); |
160 | error += | 165 | error += |
161 | test_policy6toregex ("E1E1::1;", | 166 | test_policy6toregex ("E1E1::1;", |
162 | "6-....-E1E10000000000000000000000000001"); | 167 | "6-"DOT DOT DOT DOT"-E1E10000000000000000000000000001"); |
163 | error += | 168 | error += |
164 | test_policy6toregex ("E1E1:ABCD::1/120;", | 169 | test_policy6toregex ("E1E1:ABCD::1/120;", |
165 | "6-....-E1E1ABCD0000000000000000000000.."); | 170 | "6-"DOT DOT DOT DOT"-E1E1ABCD0000000000000000000000" DOT DOT); |
166 | error += | 171 | error += |
167 | test_policy6toregex ("E1E1:ABCD::ABCD/126;", | 172 | test_policy6toregex ("E1E1:ABCD::ABCD/126;", |
168 | "6-....-E1E1ABCD00000000000000000000ABC(C|D|E|F)"); | 173 | "6-"DOT DOT DOT DOT"-E1E1ABCD00000000000000000000ABC(C|D|E|F)"); |
169 | error += | 174 | error += |
170 | test_policy6toregex ("E1E1:ABCD::ABCD/127;", | 175 | test_policy6toregex ("E1E1:ABCD::ABCD/127;", |
171 | "6-....-E1E1ABCD00000000000000000000ABC(C|D)"); | 176 | "6-"DOT DOT DOT DOT"-E1E1ABCD00000000000000000000ABC(C|D)"); |
172 | error += | 177 | error += |
173 | test_policy6toregex ("E1E1:ABCD::ABCD/128:80;", | 178 | test_policy6toregex ("E1E1:ABCD::ABCD/128:80;", |
174 | "6-0050-E1E1ABCD00000000000000000000ABCD"); | 179 | "6-0050-E1E1ABCD00000000000000000000ABCD"); |