projects / strongswan.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added add_segment() method to IETF attributes
[strongswan.git] / src / libimcv / ietf / ietf_attr_port_filter.c
1 /*
2 * Copyright (C) 2011-2014 Andreas Steffen
3 * HSR Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include "ietf_attr_port_filter.h"
17
18 #include <pa_tnc/pa_tnc_msg.h>
19 #include <bio/bio_writer.h>
20 #include <bio/bio_reader.h>
21 #include <collections/linked_list.h>
22 #include <utils/debug.h>
23
24
25 typedef struct private_ietf_attr_port_filter_t private_ietf_attr_port_filter_t;
26 typedef struct port_entry_t port_entry_t;
27
28 /**
29 * Port Filter entry
30 */
31 struct port_entry_t {
32 bool blocked;
33 u_int8_t protocol;
34 u_int16_t port;
35 };
36
37 /**
38 * PA-TNC Port Filter Type (see section 4.2.6 of RFC 5792)
39 *
40 * 1 2 3
41 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
42 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
43 * | Reserved |B| Protocol | Port Number |
44 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
45 * | Reserved |B| Protocol | Port Number |
46 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
47 */
48
49 #define PORT_FILTER_ENTRY_SIZE 4
50
51 /**
52 * Private data of an ietf_attr_port_filter_t object.
53 */
54 struct private_ietf_attr_port_filter_t {
55
56 /**
57 * Public members of ietf_attr_port_filter_t
58 */
59 ietf_attr_port_filter_t public;
60
61 /**
62 * Vendor-specific attribute type
63 */
64 pen_type_t type;
65
66 /**
67 * Length of attribute value
68 */
69 size_t length;
70
71 /**
72 * Attribute value or segment
73 */
74 chunk_t value;
75
76 /**
77 * Noskip flag
78 */
79 bool noskip_flag;
80
81 /**
82 * List of Port Filter entries
83 */
84 linked_list_t *ports;
85
86 /**
87 * Reference count
88 */
89 refcount_t ref;
90 };
91
92 METHOD(pa_tnc_attr_t, get_type, pen_type_t,
93 private_ietf_attr_port_filter_t *this)
94 {
95 return this->type;
96 }
97
98 METHOD(pa_tnc_attr_t, get_value, chunk_t,
99 private_ietf_attr_port_filter_t *this)
100 {
101 return this->value;
102 }
103
104 METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
105 private_ietf_attr_port_filter_t *this)
106 {
107 return this->noskip_flag;
108 }
109
110 METHOD(pa_tnc_attr_t, set_noskip_flag,void,
111 private_ietf_attr_port_filter_t *this, bool noskip)
112 {
113 this->noskip_flag = noskip;
114 }
115
116 METHOD(pa_tnc_attr_t, build, void,
117 private_ietf_attr_port_filter_t *this)
118 {
119 bio_writer_t *writer;
120 enumerator_t *enumerator;
121 port_entry_t *entry;
122
123 if (this->value.ptr)
124 {
125 return;
126 }
127 writer = bio_writer_create(this->ports->get_count(this->ports) *
128 PORT_FILTER_ENTRY_SIZE);
129
130 enumerator = this->ports->create_enumerator(this->ports);
131 while (enumerator->enumerate(enumerator, &entry))
132 {
133 writer->write_uint8 (writer, entry->blocked ? 0x01 : 0x00);
134 writer->write_uint8 (writer, entry->protocol);
135 writer->write_uint16(writer, entry->port);
136 }
137 enumerator->destroy(enumerator);
138
139 this->value = writer->extract_buf(writer);
140 this->length = this->value.len;
141 writer->destroy(writer);
142 }
143
144 METHOD(pa_tnc_attr_t, process, status_t,
145 private_ietf_attr_port_filter_t *this, u_int32_t *offset)
146 {
147 bio_reader_t *reader;
148 port_entry_t *entry;
149 u_int8_t blocked;
150
151 *offset = 0;
152
153 if (this->value.len < this->length)
154 {
155 return NEED_MORE;
156 }
157 if (this->value.len % PORT_FILTER_ENTRY_SIZE)
158 {
159 DBG1(DBG_TNC, "ietf port filter attribute value is not a multiple of %d",
160 PORT_FILTER_ENTRY_SIZE);
161 return FAILED;
162 }
163 reader = bio_reader_create(this->value);
164
165 while (reader->remaining(reader))
166 {
167 entry = malloc_thing(port_entry_t);
168 reader->read_uint8 (reader, &blocked);
169 entry->blocked = blocked & 0x01;
170 reader->read_uint8 (reader, &entry->protocol);
171 reader->read_uint16(reader, &entry->port);
172 this->ports->insert_last(this->ports, entry);
173 }
174 reader->destroy(reader);
175
176 return SUCCESS;
177 }
178
179 METHOD(pa_tnc_attr_t, add_segment, void,
180 private_ietf_attr_port_filter_t *this, chunk_t segment)
181 {
182 this->value = chunk_cat("mc", this->value, segment);
183 }
184
185 METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
186 private_ietf_attr_port_filter_t *this)
187 {
188 ref_get(&this->ref);
189 return &this->public.pa_tnc_attribute;
190 }
191
192 METHOD(pa_tnc_attr_t, destroy, void,
193 private_ietf_attr_port_filter_t *this)
194 {
195 if (ref_put(&this->ref))
196 {
197 this->ports->destroy_function(this->ports, free);
198 free(this->value.ptr);
199 free(this);
200 }
201 }
202
203 METHOD(ietf_attr_port_filter_t, add_port, void,
204 private_ietf_attr_port_filter_t *this, bool blocked, u_int8_t protocol,
205 u_int16_t port)
206 {
207 port_entry_t *entry;
208
209 entry = malloc_thing(port_entry_t);
210 entry->blocked = blocked;
211 entry->protocol = protocol;
212 entry->port = port;
213 this->ports->insert_last(this->ports, entry);
214 }
215
216 /**
217 * Enumerate port filter entries
218 */
219 static bool port_filter(void *null, port_entry_t **entry,
220 bool *blocked, void *i2, u_int8_t *protocol, void *i3,
221 u_int16_t *port)
222 {
223 *blocked = (*entry)->blocked;
224 *protocol = (*entry)->protocol;
225 *port = (*entry)->port;
226 return TRUE;
227 }
228
229 METHOD(ietf_attr_port_filter_t, create_port_enumerator, enumerator_t*,
230 private_ietf_attr_port_filter_t *this)
231 {
232 return enumerator_create_filter(this->ports->create_enumerator(this->ports),
233 (void*)port_filter, NULL, NULL);
234 }
235
236 /**
237 * Described in header.
238 */
239 pa_tnc_attr_t *ietf_attr_port_filter_create(void)
240 {
241 private_ietf_attr_port_filter_t *this;
242
243 INIT(this,
244 .public = {
245 .pa_tnc_attribute = {
246 .get_type = _get_type,
247 .get_value = _get_value,
248 .get_noskip_flag = _get_noskip_flag,
249 .set_noskip_flag = _set_noskip_flag,
250 .build = _build,
251 .process = _process,
252 .add_segment = _add_segment,
253 .get_ref = _get_ref,
254 .destroy = _destroy,
255 },
256 .add_port = _add_port,
257 .create_port_enumerator = _create_port_enumerator,
258 },
259 .type = { PEN_IETF, IETF_ATTR_PORT_FILTER },
260 .ports = linked_list_create(),
261 .ref = 1,
262 );
263
264 return &this->public.pa_tnc_attribute;
265 }
266
267 /**
268 * Described in header.
269 */
270 pa_tnc_attr_t *ietf_attr_port_filter_create_from_data(size_t length,
271 chunk_t data)
272 {
273 private_ietf_attr_port_filter_t *this;
274
275 INIT(this,
276 .public = {
277 .pa_tnc_attribute = {
278 .get_type = _get_type,
279 .get_value = _get_value,
280 .get_noskip_flag = _get_noskip_flag,
281 .set_noskip_flag = _set_noskip_flag,
282 .build = _build,
283 .process = _process,
284 .add_segment = _add_segment,
285 .get_ref = _get_ref,
286 .destroy = _destroy,
287 },
288 .add_port = _add_port,
289 .create_port_enumerator = _create_port_enumerator,
290 },
291 .type = {PEN_IETF, IETF_ATTR_PORT_FILTER },
292 .length = length,
293 .value = chunk_clone(data),
294 .ports = linked_list_create(),
295 .ref = 1,
296 );
297
298 return &this->public.pa_tnc_attribute;
299 }
300
301
strongSwan - IPsec VPN