975aa46acbd500b2787535bcf34345fd80cadcaa
[strongswan.git] / src / libimcv / ietf / ietf_attr_port_filter.c
1 /*
2 * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 */
14
15 #include "ietf_attr_port_filter.h"
16
17 #include <pa_tnc/pa_tnc_msg.h>
18 #include <bio/bio_writer.h>
19 #include <bio/bio_reader.h>
20 #include <utils/linked_list.h>
21 #include <debug.h>
22
23
24 typedef struct private_ietf_attr_port_filter_t private_ietf_attr_port_filter_t;
25 typedef struct port_entry_t port_entry_t;
26
27 /**
28 * Port Filter entry
29 */
30 struct port_entry_t {
31 bool blocked;
32 u_int8_t protocol;
33 u_int16_t port;
34 };
35
36 /**
37 * PA-TNC Port Filter Type (see section 4.2.6 of RFC 5792)
38 *
39 * 1 2 3
40 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
41 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
42 * | Reserved |B| Protocol | Port Number |
43 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
44 * | Reserved |B| Protocol | Port Number |
45 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
46 */
47
48 #define PORT_FILTER_ENTRY_SIZE 4
49
50 /**
51 * Private data of an ietf_attr_port_filter_t object.
52 */
53 struct private_ietf_attr_port_filter_t {
54
55 /**
56 * Public members of ietf_attr_port_filter_t
57 */
58 ietf_attr_port_filter_t public;
59
60 /**
61 * Attribute vendor ID
62 */
63 pen_t vendor_id;
64
65 /**
66 * Attribute type
67 */
68 u_int32_t type;
69
70 /**
71 * Attribute value
72 */
73 chunk_t value;
74
75 /**
76 * Noskip flag
77 */
78 bool noskip_flag;
79
80 /**
81 * List of Port Filter entries
82 */
83 linked_list_t *ports;
84 };
85
86 METHOD(pa_tnc_attr_t, get_vendor_id, pen_t,
87 private_ietf_attr_port_filter_t *this)
88 {
89 return this->vendor_id;
90 }
91
92 METHOD(pa_tnc_attr_t, get_type, u_int32_t,
93 private_ietf_attr_port_filter_t *this)
94 {
95 return this->type;
96 }
97
98 METHOD(pa_tnc_attr_t, get_value, chunk_t,
99 private_ietf_attr_port_filter_t *this)
100 {
101 return this->value;
102 }
103
104 METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
105 private_ietf_attr_port_filter_t *this)
106 {
107 return this->noskip_flag;
108 }
109
110 METHOD(pa_tnc_attr_t, set_noskip_flag,void,
111 private_ietf_attr_port_filter_t *this, bool noskip)
112 {
113 this->noskip_flag = noskip;
114 }
115
116 METHOD(pa_tnc_attr_t, build, void,
117 private_ietf_attr_port_filter_t *this)
118 {
119 bio_writer_t *writer;
120 enumerator_t *enumerator;
121 port_entry_t *entry;
122
123 writer = bio_writer_create(this->ports->get_count(this->ports) *
124 PORT_FILTER_ENTRY_SIZE);
125
126 enumerator = this->ports->create_enumerator(this->ports);
127 while (enumerator->enumerate(enumerator, &entry))
128 {
129 writer->write_uint8 (writer, entry->blocked ? 0x01 : 0x00);
130 writer->write_uint8 (writer, entry->protocol);
131 writer->write_uint16(writer, entry->port);
132 }
133 enumerator->destroy(enumerator);
134
135 this->value = chunk_clone(writer->get_buf(writer));
136 writer->destroy(writer);
137 }
138
139 METHOD(pa_tnc_attr_t, process, status_t,
140 private_ietf_attr_port_filter_t *this)
141 {
142 bio_reader_t *reader;
143 port_entry_t *entry;
144 u_int8_t blocked;
145
146 if (this->value.len % PORT_FILTER_ENTRY_SIZE)
147 {
148 return FAILED;
149 }
150 reader = bio_reader_create(this->value);
151
152 while (reader->remaining(reader))
153 {
154 entry = malloc_thing(port_entry_t);
155 reader->read_uint8 (reader, &blocked);
156 entry->blocked = blocked & 0x01;
157 reader->read_uint8 (reader, &entry->protocol);
158 reader->read_uint16(reader, &entry->port);
159 this->ports->insert_last(this->ports, entry);
160 }
161 reader->destroy(reader);
162
163 return SUCCESS;
164 }
165
166 METHOD(pa_tnc_attr_t, destroy, void,
167 private_ietf_attr_port_filter_t *this)
168 {
169 this->ports->destroy_function(this->ports, free);
170 free(this->value.ptr);
171 free(this);
172 }
173
174 METHOD(ietf_attr_port_filter_t, add_port, void,
175 private_ietf_attr_port_filter_t *this, bool blocked, u_int8_t protocol,
176 u_int16_t port)
177 {
178 port_entry_t *entry;
179
180 entry = malloc_thing(port_entry_t);
181 entry->blocked = blocked;
182 entry->protocol = protocol;
183 entry->port = port;
184 this->ports->insert_last(this->ports, entry);
185 }
186
187 /**
188 * Enumerate port filter entries
189 */
190 static bool port_filter(void *null, port_entry_t **entry,
191 bool *blocked, void *i2, u_int8_t *protocol, void *i3,
192 u_int16_t *port)
193 {
194 *blocked = (*entry)->blocked;
195 *protocol = (*entry)->protocol;
196 *port = (*entry)->port;
197 return TRUE;
198 }
199
200 METHOD(ietf_attr_port_filter_t, create_port_enumerator, enumerator_t*,
201 private_ietf_attr_port_filter_t *this)
202 {
203 return enumerator_create_filter(this->ports->create_enumerator(this->ports),
204 (void*)port_filter, NULL, NULL);
205 }
206
207 /**
208 * Described in header.
209 */
210 pa_tnc_attr_t *ietf_attr_port_filter_create(void)
211 {
212 private_ietf_attr_port_filter_t *this;
213
214 INIT(this,
215 .public = {
216 .pa_tnc_attribute = {
217 .get_vendor_id = _get_vendor_id,
218 .get_type = _get_type,
219 .get_value = _get_value,
220 .get_noskip_flag = _get_noskip_flag,
221 .set_noskip_flag = _set_noskip_flag,
222 .build = _build,
223 .process = _process,
224 .destroy = _destroy,
225 },
226 .add_port = _add_port,
227 .create_port_enumerator = _create_port_enumerator,
228 },
229 .vendor_id = PEN_IETF,
230 .type = IETF_ATTR_PORT_FILTER,
231 .ports = linked_list_create(),
232 );
233
234 return &this->public.pa_tnc_attribute;
235 }
236
237 /**
238 * Described in header.
239 */
240 pa_tnc_attr_t *ietf_attr_port_filter_create_from_data(chunk_t data)
241 {
242 private_ietf_attr_port_filter_t *this;
243
244 INIT(this,
245 .public = {
246 .pa_tnc_attribute = {
247 .get_vendor_id = _get_vendor_id,
248 .get_type = _get_type,
249 .get_value = _get_value,
250 .build = _build,
251 .process = _process,
252 .destroy = _destroy,
253 },
254 .add_port = _add_port,
255 .create_port_enumerator = _create_port_enumerator,
256 },
257 .vendor_id = PEN_IETF,
258 .type = IETF_ATTR_PORT_FILTER,
259 .value = chunk_clone(data),
260 .ports = linked_list_create(),
261 );
262
263 return &this->public.pa_tnc_attribute;
264 }
265
266