read PDP server name from strongswan.conf
[strongswan.git] / src / libimcv / ietf / ietf_attr_port_filter.c
1 /*
2 * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
3 *
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms of the GNU General Public License as published by the
6 * Free Software Foundation; either version 2 of the License, or (at your
7 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
8 *
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * for more details.
13 */
14
15 #include "ietf_attr_port_filter.h"
16
17 #include <pa_tnc/pa_tnc_msg.h>
18 #include <bio/bio_writer.h>
19 #include <bio/bio_reader.h>
20 #include <utils/linked_list.h>
21 #include <debug.h>
22
23
24 typedef struct private_ietf_attr_port_filter_t private_ietf_attr_port_filter_t;
25 typedef struct port_entry_t port_entry_t;
26
27 /**
28 * Port Filter entry
29 */
30 struct port_entry_t {
31 bool blocked;
32 u_int8_t protocol;
33 u_int16_t port;
34 };
35
36 /**
37 * PA-TNC Port Filter Type (see section 4.2.6 of RFC 5792)
38 *
39 * 1 2 3
40 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
41 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
42 * | Reserved |B| Protocol | Port Number |
43 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
44 * | Reserved |B| Protocol | Port Number |
45 * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
46 */
47
48 #define PORT_FILTER_ENTRY_SIZE 4
49
50 /**
51 * Private data of an ietf_attr_port_filter_t object.
52 */
53 struct private_ietf_attr_port_filter_t {
54
55 /**
56 * Public members of ietf_attr_port_filter_t
57 */
58 ietf_attr_port_filter_t public;
59
60 /**
61 * Attribute vendor ID
62 */
63 pen_t vendor_id;
64
65 /**
66 * Attribute type
67 */
68 u_int32_t type;
69
70 /**
71 * Attribute value
72 */
73 chunk_t value;
74
75 /**
76 * Noskip flag
77 */
78 bool noskip_flag;
79
80 /**
81 * List of Port Filter entries
82 */
83 linked_list_t *ports;
84
85 /**
86 * Reference count
87 */
88 refcount_t ref;
89 };
90
91 METHOD(pa_tnc_attr_t, get_vendor_id, pen_t,
92 private_ietf_attr_port_filter_t *this)
93 {
94 return this->vendor_id;
95 }
96
97 METHOD(pa_tnc_attr_t, get_type, u_int32_t,
98 private_ietf_attr_port_filter_t *this)
99 {
100 return this->type;
101 }
102
103 METHOD(pa_tnc_attr_t, get_value, chunk_t,
104 private_ietf_attr_port_filter_t *this)
105 {
106 return this->value;
107 }
108
109 METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
110 private_ietf_attr_port_filter_t *this)
111 {
112 return this->noskip_flag;
113 }
114
115 METHOD(pa_tnc_attr_t, set_noskip_flag,void,
116 private_ietf_attr_port_filter_t *this, bool noskip)
117 {
118 this->noskip_flag = noskip;
119 }
120
121 METHOD(pa_tnc_attr_t, build, void,
122 private_ietf_attr_port_filter_t *this)
123 {
124 bio_writer_t *writer;
125 enumerator_t *enumerator;
126 port_entry_t *entry;
127
128 writer = bio_writer_create(this->ports->get_count(this->ports) *
129 PORT_FILTER_ENTRY_SIZE);
130
131 enumerator = this->ports->create_enumerator(this->ports);
132 while (enumerator->enumerate(enumerator, &entry))
133 {
134 writer->write_uint8 (writer, entry->blocked ? 0x01 : 0x00);
135 writer->write_uint8 (writer, entry->protocol);
136 writer->write_uint16(writer, entry->port);
137 }
138 enumerator->destroy(enumerator);
139
140 this->value = chunk_clone(writer->get_buf(writer));
141 writer->destroy(writer);
142 }
143
144 METHOD(pa_tnc_attr_t, process, status_t,
145 private_ietf_attr_port_filter_t *this, u_int32_t *offset)
146 {
147 bio_reader_t *reader;
148 port_entry_t *entry;
149 u_int8_t blocked;
150
151 if (this->value.len % PORT_FILTER_ENTRY_SIZE)
152 {
153 DBG1(DBG_TNC, "ietf port filter attribute value is not a multiple of %d",
154 PORT_FILTER_ENTRY_SIZE);
155 *offset = 0;
156 return FAILED;
157 }
158 reader = bio_reader_create(this->value);
159
160 while (reader->remaining(reader))
161 {
162 entry = malloc_thing(port_entry_t);
163 reader->read_uint8 (reader, &blocked);
164 entry->blocked = blocked & 0x01;
165 reader->read_uint8 (reader, &entry->protocol);
166 reader->read_uint16(reader, &entry->port);
167 this->ports->insert_last(this->ports, entry);
168 }
169 reader->destroy(reader);
170
171 return SUCCESS;
172 }
173
174 METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
175 private_ietf_attr_port_filter_t *this)
176 {
177 ref_get(&this->ref);
178 return &this->public.pa_tnc_attribute;
179 }
180
181 METHOD(pa_tnc_attr_t, destroy, void,
182 private_ietf_attr_port_filter_t *this)
183 {
184 if (ref_put(&this->ref))
185 {
186 this->ports->destroy_function(this->ports, free);
187 free(this->value.ptr);
188 free(this);
189 }
190 }
191
192 METHOD(ietf_attr_port_filter_t, add_port, void,
193 private_ietf_attr_port_filter_t *this, bool blocked, u_int8_t protocol,
194 u_int16_t port)
195 {
196 port_entry_t *entry;
197
198 entry = malloc_thing(port_entry_t);
199 entry->blocked = blocked;
200 entry->protocol = protocol;
201 entry->port = port;
202 this->ports->insert_last(this->ports, entry);
203 }
204
205 /**
206 * Enumerate port filter entries
207 */
208 static bool port_filter(void *null, port_entry_t **entry,
209 bool *blocked, void *i2, u_int8_t *protocol, void *i3,
210 u_int16_t *port)
211 {
212 *blocked = (*entry)->blocked;
213 *protocol = (*entry)->protocol;
214 *port = (*entry)->port;
215 return TRUE;
216 }
217
218 METHOD(ietf_attr_port_filter_t, create_port_enumerator, enumerator_t*,
219 private_ietf_attr_port_filter_t *this)
220 {
221 return enumerator_create_filter(this->ports->create_enumerator(this->ports),
222 (void*)port_filter, NULL, NULL);
223 }
224
225 /**
226 * Described in header.
227 */
228 pa_tnc_attr_t *ietf_attr_port_filter_create(void)
229 {
230 private_ietf_attr_port_filter_t *this;
231
232 INIT(this,
233 .public = {
234 .pa_tnc_attribute = {
235 .get_vendor_id = _get_vendor_id,
236 .get_type = _get_type,
237 .get_value = _get_value,
238 .get_noskip_flag = _get_noskip_flag,
239 .set_noskip_flag = _set_noskip_flag,
240 .build = _build,
241 .process = _process,
242 .get_ref = _get_ref,
243 .destroy = _destroy,
244 },
245 .add_port = _add_port,
246 .create_port_enumerator = _create_port_enumerator,
247 },
248 .vendor_id = PEN_IETF,
249 .type = IETF_ATTR_PORT_FILTER,
250 .ports = linked_list_create(),
251 .ref = 1,
252 );
253
254 return &this->public.pa_tnc_attribute;
255 }
256
257 /**
258 * Described in header.
259 */
260 pa_tnc_attr_t *ietf_attr_port_filter_create_from_data(chunk_t data)
261 {
262 private_ietf_attr_port_filter_t *this;
263
264 INIT(this,
265 .public = {
266 .pa_tnc_attribute = {
267 .get_vendor_id = _get_vendor_id,
268 .get_type = _get_type,
269 .get_value = _get_value,
270 .build = _build,
271 .process = _process,
272 .get_ref = _get_ref,
273 .destroy = _destroy,
274 },
275 .add_port = _add_port,
276 .create_port_enumerator = _create_port_enumerator,
277 },
278 .vendor_id = PEN_IETF,
279 .type = IETF_ATTR_PORT_FILTER,
280 .value = chunk_clone(data),
281 .ports = linked_list_create(),
282 .ref = 1,
283 );
284
285 return &this->public.pa_tnc_attribute;
286 }
287
288