android: Add measurement collector for Port Filter
authorTobias Brunner <tobias@strongswan.org>
Fri, 26 Apr 2013 15:11:15 +0000 (17:11 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 8 Jul 2013 16:49:27 +0000 (18:49 +0200)
This collector reports all listening TCP and UDP sockets/ports.

src/frontends/android/jni/libandroidbridge/byod/imc_android.c
src/frontends/android/src/org/strongswan/android/logic/imc/AndroidImc.java
src/frontends/android/src/org/strongswan/android/logic/imc/attributes/PortFilterAttribute.java [new file with mode: 0644]
src/frontends/android/src/org/strongswan/android/logic/imc/collectors/PortFilterCollector.java [new file with mode: 0644]

index ee216ce..be2bc42 100644 (file)
@@ -44,7 +44,8 @@
 static const char imc_name[] = "Android";
 
 static pen_type_t msg_types[] = {
-       { PEN_IETF, PA_SUBTYPE_IETF_OPERATING_SYSTEM }
+       { PEN_IETF, PA_SUBTYPE_IETF_OPERATING_SYSTEM },
+       { PEN_IETF, PA_SUBTYPE_IETF_VPN },
 };
 
 static imc_agent_t *imc_android;
index 27f21cd..ca1f746 100644 (file)
@@ -19,6 +19,7 @@ import org.strongswan.android.logic.imc.attributes.Attribute;
 import org.strongswan.android.logic.imc.attributes.AttributeType;
 import org.strongswan.android.logic.imc.collectors.Collector;
 import org.strongswan.android.logic.imc.collectors.InstalledPackagesCollector;
+import org.strongswan.android.logic.imc.collectors.PortFilterCollector;
 import org.strongswan.android.logic.imc.collectors.ProductInformationCollector;
 import org.strongswan.android.logic.imc.collectors.StringVersionCollector;
 
@@ -54,6 +55,9 @@ public class AndroidImc
                        case IETF_STRING_VERSION:
                                collector = new StringVersionCollector();
                                break;
+                       case IETF_PORT_FILTER:
+                               collector = new PortFilterCollector();
+                               break;
                        case IETF_INSTALLED_PACKAGES:
                                collector = new InstalledPackagesCollector(mContext);
                                break;
diff --git a/src/frontends/android/src/org/strongswan/android/logic/imc/attributes/PortFilterAttribute.java b/src/frontends/android/src/org/strongswan/android/logic/imc/attributes/PortFilterAttribute.java
new file mode 100644 (file)
index 0000000..191690b
--- /dev/null
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Copyright (C) 2012 Christoph Buehler
+ * Copyright (C) 2012 Patrick Loetscher
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+package org.strongswan.android.logic.imc.attributes;
+
+import java.util.LinkedList;
+
+import org.strongswan.android.logic.imc.collectors.Protocol;
+import org.strongswan.android.utils.BufferedByteWriter;
+
+import android.util.Pair;
+
+/**
+ * PA-TNC Port Filter attribute (see section 4.2.6 of RFC 5792)
+ *
+ *                       1                   2                   3
+ *   0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |   Reserved  |B|    Protocol   |         Port Number           |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *  |   Reserved  |B|    Protocol   |         Port Number           |
+ *  +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+public class PortFilterAttribute implements Attribute
+{
+       private final LinkedList<Pair<Protocol, Short>> mPorts = new LinkedList<Pair<Protocol, Short>>();
+
+       /**
+        * Add an open port with the given protocol and port number
+        * @param protocol transport protocol
+        * @param port port number
+        */
+       public void addPort(Protocol protocol, short port)
+       {
+               mPorts.add(new Pair<Protocol, Short>(protocol, port));
+       }
+
+       @Override
+       public byte[] getEncoding()
+       {
+               BufferedByteWriter writer = new BufferedByteWriter();
+               for (Pair<Protocol, Short> port : mPorts)
+               {
+                       /* we report open ports, so the BLOCKED flag is not set */
+                       writer.put((byte)0);
+                       writer.put(port.first.getValue());
+                       writer.put16(port.second);
+               }
+               return writer.toByteArray();
+       }
+}
diff --git a/src/frontends/android/src/org/strongswan/android/logic/imc/collectors/PortFilterCollector.java b/src/frontends/android/src/org/strongswan/android/logic/imc/collectors/PortFilterCollector.java
new file mode 100644 (file)
index 0000000..b6e740c
--- /dev/null
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2013 Tobias Brunner
+ * Copyright (C) 2012 Christoph Buehler
+ * Copyright (C) 2012 Patrick Loetscher
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+package org.strongswan.android.logic.imc.collectors;
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import org.strongswan.android.logic.imc.attributes.Attribute;
+import org.strongswan.android.logic.imc.attributes.PortFilterAttribute;
+
+public class PortFilterCollector implements Collector
+{
+       private static Pattern LISTEN = Pattern.compile("\\bLISTEN\\b");
+       private static Pattern PROTOCOL = Pattern.compile("\\b(tcp|udp)6?\\b");
+       private static Pattern PORT = Pattern.compile("[:]{1,3}(\\d{1,5})\\b");
+
+       @Override
+       public Attribute getMeasurement()
+       {
+               PortFilterAttribute attribute = null;
+               try
+               {
+                       Process netstat = Runtime.getRuntime().exec("netstat -n");
+                       try
+                       {
+                               BufferedReader reader = new BufferedReader(new InputStreamReader(netstat.getInputStream()));
+                               String line;
+                               attribute = new PortFilterAttribute();
+                               while ((line = reader.readLine()) != null)
+                               {
+                                       if (!LISTEN.matcher(line).find())
+                                       {
+                                               continue;
+                                       }
+                                       Matcher protocolMatcher = PROTOCOL.matcher(line);
+                                       Matcher portMatcher = PORT.matcher(line);
+                                       if (protocolMatcher.find() && portMatcher.find())
+                                       {
+                                               Protocol protocol = Protocol.fromName(protocolMatcher.group());
+                                               if (protocol == null)
+                                               {
+                                                       continue;
+                                               }
+                                               int port = Integer.parseInt(portMatcher.group(1));
+                                               attribute.addPort(protocol, (short)port);
+                                       }
+                               }
+                       }
+                       finally
+                       {
+                               netstat.destroy();
+                       }
+               }
+               catch (IOException e)
+               {
+                       e.printStackTrace();
+               }
+               return attribute;
+       }
+
+}