Annotation of embedaddon/strongswan/src/libipsec/ipsec_policy.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2012 Tobias Brunner
! 3: * Copyright (C) 2012 Giuliano Grassi
! 4: * Copyright (C) 2012 Ralf Sager
! 5: * HSR Hochschule fuer Technik Rapperswil
! 6: *
! 7: * This program is free software; you can redistribute it and/or modify it
! 8: * under the terms of the GNU General Public License as published by the
! 9: * Free Software Foundation; either version 2 of the License, or (at your
! 10: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 11: *
! 12: * This program is distributed in the hope that it will be useful, but
! 13: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 14: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 15: * for more details.
! 16: */
! 17:
! 18: #include "ipsec_policy.h"
! 19:
! 20: #include <utils/debug.h>
! 21:
! 22: typedef struct private_ipsec_policy_t private_ipsec_policy_t;
! 23:
! 24: /**
! 25: * Private additions to ipsec_policy_t.
! 26: */
! 27: struct private_ipsec_policy_t {
! 28:
! 29: /**
! 30: * Public members
! 31: */
! 32: ipsec_policy_t public;
! 33:
! 34: /**
! 35: * SA source address
! 36: */
! 37: host_t *src;
! 38:
! 39: /**
! 40: * SA destination address
! 41: */
! 42: host_t *dst;
! 43:
! 44: /**
! 45: * Source traffic selector
! 46: */
! 47: traffic_selector_t *src_ts;
! 48:
! 49: /**
! 50: * Destination traffic selector
! 51: */
! 52: traffic_selector_t *dst_ts;
! 53:
! 54: /**
! 55: * If any of the two TS has a protocol selector we cache it here
! 56: */
! 57: uint8_t protocol;
! 58:
! 59: /**
! 60: * Traffic direction
! 61: */
! 62: policy_dir_t direction;
! 63:
! 64: /**
! 65: * Policy type
! 66: */
! 67: policy_type_t type;
! 68:
! 69: /**
! 70: * SA configuration
! 71: */
! 72: ipsec_sa_cfg_t sa;
! 73:
! 74: /**
! 75: * Mark
! 76: */
! 77: mark_t mark;
! 78:
! 79: /**
! 80: * Policy priority
! 81: */
! 82: policy_priority_t priority;
! 83:
! 84: /**
! 85: * Reference counter
! 86: */
! 87: refcount_t refcount;
! 88:
! 89: };
! 90:
! 91: METHOD(ipsec_policy_t, match, bool,
! 92: private_ipsec_policy_t *this, traffic_selector_t *src_ts,
! 93: traffic_selector_t *dst_ts, policy_dir_t direction, uint32_t reqid,
! 94: mark_t mark, policy_priority_t priority)
! 95: {
! 96: return (this->direction == direction &&
! 97: this->priority == priority &&
! 98: this->sa.reqid == reqid &&
! 99: memeq(&this->mark, &mark, sizeof(mark_t)) &&
! 100: this->src_ts->equals(this->src_ts, src_ts) &&
! 101: this->dst_ts->equals(this->dst_ts, dst_ts));
! 102: }
! 103:
! 104: /**
! 105: * Match the port of the given host against the given traffic selector.
! 106: */
! 107: static inline bool match_port(traffic_selector_t *ts, host_t *host)
! 108: {
! 109: uint16_t from, to, port;
! 110:
! 111: from = ts->get_from_port(ts);
! 112: to = ts->get_to_port(ts);
! 113: if ((from == 0 && to == 0xffff) ||
! 114: (from == 0xffff && to == 0))
! 115: {
! 116: return TRUE;
! 117: }
! 118: port = host->get_port(host);
! 119: return from <= port && port <= to;
! 120: }
! 121:
! 122: METHOD(ipsec_policy_t, match_packet, bool,
! 123: private_ipsec_policy_t *this, ip_packet_t *packet)
! 124: {
! 125: uint8_t proto = packet->get_next_header(packet);
! 126: host_t *src = packet->get_source(packet),
! 127: *dst = packet->get_destination(packet);
! 128:
! 129: return (!this->protocol || this->protocol == proto) &&
! 130: this->src_ts->includes(this->src_ts, src) &&
! 131: match_port(this->src_ts, src) &&
! 132: this->dst_ts->includes(this->dst_ts, dst) &&
! 133: match_port(this->dst_ts, dst);
! 134: }
! 135:
! 136: METHOD(ipsec_policy_t, get_source_ts, traffic_selector_t*,
! 137: private_ipsec_policy_t *this)
! 138: {
! 139: return this->src_ts;
! 140: }
! 141:
! 142: METHOD(ipsec_policy_t, get_destination_ts, traffic_selector_t*,
! 143: private_ipsec_policy_t *this)
! 144: {
! 145: return this->dst_ts;
! 146: }
! 147:
! 148: METHOD(ipsec_policy_t, get_reqid, uint32_t,
! 149: private_ipsec_policy_t *this)
! 150: {
! 151: return this->sa.reqid;
! 152: }
! 153:
! 154: METHOD(ipsec_policy_t, get_direction, policy_dir_t,
! 155: private_ipsec_policy_t *this)
! 156: {
! 157: return this->direction;
! 158: }
! 159:
! 160: METHOD(ipsec_policy_t, get_priority, policy_priority_t,
! 161: private_ipsec_policy_t *this)
! 162: {
! 163: return this->priority;
! 164: }
! 165:
! 166: METHOD(ipsec_policy_t, get_type, policy_type_t,
! 167: private_ipsec_policy_t *this)
! 168: {
! 169: return this->type;
! 170: }
! 171:
! 172: METHOD(ipsec_policy_t, get_ref, ipsec_policy_t*,
! 173: private_ipsec_policy_t *this)
! 174: {
! 175: ref_get(&this->refcount);
! 176: return &this->public;
! 177: }
! 178:
! 179: METHOD(ipsec_policy_t, destroy, void,
! 180: private_ipsec_policy_t *this)
! 181: {
! 182: if (ref_put(&this->refcount))
! 183: {
! 184: this->src->destroy(this->src);
! 185: this->dst->destroy(this->dst);
! 186: this->src_ts->destroy(this->src_ts);
! 187: this->dst_ts->destroy(this->dst_ts);
! 188: free(this);
! 189: }
! 190: }
! 191:
! 192: /**
! 193: * Described in header.
! 194: */
! 195: ipsec_policy_t *ipsec_policy_create(host_t *src, host_t *dst,
! 196: traffic_selector_t *src_ts,
! 197: traffic_selector_t *dst_ts,
! 198: policy_dir_t direction, policy_type_t type,
! 199: ipsec_sa_cfg_t *sa, mark_t mark,
! 200: policy_priority_t priority)
! 201: {
! 202: private_ipsec_policy_t *this;
! 203:
! 204: INIT(this,
! 205: .public = {
! 206: .match = _match,
! 207: .match_packet = _match_packet,
! 208: .get_source_ts = _get_source_ts,
! 209: .get_destination_ts = _get_destination_ts,
! 210: .get_direction = _get_direction,
! 211: .get_priority = _get_priority,
! 212: .get_reqid = _get_reqid,
! 213: .get_type = _get_type,
! 214: .get_ref = _get_ref,
! 215: .destroy = _destroy,
! 216: },
! 217: .src = src->clone(src),
! 218: .dst = dst->clone(dst),
! 219: .src_ts = src_ts->clone(src_ts),
! 220: .dst_ts = dst_ts->clone(dst_ts),
! 221: .protocol = max(src_ts->get_protocol(src_ts),
! 222: dst_ts->get_protocol(dst_ts)),
! 223: .direction = direction,
! 224: .type = type,
! 225: .sa = *sa,
! 226: .mark = mark,
! 227: .priority = priority,
! 228: .refcount = 1,
! 229: );
! 230:
! 231: return &this->public;
! 232: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>