Annotation of embedaddon/strongswan/src/libstrongswan/selectors/traffic_selector.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2007-2017 Tobias Brunner
! 3: * Copyright (C) 2005-2006 Martin Willi
! 4: * Copyright (C) 2005 Jan Hutter
! 5: * HSR Hochschule fuer Technik Rapperswil
! 6: *
! 7: * This program is free software; you can redistribute it and/or modify it
! 8: * under the terms of the GNU General Public License as published by the
! 9: * Free Software Foundation; either version 2 of the License, or (at your
! 10: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 11: *
! 12: * This program is distributed in the hope that it will be useful, but
! 13: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 14: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 15: * for more details.
! 16: */
! 17:
! 18: /**
! 19: * @defgroup traffic_selector traffic_selector
! 20: * @{ @ingroup selectors
! 21: */
! 22:
! 23: #ifndef TRAFFIC_SELECTOR_H_
! 24: #define TRAFFIC_SELECTOR_H_
! 25:
! 26: typedef enum ts_type_t ts_type_t;
! 27: typedef struct traffic_selector_t traffic_selector_t;
! 28:
! 29: #include <library.h>
! 30: #include <networking/host.h>
! 31:
! 32: /**
! 33: * Traffic selector types.
! 34: */
! 35: enum ts_type_t {
! 36:
! 37: /**
! 38: * A range of IPv4 addresses, represented by two four (4) octet
! 39: * values. The first value is the beginning IPv4 address
! 40: * (inclusive) and the second value is the ending IPv4 address
! 41: * (inclusive). All addresses falling between the two specified
! 42: * addresses are considered to be within the list.
! 43: */
! 44: TS_IPV4_ADDR_RANGE = 7,
! 45:
! 46: /**
! 47: * A range of IPv6 addresses, represented by two sixteen (16)
! 48: * octet values. The first value is the beginning IPv6 address
! 49: * (inclusive) and the second value is the ending IPv6 address
! 50: * (inclusive). All addresses falling between the two specified
! 51: * addresses are considered to be within the list.
! 52: */
! 53: TS_IPV6_ADDR_RANGE = 8
! 54: };
! 55:
! 56: /**
! 57: * enum names for ts_type_t
! 58: */
! 59: extern enum_name_t *ts_type_name;
! 60:
! 61: /**
! 62: * Object representing a traffic selector entry.
! 63: *
! 64: * A traffic selector defines an range of addresses
! 65: * and a range of ports.
! 66: *
! 67: * If the protocol is ICMP or ICMPv6 the ICMP type and code are stored in the
! 68: * port field as follows: The message type is placed in the most significant
! 69: * 8 bits and the code in the least significant 8 bits. Utility functions are
! 70: * provided to extract the individual values.
! 71: */
! 72: struct traffic_selector_t {
! 73:
! 74: /**
! 75: * Compare two traffic selectors, and create a new one
! 76: * which is the largest subset of both (subnet & port).
! 77: *
! 78: * Resulting traffic_selector is newly created and must be destroyed.
! 79: *
! 80: * @param other traffic selector to compare
! 81: * @return
! 82: * - created subset of them
! 83: * - or NULL if no match between this and other
! 84: */
! 85: traffic_selector_t *(*get_subset)(traffic_selector_t *this,
! 86: traffic_selector_t *other);
! 87:
! 88: /**
! 89: * Clone a traffic selector.
! 90: *
! 91: * @return clone of it
! 92: */
! 93: traffic_selector_t *(*clone)(traffic_selector_t *this);
! 94:
! 95: /**
! 96: * Get starting address of this ts as a chunk.
! 97: *
! 98: * Chunk is in network order and points to internal data.
! 99: *
! 100: * @return chunk containing the address
! 101: */
! 102: chunk_t (*get_from_address)(traffic_selector_t *this);
! 103:
! 104: /**
! 105: * Get ending address of this ts as a chunk.
! 106: *
! 107: * Chunk is in network order and points to internal data.
! 108: *
! 109: * @return chunk containing the address
! 110: */
! 111: chunk_t (*get_to_address)(traffic_selector_t *this);
! 112:
! 113: /**
! 114: * Get starting port of this ts.
! 115: *
! 116: * Port is in host order, since the parser converts it.
! 117: *
! 118: * If the protocol is ICMP/ICMPv6 the ICMP type and code are stored in this
! 119: * field as follows: The message type is placed in the most significant
! 120: * 8 bits and the code in the least significant 8 bits. Use the utility
! 121: * functions to extract them.
! 122: *
! 123: * @return port
! 124: */
! 125: uint16_t (*get_from_port)(traffic_selector_t *this);
! 126:
! 127: /**
! 128: * Get ending port of this ts.
! 129: *
! 130: * Port is in host order, since the parser converts it.
! 131: *
! 132: * If the protocol is ICMP/ICMPv6 the ICMP type and code are stored in this
! 133: * field as follows: The message type is placed in the most significant
! 134: * 8 bits and the code in the least significant 8 bits. Use the utility
! 135: * functions to extract them.
! 136: *
! 137: * @return port
! 138: */
! 139: uint16_t (*get_to_port)(traffic_selector_t *this);
! 140:
! 141: /**
! 142: * Get the type of the traffic selector.
! 143: *
! 144: * @return ts_type_t specifying the type
! 145: */
! 146: ts_type_t (*get_type)(traffic_selector_t *this);
! 147:
! 148: /**
! 149: * Get the protocol id of this ts.
! 150: *
! 151: * @return protocol id
! 152: */
! 153: uint8_t (*get_protocol)(traffic_selector_t *this);
! 154:
! 155: /**
! 156: * Check if the traffic selector is for a single host.
! 157: *
! 158: * Traffic selector may describe the end of *-to-host tunnel. In this
! 159: * case, the address range is a single address equal to the hosts
! 160: * peer address.
! 161: *
! 162: * If host is specified, the traffic selector must equal that specific
! 163: * IP address. If it is not specified, TRUE is also returned for dynamic
! 164: * traffic selectors.
! 165: *
! 166: * @param host IP address to check for, or NULL
! 167: * @return TRUE if TS is for a single host
! 168: */
! 169: bool (*is_host)(traffic_selector_t *this, host_t* host);
! 170:
! 171: /**
! 172: * Check if this traffic selector was created by
! 173: * traffic_selector_create_dynamic() but no address has yet been set with
! 174: * set_address().
! 175: *
! 176: * @return TRUE if TS is dynamic
! 177: */
! 178: bool (*is_dynamic)(traffic_selector_t *this);
! 179:
! 180: /**
! 181: * Set the traffic selector to the given IP address.
! 182: *
! 183: * If host is %any or %any6 the traffic selector gets set to 0.0.0.0/0 or
! 184: * ::/0, respectively.
! 185: *
! 186: * Checking is_host(), is_dynamic() or includes() might be appropriate
! 187: * before calling this.
! 188: *
! 189: * is_dynamic() will return FALSE after calling this.
! 190: *
! 191: * @param host target IP address
! 192: */
! 193: void (*set_address)(traffic_selector_t *this, host_t* host);
! 194:
! 195: /**
! 196: * Compare two traffic selectors for equality.
! 197: *
! 198: * @param other ts to compare with this
! 199: * @return TRUE if equal, FALSE otherwise
! 200: */
! 201: bool (*equals)(traffic_selector_t *this, traffic_selector_t *other);
! 202:
! 203: /**
! 204: * Check if a traffic selector is contained completely in another.
! 205: *
! 206: * contains() allows to check if multiple traffic selectors are redundant.
! 207: *
! 208: * @param other ts that contains this
! 209: * @return TRUE if other contains this completely, FALSE otherwise
! 210: */
! 211: bool (*is_contained_in)(traffic_selector_t *this, traffic_selector_t *other);
! 212:
! 213: /**
! 214: * Check if a specific host is included in the address range of
! 215: * this traffic selector.
! 216: *
! 217: * @param host the host to check
! 218: */
! 219: bool (*includes)(traffic_selector_t *this, host_t *host);
! 220:
! 221: /**
! 222: * Convert a traffic selector address range to a subnet
! 223: * and its net mask.
! 224: * If from and to ports of this traffic selector are equal,
! 225: * the port of the returned host_t is set to that port.
! 226: *
! 227: * @param net converted subnet (has to be freed)
! 228: * @param mask converted net mask
! 229: * @return TRUE if traffic selector matches exactly to the subnet
! 230: */
! 231: bool (*to_subnet)(traffic_selector_t *this, host_t **net, uint8_t *mask);
! 232:
! 233: /**
! 234: * Create a hash value for the traffic selector.
! 235: *
! 236: * @param inc optional value for incremental hashing
! 237: * @return calculated hash value for the traffic selector
! 238: */
! 239: u_int (*hash)(traffic_selector_t *this, u_int inc);
! 240:
! 241: /**
! 242: * Destroys the ts object
! 243: */
! 244: void (*destroy)(traffic_selector_t *this);
! 245: };
! 246:
! 247: /**
! 248: * Extract the ICMP/ICMPv6 message type from a port in host order
! 249: *
! 250: * @param port port number in host order
! 251: * @return ICMP/ICMPv6 message type
! 252: */
! 253: static inline uint8_t traffic_selector_icmp_type(uint16_t port)
! 254: {
! 255: return port >> 8;
! 256: }
! 257:
! 258: /**
! 259: * Extract the ICMP/ICMPv6 message code from a port in host order
! 260: *
! 261: * @param port port number in host order
! 262: * @return ICMP/ICMPv6 message code
! 263: */
! 264: static inline uint8_t traffic_selector_icmp_code(uint16_t port)
! 265: {
! 266: return port & 0xff;
! 267: }
! 268:
! 269: /**
! 270: * Compare two traffic selectors, usable as sort function
! 271: *
! 272: * @param a first selector to compare
! 273: * @param b second selector to compare
! 274: * @param opts optional sort options, currently unused
! 275: * @return > 0 if a > b, 0 if a == b, < 0 if a < b
! 276: */
! 277: int traffic_selector_cmp(traffic_selector_t *a, traffic_selector_t *b,
! 278: void *opts);
! 279:
! 280: /**
! 281: * Create a new traffic selector using human readable params.
! 282: *
! 283: * If protocol is ICMP or ICMPv6 the ports are interpreted as follows: If they
! 284: * are less than 256 the value is assumed to be a message type, if they are
! 285: * greater or equal to 256 they are assumed to be type and code as defined
! 286: * for traffic_selector_t.
! 287: *
! 288: * @param protocol protocol for this ts, such as TCP or UDP
! 289: * @param type type of following addresses, such as TS_IPV4_ADDR_RANGE
! 290: * @param from_addr start of address range as string
! 291: * @param from_port port number in host order
! 292: * @param to_addr end of address range as string
! 293: * @param to_port port number in host order
! 294: * @return
! 295: * - traffic_selector_t object
! 296: * - NULL if invalid address strings/protocol
! 297: */
! 298: traffic_selector_t *traffic_selector_create_from_string(
! 299: uint8_t protocol, ts_type_t type,
! 300: char *from_addr, uint16_t from_port,
! 301: char *to_addr, uint16_t to_port);
! 302:
! 303:
! 304:
! 305: /**
! 306: * Create a traffic selector from a CIDR string.
! 307: *
! 308: * If protocol is ICMP or ICMPv6 the ports are interpreted as follows: If they
! 309: * are less than 256 the value is assumed to be a message type, if they are
! 310: * greater or equal to 256 they are assumed to be type and code as defined
! 311: * for traffic_selector_t.
! 312: *
! 313: * @param string CIDR string, such as 10.1.0.0/16
! 314: * @param protocol protocol for this ts, such as TCP or UDP
! 315: * @param from_port start of allowed port range
! 316: * @param to_port end of port range
! 317: * @return traffic selector, NULL if string invalid
! 318: */
! 319: traffic_selector_t *traffic_selector_create_from_cidr(
! 320: char *string, uint8_t protocol,
! 321: uint16_t from_port, uint16_t to_port);
! 322:
! 323: /**
! 324: * Create a new traffic selector using data read from the net.
! 325: *
! 326: * There exists a mix of network and host order in the params.
! 327: * But the parser gives us this data in this format, so we
! 328: * don't have to convert twice.
! 329: *
! 330: * If protocol is ICMP or ICMPv6 the ports are interpreted as follows: If they
! 331: * are less than 256 the value is assumed to be a message type, if they are
! 332: * greater or equal to 256 they are assumed to be type and code as defined
! 333: * for traffic_selector_t.
! 334: *
! 335: * @param protocol protocol for this ts, such as TCP or UDP
! 336: * @param type type of following addresses, such as TS_IPV4_ADDR_RANGE
! 337: * @param from_address start of address range, network order
! 338: * @param from_port port number, host order
! 339: * @param to_address end of address range, network order
! 340: * @param to_port port number, host order
! 341: * @return traffic_selector_t object
! 342: */
! 343: traffic_selector_t *traffic_selector_create_from_bytes(
! 344: uint8_t protocol, ts_type_t type,
! 345: chunk_t from_address, uint16_t from_port,
! 346: chunk_t to_address, uint16_t to_port);
! 347:
! 348: /**
! 349: * Create a new traffic selector using the RFC 3779 ASN.1 min/max address format
! 350: *
! 351: * @param type type of following addresses, such as TS_IPV4_ADDR_RANGE
! 352: * @param from_addr start of address range in RFC 3779 ASN.1 BIT STRING format
! 353: * @param to_addr end of address range in RFC 3779 ASN.1 BIT STRING format
! 354: * @return traffic_selector_t object
! 355: */
! 356: traffic_selector_t *traffic_selector_create_from_rfc3779_format(ts_type_t type,
! 357: chunk_t from_addr, chunk_t to_addr);
! 358:
! 359: /**
! 360: * Create a new traffic selector defining a whole subnet.
! 361: *
! 362: * In most cases, definition of a traffic selector for full subnets
! 363: * is sufficient. This constructor creates a traffic selector for
! 364: * all protocols, all ports and the address range specified by the
! 365: * subnet.
! 366: * Additionally, a protocol and ports may be specified.
! 367: *
! 368: * If protocol is ICMP or ICMPv6 the ports are interpreted as follows: If they
! 369: * are less than 256 the value is assumed to be a message type, if they are
! 370: * greater or equal to 256 they are assumed to be type and code as defined
! 371: * for traffic_selector_t.
! 372: *
! 373: * @param net subnet to use
! 374: * @param netbits size of the subnet, as used in e.g. 192.168.0.0/24 notation
! 375: * @param protocol protocol for this ts, such as TCP or UDP
! 376: * @param from_port start of allowed port range
! 377: * @param to_port end of port range
! 378: * @return
! 379: * - traffic_selector_t object
! 380: * - NULL if address family of net not supported
! 381: */
! 382: traffic_selector_t *traffic_selector_create_from_subnet(
! 383: host_t *net, uint8_t netbits, uint8_t protocol,
! 384: uint16_t from_port, uint16_t to_port);
! 385:
! 386: /**
! 387: * Create a traffic selector for host-to-host cases.
! 388: *
! 389: * For host2host or virtual IP setups, the traffic selectors gets
! 390: * created at runtime using the external/virtual IP. Using this constructor,
! 391: * a call to set_address() sets this traffic selector to the supplied host.
! 392: *
! 393: * If protocol is ICMP or ICMPv6 the ports are interpreted as follows: If they
! 394: * are less than 256 the value is assumed to be a message type, if they are
! 395: * greater or equal to 256 they are assumed to be type and code as defined
! 396: * for traffic_selector_t.
! 397: *
! 398: * @param protocol upper layer protocol to allow
! 399: * @param from_port start of allowed port range
! 400: * @param to_port end of range
! 401: * @return
! 402: * - traffic_selector_t object
! 403: * - NULL if type not supported
! 404: */
! 405: traffic_selector_t *traffic_selector_create_dynamic(uint8_t protocol,
! 406: uint16_t from_port, uint16_t to_port);
! 407:
! 408: /**
! 409: * printf hook function for traffic_selector_t.
! 410: *
! 411: * Arguments are:
! 412: * traffic_selector_t *ts
! 413: * With the #-specifier, arguments are:
! 414: * linked_list_t *list containing traffic_selector_t*
! 415: */
! 416: int traffic_selector_printf_hook(printf_hook_data_t *data,
! 417: printf_hook_spec_t *spec, const void *const *args);
! 418:
! 419: #endif /** TRAFFIC_SELECTOR_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to traffic_selector.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / selectors