Annotation of embedaddon/strongswan/src/libstrongswan/selectors/traffic_selector.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2007-2017 Tobias Brunner
3: * Copyright (C) 2005-2006 Martin Willi
4: * Copyright (C) 2005 Jan Hutter
5: * HSR Hochschule fuer Technik Rapperswil
6: *
7: * This program is free software; you can redistribute it and/or modify it
8: * under the terms of the GNU General Public License as published by the
9: * Free Software Foundation; either version 2 of the License, or (at your
10: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11: *
12: * This program is distributed in the hope that it will be useful, but
13: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15: * for more details.
16: */
17:
18: /**
19: * @defgroup traffic_selector traffic_selector
20: * @{ @ingroup selectors
21: */
22:
23: #ifndef TRAFFIC_SELECTOR_H_
24: #define TRAFFIC_SELECTOR_H_
25:
26: typedef enum ts_type_t ts_type_t;
27: typedef struct traffic_selector_t traffic_selector_t;
28:
29: #include <library.h>
30: #include <networking/host.h>
31:
32: /**
33: * Traffic selector types.
34: */
35: enum ts_type_t {
36:
37: /**
38: * A range of IPv4 addresses, represented by two four (4) octet
39: * values. The first value is the beginning IPv4 address
40: * (inclusive) and the second value is the ending IPv4 address
41: * (inclusive). All addresses falling between the two specified
42: * addresses are considered to be within the list.
43: */
44: TS_IPV4_ADDR_RANGE = 7,
45:
46: /**
47: * A range of IPv6 addresses, represented by two sixteen (16)
48: * octet values. The first value is the beginning IPv6 address
49: * (inclusive) and the second value is the ending IPv6 address
50: * (inclusive). All addresses falling between the two specified
51: * addresses are considered to be within the list.
52: */
53: TS_IPV6_ADDR_RANGE = 8
54: };
55:
56: /**
57: * enum names for ts_type_t
58: */
59: extern enum_name_t *ts_type_name;
60:
61: /**
62: * Object representing a traffic selector entry.
63: *
64: * A traffic selector defines an range of addresses
65: * and a range of ports.
66: *
67: * If the protocol is ICMP or ICMPv6 the ICMP type and code are stored in the
68: * port field as follows: The message type is placed in the most significant
69: * 8 bits and the code in the least significant 8 bits. Utility functions are
70: * provided to extract the individual values.
71: */
72: struct traffic_selector_t {
73:
74: /**
75: * Compare two traffic selectors, and create a new one
76: * which is the largest subset of both (subnet & port).
77: *
78: * Resulting traffic_selector is newly created and must be destroyed.
79: *
80: * @param other traffic selector to compare
81: * @return
82: * - created subset of them
83: * - or NULL if no match between this and other
84: */
85: traffic_selector_t *(*get_subset)(traffic_selector_t *this,
86: traffic_selector_t *other);
87:
88: /**
89: * Clone a traffic selector.
90: *
91: * @return clone of it
92: */
93: traffic_selector_t *(*clone)(traffic_selector_t *this);
94:
95: /**
96: * Get starting address of this ts as a chunk.
97: *
98: * Chunk is in network order and points to internal data.
99: *
100: * @return chunk containing the address
101: */
102: chunk_t (*get_from_address)(traffic_selector_t *this);
103:
104: /**
105: * Get ending address of this ts as a chunk.
106: *
107: * Chunk is in network order and points to internal data.
108: *
109: * @return chunk containing the address
110: */
111: chunk_t (*get_to_address)(traffic_selector_t *this);
112:
113: /**
114: * Get starting port of this ts.
115: *
116: * Port is in host order, since the parser converts it.
117: *
118: * If the protocol is ICMP/ICMPv6 the ICMP type and code are stored in this
119: * field as follows: The message type is placed in the most significant
120: * 8 bits and the code in the least significant 8 bits. Use the utility
121: * functions to extract them.
122: *
123: * @return port
124: */
125: uint16_t (*get_from_port)(traffic_selector_t *this);
126:
127: /**
128: * Get ending port of this ts.
129: *
130: * Port is in host order, since the parser converts it.
131: *
132: * If the protocol is ICMP/ICMPv6 the ICMP type and code are stored in this
133: * field as follows: The message type is placed in the most significant
134: * 8 bits and the code in the least significant 8 bits. Use the utility
135: * functions to extract them.
136: *
137: * @return port
138: */
139: uint16_t (*get_to_port)(traffic_selector_t *this);
140:
141: /**
142: * Get the type of the traffic selector.
143: *
144: * @return ts_type_t specifying the type
145: */
146: ts_type_t (*get_type)(traffic_selector_t *this);
147:
148: /**
149: * Get the protocol id of this ts.
150: *
151: * @return protocol id
152: */
153: uint8_t (*get_protocol)(traffic_selector_t *this);
154:
155: /**
156: * Check if the traffic selector is for a single host.
157: *
158: * Traffic selector may describe the end of *-to-host tunnel. In this
159: * case, the address range is a single address equal to the hosts
160: * peer address.
161: *
162: * If host is specified, the traffic selector must equal that specific
163: * IP address. If it is not specified, TRUE is also returned for dynamic
164: * traffic selectors.
165: *
166: * @param host IP address to check for, or NULL
167: * @return TRUE if TS is for a single host
168: */
169: bool (*is_host)(traffic_selector_t *this, host_t* host);
170:
171: /**
172: * Check if this traffic selector was created by
173: * traffic_selector_create_dynamic() but no address has yet been set with
174: * set_address().
175: *
176: * @return TRUE if TS is dynamic
177: */
178: bool (*is_dynamic)(traffic_selector_t *this);
179:
180: /**
181: * Set the traffic selector to the given IP address.
182: *
183: * If host is %any or %any6 the traffic selector gets set to 0.0.0.0/0 or
184: * ::/0, respectively.
185: *
186: * Checking is_host(), is_dynamic() or includes() might be appropriate
187: * before calling this.
188: *
189: * is_dynamic() will return FALSE after calling this.
190: *
191: * @param host target IP address
192: */
193: void (*set_address)(traffic_selector_t *this, host_t* host);
194:
195: /**
196: * Compare two traffic selectors for equality.
197: *
198: * @param other ts to compare with this
199: * @return TRUE if equal, FALSE otherwise
200: */
201: bool (*equals)(traffic_selector_t *this, traffic_selector_t *other);
202:
203: /**
204: * Check if a traffic selector is contained completely in another.
205: *
206: * contains() allows to check if multiple traffic selectors are redundant.
207: *
208: * @param other ts that contains this
209: * @return TRUE if other contains this completely, FALSE otherwise
210: */
211: bool (*is_contained_in)(traffic_selector_t *this, traffic_selector_t *other);
212:
213: /**
214: * Check if a specific host is included in the address range of
215: * this traffic selector.
216: *
217: * @param host the host to check
218: */
219: bool (*includes)(traffic_selector_t *this, host_t *host);
220:
221: /**
222: * Convert a traffic selector address range to a subnet
223: * and its net mask.
224: * If from and to ports of this traffic selector are equal,
225: * the port of the returned host_t is set to that port.
226: *
227: * @param net converted subnet (has to be freed)
228: * @param mask converted net mask
229: * @return TRUE if traffic selector matches exactly to the subnet
230: */
231: bool (*to_subnet)(traffic_selector_t *this, host_t **net, uint8_t *mask);
232:
233: /**
234: * Create a hash value for the traffic selector.
235: *
236: * @param inc optional value for incremental hashing
237: * @return calculated hash value for the traffic selector
238: */
239: u_int (*hash)(traffic_selector_t *this, u_int inc);
240:
241: /**
242: * Destroys the ts object
243: */
244: void (*destroy)(traffic_selector_t *this);
245: };
246:
247: /**
248: * Extract the ICMP/ICMPv6 message type from a port in host order
249: *
250: * @param port port number in host order
251: * @return ICMP/ICMPv6 message type
252: */
253: static inline uint8_t traffic_selector_icmp_type(uint16_t port)
254: {
255: return port >> 8;
256: }
257:
258: /**
259: * Extract the ICMP/ICMPv6 message code from a port in host order
260: *
261: * @param port port number in host order
262: * @return ICMP/ICMPv6 message code
263: */
264: static inline uint8_t traffic_selector_icmp_code(uint16_t port)
265: {
266: return port & 0xff;
267: }
268:
269: /**
270: * Compare two traffic selectors, usable as sort function
271: *
272: * @param a first selector to compare
273: * @param b second selector to compare
274: * @param opts optional sort options, currently unused
275: * @return > 0 if a > b, 0 if a == b, < 0 if a < b
276: */
277: int traffic_selector_cmp(traffic_selector_t *a, traffic_selector_t *b,
278: void *opts);
279:
280: /**
281: * Create a new traffic selector using human readable params.
282: *
283: * If protocol is ICMP or ICMPv6 the ports are interpreted as follows: If they
284: * are less than 256 the value is assumed to be a message type, if they are
285: * greater or equal to 256 they are assumed to be type and code as defined
286: * for traffic_selector_t.
287: *
288: * @param protocol protocol for this ts, such as TCP or UDP
289: * @param type type of following addresses, such as TS_IPV4_ADDR_RANGE
290: * @param from_addr start of address range as string
291: * @param from_port port number in host order
292: * @param to_addr end of address range as string
293: * @param to_port port number in host order
294: * @return
295: * - traffic_selector_t object
296: * - NULL if invalid address strings/protocol
297: */
298: traffic_selector_t *traffic_selector_create_from_string(
299: uint8_t protocol, ts_type_t type,
300: char *from_addr, uint16_t from_port,
301: char *to_addr, uint16_t to_port);
302:
303:
304:
305: /**
306: * Create a traffic selector from a CIDR string.
307: *
308: * If protocol is ICMP or ICMPv6 the ports are interpreted as follows: If they
309: * are less than 256 the value is assumed to be a message type, if they are
310: * greater or equal to 256 they are assumed to be type and code as defined
311: * for traffic_selector_t.
312: *
313: * @param string CIDR string, such as 10.1.0.0/16
314: * @param protocol protocol for this ts, such as TCP or UDP
315: * @param from_port start of allowed port range
316: * @param to_port end of port range
317: * @return traffic selector, NULL if string invalid
318: */
319: traffic_selector_t *traffic_selector_create_from_cidr(
320: char *string, uint8_t protocol,
321: uint16_t from_port, uint16_t to_port);
322:
323: /**
324: * Create a new traffic selector using data read from the net.
325: *
326: * There exists a mix of network and host order in the params.
327: * But the parser gives us this data in this format, so we
328: * don't have to convert twice.
329: *
330: * If protocol is ICMP or ICMPv6 the ports are interpreted as follows: If they
331: * are less than 256 the value is assumed to be a message type, if they are
332: * greater or equal to 256 they are assumed to be type and code as defined
333: * for traffic_selector_t.
334: *
335: * @param protocol protocol for this ts, such as TCP or UDP
336: * @param type type of following addresses, such as TS_IPV4_ADDR_RANGE
337: * @param from_address start of address range, network order
338: * @param from_port port number, host order
339: * @param to_address end of address range, network order
340: * @param to_port port number, host order
341: * @return traffic_selector_t object
342: */
343: traffic_selector_t *traffic_selector_create_from_bytes(
344: uint8_t protocol, ts_type_t type,
345: chunk_t from_address, uint16_t from_port,
346: chunk_t to_address, uint16_t to_port);
347:
348: /**
349: * Create a new traffic selector using the RFC 3779 ASN.1 min/max address format
350: *
351: * @param type type of following addresses, such as TS_IPV4_ADDR_RANGE
352: * @param from_addr start of address range in RFC 3779 ASN.1 BIT STRING format
353: * @param to_addr end of address range in RFC 3779 ASN.1 BIT STRING format
354: * @return traffic_selector_t object
355: */
356: traffic_selector_t *traffic_selector_create_from_rfc3779_format(ts_type_t type,
357: chunk_t from_addr, chunk_t to_addr);
358:
359: /**
360: * Create a new traffic selector defining a whole subnet.
361: *
362: * In most cases, definition of a traffic selector for full subnets
363: * is sufficient. This constructor creates a traffic selector for
364: * all protocols, all ports and the address range specified by the
365: * subnet.
366: * Additionally, a protocol and ports may be specified.
367: *
368: * If protocol is ICMP or ICMPv6 the ports are interpreted as follows: If they
369: * are less than 256 the value is assumed to be a message type, if they are
370: * greater or equal to 256 they are assumed to be type and code as defined
371: * for traffic_selector_t.
372: *
373: * @param net subnet to use
374: * @param netbits size of the subnet, as used in e.g. 192.168.0.0/24 notation
375: * @param protocol protocol for this ts, such as TCP or UDP
376: * @param from_port start of allowed port range
377: * @param to_port end of port range
378: * @return
379: * - traffic_selector_t object
380: * - NULL if address family of net not supported
381: */
382: traffic_selector_t *traffic_selector_create_from_subnet(
383: host_t *net, uint8_t netbits, uint8_t protocol,
384: uint16_t from_port, uint16_t to_port);
385:
386: /**
387: * Create a traffic selector for host-to-host cases.
388: *
389: * For host2host or virtual IP setups, the traffic selectors gets
390: * created at runtime using the external/virtual IP. Using this constructor,
391: * a call to set_address() sets this traffic selector to the supplied host.
392: *
393: * If protocol is ICMP or ICMPv6 the ports are interpreted as follows: If they
394: * are less than 256 the value is assumed to be a message type, if they are
395: * greater or equal to 256 they are assumed to be type and code as defined
396: * for traffic_selector_t.
397: *
398: * @param protocol upper layer protocol to allow
399: * @param from_port start of allowed port range
400: * @param to_port end of range
401: * @return
402: * - traffic_selector_t object
403: * - NULL if type not supported
404: */
405: traffic_selector_t *traffic_selector_create_dynamic(uint8_t protocol,
406: uint16_t from_port, uint16_t to_port);
407:
408: /**
409: * printf hook function for traffic_selector_t.
410: *
411: * Arguments are:
412: * traffic_selector_t *ts
413: * With the #-specifier, arguments are:
414: * linked_list_t *list containing traffic_selector_t*
415: */
416: int traffic_selector_printf_hook(printf_hook_data_t *data,
417: printf_hook_spec_t *spec, const void *const *args);
418:
419: #endif /** TRAFFIC_SELECTOR_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to traffic_selector.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / selectors