- Generated on Thu Aug 30 2012 22:56:42 for INET Framework for OMNeT++/OMNEST by
1.7.6.1
|
INET Framework for OMNeT++/OMNEST
|
00001 // 00002 // Copyright (C) 2005 Andras Varga 00003 // 00004 // This program is free software; you can redistribute it and/or 00005 // modify it under the terms of the GNU Lesser General Public 00006 // License as published by the Free Software Foundation; either 00007 // version 2.1 of the License, or (at your option) any later version. 00008 // 00009 // This program is distributed in the hope that it will be useful, 00010 // but WITHOUT ANY WARRANTY; without even the implied warranty of 00011 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 00012 // GNU Lesser General Public License for more details. 00013 // 00014 // You should have received a copy of the GNU Lesser General Public 00015 // License along with this program; if not, write to the Free Software 00016 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 00017 // 00018 00019 #ifndef __INET_ACLCONTAINER_H 00020 #define __INET_ACLCONTAINER_H 00021 00022 #include <omnetpp.h> 00023 #include "IPAddress.h" 00024 #include "IPAddressResolver.h" 00025 #include "RoutingTableAccess.h" 00026 00027 00028 #include "IPDatagram.h" 00029 #include "TCPSegment.h" 00030 #include "UDPPacket.h" 00031 00032 /* VYCET POZADOVANYCH AKCI - DENY (ZAHODIT PAKET) NEBO PERMIT (PROPUSTIT PAKET) */ 00033 const bool A_PERMIT = true; 00034 const bool A_DENY = false; 00035 00036 /* VYCET PROTOKOLU - IP, TCP, UDP, ICMP */ 00037 enum TProtocol 00038 { 00039 PROT_ICMP = 1, 00040 PROT_IGMP = 2, 00041 PROT_IP = 4, 00042 PROT_TCP = 6, 00043 PROT_UDP = 17, 00044 PROT_EIGRP = 88, 00045 PROT_OSPF = 89, 00046 PROT_SCTP = 132 00047 }; 00048 00049 /* VYCET OPERATORU PRO PORTY - eq (je roven), neq (neni roven), gt (vetsi nez), lt (mensi nez), range (rozsah portu) */ 00050 enum TPortOP 00051 { 00052 PORT_NDEF, // pokud neni zadny port pritomen v ACL pravidlu (port je optional command) 00053 PORT_EQ, 00054 PORT_NEQ, 00055 PORT_GT, 00056 PORT_LT, 00057 PORT_RNG 00058 }; 00059 00060 struct TIP 00061 { 00062 IPAddress ipAddr, netmask; 00063 int portBeg, portEnd; 00064 TPortOP port_op; 00065 }; 00066 00067 struct TRule 00068 { 00069 bool action; 00070 TProtocol protocol; 00071 TIP source, dest; 00072 int* used; 00073 }; 00074 00075 typedef std::list<TRule> TRULES; 00076 typedef std::list<TRule>::iterator TRULES_it; 00077 00078 struct TACL 00079 { 00080 std::string aclName; 00081 TRULES rules; 00082 }; 00083 00084 typedef std::list<TACL>::iterator TACL_itc; 00085 00086 class Stat 00087 { 00088 public: 00089 std::string text; 00090 int used; 00091 }; 00092 00093 inline std::ostream& operator<< (std::ostream& ostr, Stat& statistics) 00094 { 00095 ostr << statistics.text << " (" << statistics.used << " matches)"; 00096 return ostr; 00097 } 00098 00099 class AclContainer : public cSimpleModule 00100 { 00101 private: 00102 bool loadConfigFromXML(const char* filename); 00103 bool processPacket(IPDatagram* packet, TRULES* acl); 00104 bool compareValues(TRULES* acl, TIP source, TIP dest, int protocol); 00105 TRULES* getRulesByAclName(std::string name); 00106 bool ipIsEqual(TIP* ip, TIP* packet); 00107 bool portIsEqual(TIP* ip, TIP* packet); 00108 void getAction(std::string action, TRule* rule); 00109 void getProtocol(std::string pom, TRule* rule); 00110 void getPort(std::string pom, std::string p_beg, std::string p_end, TIP *ip); 00111 void andIpWithMask(TRule* rule); 00112 IPAddress negateWildcard(IPAddress wc); 00113 00114 private: 00115 std::list<TACL> acls; 00116 std::list<Stat> stats; 00117 00118 public: 00119 bool matchPacketToAcl(std::string name, cMessage *msg); 00120 bool existAcl(std::string name); 00121 00122 protected: 00123 virtual void handleMessage(cMessage *msg); 00124 virtual void initialize(int stage); 00125 virtual int numInitStages() const { return 5;} 00126 }; 00127 00128 #endif /* __INET_ACLCONTAINER_H */ 00129
1.7.6.1