- Generated on Thu Aug 30 2012 22:56:42 for INET Framework for OMNeT++/OMNEST by
1.7.6.1
|
INET Framework for OMNeT++/OMNEST
|
00001 /* 00002 * acl.h 00003 * 00004 * Created on: 19.2.2009 00005 * Author: Tomas Suchomel, xsucho00 00006 */ 00007 00008 #ifndef ACL_H_ 00009 #define ACL_H_ 00010 00011 #include <omnetpp.h> 00012 #include "IPAddress.h" 00013 #include "IPAddressResolver.h" 00014 #include "IRoutingTable.h" 00015 #include "RoutingTableAccess.h" 00016 #include "IInterfaceTable.h" 00017 #include "InterfaceTableAccess.h" 00018 #include "IPDatagram.h" 00019 #include "TCPSegment.h" 00020 #include "UDPPacket.h" 00021 #include "NotificationBoard.h" 00022 00023 /* VYCET POZADOVANYCH AKCI - DENY (ZAHODIT PAKET) NEBO PERMIT (PROPUSTIT PAKET) */ 00024 const bool A_PERMIT = true; 00025 const bool A_DENY = false; 00026 00027 /* VYCET PROTOKOLU - IP, TCP, UDP, ICMP */ 00028 enum TProtocol 00029 { 00030 PROT_ICMP = 1, 00031 PROT_IGMP = 2, 00032 PROT_IP = 4, 00033 PROT_TCP = 6, 00034 PROT_UDP = 17, 00035 PROT_EIGRP = 88, 00036 PROT_OSPF = 89, 00037 PROT_SCTP = 132 00038 }; 00039 00040 /* VYCET OPERATORU PRO PORTY - eq (je roven), neq (neni roven), gt (vetsi nez), lt (mensi nez), range (rozsah portu) */ 00041 enum TPortOP 00042 { 00043 PORT_NDEF, // pokud neni zadny port pritomen v ACL pravidlu (port je optional command) 00044 PORT_EQ, 00045 PORT_NEQ, 00046 PORT_GT, 00047 PORT_LT, 00048 PORT_RNG 00049 }; 00050 00051 struct TIP 00052 { 00053 IPAddress ipAddr, netmask; 00054 int portBeg, portEnd; 00055 TPortOP port_op; 00056 }; 00057 00058 struct TRule 00059 { 00060 bool action; 00061 TProtocol protocol; 00062 TIP source, dest; 00063 int* used; 00064 }; 00065 00066 typedef std::list<TRule> TACL; 00067 typedef std::list<TRule>::iterator TACL_it; 00068 00069 struct TInterface 00070 { 00071 int gateIndex; 00072 bool dir; 00073 TACL* rules; 00074 }; 00075 00076 class Stat 00077 { 00078 public: 00079 std::string text; 00080 int used; 00081 }; 00082 00083 inline std::ostream& operator<< (std::ostream& ostr, Stat& statistics) 00084 { 00085 ostr << statistics.text << " (" << statistics.used << " matches)"; 00086 return ostr; 00087 } 00088 00089 class acl : public cSimpleModule, protected INotifiable 00090 { 00091 private: 00092 bool loadConfigFromXML(const char* filename); 00093 bool processPacket(IPDatagram* packet, TACL* acl); 00094 TACL* getRules(int gateIndex, bool dir); 00095 bool filterPacket(TACL* acl, TIP source, TIP dest, int protocol); 00096 bool ipIsEqual(TIP* ip, TIP* packet); 00097 bool portIsEqual(TIP* ip, TIP* packet); 00098 void getAction(std::string action, TRule* rule); 00099 void getProtocol(std::string pom, TRule* rule); 00100 void getPort(std::string pom, std::string p_beg, std::string p_end, TIP *ip); 00101 void andIpWithMask(TRule* rule); 00102 IPAddress negateWildcard(IPAddress wc); 00103 00104 private: 00105 std::list<TACL> acls; 00106 std::list<TInterface> interfaces; 00107 std::list<Stat> stats; 00108 bool aclEnabled; // ACL configuration is present/missing in XML cfg file 00109 int numPackets; // IPDatagrams arrived into ACL filtering module 00110 int packetsDropped; // packets dropped by an ACL action "deny" 00111 int packetsPermitted; // packets permitted by an ACL action "permit" 00112 int packetsAllowed; // without ACL action (e.g. no ACL bound for packet's intf/dir) 00113 00114 protected: 00115 virtual void handleMessage(cMessage *msg); 00116 virtual void initialize(int stage); 00117 virtual void finish(); 00118 NotificationBoard *notificationBoard; 00119 virtual void receiveChangeNotification(int category, const cPolymorphic *details){} 00120 virtual int numInitStages() const { EV << "numinitstages\n"; return 5;} 00121 }; 00122 00123 #endif /* ACL_H_ */
1.7.6.1