blob: 81f199b2d83b45e73815150b661bd5dc7b9fd196 [file] [log] [blame]
susmit91e1d7c2016-10-03 16:16:57 -06001/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/**
Junxiao Shi7003c602017-01-10 13:35:28 +00003 * Copyright (c) 2014-2017, Regents of the University of California,
susmit91e1d7c2016-10-03 16:16:57 -06004 * Arizona Board of Regents,
5 * Colorado State University,
6 * University Pierre & Marie Curie, Sorbonne University,
7 * Washington University in St. Louis,
8 * Beijing Institute of Technology,
9 * The University of Memphis.
10 *
11 * This file is part of NFD (Named Data Networking Forwarding Daemon).
12 * See AUTHORS.md for complete list of NFD authors and contributors.
13 *
14 * NFD is free software: you can redistribute it and/or modify it under the terms
15 * of the GNU General Public License as published by the Free Software Foundation,
16 * either version 3 of the License, or (at your option) any later version.
17 *
18 * NFD is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
19 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
20 * PURPOSE. See the GNU General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License along with
23 * NFD, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
24 */
25
26#include "network-interface-predicate.hpp"
27
28#include "config-file.hpp"
29#include "network-interface.hpp"
30#include "network.hpp"
31
susmit21f22e62017-03-25 15:44:45 -050032#include <fnmatch.h>
33
susmit91e1d7c2016-10-03 16:16:57 -060034namespace nfd {
35
36NetworkInterfacePredicate::NetworkInterfacePredicate()
37{
38 this->clear();
39}
40
41void
42NetworkInterfacePredicate::clear()
43{
44 m_whitelist = std::set<std::string>{"*"};
45 m_blacklist.clear();
46}
47
48static void
49parseList(std::set<std::string>& set, const boost::property_tree::ptree& list, const std::string& section)
50{
51 set.clear();
52
53 for (const auto& item : list) {
54 if (item.first == "*") {
55 // insert wildcard
56 set.insert(item.first);
57 }
58 else if (item.first == "ifname") {
59 // very basic sanity check for interface names
60 auto name = item.second.get_value<std::string>();
61 if (name.empty()) {
62 BOOST_THROW_EXCEPTION(ConfigFile::Error("Empty interface name in \"" + section + "\" section"));
63 }
64 set.insert(name);
65 }
66 else if (item.first == "ether") {
67 // validate ethernet address
68 auto addr = item.second.get_value<std::string>();
69 if (ethernet::Address::fromString(addr).isNull()) {
70 BOOST_THROW_EXCEPTION(ConfigFile::Error("Malformed ether address \"" + addr +
71 "\" in \"" + section + "\" section"));
72 }
73 set.insert(addr);
74 }
75 else if (item.first == "subnet") {
76 // example subnet: 10.0.0.0/8
77 auto cidr = item.second.get_value<std::string>();
78 if (!Network::isValidCidr(cidr)) {
79 BOOST_THROW_EXCEPTION(ConfigFile::Error("Malformed subnet declaration \"" + cidr +
80 "\" in \"" + section + "\" section"));
81 }
82 set.insert(cidr);
83 }
84 }
85}
86
87void
88NetworkInterfacePredicate::parseWhitelist(const boost::property_tree::ptree& list)
89{
90 parseList(m_whitelist, list, "whitelist");
91}
92
93void
94NetworkInterfacePredicate::parseBlacklist(const boost::property_tree::ptree& list)
95{
96 parseList(m_blacklist, list, "blacklist");
97}
98
99static bool
susmit21f22e62017-03-25 15:44:45 -0500100doesMatchPattern(const std::string& ifname, const std::string& pattern)
101{
102 // use fnmatch(3) to provide unix glob-style matching for interface names
103 // fnmatch returns 0 if there is a match
104 return ::fnmatch(pattern.data(), ifname.data(), 0) == 0;
105}
106
107static bool
Junxiao Shi7003c602017-01-10 13:35:28 +0000108doesMatchRule(const NetworkInterfaceInfo& netif, const std::string& rule)
susmit91e1d7c2016-10-03 16:16:57 -0600109{
Davide Pesavento89567d32016-11-19 16:39:45 +0100110 // if '/' is in rule, this is a subnet, check if IP in subnet
111 if (rule.find('/') != std::string::npos) {
susmit91e1d7c2016-10-03 16:16:57 -0600112 Network n = boost::lexical_cast<Network>(rule);
Junxiao Shi7003c602017-01-10 13:35:28 +0000113 for (const auto& addr : netif.ipv4Addresses) {
susmit91e1d7c2016-10-03 16:16:57 -0600114 if (n.doesContain(addr)) {
Davide Pesavento89567d32016-11-19 16:39:45 +0100115 return true;
susmit91e1d7c2016-10-03 16:16:57 -0600116 }
117 }
118 }
119
120 return rule == "*" ||
susmit21f22e62017-03-25 15:44:45 -0500121 doesMatchPattern(netif.name, rule) ||
Junxiao Shi7003c602017-01-10 13:35:28 +0000122 netif.etherAddress.toString() == rule;
susmit91e1d7c2016-10-03 16:16:57 -0600123}
124
125bool
Junxiao Shi7003c602017-01-10 13:35:28 +0000126NetworkInterfacePredicate::operator()(const NetworkInterfaceInfo& netif) const
susmit91e1d7c2016-10-03 16:16:57 -0600127{
Junxiao Shi7003c602017-01-10 13:35:28 +0000128 return std::any_of(m_whitelist.begin(), m_whitelist.end(), bind(&doesMatchRule, netif, _1)) &&
129 std::none_of(m_blacklist.begin(), m_blacklist.end(), bind(&doesMatchRule, netif, _1));
130}
131
132bool
133NetworkInterfacePredicate::operator==(const NetworkInterfacePredicate& other) const
134{
135 return this->m_whitelist == other.m_whitelist &&
136 this->m_blacklist == other.m_blacklist;
susmit91e1d7c2016-10-03 16:16:57 -0600137}
138
139} // namespace nfd