susmit | 91e1d7c | 2016-10-03 16:16:57 -0600 | [diff] [blame] | 1 | /* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */ |
| 2 | /** |
Junxiao Shi | 7003c60 | 2017-01-10 13:35:28 +0000 | [diff] [blame] | 3 | * Copyright (c) 2014-2017, Regents of the University of California, |
susmit | 91e1d7c | 2016-10-03 16:16:57 -0600 | [diff] [blame] | 4 | * Arizona Board of Regents, |
| 5 | * Colorado State University, |
| 6 | * University Pierre & Marie Curie, Sorbonne University, |
| 7 | * Washington University in St. Louis, |
| 8 | * Beijing Institute of Technology, |
| 9 | * The University of Memphis. |
| 10 | * |
| 11 | * This file is part of NFD (Named Data Networking Forwarding Daemon). |
| 12 | * See AUTHORS.md for complete list of NFD authors and contributors. |
| 13 | * |
| 14 | * NFD is free software: you can redistribute it and/or modify it under the terms |
| 15 | * of the GNU General Public License as published by the Free Software Foundation, |
| 16 | * either version 3 of the License, or (at your option) any later version. |
| 17 | * |
| 18 | * NFD is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; |
| 19 | * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR |
| 20 | * PURPOSE. See the GNU General Public License for more details. |
| 21 | * |
| 22 | * You should have received a copy of the GNU General Public License along with |
| 23 | * NFD, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>. |
| 24 | */ |
| 25 | |
| 26 | #include "network-interface-predicate.hpp" |
| 27 | |
| 28 | #include "config-file.hpp" |
| 29 | #include "network-interface.hpp" |
| 30 | #include "network.hpp" |
| 31 | |
susmit | 21f22e6 | 2017-03-25 15:44:45 -0500 | [diff] [blame] | 32 | #include <fnmatch.h> |
| 33 | |
susmit | 91e1d7c | 2016-10-03 16:16:57 -0600 | [diff] [blame] | 34 | namespace nfd { |
| 35 | |
| 36 | NetworkInterfacePredicate::NetworkInterfacePredicate() |
| 37 | { |
| 38 | this->clear(); |
| 39 | } |
| 40 | |
| 41 | void |
| 42 | NetworkInterfacePredicate::clear() |
| 43 | { |
| 44 | m_whitelist = std::set<std::string>{"*"}; |
| 45 | m_blacklist.clear(); |
| 46 | } |
| 47 | |
| 48 | static void |
| 49 | parseList(std::set<std::string>& set, const boost::property_tree::ptree& list, const std::string& section) |
| 50 | { |
| 51 | set.clear(); |
| 52 | |
| 53 | for (const auto& item : list) { |
| 54 | if (item.first == "*") { |
| 55 | // insert wildcard |
| 56 | set.insert(item.first); |
| 57 | } |
| 58 | else if (item.first == "ifname") { |
| 59 | // very basic sanity check for interface names |
| 60 | auto name = item.second.get_value<std::string>(); |
| 61 | if (name.empty()) { |
| 62 | BOOST_THROW_EXCEPTION(ConfigFile::Error("Empty interface name in \"" + section + "\" section")); |
| 63 | } |
| 64 | set.insert(name); |
| 65 | } |
| 66 | else if (item.first == "ether") { |
| 67 | // validate ethernet address |
| 68 | auto addr = item.second.get_value<std::string>(); |
| 69 | if (ethernet::Address::fromString(addr).isNull()) { |
| 70 | BOOST_THROW_EXCEPTION(ConfigFile::Error("Malformed ether address \"" + addr + |
| 71 | "\" in \"" + section + "\" section")); |
| 72 | } |
| 73 | set.insert(addr); |
| 74 | } |
| 75 | else if (item.first == "subnet") { |
| 76 | // example subnet: 10.0.0.0/8 |
| 77 | auto cidr = item.second.get_value<std::string>(); |
| 78 | if (!Network::isValidCidr(cidr)) { |
| 79 | BOOST_THROW_EXCEPTION(ConfigFile::Error("Malformed subnet declaration \"" + cidr + |
| 80 | "\" in \"" + section + "\" section")); |
| 81 | } |
| 82 | set.insert(cidr); |
| 83 | } |
| 84 | } |
| 85 | } |
| 86 | |
| 87 | void |
| 88 | NetworkInterfacePredicate::parseWhitelist(const boost::property_tree::ptree& list) |
| 89 | { |
| 90 | parseList(m_whitelist, list, "whitelist"); |
| 91 | } |
| 92 | |
| 93 | void |
| 94 | NetworkInterfacePredicate::parseBlacklist(const boost::property_tree::ptree& list) |
| 95 | { |
| 96 | parseList(m_blacklist, list, "blacklist"); |
| 97 | } |
| 98 | |
| 99 | static bool |
susmit | 21f22e6 | 2017-03-25 15:44:45 -0500 | [diff] [blame] | 100 | doesMatchPattern(const std::string& ifname, const std::string& pattern) |
| 101 | { |
| 102 | // use fnmatch(3) to provide unix glob-style matching for interface names |
| 103 | // fnmatch returns 0 if there is a match |
| 104 | return ::fnmatch(pattern.data(), ifname.data(), 0) == 0; |
| 105 | } |
| 106 | |
| 107 | static bool |
Junxiao Shi | 7003c60 | 2017-01-10 13:35:28 +0000 | [diff] [blame] | 108 | doesMatchRule(const NetworkInterfaceInfo& netif, const std::string& rule) |
susmit | 91e1d7c | 2016-10-03 16:16:57 -0600 | [diff] [blame] | 109 | { |
Davide Pesavento | 89567d3 | 2016-11-19 16:39:45 +0100 | [diff] [blame] | 110 | // if '/' is in rule, this is a subnet, check if IP in subnet |
| 111 | if (rule.find('/') != std::string::npos) { |
susmit | 91e1d7c | 2016-10-03 16:16:57 -0600 | [diff] [blame] | 112 | Network n = boost::lexical_cast<Network>(rule); |
Junxiao Shi | 7003c60 | 2017-01-10 13:35:28 +0000 | [diff] [blame] | 113 | for (const auto& addr : netif.ipv4Addresses) { |
susmit | 91e1d7c | 2016-10-03 16:16:57 -0600 | [diff] [blame] | 114 | if (n.doesContain(addr)) { |
Davide Pesavento | 89567d3 | 2016-11-19 16:39:45 +0100 | [diff] [blame] | 115 | return true; |
susmit | 91e1d7c | 2016-10-03 16:16:57 -0600 | [diff] [blame] | 116 | } |
| 117 | } |
| 118 | } |
| 119 | |
| 120 | return rule == "*" || |
susmit | 21f22e6 | 2017-03-25 15:44:45 -0500 | [diff] [blame] | 121 | doesMatchPattern(netif.name, rule) || |
Junxiao Shi | 7003c60 | 2017-01-10 13:35:28 +0000 | [diff] [blame] | 122 | netif.etherAddress.toString() == rule; |
susmit | 91e1d7c | 2016-10-03 16:16:57 -0600 | [diff] [blame] | 123 | } |
| 124 | |
| 125 | bool |
Junxiao Shi | 7003c60 | 2017-01-10 13:35:28 +0000 | [diff] [blame] | 126 | NetworkInterfacePredicate::operator()(const NetworkInterfaceInfo& netif) const |
susmit | 91e1d7c | 2016-10-03 16:16:57 -0600 | [diff] [blame] | 127 | { |
Junxiao Shi | 7003c60 | 2017-01-10 13:35:28 +0000 | [diff] [blame] | 128 | return std::any_of(m_whitelist.begin(), m_whitelist.end(), bind(&doesMatchRule, netif, _1)) && |
| 129 | std::none_of(m_blacklist.begin(), m_blacklist.end(), bind(&doesMatchRule, netif, _1)); |
| 130 | } |
| 131 | |
| 132 | bool |
| 133 | NetworkInterfacePredicate::operator==(const NetworkInterfacePredicate& other) const |
| 134 | { |
| 135 | return this->m_whitelist == other.m_whitelist && |
| 136 | this->m_blacklist == other.m_blacklist; |
susmit | 91e1d7c | 2016-10-03 16:16:57 -0600 | [diff] [blame] | 137 | } |
| 138 | |
| 139 | } // namespace nfd |