Gitiles
Code Review Sign In
gerrit.named-data.net / NFD / e422f9e1e90f423b33d351b7b732c44a86af41ad / . / daemon / face / network-predicate.hpp
blob: 2ea79d69deeffd6bdc4f7e5faf79f963cfe05c97 [file] [log] [blame]
Alexander Afanasyeve4d745d2018-04-08 17:55:56 -0400[diff] [blame]1/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
2/*
Davide Pesaventoe422f9e2022-06-03 01:30:23 -0400[diff] [blame^]3 * Copyright (c) 2014-2022, Regents of the University of California,
Alexander Afanasyeve4d745d2018-04-08 17:55:56 -0400[diff] [blame]4 * Arizona Board of Regents,
5 * Colorado State University,
6 * University Pierre & Marie Curie, Sorbonne University,
7 * Washington University in St. Louis,
8 * Beijing Institute of Technology,
9 * The University of Memphis.
10 *
11 * This file is part of NFD (Named Data Networking Forwarding Daemon).
12 * See AUTHORS.md for complete list of NFD authors and contributors.
13 *
14 * NFD is free software: you can redistribute it and/or modify it under the terms
15 * of the GNU General Public License as published by the Free Software Foundation,
16 * either version 3 of the License, or (at your option) any later version.
17 *
18 * NFD is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
19 * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
20 * PURPOSE. See the GNU General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License along with
23 * NFD, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
24 */
25
Davide Pesavento2cae8ca2019-04-18 20:48:05 -0400[diff] [blame]26#ifndef NFD_DAEMON_FACE_NETWORK_PREDICATE_HPP
27#define NFD_DAEMON_FACE_NETWORK_PREDICATE_HPP
Alexander Afanasyeve4d745d2018-04-08 17:55:56 -0400[diff] [blame]28
Davide Pesavento2cae8ca2019-04-18 20:48:05 -0400[diff] [blame]29#include "core/common.hpp"
30
Alexander Afanasyeve4d745d2018-04-08 17:55:56 -0400[diff] [blame]31#include <ndn-cxx/net/network-interface.hpp>
32
Davide Pesaventoe422f9e2022-06-03 01:30:23 -0400[diff] [blame^]33namespace nfd::face {
Alexander Afanasyeve4d745d2018-04-08 17:55:56 -0400[diff] [blame]34
35class NetworkPredicateBase
36{
37public:
38 NetworkPredicateBase();
39
40 virtual
41 ~NetworkPredicateBase();
42
43 /**
44 * \brief Set the whitelist to "*" and clear the blacklist
45 */
46 void
47 clear();
48
49 void
50 parseWhitelist(const boost::property_tree::ptree& list);
51
52 void
53 parseBlacklist(const boost::property_tree::ptree& list);
54
55 void
56 assign(std::initializer_list<std::pair<std::string, std::string>> whitelist,
57 std::initializer_list<std::pair<std::string, std::string>> blacklist);
58
59 bool
60 operator==(const NetworkPredicateBase& other) const;
61
62 bool
63 operator!=(const NetworkPredicateBase& other) const
64 {
65 return !this->operator==(other);
66 }
67
68private:
69 virtual bool
70 isRuleSupported(const std::string& key) = 0;
71
72 virtual bool
73 isRuleValid(const std::string& key, const std::string& value) = 0;
74
75 void
76 parseList(std::set<std::string>& set, const boost::property_tree::ptree& list, const std::string& section);
77
78 void
79 parseList(std::set<std::string>& set, std::initializer_list<std::pair<std::string, std::string>> list);
80
Davide Pesavento264af772021-02-09 21:48:24 -0500[diff] [blame]81NFD_PUBLIC_WITH_TESTS_ELSE_PROTECTED:
Alexander Afanasyeve4d745d2018-04-08 17:55:56 -0400[diff] [blame]82 std::set<std::string> m_whitelist;
83 std::set<std::string> m_blacklist;
84};
85
86/**
87 * \brief Represents a predicate to accept or reject a ndn::net::NetworkInterface.
88 *
89 * The predicate consists of a whitelist and a blacklist. Whitelist and blacklist can contain,
90 * in no particular order, interface names (e.g., `ifname eth0`), MAC addresses (e.g., `ether
91 * 85:3b:4d:d3:5f:c2`), IPv4 and IPv6 subnets (e.g., `subnet 192.0.2.0/24` or `subnet
92 * 2001:db8:2::/64`), or a wildcard (`*`) that matches all interfaces. A
93 * ndn::net::NetworkInterface is accepted if it matches any entry in the whitelist and none of
94 * the entries in the blacklist.
95 */
96class NetworkInterfacePredicate : public NetworkPredicateBase
97{
98public:
99 bool
100 operator()(const ndn::net::NetworkInterface& netif) const;
101
102private:
103 bool
104 isRuleSupported(const std::string& key) final;
105
106 bool
107 isRuleValid(const std::string& key, const std::string& value) final;
108};
109
110/**
111 * \brief Represents a predicate to accept or reject an IP address.
112 *
113 * The predicate consists of a whitelist and a blacklist. Whitelist and blacklist can contain,
114 * in no particular order, IPv4 and IPv6 subnets (e.g., `subnet 192.0.2.0/24` or `subnet
115 * 2001:db8:2::/64`) or a wildcard (`*`) that matches all IP addresses. An IP address is
116 * accepted if it matches any entry in the whitelist and none of the entries in the blacklist.
117 */
118class IpAddressPredicate : public NetworkPredicateBase
119{
120public:
121 bool
122 operator()(const boost::asio::ip::address& address) const;
123
124private:
125 bool
126 isRuleSupported(const std::string& key) final;
127
128 bool
129 isRuleValid(const std::string& key, const std::string& value) final;
130};
131
Davide Pesaventoe422f9e2022-06-03 01:30:23 -0400[diff] [blame^]132} // namespace nfd::face
Alexander Afanasyeve4d745d2018-04-08 17:55:56 -0400[diff] [blame]133
Davide Pesavento2cae8ca2019-04-18 20:48:05 -0400[diff] [blame]134#endif // NFD_DAEMON_FACE_NETWORK_PREDICATE_HPP