mgmt: create Ethernet multicast faces according to whitelist/blacklist
Refs: #1712
Change-Id: Iaabaeaf58e460c86ca58f9099b5c2b904a5a5c93
diff --git a/core/network-interface-predicate.cpp b/core/network-interface-predicate.cpp
new file mode 100644
index 0000000..abb0029
--- /dev/null
+++ b/core/network-interface-predicate.cpp
@@ -0,0 +1,123 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2014-2016, Regents of the University of California,
+ * Arizona Board of Regents,
+ * Colorado State University,
+ * University Pierre & Marie Curie, Sorbonne University,
+ * Washington University in St. Louis,
+ * Beijing Institute of Technology,
+ * The University of Memphis.
+ *
+ * This file is part of NFD (Named Data Networking Forwarding Daemon).
+ * See AUTHORS.md for complete list of NFD authors and contributors.
+ *
+ * NFD is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation,
+ * either version 3 of the License, or (at your option) any later version.
+ *
+ * NFD is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * NFD, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "network-interface-predicate.hpp"
+
+#include "config-file.hpp"
+#include "network-interface.hpp"
+#include "network.hpp"
+
+namespace nfd {
+
+NetworkInterfacePredicate::NetworkInterfacePredicate()
+{
+ this->clear();
+}
+
+void
+NetworkInterfacePredicate::clear()
+{
+ m_whitelist = std::set<std::string>{"*"};
+ m_blacklist.clear();
+}
+
+static void
+parseList(std::set<std::string>& set, const boost::property_tree::ptree& list, const std::string& section)
+{
+ set.clear();
+
+ for (const auto& item : list) {
+ if (item.first == "*") {
+ // insert wildcard
+ set.insert(item.first);
+ }
+ else if (item.first == "ifname") {
+ // very basic sanity check for interface names
+ auto name = item.second.get_value<std::string>();
+ if (name.empty()) {
+ BOOST_THROW_EXCEPTION(ConfigFile::Error("Empty interface name in \"" + section + "\" section"));
+ }
+ set.insert(name);
+ }
+ else if (item.first == "ether") {
+ // validate ethernet address
+ auto addr = item.second.get_value<std::string>();
+ if (ethernet::Address::fromString(addr).isNull()) {
+ BOOST_THROW_EXCEPTION(ConfigFile::Error("Malformed ether address \"" + addr +
+ "\" in \"" + section + "\" section"));
+ }
+ set.insert(addr);
+ }
+ else if (item.first == "subnet") {
+ // example subnet: 10.0.0.0/8
+ auto cidr = item.second.get_value<std::string>();
+ if (!Network::isValidCidr(cidr)) {
+ BOOST_THROW_EXCEPTION(ConfigFile::Error("Malformed subnet declaration \"" + cidr +
+ "\" in \"" + section + "\" section"));
+ }
+ set.insert(cidr);
+ }
+ }
+}
+
+void
+NetworkInterfacePredicate::parseWhitelist(const boost::property_tree::ptree& list)
+{
+ parseList(m_whitelist, list, "whitelist");
+}
+
+void
+NetworkInterfacePredicate::parseBlacklist(const boost::property_tree::ptree& list)
+{
+ parseList(m_blacklist, list, "blacklist");
+}
+
+static bool
+doesMatchRule(const NetworkInterfaceInfo& nic, const std::string& rule)
+{
+ // if / is in rule, this is a subnet, check if IP in subnet
+
+ if (boost::contains(rule, "/")) {
+ Network n = boost::lexical_cast<Network>(rule);
+ for (const auto& addr : nic.ipv4Addresses) {
+ if (n.doesContain(addr)) {
+ return true;
+ }
+ }
+ }
+
+ return rule == "*" ||
+ nic.name == rule ||
+ nic.etherAddress.toString() == rule;
+}
+
+bool
+NetworkInterfacePredicate::operator()(const NetworkInterfaceInfo& nic) const
+{
+ return std::any_of(m_whitelist.begin(), m_whitelist.end(), bind(&doesMatchRule, nic, _1)) &&
+ std::none_of(m_blacklist.begin(), m_blacklist.end(), bind(&doesMatchRule, nic, _1));
+}
+
+} // namespace nfd
diff --git a/core/network-interface-predicate.hpp b/core/network-interface-predicate.hpp
new file mode 100644
index 0000000..4254623
--- /dev/null
+++ b/core/network-interface-predicate.hpp
@@ -0,0 +1,72 @@
+/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
+/**
+ * Copyright (c) 2014-2016, Regents of the University of California,
+ * Arizona Board of Regents,
+ * Colorado State University,
+ * University Pierre & Marie Curie, Sorbonne University,
+ * Washington University in St. Louis,
+ * Beijing Institute of Technology,
+ * The University of Memphis
+ *
+ * This file is part of NFD (Named Data Networking Forwarding Daemon).
+ * See AUTHORS.md for complete list of NFD authors and contributors.
+ *
+ * NFD is free software: you can redistribute it and/or modify it under the terms
+ * of the GNU General Public License as published by the Free Software Foundation,
+ * either version 3 of the License, or (at your option) any later version.
+ *
+ * NFD is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
+ * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+ * PURPOSE. See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * NFD, e.g., in COPYING.md file. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef NFD_CORE_NETWORK_INTERFACE_PREDICATE_HPP
+#define NFD_CORE_NETWORK_INTERFACE_PREDICATE_HPP
+
+#include "common.hpp"
+
+namespace nfd {
+
+class NetworkInterfaceInfo;
+
+/**
+ * \brief Represents a predicate to accept or reject a NetworkInterfaceInfo.
+ *
+ * The predicate consists of a whitelist and a blacklist. Whitelist and blacklist can contain,
+ * in no particular order, interface names (e.g., ifname eth0), mac addresses
+ * (e.g., ether 85:3b:4d:d3:5f:c2), subnets (e.g., subnet 192.0.2.0/24) or a wildcard (*) that matches
+ * all interfaces. A NetworkInterfaceInfo is accepted if it matches any entry in the whitelist and none
+ * of the entries in the blacklist.
+ */
+
+class NetworkInterfacePredicate
+{
+public:
+ NetworkInterfacePredicate();
+
+ /**
+ * \brief Set the whitelist to "*" and clear the blacklist
+ */
+ void
+ clear();
+
+ void
+ parseWhitelist(const boost::property_tree::ptree& list);
+
+ void
+ parseBlacklist(const boost::property_tree::ptree& list);
+
+ bool
+ operator()(const NetworkInterfaceInfo& nic) const;
+
+private:
+ std::set<std::string> m_whitelist;
+ std::set<std::string> m_blacklist;
+};
+
+} // namespace nfd
+
+#endif // NFD_CORE_NETWORK_INTERFACE_PREDICATE_HPP
diff --git a/core/network.cpp b/core/network.cpp
index b9a6c36..465e246 100644
--- a/core/network.cpp
+++ b/core/network.cpp
@@ -1,12 +1,12 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014, Regents of the University of California,
- * Arizona Board of Regents,
- * Colorado State University,
- * University Pierre & Marie Curie, Sorbonne University,
- * Washington University in St. Louis,
- * Beijing Institute of Technology,
- * The University of Memphis
+ * Copyright (c) 2014-2016, Regents of the University of California,
+ * Arizona Board of Regents,
+ * Colorado State University,
+ * University Pierre & Marie Curie, Sorbonne University,
+ * Washington University in St. Louis,
+ * Beijing Institute of Technology,
+ * The University of Memphis
*
* This file is part of NFD (Named Data Networking Forwarding Daemon).
* See AUTHORS.md for complete list of NFD authors and contributors.
@@ -51,8 +51,33 @@
return range;
}
-//////////////////////////////////////////////////////////////////////
-//////////////////////////////////////////////////////////////////////
+bool
+Network::isValidCidr(const std::string& cidr)
+{
+ std::vector<std::string> splitCidr;
+ boost::split(splitCidr, cidr, boost::is_any_of("/"));
+ if (splitCidr.size() != 2) {
+ return false;
+ }
+
+ auto network = splitCidr[0];
+ auto mask = splitCidr[1];
+ auto netmask = 0;
+ if (mask.length() <= 0) {
+ return false;
+ }
+ if (!std::all_of(mask.begin(), mask.end(), ::isdigit)) {
+ return false;
+ }
+
+ netmask = boost::lexical_cast<int>(splitCidr[1]);
+ boost::system::error_code invalidIP;
+ boost::asio::ip::address_v4::from_string(network, invalidIP);
+ if (invalidIP || netmask < 0 || netmask > 32) {
+ return false;
+ }
+ return true;
+}
std::ostream&
operator<<(std::ostream& os, const Network& network)
diff --git a/core/network.hpp b/core/network.hpp
index 1c0f6d3..2949324 100644
--- a/core/network.hpp
+++ b/core/network.hpp
@@ -1,12 +1,12 @@
/* -*- Mode:C++; c-file-style:"gnu"; indent-tabs-mode:nil; -*- */
/**
- * Copyright (c) 2014, Regents of the University of California,
- * Arizona Board of Regents,
- * Colorado State University,
- * University Pierre & Marie Curie, Sorbonne University,
- * Washington University in St. Louis,
- * Beijing Institute of Technology,
- * The University of Memphis
+ * Copyright (c) 2014-2016, Regents of the University of California,
+ * Arizona Board of Regents,
+ * Colorado State University,
+ * University Pierre & Marie Curie, Sorbonne University,
+ * Washington University in St. Louis,
+ * Beijing Institute of Technology,
+ * The University of Memphis
*
* This file is part of NFD (Named Data Networking Forwarding Daemon).
* See AUTHORS.md for complete list of NFD authors and contributors.
@@ -29,6 +29,7 @@
#include <boost/asio.hpp>
#include <boost/utility/value_init.hpp>
#include <boost/lexical_cast.hpp>
+#include <boost/algorithm/string.hpp>
namespace nfd {
@@ -55,6 +56,9 @@
return (m_minAddress <= address && address <= m_maxAddress);
}
+ static bool
+ isValidCidr(const std::string& cidr);
+
static const Network&
getMaxRangeV4();