From 0a1c6b5565e20167d1f1f33a5a8b597f420b18b0 Mon Sep 17 00:00:00 2001 From: Jordan Augé Date: Fri, 26 Jul 2019 23:20:30 +0200 Subject: [HICN-252] Add per-application policy framework to hicn-light forwarder MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Change-Id: I0531cd7a7de179581295ae34766c81cd9cf3e172 Signed-off-by: Jordan Augé Signed-off-by: Mauro Sardara Co-authored-by: Mauro Sardara --- hicn-light/src/hicn/config/controlAddPolicy.c | 175 ++++++++++++++++++++++++++ 1 file changed, 175 insertions(+) create mode 100644 hicn-light/src/hicn/config/controlAddPolicy.c (limited to 'hicn-light/src/hicn/config/controlAddPolicy.c') diff --git a/hicn-light/src/hicn/config/controlAddPolicy.c b/hicn-light/src/hicn/config/controlAddPolicy.c new file mode 100644 index 000000000..9bca3355e --- /dev/null +++ b/hicn-light/src/hicn/config/controlAddPolicy.c @@ -0,0 +1,175 @@ +/* + * Copyright (c) 2017-2019 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifdef WITH_POLICY + +#include + +#include +#include +#include +#include +#include + +#include + +#include +#include + +#include + +#include +#include +#include + +static CommandReturn _controlAddPolicy_Execute(CommandParser *parser, + CommandOps *ops, PARCList *args); +static CommandReturn _controlAddPolicy_HelpExecute(CommandParser *parser, + CommandOps *ops, + PARCList *args); + +static const char *_commandAddPolicy = "add policy"; +static const char *_commandAddPolicyHelp = "help add policy"; + +CommandOps *controlAddPolicy_Create(ControlState *state) { + return commandOps_Create(state, _commandAddPolicy, NULL, + _controlAddPolicy_Execute, commandOps_Destroy); +} + +CommandOps *controlAddPolicy_HelpCreate(ControlState *state) { + return commandOps_Create(state, _commandAddPolicyHelp, NULL, + _controlAddPolicy_HelpExecute, commandOps_Destroy); +} + +// ==================================================== + +static CommandReturn _controlAddPolicy_HelpExecute(CommandParser *parser, + CommandOps *ops, + PARCList *args) { + printf("commands:\n"); + printf(" add policy " + #define _(x, y) " FLAG:%s" + foreach_policy_tag + #undef _ + "%s", + #define _(x, y) policy_tag_str[POLICY_TAG_ ## x], + foreach_policy_tag + #undef _ + "\n"); + printf("\n"); + printf( + " prefix: The hicn name as IPv4 or IPv6 address (e.g 1234::0/64)\n"); + printf(" app_name: The application name associated to this policy\n"); + printf(" FLAG:*: A value among [neutral|require|prefer|avoid|prohibit] with an optional '!' character prefix for disabling changes\n"); + printf("\n"); + return CommandReturn_Success; +} + +static CommandReturn _controlAddPolicy_Execute(CommandParser *parser, + CommandOps *ops, PARCList *args) { + ControlState *state = ops->closure; + + if (parcList_Size(args) != 11) { + _controlAddPolicy_HelpExecute(parser, ops, args); + return CommandReturn_Failure; + } + + const char *prefixStr = parcList_GetAtIndex(args, 2); + char *addr = (char *)malloc((strlen(prefixStr) + 1) * sizeof(char)); + + // separate address and len + char *slash; + uint32_t len = 0; + strcpy(addr, prefixStr); + slash = strrchr(addr, '/'); + if (slash != NULL) { + len = atoi(slash + 1); + *slash = '\0'; + } + + // allocate command payload + add_policy_command *addPolicyCommand = + parcMemory_AllocateAndClear(sizeof(add_policy_command)); + + // check and set IP address + if (inet_pton(AF_INET, addr, &addPolicyCommand->address.ipv4) == 1) { + if (len > 32) { + printf("ERROR: exceeded INET mask length, max=32\n"); + parcMemory_Deallocate(&addPolicyCommand); + free(addr); + return CommandReturn_Failure; + } + addPolicyCommand->addressType = ADDR_INET; + } else if (inet_pton(AF_INET6, addr, &addPolicyCommand->address.ipv6) == 1) { + if (len > 128) { + printf("ERROR: exceeded INET6 mask length, max=128\n"); + parcMemory_Deallocate(&addPolicyCommand); + free(addr); + return CommandReturn_Failure; + } + addPolicyCommand->addressType = ADDR_INET6; + } else { + printf("Error: %s is not a valid network address \n", addr); + parcMemory_Deallocate(&addPolicyCommand); + free(addr); + return CommandReturn_Failure; + } + + free(addr); + + addPolicyCommand->len = len; + + policy_t policy; + snprintf((char*)policy.app_name, APP_NAME_LEN, "%s", (char*)parcList_GetAtIndex(args, 3)); + for (int i=4; i < 11; i++) { + const char *tag = parcList_GetAtIndex(args, i); + policy_tag_state_t tag_state; + tag_state.disabled = (tag[0] == '!') ? 1 : 0; + if (strcmp(&tag[tag_state.disabled], "neutral") == 0) { + tag_state.state = POLICY_STATE_NEUTRAL; + } else if (strcmp(&tag[tag_state.disabled], "require") == 0) { + tag_state.state = POLICY_STATE_REQUIRE; + } else if (strcmp(&tag[tag_state.disabled], "prefer") == 0) { + tag_state.state = POLICY_STATE_PREFER; + } else if (strcmp(&tag[tag_state.disabled], "avoid") == 0) { + tag_state.state = POLICY_STATE_AVOID; + } else if (strcmp(&tag[tag_state.disabled], "prohibit") == 0) { + tag_state.state = POLICY_STATE_PROHIBIT; + } else { + printf("ERROR: invalid tag value '%s'\n", tag); + parcMemory_Deallocate(&addPolicyCommand); + free(addr); + return CommandReturn_Failure; + } + + policy.tags[i-4] = tag_state; + + } + + addPolicyCommand->policy = policy; + + // send message and receive response + struct iovec *response = utils_SendRequest(state, ADD_POLICY, addPolicyCommand, + sizeof(add_policy_command)); + + if (!response) { // get NULL pointer + return CommandReturn_Failure; + } + + parcMemory_Deallocate(&response); // free iovec pointer + return CommandReturn_Success; +} + +#endif /* WITH_POLICY */ -- cgit 1.2.3-korg