xorp

firewall_manager.hh

00001 // -*- c-basic-offset: 4; tab-width: 8; indent-tabs-mode: t -*-
00002 
00003 // Copyright (c) 2008-2011 XORP, Inc and Others
00004 //
00005 // This program is free software; you can redistribute it and/or modify
00006 // it under the terms of the GNU General Public License, Version 2, June
00007 // 1991 as published by the Free Software Foundation. Redistribution
00008 // and/or modification of this program under the terms of any other
00009 // version of the GNU General Public License is not permitted.
00010 // 
00011 // This program is distributed in the hope that it will be useful, but
00012 // WITHOUT ANY WARRANTY; without even the implied warranty of
00013 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For more details,
00014 // see the GNU General Public License, Version 2, a copy of which can be
00015 // found in the XORP LICENSE.gpl file.
00016 // 
00017 // XORP Inc, 2953 Bunker Hill Lane, Suite 204, Santa Clara, CA 95054, USA;
00018 // http://xorp.net
00019 
00020 
00021 #ifndef __FEA_FIREWALL_MANAGER_HH__
00022 #define __FEA_FIREWALL_MANAGER_HH__
00023 
00024 #include "libxorp/ipv4net.hh"
00025 #include "libxorp/ipv6net.hh"
00026 #include "libxorp/status_codes.h"
00027 #include "libxorp/transaction.hh"
00028 
00029 
00030 
00031 #include "firewall_entry.hh"
00032 #include "firewall_get.hh"
00033 #include "firewall_set.hh"
00034 
00035 class EventLoop;
00036 class FeaNode;
00037 class FirewallTransactionManager;
00038 
00039 
00043 class FirewallManager {
00044 public:
00051     FirewallManager(FeaNode& fea_node, const IfTree& iftree);
00052 
00056     virtual ~FirewallManager();
00057 
00063     EventLoop& eventloop() { return _eventloop; }
00064 
00070     const IfTree& iftree() const { return _iftree; }
00071 
00078     ProcessStatus status(string& reason) const;
00079 
00087     int start_transaction(uint32_t& tid, string& error_msg);
00088 
00096     int commit_transaction(uint32_t tid, string& error_msg);
00097 
00105     int abort_transaction(uint32_t tid, string& error_msg);
00106 
00115     int add_transaction_operation(uint32_t tid,
00116                   const TransactionManager::Operation& op,
00117                   string& error_msg);
00118 
00127     int register_firewall_get(FirewallGet* firewall_get, bool is_exclusive);
00128 
00135     int unregister_firewall_get(FirewallGet* firewall_get);
00136 
00145     int register_firewall_set(FirewallSet* firewall_set, bool is_exclusive);
00146 
00153     int unregister_firewall_set(FirewallSet* firewall_set);
00154 
00161     int start(string& error_msg);
00162     
00169     int stop(string& error_msg);
00170 
00179     int add_entry(const FirewallEntry& firewall_entry, string& error_msg);
00180 
00189     int replace_entry(const FirewallEntry& firewall_entry, string& error_msg);
00190 
00199     int delete_entry(const FirewallEntry& firewall_entry, string& error_msg);
00200 
00209     int set_table4(const list<FirewallEntry>& firewall_entry_list,
00210            string& error_msg);
00211 
00220     int set_table6(const list<FirewallEntry>& firewall_entry_list,
00221            string& error_msg);
00222 
00229     int delete_all_entries4(string& error_msg);
00230 
00237     int delete_all_entries6(string& error_msg);
00238 
00247     int get_table4(list<FirewallEntry>& firewall_entry_list,
00248            string& error_msg);
00249 
00258     int get_table6(list<FirewallEntry>& firewall_entry_list,
00259            string& error_msg);
00260 
00269     int get_entry_list_start4(uint32_t& token, bool& more, string& error_msg);
00270 
00279     int get_entry_list_start6(uint32_t& token, bool& more, string& error_msg);
00280 
00290     int get_entry_list_next4(uint32_t   token,
00291                  FirewallEntry& firewall_entry,
00292                  bool&  more,
00293                  string&    error_msg);
00294 
00304     int get_entry_list_next6(uint32_t   token,
00305                  FirewallEntry& firewall_entry,
00306                  bool&  more,
00307                  string&    error_msg);
00308 
00314     void delete_browse_state(uint32_t token);
00315 
00316 private:
00323     int update_entries(string& error_msg);
00324 
00325     class BrowseState {
00326     public:
00327     BrowseState(FirewallManager& firewall_manager, uint32_t token)
00328         : _firewall_manager(firewall_manager), _token(token),
00329           _next_entry_iter(_snapshot.begin()) {}
00330 
00331     int get_entry_list_start4(bool& more, string& error_msg);
00332     int get_entry_list_start6(bool& more, string& error_msg);
00333     int get_entry_list_next4(FirewallEntry& firewall_entry,
00334                  bool&      more,
00335                  string&    error_msg);
00336     int get_entry_list_next6(FirewallEntry& firewall_entry,
00337                  bool&      more,
00338                  string&    error_msg);
00339 
00340     private:
00341     enum {
00342         BROWSE_TIMEOUT_MS = 15000       // XXX: 15 seconds
00343     };
00344 
00348     void schedule_timer();
00349 
00353     void timeout();
00354 
00355     FirewallManager&    _firewall_manager;
00356     uint32_t        _token;
00357     list<FirewallEntry> _snapshot;
00358     list<FirewallEntry>::iterator _next_entry_iter;
00359     XorpTimer   _timeout_timer;
00360     };
00361 
00365     void generate_token();
00366 
00367     FeaNode&                _fea_node;
00368     EventLoop&              _eventloop;
00369     const IfTree&           _iftree;
00370 
00371     //
00372     // The firewall transaction manager
00373     //
00374     FirewallTransactionManager*     _ftm;
00375 
00376     //
00377     // The registered plugins
00378     //
00379     list<FirewallGet*>          _firewall_gets;
00380     list<FirewallSet*>          _firewall_sets;
00381 
00382     //
00383     // State browsing information
00384     //
00385     uint32_t            _next_token;
00386     map<uint32_t, BrowseState *> _browse_db;
00387 
00388     //
00389     // State for collecting and updating the firewall entries
00390     //
00391     list<FirewallEntry>     _added_entries;
00392     list<FirewallEntry>     _replaced_entries;
00393     list<FirewallEntry>     _deleted_entries;
00394 
00395     //
00396     // Misc other state
00397     //
00398     bool    _is_running;
00399 };
00400 
00401 #endif // __FEA_FIREWALL_MANAGER_HH__
 All Classes Namespaces Functions Variables Typedefs Enumerations