xorp

firewall_set_netfilter.hh

00001 // -*- c-basic-offset: 4; tab-width: 8; indent-tabs-mode: t -*-
00002 
00003 // Copyright (c) 2001-2011 XORP, Inc and Others
00004 //
00005 // This program is free software; you can redistribute it and/or modify
00006 // it under the terms of the GNU General Public License, Version 2, June
00007 // 1991 as published by the Free Software Foundation. Redistribution
00008 // and/or modification of this program under the terms of any other
00009 // version of the GNU General Public License is not permitted.
00010 // 
00011 // This program is distributed in the hope that it will be useful, but
00012 // WITHOUT ANY WARRANTY; without even the implied warranty of
00013 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For more details,
00014 // see the GNU General Public License, Version 2, a copy of which can be
00015 // found in the XORP LICENSE.gpl file.
00016 // 
00017 // XORP Inc, 2953 Bunker Hill Lane, Suite 204, Santa Clara, CA 95054, USA;
00018 // http://xorp.net
00019 
00020 // $XORP: xorp/fea/data_plane/firewall/firewall_set_netfilter.hh,v 1.5 2008/10/02 21:57:03 bms Exp $
00021 
00022 #ifndef __FEA_DATA_PLANE_FIREWALL_FIREWALL_SET_NETFILTER_HH__
00023 #define __FEA_DATA_PLANE_FIREWALL_FIREWALL_SET_NETFILTER_HH__
00024 
00025 
00026 
00027 #include "fea/firewall_set.hh"
00028 
00029 
00030 class FirewallSetNetfilter : public FirewallSet {
00031 public:
00032     // Firewall entries trie indexed by rule number
00033     typedef map<uint32_t, FirewallEntry> FirewallTrie;
00034 
00041     FirewallSetNetfilter(FeaDataPlaneManager& fea_data_plane_manager);
00042 
00046     virtual ~FirewallSetNetfilter();
00047 
00054     virtual int start(string& error_msg);
00055     
00062     virtual int stop(string& error_msg);
00063 
00073     virtual int update_entries(const list<FirewallEntry>& added_entries,
00074                    const list<FirewallEntry>& replaced_entries,
00075                    const list<FirewallEntry>& deleted_entries,
00076                    string& error_msg);
00077 
00086     virtual int set_table4(const list<FirewallEntry>& firewall_entry_list,
00087                string& error_msg);
00088 
00095     virtual int delete_all_entries4(string& error_msg);
00096 
00105     virtual int set_table6(const list<FirewallEntry>& firewall_entry_list,
00106                string& error_msg);
00107 
00114     virtual int delete_all_entries6(string& error_msg);
00115 
00116 private:
00124     virtual int add_entry(const FirewallEntry& firewall_entry,
00125               string& error_msg);
00126 
00134     virtual int replace_entry(const FirewallEntry& firewall_entry,
00135                   string& error_msg);
00136 
00144     virtual int delete_entry(const FirewallEntry& firewall_entry,
00145                  string& error_msg);
00146 
00157     int encode_chain4(const string& chain_name,
00158               vector<uint8_t>& buffer,
00159               size_t& next_data_index,
00160               string& error_msg);
00161 
00172     int encode_chain6(const string& chain_name,
00173               vector<uint8_t>& buffer,
00174               size_t& next_data_index,
00175               string& error_msg);
00176 
00187     int encode_entry4(const FirewallEntry& firewall_entry,
00188               vector<uint8_t>& buffer,
00189               size_t& next_data_index,
00190               string& error_msg);
00191 
00202     int encode_entry6(const FirewallEntry& firewall_entry,
00203               vector<uint8_t>& buffer,
00204               size_t& next_data_index,
00205               string& error_msg);
00206 
00213     int push_entries4(string& error_msg);
00214 
00221     int push_entries6(string& error_msg);
00222 
00223     int     _s4;        // The socket for IPv4 firewall access
00224     int     _s6;        // The socket for IPv6 firewall access
00225 
00226     // The locally saved firewall entries
00227     FirewallTrie    _firewall_entries4;
00228     FirewallTrie    _firewall_entries6;
00229 
00230     // Misc. local state
00231     size_t      _num_entries;
00232     size_t      _head_offset;
00233     size_t      _foot_offset;
00234 
00235     static const string _netfilter_table_name;  // The NETFILTER table name
00236     static const string _netfilter_match_tcp;   // The TCP match name
00237     static const string _netfilter_match_udp;   // The UDP match name
00238     static const string _netfilter_chain_input; // The INPUT chain name
00239     static const string _netfilter_chain_forward; // The FORWARD chain name
00240     static const string _netfilter_chain_output; // The OUTPUT chain name
00241 };
00242 
00243 #endif // __FEA_DATA_PLANE_FIREWALL_FIREWALL_SET_NETFILTER_HH__
 All Classes Namespaces Functions Variables Typedefs Enumerations