-converting regular expressions of vpn/pt to non-binary format and adding proper policy parsing

author: Christian Grothoff <christian@grothoff.org> 2013-10-26 14:34:39 +0000
committer: Christian Grothoff <christian@grothoff.org> 2013-10-26 14:34:39 +0000
commit: 0c9ca79b2eb820c3266e9117f3ba9179cbdc2ff1 (patch)
tree: 434cab0d8aa45a4edc2cf9bd91c89bf3f2d5061b /src/include
parent: aeb922926c639ffdd992f96cd125e47bb0e2c301 (diff)
download: gnunet-0c9ca79b2eb820c3266e9117f3ba9179cbdc2ff1.tar.gz
gnunet-0c9ca79b2eb820c3266e9117f3ba9179cbdc2ff1.zip
2 files changed, 71 insertions, 28 deletions
diff --git a/src/include/gnunet_strings_lib.h b/src/include/gnunet_strings_lib.h
index e0a299ac3..8bb8cfb06 100644
--- a/src/include/gnunet_strings_lib.h
+++ b/src/include/gnunet_strings_lib.h
@@ -471,6 +471,28 @@ GNUNET_STRINGS_get_utf8_args (int argc,
 /* ***************** IPv4/IPv6 parsing ****************** */
+struct GNUNET_STRINGS_PortPolicy
+{
+  /**
+   * Starting port range (0 if none given).
+   */
+  uint16_t start_port;
+  /**
+   * End of port range (0 if none given).
+   */
+  uint16_t end_port;
+  /**
+   * #GNUNET_YES if the port range should be negated
+   * ("!" in policy).
+   */
+  int negate_portrange;
+};
 /**
 * @brief IPV4 network in CIDR notation.
 */
@@ -485,10 +507,16 @@ struct GNUNET_STRINGS_IPv4NetworkPolicy
   * IPv4 netmask.
   */
  struct in_addr netmask;
+  /**
+   * Policy for port access.
+   */
+  struct GNUNET_STRINGS_PortPolicy pp;
 };
-/**
+/**
 * @brief network in CIDR notation for IPV6.
 */
 struct GNUNET_STRINGS_IPv6NetworkPolicy
@@ -502,30 +530,37 @@ struct GNUNET_STRINGS_IPv6NetworkPolicy
   * IPv6 netmask.
   */
  struct in6_addr netmask;
+  /**
+   * Policy for port access.
+   */
+  struct GNUNET_STRINGS_PortPolicy pp;
 };
 /**
 * Parse an IPv4 network policy. The argument specifies a list of
- * subnets. The format is <tt>[network/netmask;]*</tt> (no whitespace,
+ * subnets. The format is <tt>(network[/netmask][:[!]SPORT-DPORT];)*</tt>
- * must be terminated with a semicolon). The network must be given in
+ * (no whitespace, must be terminated with a semicolon). The network
- * dotted-decimal notation. The netmask can be given in CIDR notation
+ * must be given in dotted-decimal notation. The netmask can be given
- * (/16) or in dotted-decimal (/255.255.0.0).
+ * in CIDR notation (/16) or in dotted-decimal (/255.255.0.0).
 *
- * @param routeList a string specifying the IPv4 subnets
+ * @param routeListX a string specifying the IPv4 subnets
 * @return the converted list, terminated with all zeros;
 *         NULL if the synatx is flawed
 */
 struct GNUNET_STRINGS_IPv4NetworkPolicy *
-GNUNET_STRINGS_parse_ipv4_policy (const char *routeList);
+GNUNET_STRINGS_parse_ipv4_policy (const char *routeListX);
 /**
 * Parse an IPv6 network policy. The argument specifies a list of
- * subnets. The format is <tt>[network/netmask;]*</tt> (no whitespace,
+ * subnets. The format is <tt>(network[/netmask[:[!]SPORT[-DPORT]]];)*</tt>
- * must be terminated with a semicolon). The network must be given in
+ * (no whitespace, must be terminated with a semicolon). The network
- * colon-hex notation.  The netmask must be given in CIDR notation
+ * must be given in colon-hex notation.  The netmask must be given in
- * (/16) or can be omitted to specify a single host.
+ * CIDR notation (/16) or can be omitted to specify a single host.
+ * Note that the netmask is mandatory if ports are specified.
 *
 * @param routeListX a string specifying the policy
 * @return the converted list, 0-terminated, NULL if the synatx is flawed
diff --git a/src/include/gnunet_tun_lib.h b/src/include/gnunet_tun_lib.h
index 17cec8d12..efadc4d14 100644
--- a/src/include/gnunet_tun_lib.h
+++ b/src/include/gnunet_tun_lib.h
@@ -47,15 +47,21 @@
 /**
- * Maximum regex string length for use with GNUNET_TUN_ipv4toregexsearch
+ * Maximum regex string length for use with #GNUNET_TUN_ipv4toregexsearch.
+ *
+ * 8 bytes for IPv4, 4 bytes for port, 1 byte for "4", 2 bytes for "-",
+ * one byte for 0-termination.
 */
-#define GNUNET_TUN_IPV4_REGEXLEN 32 + 6
+#define GNUNET_TUN_IPV4_REGEXLEN 16
 /**
- * Maximum regex string length for use with GNUNET_TUN_ipv6toregexsearch
+ * Maximum regex string length for use with #GNUNET_TUN_ipv6toregexsearch
+ *
+ * 32 bytes for IPv4, 4 bytes for port, 1 byte for "4", 2 bytes for "-",
+ * one byte for 0-termination.
 */
-#define GNUNET_TUN_IPV6_REGEXLEN 128 + 6
+#define GNUNET_TUN_IPV6_REGEXLEN 40
 GNUNET_NETWORK_STRUCT_BEGIN
@@ -653,8 +659,8 @@ struct GNUNET_TUN_DnsRecordLine
 * ICMP header.
 */
 struct GNUNET_TUN_IcmpHeader {
-  uint8_t type;         
+  uint8_t type;
-  uint8_t code;         
+  uint8_t code;
  uint16_t crc GNUNET_PACKED;
  union {
@@ -677,8 +683,8 @@ struct GNUNET_TUN_IcmpHeader {
    /**
     * ICMP Redirect
-     */ 
+     */
-    struct in_addr redirect_gateway_address GNUNET_PACKED;      
+    struct in_addr redirect_gateway_address GNUNET_PACKED;
    /**
     * MTU for packets that are too big (IPv6).
@@ -775,7 +781,7 @@ GNUNET_TUN_calculate_udp4_checksum (const struct GNUNET_TUN_IPv4Header *ip,
 * @param ip ipv6 header fully initialized
 * @param udp UDP header (initialized except for CRC)
 * @param payload the UDP payload
- * @param payload_length number of bytes of UDP payload
+ * @param payload_length number of bytes of @a payload
 */
 void
 GNUNET_TUN_calculate_udp6_checksum (const struct GNUNET_TUN_IPv6Header *ip,
@@ -789,7 +795,7 @@ GNUNET_TUN_calculate_udp6_checksum (const struct GNUNET_TUN_IPv6Header *ip,
 *
 * @param icmp IMCP header (initialized except for CRC)
 * @param payload the ICMP payload
- * @param payload_length number of bytes of ICMP payload
+ * @param payload_length number of bytes of @a payload
 */
 void
 GNUNET_TUN_calculate_icmp_checksum (struct GNUNET_TUN_IcmpHeader *icmp,
@@ -798,29 +804,31 @@ GNUNET_TUN_calculate_icmp_checksum (struct GNUNET_TUN_IcmpHeader *icmp,
 /**
- * Create a regex in @a rxstr from the given @a ip and @a netmask.
+ * Create a regex in @a rxstr from the given @a ip and @a port.
 *
 * @param ip IPv4 representation.
- * @param netmask netmask for the ip.
+ * @param port destination port
 * @param rxstr generated regex, must be at least #GNUNET_TUN_IPV4_REGEXLEN
 *              bytes long.
 */
 void
-GNUNET_TUN_ipv4toregexsearch (const struct in_addr *ip, const char *netmask,
+GNUNET_TUN_ipv4toregexsearch (const struct in_addr *ip,
-                        char *rxstr);
+                              uint16_t port,
+                              char *rxstr);
 /**
- * Create a regex in @a rxstr from the given @a ipv6 and @a prefixlen.
+ * Create a regex in @a rxstr from the given @a ipv6 and @a port.
 *
 * @param ipv6 IPv6 representation.
- * @param prefixlen length of the ipv6 prefix.
+ * @param port destination port
 * @param rxstr generated regex, must be at least #GNUNET_TUN_IPV6_REGEXLEN
 *              bytes long.
 */
 void
 GNUNET_TUN_ipv6toregexsearch (const struct in6_addr *ipv6,
-                        unsigned int prefixlen, char *rxstr);
+                              uint16_t port,
+                              char *rxstr);
 /**
author	Christian Grothoff <christian@grothoff.org>	2013-10-26 14:34:39 +0000
committer	Christian Grothoff <christian@grothoff.org>	2013-10-26 14:34:39 +0000
commit	0c9ca79b2eb820c3266e9117f3ba9179cbdc2ff1 (patch)
tree	434cab0d8aa45a4edc2cf9bd91c89bf3f2d5061b /src/include
parent	aeb922926c639ffdd992f96cd125e47bb0e2c301 (diff)
download	gnunet-0c9ca79b2eb820c3266e9117f3ba9179cbdc2ff1.tar.gz gnunet-0c9ca79b2eb820c3266e9117f3ba9179cbdc2ff1.zip