| Neale Ranns | 812ed39 | 2017-10-16 04:20:13 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (c) 2017 Cisco and/or its affiliates. |
| 3 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 | * you may not use this file except in compliance with the License. |
| 5 | * You may obtain a copy of the License at: |
| 6 | * |
| 7 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | * |
| 9 | * Unless required by applicable law or agreed to in writing, software |
| 10 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 | * See the License for the specific language governing permissions and |
| 13 | * limitations under the License. |
| 14 | */ |
| 15 | |
| 16 | #ifndef __VOM_L3_ACL_RULE_H__ |
| 17 | #define __VOM_L3_ACL_RULE_H__ |
| 18 | |
| 19 | #include "vom/acl_types.hpp" |
| 20 | #include "vom/prefix.hpp" |
| 21 | |
| Neale Ranns | 812ed39 | 2017-10-16 04:20:13 -0700 | [diff] [blame] | 22 | namespace VOM { |
| 23 | namespace ACL { |
| 24 | /** |
| 25 | * An ACL rule is the building block of an ACL. An ACL, which is |
| 26 | * the object applied to an interface, is comprised of an ordersed |
| 27 | * sequence of ACL rules. |
| 28 | * This class is a wrapper around the VAPI generated struct and exports |
| 29 | * an API with better types. |
| 30 | */ |
| 31 | class l3_rule |
| 32 | { |
| 33 | public: |
| 34 | /** |
| 35 | * Construct a new object matching the desried state |
| 36 | */ |
| 37 | l3_rule(uint32_t priority, |
| 38 | const action_t& action, |
| 39 | const route::prefix_t& src, |
| 40 | const route::prefix_t& dst); |
| 41 | |
| 42 | /** |
| 43 | * Copy Constructor |
| 44 | */ |
| 45 | l3_rule(const l3_rule& o) = default; |
| 46 | |
| 47 | /** |
| 48 | * Destructor |
| 49 | */ |
| 50 | ~l3_rule() = default; |
| 51 | |
| 52 | /** |
| 53 | * convert to string format for debug purposes |
| 54 | */ |
| 55 | std::string to_string() const; |
| 56 | |
| 57 | /** |
| 58 | * less-than operator |
| 59 | */ |
| 60 | bool operator<(const l3_rule& rule) const; |
| 61 | |
| 62 | /** |
| 63 | * comparison operator (for testing) |
| 64 | */ |
| 65 | bool operator==(const l3_rule& rule) const; |
| 66 | |
| 67 | /** |
| Neale Ranns | 812ed39 | 2017-10-16 04:20:13 -0700 | [diff] [blame] | 68 | * Set Src Ip Address |
| 69 | */ |
| 70 | void set_src_ip(route::prefix_t src); |
| 71 | |
| 72 | /** |
| 73 | * Set Dst Ip Address |
| 74 | */ |
| 75 | void set_dst_ip(route::prefix_t dst); |
| 76 | |
| 77 | /** |
| 78 | *Set proto |
| 79 | */ |
| 80 | void set_proto(uint8_t proto); |
| 81 | |
| 82 | /** |
| 83 | * Set Src port or ICMP Type first |
| 84 | */ |
| 85 | void set_src_from_port(uint16_t srcport_or_icmptype_first); |
| 86 | |
| 87 | /** |
| 88 | * Set Src port or ICMP Type last |
| 89 | */ |
| 90 | void set_src_to_port(uint16_t srcport_or_icmptype_last); |
| 91 | |
| 92 | /** |
| 93 | * Set Dst port or ICMP code first |
| 94 | */ |
| 95 | void set_dst_from_port(uint16_t dstport_or_icmpcode_first); |
| 96 | |
| 97 | /** |
| 98 | * Set Dst port or ICMP code last |
| 99 | */ |
| 100 | void set_dst_to_port(uint16_t dstport_or_icmpcode_last); |
| 101 | |
| 102 | /** |
| 103 | * Set TCP flags mask |
| 104 | */ |
| 105 | void set_tcp_flags_mask(uint8_t tcp_flags_mask); |
| 106 | |
| 107 | /** |
| 108 | * Set TCP flags value |
| 109 | */ |
| 110 | void set_tcp_flags_value(uint8_t tcp_flags_value); |
| 111 | |
| Neale Ranns | 9ef1c0a | 2017-11-03 04:39:05 -0700 | [diff] [blame] | 112 | /** |
| 113 | * Getters |
| 114 | */ |
| 115 | const route::prefix_t& src() const; |
| 116 | uint32_t priority() const; |
| 117 | action_t action() const; |
| 118 | const route::prefix_t& dst() const; |
| 119 | uint8_t proto() const; |
| 120 | uint16_t srcport_or_icmptype_first() const; |
| 121 | uint16_t srcport_or_icmptype_last() const; |
| 122 | uint16_t dstport_or_icmpcode_first() const; |
| 123 | uint16_t dstport_or_icmpcode_last() const; |
| 124 | uint8_t tcp_flags_mask() const; |
| 125 | uint8_t tcp_flags_value() const; |
| 126 | |
| Neale Ranns | 812ed39 | 2017-10-16 04:20:13 -0700 | [diff] [blame] | 127 | private: |
| 128 | /** |
| 129 | * Priority. Used to sort the rules in a list in the order |
| 130 | * in which they are applied |
| 131 | */ |
| 132 | uint32_t m_priority; |
| 133 | |
| 134 | /** |
| 135 | * Action on match |
| 136 | */ |
| 137 | action_t m_action; |
| 138 | |
| 139 | /** |
| 140 | * Source Prefix |
| 141 | */ |
| 142 | route::prefix_t m_src; |
| 143 | |
| 144 | /** |
| 145 | * Destination Prefix |
| 146 | */ |
| 147 | route::prefix_t m_dst; |
| 148 | |
| 149 | /** |
| 150 | * L4 protocol. IANA number. 1 = ICMP, 58 = ICMPv6, 6 = TCP, 17 = |
| 151 | * UDP. |
| 152 | * 0 => ignore L4 and ignore the ports/tcpflags when matching. |
| 153 | */ |
| 154 | uint8_t m_proto; |
| 155 | |
| 156 | /** |
| 157 | * If the L4 protocol is TCP or UDP, the below |
| 158 | * hold ranges of ports, else if the L4 is ICMP/ICMPv6 |
| 159 | * they hold ranges of ICMP(v6) types/codes. |
| 160 | * |
| 161 | * Ranges are inclusive, i.e. to match "any" TCP/UDP port, |
| 162 | * use first=0,last=65535. For ICMP(v6), |
| 163 | * use first=0,last=255. |
| 164 | */ |
| 165 | uint16_t m_srcport_or_icmptype_first; |
| 166 | uint16_t m_srcport_or_icmptype_last; |
| 167 | uint16_t m_dstport_or_icmpcode_first; |
| 168 | uint16_t m_dstport_or_icmpcode_last; |
| 169 | |
| 170 | /* |
| 171 | * for proto = 6, this matches if the |
| 172 | * TCP flags in the packet, ANDed with tcp_flags_mask, |
| 173 | * is equal to tcp_flags_value. |
| 174 | */ |
| 175 | uint8_t m_tcp_flags_mask; |
| 176 | uint8_t m_tcp_flags_value; |
| 177 | }; |
| 178 | }; |
| 179 | }; |
| 180 | |
| 181 | /* |
| 182 | * fd.io coding-style-patch-verification: ON |
| 183 | * |
| 184 | * Local Variables: |
| 185 | * eval: (c-set-style "mozilla") |
| 186 | * End: |
| 187 | */ |
| 188 | |
| 189 | #endif |