softwarecontainer  0.18.0-739e8d7 2017-05-04
Data Structures | Public Types | Public Member Functions | Data Fields
softwarecontainer::IPTableEntry Class Reference

A rules entry for the treatment of packets. More...

#include <iptableentry.h>

Data Structures

struct  portFilter
 container for port filtering options. More...
 
struct  Rule
 Definition of a 'Rule' used to handle network traffic. More...
 

Public Types

enum  Target { INVALID_TARGET, ACCEPT, DROP, REJECT }
 Targets for Rules. More...
 

Public Member Functions

bool applyRules ()
 Applies all rules to iptables. More...
 
std::string interpretRule (Rule rule)
 Interprets a rule to iptables applicable string. More...
 
std::string interpretRuleWithProtocol (Rule rule, const std::string &protocol)
 Interprets a rule with protocol information to iptables applicable string. More...
 
std::string interpretPolicy (void)
 This function Interprets defaultTarget rule to iptables applicable policy string. More...
 
std::string toString ()
 Creates a string with information about the entry. More...
 

Data Fields

std::string m_type
 
std::vector< Rulem_rules
 
Target m_defaultTarget
 

Detailed Description

A rules entry for the treatment of packets.

Definition at line 29 of file iptableentry.h.

Member Enumeration Documentation

enum softwarecontainer::IPTableEntry::Target

Targets for Rules.

Definition at line 51 of file iptableentry.h.

52  {
53  INVALID_TARGET,
54  ACCEPT,
55  DROP,
56  REJECT
57  };

Member Function Documentation

bool softwarecontainer::IPTableEntry::applyRules ( )

Applies all rules to iptables.

Returns
true Upon success
false Upon failure

Definition at line 26 of file iptableentry.cpp.

References interpretPolicy(), interpretRule(), and interpretRuleWithProtocol().

27 {
28  for (auto rule : m_rules) {
29  if (rule.protocols.size()) {
30 
31  for (auto proto : rule.protocols) {
32  if (!insertCommand(interpretRuleWithProtocol(rule, proto))) {
33  std::cerr << "Couldn't apply the rule " << rule.target << std::endl;
34  return false;
35  }
36  }
37 
38  } else if (!insertCommand(interpretRule(rule))) {
39  std::cerr << "Couldn't apply the rule " << rule.target << std::endl;
40  return false;
41  }
42  }
43 
44  if (!insertCommand(interpretPolicy())) {
45  std::cerr << "Unable to set policy " << convertTarget(m_defaultTarget)
46  << " for " << m_type << std::endl;
47  return false;
48  }
49 
50  return true;
51 }
softwarecontainer::IPTableEntry::interpretRuleWithProtocol
std::string interpretRuleWithProtocol(Rule rule, const std::string &protocol)
Interprets a rule with protocol information to iptables applicable string.
Definition: iptableentry.cpp:69
softwarecontainer::IPTableEntry::interpretRule
std::string interpretRule(Rule rule)
Interprets a rule to iptables applicable string.
Definition: iptableentry.cpp:110
softwarecontainer::IPTableEntry::interpretPolicy
std::string interpretPolicy(void)
This function Interprets defaultTarget rule to iptables applicable policy string. ...
Definition: iptableentry.cpp:149

Here is the call graph for this function:

std::string softwarecontainer::IPTableEntry::interpretRule ( Rule  rule)

Interprets a rule to iptables applicable string.

Returns
string indicating interpreted rule

Definition at line 110 of file iptableentry.cpp.

Referenced by applyRules().

111 {
112  std::string iptableCommand = "iptables -A " + m_type;
113 
114  if (!rule.host.empty()) {
115  if (rule.host != "*") {
116  if ("INPUT" == m_type) {
117  iptableCommand = iptableCommand + " -s ";
118  } else {
119  iptableCommand = iptableCommand + " -d ";
120  }
121  iptableCommand = iptableCommand + rule.host ;
122  }
123  }
124 
125  if (rule.ports.any) {
126  if (rule.ports.multiport) {
127  iptableCommand = iptableCommand + " -p all --match multiport ";
128 
129  if ("INPUT" == m_type) {
130  iptableCommand = iptableCommand + "--sports " + rule.ports.ports;
131  } else {
132  iptableCommand = iptableCommand + "--dports " + rule.ports.ports;
133  }
134  } else {
135  iptableCommand = iptableCommand + " -p tcp ";
136  if ("INPUT" == m_type) {
137  iptableCommand = iptableCommand + "--sport " + rule.ports.ports;
138  } else {
139  iptableCommand = iptableCommand + "--dport " + rule.ports.ports;
140  }
141  }
142  }
143 
144  iptableCommand = iptableCommand + " -j " + convertTarget(rule.target);
145 
146  return iptableCommand;
147 }

Here is the caller graph for this function:

std::string softwarecontainer::IPTableEntry::interpretRuleWithProtocol ( Rule  rule,
const std::string &  protocol 
)

Interprets a rule with protocol information to iptables applicable string.

Returns
string indicating interpreted rule

Definition at line 69 of file iptableentry.cpp.

Referenced by applyRules().

70 {
71  std::string iptableCommand = "iptables -A " + m_type;
72 
73  if (!rule.host.empty()) {
74  if (rule.host != "*") {
75  if ("INPUT" == m_type) {
76  iptableCommand = iptableCommand + " -s ";
77  } else {
78  iptableCommand = iptableCommand + " -d ";
79  }
80  iptableCommand = iptableCommand + rule.host ;
81  }
82  }
83 
84  if (rule.ports.any) {
85  if (rule.ports.multiport) {
86  iptableCommand = iptableCommand + " -p " + protocol + " --match multiport ";
87 
88  if ("INPUT" == m_type) {
89  iptableCommand = iptableCommand + "--sports " + rule.ports.ports;
90  } else {
91  iptableCommand = iptableCommand + "--dports " + rule.ports.ports;
92  }
93  } else {
94  iptableCommand = iptableCommand + " -p " + protocol + " ";
95  if ("INPUT" == m_type) {
96  iptableCommand = iptableCommand + "--sport " + rule.ports.ports;
97  } else {
98  iptableCommand = iptableCommand + "--dport " + rule.ports.ports;
99  }
100  }
101  } else {
102  iptableCommand = iptableCommand + " -p " + protocol;
103  }
104 
105  iptableCommand = iptableCommand + " -j " + convertTarget(rule.target);
106 
107  return iptableCommand;
108 }

Here is the caller graph for this function:

std::string softwarecontainer::IPTableEntry::interpretPolicy ( void  )

This function Interprets defaultTarget rule to iptables applicable policy string.

defaultTarget indicates what happens to packets if they don't match to any rules. iptables apply this functionality with setting policy. The role of this function is converting defaultTarget configuration value to iptables policy

Returns
string indicating interpreted policy
empty string when interfered incompatible m_defaultTarget

Definition at line 149 of file iptableentry.cpp.

Referenced by applyRules().

150 {
151  if (m_defaultTarget != Target::ACCEPT && m_defaultTarget != Target::DROP) {
152  std::cerr << "Wrong default target : " << convertTarget(m_defaultTarget) << std::endl;
153  return "";
154  }
155  std::string iptableCommand = "iptables -P " + m_type + " " + convertTarget(m_defaultTarget);
156 
157  return iptableCommand;
158 }

Here is the caller graph for this function:

std::string softwarecontainer::IPTableEntry::toString ( )

Creates a string with information about the entry.

Definition at line 182 of file iptableentry.cpp.

183 {
184  return "IPTableEntry type: " + m_type;
185 }
The documentation for this class was generated from the following files: