1 /* 2 * Copyright (c) 2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef NETMANAGER_EXT_NET_FIREWALL_BITMAP_MANAGER_H 17 #define NETMANAGER_EXT_NET_FIREWALL_BITMAP_MANAGER_H 18 19 #include <securec.h> 20 #include <stdint.h> 21 #include <string> 22 #include <unordered_map> 23 #include <utility> 24 25 #include "netfirewall/netfirewall_def.h" 26 #include "netfirewall_parcel.h" 27 28 namespace OHOS::NetManagerStandard { 29 enum NetFirewallError { 30 NETFIREWALL_SUCCESS = 0, 31 NETFIREWALL_ERR, 32 NETFIREWALL_IP_STR_ERR, 33 NETFIREWALL_MASK_ERR, 34 NETFIREWALL_FAMILY_ERR, 35 NETFIREWALL_EMPTY_ERR, 36 }; 37 38 class Bitmap { 39 public: 40 Bitmap(); 41 42 explicit Bitmap(uint32_t n); 43 44 Bitmap(const Bitmap &other); 45 46 ~Bitmap() = default; 47 48 void Clear(); 49 50 /** 51 * set bit of index n to 1 52 * 53 * @param n bit index 54 */ 55 void Set(uint32_t n); 56 57 /** 58 * get bitmap hash code 59 * 60 * @return hash code 61 */ 62 uint64_t SpecialHash() const; 63 64 /** 65 * get bitmap memory address 66 * 67 * @return address 68 */ 69 uint32_t *Get(); 70 71 /** 72 * and by bit 73 * 74 * @param other rule bitmap 75 */ 76 void And(const Bitmap &other); 77 78 /** 79 * or by bit 80 * 81 * @param other rule bitmap 82 */ 83 void Or(const Bitmap &other); 84 85 bool operator == (const Bitmap &other) const; 86 87 Bitmap &operator = (const Bitmap &other); 88 89 private: 90 /** 91 * get uin32_t hash, use thomas Wang's 32 bit Mix Function 92 * 93 * @param key input uin32_t number 94 * @return hash number 95 */ 96 uint32_t GetHash(uint32_t key) const; 97 98 private: 99 bitmap_t bitmap_; 100 }; 101 102 template <class T> class BpfUnorderedMap { 103 public: 104 /** 105 * if key is not exist in map insert value, or get value or with input value 106 * 107 * @param key input key 108 * @param val rule bitmap 109 */ OrInsert(const T & key,const Bitmap & val)110 void OrInsert(const T &key, const Bitmap &val) 111 { 112 auto it = map_.find(key); 113 if (it == map_.end()) { 114 map_.insert(std::make_pair(key, Bitmap(val))); 115 } else { 116 it->second.Or(val); 117 } 118 } 119 120 /** 121 * set all value of map or with input bitmap 122 * 123 * @param other rule bitmap 124 */ OrForEach(const Bitmap & other)125 void OrForEach(const Bitmap &other) 126 { 127 auto it = map_.begin(); 128 for (; it != map_.end(); ++it) { 129 it->second.Or(other); 130 } 131 } 132 Delete(const T & key)133 int32_t Delete(const T &key) 134 { 135 return map_.erase(key); 136 } 137 Clear()138 void Clear() 139 { 140 map_.clear(); 141 } 142 Get()143 std::unordered_map<T, Bitmap> &Get() 144 { 145 return map_; 146 } 147 Empty()148 bool Empty() 149 { 150 return map_.empty(); 151 } 152 153 private: 154 std::unordered_map<T, Bitmap> map_; 155 }; 156 157 struct BitmapHash { operatorBitmapHash158 uint64_t operator () (const Bitmap &bitmap) const 159 { 160 return bitmap.SpecialHash(); 161 } 162 }; 163 164 const uint32_t BIT_PER_BYTE = 8; 165 const int32_t IPV6_BIT_COUNT = 128; 166 const int32_t IPV4_BIT_COUNT = 32; 167 const int32_t IPV6_BYTE_COUNT = 16; 168 const int32_t IPV6_SEGMENT_COUNT = 8; 169 const int32_t IPV4_MAX_PREFIXLEN = 32; 170 const int32_t IPV6_MAX_PREFIXLEN = 128; 171 const uint32_t VALUE_ONE = 1; 172 173 struct Ip4Data { 174 uint32_t mask; 175 uint32_t data; // Host Long ip 176 }; 177 178 struct Ip6Data { 179 uint32_t prefixlen; 180 in6_addr data; 181 }; 182 183 class IpParamParser { 184 public: 185 IpParamParser() = default; 186 187 /** 188 * convert ip4segment to ip4 and mask list 189 * 190 * @param startAddr start ip 191 * @param endAddr end ip 192 * @param list output vector 193 * @return success:return NETFIREWALL_SUCCESS, otherwise return error code 194 */ 195 static int32_t GetIp4AndMask(const in_addr &startAddr, const in_addr &endAddr, std::vector<Ip4Data> &list); 196 197 /** 198 * convert ip4 string to uint32_t of network byte order 199 * 200 * @param address ip4 string 201 * @param ipInt ip4 202 * @return success:NETFIREWALL_SUCCESS, fail:NETFIREWALL_IP_STR_ERR 203 */ 204 static int32_t GetIpUint32(const std::string &address, uint32_t &ipInt); 205 206 static std::string Ip4ToStr(uint32_t ip); 207 208 /** 209 * save ip4 and mask to vector 210 * 211 * @param ip uint32_t of Network byte order 212 * @param mask ip4 mask 213 * @param ip4Vec out put vector 214 */ 215 216 static void AddIp(uint32_t ip, uint32_t mask, std::vector<Ip4Data> &ip4Vec); 217 218 /** 219 * get biggest mask from startIp and endIp 220 * 221 * @param startIp start ip 222 * @param endIp end ip 223 * @return ip mask 224 */ 225 226 static int32_t GetMask(uint32_t startIp, uint32_t endIp); 227 228 /** 229 * find value of bit from ip4 uint32_t from right to left 230 * 231 * @param ip uint32_t of Network byte order 232 * @param start start index 233 * @param end end index 234 * @param value find value 0 or 1 235 * @return if founded return bit index of ip, otherwise return IPV4_BIT_COUNT 236 */ 237 static int32_t Rfind(uint32_t ip, uint32_t start, uint32_t end, uint32_t value); 238 239 /** 240 * find value of bit from ip4 uint32_t from right to left 241 * 242 * @param ip uint32_t of Network byte order 243 * @param start start index 244 * @param value find value 0 or 1 245 * @return if founded return bit index of ip, otherwise return IPV4_BIT_COUNT 246 */ 247 static int32_t Find(uint32_t ip, uint32_t start, uint32_t value); 248 249 /** 250 * get broadcast ip from mask and ip, set ip to next ip of broadcast 251 * 252 * @param mask ip4 mask 253 * @param ip input and output 254 */ 255 static void ChangeStart(uint32_t mask, uint32_t &ip); 256 257 /** 258 * convert ip6segment to ip6 and mask list 259 * 260 * @param addr6Start start ip 261 * @param addr6End end ip 262 * @param list output vector 263 * @return if successed:return NETFIREWALL_SUCCESS, otherwise return error code 264 */ 265 static int32_t GetIp6AndMask(const in6_addr &addr6Start, const in6_addr &addr6End, std::vector<Ip6Data> &list); 266 267 static std::string Addr6ToStr(const in6_addr &v6Addr); 268 269 /** 270 * convert ip6 string to in6_addr of Network byte order 271 * 272 * @param ipStr ip6 string 273 * @param addr output ip6 274 * @return success:NETFIREWALL_SUCCESS, fail:NETFIREWALL_IP_STR_ERR 275 */ 276 static int32_t GetInAddr6(const std::string &ipStr, in6_addr &addr); 277 278 /** 279 * get biggest prefixlen from start ip and end ip 280 * 281 * @param start start ip 282 * @param end end ip 283 * @return ip6 prefixlen 284 */ 285 static uint32_t GetIp6Prefixlen(const in6_addr &start, const in6_addr &end); 286 287 /** 288 * save ip6 and prefixlen to vector 289 * 290 * @param addr ip6 data 291 * @param prefixlen ip6 prefixlen 292 * @param list output vector 293 */ 294 static void AddIp6(const in6_addr &addr, uint32_t prefixlen, std::vector<Ip6Data> &list); 295 296 /** 297 * get broadcast ip6 from ip6 and start bit of ip6, set ip to next ip of broadcast 298 * 299 * @param startBit start bit of ip6 300 * @param start input and output 301 */ 302 static void ChangeIp6Start(uint32_t startBit, in6_addr &start); 303 304 /** 305 * find value of bit from ip6 from right to left 306 * 307 * @param addr in6_addr of Network byte order 308 * @param startBit start index of bit 309 * @param endBit end index of bit 310 * @param value find value 0 or 1 311 * @return if founded return index of bit of addr, otherwise return IPV6_BIT_COUNT 312 */ 313 static int32_t RfindIp6(const in6_addr &addr, uint32_t startBit, uint32_t endBit, uint8_t value); 314 315 /** 316 * find value of bit from ip6 from right to left 317 * 318 * @param addr in6_addr of Network byte order 319 * @param startBit start index of bit 320 * @param value find value 0 or 1 321 * @return if founded return bit index of addr, otherwise return IPV6_BIT_COUNT 322 */ 323 static int32_t FindIp6(const in6_addr &addr, uint32_t startBit, uint8_t value); 324 }; 325 326 struct Ip4RuleBitmap { 327 uint32_t mask; 328 uint32_t data; // Network ip 329 Bitmap bitmap; 330 }; 331 332 struct Ip6RuleBitmap { 333 uint32_t prefixlen; 334 in6_addr data; 335 Bitmap bitmap; 336 }; 337 338 using Ip4RuleBitmapVector = std::vector<Ip4RuleBitmap>; 339 using Ip6RuleBitmapVector = std::vector<Ip6RuleBitmap>; 340 341 class Ip4RuleMap { 342 public: 343 /** 344 * set all bitmap of vector or with input bitmap 345 * 346 * @param bitmap rule bitmap 347 */ OrForEach(const Bitmap & bitmap)348 void OrForEach(const Bitmap &bitmap) 349 { 350 auto it = ruleBitmapVec_.begin(); 351 for (; it != ruleBitmapVec_.end(); ++it) { 352 it->bitmap.Or(bitmap); 353 } 354 } 355 356 /** 357 * if addr and mask not exist in vector, save value to vector, otherwise or bitmap 358 * 359 * @param addr Network ip 360 * @param mask ip mask 361 * @param bitmap rule bitmap 362 */ OrInsert(uint32_t addr,uint32_t mask,Bitmap & bitmap)363 void OrInsert(uint32_t addr, uint32_t mask, Bitmap &bitmap) 364 { 365 std::vector<Ip4RuleBitmapVector::iterator> matches; 366 uint32_t networkAddr = GetNetworkAddress(addr, mask); 367 for (auto it = ruleBitmapVec_.begin(); it != ruleBitmapVec_.end(); ++it) { 368 if (it->data == addr || GetNetworkAddress(it->data, it->mask) == networkAddr) { 369 matches.emplace_back(it); 370 } 371 } 372 if (matches.empty()) { 373 Ip4RuleBitmap ruleBitmap; 374 ruleBitmap.data = addr; 375 ruleBitmap.mask = mask; 376 ruleBitmap.bitmap = bitmap; 377 ruleBitmapVec_.emplace_back(std::move(ruleBitmap)); 378 } else { 379 for (const auto &it : matches) { 380 it->bitmap.Or(bitmap); 381 } 382 } 383 } 384 Clear()385 void Clear() 386 { 387 ruleBitmapVec_.clear(); 388 } 389 Get()390 std::vector<Ip4RuleBitmap> &Get() 391 { 392 return ruleBitmapVec_; 393 } 394 395 private: 396 /** 397 * get value from ip & mask by network byte order 398 * 399 * @param addr ip 400 * @param mask ip mask 401 * @return mask uint32 value by network byte order 402 */ GetNetworkAddress(uint32_t addr,uint32_t mask)403 inline uint32_t GetNetworkAddress(uint32_t addr, uint32_t mask) 404 { 405 return ntohl(addr) & (0xFFFFFFFF >> (IPV4_MAX_PREFIXLEN - mask)); 406 } 407 408 private: 409 std::vector<Ip4RuleBitmap> ruleBitmapVec_; 410 }; 411 412 class Ip6RuleMap { 413 public: 414 /** 415 * set all bitmap of vector or with input bitmap 416 * 417 * @param bitmap rule bitmap 418 */ OrForEach(const Bitmap & bitmap)419 void OrForEach(const Bitmap &bitmap) 420 { 421 auto it = ruleBitmapVec_.begin(); 422 for (; it != ruleBitmapVec_.end(); ++it) { 423 it->bitmap.Or(bitmap); 424 } 425 } 426 427 /** 428 * if addr and prefixlen not exist in vector, save value to vector, otherwise or bitmap 429 * 430 * @param addr ip6 431 * @param prefixlen ip6 prefixlen 432 * @param bitmap rule bitmap 433 */ OrInsert(const in6_addr & addr,uint32_t prefixlen,Bitmap & bitmap)434 void OrInsert(const in6_addr &addr, uint32_t prefixlen, Bitmap &bitmap) 435 { 436 std::vector<Ip6RuleBitmapVector::iterator> matches; 437 in6_addr networkAddr = {}; 438 GetNetworkAddress(addr, prefixlen, networkAddr); 439 for (auto it = ruleBitmapVec_.begin(); it != ruleBitmapVec_.end(); ++it) { 440 in6_addr otherNetworkAddr = {}; 441 GetNetworkAddress(it->data, it->prefixlen, otherNetworkAddr); 442 if (!memcmp(&addr, &(it->data), sizeof(in6_addr)) || 443 !memcmp(&networkAddr, &otherNetworkAddr, sizeof(in6_addr))) { 444 matches.emplace_back(it); 445 } 446 } 447 if (matches.empty()) { 448 Ip6RuleBitmap ruleBitmap; 449 ruleBitmap.data = addr; 450 ruleBitmap.prefixlen = prefixlen; 451 ruleBitmap.bitmap = bitmap; 452 ruleBitmapVec_.emplace_back(std::move(ruleBitmap)); 453 } else { 454 for (const auto &it : matches) { 455 it->bitmap.Or(bitmap); 456 } 457 } 458 } 459 Clear()460 void Clear() 461 { 462 ruleBitmapVec_.clear(); 463 } 464 Get()465 std::vector<Ip6RuleBitmap> &Get() 466 { 467 return ruleBitmapVec_; 468 } 469 470 private: GetNetworkAddress(in6_addr addr,int prefixLen,in6_addr & out)471 void GetNetworkAddress(in6_addr addr, int prefixLen, in6_addr &out) 472 { 473 int quotient = prefixLen / 8; 474 int remainder = prefixLen % 8; 475 for (int i = 0; i < quotient; i++) { 476 out.s6_addr[i] = addr.s6_addr[i] & 0xff; 477 } 478 if (remainder) { 479 out.s6_addr[quotient] = addr.s6_addr[quotient] & (~(0xff >> remainder)); 480 } 481 } 482 483 private: 484 std::vector<Ip6RuleBitmap> ruleBitmapVec_; 485 }; 486 487 struct SegmentBitmap { 488 uint16_t start; 489 uint16_t end; 490 Bitmap bitmap; 491 }; 492 493 class SegmentBitmapMap { 494 public: 495 SegmentBitmapMap() = default; 496 497 /** 498 * add segment and rule bitmap map 499 * 500 * @param start start of segment 501 * @param end end of segment 502 * @param bitmap rule itmap 503 */ AddMap(uint16_t start,uint16_t end,const Bitmap & bitmap)504 void AddMap(uint16_t start, uint16_t end, const Bitmap &bitmap) 505 { 506 std::vector<uint32_t> indexs; 507 SearchIntersection(start, end, indexs); 508 if (indexs.empty()) { 509 Insert(start, end, bitmap); 510 return; 511 } 512 std::vector<SegmentBitmap> list; 513 GetMapList(start, end, bitmap, indexs, list); 514 DeleteSegBitmap(indexs); 515 AddSegBitmapMap(list); 516 } 517 GetMap()518 std::vector<SegmentBitmap> &GetMap() 519 { 520 return mapList_; 521 } 522 523 private: 524 /** 525 * search input segment intersection in exist map list 526 * 527 * @param start start of segment 528 * @param end end of segment 529 * @param indexs has intersection index value in exist map 530 */ SearchIntersection(uint16_t start,uint16_t end,std::vector<uint32_t> & indexs)531 void SearchIntersection(uint16_t start, uint16_t end, std::vector<uint32_t> &indexs) 532 { 533 for (size_t i = 0; i < mapList_.size(); ++i) { 534 if (((start >= mapList_[i].start) && (start <= mapList_[i].end)) || 535 ((mapList_[i].start >= start) && (mapList_[i].start <= end))) { 536 indexs.push_back(i); 537 } 538 } 539 } 540 DeleteSegBitmap(std::vector<uint32_t> & indexs)541 void DeleteSegBitmap(std::vector<uint32_t> &indexs) 542 { 543 if (indexs.empty()) { 544 return; 545 } 546 auto it = indexs.rbegin(); 547 for (; it != indexs.rend(); ++it) { 548 mapList_.erase(mapList_.begin() + *it); 549 } 550 } 551 552 /** 553 * insert segment and bitmap into map lsit 554 * 555 * @param start start of segment 556 * @param end end of segment 557 * @param bitmap rule bitmap 558 */ Insert(uint16_t start,uint16_t end,const Bitmap & bitmap)559 void Insert(uint16_t start, uint16_t end, const Bitmap &bitmap) 560 { 561 SegmentBitmap segBitmap; 562 segBitmap.start = start; 563 segBitmap.end = end; 564 segBitmap.bitmap = bitmap; 565 std::vector<SegmentBitmap>::iterator it = mapList_.begin(); 566 for (; it != mapList_.end(); ++it) { 567 if (start < it->start) { 568 mapList_.insert(it, segBitmap); 569 return; 570 } 571 } 572 mapList_.insert(mapList_.end(), segBitmap); 573 } 574 575 /** 576 * add segment and bitmap map to vector 577 * 578 * @param start start of segment 579 * @param end end of segment 580 * @param bitmap rule bitmap 581 * @param mapList map list 582 */ AddSegBitmap(uint16_t start,uint16_t end,const Bitmap & bitmap,std::vector<SegmentBitmap> & mapList)583 void AddSegBitmap(uint16_t start, uint16_t end, const Bitmap &bitmap, std::vector<SegmentBitmap> &mapList) 584 { 585 if (start > end) { 586 return; 587 } 588 SegmentBitmap tmpSegBitmap; 589 tmpSegBitmap.start = start; 590 tmpSegBitmap.end = end; 591 tmpSegBitmap.bitmap = bitmap; 592 mapList.emplace_back(tmpSegBitmap); 593 } 594 AddSegBitmapMap(const std::vector<SegmentBitmap> & mapList)595 void AddSegBitmapMap(const std::vector<SegmentBitmap> &mapList) 596 { 597 auto it = mapList.begin(); 598 for (; it != mapList.end(); ++it) { 599 Insert(it->start, it->end, it->bitmap); 600 } 601 } 602 603 /** 604 * merge segment and bitmap map with exit map into new maps 605 * 606 * @param start start of segment 607 * @param end end of segment 608 * @param bitmap rule bitmap 609 * @param indexs intersection indexs 610 * @param list segment and rule bitmap map list 611 */ GetMapList(uint16_t start,uint16_t end,const Bitmap & bitmap,std::vector<uint32_t> & indexs,std::vector<SegmentBitmap> & list)612 void GetMapList(uint16_t start, uint16_t end, const Bitmap &bitmap, std::vector<uint32_t> &indexs, 613 std::vector<SegmentBitmap> &list) 614 { 615 uint32_t tmpStart = start; 616 for (auto index : indexs) { 617 SegmentBitmap &segBitmap = mapList_[index]; 618 if (tmpStart < segBitmap.start) { 619 AddSegBitmap(tmpStart, segBitmap.start - 1, bitmap, list); 620 Bitmap bmap(bitmap); 621 if (end <= segBitmap.end) { 622 bmap.Or(segBitmap.bitmap); 623 AddSegBitmap(segBitmap.start, end, bmap, list); 624 AddSegBitmap(end + 1, segBitmap.end, segBitmap.bitmap, list); 625 tmpStart = end + 1; 626 break; 627 } else { 628 bmap.Or(segBitmap.bitmap); 629 AddSegBitmap(segBitmap.start, segBitmap.end, bmap, list); 630 tmpStart = segBitmap.end + 1; 631 } 632 } else { 633 if (tmpStart > segBitmap.start) { 634 AddSegBitmap(segBitmap.start, tmpStart - 1, segBitmap.bitmap, list); 635 } 636 Bitmap bmap(bitmap); 637 if (end <= segBitmap.end) { 638 bmap.Or(segBitmap.bitmap); 639 AddSegBitmap(tmpStart, end, bmap, list); 640 AddSegBitmap(end + 1, segBitmap.end, segBitmap.bitmap, list); 641 tmpStart = end + 1; 642 break; 643 } else { 644 bmap.Or(segBitmap.bitmap); 645 AddSegBitmap(tmpStart, segBitmap.end, bmap, list); 646 tmpStart = segBitmap.end + 1; 647 } 648 } 649 } 650 if (tmpStart <= end) { 651 AddSegBitmap(tmpStart, end, bitmap, list); 652 } 653 } 654 655 private: 656 std::vector<SegmentBitmap> mapList_; 657 }; 658 659 using PortKey = port_key; 660 using ProtoKey = proto_key; 661 using AppUidKey = appuid_key; 662 using UidKey = uid_key; 663 using ActionValue = action_val; 664 665 using BpfStrMap = BpfUnorderedMap<std::string>; 666 using BpfPortMap = BpfUnorderedMap<PortKey>; 667 using BpfProtoMap = BpfUnorderedMap<ProtoKey>; 668 using BpfAppUidMap = BpfUnorderedMap<AppUidKey>; 669 using BpfUidMap = BpfUnorderedMap<UidKey>; 670 using BpfActionMap = BpfUnorderedMap<action_key>; 671 672 class BitmapManager { 673 public: BitmapManager()674 BitmapManager() {} 675 676 ~BitmapManager() = default; 677 678 /** 679 * build firewall rule bitmap map 680 * 681 * @param ruleList fire wall list 682 * @return success: return NETFIREWALL_SUCCESS, otherwise return error code 683 */ 684 int32_t BuildBitmapMap(const std::vector<sptr<NetFirewallIpRule>> &ruleList); 685 GetSrcIp4Map()686 Ip4RuleBitmapVector &GetSrcIp4Map() 687 { 688 return srcIp4Map_.Get(); 689 } 690 GetSrcIp6Map()691 Ip6RuleBitmapVector &GetSrcIp6Map() 692 { 693 return srcIp6Map_.Get(); 694 } 695 GetDstIp4Map()696 Ip4RuleBitmapVector &GetDstIp4Map() 697 { 698 return dstIp4Map_.Get(); 699 } 700 GetDstIp6Map()701 Ip6RuleBitmapVector &GetDstIp6Map() 702 { 703 return dstIp6Map_.Get(); 704 } 705 GetSrcPortMap()706 BpfPortMap &GetSrcPortMap() 707 { 708 return srcPortMap_; 709 } 710 GetDstPortMap()711 BpfPortMap &GetDstPortMap() 712 { 713 return dstPortMap_; 714 } 715 GetProtoMap()716 BpfProtoMap &GetProtoMap() 717 { 718 return protoMap_; 719 } 720 GetAppIdMap()721 BpfAppUidMap &GetAppIdMap() 722 { 723 return appUidMap_; 724 } 725 GetUidMap()726 BpfUidMap &GetUidMap() 727 { 728 return uidMap_; 729 } 730 GetActionMap()731 BpfActionMap &GetActionMap() 732 { 733 return actionMap_; 734 } 735 736 static uint16_t Hltons(int32_t n); 737 738 static uint16_t Nstohl(uint16_t n); 739 740 private: 741 void Clear(); 742 743 /** 744 * build firewall rule bitmap map, with element seted 745 * 746 * @param ruleList fire wall list 747 * @return success: return NETFIREWALL_SUCCESS, otherwise return error code 748 */ 749 int32_t BuildMarkBitmap(const std::vector<sptr<NetFirewallIpRule>> &ruleList); 750 751 /** 752 * build firewall rule bitmap map, with element not seted 753 * 754 * @param ruleList fire wall list 755 * @return success: return NETFIREWALL_SUCCESS, otherwise return error code 756 */ 757 void BuildNoMarkBitmap(const std::vector<sptr<NetFirewallIpRule>> &ruleList); 758 759 /** 760 * insert ip and rule bitmap map 761 * 762 * @param ipInfo ip info 763 * @param isSrc true: Source, false: local 764 * @param bitmap rule bitmap 765 * @return success: return NETFIREWALL_SUCCESS, otherwise return error code 766 */ 767 int32_t InsertIpBitmap(const std::vector<NetFirewallIpParam> &ipInfo, bool isSrc, Bitmap &bitmap); 768 769 /** 770 * convect port segement map to single port map 771 * 772 * @param portSegMap segment port and rule bitmap map 773 * @param portMap output single port and rule bitmap map 774 * @return success: return NETFIREWALL_SUCCESS, otherwise return error code 775 */ 776 void OrInsertPortBitmap(SegmentBitmapMap &portSegMap, BpfUnorderedMap<PortKey> &portMap); 777 778 /** 779 * judge protocols if need port map 780 * 781 * @param protocol transform protoco 782 * @return true: not need; false: needed 783 */ 784 bool IsNotNeedPort(NetworkProtocol protocol); 785 786 /** 787 * insert ip6 segment and bitmap map 788 * 789 * @param item ip info 790 * @param bitmap rule bitmap 791 * @param ip6Map ip6 and rule bitmap map 792 * @return success: return NETFIREWALL_SUCCESS, otherwise return error code 793 */ 794 int32_t InsertIp6SegBitmap(const NetFirewallIpParam &item, Bitmap &bitmap, Ip6RuleMap *ip6Map); 795 796 /** 797 * insert ip4 segment and bitmap map 798 * 799 * @param item ip info 800 * @param bitmap rule bitmap 801 * @param ip4Map ip4 and rule bitmap map 802 * @return success: return NETFIREWALL_SUCCESS, otherwise return error code 803 */ 804 int32_t InsertIp4SegBitmap(const NetFirewallIpParam &item, Bitmap &bitmap, Ip4RuleMap *ip4Map); 805 806 /** 807 * save port segment and bitmap map to map list 808 * 809 * @param port port info 810 * @param bitmap rule bitmap 811 * @param portMap port segment and bitmap map list 812 */ 813 void AddPortBitmap(const std::vector<NetFirewallPortParam> &port, Bitmap &bitmap, SegmentBitmapMap &portMap); 814 815 private: 816 Ip4RuleMap srcIp4Map_; 817 Ip4RuleMap dstIp4Map_; 818 Ip6RuleMap srcIp6Map_; 819 Ip6RuleMap dstIp6Map_; 820 BpfPortMap srcPortMap_; 821 BpfPortMap dstPortMap_; 822 BpfProtoMap protoMap_; 823 BpfAppUidMap appUidMap_; 824 BpfUidMap uidMap_; 825 BpfActionMap actionMap_; 826 }; 827 } // namespace OHOS::NetManagerStandard 828 #endif /* NETMANAGER_EXT_NET_FIREWALL_BITMAP_MANAGER_H */ 829