1 /* 2 * Copyright (c) 2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef NETMANAGER_EXT_NET_FIREWALL_BITMAP_MANAGER_H 17 #define NETMANAGER_EXT_NET_FIREWALL_BITMAP_MANAGER_H 18 19 #include <securec.h> 20 #include <stdint.h> 21 #include <string> 22 #include <unordered_map> 23 #include <utility> 24 25 #include "netfirewall/netfirewall_def.h" 26 #include "netfirewall_parcel.h" 27 28 namespace OHOS::NetManagerStandard { 29 enum NetFirewallError { 30 NETFIREWALL_SUCCESS = 0, 31 NETFIREWALL_ERR, 32 NETFIREWALL_IP_STR_ERR, 33 NETFIREWALL_MASK_ERR, 34 NETFIREWALL_FAMILY_ERR, 35 NETFIREWALL_EMPTY_ERR, 36 }; 37 38 class Bitmap { 39 public: 40 Bitmap(); 41 42 explicit Bitmap(uint32_t n); 43 44 Bitmap(const Bitmap &other); 45 46 ~Bitmap() = default; 47 48 void Clear(); 49 50 /** 51 * set bit of index n to 1 52 * 53 * @param n bit index 54 */ 55 void Set(uint32_t n); 56 57 /** 58 * get bitmap hash code 59 * 60 * @return hash code 61 */ 62 uint64_t SpecialHash() const; 63 64 /** 65 * get bitmap memory address 66 * 67 * @return address 68 */ 69 uint32_t *Get(); 70 71 /** 72 * and by bit 73 * 74 * @param other rule bitmap 75 */ 76 void And(const Bitmap &other); 77 78 /** 79 * or by bit 80 * 81 * @param other rule bitmap 82 */ 83 void Or(const Bitmap &other); 84 85 bool operator == (const Bitmap &other) const; 86 87 Bitmap &operator = (const Bitmap &other); 88 89 private: 90 /** 91 * get uin32_t hash, use thomas Wang's 32 bit Mix Function 92 * 93 * @param key input uin32_t number 94 * @return hash number 95 */ 96 uint32_t GetHash(uint32_t key) const; 97 98 private: 99 bitmap_t bitmap_; 100 }; 101 102 template <class T> class BpfUnorderedMap { 103 public: 104 /** 105 * if key is not exist in map insert value, or get value or with input value 106 * 107 * @param key input key 108 * @param val rule bitmap 109 */ OrInsert(const T &key, const Bitmap &val)110 void OrInsert(const T &key, const Bitmap &val) 111 { 112 auto it = map_.find(key); 113 if (it == map_.end()) { 114 map_.insert(std::make_pair(key, Bitmap(val))); 115 } else { 116 it->second.Or(val); 117 } 118 } 119 120 /** 121 * set all value of map or with input bitmap 122 * 123 * @param other rule bitmap 124 */ OrForEach(const Bitmap &other)125 void OrForEach(const Bitmap &other) 126 { 127 auto it = map_.begin(); 128 for (; it != map_.end(); ++it) { 129 it->second.Or(other); 130 } 131 } 132 Delete(const T &key)133 int32_t Delete(const T &key) 134 { 135 return map_.erase(key); 136 } 137 Clear()138 void Clear() 139 { 140 map_.clear(); 141 } 142 Get()143 std::unordered_map<T, Bitmap> &Get() 144 { 145 return map_; 146 } 147 Empty()148 bool Empty() 149 { 150 return map_.empty(); 151 } 152 153 private: 154 std::unordered_map<T, Bitmap> map_; 155 }; 156 157 struct BitmapHash { operator ()OHOS::NetManagerStandard::BitmapHash158 uint64_t operator () (const Bitmap &bitmap) const 159 { 160 return bitmap.SpecialHash(); 161 } 162 }; 163 164 const uint32_t BIT_PER_BYTE = 8; 165 const uint32_t IPV6_BIT_COUNT = 128; 166 const uint32_t IPV4_BIT_COUNT = 32; 167 const uint32_t IPV6_BYTE_COUNT = 16; 168 const uint32_t IPV6_SEGMENT_COUNT = 8; 169 const uint32_t VALUE_ONE = 1; 170 171 struct Ip4Data { 172 uint32_t mask; 173 uint32_t data; // Host Long ip 174 }; 175 176 struct Ip6Data { 177 uint32_t prefixlen; 178 in6_addr data; 179 }; 180 181 class IpParamParser { 182 public: 183 IpParamParser() = default; 184 185 /** 186 * convert ip4segment to ip4 and mask list 187 * 188 * @param startAddr start ip 189 * @param endAddr end ip 190 * @param list output vector 191 * @return success:return NETFIREWALL_SUCCESS, otherwise return error code 192 */ 193 static int32_t GetIp4AndMask(const in_addr &startAddr, const in_addr &endAddr, std::vector<Ip4Data> &list); 194 195 /** 196 * convert ip4 string to uint32_t of network byte order 197 * 198 * @param address ip4 string 199 * @param ipInt ip4 200 * @return success:NETFIREWALL_SUCCESS, fail:NETFIREWALL_IP_STR_ERR 201 */ 202 static int32_t GetIpUint32(const std::string &address, uint32_t &ipInt); 203 204 static std::string Ip4ToStr(uint32_t ip); 205 206 /** 207 * save ip4 and mask to vector 208 * 209 * @param ip uint32_t of Network byte order 210 * @param mask ip4 mask 211 * @param ip4Vec out put vector 212 */ 213 214 static void AddIp(uint32_t ip, uint32_t mask, std::vector<Ip4Data> &ip4Vec); 215 216 /** 217 * get biggest mask from startIp and endIp 218 * 219 * @param startIp start ip 220 * @param endIp end ip 221 * @return ip mask 222 */ 223 224 static uint32_t GetMask(uint32_t startIp, uint32_t endIp); 225 226 /** 227 * find value of bit from ip4 uint32_t from right to left 228 * 229 * @param ip uint32_t of Network byte order 230 * @param start start index 231 * @param end end index 232 * @param value find value 0 or 1 233 * @return if founded return bit index of ip, otherwise return IPV4_BIT_COUNT 234 */ 235 static uint32_t Rfind(uint32_t ip, uint32_t start, uint32_t end, uint32_t value); 236 237 /** 238 * find value of bit from ip4 uint32_t from right to left 239 * 240 * @param ip uint32_t of Network byte order 241 * @param start start index 242 * @param value find value 0 or 1 243 * @return if founded return bit index of ip, otherwise return IPV4_BIT_COUNT 244 */ 245 static uint32_t Find(uint32_t ip, uint32_t start, uint32_t value); 246 247 /** 248 * get broadcast ip from mask and ip, set ip to next ip of broadcast 249 * 250 * @param mask ip4 mask 251 * @param ip input and output 252 */ 253 static void ChangeStart(uint32_t mask, uint32_t &ip); 254 255 /** 256 * convert ip6segment to ip6 and mask list 257 * 258 * @param addr6Start start ip 259 * @param addr6End end ip 260 * @param list output vector 261 * @return if successed:return NETFIREWALL_SUCCESS, otherwise return error code 262 */ 263 static int32_t GetIp6AndMask(const in6_addr &addr6Start, const in6_addr &addr6End, std::vector<Ip6Data> &list); 264 265 static std::string Addr6ToStr(const in6_addr &v6Addr); 266 267 /** 268 * convert ip6 string to in6_addr of Network byte order 269 * 270 * @param ipStr ip6 string 271 * @param addr output ip6 272 * @return success:NETFIREWALL_SUCCESS, fail:NETFIREWALL_IP_STR_ERR 273 */ 274 static int32_t GetInAddr6(const std::string &ipStr, in6_addr &addr); 275 276 /** 277 * get biggest prefixlen from start ip and end ip 278 * 279 * @param start start ip 280 * @param end end ip 281 * @return ip6 prefixlen 282 */ 283 static uint32_t GetIp6Prefixlen(const in6_addr &start, const in6_addr &end); 284 285 /** 286 * save ip6 and prefixlen to vector 287 * 288 * @param addr ip6 data 289 * @param prefixlen ip6 prefixlen 290 * @param list output vector 291 */ 292 static void AddIp6(const in6_addr &addr, uint32_t prefixlen, std::vector<Ip6Data> &list); 293 294 /** 295 * get broadcast ip6 from ip6 and start bit of ip6, set ip to next ip of broadcast 296 * 297 * @param startBit start bit of ip6 298 * @param start input and output 299 */ 300 static void ChangeIp6Start(uint32_t startBit, in6_addr &start); 301 302 /** 303 * find value of bit from ip6 from right to left 304 * 305 * @param addr in6_addr of Network byte order 306 * @param startBit start index of bit 307 * @param endBit end index of bit 308 * @param value find value 0 or 1 309 * @return if founded return index of bit of addr, otherwise return IPV6_BIT_COUNT 310 */ 311 static uint32_t RfindIp6(const in6_addr &addr, uint32_t startBit, uint32_t endBit, uint8_t value); 312 313 /** 314 * find value of bit from ip6 from right to left 315 * 316 * @param addr in6_addr of Network byte order 317 * @param startBit start index of bit 318 * @param value find value 0 or 1 319 * @return if founded return bit index of addr, otherwise return IPV6_BIT_COUNT 320 */ 321 static uint32_t FindIp6(const in6_addr &addr, uint32_t startBit, uint8_t value); 322 }; 323 324 struct Ip4RuleBitmap { 325 uint32_t mask; 326 uint32_t data; // Network ip 327 Bitmap bitmap; 328 }; 329 330 struct Ip6RuleBitmap { 331 uint32_t prefixlen; 332 in6_addr data; 333 Bitmap bitmap; 334 }; 335 336 using Ip4RuleBitmapVector = std::vector<Ip4RuleBitmap>; 337 using Ip6RuleBitmapVector = std::vector<Ip6RuleBitmap>; 338 339 class Ip4RuleMap { 340 public: 341 /** 342 * set all bitmap of vector or with input bitmap 343 * 344 * @param bitmap rule bitmap 345 */ OrForEach(const Bitmap &bitmap)346 void OrForEach(const Bitmap &bitmap) 347 { 348 auto it = ruleBitmapVec_.begin(); 349 for (; it != ruleBitmapVec_.end(); ++it) { 350 it->bitmap.Or(bitmap); 351 } 352 } 353 354 /** 355 * if addr and mask not exist in vector, save value to vector, otherwise or bitmap 356 * 357 * @param addr Network ip 358 * @param mask ip mask 359 * @param bitmap rule bitmap 360 */ OrInsert(uint32_t addr, uint32_t mask, Bitmap &bitmap)361 void OrInsert(uint32_t addr, uint32_t mask, Bitmap &bitmap) 362 { 363 std::vector<Ip4RuleBitmapVector::iterator> matches; 364 uint32_t networkAddr = GetNetworkAddress(addr, mask); 365 for (auto it = ruleBitmapVec_.begin(); it != ruleBitmapVec_.end(); ++it) { 366 if (it->data == addr || GetNetworkAddress(it->data, it->mask) == networkAddr) { 367 matches.emplace_back(it); 368 } 369 } 370 if (matches.empty()) { 371 Ip4RuleBitmap ruleBitmap; 372 ruleBitmap.data = addr; 373 ruleBitmap.mask = mask; 374 ruleBitmap.bitmap = bitmap; 375 ruleBitmapVec_.emplace_back(std::move(ruleBitmap)); 376 } else { 377 for (const auto &it : matches) { 378 it->bitmap.Or(bitmap); 379 } 380 } 381 } 382 Clear()383 void Clear() 384 { 385 ruleBitmapVec_.clear(); 386 } 387 Get()388 std::vector<Ip4RuleBitmap> &Get() 389 { 390 return ruleBitmapVec_; 391 } 392 393 private: 394 /** 395 * get value from ip & mask by network byte order 396 * 397 * @param addr ip 398 * @param mask ip mask 399 * @return mask uint32 value by network byte order 400 */ GetNetworkAddress(uint32_t addr, uint32_t mask)401 inline uint32_t GetNetworkAddress(uint32_t addr, uint32_t mask) 402 { 403 return ntohl(addr) & (0xFFFFFFFF >> (IPV4_MAX_PREFIXLEN - mask)); 404 } 405 406 private: 407 std::vector<Ip4RuleBitmap> ruleBitmapVec_; 408 }; 409 410 class Ip6RuleMap { 411 public: 412 /** 413 * set all bitmap of vector or with input bitmap 414 * 415 * @param bitmap rule bitmap 416 */ OrForEach(const Bitmap &bitmap)417 void OrForEach(const Bitmap &bitmap) 418 { 419 auto it = ruleBitmapVec_.begin(); 420 for (; it != ruleBitmapVec_.end(); ++it) { 421 it->bitmap.Or(bitmap); 422 } 423 } 424 425 /** 426 * if addr and prefixlen not exist in vector, save value to vector, otherwise or bitmap 427 * 428 * @param addr ip6 429 * @param prefixlen ip6 prefixlen 430 * @param bitmap rule bitmap 431 */ OrInsert(const in6_addr &addr, uint32_t prefixlen, Bitmap &bitmap)432 void OrInsert(const in6_addr &addr, uint32_t prefixlen, Bitmap &bitmap) 433 { 434 std::vector<Ip6RuleBitmapVector::iterator> matches; 435 in6_addr networkAddr = {}; 436 GetNetworkAddress(addr, prefixlen, networkAddr); 437 for (auto it = ruleBitmapVec_.begin(); it != ruleBitmapVec_.end(); ++it) { 438 in6_addr otherNetworkAddr = {}; 439 GetNetworkAddress(it->data, it->prefixlen, otherNetworkAddr); 440 if (!memcmp(&addr, &(it->data), sizeof(in6_addr)) || 441 !memcmp(&networkAddr, &otherNetworkAddr, sizeof(in6_addr))) { 442 matches.emplace_back(it); 443 } 444 } 445 if (matches.empty()) { 446 Ip6RuleBitmap ruleBitmap; 447 ruleBitmap.data = addr; 448 ruleBitmap.prefixlen = prefixlen; 449 ruleBitmap.bitmap = bitmap; 450 ruleBitmapVec_.emplace_back(std::move(ruleBitmap)); 451 } else { 452 for (const auto &it : matches) { 453 it->bitmap.Or(bitmap); 454 } 455 } 456 } 457 Clear()458 void Clear() 459 { 460 ruleBitmapVec_.clear(); 461 } 462 Get()463 std::vector<Ip6RuleBitmap> &Get() 464 { 465 return ruleBitmapVec_; 466 } 467 468 private: GetNetworkAddress(in6_addr addr, int prefixLen, in6_addr &out)469 void GetNetworkAddress(in6_addr addr, int prefixLen, in6_addr &out) 470 { 471 int quotient = prefixLen / 8; 472 int remainder = prefixLen % 8; 473 for (int i = 0; i < quotient; i++) { 474 out.s6_addr[i] = addr.s6_addr[i] & 0xff; 475 } 476 if (remainder) { 477 out.s6_addr[quotient] = addr.s6_addr[quotient] & (~(0xff >> remainder)); 478 } 479 } 480 481 private: 482 std::vector<Ip6RuleBitmap> ruleBitmapVec_; 483 }; 484 485 struct SegmentBitmap { 486 uint16_t start; 487 uint16_t end; 488 Bitmap bitmap; 489 }; 490 491 class SegmentBitmapMap { 492 public: 493 SegmentBitmapMap() = default; 494 495 /** 496 * add segment and rule bitmap map 497 * 498 * @param start start of segment 499 * @param end end of segment 500 * @param bitmap rule itmap 501 */ AddMap(uint16_t start, uint16_t end, const Bitmap &bitmap)502 void AddMap(uint16_t start, uint16_t end, const Bitmap &bitmap) 503 { 504 std::vector<uint32_t> indexs; 505 SearchIntersection(start, end, indexs); 506 if (indexs.empty()) { 507 Insert(start, end, bitmap); 508 return; 509 } 510 std::vector<SegmentBitmap> list; 511 GetMapList(start, end, bitmap, indexs, list); 512 DeleteSegBitmap(indexs); 513 AddSegBitmapMap(list); 514 } 515 GetMap()516 std::vector<SegmentBitmap> &GetMap() 517 { 518 return mapList_; 519 } 520 521 private: 522 /** 523 * search input segment intersection in exist map list 524 * 525 * @param start start of segment 526 * @param end end of segment 527 * @param indexs has intersection index value in exist map 528 */ SearchIntersection(uint16_t start, uint16_t end, std::vector<uint32_t> &indexs)529 void SearchIntersection(uint16_t start, uint16_t end, std::vector<uint32_t> &indexs) 530 { 531 for (size_t i = 0; i < mapList_.size(); ++i) { 532 if (((start >= mapList_[i].start) && (start <= mapList_[i].end)) || 533 ((mapList_[i].start >= start) && (mapList_[i].start <= end))) { 534 indexs.push_back(i); 535 } 536 } 537 } 538 DeleteSegBitmap(std::vector<uint32_t> &indexs)539 void DeleteSegBitmap(std::vector<uint32_t> &indexs) 540 { 541 if (indexs.empty()) { 542 return; 543 } 544 auto it = indexs.rbegin(); 545 for (; it != indexs.rend(); ++it) { 546 mapList_.erase(mapList_.begin() + *it); 547 } 548 } 549 550 /** 551 * insert segment and bitmap into map lsit 552 * 553 * @param start start of segment 554 * @param end end of segment 555 * @param bitmap rule bitmap 556 */ Insert(uint16_t start, uint16_t end, const Bitmap &bitmap)557 void Insert(uint16_t start, uint16_t end, const Bitmap &bitmap) 558 { 559 SegmentBitmap segBitmap; 560 segBitmap.start = start; 561 segBitmap.end = end; 562 segBitmap.bitmap = bitmap; 563 std::vector<SegmentBitmap>::iterator it = mapList_.begin(); 564 for (; it != mapList_.end(); ++it) { 565 if (start < it->start) { 566 mapList_.insert(it, segBitmap); 567 return; 568 } 569 } 570 mapList_.insert(mapList_.end(), segBitmap); 571 } 572 573 /** 574 * add segment and bitmap map to vector 575 * 576 * @param start start of segment 577 * @param end end of segment 578 * @param bitmap rule bitmap 579 * @param mapList map list 580 */ AddSegBitmap(uint16_t start, uint16_t end, const Bitmap &bitmap, std::vector<SegmentBitmap> &mapList)581 void AddSegBitmap(uint16_t start, uint16_t end, const Bitmap &bitmap, std::vector<SegmentBitmap> &mapList) 582 { 583 if (start > end) { 584 return; 585 } 586 SegmentBitmap tmpSegBitmap; 587 tmpSegBitmap.start = start; 588 tmpSegBitmap.end = end; 589 tmpSegBitmap.bitmap = bitmap; 590 mapList.emplace_back(tmpSegBitmap); 591 } 592 AddSegBitmapMap(const std::vector<SegmentBitmap> &mapList)593 void AddSegBitmapMap(const std::vector<SegmentBitmap> &mapList) 594 { 595 auto it = mapList.begin(); 596 for (; it != mapList.end(); ++it) { 597 Insert(it->start, it->end, it->bitmap); 598 } 599 } 600 601 /** 602 * merge segment and bitmap map with exit map into new maps 603 * 604 * @param start start of segment 605 * @param end end of segment 606 * @param bitmap rule bitmap 607 * @param indexs intersection indexs 608 * @param list segment and rule bitmap map list 609 */ GetMapList(uint16_t start, uint16_t end, const Bitmap &bitmap, std::vector<uint32_t> &indexs, std::vector<SegmentBitmap> &list)610 void GetMapList(uint16_t start, uint16_t end, const Bitmap &bitmap, std::vector<uint32_t> &indexs, 611 std::vector<SegmentBitmap> &list) 612 { 613 uint32_t tmpStart = start; 614 for (auto index : indexs) { 615 SegmentBitmap &segBitmap = mapList_[index]; 616 if (tmpStart < segBitmap.start) { 617 AddSegBitmap(tmpStart, segBitmap.start - 1, bitmap, list); 618 Bitmap bmap(bitmap); 619 if (end <= segBitmap.end) { 620 bmap.Or(segBitmap.bitmap); 621 AddSegBitmap(segBitmap.start, end, bmap, list); 622 AddSegBitmap(end + 1, segBitmap.end, segBitmap.bitmap, list); 623 tmpStart = end + 1; 624 break; 625 } else { 626 bmap.Or(segBitmap.bitmap); 627 AddSegBitmap(segBitmap.start, segBitmap.end, bmap, list); 628 tmpStart = segBitmap.end + 1; 629 } 630 } else { 631 if (tmpStart > segBitmap.start) { 632 AddSegBitmap(segBitmap.start, tmpStart - 1, segBitmap.bitmap, list); 633 } 634 Bitmap bmap(bitmap); 635 if (end <= segBitmap.end) { 636 bmap.Or(segBitmap.bitmap); 637 AddSegBitmap(tmpStart, end, bmap, list); 638 AddSegBitmap(end + 1, segBitmap.end, segBitmap.bitmap, list); 639 tmpStart = end + 1; 640 break; 641 } else { 642 bmap.Or(segBitmap.bitmap); 643 AddSegBitmap(tmpStart, segBitmap.end, bmap, list); 644 tmpStart = segBitmap.end + 1; 645 } 646 } 647 } 648 if (tmpStart <= end) { 649 AddSegBitmap(tmpStart, end, bitmap, list); 650 } 651 } 652 653 private: 654 std::vector<SegmentBitmap> mapList_; 655 }; 656 657 using PortKey = port_key; 658 using ProtoKey = proto_key; 659 using AppUidKey = appuid_key; 660 using UidKey = uid_key; 661 using ActionValue = action_val; 662 663 using BpfStrMap = BpfUnorderedMap<std::string>; 664 using BpfPortMap = BpfUnorderedMap<PortKey>; 665 using BpfProtoMap = BpfUnorderedMap<ProtoKey>; 666 using BpfAppUidMap = BpfUnorderedMap<AppUidKey>; 667 using BpfUidMap = BpfUnorderedMap<UidKey>; 668 using BpfActionMap = BpfUnorderedMap<action_key>; 669 670 class BitmapManager { 671 public: BitmapManager()672 BitmapManager() {} 673 674 ~BitmapManager() = default; 675 676 /** 677 * build firewall rule bitmap map 678 * 679 * @param ruleList fire wall list 680 * @return success: return NETFIREWALL_SUCCESS, otherwise return error code 681 */ 682 int32_t BuildBitmapMap(const std::vector<sptr<NetFirewallIpRule>> &ruleList); 683 GetSrcIp4Map()684 Ip4RuleBitmapVector &GetSrcIp4Map() 685 { 686 return srcIp4Map_.Get(); 687 } 688 GetSrcIp6Map()689 Ip6RuleBitmapVector &GetSrcIp6Map() 690 { 691 return srcIp6Map_.Get(); 692 } 693 GetDstIp4Map()694 Ip4RuleBitmapVector &GetDstIp4Map() 695 { 696 return dstIp4Map_.Get(); 697 } 698 GetDstIp6Map()699 Ip6RuleBitmapVector &GetDstIp6Map() 700 { 701 return dstIp6Map_.Get(); 702 } 703 GetSrcPortMap()704 BpfPortMap &GetSrcPortMap() 705 { 706 return srcPortMap_; 707 } 708 GetDstPortMap()709 BpfPortMap &GetDstPortMap() 710 { 711 return dstPortMap_; 712 } 713 GetProtoMap()714 BpfProtoMap &GetProtoMap() 715 { 716 return protoMap_; 717 } 718 GetAppIdMap()719 BpfAppUidMap &GetAppIdMap() 720 { 721 return appUidMap_; 722 } 723 GetUidMap()724 BpfUidMap &GetUidMap() 725 { 726 return uidMap_; 727 } 728 GetActionMap()729 BpfActionMap &GetActionMap() 730 { 731 return actionMap_; 732 } 733 734 static uint16_t Hltons(uint32_t n); 735 736 static uint16_t Nstohl(uint16_t n); 737 738 private: 739 void Clear(); 740 741 /** 742 * build firewall rule bitmap map, with element seted 743 * 744 * @param ruleList fire wall list 745 * @return success: return NETFIREWALL_SUCCESS, otherwise return error code 746 */ 747 int32_t BuildMarkBitmap(const std::vector<sptr<NetFirewallIpRule>> &ruleList); 748 749 /** 750 * build firewall rule bitmap map, with element not seted 751 * 752 * @param ruleList fire wall list 753 * @return success: return NETFIREWALL_SUCCESS, otherwise return error code 754 */ 755 void BuildNoMarkBitmap(const std::vector<sptr<NetFirewallIpRule>> &ruleList); 756 757 /** 758 * insert ip and rule bitmap map 759 * 760 * @param ipInfo ip info 761 * @param isSrc true: Source, false: local 762 * @param bitmap rule bitmap 763 * @return success: return NETFIREWALL_SUCCESS, otherwise return error code 764 */ 765 int32_t InsertIpBitmap(const std::vector<NetFirewallIpParam> &ipInfo, bool isSrc, Bitmap &bitmap); 766 767 /** 768 * convect port segement map to single port map 769 * 770 * @param portSegMap segment port and rule bitmap map 771 * @param portMap output single port and rule bitmap map 772 * @return success: return NETFIREWALL_SUCCESS, otherwise return error code 773 */ 774 void OrInsertPortBitmap(SegmentBitmapMap &portSegMap, BpfUnorderedMap<PortKey> &portMap); 775 776 /** 777 * judge protocols if need port map 778 * 779 * @param protocol transform protoco 780 * @return true: not need; false: needed 781 */ 782 bool IsNotNeedPort(NetworkProtocol protocol); 783 784 /** 785 * insert ip6 segment and bitmap map 786 * 787 * @param item ip info 788 * @param bitmap rule bitmap 789 * @param ip6Map ip6 and rule bitmap map 790 * @return success: return NETFIREWALL_SUCCESS, otherwise return error code 791 */ 792 int32_t InsertIp6SegBitmap(const NetFirewallIpParam &item, Bitmap &bitmap, Ip6RuleMap *ip6Map); 793 794 /** 795 * insert ip4 segment and bitmap map 796 * 797 * @param item ip info 798 * @param bitmap rule bitmap 799 * @param ip4Map ip4 and rule bitmap map 800 * @return success: return NETFIREWALL_SUCCESS, otherwise return error code 801 */ 802 int32_t InsertIp4SegBitmap(const NetFirewallIpParam &item, Bitmap &bitmap, Ip4RuleMap *ip4Map); 803 804 /** 805 * save port segment and bitmap map to map list 806 * 807 * @param port port info 808 * @param bitmap rule bitmap 809 * @param portMap port segment and bitmap map list 810 */ 811 void AddPortBitmap(const std::vector<NetFirewallPortParam> &port, Bitmap &bitmap, SegmentBitmapMap &portMap); 812 813 private: 814 Ip4RuleMap srcIp4Map_; 815 Ip4RuleMap dstIp4Map_; 816 Ip6RuleMap srcIp6Map_; 817 Ip6RuleMap dstIp6Map_; 818 BpfPortMap srcPortMap_; 819 BpfPortMap dstPortMap_; 820 BpfProtoMap protoMap_; 821 BpfAppUidMap appUidMap_; 822 BpfUidMap uidMap_; 823 BpfActionMap actionMap_; 824 }; 825 } // namespace OHOS::NetManagerStandard 826 #endif /* NETMANAGER_EXT_NET_FIREWALL_BITMAP_MANAGER_H */ 827