Commit 864ce0d5 authored by Stig Venaas's avatar Stig Venaas
Browse files

added IPv6 tos and flow anon

git-svn-id: file:///home/svn/mapi/trunk@905 8d5bb341-7cf1-0310-8cf6-ba355fef3186
parent 069b836d
...@@ -271,7 +271,10 @@ typedef enum { ...@@ -271,7 +271,10 @@ typedef enum {
END_FIELD_DEFS, END_FIELD_DEFS,
GAUSSIAN, GAUSSIAN,
UNIFORM UNIFORM,
FLOW /* IPv6 header field, should not be here, but may break compatibility
* if not at the end */
} anonymizationDefs; } anonymizationDefs;
#define MAX_PIPELINE 50 #define MAX_PIPELINE 50
......
...@@ -75,7 +75,7 @@ int can_field_be_applied_to_protocol(int protocol,int field) { ...@@ -75,7 +75,7 @@ int can_field_be_applied_to_protocol(int protocol,int field) {
switch(protocol) { switch(protocol) {
case IP: case IP:
if(field<PAYLOAD || field>FRAGMENT_OFFSET) if((field<PAYLOAD || field>FRAGMENT_OFFSET) && field != FLOW)
return 0; return 0;
break; break;
case TCP: case TCP:
...@@ -345,7 +345,8 @@ static int anonymize_instance(mapidflib_function_instance_t *instance, ...@@ -345,7 +345,8 @@ static int anonymize_instance(mapidflib_function_instance_t *instance,
} }
//field shouldn't be special enumeration like BASE_FTP_DEFS //field shouldn't be special enumeration like BASE_FTP_DEFS
if((field_description<=BASE_FIELD_DEFS || field_description>=END_FIELD_DEFS) if(((field_description<=BASE_FIELD_DEFS || field_description>=END_FIELD_DEFS)
&& field_description!=FLOW)
|| field_description==BASE_FTP_DEFS || field_description==BASE_FTP_DEFS
|| field_description==END_FTP_DEFS || field_description==END_FTP_DEFS
|| field_description==BASE_HTTP_DEFS || field_description==BASE_HTTP_DEFS
...@@ -575,6 +576,32 @@ void anonymize_field(int protocol, int field, int function,mapipacket *packet,st ...@@ -575,6 +576,32 @@ void anonymize_field(int protocol, int field, int function,mapipacket *packet,st
header_pointer = field_pointer; header_pointer = field_pointer;
len = header_len = packet->ipdsize; len = header_len = packet->ipdsize;
break; break;
case TOS: {
/* not on byte boundary, so need to copy value into
* our own variable, and copy result back again */
unsigned char ttl;
unsigned char *flow = (unsigned char *)&packet->ip6h->ip6_flow;
ttl = (flow[0] << 4) + (flow[1] >> 4);
apply_function_to_field(function, protocol, field,
&ttl, 1, header_pointer,
header_len, packet, params);
flow[0] = (flow[0] & 0xf0) | (ttl >> 4);
flow[1] = (flow[1] & 0xf) | (ttl << 4);
return;
}
case FLOW: {
/* not on byte boundary, so need to copy value into
* our own variable, and copy result back again
* last 20 bits are the flow label */
unsigned int flow = ntohl(packet->ip6h->ip6_flow) & 0xfffff;
apply_function_to_field(function, protocol, field,
(unsigned char *)&flow, 4,
header_pointer, header_len,
packet, params);
/* hopefully ok to ignore top 12 bits of anon result */
packet->ip6h->ip6_flow = htonl((packet->ip6h->ip6_flow & 0xfff00000) | (flow & 0xfffff));
return;
}
case TTL: case TTL:
field_pointer = (unsigned char *)&packet->ip6h->ip6_hlim; field_pointer = (unsigned char *)&packet->ip6h->ip6_hlim;
len = 1; len = 1;
......
...@@ -161,6 +161,7 @@ char *anonnames[] = { ...@@ -161,6 +161,7 @@ char *anonnames[] = {
"END_FIELD_DEFS", "END_FIELD_DEFS",
"GAUSSIAN", "GAUSSIAN",
"UNIFORM", "UNIFORM",
"FLOW", /* ipv6 flowlabel, should not be last, but may break compatibility if not */
NULL NULL
}; };
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment