communicator.java

sifi-0.1.6.tar.gz 出自http://www.ifi.unizh.ch/ikm/SINUS/firewall/ 一个linux的防火墙工具。

      commError = COMM_IO;
      return false;
    }
  }

  /**
   * Reset usage counter on firewall
   * @param servAddr Server address (firewall)
   * @return true if successful, commError is set when returning false
   */
  public static synchronized boolean resetUsage(byte[] servAddr) {

		Connection conn = openServer(servAddr);
		if (conn == null)
			return false;

    try {
      conn.writeHeader(SERV_RESET_USAGE, 0);
      conn.readHeader();
      if (conn.readCommand != SERV_OK) {
        commError = COMM_ERROR;
        conn.in.skipBytes(conn.readLength);
        return false;
      }
      return true;
    } // try
    catch (Exception e) {
      dispose(conn);
      commError = COMM_IO;
      return false;
    }
  }

  /**
   * Read active firewall configuration
   * @param host Firewall to read configuration from
   * @return true if successful, commError is set when returning false
   */
  public static synchronized boolean readFwConfig(Host host) {
    int tmpint;
    if (!host.isFirewall) {
      commError = COMM_NOFIREWALL;
      return false;
    }
    byte[] hostAddr = host.HostAddresses.getFirstAddress();
    if (hostAddr == null) {
      commError = COMM_NOADDRESS;
      return false;
    }

		Connection conn = openServer(hostAddr);
		if (conn == null)
			return false;
    try {
      conn.writeHeader(SERV_READ_ADDR, 0);
      conn.readHeader();
      switch (conn.readCommand) {
        case SERV_OK:
          break;
        default:
          commError = COMM_ERROR;
          conn.in.skipBytes(conn.readLength);
          return false;
      } // switch
      conn.readHeader();
      if (conn.readLength != 4) {
        commError = COMM_ERROR;
        return false;
      }
      int numEntries = conn.in.readInt();
      host.addr = new byte[numEntries][4];
      host.mask = new byte[numEntries][4];
      host.port = new short[numEntries];
      host.prend = new short[numEntries];
      int pos = 0;
      conn.readHeader();
      while (conn.readLength == 12) {
        conn.in.readFully(host.addr[pos], 0, 4);
        conn.in.readFully(host.mask[pos], 0, 4);
        host.port[pos] = conn.in.readShort();
        host.prend[pos] = conn.in.readShort();
        conn.readHeader();
        pos++;
      }
      if (conn.readLength != 0) {
        commError = COMM_ERROR;
        return false;
      }

      conn.writeHeader(SERV_READ_RULES, 0);
      conn.readHeader();
      switch (conn.readCommand) {
        case SERV_OK:
          break;
        default:
          commError = COMM_ERROR;
          conn.in.skipBytes(conn.readLength);
          return false;
      } // switch
      host.rules = new Vector(20,20);
      Rule r;
      conn.readHeader();
      while (conn.readLength == 64) {
        r = new Rule();
        r.fw_line = conn.in.readInt();
        r.level_num = conn.in.readInt();
        r.timeout = null;
        tmpint = conn.in.readInt();
        if (tmpint < 0)
          r.timeout_type = tmpint;
        else {
          r.timeout_type = Rule.SF_TIMEOUT_VALID;
          r.timeout = new Date((long)tmpint * 1000);
        }
        r.fw_rc = conn.in.readInt();
        r.fw_src_idx = conn.in.readInt();
        r.fw_src_cnt = conn.in.readInt();
        r.fw_dst_idx = conn.in.readInt();
        r.fw_dst_cnt = conn.in.readInt();
        r.fw_flags = conn.in.readInt();
        r.ttl = conn.in.readInt();
        r.protocol = conn.in.readInt();
        r.fw_rip_idx = conn.in.readInt();
        r.fw_rip_cnt = conn.in.readInt();
        r.usage = conn.in.readInt();
        r.bytes = (long)conn.in.readInt();
        tmpint = conn.in.readInt();
        r.bytes += (long)tmpint * Rule.GIGA;
        host.rules.addElement(r);
        conn.readHeader();
      }
      if (conn.readLength != 0) {
        commError = COMM_ERROR;
        return false;
      }

      conn.writeHeader(SERV_READ_VARS, 0);
      conn.readHeader();
      switch (conn.readCommand) {
        case SERV_OK:
          break;
        default:
          commError = COMM_ERROR;
          conn.in.skipBytes(conn.readLength);
          return false;
      } // switch
      // read number of variables
      conn.readHeader();
      if (conn.readLength != 4) {
        commError = COMM_ERROR;
        return false;
      }
      int numVars = conn.in.readInt();
      int varcnt = 0;
      host.varnames = new String[numVars];
      host.varvalues = new int[numVars][];
      host.varaddr = new byte[numVars][][];
      host.vartimeout = new Date[numVars][];
      conn.readHeader();
      byte buf[] = new byte[256];
      while (conn.readLength != 0) {
        // read variable name
        conn.in.readFully(buf, 0, conn.readLength);
        host.varnames[varcnt] = new String(buf, 0, conn.readLength);
        
        // read number of entries
        conn.readHeader();
        if (conn.readLength != 4) {
          commError = COMM_ERROR;
          return false;
        }
        numEntries = conn.in.readInt();
        host.varvalues[varcnt] = new int[numEntries];
        host.varaddr[varcnt] = new byte[numEntries][4];
        host.vartimeout[varcnt] = new Date[numEntries];

        for (int i=0; i < numEntries; i++) {
          conn.readHeader();
          if (conn.readLength != 12) {
            commError = COMM_ERROR;
            return false;
          }
          host.varvalues[varcnt][i] = conn.in.readInt();
          conn.in.readFully(host.varaddr[varcnt][i], 0, 4);
          tmpint = conn.in.readInt();
          host.vartimeout[varcnt][i] = new Date((long)tmpint * 1000);
        }

        conn.readHeader();
        varcnt++;
      }
      if (conn.readLength != 0) {
        commError = COMM_ERROR;
        return false;
      }

      return true; 
    }
    catch (Exception e) {
      dispose(conn);
      commError = COMM_IO;
      return false;
    } 
  }

  /**
   * Resolve host name
   * @param hname hostname or string containing IP address
   * @return IP address if successful, commError is set when returning null
   */

	public static synchronized byte[] resolve(String hname) {

		InetAddress iaddr;

		try {
			return Utils.parseIP(hname);
		}
		catch (IllegalArgumentException e) {}

		try {
			iaddr = InetAddress.getByName(hname);
			return iaddr.getAddress();
		}
		catch (UnknownHostException e) {
      commError = COMM_RESOLVE;
      return null;
		}
	} // resolve
			
  /**
   * Resolve IP address
   * @param addr IP address
   * @return hostname or IP address if not resolvable
   */
	public static synchronized String resolveIP(byte[] addr) {

		String addrString;

		if ((addr == null) || (addr.length != 4))
      return null;
    else {
      addrString = "" + Utils.unsign(addr[0]);
      for (int i=1; i < 4; i++)
        addrString += ("." + Utils.unsign(addr[i]));
		}

		try {
			InetAddress iaddr = InetAddress.getByName(addrString);
			return iaddr.getHostName();
		}
		catch (UnknownHostException e) {
			return addrString;
		}
	} // resolveIP

  /**
   * Resolve service number
   * @param port service number
   * @param proto protocol
   * @param privOnly resolve only if port < 1024
   * @return service name or number if not resolvable
   */
  public static synchronized String resolvePort(int port, 
    String proto, boolean privOnly) {
    if (port == 7227)
      return "firewall";
    String portString = Integer.toString(port);
    if (privOnly && port >= 1024)
      return portString;
    Hashtable portCache = proto.toUpperCase().equals("UDP") ? portCacheUDP : portCacheTCP;
    String portName = (String)portCache.get(portString);
    if (portName != null)
      return portName;
		// Port Name resolving should be done here!
		return "" + port;
	} // resolvePort
			

	/**
	 * Close connection to server.
	 * @param server Connection to server.
	 */
	public static synchronized void dispose(Connection conn) {

		UserDialog.ErrorBox("Connection to "+conn.iaddr.getHostName()+" lost!");
		conn.close();
		openConns.removeElement(conn);

	} // dispose
	
  /**
   * Close all connections
   */
  public static synchronized void dispose() {

	Connection conn;

    try {
      Enumeration servers = openConns.elements();
      while (servers.hasMoreElements()) {
				conn = (Connection)servers.nextElement();
				conn.close();
			}
			// re-initialize openConns
			openConns = new Vector(5, 5);
    }
    catch (Exception e) {}
  } // dispose


  // public data

  /**
   * Value of commError: successful operation
   */
  public final static int COMM_OK          =    0;
  /**
   * Value of commError: unspecified error
   */
  public final static int COMM_ERROR       =   -1;
  /**
   * Value of commError: cannot connect to firewall
   */
  public final static int COMM_NOCONN      =   -2;
  /**
   * Value of commError: general I/O error (e.g. connection aborted)
   */
  public final static int COMM_IO          =   -3; 
  /**
   * Value of commError: connect to server
   */
  public final static int COMM_OPENCONN    =   -4; 
  /**
   * Value of commError: error handling a local file
   */
  public final static int COMM_FILEERR     =   -5; 
  /**
   * Value of commError: error resolving hostname, IP address, service name
   * or port number
   */
  public final static int COMM_RESOLVE     =   -6; 
  /**
   * Value of commError: The parameter passed to the method does not refer
   * to a firewall.
   */
  public final static int COMM_NOFIREWALL  =   -7;
  /**
   * Value of commError: The host object passed to the method does not
   * contain an IP address.
   */
  public final static int COMM_NOADDRESS   =   -8;
  /**
   * Value of commError: The host object passed to the method does not
   * contain an IP address.
   */
  public final static int COMM_AUTH_FAILED   =   -9;

  /**
   * The variable commError holds the error code of the last operation
   */
  public static int commError = COMM_OK; // errorcode for last command

  /**
   * The variable parent holds the parent Frame
   */
  public static Frame parent; 				// parent frame

  /**
   * TCP port on which firewalls are accepting connections
   */
	protected final static int serverPort = 7227;

  // magic used in server communication
  private final static int magic = 0xbedd1bed;

  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_SERVER_HELLO			= 0x0001;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_CLIENT_HELLO				= 0x0002;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_CLOSE							= 0x0003;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_CLOSE_ACK					= 0x0004;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_PING							= 0x0005;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_PING_REPLY				= 0x0006;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_GET_FILE					= 0x0007;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_FILE_DATA					= 0x0008;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_WRITE_FILE				= 0x0009;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_WRITE_OK					= 0x000A;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_WRITE_FAIL				= 0x000B;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_READ_ADDR					= 0x000C;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_READ_RULES				= 0x000D;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_READ_VARS					= 0x000E;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_RECONFIG					= 0x000F;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_CHECKCONFIG				= 0x0010;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_OK								= 0x0011;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_ERROR							= 0x0012;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_READ_TCP					= 0x0013;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_KILL_TCP					= 0x0014;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_RESET_USAGE				= 0x0015;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_AUTHENTICATE			= 0x0016;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_ERROR_AUTH				= 0x0017;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_NOTAUTHENTICATED	= 0x0018;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_SERVER_AUTHOK			= 0x0019;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_CLIENT_AUTHOK			= 0x001A;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_KEY_EXPIRED				= 0x001B;
  /**
   * Command used in communication with the server.
   */
  protected final static int SERV_KEY_UPDATE				= 0x001C;



  // private data
	private static String login;
	private static String key;
  private static Vector openConns = new Vector(5,5);  // open server connections
  private static Hashtable portCacheUDP = new Hashtable(); // Cache for UDP port translation
  private static Hashtable portCacheTCP = new Hashtable(); // Cache for TCP port translation
  private static Hashtable IPCache = new Hashtable();      // Cache for IP address translation

} // Communicator