separate types for ICMP with 8-bit type/code, and with RFC-only combi…

…nations (#70) * icmp followup: separate types for ICMP with 8-bit type/code, and with RFC-only combinations Signed-off-by: adisos <[email protected]> * rename file Signed-off-by: adisos <[email protected]> * small updates Signed-off-by: adisos <[email protected]> * small fixes Signed-off-by: adisos <[email protected]> --------- Signed-off-by: adisos <[email protected]>
np-guard · Oct 2, 2024 · dbe18f8 · dbe18f8
1 parent c4bc6d3
commit dbe18f8
Show file tree

Hide file tree

Showing 9 changed files with 415 additions and 247 deletions.
diff --git a/pkg/connection/connection.go b/pkg/connection/connection.go
@@ -50,12 +50,14 @@ func NewUDPSet() *Set {
 }
 
 // ICMPConnection returns a set of connections containing the ICMP protocol with specified type,code values
-func ICMPConnection(icmpType, icmpCode *int64) (*Set, error) {
-	icmp, err := netp.ICMPFromTypeAndCode64(icmpType, icmpCode)
-	if err != nil {
-		return nil, err
-	}
-	return netset.NewICMPTransport(icmp), nil
+func ICMPConnection(icmpType, icmpCode int64) *Set {
+	return netset.NewICMPTransport(icmpType, icmpType, icmpCode, icmpCode)
+}
+
+// ICMPConnectionTypeCodeRanges returns a set of connections containing the ICMP
+// protocol with specified type,code ranges values
+func ICMPConnectionTypeCodeRanges(minIcmpType, maxICMPType, minCode, maxCode int64) *Set {
+	return netset.NewICMPTransport(minIcmpType, maxICMPType, minCode, maxCode)
 }
 
 // All returns a set of all protocols (TCP,UPD,ICMP) in the set (with all possible properties values)

diff --git a/pkg/connection/json.go b/pkg/connection/json.go
@@ -7,6 +7,7 @@ SPDX-License-Identifier: Apache-2.0
 package connection
 
 import (
+	"github.com/np-guard/models/pkg/interval"
 	"github.com/np-guard/models/pkg/netp"
 	"github.com/np-guard/models/pkg/netset"
 	"github.com/np-guard/models/pkg/spec"
@@ -52,6 +53,40 @@ func getCubeAsTCPItems(srcPorts, dstPorts *netset.PortSet, p int64) []spec.TcpUd
 
 type Details spec.ProtocolList
 
+func getCubeAsICMPItems(typesSet, codesSet *interval.CanonicalSet) []spec.Icmp {
+	allTypes := typesSet.Equal(netset.AllICMPTypes())
+	allCodes := codesSet.Equal(netset.AllICMPCodes())
+	switch {
+	case allTypes && allCodes:
+		return []spec.Icmp{{Protocol: spec.IcmpProtocolICMP}}
+	case allTypes:
+		res := []spec.Icmp{}
+		for _, code64 := range codesSet.Elements() {
+			code := int(code64)
+			res = append(res, spec.Icmp{Protocol: spec.IcmpProtocolICMP, Code: &code})
+		}
+		return res
+	case allCodes:
+		res := []spec.Icmp{}
+		for _, type64 := range typesSet.Elements() {
+			t := int(type64)
+			res = append(res, spec.Icmp{Protocol: spec.IcmpProtocolICMP, Type: &t})
+		}
+		return res
+	default:
+		res := []spec.Icmp{}
+		// iterate both codes and types
+		for _, type64 := range typesSet.Elements() {
+			t := int(type64)
+			for _, code64 := range codesSet.Elements() {
+				code := int(code64)
+				res = append(res, spec.Icmp{Protocol: spec.IcmpProtocolICMP, Type: &t, Code: &code})
+			}
+		}
+		return res
+	}
+}
+
 // ToJSON returns a `Details` object for JSON representation of the input connection Set.
 func ToJSON(c *Set) Details {
 	if c == nil {
@@ -72,19 +107,10 @@ func ToJSON(c *Set) Details {
 		}
 	}
 	for _, item := range c.ICMPSet().Partitions() {
-		if item.TypeCode != nil {
-			t := item.TypeCode.Type
-			res = append(res, spec.Icmp{
-				Protocol: spec.IcmpProtocolICMP,
-				Type:     &t,
-				Code:     item.TypeCode.Code,
-			})
-		} else {
-			res = append(res, spec.Icmp{
-				Protocol: spec.IcmpProtocolICMP,
-			})
+		icmpItems := getCubeAsICMPItems(item.Left, item.Right)
+		for _, item := range icmpItems {
+			res = append(res, item)
 		}
 	}
-
 	return Details(res)
 }
diff --git a/pkg/netp/icmp.go b/pkg/netp/icmp.go
@@ -12,6 +12,14 @@ import (
 	"slices"
 )
 
+// general non-strict ICMP type, code ranges
+const (
+	MinICMPType int64 = 0
+	MaxICMPType int64 = 254
+	MinICMPCode int64 = 0
+	MaxICMPCode int64 = 255
+)
+
 type ICMPTypeCode struct {
 	// ICMP type allowed.
 	Type int