Qualcomm 远程信息处理 SDK - 用户指南(11)
4.4.4 添加数据过滤器
此示例应用程序演示了如何添加数据过滤器。
- 获取DataFactory、DataConnectionManager和DataFilterManager实例
auto &dataFactory = telux::data::DataFactory::getInstance();
auto dataConnMgr_ = dataFactory.getDataConnectionManager();
auto dataFilterMgr_ = dataFactory.getDataFilterManager();
2.等待数据连接管理器和数据过滤管理器子系统初始化
bool dataConnectionSubSystemStatus = dataConnMgr_->isSubsystemReady();
if (!dataConnectionSubSystemStatus) {
std::cout << "Data Connection Manager subsystem is not ready, Please wait" << std::endl;
std::future<bool> f = dataConnMgr_->onSubsystemReady();
// Wait unconditionally for data manager subsystem to be ready
dataConnectionSubSystemStatus = f.get();
}
// Exit the application, if SDK is unable to initialize data manager subsystems
if (!dataConnectionSubSystemStatus) {
std::cout << "ERROR - Unable to initialize subSystem" << std::endl;
return EXIT_FAILURE;
}
bool dataFilterSubSystemStatus = dataFilterMgr_->isReady();
if (!dataFilterSubSystemStatus) {
std::cout << "Data Filter Manager subsystem is not ready, Please wait" << std::endl;
std::future<bool> f = dataFilterMgr_->onReady();
// Wait unconditionally for data filter subsystem to be ready
dataFilterSubSystemStatus = f.get();
}
// Exit the application, if SDK is unable to initialize data manager subsystems
if (!dataFilterSubSystemStatus) {
std::cout << "ERROR - Unable to initialize subSystem" << std::endl;
return EXIT_FAILURE;
}
3.设置数据过滤模式为启用
std::promise<bool> p;
int profileId = 2;
telux::data::IpFamilyType ipFamilyType = telux::data::IpFamilyType::IPV4;
telux::data::DataRestrictMode enableMode;
enableMode.filterAutoExit = telux::data::DataRestrictModeType::DISABLE;
enableMode.filterMode = telux::data::DataRestrictModeType::ENABLE;
auto status = dataFilterMgr_->setDataRestrictMode(enableMode,
[&p](telux::common::ErrorCode error) {
if (error == telux::common::ErrorCode::SUCCESS) {
p.set_value(true);
} else {
std::cout << "Failed to set data filter mode" << std::endl;
p.set_value(false);
}
}, profileId, ipFamilyType);
if(status == telux::common::Status::SUCCESS) {
std::cout << "Set data filter mode Request sent" << std::endl;
} else {
std::cout << "Set data filter mode Request failed" << std::endl;
}
if (p.get_future().get()) {
std::cout << "Set data filter mode succeeded." << std::endl;
}
4.添加数据过滤器
std::promise<bool> p;
std::string ipAddr = std::string("168.128.91.1");
int port = 8888;
telux::data::IPv4Info ipv4Info_ = {};
ipv4Info_.srcAddr = ipAddr;
telux::data::PortInfo srcPort;
srcPort.port = port;
srcPort.range = 0;
telux::data::UdpInfo udpInfo_ = {};
udpInfo_.src = srcPort;
// IpProtocol for UDP
int PROTO_UDP = 17;
// create a filter of UDP type, and set source IP and port.
std::shared_ptr<telux::data::IIpFilter> dataFilter =
dataFactory.getNewIpFilter(PROTO_UDP);
dataFilter->setIPv4Info(ipv4Info_);
auto udpRestrictFilter = std::dynamic_pointer_cast<telux::data::IUdpFilter>(dataFilter);
udpRestrictFilter->setUdpInfo(udpInfo_);
auto status = dataFilterMgr_->addDataRestrictFilter(dataFilter,
[&p](telux::common::ErrorCode error) {
if (error == telux::common::ErrorCode::SUCCESS) {
p.set_value(true);
} else {
std::cout << "Failed to add data filter" << std::endl;
p.set_value(false);
}
}, profileId, ipFamilyType);
if(status == telux::common::Status::SUCCESS) {
std::cout << "Add data filter Request sent" << std::endl;
} else {
std::cout << "Add data filter Request failed" << std::endl;
}
if (p.get_future().get()) {
std::cout << "Add data filter succeeded." << std::endl;
}
4.4.5 删除数据过滤模式
此示例应用程序演示了如何删除所有数据过滤模式。
1.获取DataFactory、DataConnectionManager和DataFilterManager实例
auto &dataFactory = telux::data::DataFactory::getInstance();
auto dataConnMgr_ = dataFactory.getDataConnectionManager();
auto dataFilterMgr_ = dataFactory.getDataFilterManager();
2.等待数据连接和数据过滤管理器子系统初始化
bool dataConnectionSubSystemStatus = dataConnMgr_->isSubsystemReady();
if (!dataConnectionSubSystemStatus) {
std::cout << "Data Connection Manager subsystem is not ready, Please wait" << std::endl;
std::future<bool> f = dataConnMgr_->onSubsystemReady();
// Wait unconditionally for data manager subsystem to be ready
dataConnectionSubSystemStatus = f.get();
}
// Exit the application, if SDK is unable to initialize data manager subsystems
if (!dataConnectionSubSystemStatus) {
std::cout << "ERROR - Unable to initialize subSystem" << std::endl;
return EXIT_FAILURE;
}
bool dataFilterSubSystemStatus = dataFilterMgr_->isReady();
if (!dataFilterSubSystemStatus) {
std::cout << "Data Filter Manager subsystem is not ready, Please wait" << std::endl;
std::future<bool> f = dataFilterMgr_->onReady();
// Wait unconditionally for data filter subsystem to be ready
dataFilterSubSystemStatus = f.get();
}
// Exit the application, if SDK is unable to initialize data manager subsystems
if (!dataFilterSubSystemStatus) {
std::cout << "ERROR - Unable to initialize subSystem" << std::endl;
return EXIT_FAILURE;
}
3.删除所有数据过滤器
std::promise<bool> p;
int profileId = 2;
telux::data::IpFamilyType ipFamilyType = telux::data::IpFamilyType::IPV4;
auto status = dataFilterMgr_->removeAllDataRestrictFilters(
[&p](telux::common::ErrorCode error) {
if (error == telux::common::ErrorCode::SUCCESS) {
p.set_value(true);
} else {
std::cout << "Failed to remove all filter" << std::endl;
p.set_value(false);
}
}, profileId, ipFamilyType);
if(status == telux::common::Status::SUCCESS) {
std::cout << "Remove all data filter Request sent" << std::endl;
} else {
std::cout << "Remove all data filter Request failed" << std::endl;
}
if (p.get_future().get()) {
std::cout << "Remove all data filter succeeded." << std::endl;
}
4.4.6 启用/禁用防火墙
此示例应用程序演示了如何启用/禁用防火墙。
- 实现初始化回调并获取DataFactory实例
可选地,可以通过获取管理器实例来提供初始化回调。当管理器初始化完成时,数据工厂将调用回调。
auto initCb = [&](telux::common::ServiceStatus status) {
std::lock_guard<std::mutex> lock(mtx);
status_ = status;
initCv.notify_all();
};
auto &dataFactory = telux::data::DataFactory::getInstance();
- 获取FirewallManager实例
std::unique_lock<std::mutex> lck(mtx);
auto dataFwMgr = dataFactory.getFirewallManager(opType, initCb);
3.等待FirewallManager初始化完成
initCv.wait(lck);
3.1 检查FirewallManager初始化状态
如果FirewallManager初始化失败,可以通过调用步骤2来完成新的初始化尝试。如果FirewallManager初始化成功,则继续执行步骤4。
if (status_ == telux::common::ServiceStatus::SERVICE_AVAILABLE) {
// Go to step 4
}
else {
//Go to step 2 for another initialization attempt
}
- 实现设置防火墙的回调
auto respCb = [](telux::common::ErrorCode error) {
std::cout << std::endl << std::endl;
std::cout << "CALLBACK: "
<< "setFirewall Response"
<< (error == telux::common::ErrorCode::SUCCESS ? " is successful" : " failed");
};
5.根据profileId设置防火墙模式,启用/禁用以及允许/丢弃数据包
dataFwMgr->setFirewall(profileId,fwEnable, allowPackets, respCb);
现在,将为 setFirewall 响应调用响应回调。
4.4.7 创建防火墙DMZ
此示例应用程序演示了如何创建防火墙 DMZ。
- 实现初始化回调并获取DataFactory实例
可选地,可以通过获取管理器实例来提供初始化回调。当管理器初始化完成时,数据工厂将调用回调。
auto initCb = [&](telux::common::ServiceStatus status) {
std::lock_guard<std::mutex> lock(mtx);
status_ = status;
initCv.notify_all();
};
auto &dataFactory = telux::data::DataFactory::getInstance();
- 获取FirewallManager实例
std::unique_lock<std::mutex> lck(mtx);
auto dataFwMgr = dataFactory.getFirewallManager(opType, initCb);
3.等待FirewallManager初始化完成
initCv.wait(lck);
3.1 检查FirewallManager初始化状态
如果FirewallManager初始化失败,可以通过调用步骤2来完成新的初始化尝试。如果FirewallManager初始化成功,则继续执行步骤4。
if (status_ == telux::common::ServiceStatus::SERVICE_AVAILABLE) {
// Go to step 4
}
else {
//Go to step 2 for another initialization attempt
}
- 实现创建DMZ的回调
auto respCb = [](telux::common::ErrorCode error) {
std::cout << std::endl << std::endl;
std::cout << "CALLBACK: "
<< "addDmz Response"
<< (error == telux::common::ErrorCode::SUCCESS ? " is successful" : " failed");
};
5.根据profile id和本地ip地址创建DMZ
dataFwMgr->enableDmz(profileId,ipAddr, respCb);
现在,将为 addDmz 响应调用响应回调。
4.4.8 添加防火墙条目
添加防火墙条目
请按照以下步骤创建和添加防火墙条目
- 实现初始化回调并获取DataFactory实例
可选地,可以通过获取管理器实例来提供初始化回调。当管理器初始化完成时,数据工厂将调用回调。
auto initCb = [&](telux::common::ServiceStatus status) {
std::lock_guard<std::mutex> lock(mtx);
status_ = status;
initCv.notify_all();
};
auto &dataFactory = telux::data::DataFactory::getInstance();
- 获取FirewallManager实例
std::unique_lock<std::mutex> lck(mtx);
auto dataFwMgr = dataFactory.getFirewallManager(opType, initCb);
3.等待FirewallManager初始化完成
initCv.wait(lck);
3.1 检查FirewallManager初始化状态
如果FirewallManager初始化失败,可以通过调用步骤2来完成新的初始化尝试。如果FirewallManager初始化成功,则继续执行步骤4
if (status_ == telux::common::ServiceStatus::SERVICE_AVAILABLE) {
// Go to step 4
}
else {
//Go to step 2 for another initialization attempt
}
- 获取防火墙Entry实例
std::shared_ptr<telux::data::net::IFirewallEntry> fwEntry
= dataFactory.getNewFirewallEntry(proto, fwDir, ipFamType);
- 获取指向 Ip Filter 的指针
std::shared_ptr<telux::data::IIpFilter> ipFilter = fwEntry->getIProtocolFilter();
- 根据 Ip Family 类型填充 Ip 过滤器
switch (ipFamType) {
case telux::data::IpFamilyType::IPV4: {
telux::data::IPv4Info info;
info.srcAddr = srcAddr;
info.destAddr = destAddr;
info.srcSubnetMask = configParser->getValue(std::string("IPV4_SRC_SUBNET_MASK"));
info.destSubnetMask = configParser->getValue(std::string("IPV4_DEST_SUBNET_MASK"));
info.value = (uint8_t)std::atoi(
configParser->getValue(std::string("IPV4_SERVICE_TYPE")).c_str());
info.mask = (uint8_t)std::atoi(
configParser->getValue(std::string("IPV4_SERVICE_TYPE_MASK")).c_str());
info.nextProtoId = proto;
ipFilter->setIPv4Info(info);
} break;
case telux::data::IpFamilyType::IPV6: {
telux::data::IPv6Info info;
info.srcAddr = srcAddr;
info.destAddr = destAddr;
info.nextProtoId = proto;
info.val = (uint8_t)std::atoi(
configParser->getValue(std::string("IPV6_TRAFFIC_CLASS")).c_str());
info.mask = (uint8_t)std::atoi(
configParser->getValue(std::string("IPV6_TRAFFIC_CLASS_MASK")).c_str());
info.flowLabel = (uint32_t)std::atoi(
configParser->getValue(std::string("IPV6_FLOW_LABEL")).c_str());
ipFilter->setIPv6Info(info);
} break;
default: {
std::cout <<"Error: Unrecognized Ip Family used .. exiting app" <<std::endl;
return 1;
} break;
}
- 填充协议信息
switch (proto) {
case 6: { // TCP
telux::data::TcpInfo tcpInfo;
tcpInfo.src.port = (uint16_t)protSrcPort;
tcpInfo.src.range = (uint16_t)protSrcRange;
tcpInfo.dest.port = (uint16_t)protDestPort;
tcpInfo.dest.range = (uint16_t)protDestRange;
auto tcpFilter = std::dynamic_pointer_cast<telux::data::ITcpFilter>(ipFilter);
if(tcpFilter) {
tcpFilter->setTcpInfo(tcpInfo);
}
} break;
case 17: { //UDP
telux::data::UdpInfo info;
info.src.port = (uint16_t)protSrcPort;
info.src.range = (uint16_t)protSrcRange;
info.dest.port = (uint16_t)protDestPort;
info.dest.range = (uint16_t)protDestRange;
auto udpFilter = std::dynamic_pointer_cast<telux::data::IUdpFilter>(ipFilter);
if(udpFilter) {
udpFilter->setUdpInfo(info);
}
} break;
default: {
} break;
}
- 实例化添加防火墙条目回调实例 - 这是可选的
auto respCb = [](telux::common::ErrorCode error) {
std::cout << std::endl << std::endl;
std::cout << "CALLBACK: "
<< "addFirewallEntry Response"
<< (error == telux::common::ErrorCode::SUCCESS ? " is successful" : " failed")
<< ". ErrorCode: " << static_cast<int>(error) << std::endl;
promise.set_value(1);
};
std::future<int> future = promise.get_future();
dataFwMgr->addFirewallEntry(profileId, fwEntry, respCb);