summaryrefslogtreecommitdiff
path: root/src/libimcv/ietf
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@corsac.net>2012-06-28 21:16:07 +0200
committerYves-Alexis Perez <corsac@corsac.net>2012-06-28 21:16:07 +0200
commitb34738ed08c2227300d554b139e2495ca5da97d6 (patch)
tree62f33b52820f2e49f0e53c0f8c636312037c8054 /src/libimcv/ietf
parent0a9d51a49042a68daa15b0c74a2b7f152f52606b (diff)
downloadvyos-strongswan-b34738ed08c2227300d554b139e2495ca5da97d6.tar.gz
vyos-strongswan-b34738ed08c2227300d554b139e2495ca5da97d6.zip
Imported Upstream version 4.6.4
Diffstat (limited to 'src/libimcv/ietf')
-rw-r--r--src/libimcv/ietf/ietf_attr.c63
-rw-r--r--src/libimcv/ietf/ietf_attr.h63
-rw-r--r--src/libimcv/ietf/ietf_attr_pa_tnc_error.c472
-rw-r--r--src/libimcv/ietf/ietf_attr_pa_tnc_error.h134
-rw-r--r--src/libimcv/ietf/ietf_attr_port_filter.c288
-rw-r--r--src/libimcv/ietf/ietf_attr_port_filter.h74
-rw-r--r--src/libimcv/ietf/ietf_attr_product_info.c255
-rw-r--r--src/libimcv/ietf/ietf_attr_product_info.h67
8 files changed, 1416 insertions, 0 deletions
diff --git a/src/libimcv/ietf/ietf_attr.c b/src/libimcv/ietf/ietf_attr.c
new file mode 100644
index 000000000..89c6fc8db
--- /dev/null
+++ b/src/libimcv/ietf/ietf_attr.c
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ietf_attr.h"
+#include "ietf/ietf_attr_pa_tnc_error.h"
+#include "ietf/ietf_attr_port_filter.h"
+#include "ietf/ietf_attr_product_info.h"
+
+ENUM(ietf_attr_names, IETF_ATTR_TESTING, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED,
+ "Testing",
+ "Attribute Request",
+ "Product Information",
+ "Numeric Version",
+ "String Version",
+ "Operational Status",
+ "Port Filter",
+ "Installed Packages",
+ "PA-TNC Error",
+ "Assessment Result",
+ "Remediation Instructions",
+ "Forwarding Enabled",
+ "Factory Default Password Enabled",
+);
+
+/**
+ * See header
+ */
+pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, chunk_t value)
+{
+ switch (type)
+ {
+ case IETF_ATTR_PORT_FILTER:
+ return ietf_attr_port_filter_create_from_data(value);
+ case IETF_ATTR_PA_TNC_ERROR:
+ return ietf_attr_pa_tnc_error_create_from_data(value);
+ case IETF_ATTR_PRODUCT_INFORMATION:
+ return ietf_attr_product_info_create_from_data(value);
+ case IETF_ATTR_TESTING:
+ case IETF_ATTR_ATTRIBUTE_REQUEST:
+ case IETF_ATTR_NUMERIC_VERSION:
+ case IETF_ATTR_STRING_VERSION:
+ case IETF_ATTR_OPERATIONAL_STATUS:
+ case IETF_ATTR_INSTALLED_PACKAGES:
+ case IETF_ATTR_ASSESSMENT_RESULT:
+ case IETF_ATTR_REMEDIATION_INSTRUCTIONS:
+ case IETF_ATTR_FORWARDING_ENABLED:
+ case IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED:
+ case IETF_ATTR_RESERVED:
+ default:
+ return NULL;
+ }
+}
diff --git a/src/libimcv/ietf/ietf_attr.h b/src/libimcv/ietf/ietf_attr.h
new file mode 100644
index 000000000..a1ba42565
--- /dev/null
+++ b/src/libimcv/ietf/ietf_attr.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ietf_attrt ietf_attr
+ * @{ @ingroup ietf_attr
+ */
+
+#ifndef IETF_ATTR_H_
+#define IETF_ATTR_H_
+
+#include "pa_tnc/pa_tnc_attr.h"
+
+#include <library.h>
+
+typedef enum ietf_attr_t ietf_attr_t;
+
+/**
+ * IETF standard PA-TNC attribute types defined by RFC 5792
+ */
+enum ietf_attr_t {
+ IETF_ATTR_TESTING = 0,
+ IETF_ATTR_ATTRIBUTE_REQUEST = 1,
+ IETF_ATTR_PRODUCT_INFORMATION = 2,
+ IETF_ATTR_NUMERIC_VERSION = 3,
+ IETF_ATTR_STRING_VERSION = 4,
+ IETF_ATTR_OPERATIONAL_STATUS = 5,
+ IETF_ATTR_PORT_FILTER = 6,
+ IETF_ATTR_INSTALLED_PACKAGES = 7,
+ IETF_ATTR_PA_TNC_ERROR = 8,
+ IETF_ATTR_ASSESSMENT_RESULT = 9,
+ IETF_ATTR_REMEDIATION_INSTRUCTIONS = 10,
+ IETF_ATTR_FORWARDING_ENABLED = 11,
+ IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED = 12,
+ IETF_ATTR_RESERVED = 0xffffffff,
+};
+
+/**
+ * enum name for ietf_attr_t.
+ */
+extern enum_name_t *ietf_attr_names;
+
+/**
+ * Create an IETF PA-TNC attribute from data
+ *
+ * @param type attribute type
+ * @param value attribute value
+ */
+pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, chunk_t value);
+
+#endif /** IETF_ATTR_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.c b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
new file mode 100644
index 000000000..6daee1a77
--- /dev/null
+++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.c
@@ -0,0 +1,472 @@
+/*
+ * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ietf_attr_pa_tnc_error.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <debug.h>
+
+ENUM(pa_tnc_error_code_names, PA_ERROR_RESERVED,
+ PA_ERROR_ATTR_TYPE_NOT_SUPPORTED,
+ "Reserved",
+ "Invalid Parameter",
+ "Version Not Supported",
+ "Attribute Type Not Supported"
+);
+
+typedef struct private_ietf_attr_pa_tnc_error_t private_ietf_attr_pa_tnc_error_t;
+
+/**
+ * PA-TNC Error Attribute Type (see section 4.2.8 of RFC 5792)
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Reserved | PA-TNC Error Code Vendor ID |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | PA-TNC Error Code |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Error Information (Variable Length) |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+#define PA_ERROR_HEADER_SIZE 8
+#define PA_ERROR_RESERVED 0x00
+
+/**
+ * All IETF Error Types return the first 8 bytes of the erroneous PA-TNC message
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Version | Copy of Reserved |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Message Identifier |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+#define PA_ERROR_MSG_INFO_SIZE 8
+#define PA_ERROR_MSG_INFO_MAX_SIZE 1024
+
+/**
+ * "Invalid Parameter" Error Code
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Offset |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+/**
+ * "Version Not Supported" Error Code
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Max Version | Min Version | Reserved |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+#define PA_ERROR_VERSION_RESERVED 0x0000
+
+/**
+ * "Attribute Type Not Supported" Error Code
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Flags | PA-TNC Attribute Vendor ID |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | PA-TNC Attribute Type |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+#define PA_ERROR_ATTR_INFO_SIZE 8
+
+/**
+ * Private data of an ietf_attr_pa_tnc_error_t object.
+ */
+struct private_ietf_attr_pa_tnc_error_t {
+
+ /**
+ * Public members of ietf_attr_pa_tnc_error_t
+ */
+ ietf_attr_pa_tnc_error_t public;
+
+ /**
+ * Attribute vendor ID
+ */
+ pen_t vendor_id;
+
+ /**
+ * Attribute type
+ */
+ u_int32_t type;
+
+ /**
+ * Attribute value
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * Error code vendor ID
+ */
+ pen_t error_vendor_id;
+
+ /**
+ * Error code
+ */
+ u_int32_t error_code;
+
+ /**
+ * First 8 bytes of erroneous PA-TNC message
+ */
+ chunk_t msg_info;
+
+ /**
+ * First 8 bytes of unsupported PA-TNC attribute
+ */
+ chunk_t attr_info;
+
+ /**
+ * PA-TNC error offset
+ */
+ u_int32_t error_offset;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_vendor_id, pen_t,
+ private_ietf_attr_pa_tnc_error_t *this)
+{
+ return this->vendor_id;
+}
+
+METHOD(pa_tnc_attr_t, get_type, u_int32_t,
+ private_ietf_attr_pa_tnc_error_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_ietf_attr_pa_tnc_error_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_ietf_attr_pa_tnc_error_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_ietf_attr_pa_tnc_error_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_ietf_attr_pa_tnc_error_t *this)
+{
+ bio_writer_t *writer;
+
+ writer = bio_writer_create(PA_ERROR_HEADER_SIZE + PA_ERROR_MSG_INFO_SIZE);
+ writer->write_uint8 (writer, PA_ERROR_RESERVED);
+ writer->write_uint24(writer, this->error_vendor_id);
+ writer->write_uint32(writer, this->error_code);
+ writer->write_data (writer, this->msg_info);
+
+ if (this->error_vendor_id == PEN_IETF)
+ {
+ switch (this->error_code)
+ {
+ case PA_ERROR_INVALID_PARAMETER:
+ writer->write_uint32(writer, this->error_offset);
+ break;
+ case PA_ERROR_VERSION_NOT_SUPPORTED:
+ writer->write_uint8 (writer, PA_TNC_VERSION);
+ writer->write_uint8 (writer, PA_TNC_VERSION);
+ writer->write_uint16(writer, PA_ERROR_VERSION_RESERVED);
+ break;
+ case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
+ writer->write_data(writer, this->attr_info);
+ break;
+ default:
+ break;
+ }
+ }
+ this->value = chunk_clone(writer->get_buf(writer));
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_ietf_attr_pa_tnc_error_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+ u_int8_t reserved;
+
+ if (this->value.len < PA_ERROR_HEADER_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for PA-TNC error header");
+ *offset = 0;
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint8 (reader, &reserved);
+ reader->read_uint24(reader, &this->error_vendor_id);
+ reader->read_uint32(reader, &this->error_code);
+
+ if (this->error_vendor_id == PEN_IETF)
+ {
+ if (!reader->read_data(reader, PA_ERROR_MSG_INFO_SIZE, &this->msg_info))
+ {
+ reader->destroy(reader);
+ DBG1(DBG_TNC, "insufficient data for IETF error information");
+ *offset = PA_ERROR_HEADER_SIZE;
+ return FAILED;
+ }
+ this->msg_info = chunk_clone(this->msg_info);
+
+ switch (this->error_code)
+ {
+ case PA_ERROR_INVALID_PARAMETER:
+ if (!reader->read_uint32(reader, &this->error_offset))
+ {
+ reader->destroy(reader);
+ DBG1(DBG_TNC, "insufficient data for error offset field");
+ *offset = PA_ERROR_HEADER_SIZE + PA_ERROR_MSG_INFO_SIZE;
+ return FAILED;
+ }
+ break;
+ case PA_ERROR_ATTR_TYPE_NOT_SUPPORTED:
+ if (!reader->read_data(reader, PA_ERROR_ATTR_INFO_SIZE,
+ &this->attr_info))
+ {
+ reader->destroy(reader);
+ DBG1(DBG_TNC, "insufficient data for unsupported attribute "
+ "information");
+ *offset = PA_ERROR_HEADER_SIZE + PA_ERROR_MSG_INFO_SIZE;
+ return FAILED;
+ }
+ this->attr_info = chunk_clone(this->attr_info);
+ break;
+ default:
+ break;
+ }
+ }
+ else
+ {
+ reader->read_data(reader, reader->remaining(reader), &this->msg_info);
+ this->msg_info = chunk_clone(this->msg_info);
+ }
+ reader->destroy(reader);
+
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_ietf_attr_pa_tnc_error_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_ietf_attr_pa_tnc_error_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->value.ptr);
+ free(this->msg_info.ptr);
+ free(this->attr_info.ptr);
+ free(this);
+ }
+}
+
+METHOD(ietf_attr_pa_tnc_error_t, get_error_vendor_id, pen_t,
+ private_ietf_attr_pa_tnc_error_t *this)
+{
+ return this->error_vendor_id;
+}
+
+METHOD(ietf_attr_pa_tnc_error_t, get_error_code, u_int32_t,
+ private_ietf_attr_pa_tnc_error_t *this)
+{
+ return this->error_code;
+}
+
+METHOD(ietf_attr_pa_tnc_error_t, get_msg_info, chunk_t,
+ private_ietf_attr_pa_tnc_error_t *this)
+{
+ return this->msg_info;
+}
+
+METHOD(ietf_attr_pa_tnc_error_t, get_attr_info, chunk_t,
+ private_ietf_attr_pa_tnc_error_t *this)
+{
+ return this->attr_info;
+}
+
+METHOD(ietf_attr_pa_tnc_error_t, set_attr_info, void,
+ private_ietf_attr_pa_tnc_error_t *this, chunk_t attr_info)
+{
+ this->attr_info = chunk_clone(attr_info);
+}
+
+METHOD(ietf_attr_pa_tnc_error_t, get_offset, u_int32_t,
+ private_ietf_attr_pa_tnc_error_t *this)
+{
+ return this->error_offset;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *ietf_attr_pa_tnc_error_create(pen_t vendor_id,
+ u_int32_t error_code,
+ chunk_t msg_info)
+{
+ private_ietf_attr_pa_tnc_error_t *this;
+
+ if (vendor_id == PEN_IETF)
+ {
+ msg_info.len = PA_ERROR_MSG_INFO_SIZE;
+ }
+ else if (msg_info.len > PA_ERROR_MSG_INFO_MAX_SIZE)
+ {
+ msg_info.len = PA_ERROR_MSG_INFO_MAX_SIZE;
+ }
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_vendor_id = _get_vendor_id,
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_vendor_id = _get_error_vendor_id,
+ .get_error_code = _get_error_code,
+ .get_msg_info = _get_msg_info,
+ .get_attr_info = _get_attr_info,
+ .set_attr_info = _set_attr_info,
+ .get_offset = _get_offset,
+ },
+ .vendor_id = PEN_IETF,
+ .type = IETF_ATTR_PA_TNC_ERROR,
+ .error_vendor_id = vendor_id,
+ .error_code = error_code,
+ .msg_info = chunk_clone(msg_info),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *ietf_attr_pa_tnc_error_create_with_offset(pen_t vendor_id,
+ u_int32_t error_code,
+ chunk_t msg_info,
+ u_int32_t error_offset)
+{
+ private_ietf_attr_pa_tnc_error_t *this;
+
+ /* the first 8 bytes of the erroneous PA-TNC message are sent back */
+ msg_info.len = PA_ERROR_MSG_INFO_SIZE;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_vendor_id = _get_vendor_id,
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_vendor_id = _get_error_vendor_id,
+ .get_error_code = _get_error_code,
+ .get_msg_info = _get_msg_info,
+ .get_attr_info = _get_attr_info,
+ .set_attr_info = _set_attr_info,
+ .get_offset = _get_offset,
+ },
+ .vendor_id = PEN_IETF,
+ .type = IETF_ATTR_PA_TNC_ERROR,
+ .error_vendor_id = vendor_id,
+ .error_code = error_code,
+ .msg_info = chunk_clone(msg_info),
+ .error_offset = error_offset,
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *ietf_attr_pa_tnc_error_create_from_data(chunk_t data)
+{
+ private_ietf_attr_pa_tnc_error_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_vendor_id = _get_vendor_id,
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .build = _build,
+ .process = _process,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_vendor_id = _get_error_vendor_id,
+ .get_error_code = _get_error_code,
+ .get_msg_info = _get_msg_info,
+ .get_attr_info = _get_attr_info,
+ .set_attr_info = _set_attr_info,
+ .get_offset = _get_offset,
+ },
+ .vendor_id = PEN_IETF,
+ .type = IETF_ATTR_PA_TNC_ERROR,
+ .value = chunk_clone(data),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+
diff --git a/src/libimcv/ietf/ietf_attr_pa_tnc_error.h b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h
new file mode 100644
index 000000000..945e06c62
--- /dev/null
+++ b/src/libimcv/ietf/ietf_attr_pa_tnc_error.h
@@ -0,0 +1,134 @@
+/*
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ietf_attr_pa_tnc_errort ietf_attr_pa_tnc_error
+ * @{ @ingroup ietf_attr_pa_tnc_error
+ */
+
+#ifndef IETF_ATTR_PA_TNC_ERROR_H_
+#define IETF_ATTR_PA_TNC_ERROR_H_
+
+typedef struct ietf_attr_pa_tnc_error_t ietf_attr_pa_tnc_error_t;
+typedef enum pa_tnc_error_code_t pa_tnc_error_code_t;
+
+#include "ietf_attr.h"
+#include "pa_tnc/pa_tnc_attr.h"
+
+
+/**
+ * IETF Standard PA-TNC Error Codes as defined in section 4.2.8 of RFC 5792
+ */
+enum pa_tnc_error_code_t {
+ PA_ERROR_RESERVED = 0,
+ PA_ERROR_INVALID_PARAMETER = 1,
+ PA_ERROR_VERSION_NOT_SUPPORTED = 2,
+ PA_ERROR_ATTR_TYPE_NOT_SUPPORTED = 3,
+};
+
+/**
+ * enum name for pa_tnc_error_code_t.
+ */
+extern enum_name_t *pa_tnc_error_code_names;
+
+/**
+ * Class implementing the IETF PA-TNC Error attribute.
+ *
+ */
+struct ietf_attr_pa_tnc_error_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Get PA-TNC error code vendor ID
+ *
+ * @return error code vendor ID
+ */
+ pen_t (*get_vendor_id)(ietf_attr_pa_tnc_error_t *this);
+
+ /**
+ * Get PA-TNC error code
+ *
+ * @return error code
+ */
+ pa_tnc_error_code_t (*get_error_code)(ietf_attr_pa_tnc_error_t *this);
+
+ /**
+ * Get first 8 bytes of erroneous PA-TNC message
+ *
+ * @return PA-TNC message info
+ */
+ chunk_t (*get_msg_info)(ietf_attr_pa_tnc_error_t *this);
+
+ /**
+ * Get first 8 bytes of unsupported PA-TNC attribute
+ *
+ * @return PA-TNC attribute info
+ */
+ chunk_t (*get_attr_info)(ietf_attr_pa_tnc_error_t *this);
+
+ /**
+ * Set first 8 bytes of unsupported PA-TNC attribute
+ *
+ * @param attr_info PA-TNC message info
+ */
+ void (*set_attr_info)(ietf_attr_pa_tnc_error_t *this, chunk_t attr_info);
+
+ /**
+ * Get the PA-TNC error offset
+ *
+ * @return PA-TNC error offset
+ */
+ u_int32_t (*get_offset)(ietf_attr_pa_tnc_error_t *this);
+
+};
+
+/**
+ * Creates an ietf_attr_pa_tnc_error_t object from an error code
+ *
+ * @param vendor_id PA-TNC error code vendor ID
+ * @param error_code PA-TNC error code
+ * @param header PA-TNC message header (first 8 bytes)
+ *
+ */
+pa_tnc_attr_t* ietf_attr_pa_tnc_error_create(pen_t vendor_id,
+ u_int32_t error_code,
+ chunk_t header);
+
+/**
+ * Creates an ietf_attr_pa_tnc_error_t object from an error code with offset
+ *
+ * @param vendor_id PA-TNC error code vendor ID
+ * @param error_code PA-TNC error code
+ * @param header PA-TNC message header (first 8 bytes)
+ * @param error_offset PA-TNC error offset in bytes
+ *
+ */
+pa_tnc_attr_t* ietf_attr_pa_tnc_error_create_with_offset(pen_t vendor_id,
+ u_int32_t error_code,
+ chunk_t header,
+ u_int32_t error_offset);
+
+/**
+ * Creates an ietf_attr_pa_tnc_error_t object from received data
+ *
+ * @param value unparsed attribute value
+ */
+pa_tnc_attr_t* ietf_attr_pa_tnc_error_create_from_data(chunk_t value);
+
+#endif /** IETF_ATTR_PA_TNC_ERROR_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_port_filter.c b/src/libimcv/ietf/ietf_attr_port_filter.c
new file mode 100644
index 000000000..b53019657
--- /dev/null
+++ b/src/libimcv/ietf/ietf_attr_port_filter.c
@@ -0,0 +1,288 @@
+/*
+ * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ietf_attr_port_filter.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <utils/linked_list.h>
+#include <debug.h>
+
+
+typedef struct private_ietf_attr_port_filter_t private_ietf_attr_port_filter_t;
+typedef struct port_entry_t port_entry_t;
+
+/**
+ * Port Filter entry
+ */
+struct port_entry_t {
+ bool blocked;
+ u_int8_t protocol;
+ u_int16_t port;
+};
+
+/**
+ * PA-TNC Port Filter Type (see section 4.2.6 of RFC 5792)
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Reserved |B| Protocol | Port Number |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Reserved |B| Protocol | Port Number |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+#define PORT_FILTER_ENTRY_SIZE 4
+
+/**
+ * Private data of an ietf_attr_port_filter_t object.
+ */
+struct private_ietf_attr_port_filter_t {
+
+ /**
+ * Public members of ietf_attr_port_filter_t
+ */
+ ietf_attr_port_filter_t public;
+
+ /**
+ * Attribute vendor ID
+ */
+ pen_t vendor_id;
+
+ /**
+ * Attribute type
+ */
+ u_int32_t type;
+
+ /**
+ * Attribute value
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * List of Port Filter entries
+ */
+ linked_list_t *ports;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_vendor_id, pen_t,
+ private_ietf_attr_port_filter_t *this)
+{
+ return this->vendor_id;
+}
+
+METHOD(pa_tnc_attr_t, get_type, u_int32_t,
+ private_ietf_attr_port_filter_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_ietf_attr_port_filter_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_ietf_attr_port_filter_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_ietf_attr_port_filter_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_ietf_attr_port_filter_t *this)
+{
+ bio_writer_t *writer;
+ enumerator_t *enumerator;
+ port_entry_t *entry;
+
+ writer = bio_writer_create(this->ports->get_count(this->ports) *
+ PORT_FILTER_ENTRY_SIZE);
+
+ enumerator = this->ports->create_enumerator(this->ports);
+ while (enumerator->enumerate(enumerator, &entry))
+ {
+ writer->write_uint8 (writer, entry->blocked ? 0x01 : 0x00);
+ writer->write_uint8 (writer, entry->protocol);
+ writer->write_uint16(writer, entry->port);
+ }
+ enumerator->destroy(enumerator);
+
+ this->value = chunk_clone(writer->get_buf(writer));
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_ietf_attr_port_filter_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+ port_entry_t *entry;
+ u_int8_t blocked;
+
+ if (this->value.len % PORT_FILTER_ENTRY_SIZE)
+ {
+ DBG1(DBG_TNC, "ietf port filter attribute value is not a multiple of %d",
+ PORT_FILTER_ENTRY_SIZE);
+ *offset = 0;
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+
+ while (reader->remaining(reader))
+ {
+ entry = malloc_thing(port_entry_t);
+ reader->read_uint8 (reader, &blocked);
+ entry->blocked = blocked & 0x01;
+ reader->read_uint8 (reader, &entry->protocol);
+ reader->read_uint16(reader, &entry->port);
+ this->ports->insert_last(this->ports, entry);
+ }
+ reader->destroy(reader);
+
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_ietf_attr_port_filter_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_ietf_attr_port_filter_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ this->ports->destroy_function(this->ports, free);
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
+METHOD(ietf_attr_port_filter_t, add_port, void,
+ private_ietf_attr_port_filter_t *this, bool blocked, u_int8_t protocol,
+ u_int16_t port)
+{
+ port_entry_t *entry;
+
+ entry = malloc_thing(port_entry_t);
+ entry->blocked = blocked;
+ entry->protocol = protocol;
+ entry->port = port;
+ this->ports->insert_last(this->ports, entry);
+}
+
+/**
+ * Enumerate port filter entries
+ */
+static bool port_filter(void *null, port_entry_t **entry,
+ bool *blocked, void *i2, u_int8_t *protocol, void *i3,
+ u_int16_t *port)
+{
+ *blocked = (*entry)->blocked;
+ *protocol = (*entry)->protocol;
+ *port = (*entry)->port;
+ return TRUE;
+}
+
+METHOD(ietf_attr_port_filter_t, create_port_enumerator, enumerator_t*,
+ private_ietf_attr_port_filter_t *this)
+{
+ return enumerator_create_filter(this->ports->create_enumerator(this->ports),
+ (void*)port_filter, NULL, NULL);
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *ietf_attr_port_filter_create(void)
+{
+ private_ietf_attr_port_filter_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_vendor_id = _get_vendor_id,
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .add_port = _add_port,
+ .create_port_enumerator = _create_port_enumerator,
+ },
+ .vendor_id = PEN_IETF,
+ .type = IETF_ATTR_PORT_FILTER,
+ .ports = linked_list_create(),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *ietf_attr_port_filter_create_from_data(chunk_t data)
+{
+ private_ietf_attr_port_filter_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_vendor_id = _get_vendor_id,
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .build = _build,
+ .process = _process,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .add_port = _add_port,
+ .create_port_enumerator = _create_port_enumerator,
+ },
+ .vendor_id = PEN_IETF,
+ .type = IETF_ATTR_PORT_FILTER,
+ .value = chunk_clone(data),
+ .ports = linked_list_create(),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+
diff --git a/src/libimcv/ietf/ietf_attr_port_filter.h b/src/libimcv/ietf/ietf_attr_port_filter.h
new file mode 100644
index 000000000..ad5553417
--- /dev/null
+++ b/src/libimcv/ietf/ietf_attr_port_filter.h
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ietf_attr_port_filtert ietf_attr_port_filter
+ * @{ @ingroup ietf_attr_port_filter
+ */
+
+#ifndef IETF_ATTR_PORT_FILTER_H_
+#define IETF_ATTR_PORT_FILTER_H_
+
+typedef struct ietf_attr_port_filter_t ietf_attr_port_filter_t;
+
+#include "ietf_attr.h"
+#include "pa_tnc/pa_tnc_attr.h"
+
+
+/**
+ * Class implementing the IETF PA-TNC Port Filter attribute.
+ *
+ */
+struct ietf_attr_port_filter_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Add a port entry
+ *
+ * @param blocked TRUE if blocked, FALSE if allowed
+ * @param protocol IP protocol type
+ * @param port TCP/UDP port number
+ */
+ void (*add_port)(ietf_attr_port_filter_t *this, bool blocked,
+ u_int8_t protocol, u_int16_t port);
+
+ /**
+ * Enumerates over all ports
+ * Format: bool *blocked, u_int8_t *protocol, u_int16_t *port
+ *
+ * @return enumerator
+ */
+ enumerator_t* (*create_port_enumerator)(ietf_attr_port_filter_t *this);
+
+};
+
+/**
+ * Creates an ietf_attr_port_filter_t object
+ *
+ */
+pa_tnc_attr_t* ietf_attr_port_filter_create(void);
+
+/**
+ * Creates an ietf_attr_port_filter_t object from received data
+ *
+ * @param value unparsed attribute value
+ */
+pa_tnc_attr_t* ietf_attr_port_filter_create_from_data(chunk_t value);
+
+#endif /** IETF_ATTR_PORT_FILTER_H_ @}*/
diff --git a/src/libimcv/ietf/ietf_attr_product_info.c b/src/libimcv/ietf/ietf_attr_product_info.c
new file mode 100644
index 000000000..548793547
--- /dev/null
+++ b/src/libimcv/ietf/ietf_attr_product_info.c
@@ -0,0 +1,255 @@
+/*
+ * Copyright (C) 2011 Andreas Steffen, HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "ietf_attr_product_info.h"
+
+#include <pa_tnc/pa_tnc_msg.h>
+#include <bio/bio_writer.h>
+#include <bio/bio_reader.h>
+#include <debug.h>
+
+typedef struct private_ietf_attr_product_info_t private_ietf_attr_product_info_t;
+
+/**
+ * PA-TNC Product Information type (see section 4.2.2 of RFC 5792)
+ *
+ * 1 2 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Product Vendor ID | Product ID |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Product ID | Product Name (Variable Length) |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ */
+
+#define PRODUCT_INFO_MIN_SIZE 5
+
+/**
+ * Private data of an ietf_attr_product_info_t object.
+ */
+struct private_ietf_attr_product_info_t {
+
+ /**
+ * Public members of ietf_attr_product_info_t
+ */
+ ietf_attr_product_info_t public;
+
+ /**
+ * Attribute vendor ID
+ */
+ pen_t vendor_id;
+
+ /**
+ * Attribute type
+ */
+ u_int32_t type;
+
+ /**
+ * Attribute value
+ */
+ chunk_t value;
+
+ /**
+ * Noskip flag
+ */
+ bool noskip_flag;
+
+ /**
+ * Product vendor ID
+ */
+ pen_t product_vendor_id;
+
+ /**
+ * Product ID
+ */
+ u_int16_t product_id;
+
+ /**
+ * Product Name
+ */
+ char *product_name;
+
+ /**
+ * Reference count
+ */
+ refcount_t ref;
+};
+
+METHOD(pa_tnc_attr_t, get_vendor_id, pen_t,
+ private_ietf_attr_product_info_t *this)
+{
+ return this->vendor_id;
+}
+
+METHOD(pa_tnc_attr_t, get_type, u_int32_t,
+ private_ietf_attr_product_info_t *this)
+{
+ return this->type;
+}
+
+METHOD(pa_tnc_attr_t, get_value, chunk_t,
+ private_ietf_attr_product_info_t *this)
+{
+ return this->value;
+}
+
+METHOD(pa_tnc_attr_t, get_noskip_flag, bool,
+ private_ietf_attr_product_info_t *this)
+{
+ return this->noskip_flag;
+}
+
+METHOD(pa_tnc_attr_t, set_noskip_flag,void,
+ private_ietf_attr_product_info_t *this, bool noskip)
+{
+ this->noskip_flag = noskip;
+}
+
+METHOD(pa_tnc_attr_t, build, void,
+ private_ietf_attr_product_info_t *this)
+{
+ bio_writer_t *writer;
+ chunk_t product_name;
+
+ product_name = chunk_create(this->product_name, strlen(this->product_name));
+
+ writer = bio_writer_create(PRODUCT_INFO_MIN_SIZE);
+ writer->write_uint24(writer, this->product_vendor_id);
+ writer->write_uint16(writer, this->product_id);
+ writer->write_data (writer, product_name);
+
+ this->value = chunk_clone(writer->get_buf(writer));
+ writer->destroy(writer);
+}
+
+METHOD(pa_tnc_attr_t, process, status_t,
+ private_ietf_attr_product_info_t *this, u_int32_t *offset)
+{
+ bio_reader_t *reader;
+ chunk_t product_name;
+
+ if (this->value.len < PRODUCT_INFO_MIN_SIZE)
+ {
+ DBG1(DBG_TNC, "insufficient data for IETF product information");
+ *offset = 0;
+ return FAILED;
+ }
+ reader = bio_reader_create(this->value);
+ reader->read_uint24(reader, &this->product_vendor_id);
+ reader->read_uint16(reader, &this->product_id);
+ reader->read_data (reader, reader->remaining(reader), &product_name);
+ reader->destroy(reader);
+
+ this->product_name = malloc(product_name.len + 1);
+ memcpy(this->product_name, product_name.ptr, product_name.len);
+ this->product_name[product_name.len] = '\0';
+
+ return SUCCESS;
+}
+
+METHOD(pa_tnc_attr_t, get_ref, pa_tnc_attr_t*,
+ private_ietf_attr_product_info_t *this)
+{
+ ref_get(&this->ref);
+ return &this->public.pa_tnc_attribute;
+}
+
+METHOD(pa_tnc_attr_t, destroy, void,
+ private_ietf_attr_product_info_t *this)
+{
+ if (ref_put(&this->ref))
+ {
+ free(this->product_name);
+ free(this->value.ptr);
+ free(this);
+ }
+}
+
+METHOD(ietf_attr_product_info_t, get_info, char*,
+ private_ietf_attr_product_info_t *this, pen_t *vendor_id, u_int16_t *id)
+{
+ if (vendor_id)
+ {
+ *vendor_id = this->product_vendor_id;
+ }
+ if (id)
+ {
+ *id = this->product_id;
+ }
+ return this->product_name;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *ietf_attr_product_info_create(pen_t vendor_id, u_int16_t id,
+ char *name)
+{
+ private_ietf_attr_product_info_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_vendor_id = _get_vendor_id,
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .get_noskip_flag = _get_noskip_flag,
+ .set_noskip_flag = _set_noskip_flag,
+ .build = _build,
+ .process = _process,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_info = _get_info,
+ },
+ .vendor_id = PEN_IETF,
+ .type = IETF_ATTR_PRODUCT_INFORMATION,
+ .product_vendor_id = vendor_id,
+ .product_id = id,
+ .product_name = strdup(name),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
+/**
+ * Described in header.
+ */
+pa_tnc_attr_t *ietf_attr_product_info_create_from_data(chunk_t data)
+{
+ private_ietf_attr_product_info_t *this;
+
+ INIT(this,
+ .public = {
+ .pa_tnc_attribute = {
+ .get_vendor_id = _get_vendor_id,
+ .get_type = _get_type,
+ .get_value = _get_value,
+ .build = _build,
+ .process = _process,
+ .get_ref = _get_ref,
+ .destroy = _destroy,
+ },
+ .get_info = _get_info,
+ },
+ .vendor_id = PEN_IETF,
+ .type = IETF_ATTR_PRODUCT_INFORMATION,
+ .value = chunk_clone(data),
+ .ref = 1,
+ );
+
+ return &this->public.pa_tnc_attribute;
+}
+
diff --git a/src/libimcv/ietf/ietf_attr_product_info.h b/src/libimcv/ietf/ietf_attr_product_info.h
new file mode 100644
index 000000000..f1dfc3e83
--- /dev/null
+++ b/src/libimcv/ietf/ietf_attr_product_info.h
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2011 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup ietf_attr_product_infot ietf_attr_product_info
+ * @{ @ingroup ietf
+ */
+
+#ifndef IETF_ATTR_PRODUCT_INFO_H_
+#define IETF_ATTR_PRODUCT_INFO_H_
+
+typedef struct ietf_attr_product_info_t ietf_attr_product_info_t;
+
+#include "ietf_attr.h"
+#include "pa_tnc/pa_tnc_attr.h"
+
+
+/**
+ * Class implementing the IETF PA-TNC Product Information attribute.
+ *
+ */
+struct ietf_attr_product_info_t {
+
+ /**
+ * Public PA-TNC attribute interface
+ */
+ pa_tnc_attr_t pa_tnc_attribute;
+
+ /**
+ * Gets all product info
+ *
+ * @param vendor_id Product vendor ID
+ * @param id Product ID
+ * @return Product Name
+ */
+ char* (*get_info)(ietf_attr_product_info_t *this,
+ pen_t *vendor_id, u_int16_t *id);
+
+};
+
+/**
+ * Creates an ietf_attr_product_info_t object
+ *
+ */
+pa_tnc_attr_t* ietf_attr_product_info_create(pen_t vendor_id, u_int16_t id,
+ char *name);
+
+/**
+ * Creates an ietf_attr_product_info_t object from received data
+ *
+ * @param value unparsed attribute value
+ */
+pa_tnc_attr_t* ietf_attr_product_info_create_from_data(chunk_t value);
+
+#endif /** IETF_ATTR_PRODUCT_INFO_H_ @}*/