From ae73e2081d5b56b8361c4b3a01cc5c70487b6587 Mon Sep 17 00:00:00 2001
From: Florian Hoss <flhoit00@hs-esslingen.de>
Date: Mon, 18 Apr 2022 10:59:02 +0200
Subject: [PATCH] performance enhancement for firewall rule size

---
 SourceCode/arduino/lib/Firewall/Firewall.cpp | 61 +++++++++++++++++---
 SourceCode/arduino/lib/Firewall/Firewall.h   | 33 ++++++++---
 2 files changed, 79 insertions(+), 15 deletions(-)

diff --git a/SourceCode/arduino/lib/Firewall/Firewall.cpp b/SourceCode/arduino/lib/Firewall/Firewall.cpp
index 276e2c9..fa07e7d 100644
--- a/SourceCode/arduino/lib/Firewall/Firewall.cpp
+++ b/SourceCode/arduino/lib/Firewall/Firewall.cpp
@@ -7,6 +7,52 @@ ESPFirewall::ESPFirewall(int port)
     this->setup_routing();
 }
 
+String ESPFirewall::protocol_to_string(firewall_protocol_t &protocol)
+{
+    switch (protocol)
+    {
+    case FW_TCP:
+        return "TCP";
+    case FW_UDP:
+        return "UDP";
+    default:
+        return "ALL";
+    }
+}
+
+firewall_protocol_t ESPFirewall::string_to_protocol(String &protocol)
+{
+    if (protocol.equals("TCP"))
+        return FW_TCP;
+    else if (protocol.equals("UDP"))
+        return FW_UDP;
+    else
+        return FW_ALL;
+}
+
+String ESPFirewall::target_to_string(firewall_target_t &target)
+{
+    switch (target)
+    {
+    case FW_REJECT:
+        return "REJECT";
+    case FW_DROP:
+        return "DROP";
+    default:
+        return "ACCEPT";
+    }
+}
+
+firewall_target_t ESPFirewall::string_to_target(String &target)
+{
+    if (target.equals("REJECT"))
+        return FW_REJECT;
+    else if (target.equals("DROP"))
+        return FW_DROP;
+    else
+        return FW_ACCEPT;
+}
+
 void ESPFirewall::add_rule_to_firewall(firewall_rule_t *rule)
 {
     firewall_rule_t *temp;
@@ -113,8 +159,8 @@ String ESPFirewall::construct_json_firewall_rule(firewall_rule_t *rule_ptr)
     doc["key"] = rule_ptr->key;
     doc["source"] = rule_ptr->source;
     doc["destination"] = rule_ptr->destination;
-    doc["protocol"] = rule_ptr->protocol;
-    doc["target"] = rule_ptr->target;
+    doc["protocol"] = protocol_to_string(rule_ptr->protocol);
+    doc["target"] = target_to_string(rule_ptr->target);
     String response;
     serializeJson(doc, response);
     return response;
@@ -123,7 +169,7 @@ String ESPFirewall::construct_json_firewall_rule(firewall_rule_t *rule_ptr)
 String ESPFirewall::construct_json_firewall()
 {
     firewall_rule_t *rule_ptr = this->head;
-    // Size for 12 Rules
+    // Size for max 12 Rules
     StaticJsonDocument<2048> doc;
     String response;
     doc["amount"] = amount_of_rules;
@@ -134,8 +180,8 @@ String ESPFirewall::construct_json_firewall()
         rule["key"] = rule_ptr->key;
         rule["source"] = rule_ptr->source;
         rule["destination"] = rule_ptr->destination;
-        rule["protocol"] = rule_ptr->protocol;
-        rule["target"] = rule_ptr->target;
+        rule["protocol"] = protocol_to_string(rule_ptr->protocol);
+        rule["target"] = target_to_string(rule_ptr->target);
         rule_ptr = rule_ptr->next;
     }
     serializeJson(doc, response);
@@ -184,10 +230,11 @@ void ESPFirewall::post_firewall_handler(AsyncWebServerRequest *request)
         strcpy(rule_ptr->source, source.length() <= IP4ADDR_STRLEN_MAX ? source.c_str() : "");
         String destination = request->getParam("destination")->value();
         strcpy(rule_ptr->destination, destination.length() <= IP4ADDR_STRLEN_MAX ? destination.c_str() : "");
+
         String protocol = request->getParam("protocol")->value();
-        strcpy(rule_ptr->protocol, protocol.length() <= PROTOCOL_LENGTH ? protocol.c_str() : "");
+        rule_ptr->protocol = string_to_protocol(protocol);
         String target = request->getParam("target")->value();
-        strcpy(rule_ptr->target, target.length() <= TARGET_LENGTH ? target.c_str() : "");
+        rule_ptr->target = string_to_target(target);
 
         add_rule_to_firewall(rule_ptr);
         request->send(200, "application/json", construct_json_firewall_rule(rule_ptr));
diff --git a/SourceCode/arduino/lib/Firewall/Firewall.h b/SourceCode/arduino/lib/Firewall/Firewall.h
index 7ed2ab7..96ec643 100644
--- a/SourceCode/arduino/lib/Firewall/Firewall.h
+++ b/SourceCode/arduino/lib/Firewall/Firewall.h
@@ -13,30 +13,47 @@
 #endif
 #include "ESPAsyncWebServer.h"
 
-#define PROTOCOL_LENGTH 4
-#define TARGET_LENGTH 7
+typedef enum
+{
+    FW_REJECT = 0b0001,
+    FW_DROP = 0b0010,
+    FW_ACCEPT = 0b0011,
+} firewall_target_t;
+
+typedef enum
+{
+    FW_TCP = 0b0001,
+    FW_UDP = 0b0010,
+    FW_ALL = 0b1111,
+} firewall_protocol_t;
 
 typedef struct firewall_rule
 {
-    int key;
+    uint8_t key;
     char source[IP4ADDR_STRLEN_MAX];
     char destination[IP4ADDR_STRLEN_MAX];
-    char protocol[PROTOCOL_LENGTH];
-    char target[TARGET_LENGTH];
+    firewall_protocol_t protocol;
+    firewall_target_t target;
     struct firewall_rule *next;
 } firewall_rule_t;
 
 class ESPFirewall
 {
-    unsigned int amount_of_rules = 0;
+    uint8_t amount_of_rules = 0;
     struct firewall_rule *head = NULL;
 
     AsyncWebServer *firewall_api;
 
+    // Protocol / Target conversion
+    String protocol_to_string(firewall_protocol_t &);
+    firewall_protocol_t string_to_protocol(String &);
+    String target_to_string(firewall_target_t &);
+    firewall_target_t string_to_target(String &);
+
     // Firewall Actions
     void add_rule_to_firewall(firewall_rule_t *);
-    firewall_rule_t *get_rule_from_firewall(int key);
-    bool delete_rule_from_firewall(int key);
+    firewall_rule_t *get_rule_from_firewall(int);
+    bool delete_rule_from_firewall(int);
 
     // Firewall-API Actions
     void setup_routing();