package org.eclipse.kura.internal.floodingprotection;

import java.util.Arrays;
import java.util.HashMap;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import org.eclipse.kura.core.configuration.metatype.ObjectFactory;
import org.eclipse.kura.core.configuration.metatype.Tad;
import org.eclipse.kura.core.configuration.metatype.Tocd;
import org.eclipse.kura.core.configuration.metatype.Tscalar;

/* loaded from: input_file:org/eclipse/kura/internal/floodingprotection/FloodingProtectionOptions.class */
public class FloodingProtectionOptions {
    private static final String[] FLOODING_PROTECTION_MANGLE_RULES_IPV4 = {"-A prerouting-kura -m conntrack --ctstate INVALID -j DROP", "-A prerouting-kura -p tcp ! --syn -m conntrack --ctstate NEW -j DROP", "-A prerouting-kura -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP", "-A prerouting-kura -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP", "-A prerouting-kura -p tcp --tcp-flags SYN,RST SYN,RST -j DROP", "-A prerouting-kura -p tcp --tcp-flags FIN,RST FIN,RST -j DROP", "-A prerouting-kura -p tcp --tcp-flags FIN,ACK FIN -j DROP", "-A prerouting-kura -p tcp --tcp-flags ACK,URG URG -j DROP", "-A prerouting-kura -p tcp --tcp-flags ACK,FIN FIN -j DROP", "-A prerouting-kura -p tcp --tcp-flags ACK,PSH PSH -j DROP", "-A prerouting-kura -p tcp --tcp-flags ALL ALL -j DROP", "-A prerouting-kura -p tcp --tcp-flags ALL NONE -j DROP", "-A prerouting-kura -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP", "-A prerouting-kura -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j DROP", "-A prerouting-kura -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP", "-A prerouting-kura -p icmp -j DROP", "-A prerouting-kura -f -j DROP"};
    private static final String[] FLOODING_PROTECTION_MANGLE_RULES_IPV6 = {"-A prerouting-kura -m conntrack --ctstate INVALID -j DROP", "-A prerouting-kura -p tcp ! --syn -m conntrack --ctstate NEW -j DROP", "-A prerouting-kura -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP", "-A prerouting-kura -p tcp --tcp-flags FIN,SYN FIN,SYN -j DROP", "-A prerouting-kura -p tcp --tcp-flags SYN,RST SYN,RST -j DROP", "-A prerouting-kura -p tcp --tcp-flags FIN,RST FIN,RST -j DROP", "-A prerouting-kura -p tcp --tcp-flags FIN,ACK FIN -j DROP", "-A prerouting-kura -p tcp --tcp-flags ACK,URG URG -j DROP", "-A prerouting-kura -p tcp --tcp-flags ACK,FIN FIN -j DROP", "-A prerouting-kura -p tcp --tcp-flags ACK,PSH PSH -j DROP", "-A prerouting-kura -p tcp --tcp-flags ALL ALL -j DROP", "-A prerouting-kura -p tcp --tcp-flags ALL NONE -j DROP", "-A prerouting-kura -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP", "-A prerouting-kura -p tcp --tcp-flags ALL SYN,FIN,PSH,URG -j DROP", "-A prerouting-kura -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP", "-A prerouting-kura -p ipv6-icmp -m ipv6-icmp --icmpv6-type 128 -j DROP", "-A prerouting-kura -p ipv6-icmp -m ipv6-icmp --icmpv6-type 129 -j DROP", "-A prerouting-kura -m ipv6header --header dst --soft -j DROP", "-A prerouting-kura -m ipv6header --header hop --soft -j DROP", "-A prerouting-kura -m ipv6header --header route --soft -j DROP", "-A prerouting-kura -m ipv6header --header frag --soft -j DROP", "-A prerouting-kura -m ipv6header --header auth --soft -j DROP", "-A prerouting-kura -m ipv6header --header esp --soft -j DROP", "-A prerouting-kura -m ipv6header --header none --soft -j DROP", "-A prerouting-kura -m rt --rt-type 0 -j DROP", "-A output-kura -m rt --rt-type 0 -j DROP"};
    private static final String FRAG_LOW_THR_IPV4_NAME = "/proc/sys/net/ipv4/ipfrag_low_thresh";
    private static final String FRAG_HIGH_THR_IPV4_NAME = "/proc/sys/net/ipv4/ipfrag_high_thresh";
    private static final String FRAG_LOW_THR_IPV6_NAME = "/proc/sys/net/netfilter/nf_conntrack_frag6_low_thresh";
    private static final String FRAG_HIGH_THR_IPV6_NAME = "/proc/sys/net/netfilter/nf_conntrack_frag6_high_thresh";
    private static final int FRAG_LOW_THR_DEFAULT = 3145728;
    private static final int FRAG_HIGH_THR_DEFAULT = 4194304;
    private static final String PID = "org.eclipse.kura.internal.floodingprotection.FloodingProtectionConfigurator";
    private static final String FP_DESCRIPTION = "The service enables flooding protection mechanisms via iptables.";
    private static final String FP_ENABLED_PROP_NAME_IPV4 = "flooding.protection.enabled";
    private static final String FP_ENABLED_DESCRIPTION_IPV4 = "Enable the flooding protection feature for IPv4.";
    private static final String FP_ENABLED_PROP_NAME_IPV6 = "flooding.protection.enabled.ipv6";
    private static final String FP_ENABLED_DESCRIPTION_IPV6 = "Enable the flooding protection feature for IPv6. If the device does not support IPv6, this property will be ignored. In kernel versions less than 6.x, after disabling the feature by setting this field to false, a reboot may be needed to completely disable the filtering.";
    private static final boolean FP_ENABLED_DEFAULT_IPV4 = false;
    private static final boolean FP_ENABLED_DEFAULT_IPV6 = false;
    private Map<String, Object> properties = new HashMap();

    public FloodingProtectionOptions(Map<String, Object> map) {
        setProperties(map);
    }

    public Map<String, Object> getProperties() {
        return this.properties;
    }

    public void setProperties(Map<String, Object> map) {
        this.properties.clear();
        this.properties.put(FP_ENABLED_PROP_NAME_IPV4, map.getOrDefault(FP_ENABLED_PROP_NAME_IPV4, false));
        this.properties.put(FP_ENABLED_PROP_NAME_IPV6, map.getOrDefault(FP_ENABLED_PROP_NAME_IPV6, false));
    }

    public void addProperty(String str, Object obj) {
        this.properties.put(str, obj);
    }

    public String getPid() {
        return PID;
    }

    public Set<String> getFloodingProtectionFilterRules() {
        return new LinkedHashSet();
    }

    public Set<String> getFloodingProtectionNatRules() {
        return new LinkedHashSet();
    }

    public Set<String> getFloodingProtectionMangleRules() {
        return isIPv4Enabled() ? new LinkedHashSet(Arrays.asList(FLOODING_PROTECTION_MANGLE_RULES_IPV4)) : new LinkedHashSet();
    }

    public Set<String> getFloodingProtectionFilterRulesIPv6() {
        return new LinkedHashSet();
    }

    public Set<String> getFloodingProtectionNatRulesIPv6() {
        return new LinkedHashSet();
    }

    public Set<String> getFloodingProtectionMangleRulesIPv6() {
        return isIPv6Enabled() ? new LinkedHashSet(Arrays.asList(FLOODING_PROTECTION_MANGLE_RULES_IPV6)) : new LinkedHashSet();
    }

    public boolean isIPv4Enabled() {
        return ((Boolean) this.properties.get(FP_ENABLED_PROP_NAME_IPV4)).booleanValue();
    }

    public boolean isIPv6Enabled() {
        return ((Boolean) this.properties.get(FP_ENABLED_PROP_NAME_IPV6)).booleanValue();
    }

    public String getFragmentLowThresholdIPv4FileName() {
        return FRAG_LOW_THR_IPV4_NAME;
    }

    public String getFragmentHighThresholdIPv4FileName() {
        return FRAG_HIGH_THR_IPV4_NAME;
    }

    public String getFragmentLowThresholdIPv6FileName() {
        return FRAG_LOW_THR_IPV6_NAME;
    }

    public String getFragmentHighThresholdIPv6FileName() {
        return FRAG_HIGH_THR_IPV6_NAME;
    }

    public int getFragmentLowThresholdDefault() {
        return FRAG_LOW_THR_DEFAULT;
    }

    public int getFragmentHighThresholdDefault() {
        return FRAG_HIGH_THR_DEFAULT;
    }

    public Tocd getDefinition() {
        ObjectFactory objectFactory = new ObjectFactory();
        Tocd createTocd = objectFactory.createTocd();
        createTocd.setName("Flooding Protection Service");
        createTocd.setId(PID);
        createTocd.setDescription(FP_DESCRIPTION);
        Tad createTad = objectFactory.createTad();
        createTad.setId(FP_ENABLED_PROP_NAME_IPV4);
        createTad.setName(FP_ENABLED_PROP_NAME_IPV4);
        createTad.setType(Tscalar.BOOLEAN);
        createTad.setRequired(true);
        createTad.setDefault(Boolean.toString(false));
        createTad.setDescription(FP_ENABLED_DESCRIPTION_IPV4);
        createTocd.addAD(createTad);
        Tad createTad2 = objectFactory.createTad();
        createTad2.setId(FP_ENABLED_PROP_NAME_IPV6);
        createTad2.setName(FP_ENABLED_PROP_NAME_IPV6);
        createTad2.setType(Tscalar.BOOLEAN);
        createTad2.setRequired(true);
        createTad2.setDefault(Boolean.toString(false));
        createTad2.setDescription(FP_ENABLED_DESCRIPTION_IPV6);
        createTocd.addAD(createTad2);
        return createTocd;
    }
}
