X-Git-Url: http://git.archive.openwrt.org/?a=blobdiff_plain;f=zones.c;h=9f1a68d077c2e0d8652abac04734e1863e201152;hb=e7b6234df3d34d82b909f1e7367a89d322f87814;hp=979d150e56080719c67da43ef2029fc158c86c80;hpb=f12271d15da3796c558b6649e97dad988ae2c057;p=project%2Ffirewall3.git diff --git a/zones.c b/zones.c index 979d150..9f1a68d 100644 --- a/zones.c +++ b/zones.c @@ -189,6 +189,14 @@ fw3_load_zones(struct fw3_state *state, struct uci_package *p) continue; } + if (strlen(zone->name) > FW3_ZONE_MAXNAMELEN) + { + warn_elem(e, "must not have a name longer than %u characters", + FW3_ZONE_MAXNAMELEN); + fw3_free_zone(zone); + continue; + } + if (list_empty(&zone->networks) && list_empty(&zone->devices) && list_empty(&zone->subnets) && !zone->extra_src) { @@ -214,12 +222,12 @@ fw3_load_zones(struct fw3_state *state, struct uci_package *p) } setbit(zone->flags[0], fw3_to_src_target(zone->policy_input)); + setbit(zone->flags[0], fw3_to_src_target(zone->policy_forward)); setbit(zone->flags[0], zone->policy_output); - setbit(zone->flags[0], zone->policy_forward); setbit(zone->flags[1], fw3_to_src_target(zone->policy_input)); + setbit(zone->flags[1], fw3_to_src_target(zone->policy_forward)); setbit(zone->flags[1], zone->policy_output); - setbit(zone->flags[1], zone->policy_forward); list_add_tail(&zone->list, &state->zones); } @@ -468,7 +476,7 @@ print_zone_rule(struct fw3_ipt_handle *handle, struct fw3_state *state, fw3_ipt_rule_append(r, "zone_%s_input", zone->name); r = fw3_ipt_rule_new(handle); - fw3_ipt_rule_target(r, "zone_%s_dest_%s", zone->name, + fw3_ipt_rule_target(r, "zone_%s_src_%s", zone->name, fw3_flag_names[zone->policy_forward]); fw3_ipt_rule_append(r, "zone_%s_forward", zone->name); @@ -574,7 +582,7 @@ fw3_flush_zones(struct fw3_ipt_handle *handle, struct fw3_state *state, for (c = zone_chains; c->format; c++) { /* don't touch user chains on selective stop */ - if (reload && hasbit(c->flag, FW3_FLAG_CUSTOM_CHAINS)) + if (reload && c->flag == FW3_FLAG_CUSTOM_CHAINS) continue; if (!fw3_is_family(c, handle->family)) @@ -583,6 +591,9 @@ fw3_flush_zones(struct fw3_ipt_handle *handle, struct fw3_state *state, if (c->table != handle->table) continue; + if (c->flag && !has(z->flags, handle->family, c->flag)) + continue; + snprintf(chain, sizeof(chain), c->format, z->name); fw3_ipt_delete_rules(handle, chain); fw3_ipt_delete_chain(handle, chain); @@ -632,22 +643,47 @@ fw3_lookup_zone(struct fw3_state *state, const char *name) return NULL; } -void -fw3_free_zone(struct fw3_zone *zone) +struct list_head * +fw3_resolve_zone_addresses(struct fw3_zone *zone) { - struct fw3_device *dev, *tmp; + struct fw3_device *net; + struct fw3_address *addr, *tmp; + struct list_head *addrs, *all; + + all = malloc(sizeof(*all)); + + if (!all) + return NULL; - list_for_each_entry_safe(dev, tmp, &zone->devices, list) + memset(all, 0, sizeof(*all)); + INIT_LIST_HEAD(all); + + list_for_each_entry(net, &zone->networks, list) { - list_del(&dev->list); - free(dev); + addrs = fw3_ubus_address(net->name); + + if (!addrs) + continue; + + list_for_each_entry_safe(addr, tmp, addrs, list) + { + list_del(&addr->list); + list_add_tail(&addr->list, all); + } + + free(addrs); } - list_for_each_entry_safe(dev, tmp, &zone->networks, list) + list_for_each_entry(addr, &zone->subnets, list) { - list_del(&dev->list); - free(dev); + tmp = malloc(sizeof(*tmp)); + + if (!tmp) + continue; + + memcpy(tmp, addr, sizeof(*tmp)); + list_add_tail(&tmp->list, all); } - fw3_free_object(zone, fw3_zone_opts); + return all; }