2 * firewall3 - 3rd OpenWrt UCI firewall implementation
4 * Copyright (C) 2013 Jo-Philipp Wich <jow@openwrt.org>
6 * Permission to use, copy, modify, and/or distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
24 put_value(void *ptr, void *val, int elem_size, bool is_list)
30 copy = malloc(elem_size);
35 memcpy(copy, val, elem_size);
36 list_add_tail((struct list_head *)copy, (struct list_head *)ptr);
40 memcpy(ptr, val, elem_size);
45 parse_enum(void *ptr, const char *val, const char **values, int min, int max)
47 int i, l = strlen(val);
51 for (i = 0; i <= (max - min); i++)
53 if (!strncasecmp(val, values[i], l))
55 *((int *)ptr) = min + i;
65 const char *fw3_flag_names[__FW3_FLAG_MAX] = {
87 const char *fw3_limit_units[__FW3_LIMIT_UNIT_MAX] = {
94 const char *fw3_ipset_method_names[__FW3_IPSET_METHOD_MAX] = {
101 const char *fw3_ipset_type_names[__FW3_IPSET_TYPE_MAX] = {
110 static const char *weekdays[] = {
120 static const char *include_types[] = {
125 static const char *reflection_sources[] = {
132 fw3_parse_bool(void *ptr, const char *val, bool is_list)
134 if (!strcmp(val, "true") || !strcmp(val, "yes") || !strcmp(val, "1"))
135 *((bool *)ptr) = true;
137 *((bool *)ptr) = false;
143 fw3_parse_int(void *ptr, const char *val, bool is_list)
145 int n = strtol(val, NULL, 0);
147 if (errno == ERANGE || errno == EINVAL)
156 fw3_parse_string(void *ptr, const char *val, bool is_list)
158 *((char **)ptr) = (char *)val;
163 fw3_parse_target(void *ptr, const char *val, bool is_list)
165 return parse_enum(ptr, val, &fw3_flag_names[FW3_FLAG_ACCEPT],
166 FW3_FLAG_ACCEPT, FW3_FLAG_SNAT);
170 fw3_parse_limit(void *ptr, const char *val, bool is_list)
172 struct fw3_limit *limit = ptr;
173 enum fw3_limit_unit u = FW3_LIMIT_UNIT_SECOND;
179 limit->invert = true;
180 while (isspace(*++val));
183 n = strtol(val, &e, 10);
185 if (errno == ERANGE || errno == EINVAL)
188 if (*e && *e++ != '/')
194 if (!parse_enum(&u, e, fw3_limit_units, 0, FW3_LIMIT_UNIT_DAY))
204 fw3_parse_device(void *ptr, const char *val, bool is_list)
207 struct fw3_device dev = { };
213 put_value(ptr, &dev, sizeof(dev), is_list);
220 while (isspace(*++val));
223 if ((p = strchr(val, '@')) != NULL)
226 snprintf(dev.network, sizeof(dev.network), "%s", p);
230 snprintf(dev.name, sizeof(dev.name), "%s", val);
235 put_value(ptr, &dev, sizeof(dev), is_list);
240 fw3_parse_address(void *ptr, const char *val, bool is_list)
242 struct fw3_address addr = { };
251 while (isspace(*++val));
259 if ((p = strchr(s, '/')) != NULL)
262 m = strtoul(p, &e, 10);
264 if ((e == p) || (*e != 0))
266 if (strchr(s, ':') || !inet_pton(AF_INET, p, &v4))
272 for (i = 0, m = 32; !(v4.s_addr & 1) && (i < 32); i++)
279 else if ((p = strchr(s, '-')) != NULL)
283 if (inet_pton(AF_INET6, p, &v6))
285 addr.family = FW3_FAMILY_V6;
286 addr.address2.v6 = v6;
289 else if (inet_pton(AF_INET, p, &v4))
291 addr.family = FW3_FAMILY_V4;
292 addr.address2.v4 = v4;
302 if (inet_pton(AF_INET6, s, &v6))
304 addr.family = FW3_FAMILY_V6;
305 addr.address.v6 = v6;
306 addr.mask = (m >= 0) ? m : 128;
308 else if (inet_pton(AF_INET, s, &v4))
310 addr.family = FW3_FAMILY_V4;
311 addr.address.v4 = v4;
312 addr.mask = (m >= 0) ? m : 32;
322 put_value(ptr, &addr, sizeof(addr), is_list);
327 fw3_parse_network(void *ptr, const char *val, bool is_list)
329 struct fw3_device dev = { };
330 struct fw3_address *addr;
331 struct list_head *addr_list;
333 if (!fw3_parse_address(ptr, val, is_list))
335 if (!fw3_parse_device(&dev, val, false))
338 addr_list = fw3_ubus_address(dev.name);
342 list_for_each_entry(addr, addr_list, list)
344 addr->invert = dev.invert;
345 addr->resolved = true;
347 if (!put_value(ptr, addr, sizeof(*addr), is_list))
351 fw3_free_list(addr_list);
359 fw3_parse_mac(void *ptr, const char *val, bool is_list)
361 struct fw3_mac addr = { };
362 struct ether_addr *mac;
367 while (isspace(*++val));
370 if ((mac = ether_aton(val)) != NULL)
375 put_value(ptr, &addr, sizeof(addr), is_list);
383 fw3_parse_port(void *ptr, const char *val, bool is_list)
385 struct fw3_port range = { };
393 while (isspace(*++val));
396 n = strtoul(val, &p, 10);
398 if (errno == ERANGE || errno == EINVAL)
401 if (*p && *p != '-' && *p != ':')
406 m = strtoul(++p, NULL, 10);
408 if (errno == ERANGE || errno == EINVAL || m < n)
421 put_value(ptr, &range, sizeof(range), is_list);
426 fw3_parse_family(void *ptr, const char *val, bool is_list)
428 if (!strcmp(val, "any"))
429 *((enum fw3_family *)ptr) = FW3_FAMILY_ANY;
430 else if (!strcmp(val, "inet") || strrchr(val, '4'))
431 *((enum fw3_family *)ptr) = FW3_FAMILY_V4;
432 else if (!strcmp(val, "inet6") || strrchr(val, '6'))
433 *((enum fw3_family *)ptr) = FW3_FAMILY_V6;
441 fw3_parse_icmptype(void *ptr, const char *val, bool is_list)
443 struct fw3_icmptype icmp = { };
449 for (i = 0; i < ARRAY_SIZE(fw3_icmptype_list_v4); i++)
451 if (!strcmp(val, fw3_icmptype_list_v4[i].name))
453 icmp.type = fw3_icmptype_list_v4[i].type;
454 icmp.code_min = fw3_icmptype_list_v4[i].code_min;
455 icmp.code_max = fw3_icmptype_list_v4[i].code_max;
462 for (i = 0; i < ARRAY_SIZE(fw3_icmptype_list_v6); i++)
464 if (!strcmp(val, fw3_icmptype_list_v6[i].name))
466 icmp.type6 = fw3_icmptype_list_v6[i].type;
467 icmp.code6_min = fw3_icmptype_list_v6[i].code_min;
468 icmp.code6_max = fw3_icmptype_list_v6[i].code_max;
477 i = strtoul(val, &p, 10);
479 if ((p == val) || (*p != '/' && *p != 0) || (i > 0xFF))
487 i = strtoul(val, &p, 10);
489 if ((p == val) || (*p != 0) || (i > 0xFF))
498 icmp.code_max = 0xFF;
501 icmp.type6 = icmp.type;
502 icmp.code6_min = icmp.code_max;
503 icmp.code6_max = icmp.code_max;
509 icmp.family = (v4 && v6) ? FW3_FAMILY_ANY
510 : (v6 ? FW3_FAMILY_V6 : FW3_FAMILY_V4);
512 put_value(ptr, &icmp, sizeof(icmp), is_list);
517 fw3_parse_protocol(void *ptr, const char *val, bool is_list)
519 struct fw3_protocol proto = { };
520 struct protoent *ent;
526 while (isspace(*++val));
529 if (!strcmp(val, "all"))
532 put_value(ptr, &proto, sizeof(proto), is_list);
535 else if (!strcmp(val, "icmpv6"))
539 else if (!strcmp(val, "tcpudp"))
542 if (put_value(ptr, &proto, sizeof(proto), is_list))
545 put_value(ptr, &proto, sizeof(proto), is_list);
551 ent = getprotobyname(val);
555 proto.protocol = ent->p_proto;
556 put_value(ptr, &proto, sizeof(proto), is_list);
560 proto.protocol = strtoul(val, &e, 10);
562 if ((e == val) || (*e != 0))
565 put_value(ptr, &proto, sizeof(proto), is_list);
570 fw3_parse_ipset_method(void *ptr, const char *val, bool is_list)
572 return parse_enum(ptr, val, &fw3_ipset_method_names[FW3_IPSET_METHOD_BITMAP],
573 FW3_IPSET_METHOD_BITMAP, FW3_IPSET_METHOD_LIST);
577 fw3_parse_ipset_datatype(void *ptr, const char *val, bool is_list)
579 struct fw3_ipset_datatype type = { };
583 if (!strncmp(val, "dest_", 5))
588 else if (!strncmp(val, "dst_", 4))
593 else if (!strncmp(val, "src_", 4))
599 if (parse_enum(&type.type, val, &fw3_ipset_type_names[FW3_IPSET_TYPE_IP],
600 FW3_IPSET_TYPE_IP, FW3_IPSET_TYPE_SET))
602 put_value(ptr, &type, sizeof(type), is_list);
610 fw3_parse_date(void *ptr, const char *val, bool is_list)
612 unsigned int year = 1970, mon = 1, day = 1, hour = 0, min = 0, sec = 0;
613 struct tm tm = { 0 };
616 year = strtoul(val, &p, 10);
617 if ((*p != '-' && *p) || year < 1970 || year > 2038)
622 mon = strtoul(++p, &p, 10);
623 if ((*p != '-' && *p) || mon > 12)
628 day = strtoul(++p, &p, 10);
629 if ((*p != 'T' && *p) || day > 31)
634 hour = strtoul(++p, &p, 10);
635 if ((*p != ':' && *p) || hour > 23)
640 min = strtoul(++p, &p, 10);
641 if ((*p != ':' && *p) || min > 59)
646 sec = strtoul(++p, &p, 10);
651 tm.tm_year = year - 1900;
658 if (mktime(&tm) >= 0)
660 *((struct tm *)ptr) = tm;
669 fw3_parse_time(void *ptr, const char *val, bool is_list)
671 unsigned int hour = 0, min = 0, sec = 0;
674 hour = strtoul(val, &p, 10);
675 if (*p != ':' || hour > 23)
678 min = strtoul(++p, &p, 10);
679 if ((*p != ':' && *p) || min > 59)
684 sec = strtoul(++p, &p, 10);
689 *((int *)ptr) = 60 * 60 * hour + 60 * min + sec;
697 fw3_parse_weekdays(void *ptr, const char *val, bool is_list)
704 setbit(*(uint8_t *)ptr, 0);
705 while (isspace(*++val));
708 if (!(s = strdup(val)))
711 for (p = strtok(s, " \t"); p; p = strtok(NULL, " \t"))
713 if (!parse_enum(&w, p, weekdays, 1, 7))
715 w = strtoul(p, &p, 10);
717 if (*p || w < 1 || w > 7)
724 setbit(*(uint8_t *)ptr, w);
732 fw3_parse_monthdays(void *ptr, const char *val, bool is_list)
739 setbit(*(uint32_t *)ptr, 0);
740 while (isspace(*++val));
743 if (!(s = strdup(val)))
746 for (p = strtok(s, " \t"); p; p = strtok(NULL, " \t"))
748 d = strtoul(p, &p, 10);
750 if (*p || d < 1 || d > 31)
756 setbit(*(uint32_t *)ptr, d);
764 fw3_parse_include_type(void *ptr, const char *val, bool is_list)
766 return parse_enum(ptr, val, include_types,
767 FW3_INC_TYPE_SCRIPT, FW3_INC_TYPE_RESTORE);
771 fw3_parse_reflection_source(void *ptr, const char *val, bool is_list)
773 return parse_enum(ptr, val, reflection_sources,
774 FW3_REFLECTION_INTERNAL, FW3_REFLECTION_EXTERNAL);
778 fw3_parse_mark(void *ptr, const char *val, bool is_list)
782 struct fw3_mark *m = ptr;
787 while (isspace(*++val));
790 if ((s = strchr(val, '/')) != NULL)
793 n = strtoul(val, &e, 0);
799 m->mask = 0xFFFFFFFF;
803 n = strtoul(s, &e, 0);
816 fw3_parse_setmatch(void *ptr, const char *val, bool is_list)
818 struct fw3_setmatch *m = ptr;
825 while (isspace(*++val));
828 if (!(s = strdup(val)))
831 if (!(p = strtok(s, " \t")))
837 strncpy(m->name, p, sizeof(m->name));
839 for (i = 0, p = strtok(NULL, " \t,");
841 i++, p = strtok(NULL, " \t,"))
843 if (!strncmp(p, "dest", 4) || !strncmp(p, "dst", 3))
845 else if (!strncmp(p, "src", 3))
857 fw3_parse_options(void *s, const struct fw3_option *opts,
858 struct uci_section *section)
862 struct uci_element *e, *l;
863 struct uci_option *o;
864 const struct fw3_option *opt;
865 struct list_head *dest;
867 uci_foreach_element(§ion->options, e)
869 o = uci_to_option(e);
872 for (opt = opts; opt->name; opt++)
877 if (strcmp(opt->name, e->name))
880 if (o->type == UCI_TYPE_LIST)
884 warn_elem(e, "must not be a list");
888 dest = (struct list_head *)((char *)s + opt->offset);
890 uci_foreach_element(&o->v.list, l)
895 if (!opt->parse(dest, l->name, true))
897 warn_elem(e, "has invalid value '%s'", l->name);
912 if (!opt->parse((char *)s + opt->offset, o->v.string, false))
913 warn_elem(e, "has invalid value '%s'", o->v.string);
917 dest = (struct list_head *)((char *)s + opt->offset);
919 for (p = strtok(v, " \t"); p != NULL; p = strtok(NULL, " \t"))
921 if (!opt->parse(dest, p, true))
923 warn_elem(e, "has invalid value '%s'", p);
935 warn_elem(e, "is unknown");
941 fw3_address_to_string(struct fw3_address *address, bool allow_invert)
943 char *p, ip[INET6_ADDRSTRLEN];
944 static char buf[INET6_ADDRSTRLEN * 2 + 2];
948 if (address->invert && allow_invert)
949 p += sprintf(p, "!");
951 inet_ntop(address->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
952 &address->address.v4, ip, sizeof(ip));
954 p += sprintf(p, "%s", ip);
958 inet_ntop(address->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
959 &address->address2.v4, ip, sizeof(ip));
961 p += sprintf(p, "-%s", ip);
965 p += sprintf(p, "/%u", address->mask);
projects / project / firewall3.git / blob