static pid_t pipe_pid = -1;
static FILE *pipe_fd = NULL;
+bool fw3_pr_debug = false;
+
+
static void
warn_elem_section_name(struct uci_section *s, bool find_name)
{
signal(SIGPIPE, SIG_IGN);
pipe_pid = pid;
close(pfds[0]);
+ fcntl(pfds[1], F_SETFD, fcntl(pfds[1], F_GETFD) | FD_CLOEXEC);
}
pipe_fd = fdopen(pfds[1], "w");
void
fw3_pr(const char *fmt, ...)
{
- va_list args;
- va_start(args, fmt);
- vfprintf(pipe_fd, fmt, args);
- va_end(args);
+ va_list args;
+
+ if (fw3_pr_debug && pipe_fd != stdout)
+ {
+ va_start(args, fmt);
+ vfprintf(stderr, fmt, args);
+ va_end(args);
+ }
+
+ va_start(args, fmt);
+ vfprintf(pipe_fd, fmt, args);
+ va_end(args);
}
void
{
FILE *sf;
- int n, type;
+ int type;
char line[128];
const char *p, *name;
- uint16_t flags[2];
+ uint32_t flags[2];
struct fw3_state *s = state;
struct fw3_zone *zone;
struct fw3_ipset *ipset;
+ struct fw3_device *net, *dev;
sf = fopen(FW3_STATEFILE, "r");
if (!p)
continue;
- type = strtoul(p, NULL, 10);
+ type = strtoul(p, NULL, 16);
name = strtok(NULL, " \t\n");
if (!name)
continue;
- for (n = 0, p = strtok(NULL, " \t\n");
- n < ARRAY_SIZE(flags) && p != NULL;
- n++, p = strtok(NULL, " \t\n"))
- {
- flags[n] = strtoul(p, NULL, 10);
- }
+ if (!(p = strtok(NULL, " \t\n")))
+ continue;
+
+ flags[0] = strtoul(p, NULL, 16);
+
+ if (!(p = strtok(NULL, " \t\n")))
+ continue;
+
+ flags[1] = strtoul(p, NULL, 16);
switch (type)
{
case FW3_TYPE_DEFAULTS:
- s->running_defaults.flags = flags[0];
+ s->defaults.flags[0] = flags[0];
+ s->defaults.flags[1] = flags[1];
break;
case FW3_TYPE_ZONE:
list_add_tail(&zone->list, &s->zones);
}
- zone->src_flags = flags[0];
- zone->dst_flags = flags[1];
+ zone->flags[0] = flags[0];
+ zone->flags[1] = flags[1];
list_add_tail(&zone->running_list, &s->running_zones);
break;
list_add_tail(&ipset->list, &s->ipsets);
}
- ipset->flags = flags[0];
+ ipset->flags[0] = flags[0];
+ ipset->flags[1] = flags[1];
list_add_tail(&ipset->running_list, &s->running_ipsets);
break;
+
+ case FW3_TYPE_NETWORK:
+ if (!(zone = fw3_lookup_zone(state, name, false)))
+ continue;
+
+ if (!(p = strtok(NULL, " \t\n")) || !(name = strtok(NULL, " \t\n")))
+ continue;
+
+ if (!(net = malloc(sizeof(*net))))
+ continue;
+
+ memset(net, 0, sizeof(*net));
+ snprintf(net->name, sizeof(net->name), "%s", p);
+ list_add_tail(&net->list, &zone->running_networks);
+
+ if (!(dev = malloc(sizeof(*dev))))
+ continue;
+
+ memset(dev, 0, sizeof(*dev));
+ dev->network = net;
+ snprintf(dev->name, sizeof(dev->name), "%s", name);
+ list_add_tail(&dev->list, &zone->running_devices);
}
}
{
FILE *sf;
struct fw3_state *s = state;
- struct fw3_defaults *d = &s->defaults;
+ struct fw3_defaults *defs = &s->defaults;
struct fw3_zone *z;
struct fw3_ipset *i;
+ struct fw3_device *d;
- int mask = (1 << FW3_FAMILY_V4) | (1 << FW3_FAMILY_V6);
-
- if (!(d->flags & mask))
+ if (fw3_no_table(defs->flags[0]) && fw3_no_table(defs->flags[1]))
{
if (unlink(FW3_STATEFILE))
warn("Unable to remove state %s: %s",
return;
}
- fprintf(sf, "%u - %u\n", FW3_TYPE_DEFAULTS, d->flags);
+ fprintf(sf, "%x - %x %x\n",
+ FW3_TYPE_DEFAULTS, defs->flags[0], defs->flags[1]);
list_for_each_entry(z, &s->running_zones, running_list)
{
- fprintf(sf, "%u %s %u %u\n", FW3_TYPE_ZONE,
- z->name, z->src_flags, z->dst_flags);
+ if (fw3_no_table(z->flags[0]) && fw3_no_table(z->flags[1]))
+ continue;
+
+ fprintf(sf, "%x %s %x %x\n",
+ FW3_TYPE_ZONE, z->name, z->flags[0], z->flags[1]);
+
+ list_for_each_entry(d, &z->devices, list)
+ {
+ if (!d->network)
+ continue;
+
+ fprintf(sf, "%x %s 0 0 %s %s\n",
+ FW3_TYPE_NETWORK, z->name, d->network->name, d->name);
+ }
}
list_for_each_entry(i, &s->running_ipsets, running_list)
{
- fprintf(sf, "%u %s %u\n", FW3_TYPE_IPSET, i->name, i->flags);
+ if (!fw3_no_family(i->flags[0]) || !fw3_no_family(i->flags[1]))
+ {
+ fprintf(sf, "%x %s %x %x\n",
+ FW3_TYPE_IPSET, i->name, i->flags[0], i->flags[1]);
+ }
}
fclose(sf);
fw3_free_object(void *obj, const void *opts)
{
const struct fw3_option *ol;
+ struct list_head *list, *cur, *tmp;
for (ol = opts; ol->name; ol++)
- if (ol->elem_size)
- fw3_free_list((struct list_head *)((char *)obj + ol->offset));
+ {
+ if (!ol->elem_size)
+ continue;
+
+ list = (struct list_head *)((char *)obj + ol->offset);
+ list_for_each_safe(cur, tmp, list)
+ {
+ list_del(cur);
+ free(cur);
+ }
+ }
free(obj);
}
+
+
+bool
+fw3_pr_rulespec(int table, int family, uint32_t *flags, uint32_t mask,
+ const struct fw3_rule_spec *r, const char *fmt, ...)
+{
+ char buf[256];
+ bool rv = false;
+
+ va_list ap;
+ uint32_t f = flags ? flags[family == FW3_FAMILY_V6] : 0;
+
+ if (mask)
+ f &= mask;
+
+ for (; r->format; r++)
+ {
+ if (!fw3_is_family(r, family))
+ continue;
+
+ if (r->table != table)
+ continue;
+
+ if ((r->flag != 0) && !hasbit(f, r->flag))
+ continue;
+
+ va_start(ap, fmt);
+ vsnprintf(buf, sizeof(buf), r->format, ap);
+ va_end(ap);
+
+ fw3_pr(fmt, buf);
+
+ rv = true;
+ }
+
+ return rv;
+}
+
+
+bool
+fw3_hotplug(bool add, void *zone, void *device)
+{
+ struct fw3_zone *z = zone;
+ struct fw3_device *d = device;
+
+ if (!d->network)
+ return false;
+
+ switch (fork())
+ {
+ case -1:
+ warn("Unable to fork(): %s\n", strerror(errno));
+ return false;
+
+ case 0:
+ break;
+
+ default:
+ return true;
+ }
+
+ close(0);
+ close(1);
+ close(2);
+ chdir("/");
+
+ clearenv();
+ setenv("ACTION", add ? "add" : "remove", 1);
+ setenv("ZONE", z->name, 1);
+ setenv("INTERFACE", d->network->name, 1);
+ setenv("DEVICE", d->name, 1);
+
+ execl(FW3_HOTPLUG, FW3_HOTPLUG, "firewall", NULL);
+
+ /* unreached */
+ return false;
+}
projects / project / firewall3.git / blobdiff