X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=options.c;h=5a7a901a6433d47b032b9a7e01b0ba3900b2d947;hp=8315aafc3649ac04c32fe08e63218a95d2dacebf;hb=6e6a38ea87aebeaefe70869c226cadad0312f144;hpb=0bbcb880e14ca9bd0ba59963a9d3ec1faadec6d7;ds=sidebyside diff --git a/options.c b/options.c index 8315aaf..5a7a901 100644 --- a/options.c +++ b/options.c @@ -84,20 +84,22 @@ const char *fw3_flag_names[__FW3_FLAG_MAX] = { "DROP", }; -static const char *limit_units[] = { +const char *fw3_limit_units[__FW3_LIMIT_UNIT_MAX] = { "second", "minute", "hour", "day", }; -static const char *ipset_methods[] = { +const char *fw3_ipset_method_names[__FW3_IPSET_METHOD_MAX] = { + "(bug)", "bitmap", "hash", "list", }; -static const char *ipset_types[] = { +const char *fw3_ipset_type_names[__FW3_IPSET_TYPE_MAX] = { + "(bug)", "ip", "port", "mac", @@ -189,7 +191,7 @@ fw3_parse_limit(void *ptr, const char *val, bool is_list) if (!strlen(e)) return false; - if (!parse_enum(&u, e, limit_units, 0, FW3_LIMIT_UNIT_DAY)) + if (!parse_enum(&u, e, fw3_limit_units, 0, FW3_LIMIT_UNIT_DAY)) return false; limit->rate = n; @@ -201,6 +203,7 @@ fw3_parse_limit(void *ptr, const char *val, bool is_list) bool fw3_parse_device(void *ptr, const char *val, bool is_list) { + char *p; struct fw3_device dev = { }; if (*val == '*') @@ -217,6 +220,12 @@ fw3_parse_device(void *ptr, const char *val, bool is_list) while (isspace(*++val)); } + if ((p = strchr(val, '@')) != NULL) + { + *p++ = 0; + snprintf(dev.network, sizeof(dev.network), "%s", p); + } + if (*val) snprintf(dev.name, sizeof(dev.name), "%s", val); else @@ -333,12 +342,13 @@ fw3_parse_network(void *ptr, const char *val, bool is_list) list_for_each_entry(addr, addr_list, list) { addr->invert = dev.invert; + addr->resolved = true; if (!put_value(ptr, addr, sizeof(*addr), is_list)) break; } - fw3_ubus_address_free(addr_list); + fw3_free_list(addr_list); } } @@ -558,33 +568,41 @@ fw3_parse_protocol(void *ptr, const char *val, bool is_list) bool fw3_parse_ipset_method(void *ptr, const char *val, bool is_list) { - return parse_enum(ptr, val, ipset_methods, + return parse_enum(ptr, val, &fw3_ipset_method_names[FW3_IPSET_METHOD_BITMAP], FW3_IPSET_METHOD_BITMAP, FW3_IPSET_METHOD_LIST); } bool fw3_parse_ipset_datatype(void *ptr, const char *val, bool is_list) { - struct fw3_ipset_datatype *type = ptr; + struct fw3_ipset_datatype type = { }; + + type.dir = "src"; if (!strncmp(val, "dest_", 5)) { val += 5; - type->dest = true; + type.dir = "dst"; } else if (!strncmp(val, "dst_", 4)) { val += 4; - type->dest = true; + type.dir = "dst"; } else if (!strncmp(val, "src_", 4)) { val += 4; - type->dest = false; + type.dir = "src"; } - return parse_enum(&type->type, val, ipset_types, - FW3_IPSET_TYPE_IP, FW3_IPSET_TYPE_SET); + if (parse_enum(&type.type, val, &fw3_ipset_type_names[FW3_IPSET_TYPE_IP], + FW3_IPSET_TYPE_IP, FW3_IPSET_TYPE_SET)) + { + put_value(ptr, &type, sizeof(type), is_list); + return true; + } + + return false; } bool @@ -793,6 +811,46 @@ fw3_parse_mark(void *ptr, const char *val, bool is_list) return true; } +bool +fw3_parse_setmatch(void *ptr, const char *val, bool is_list) +{ + struct fw3_setmatch *m = ptr; + char *p, *s; + int i; + + if (*val == '!') + { + m->invert = true; + while (isspace(*++val)); + } + + if (!(s = strdup(val))) + return false; + + if (!(p = strtok(s, " \t"))) + { + free(s); + return false; + } + + strncpy(m->name, p, sizeof(m->name)); + + for (i = 0, p = strtok(NULL, " \t,"); + i < 3 && p != NULL; + i++, p = strtok(NULL, " \t,")) + { + if (!strncmp(p, "dest", 4) || !strncmp(p, "dst", 3)) + m->dir[i] = "dst"; + else if (!strncmp(p, "src", 3)) + m->dir[i] = "src"; + } + + free(s); + + m->set = true; + return true; +} + void fw3_parse_options(void *s, const struct fw3_option *opts, @@ -878,16 +936,6 @@ fw3_parse_options(void *s, const struct fw3_option *opts, } -void -fw3_format_in_out(struct fw3_device *in, struct fw3_device *out) -{ - if (in && !in->any) - fw3_pr(" %s-i %s", in->invert ? "! " : "", in->name); - - if (out && !out->any) - fw3_pr(" %s-o %s", out->invert ? "! " : "", out->name); -} - const char * fw3_address_to_string(struct fw3_address *address, bool allow_invert) { @@ -918,288 +966,3 @@ fw3_address_to_string(struct fw3_address *address, bool allow_invert) return buf; } - -void -fw3_format_src_dest(struct fw3_address *src, struct fw3_address *dest) -{ - if ((src && src->range) || (dest && dest->range)) - fw3_pr(" -m iprange"); - - if (src && src->set) - { - fw3_pr(" %s%s %s", src->invert ? "! " : "", - src->range ? "--src-range" : "-s", - fw3_address_to_string(src, false)); - } - - if (dest && dest->set) - { - fw3_pr(" %s%s %s", dest->invert ? "! " : "", - dest->range ? "--dst-range" : "-d", - fw3_address_to_string(dest, false)); - } -} - -void -fw3_format_sport_dport(struct fw3_port *sp, struct fw3_port *dp) -{ - if (sp && sp->set) - { - if (sp->port_min == sp->port_max) - fw3_pr(" %s--sport %u", sp->invert ? "! " : "", sp->port_min); - else - fw3_pr(" %s--sport %u:%u", - sp->invert ? "! " : "", sp->port_min, sp->port_max); - } - - if (dp && dp->set) - { - if (dp->port_min == dp->port_max) - fw3_pr(" %s--dport %u", dp->invert ? "! " : "", dp->port_min); - else - fw3_pr(" %s--dport %u:%u", - dp->invert ? "! " : "", dp->port_min, dp->port_max); - } -} - -void -fw3_format_mac(struct fw3_mac *mac) -{ - if (!mac) - return; - - fw3_pr(" -m mac %s--mac-source %s", - mac->invert ? "! " : "", ether_ntoa(&mac->mac)); -} - -void -fw3_format_protocol(struct fw3_protocol *proto, enum fw3_family family) -{ - uint16_t pr; - - if (!proto) - return; - - pr = proto->protocol; - - if (pr == 1 && family == FW3_FAMILY_V6) - pr = 58; - - if (proto->any) - fw3_pr(" -p all"); - else - fw3_pr(" %s-p %u", proto->invert ? "! " : "", pr); -} - -void -fw3_format_icmptype(struct fw3_icmptype *icmp, enum fw3_family family) -{ - if (!icmp) - return; - - if (family != FW3_FAMILY_V6) - { - if (icmp->code_min == 0 && icmp->code_max == 0xFF) - fw3_pr(" %s--icmp-type %u", icmp->invert ? "! " : "", icmp->type); - else - fw3_pr(" %s--icmp-type %u/%u", - icmp->invert ? "! " : "", icmp->type, icmp->code_min); - } - else - { - if (icmp->code6_min == 0 && icmp->code6_max == 0xFF) - fw3_pr(" %s--icmpv6-type %u", icmp->invert ? "! " : "", icmp->type6); - else - fw3_pr(" %s--icmpv6-type %u/%u", - icmp->invert ? "! " : "", icmp->type6, icmp->code6_min); - } -} - -void -fw3_format_limit(struct fw3_limit *limit) -{ - if (!limit) - return; - - if (limit->rate > 0) - { - fw3_pr(" -m limit %s--limit %u/%s", - limit->invert ? "! " : "", - limit->rate, limit_units[limit->unit]); - - if (limit->burst > 0) - fw3_pr(" --limit-burst %u", limit->burst); - } -} - -void -fw3_format_ipset(struct fw3_ipset *ipset, bool invert) -{ - bool first = true; - const char *name = NULL; - struct fw3_ipset_datatype *type; - - if (!ipset) - return; - - if (ipset->external && *ipset->external) - name = ipset->external; - else - name = ipset->name; - - fw3_pr(" -m set %s--match-set %s", invert ? "! " : "", name); - - list_for_each_entry(type, &ipset->datatypes, list) - { - fw3_pr("%c%s", first ? ' ' : ',', type->dest ? "dst" : "src"); - first = false; - } -} - -void -fw3_format_time(struct fw3_time *time) -{ - int i; - struct tm empty = { 0 }; - char buf[sizeof("9999-99-99T23:59:59\0")]; - bool d1 = memcmp(&time->datestart, &empty, sizeof(empty)); - bool d2 = memcmp(&time->datestop, &empty, sizeof(empty)); - bool first; - - if (!d1 && !d2 && !time->timestart && !time->timestop && - !(time->monthdays & 0xFFFFFFFE) && !(time->weekdays & 0xFE)) - { - return; - } - - fw3_pr(" -m time"); - - if (time->utc) - fw3_pr(" --utc"); - - if (d1) - { - strftime(buf, sizeof(buf), "%Y-%m-%dT%H:%M:%S", &time->datestart); - fw3_pr(" --datestart %s", buf); - } - - if (d2) - { - strftime(buf, sizeof(buf), "%Y-%m-%dT%H:%M:%S", &time->datestop); - fw3_pr(" --datestop %s", buf); - } - - if (time->timestart) - { - fw3_pr(" --timestart %02d:%02d:%02d", - time->timestart / 3600, - time->timestart % 3600 / 60, - time->timestart % 60); - } - - if (time->timestop) - { - fw3_pr(" --timestop %02d:%02d:%02d", - time->timestop / 3600, - time->timestop % 3600 / 60, - time->timestop % 60); - } - - if (time->monthdays & 0xFFFFFFFE) - { - fw3_pr(" %s--monthdays", hasbit(time->monthdays, 0) ? "! " : ""); - - for (i = 1, first = true; i < 32; i++) - { - if (hasbit(time->monthdays, i)) - { - fw3_pr("%c%u", first ? ' ' : ',', i); - first = false; - } - } - } - - if (time->weekdays & 0xFE) - { - fw3_pr(" %s--weekdays", hasbit(time->weekdays, 0) ? "! " : ""); - - for (i = 1, first = true; i < 8; i++) - { - if (hasbit(time->weekdays, i)) - { - fw3_pr("%c%u", first ? ' ' : ',', i); - first = false; - } - } - } -} - -void -fw3_format_mark(struct fw3_mark *mark) -{ - if (!mark->set) - return; - - fw3_pr(" -m mark %s--mark 0x%x", mark->invert ? "! " : "", mark->mark); - - if (mark->mask < 0xFFFFFFFF) - fw3_pr("/0x%x", mark->mask); -} - -void -__fw3_format_comment(const char *comment, ...) -{ - va_list ap; - int len = 0; - const char *c; - - if (!comment || !*comment) - return; - - fw3_pr(" -m comment --comment \""); - - c = comment; - - va_start(ap, comment); - - do - { - while (*c) - { - switch (*c) - { - case '"': - case '$': - case '`': - case '\\': - fw3_pr("\\"); - /* fall through */ - - default: - fw3_pr("%c", *c); - break; - } - - c++; - - if (len++ >= 255) - goto end; - } - - c = va_arg(ap, const char *); - } - while (c); - -end: - va_end(ap); - fw3_pr("\""); -} - -void -fw3_format_extra(const char *extra) -{ - if (!extra || !*extra) - return; - - fw3_pr(" %s", extra); -}