X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=ubus.c;h=7029d630af60f54298f929acf581a7afe0c223f6;hp=a5f3a65a9d7c5b8ebe175ea32a77d481c9712abb;hb=30463d08056db8f03d17c0569581aef96418c38d;hpb=92281eb747b56e748b7c3d754055919c23befdd4

diff --git a/ubus.c b/ubus.c
index a5f3a65..7029d63 100644
--- a/ubus.c
+++ b/ubus.c
@@ -1,7 +1,7 @@
 /*
  * firewall3 - 3rd OpenWrt UCI firewall implementation
  *
- *   Copyright (C) 2013 Jo-Philipp Wich <jow@openwrt.org>
+ *   Copyright (C) 2013 Jo-Philipp Wich <jo@mein.io>
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -19,6 +19,7 @@
 #include "ubus.h"
 
 static struct blob_attr *interfaces = NULL;
+static struct blob_attr *procd_data;
 
 
 static void dump_cb(struct ubus_request *req, int type, struct blob_attr *msg)
@@ -31,12 +32,18 @@ static void dump_cb(struct ubus_request *req, int type, struct blob_attr *msg)
 		interfaces = blob_memdup(cur);
 }
 
+static void procd_data_cb(struct ubus_request *req, int type, struct blob_attr *msg)
+{
+	procd_data = blob_memdup(msg);
+}
+
 bool
 fw3_ubus_connect(void)
 {
 	bool status = false;
 	uint32_t id;
 	struct ubus_context *ctx = ubus_connect(NULL);
+	struct blob_buf b = { };
 
 	if (!ctx)
 		goto out;
@@ -44,11 +51,19 @@ fw3_ubus_connect(void)
 	if (ubus_lookup_id(ctx, "network.interface", &id))
 		goto out;
 
-	if (ubus_invoke(ctx, id, "dump", NULL, dump_cb, NULL, 500))
+	if (ubus_invoke(ctx, id, "dump", NULL, dump_cb, NULL, 2000))
 		goto out;
 
 	status = true;
 
+	if (ubus_lookup_id(ctx, "service", &id))
+		goto out;
+
+	blob_buf_init(&b, 0);
+	blobmsg_add_string(&b, "type", "firewall");
+	ubus_invoke(ctx, id, "get_data", b.head, procd_data_cb, NULL, 2000);
+	blob_buf_free(&b);
+
 out:
 	if (ctx)
 		ubus_free(ctx);
@@ -79,77 +94,96 @@ parse_subnet(enum fw3_family family, struct blob_attr *dict, int rem)
 	{
 		if (!strcmp(blobmsg_name(cur), "address"))
 			inet_pton(family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
-			          blobmsg_data(cur), &addr->address.v6);
+			          blobmsg_get_string(cur), &addr->address.v6);
 
 		else if (!strcmp(blobmsg_name(cur), "mask"))
-			addr->mask = be32_to_cpu(*(uint32_t *)blobmsg_data(cur));
+			fw3_bitlen2netmask(family, blobmsg_get_u32(cur), &addr->mask.v6);
 	}
 
 	return addr;
 }
 
-static void
+static int
 parse_subnets(struct list_head *head, enum fw3_family family,
               struct blob_attr *list)
 {
 	struct blob_attr *cur;
 	struct fw3_address *addr;
-	int rem;
+	int rem, n = 0;
 
 	if (!list)
-		return;
+		return 0;
 
-	blob_for_each_attr(cur, list, rem)
+	rem = blobmsg_data_len(list);
+
+	__blob_for_each_attr(cur, blobmsg_data(list), rem)
 	{
 		addr = parse_subnet(family, blobmsg_data(cur), blobmsg_data_len(cur));
 
 		if (addr)
+		{
 			list_add_tail(&addr->list, head);
+			n++;
+		}
 	}
+
+	return n;
 }
 
 struct fw3_device *
 fw3_ubus_device(const char *net)
 {
+	enum {
+		DEV_INTERFACE,
+		DEV_DEVICE,
+		DEV_L3_DEVICE,
+		__DEV_MAX
+	};
+	static const struct blobmsg_policy policy[__DEV_MAX] = {
+		[DEV_INTERFACE] = { "interface", BLOBMSG_TYPE_STRING },
+		[DEV_DEVICE] = { "device", BLOBMSG_TYPE_STRING },
+		[DEV_L3_DEVICE] = { "l3_device", BLOBMSG_TYPE_STRING },
+	};
 	struct fw3_device *dev = NULL;
-	struct blob_attr *c, *cur;
-	unsigned r, rem;
-	char *data;
-	bool matched;
+	struct blob_attr *tb[__DEV_MAX];
+	struct blob_attr *cur;
+	char *name = NULL;
+	int rem;
 
 	if (!net || !interfaces)
 		return NULL;
 
-	dev = calloc(1, sizeof(*dev));
-	if (!dev)
-		return NULL;
-
-	blobmsg_for_each_attr(c, interfaces, r) {
-		matched = false;
-		blobmsg_for_each_attr(cur, c, rem)
-			if (!strcmp(blobmsg_name(cur), "interface"))
-				matched = !strcmp(blobmsg_get_string(cur), net);
+	blobmsg_for_each_attr(cur, interfaces, rem) {
+		blobmsg_parse(policy, __DEV_MAX, tb, blobmsg_data(cur), blobmsg_len(cur));
+		if (!tb[DEV_INTERFACE] ||
+		    strcmp(blobmsg_data(tb[DEV_INTERFACE]), net) != 0)
+			continue;
 
-		if (!matched)
+		if (tb[DEV_L3_DEVICE])
+			name = blobmsg_data(tb[DEV_L3_DEVICE]);
+		else if (tb[DEV_DEVICE])
+			name = blobmsg_data(tb[DEV_DEVICE]);
+		else
 			continue;
 
-		blobmsg_for_each_attr(cur, c, rem) {
-			data = blobmsg_data(cur);
+		break;
+	}
 
-			if (!strcmp(blobmsg_name(cur), "device") && !dev->name[0])
-				snprintf(dev->name, sizeof(dev->name), "%s", data);
-			else if (!strcmp(blobmsg_name(cur), "l3_device"))
-				snprintf(dev->name, sizeof(dev->name), "%s", data);
-		}
+	if (!name)
+		return NULL;
 
-		dev->set = !!dev->name[0];
-		return dev;
-	}
+	dev = calloc(1, sizeof(*dev));
 
-	return NULL;
+	if (!dev)
+		return NULL;
+
+	snprintf(dev->name, sizeof(dev->name), "%s", name);
+	dev->set = true;
+
+	return dev;
 }
 
-void
+int
 fw3_ubus_address(struct list_head *list, const char *net)
 {
 	enum {
@@ -167,10 +201,10 @@ fw3_ubus_address(struct list_head *list, const char *net)
 	};
 	struct blob_attr *tb[__ADDR_MAX];
 	struct blob_attr *cur;
-	int rem;
+	int rem, n = 0;
 
 	if (!net || !interfaces)
-		return;
+		return 0;
 
 	blobmsg_for_each_attr(cur, interfaces, rem) {
 		blobmsg_parse(policy, __ADDR_MAX, tb, blobmsg_data(cur), blobmsg_len(cur));
@@ -179,10 +213,12 @@ fw3_ubus_address(struct list_head *list, const char *net)
 		    strcmp(blobmsg_data(tb[ADDR_INTERFACE]), net) != 0)
 			continue;
 
-		parse_subnets(list, FW3_FAMILY_V4, tb[ADDR_IPV4]);
-		parse_subnets(list, FW3_FAMILY_V6, tb[ADDR_IPV6]);
-		parse_subnets(list, FW3_FAMILY_V6, tb[ADDR_IPV6_PREFIX]);
+		n += parse_subnets(list, FW3_FAMILY_V4, tb[ADDR_IPV4]);
+		n += parse_subnets(list, FW3_FAMILY_V6, tb[ADDR_IPV6]);
+		n += parse_subnets(list, FW3_FAMILY_V6, tb[ADDR_IPV6_PREFIX]);
 	}
+
+	return n;
 }
 
 void
@@ -211,21 +247,61 @@ fw3_ubus_zone_devices(struct fw3_zone *zone)
 	}
 }
 
+static void fw3_ubus_rules_add(struct blob_buf *b, const char *service,
+		const char *instance, const char *device,
+		const struct blob_attr *rule, unsigned n)
+{
+	void *k = blobmsg_open_table(b, "");
+	struct blob_attr *ropt;
+	unsigned orem;
+	char *type = NULL;
+	char comment[256];
+
+	blobmsg_for_each_attr(ropt, rule, orem) {
+		if (!strcmp(blobmsg_name(ropt), "type"))
+			type = blobmsg_data(ropt);
+		if (device && !strcmp(blobmsg_name(ropt), "device"))
+			device = blobmsg_get_string(ropt);
+		else if (strcmp(blobmsg_name(ropt), "name"))
+			blobmsg_add_blob(b, ropt);
+	}
+
+	if (instance)
+		snprintf(comment, sizeof(comment), "ubus:%s[%s] %s %d",
+				service, instance, type ? type : "rule", n);
+	else
+		snprintf(comment, sizeof(comment), "ubus:%s %s %d",
+				service, type ? type : "rule", n);
+
+	blobmsg_add_string(b, "name", comment);
+
+	if (device)
+		blobmsg_add_string(b, "device", device);
+
+	blobmsg_close_table(b, k);
+}
+
 void
 fw3_ubus_rules(struct blob_buf *b)
 {
 	blob_buf_init(b, 0);
 
-	struct blob_attr *c, *cur, *dcur, *rule, *ropt;
-	unsigned r, rem, drem, rrem, orem;
+	struct blob_attr *c, *cur, *dcur, *rule;
+	unsigned n, r, rem, drem, rrem;
 
 	blobmsg_for_each_attr(c, interfaces, r) {
 		const char *l3_device = NULL;
+		const char *iface_proto = "unknown";
+		const char *iface_name = "unknown";
 		struct blob_attr *data = NULL;
 
 		blobmsg_for_each_attr(cur, c, rem) {
 			if (!strcmp(blobmsg_name(cur), "l3_device"))
 				l3_device = blobmsg_get_string(cur);
+			else if (!strcmp(blobmsg_name(cur), "interface"))
+				iface_name = blobmsg_get_string(cur);
+			else if (!strcmp(blobmsg_name(cur), "proto"))
+				iface_proto = blobmsg_get_string(cur);
 			else if (!strcmp(blobmsg_name(cur), "data"))
 				data = cur;
 		}
@@ -237,15 +313,51 @@ fw3_ubus_rules(struct blob_buf *b)
 			if (strcmp(blobmsg_name(dcur), "firewall"))
 				continue;
 
-			blobmsg_for_each_attr(rule, dcur, rrem) {
-				void *k = blobmsg_open_table(b, "");
+			n = 0;
+
+			blobmsg_for_each_attr(rule, dcur, rrem)
+				fw3_ubus_rules_add(b, iface_name, iface_proto,
+					l3_device, rule, n++);
+		}
+	}
+
+	if (!procd_data)
+		return;
+
+	/* service */
+	blobmsg_for_each_attr(c, procd_data, r) {
+		if (!blobmsg_check_attr(c, true))
+			continue;
+
+		/* instance */
+		blobmsg_for_each_attr(cur, c, rem) {
+			if (!blobmsg_check_attr(cur, true))
+				continue;
+
+			/* fw rules within the service itself */
+			if (!strcmp(blobmsg_name(cur), "firewall")) {
+				n = 0;
+
+				blobmsg_for_each_attr(rule, cur, rrem)
+					fw3_ubus_rules_add(b, blobmsg_name(c),
+						NULL, NULL, rule, n++);
+
+				continue;
+			}
+
+			/* type */
+			blobmsg_for_each_attr(dcur, cur, drem) {
+				if (!blobmsg_check_attr(dcur, true))
+					continue;
+
+				if (strcmp(blobmsg_name(dcur), "firewall"))
+					continue;
 
-				blobmsg_for_each_attr(ropt, rule, orem)
-					if (strcmp(blobmsg_name(ropt), "device"))
-						blobmsg_add_blob(b, ropt);
+				n = 0;
 
-				blobmsg_add_string(b, "device", l3_device);
-				blobmsg_close_table(b, k);
+				blobmsg_for_each_attr(rule, dcur, rrem)
+					fw3_ubus_rules_add(b, blobmsg_name(c),
+						blobmsg_name(cur), NULL, rule, n++);
 			}
 		}
 	}