X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=utils.c;h=1942cbc71068effda0c923f4e4f0ec55cfaf0aa9;hp=9899d4d5d507471848cf0f16b6937f6e467bee82;hb=62863ea95d3c2c7dd0b56ac0f1dee5a4590ca70c;hpb=8fee8f9c520c58d07772cc6bd8f65d9eb1776a56 diff --git a/utils.c b/utils.c index 9899d4d..1942cbc 100644 --- a/utils.c +++ b/utils.c @@ -19,10 +19,17 @@ #include "utils.h" #include "options.h" +#include "zones.h" +#include "ipsets.h" + + static int lock_fd = -1; static pid_t pipe_pid = -1; static FILE *pipe_fd = NULL; +bool fw3_pr_debug = false; + + static void warn_elem_section_name(struct uci_section *s, bool find_name) { @@ -246,10 +253,18 @@ __fw3_command_pipe(bool silent, const char *command, ...) void fw3_pr(const char *fmt, ...) { - va_list args; - va_start(args, fmt); - vfprintf(pipe_fd, fmt, args); - va_end(args); + va_list args; + + if (fw3_pr_debug && pipe_fd != stdout) + { + va_start(args, fmt); + vfprintf(stderr, fmt, args); + va_end(args); + } + + va_start(args, fmt); + vfprintf(pipe_fd, fmt, args); + va_end(args); } void @@ -295,70 +310,290 @@ fw3_has_table(bool ipv6, const char *table) return seen; } + bool -fw3_check_statefile(bool test_exists) +fw3_lock(void) { - struct stat s; + lock_fd = open(FW3_LOCKFILE, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR); - if (!stat(FW3_STATEFILE, &s)) + if (lock_fd < 0) { - if (test_exists) - return true; - - warn("The firewall appears to be started already. " - "If it is indeed empty, remove the %s file and retry.", - FW3_STATEFILE); - + warn("Cannot create lock file %s: %s", FW3_LOCKFILE, strerror(errno)); return false; } - else if (test_exists) + + if (flock(lock_fd, LOCK_EX)) { - warn("The firewall appears to stopped already."); + warn("Cannot acquire exclusive lock: %s", strerror(errno)); return false; } - lock_fd = open(FW3_STATEFILE, O_CREAT | O_RDWR); + return true; +} +void +fw3_unlock(void) +{ if (lock_fd < 0) + return; + + if (flock(lock_fd, LOCK_UN)) + warn("Cannot release exclusive lock: %s", strerror(errno)); + + close(lock_fd); + unlink(FW3_LOCKFILE); + + lock_fd = -1; +} + + +bool +fw3_read_statefile(void *state) +{ + FILE *sf; + + int type; + char line[128]; + const char *p, *name; + + uint32_t flags[2]; + + struct fw3_state *s = state; + struct fw3_zone *zone; + struct fw3_ipset *ipset; + struct fw3_device *net, *dev; + + sf = fopen(FW3_STATEFILE, "r"); + + if (!sf) + return false; + + while (fgets(line, sizeof(line), sf)) { - warn("Unable to create %s file", FW3_STATEFILE); - goto fail; + p = strtok(line, " \t\n"); + + if (!p) + continue; + + type = strtoul(p, NULL, 16); + name = strtok(NULL, " \t\n"); + + if (!name) + continue; + + if (!(p = strtok(NULL, " \t\n"))) + continue; + + flags[0] = strtoul(p, NULL, 16); + + if (!(p = strtok(NULL, " \t\n"))) + continue; + + flags[1] = strtoul(p, NULL, 16); + + switch (type) + { + case FW3_TYPE_DEFAULTS: + s->defaults.flags[0] = flags[0]; + s->defaults.flags[1] = flags[1]; + break; + + case FW3_TYPE_ZONE: + if (!(zone = fw3_lookup_zone(state, name, false))) + { + zone = fw3_alloc_zone(); + + if (!zone) + continue; + + zone->name = strdup(name); + list_add_tail(&zone->list, &s->zones); + } + + zone->flags[0] = flags[0]; + zone->flags[1] = flags[1]; + list_add_tail(&zone->running_list, &s->running_zones); + break; + + case FW3_TYPE_IPSET: + if (!(ipset = fw3_lookup_ipset(state, name, false))) + { + ipset = fw3_alloc_ipset(); + + if (!ipset) + continue; + + ipset->name = strdup(name); + list_add_tail(&ipset->list, &s->ipsets); + } + + ipset->flags[0] = flags[0]; + ipset->flags[1] = flags[1]; + list_add_tail(&ipset->running_list, &s->running_ipsets); + break; + + case FW3_TYPE_NETWORK: + if (!(zone = fw3_lookup_zone(state, name, false))) + continue; + + if (!(p = strtok(NULL, " \t\n")) || !(name = strtok(NULL, " \t\n"))) + continue; + + if (!(net = malloc(sizeof(*net)))) + continue; + + memset(net, 0, sizeof(*net)); + snprintf(net->name, sizeof(net->name), "%s", p); + list_add_tail(&net->list, &zone->running_networks); + + if (!(dev = malloc(sizeof(*dev)))) + continue; + + memset(dev, 0, sizeof(*dev)); + dev->network = net; + snprintf(dev->name, sizeof(dev->name), "%s", name); + list_add_tail(&dev->list, &zone->running_devices); + } } - if (flock(lock_fd, LOCK_EX)) + fclose(sf); + + return true; +} + +void +fw3_write_statefile(void *state) +{ + FILE *sf; + struct fw3_state *s = state; + struct fw3_defaults *defs = &s->defaults; + struct fw3_zone *z; + struct fw3_ipset *i; + struct fw3_device *d; + + if (fw3_no_table(defs->flags[0]) && fw3_no_table(defs->flags[1])) { - warn("Unable to acquire exclusive lock on %s file", FW3_STATEFILE); - goto fail; + if (unlink(FW3_STATEFILE)) + warn("Unable to remove state %s: %s", + FW3_STATEFILE, strerror(errno)); + return; } - return true; + sf = fopen(FW3_STATEFILE, "w"); + + if (!sf) + { + warn("Cannot create state %s: %s", FW3_STATEFILE, strerror(errno)); + return; + } -fail: - if (lock_fd > -1) + fprintf(sf, "%x - %x %x\n", + FW3_TYPE_DEFAULTS, defs->flags[0], defs->flags[1]); + + list_for_each_entry(z, &s->running_zones, running_list) { - close(lock_fd); - lock_fd = -1; + if (fw3_no_table(z->flags[0]) && fw3_no_table(z->flags[1])) + continue; + + fprintf(sf, "%x %s %x %x\n", + FW3_TYPE_ZONE, z->name, z->flags[0], z->flags[1]); + + list_for_each_entry(d, &z->devices, list) + { + if (!d->network) + continue; + + fprintf(sf, "%x %s 0 0 %s %s\n", + FW3_TYPE_NETWORK, z->name, d->network->name, d->name); + } } - return false; + list_for_each_entry(i, &s->running_ipsets, running_list) + { + if (!fw3_no_family(i->flags[0]) || !fw3_no_family(i->flags[1])) + { + fprintf(sf, "%x %s %x %x\n", + FW3_TYPE_IPSET, i->name, i->flags[0], i->flags[1]); + } + } + + fclose(sf); } + +struct object_list_heads +{ + struct list_head list; + struct list_head running_list; +}; + void -fw3_remove_statefile(void) +fw3_set_running(void *object, struct list_head *dest) { - if (lock_fd > -1) - fw3_close_statefile(); + struct object_list_heads *o = object; - if (unlink(FW3_STATEFILE)) - warn("Unable to delete %s file", FW3_STATEFILE); + if (dest && !o->running_list.next) + list_add_tail(&o->running_list, dest); + else if (!dest && o->running_list.next) + list_del(&o->running_list); } void -fw3_close_statefile(void) +fw3_free_object(void *obj, const void *opts) { - flock(lock_fd, LOCK_UN); - close(lock_fd); + const struct fw3_option *ol; + struct list_head *list, *cur, *tmp; - lock_fd = -1; + for (ol = opts; ol->name; ol++) + { + if (!ol->elem_size) + continue; + + list = (struct list_head *)((char *)obj + ol->offset); + list_for_each_safe(cur, tmp, list) + { + list_del(cur); + free(cur); + } + } + + free(obj); +} + + +bool +fw3_pr_rulespec(int table, int family, uint32_t *flags, uint32_t mask, + const struct fw3_rule_spec *r, const char *fmt, ...) +{ + char buf[256]; + bool rv = false; + + va_list ap; + uint32_t f = flags ? flags[family == FW3_FAMILY_V6] : 0; + + if (mask) + f &= mask; + + for (; r->format; r++) + { + if (!fw3_is_family(r, family)) + continue; + + if (r->table != table) + continue; + + if ((r->flag != 0) && !hasbit(f, r->flag)) + continue; + + va_start(ap, fmt); + vsnprintf(buf, sizeof(buf), r->format, ap); + va_end(ap); + + fw3_pr(fmt, buf); + + rv = true; + } + + return rv; }