X-Git-Url: http://git.archive.openwrt.org/?p=project%2Ffirewall3.git;a=blobdiff_plain;f=utils.c;h=e7a22159244ec702a1a18a5a285f1ca54728c55e;hp=9b383a35a414e764cad51a2b8d833deb3bb66b0d;hb=55cad166123faca16c40b25579fd4d49e4b3a380;hpb=61cc1d220c95168faf24bececc752a5af7ce6431 diff --git a/utils.c b/utils.c index 9b383a3..e7a2215 100644 --- a/utils.c +++ b/utils.c @@ -244,6 +244,7 @@ __fw3_command_pipe(bool silent, const char *command, ...) signal(SIGPIPE, SIG_IGN); pipe_pid = pid; close(pfds[0]); + fcntl(pfds[1], F_SETFD, fcntl(pfds[1], F_GETFD) | FD_CLOEXEC); } pipe_fd = fdopen(pfds[1], "w"); @@ -356,11 +357,12 @@ fw3_read_statefile(void *state) char line[128]; const char *p, *name; - uint32_t flags; + uint32_t flags[2]; struct fw3_state *s = state; struct fw3_zone *zone; struct fw3_ipset *ipset; + struct fw3_device *net, *dev; sf = fopen(FW3_STATEFILE, "r"); @@ -380,17 +382,21 @@ fw3_read_statefile(void *state) if (!name) continue; - p = strtok(NULL, " \t\n"); + if (!(p = strtok(NULL, " \t\n"))) + continue; - if (!p) + flags[0] = strtoul(p, NULL, 16); + + if (!(p = strtok(NULL, " \t\n"))) continue; - flags = strtoul(p, NULL, 16); + flags[1] = strtoul(p, NULL, 16); switch (type) { case FW3_TYPE_DEFAULTS: - s->defaults.running_flags = flags; + s->defaults.flags[0] = flags[0]; + s->defaults.flags[1] = flags[1]; break; case FW3_TYPE_ZONE: @@ -403,9 +409,12 @@ fw3_read_statefile(void *state) zone->name = strdup(name); list_add_tail(&zone->list, &s->zones); + + setbit(flags[0], FW3_FLAG_DELETED); } - zone->running_dst_flags = flags; + zone->flags[0] = flags[0]; + zone->flags[1] = flags[1]; list_add_tail(&zone->running_list, &s->running_zones); break; @@ -419,11 +428,36 @@ fw3_read_statefile(void *state) ipset->name = strdup(name); list_add_tail(&ipset->list, &s->ipsets); + + setbit(flags[0], FW3_FLAG_DELETED); } - ipset->running_flags = flags; + ipset->flags[0] = flags[0]; + ipset->flags[1] = flags[1]; list_add_tail(&ipset->running_list, &s->running_ipsets); break; + + case FW3_TYPE_NETWORK: + if (!(zone = fw3_lookup_zone(state, name, false))) + continue; + + if (!(p = strtok(NULL, " \t\n")) || !(name = strtok(NULL, " \t\n"))) + continue; + + if (!(net = malloc(sizeof(*net)))) + continue; + + memset(net, 0, sizeof(*net)); + snprintf(net->name, sizeof(net->name), "%s", p); + list_add_tail(&net->list, &zone->running_networks); + + if (!(dev = malloc(sizeof(*dev)))) + continue; + + memset(dev, 0, sizeof(*dev)); + dev->network = net; + snprintf(dev->name, sizeof(dev->name), "%s", name); + list_add_tail(&dev->list, &zone->running_devices); } } @@ -437,13 +471,12 @@ fw3_write_statefile(void *state) { FILE *sf; struct fw3_state *s = state; - struct fw3_defaults *d = &s->defaults; + struct fw3_defaults *defs = &s->defaults; struct fw3_zone *z; struct fw3_ipset *i; + struct fw3_device *d; - int mask = (1 << FW3_FAMILY_V4) | (1 << FW3_FAMILY_V6); - - if (!(d->flags & mask)) + if (fw3_no_table(defs->flags[0]) && fw3_no_table(defs->flags[1])) { if (unlink(FW3_STATEFILE)) warn("Unable to remove state %s: %s", @@ -460,16 +493,40 @@ fw3_write_statefile(void *state) return; } - fprintf(sf, "%x - %x\n", FW3_TYPE_DEFAULTS, d->flags); + fprintf(sf, "%x - %x %x\n", + FW3_TYPE_DEFAULTS, defs->flags[0], defs->flags[1]); list_for_each_entry(z, &s->running_zones, running_list) { - fprintf(sf, "%x %s %x\n", FW3_TYPE_ZONE, z->name, z->dst_flags); + if (hasbit(z->flags[0], FW3_FLAG_DELETED)) + continue; + + if (fw3_no_table(z->flags[0]) && fw3_no_table(z->flags[1])) + continue; + + fprintf(sf, "%x %s %x %x\n", + FW3_TYPE_ZONE, z->name, z->flags[0], z->flags[1]); + + list_for_each_entry(d, &z->devices, list) + { + if (!d->network) + continue; + + fprintf(sf, "%x %s 0 0 %s %s\n", + FW3_TYPE_NETWORK, z->name, d->network->name, d->name); + } } list_for_each_entry(i, &s->running_ipsets, running_list) { - fprintf(sf, "%x %s %x\n", FW3_TYPE_IPSET, i->name, i->flags); + if (hasbit(z->flags[0], FW3_FLAG_DELETED)) + continue; + + if (!fw3_no_family(i->flags[0]) || !fw3_no_family(i->flags[1])) + { + fprintf(sf, "%x %s %x %x\n", + FW3_TYPE_IPSET, i->name, i->flags[0], i->flags[1]); + } } fclose(sf); @@ -514,3 +571,80 @@ fw3_free_object(void *obj, const void *opts) free(obj); } + + +bool +fw3_pr_rulespec(int table, int family, uint32_t *flags, uint32_t mask, + const struct fw3_rule_spec *r, const char *fmt, ...) +{ + char buf[256]; + bool rv = false; + + va_list ap; + uint32_t f = flags ? flags[family == FW3_FAMILY_V6] : 0; + + if (mask) + f &= mask; + + for (; r->format; r++) + { + if (!fw3_is_family(r, family)) + continue; + + if (r->table != table) + continue; + + if ((r->flag != 0) && !hasbit(f, r->flag)) + continue; + + va_start(ap, fmt); + vsnprintf(buf, sizeof(buf), r->format, ap); + va_end(ap); + + fw3_pr(fmt, buf); + + rv = true; + } + + return rv; +} + + +bool +fw3_hotplug(bool add, void *zone, void *device) +{ + struct fw3_zone *z = zone; + struct fw3_device *d = device; + + if (!d->network) + return false; + + switch (fork()) + { + case -1: + warn("Unable to fork(): %s\n", strerror(errno)); + return false; + + case 0: + break; + + default: + return true; + } + + close(0); + close(1); + close(2); + chdir("/"); + + clearenv(); + setenv("ACTION", add ? "add" : "remove", 1); + setenv("ZONE", z->name, 1); + setenv("INTERFACE", d->network->name, 1); + setenv("DEVICE", d->name, 1); + + execl(FW3_HOTPLUG, FW3_HOTPLUG, "firewall", NULL); + + /* unreached */ + return false; +}