"DROP",
};
-static const char *limit_units[] = {
+const char *fw3_limit_units[__FW3_LIMIT_UNIT_MAX] = {
"second",
"minute",
"hour",
"day",
};
-static const char *ipset_methods[] = {
+const char *fw3_ipset_method_names[__FW3_IPSET_METHOD_MAX] = {
+ "(bug)",
"bitmap",
"hash",
"list",
};
-static const char *ipset_types[] = {
+const char *fw3_ipset_type_names[__FW3_IPSET_TYPE_MAX] = {
+ "(bug)",
"ip",
"port",
"mac",
bool
fw3_parse_int(void *ptr, const char *val, bool is_list)
{
- int n = strtol(val, NULL, 10);
+ int n = strtol(val, NULL, 0);
if (errno == ERANGE || errno == EINVAL)
return false;
if (!strlen(e))
return false;
- if (!parse_enum(&u, e, limit_units, 0, FW3_LIMIT_UNIT_DAY))
+ if (!parse_enum(&u, e, fw3_limit_units, 0, FW3_LIMIT_UNIT_DAY))
return false;
limit->rate = n;
bool
fw3_parse_device(void *ptr, const char *val, bool is_list)
{
+ char *p;
struct fw3_device dev = { };
if (*val == '*')
while (isspace(*++val));
}
+ if ((p = strchr(val, '@')) != NULL)
+ {
+ *p++ = 0;
+ snprintf(dev.network, sizeof(dev.network), "%s", p);
+ }
+
if (*val)
snprintf(dev.name, sizeof(dev.name), "%s", val);
else
list_for_each_entry(addr, addr_list, list)
{
addr->invert = dev.invert;
+ addr->resolved = true;
if (!put_value(ptr, addr, sizeof(*addr), is_list))
break;
}
- fw3_ubus_address_free(addr_list);
+ fw3_free_list(addr_list);
}
}
{
struct fw3_protocol proto = { };
struct protoent *ent;
+ char *e;
if (*val == '!')
{
return true;
}
- proto.protocol = strtoul(val, NULL, 10);
+ proto.protocol = strtoul(val, &e, 10);
- if (errno == ERANGE || errno == EINVAL)
+ if ((e == val) || (*e != 0))
return false;
put_value(ptr, &proto, sizeof(proto), is_list);
bool
fw3_parse_ipset_method(void *ptr, const char *val, bool is_list)
{
- return parse_enum(ptr, val, ipset_methods,
+ return parse_enum(ptr, val, &fw3_ipset_method_names[FW3_IPSET_METHOD_BITMAP],
FW3_IPSET_METHOD_BITMAP, FW3_IPSET_METHOD_LIST);
}
bool
fw3_parse_ipset_datatype(void *ptr, const char *val, bool is_list)
{
- struct fw3_ipset_datatype *type = ptr;
+ struct fw3_ipset_datatype type = { };
+
+ type.dir = "src";
if (!strncmp(val, "dest_", 5))
{
val += 5;
- type->dest = true;
+ type.dir = "dst";
}
else if (!strncmp(val, "dst_", 4))
{
val += 4;
- type->dest = true;
+ type.dir = "dst";
}
else if (!strncmp(val, "src_", 4))
{
val += 4;
- type->dest = false;
+ type.dir = "src";
+ }
+
+ if (parse_enum(&type.type, val, &fw3_ipset_type_names[FW3_IPSET_TYPE_IP],
+ FW3_IPSET_TYPE_IP, FW3_IPSET_TYPE_SET))
+ {
+ put_value(ptr, &type, sizeof(type), is_list);
+ return true;
}
- return parse_enum(&type->type, val, ipset_types,
- FW3_IPSET_TYPE_IP, FW3_IPSET_TYPE_SET);
+ return false;
}
bool
return true;
}
+bool
+fw3_parse_setmatch(void *ptr, const char *val, bool is_list)
+{
+ struct fw3_setmatch *m = ptr;
+ char *p, *s;
+ int i;
+
+ if (*val == '!')
+ {
+ m->invert = true;
+ while (isspace(*++val));
+ }
+
+ if (!(s = strdup(val)))
+ return false;
+
+ if (!(p = strtok(s, " \t")))
+ {
+ free(s);
+ return false;
+ }
+
+ strncpy(m->name, p, sizeof(m->name));
+
+ for (i = 0, p = strtok(NULL, " \t,");
+ i < 3 && p != NULL;
+ i++, p = strtok(NULL, " \t,"))
+ {
+ if (!strncmp(p, "dest", 4) || !strncmp(p, "dst", 3))
+ m->dir[i] = "dst";
+ else if (!strncmp(p, "src", 3))
+ m->dir[i] = "src";
+ }
+
+ free(s);
+
+ m->set = true;
+ return true;
+}
+
void
fw3_parse_options(void *s, const struct fw3_option *opts,
}
-void
-fw3_format_in_out(struct fw3_device *in, struct fw3_device *out)
-{
- if (in && !in->any)
- fw3_pr(" %s-i %s", in->invert ? "! " : "", in->name);
-
- if (out && !out->any)
- fw3_pr(" %s-o %s", out->invert ? "! " : "", out->name);
-}
-
-void
-fw3_format_src_dest(struct fw3_address *src, struct fw3_address *dest)
-{
- char s[INET6_ADDRSTRLEN];
-
- if ((src && src->range) || (dest && dest->range))
- fw3_pr(" -m iprange");
-
- if (src && src->set)
- {
- if (src->range)
- {
- inet_ntop(src->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
- &src->address.v4, s, sizeof(s));
-
- fw3_pr(" %s--src-range %s", src->invert ? "! " : "", s);
-
- inet_ntop(src->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
- &src->address2.v4, s, sizeof(s));
-
- fw3_pr("-%s", s);
- }
- else
- {
- inet_ntop(src->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
- &src->address.v4, s, sizeof(s));
-
- fw3_pr(" %s-s %s/%u", src->invert ? "! " : "", s, src->mask);
- }
- }
-
- if (dest && dest->set)
- {
- if (dest->range)
- {
- inet_ntop(dest->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
- &dest->address.v4, s, sizeof(s));
-
- fw3_pr(" %s--dst-range %s", dest->invert ? "! " : "", s);
-
- inet_ntop(dest->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
- &dest->address2.v4, s, sizeof(s));
-
- fw3_pr("-%s", s);
- }
- else
- {
- inet_ntop(dest->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
- &dest->address.v4, s, sizeof(s));
-
- fw3_pr(" %s-d %s/%u", dest->invert ? "! " : "", s, dest->mask);
- }
- }
-}
-
-void
-fw3_format_sport_dport(struct fw3_port *sp, struct fw3_port *dp)
-{
- if (sp && sp->set)
- {
- if (sp->port_min == sp->port_max)
- fw3_pr(" %s--sport %u", sp->invert ? "! " : "", sp->port_min);
- else
- fw3_pr(" %s--sport %u:%u",
- sp->invert ? "! " : "", sp->port_min, sp->port_max);
- }
-
- if (dp && dp->set)
- {
- if (dp->port_min == dp->port_max)
- fw3_pr(" %s--dport %u", dp->invert ? "! " : "", dp->port_min);
- else
- fw3_pr(" %s--dport %u:%u",
- dp->invert ? "! " : "", dp->port_min, dp->port_max);
- }
-}
-
-void
-fw3_format_mac(struct fw3_mac *mac)
-{
- if (!mac)
- return;
-
- fw3_pr(" -m mac %s--mac-source %s",
- mac->invert ? "! " : "", ether_ntoa(&mac->mac));
-}
-
-void
-fw3_format_protocol(struct fw3_protocol *proto, enum fw3_family family)
+const char *
+fw3_address_to_string(struct fw3_address *address, bool allow_invert)
{
- uint16_t pr;
-
- if (!proto)
- return;
+ char *p, ip[INET6_ADDRSTRLEN];
+ static char buf[INET6_ADDRSTRLEN * 2 + 2];
- pr = proto->protocol;
+ p = buf;
- if (pr == 1 && family == FW3_FAMILY_V6)
- pr = 58;
+ if (address->invert && allow_invert)
+ p += sprintf(p, "!");
- if (proto->any)
- fw3_pr(" -p all");
- else
- fw3_pr(" %s-p %u", proto->invert ? "! " : "", pr);
-}
+ inet_ntop(address->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
+ &address->address.v4, ip, sizeof(ip));
-void
-fw3_format_icmptype(struct fw3_icmptype *icmp, enum fw3_family family)
-{
- if (!icmp)
- return;
+ p += sprintf(p, "%s", ip);
- if (family != FW3_FAMILY_V6)
+ if (address->range)
{
- if (icmp->code_min == 0 && icmp->code_max == 0xFF)
- fw3_pr(" %s--icmp-type %u", icmp->invert ? "! " : "", icmp->type);
- else
- fw3_pr(" %s--icmp-type %u/%u",
- icmp->invert ? "! " : "", icmp->type, icmp->code_min);
- }
- else
- {
- if (icmp->code6_min == 0 && icmp->code6_max == 0xFF)
- fw3_pr(" %s--icmpv6-type %u", icmp->invert ? "! " : "", icmp->type6);
- else
- fw3_pr(" %s--icmpv6-type %u/%u",
- icmp->invert ? "! " : "", icmp->type6, icmp->code6_min);
- }
-}
-
-void
-fw3_format_limit(struct fw3_limit *limit)
-{
- if (!limit)
- return;
-
- if (limit->rate > 0)
- {
- fw3_pr(" -m limit %s--limit %u/%s",
- limit->invert ? "! " : "",
- limit->rate, limit_units[limit->unit]);
+ inet_ntop(address->family == FW3_FAMILY_V4 ? AF_INET : AF_INET6,
+ &address->address2.v4, ip, sizeof(ip));
- if (limit->burst > 0)
- fw3_pr(" --limit-burst %u", limit->burst);
+ p += sprintf(p, "-%s", ip);
}
-}
-
-void
-fw3_format_ipset(struct fw3_ipset *ipset, bool invert)
-{
- bool first = true;
- const char *name = NULL;
- struct fw3_ipset_datatype *type;
-
- if (!ipset)
- return;
-
- if (ipset->external && *ipset->external)
- name = ipset->external;
else
- name = ipset->name;
-
- fw3_pr(" -m set %s--match-set %s", invert ? "! " : "", name);
-
- list_for_each_entry(type, &ipset->datatypes, list)
- {
- fw3_pr("%c%s", first ? ' ' : ',', type->dest ? "dst" : "src");
- first = false;
- }
-}
-
-void
-fw3_format_time(struct fw3_time *time)
-{
- int i;
- struct tm empty = { 0 };
- char buf[sizeof("9999-99-99T23:59:59\0")];
- bool d1 = memcmp(&time->datestart, &empty, sizeof(empty));
- bool d2 = memcmp(&time->datestop, &empty, sizeof(empty));
- bool first;
-
- if (!d1 && !d2 && !time->timestart && !time->timestop &&
- !(time->monthdays & 0xFFFFFFFE) && !(time->weekdays & 0xFE))
- {
- return;
- }
-
- fw3_pr(" -m time");
-
- if (time->utc)
- fw3_pr(" --utc");
-
- if (d1)
- {
- strftime(buf, sizeof(buf), "%Y-%m-%dT%H:%M:%S", &time->datestart);
- fw3_pr(" --datestart %s", buf);
- }
-
- if (d2)
- {
- strftime(buf, sizeof(buf), "%Y-%m-%dT%H:%M:%S", &time->datestop);
- fw3_pr(" --datestop %s", buf);
- }
-
- if (time->timestart)
- {
- fw3_pr(" --timestart %02d:%02d:%02d",
- time->timestart / 3600,
- time->timestart % 3600 / 60,
- time->timestart % 60);
- }
-
- if (time->timestop)
- {
- fw3_pr(" --timestop %02d:%02d:%02d",
- time->timestop / 3600,
- time->timestop % 3600 / 60,
- time->timestop % 60);
- }
-
- if (time->monthdays & 0xFFFFFFFE)
- {
- fw3_pr(" %s--monthdays", hasbit(time->monthdays, 0) ? "! " : "");
-
- for (i = 1, first = true; i < 32; i++)
- {
- if (hasbit(time->monthdays, i))
- {
- fw3_pr("%c%u", first ? ' ' : ',', i);
- first = false;
- }
- }
- }
-
- if (time->weekdays & 0xFE)
- {
- fw3_pr(" %s--weekdays", hasbit(time->weekdays, 0) ? "! " : "");
-
- for (i = 1, first = true; i < 8; i++)
- {
- if (hasbit(time->weekdays, i))
- {
- fw3_pr("%c%u", first ? ' ' : ',', i);
- first = false;
- }
- }
- }
-}
-
-void
-fw3_format_mark(struct fw3_mark *mark)
-{
- if (!mark->set)
- return;
-
- fw3_pr(" -m mark %s--mark 0x%x", mark->invert ? "! " : "", mark->mark);
-
- if (mark->mask < 0xFFFFFFFF)
- fw3_pr("/0x%x", mark->mask);
-}
-
-void
-__fw3_format_comment(const char *comment, ...)
-{
- va_list ap;
- int len = 0;
- const char *c;
-
- if (!comment || !*comment)
- return;
-
- fw3_pr(" -m comment --comment \"");
-
- c = comment;
-
- va_start(ap, comment);
-
- do
{
- while (*c)
- {
- switch (*c)
- {
- case '"':
- case '$':
- case '`':
- case '\\':
- fw3_pr("\\");
- /* fall through */
-
- default:
- fw3_pr("%c", *c);
- break;
- }
-
- c++;
-
- if (len++ >= 255)
- goto end;
- }
-
- c = va_arg(ap, const char *);
+ p += sprintf(p, "/%u", address->mask);
}
- while (c);
-
-end:
- va_end(ap);
- fw3_pr("\"");
-}
-
-void
-fw3_format_extra(const char *extra)
-{
- if (!extra || !*extra)
- return;
- fw3_pr(" %s", extra);
+ return buf;
}