X-Git-Url: http://git.archive.openwrt.org/?a=blobdiff_plain;ds=sidebyside;f=includes.c;h=86392109cae6c70c767c63e40a543bf7507ac3e0;hb=359adcfc54c0b1f5c8597658bc219dae57b9f082;hp=40995ca49c5e4738f2c6be733da019068b84b1b3;hpb=bd574af529c0661c125336bdd9d0d1f2e09287c3;p=project%2Ffirewall3.git

diff --git a/includes.c b/includes.c
index 40995ca..8639210 100644
--- a/includes.c
+++ b/includes.c
@@ -1,7 +1,7 @@
 /*
  * firewall3 - 3rd OpenWrt UCI firewall implementation
  *
- *   Copyright (C) 2013 Jo-Philipp Wich <jow@openwrt.org>
+ *   Copyright (C) 2013 Jo-Philipp Wich <jo@mein.io>
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -20,66 +20,117 @@
 
 
 const struct fw3_option fw3_include_opts[] = {
+	FW3_OPT("enabled",             bool,           include,     enabled),
+
 	FW3_OPT("path",                string,         include,     path),
 	FW3_OPT("type",                include_type,   include,     type),
 	FW3_OPT("family",              family,         include,     family),
+	FW3_OPT("reload",              bool,           include,     reload),
 
 	{ }
 };
 
+static bool
+check_include(struct fw3_state *state, struct fw3_include *include, struct uci_element *e)
+{
+	if (!include->enabled)
+		return false;
+
+	if (!include->path)
+	{
+		warn_section("include", include, e, "must specify a path");
+		return false;
+	}
+
+	if (include->type == FW3_INC_TYPE_RESTORE && !include->family)
+		warn_section("include", include, e, "does not specify a family, include will get"
+				"loaded with both iptables-restore and ip6tables-restore!");
+
+	return true;
+}
+
+static struct fw3_include *
+fw3_alloc_include(struct fw3_state *state)
+{
+	struct fw3_include *include;
+
+	include = calloc(1, sizeof(*include));
+	if (!include)
+		return NULL;
+
+	include->enabled = true;
+
+	list_add_tail(&include->list, &state->includes);
+
+	return include;
+}
 
 void
-fw3_load_includes(struct fw3_state *state, struct uci_package *p)
+fw3_load_includes(struct fw3_state *state, struct uci_package *p,
+		struct blob_attr *a)
 {
 	struct uci_section *s;
 	struct uci_element *e;
 	struct fw3_include *include;
+	struct blob_attr *entry;
+	unsigned rem;
 
 	INIT_LIST_HEAD(&state->includes);
 
-	uci_foreach_element(&p->sections, e)
+	blob_for_each_attr(entry, a, rem)
 	{
-		s = uci_to_section(e);
+		const char *type;
+		const char *name = "ubus include";
 
-		if (strcmp(s->type, "include"))
+		if (!fw3_attr_parse_name_type(entry, &name, &type))
 			continue;
 
-		include = malloc(sizeof(*include));
+		if (strcmp(type, "script") && strcmp(type, "restore"))
+			continue;
 
+		include = fw3_alloc_include(state);
 		if (!include)
 			continue;
 
-		memset(include, 0, sizeof(*include));
-		include->name = e->name;
-
-		fw3_parse_options(include, fw3_include_opts, s);
-
-		if (!include->path)
+		if (!fw3_parse_blob_options(include, fw3_include_opts, entry, name))
 		{
-			warn_elem(e, "must specify a path");
+			warn_section("include", include, NULL, "skipped due to invalid options");
 			fw3_free_include(include);
 			continue;
 		}
 
-		if (include->type == FW3_INC_TYPE_RESTORE && !include->family)
-			warn_elem(e, "does not specify a family, include will get loaded "
-			             "with both iptables-restore and ip6tables-restore!");
+		if (!check_include(state, include, NULL))
+			fw3_free_include(include);
+	}
+
+	uci_foreach_element(&p->sections, e)
+	{
+		s = uci_to_section(e);
+
+		if (strcmp(s->type, "include"))
+			continue;
+
+		include = fw3_alloc_include(state);
+		if (!include)
+			continue;
+
+		include->name = e->name;
+
+		if (!fw3_parse_options(include, fw3_include_opts, s))
+			warn_elem(e, "has invalid options");
 
-		list_add_tail(&include->list, &state->includes);
-		continue;
+		if (!check_include(state, include, e))
+			fw3_free_include(include);
 	}
 }
 
 
 static void
-print_include(enum fw3_family family, struct fw3_include *include)
+print_include(struct fw3_include *include)
 {
 	FILE *f;
 	char line[1024];
 
-	if (!fw3_is_family(include, family))
-		return;
-
 	info(" * Loading include '%s'", include->path);
 
 	if (!(f = fopen(include->path, "r")))
@@ -95,13 +146,40 @@ print_include(enum fw3_family family, struct fw3_include *include)
 }
 
 void
-fw3_print_includes(enum fw3_family family, struct fw3_state *state)
+fw3_print_includes(struct fw3_state *state, enum fw3_family family, bool reload)
 {
 	struct fw3_include *include;
 
+	bool exec = false;
+	const char *restore = "iptables-restore";
+
+	if (family == FW3_FAMILY_V6)
+		restore = "ip6tables-restore";
+
 	list_for_each_entry(include, &state->includes, list)
-		if (include->type == FW3_INC_TYPE_RESTORE)
-			print_include(family, include);
+	{
+		if (reload && !include->reload)
+			continue;
+
+		if (include->type != FW3_INC_TYPE_RESTORE)
+			continue;
+
+		if (!fw3_is_family(include, family))
+			continue;
+
+		if (!exec)
+		{
+			exec = fw3_command_pipe(false, restore, "--noflush");
+
+			if (!exec)
+				return;
+		}
+
+		print_include(include);
+	}
+
+	if (exec)
+		fw3_command_close();
 }
 
 
@@ -134,11 +212,16 @@ run_include(struct fw3_include *include)
 }
 
 void
-fw3_run_includes(struct fw3_state *state)
+fw3_run_includes(struct fw3_state *state, bool reload)
 {
 	struct fw3_include *include;
 
 	list_for_each_entry(include, &state->includes, list)
+	{
+		if (reload && !include->reload)
+			continue;
+
 		if (include->type == FW3_INC_TYPE_SCRIPT)
 			run_include(include);
+	}
 }