projects
/
project
/
firewall3.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
rework runtime state tracking
[project/firewall3.git]
/
main.c
diff --git
a/main.c
b/main.c
index
23c1497
..
62f51e1
100644
(file)
--- a/
main.c
+++ b/
main.c
@@
-62,6
+62,9
@@
build_state(void)
state->disable_ipsets = true;
}
state->disable_ipsets = true;
}
+ INIT_LIST_HEAD(&state->running_zones);
+ INIT_LIST_HEAD(&state->running_ipsets);
+
fw3_load_defaults(state, p);
fw3_load_ipsets(state, p);
fw3_load_zones(state, p);
fw3_load_defaults(state, p);
fw3_load_ipsets(state, p);
fw3_load_zones(state, p);
@@
-69,6
+72,8
@@
build_state(void)
fw3_load_redirects(state, p);
fw3_load_forwards(state, p);
fw3_load_redirects(state, p);
fw3_load_forwards(state, p);
+ state->statefile = fw3_read_statefile(state);
+
return state;
}
return state;
}
@@
-89,6
+94,9
@@
free_state(struct fw3_state *state)
list_for_each_safe(cur, tmp, &state->forwards)
fw3_free_forward((struct fw3_forward *)cur);
list_for_each_safe(cur, tmp, &state->forwards)
fw3_free_forward((struct fw3_forward *)cur);
+ list_for_each_safe(cur, tmp, &state->ipsets)
+ fw3_free_ipset((struct fw3_ipset *)cur);
+
uci_free_context(state->uci);
free(state);
uci_free_context(state->uci);
free(state);
@@
-117,22
+125,9
@@
restore_pipe(enum fw3_family family, bool silent)
}
static bool
}
static bool
-family_running(struct
list_head *statefil
e, enum fw3_family family)
+family_running(struct
fw3_state *stat
e, enum fw3_family family)
{
{
- struct fw3_statefile_entry *e;
-
- if (statefile)
- {
- list_for_each_entry(e, statefile, list)
- {
- if (e->type != FW3_TYPE_DEFAULTS)
- continue;
-
- return hasbit(e->flags[0], family);
- }
- }
-
- return false;
+ return hasbit(state->running_defaults.flags, family);
}
static bool
}
static bool
@@
-163,9
+158,7
@@
stop(struct fw3_state *state, bool complete, bool restart)
enum fw3_family family;
enum fw3_table table;
enum fw3_family family;
enum fw3_table table;
- struct list_head *statefile = fw3_read_statefile();
-
- if (!complete && !statefile)
+ if (!complete && !state->statefile)
{
if (!restart)
warn("The firewall appears to be stopped. "
{
if (!restart)
warn("The firewall appears to be stopped. "
@@
-176,7
+169,7
@@
stop(struct fw3_state *state, bool complete, bool restart)
for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++)
{
for (family = FW3_FAMILY_V4; family <= FW3_FAMILY_V6; family++)
{
- if (!complete && !family_running(state
file
, family))
+ if (!complete && !family_running(state, family))
continue;
if (!family_used(family) || !restore_pipe(family, true))
continue;
if (!family_used(family) || !restore_pipe(family, true))
@@
-201,12
+194,12
@@
stop(struct fw3_state *state, bool complete, bool restart)
else
{
/* pass 1 */
else
{
/* pass 1 */
- fw3_flush_rules(table, family, false, state
file
);
- fw3_flush_zones(table, family, false, state
file
);
+ fw3_flush_rules(table, family, false, state);
+ fw3_flush_zones(table, family, false, state);
/* pass 2 */
/* pass 2 */
- fw3_flush_rules(table, family, true, state
file
);
- fw3_flush_zones(table, family, true, state
file
);
+ fw3_flush_rules(table, family, true, state);
+ fw3_flush_zones(table, family, true, state);
}
fw3_pr("COMMIT\n");
}
fw3_pr("COMMIT\n");
@@
-222,12
+215,10
@@
stop(struct fw3_state *state, bool complete, bool restart)
if (!restart && fw3_command_pipe(false, "ipset", "-exist", "-"))
{
if (!restart && fw3_command_pipe(false, "ipset", "-exist", "-"))
{
- fw3_destroy_ipsets(state
, statefile
);
+ fw3_destroy_ipsets(state);
fw3_command_close();
}
fw3_command_close();
}
- fw3_free_statefile(statefile);
-
if (!rv)
fw3_write_statefile(state);
if (!rv)
fw3_write_statefile(state);
@@
-241,12
+232,10
@@
start(struct fw3_state *state, bool restart)
enum fw3_family family;
enum fw3_table table;
enum fw3_family family;
enum fw3_table table;
- struct list_head *statefile = fw3_read_statefile();
-
if (!print_rules && !restart &&
fw3_command_pipe(false, "ipset", "-exist", "-"))
{
if (!print_rules && !restart &&
fw3_command_pipe(false, "ipset", "-exist", "-"))
{
- fw3_create_ipsets(state
, statefile
);
+ fw3_create_ipsets(state);
fw3_command_close();
}
fw3_command_close();
}
@@
-255,10
+244,7
@@
start(struct fw3_state *state, bool restart)
if (!family_used(family))
continue;
if (!family_used(family))
continue;
- if (!family_loaded(state, family) || !restore_pipe(family, false))
- continue;
-
- if (!print_rules && !restart && family_running(statefile, family))
+ if (!print_rules && !restart && family_running(state, family))
{
warn("The %s firewall appears to be started already. "
"If it is indeed empty, remove the %s file and retry.",
{
warn("The %s firewall appears to be started already. "
"If it is indeed empty, remove the %s file and retry.",
@@
-267,6
+253,9
@@
start(struct fw3_state *state, bool restart)
continue;
}
continue;
}
+ if (!family_loaded(state, family) || !restore_pipe(family, false))
+ continue;
+
info("Constructing %s rules ...", fw3_flag_names[family]);
for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
info("Constructing %s rules ...", fw3_flag_names[family]);
for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++)
@@
-294,8
+283,6
@@
start(struct fw3_state *state, bool restart)
rv = 0;
}
rv = 0;
}
- fw3_free_statefile(statefile);
-
if (!rv && !print_rules)
fw3_write_statefile(state);
if (!rv && !print_rules)
fw3_write_statefile(state);