From 23741a3279981c5e0ce3ca9e00e368d4f0b142b6 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Tue, 19 Feb 2013 19:48:20 +0100 Subject: [PATCH] introduce global string array for enum names, remove private arrays --- defaults.c | 18 ++++++------------ ipsets.c | 8 +------- main.c | 43 ++++++++++++++----------------------------- options.c | 17 +++++++++++++++++ options.h | 3 +++ zones.c | 40 ++++++++++++++-------------------------- 6 files changed, 55 insertions(+), 74 deletions(-) diff --git a/defaults.c b/defaults.c index 3e8ea40..2d64695 100644 --- a/defaults.c +++ b/defaults.c @@ -180,21 +180,15 @@ fw3_print_default_chains(enum fw3_table table, enum fw3_family family, struct fw3_state *state) { struct fw3_defaults *defs = &state->defaults; - const char *policy[] = { - "(bug)", - "ACCEPT", - "DROP", - "DROP", - "(bug)", - "(bug)", - "(bug)", - }; + +#define policy(t) \ + ((t == FW3_TARGET_REJECT) ? "DROP" : fw3_flag_names[t]) if (table == FW3_TABLE_FILTER) { - fw3_pr(":INPUT %s [0:0]\n", policy[defs->policy_input]); - fw3_pr(":FORWARD %s [0:0]\n", policy[defs->policy_forward]); - fw3_pr(":OUTPUT %s [0:0]\n", policy[defs->policy_output]); + fw3_pr(":INPUT %s [0:0]\n", policy(defs->policy_input)); + fw3_pr(":FORWARD %s [0:0]\n", policy(defs->policy_forward)); + fw3_pr(":OUTPUT %s [0:0]\n", policy(defs->policy_output)); } print_chains(table, family, ":%s - [0:0]\n", defs->flags, diff --git a/ipsets.c b/ipsets.c index f4253c7..ab86133 100644 --- a/ipsets.c +++ b/ipsets.c @@ -263,12 +263,6 @@ create_ipset(struct fw3_ipset *ipset) "set", }; - const char *families[] = { - "(bug)", - "inet", - "inet6", - }; - if (ipset->external && *ipset->external) return; @@ -317,7 +311,7 @@ create_ipset(struct fw3_ipset *ipset) } if (ipset->family != FW3_FAMILY_ANY) - fw3_pr(" family %s", families[ipset->family]); + fw3_pr(" family inet%s", (ipset->family == FW3_FAMILY_V4) ? "" : "6"); if (ipset->timeout > 0) fw3_pr(" timeout %u", ipset->timeout); diff --git a/main.c b/main.c index 2dd1f86..d94d0e9 100644 --- a/main.c +++ b/main.c @@ -32,19 +32,6 @@ static bool print_rules = false; static enum fw3_family use_family = FW3_FAMILY_ANY; -static const char *families[] = { - "(bug)", - "IPv4", - "IPv6", -}; - -static const char *tables[] = { - "filter", - "nat", - "mangle", - "raw", -}; - static struct fw3_state * build_state(void) @@ -113,18 +100,16 @@ free_state(struct fw3_state *state) static bool restore_pipe(enum fw3_family family, bool silent) { - const char *cmd[] = { - "(bug)", - "iptables-restore", - "ip6tables-restore", - }; + const char *cmd; + + cmd = (family == FW3_FAMILY_V4) ? "iptables-restore" : "ip6tables-restore"; if (print_rules) return fw3_stdout_pipe(); - if (!fw3_command_pipe(silent, cmd[family], "--lenient", "--noflush")) + if (!fw3_command_pipe(silent, cmd, "--lenient", "--noflush")) { - warn("Unable to execute %s", cmd[family]); + warn("Unable to execute %s", cmd); return false; } @@ -197,17 +182,17 @@ stop(struct fw3_state *state, bool complete, bool restart) if (!family_used(family) || !restore_pipe(family, true)) continue; - info("Removing %s rules ...", families[family]); + info("Removing %s rules ...", fw3_flag_names[family]); for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++) { - if (!fw3_has_table(family == FW3_FAMILY_V6, tables[table])) + if (!fw3_has_table(family == FW3_FAMILY_V6, fw3_flag_names[table])) continue; info(" * %sing %s table", - complete ? "Flush" : "Clear", tables[table]); + complete ? "Flush" : "Clear", fw3_flag_names[table]); - fw3_pr("*%s\n", tables[table]); + fw3_pr("*%s\n", fw3_flag_names[table]); if (complete) { @@ -280,21 +265,21 @@ start(struct fw3_state *state, bool restart) { warn("The %s firewall appears to be started already. " "If it is indeed empty, remove the %s file and retry.", - families[family], FW3_STATEFILE); + fw3_flag_names[family], FW3_STATEFILE); continue; } - info("Constructing %s rules ...", families[family]); + info("Constructing %s rules ...", fw3_flag_names[family]); for (table = FW3_TABLE_FILTER; table <= FW3_TABLE_RAW; table++) { - if (!fw3_has_table(family == FW3_FAMILY_V6, tables[table])) + if (!fw3_has_table(family == FW3_FAMILY_V6, fw3_flag_names[table])) continue; - info(" * Populating %s table", tables[table]); + info(" * Populating %s table", fw3_flag_names[table]); - fw3_pr("*%s\n", tables[table]); + fw3_pr("*%s\n", fw3_flag_names[table]); fw3_print_default_chains(table, family, state); fw3_print_zone_chains(table, family, state); fw3_print_default_head_rules(table, family, state); diff --git a/options.c b/options.c index 5d325fc..1f10050 100644 --- a/options.c +++ b/options.c @@ -18,6 +18,23 @@ #include "options.h" +const char *fw3_flag_names[FW3_DEFAULT_DROP_INVALID + 1] = { + "filter", + "nat", + "mangle", + "raw", + + "IPv4", + "IPv6", + + "ACCEPT", + "REJECT", + "DROP", + "NOTRACK", + "DNAT", + "SNAT", +}; + bool fw3_parse_bool(void *ptr, const char *val) { diff --git a/options.h b/options.h index ea5082d..e02f890 100644 --- a/options.h +++ b/options.h @@ -79,6 +79,9 @@ enum fw3_default FW3_DEFAULT_DROP_INVALID = 15, }; +extern const char *fw3_flag_names[FW3_DEFAULT_DROP_INVALID + 1]; + + enum fw3_limit_unit { FW3_LIMIT_UNIT_SECOND = 0, diff --git a/zones.c b/zones.c index fbde74e..62d9e36 100644 --- a/zones.c +++ b/zones.c @@ -242,12 +242,9 @@ print_interface_rule(enum fw3_table table, enum fw3_family family, struct fw3_address *sub, bool disable_notrack) { enum fw3_target t; - const char *targets[] = { - "(bug)", "(bug)", - "ACCEPT", "ACCEPT", - "REJECT", "reject", - "DROP", "DROP", - }; + +#define jump_target(t) \ + ((t == FW3_TARGET_REJECT) ? "reject" : fw3_flag_names[t]) if (table == FW3_TABLE_FILTER) { @@ -255,20 +252,20 @@ print_interface_rule(enum fw3_table table, enum fw3_family family, { if (hasbit(zone->src_flags, t)) { - fw3_pr("-A zone_%s_src_%s", zone->name, targets[t*2]); + fw3_pr("-A zone_%s_src_%s", zone->name, fw3_flag_names[t]); fw3_format_in_out(dev, NULL); fw3_format_src_dest(sub, NULL); fw3_format_extra(zone->extra_src); - fw3_pr(" -j %s\n", targets[t*2+1]); + fw3_pr(" -j %s\n", jump_target(t)); } if (hasbit(zone->dst_flags, t)) { - fw3_pr("-A zone_%s_dest_%s", zone->name, targets[t*2]); + fw3_pr("-A zone_%s_dest_%s", zone->name, fw3_flag_names[t]); fw3_format_in_out(NULL, dev); fw3_format_src_dest(NULL, sub); fw3_format_extra(zone->extra_dest); - fw3_pr(" -j %s\n", targets[t*2+1]); + fw3_pr(" -j %s\n", jump_target(t)); } } @@ -375,15 +372,6 @@ print_zone_rule(enum fw3_table table, enum fw3_family family, struct fw3_address *mdest; enum fw3_target t; - const char *targets[] = { - "(bug)", - "ACCEPT", - "REJECT", - "DROP", - "(bug)", - "(bug)", - "(bug)", - }; if (!fw3_is_family(zone, family)) return; @@ -392,13 +380,13 @@ print_zone_rule(enum fw3_table table, enum fw3_family family, { case FW3_TABLE_FILTER: fw3_pr("-A zone_%s_input -j zone_%s_src_%s\n", - zone->name, zone->name, targets[zone->policy_input]); + zone->name, zone->name, fw3_flag_names[zone->policy_input]); fw3_pr("-A zone_%s_forward -j zone_%s_dest_%s\n", - zone->name, zone->name, targets[zone->policy_forward]); + zone->name, zone->name, fw3_flag_names[zone->policy_forward]); fw3_pr("-A zone_%s_output -j zone_%s_dest_%s\n", - zone->name, zone->name, targets[zone->policy_output]); + zone->name, zone->name, fw3_flag_names[zone->policy_output]); if (zone->log) { @@ -406,18 +394,18 @@ print_zone_rule(enum fw3_table table, enum fw3_family family, { if (hasbit(zone->src_flags, t)) { - fw3_pr("-A zone_%s_src_%s", zone->name, targets[t]); + fw3_pr("-A zone_%s_src_%s", zone->name, fw3_flag_names[t]); fw3_format_limit(&zone->log_limit); fw3_pr(" -j LOG --log-prefix \"%s(src %s)\"\n", - targets[t], zone->name); + fw3_flag_names[t], zone->name); } if (hasbit(zone->dst_flags, t)) { - fw3_pr("-A zone_%s_dest_%s", zone->name, targets[t]); + fw3_pr("-A zone_%s_dest_%s", zone->name, fw3_flag_names[t]); fw3_format_limit(&zone->log_limit); fw3_pr(" -j LOG --log-prefix \"%s(dest %s)\"\n", - targets[t], zone->name); + fw3_flag_names[t], zone->name); } } } -- 2.11.0