X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=includes.c;h=a2b37a32e09b09bad717783171c04a6807910871;hb=e264c8e585ea37ccb1739e7a8e12f8454da1d8a4;hp=40995ca49c5e4738f2c6be733da019068b84b1b3;hpb=bd574af529c0661c125336bdd9d0d1f2e09287c3;p=project%2Ffirewall3.git diff --git a/includes.c b/includes.c index 40995ca..a2b37a3 100644 --- a/includes.c +++ b/includes.c @@ -1,7 +1,7 @@ /* * firewall3 - 3rd OpenWrt UCI firewall implementation * - * Copyright (C) 2013 Jo-Philipp Wich + * Copyright (C) 2013 Jo-Philipp Wich * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -20,9 +20,12 @@ const struct fw3_option fw3_include_opts[] = { + FW3_OPT("enabled", bool, include, enabled), + FW3_OPT("path", string, include, path), FW3_OPT("type", include_type, include, type), FW3_OPT("family", family, include, family), + FW3_OPT("reload", bool, include, reload), { } }; @@ -44,15 +47,21 @@ fw3_load_includes(struct fw3_state *state, struct uci_package *p) if (strcmp(s->type, "include")) continue; - include = malloc(sizeof(*include)); - + include = calloc(1, sizeof(*include)); if (!include) continue; - memset(include, 0, sizeof(*include)); include->name = e->name; + include->enabled = true; - fw3_parse_options(include, fw3_include_opts, s); + if (!fw3_parse_options(include, fw3_include_opts, s)) + warn_elem(e, "has invalid options"); + + if (!include->enabled) + { + fw3_free_include(include); + continue; + } if (!include->path) { @@ -72,14 +81,11 @@ fw3_load_includes(struct fw3_state *state, struct uci_package *p) static void -print_include(enum fw3_family family, struct fw3_include *include) +print_include(struct fw3_include *include) { FILE *f; char line[1024]; - if (!fw3_is_family(include, family)) - return; - info(" * Loading include '%s'", include->path); if (!(f = fopen(include->path, "r"))) @@ -95,13 +101,40 @@ print_include(enum fw3_family family, struct fw3_include *include) } void -fw3_print_includes(enum fw3_family family, struct fw3_state *state) +fw3_print_includes(struct fw3_state *state, enum fw3_family family, bool reload) { struct fw3_include *include; + bool exec = false; + const char *restore = "iptables-restore"; + + if (family == FW3_FAMILY_V6) + restore = "ip6tables-restore"; + list_for_each_entry(include, &state->includes, list) - if (include->type == FW3_INC_TYPE_RESTORE) - print_include(family, include); + { + if (reload && !include->reload) + continue; + + if (include->type != FW3_INC_TYPE_RESTORE) + continue; + + if (!fw3_is_family(include, family)) + continue; + + if (!exec) + { + exec = fw3_command_pipe(false, restore, "--noflush"); + + if (!exec) + return; + } + + print_include(include); + } + + if (exec) + fw3_command_close(); } @@ -134,11 +167,16 @@ run_include(struct fw3_include *include) } void -fw3_run_includes(struct fw3_state *state) +fw3_run_includes(struct fw3_state *state, bool reload) { struct fw3_include *include; list_for_each_entry(include, &state->includes, list) + { + if (reload && !include->reload) + continue; + if (include->type == FW3_INC_TYPE_SCRIPT) run_include(include); + } }