X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=options.c;h=e864db7ca3c3a12c9edeb0a87cf1ff5af60036c4;hb=92281eb747b56e748b7c3d754055919c23befdd4;hp=43025a8c36962b568e74a7073c87b1a6a808aeb2;hpb=ea46bc485f05548bb2bd26bc446167e211962c92;p=project%2Ffirewall3.git diff --git a/options.c b/options.c index 43025a8..e864db7 100644 --- a/options.c +++ b/options.c @@ -1,7 +1,7 @@ /* * firewall3 - 3rd OpenWrt UCI firewall implementation * - * Copyright (C) 2013 Jo-Philipp Wich + * Copyright (C) 2013-2014 Jo-Philipp Wich * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -78,6 +78,7 @@ const char *fw3_flag_names[__FW3_FLAG_MAX] = { "MARK", "DNAT", "SNAT", + "MASQUERADE", "ACCEPT", "REJECT", @@ -142,9 +143,10 @@ fw3_parse_bool(void *ptr, const char *val, bool is_list) bool fw3_parse_int(void *ptr, const char *val, bool is_list) { - int n = strtol(val, NULL, 0); + char *e; + int n = strtol(val, &e, 0); - if (errno == ERANGE || errno == EINVAL) + if (e == val || *e) return false; *((int *)ptr) = n; @@ -163,7 +165,7 @@ bool fw3_parse_target(void *ptr, const char *val, bool is_list) { return parse_enum(ptr, val, &fw3_flag_names[FW3_FLAG_ACCEPT], - FW3_FLAG_ACCEPT, FW3_FLAG_SNAT); + FW3_FLAG_ACCEPT, FW3_FLAG_MASQUERADE); } bool @@ -328,28 +330,20 @@ fw3_parse_network(void *ptr, const char *val, bool is_list) { struct fw3_device dev = { }; struct fw3_address *addr; - struct list_head *addr_list; + LIST_HEAD(addr_list); if (!fw3_parse_address(ptr, val, is_list)) { if (!fw3_parse_device(&dev, val, false)) return false; - addr_list = fw3_ubus_address(dev.name); - - if (addr_list) + fw3_ubus_address(&addr_list, dev.name); + list_for_each_entry(addr, &addr_list, list) { - list_for_each_entry(addr, addr_list, list) - { - addr->invert = dev.invert; - addr->resolved = true; - - if (!put_value(ptr, addr, sizeof(*addr), is_list)) - break; - } - - fw3_free_list(addr_list); + addr->invert = dev.invert; + addr->resolved = true; } + list_splice_tail(&addr_list, ptr); } return true; @@ -518,6 +512,7 @@ fw3_parse_protocol(void *ptr, const char *val, bool is_list) { struct fw3_protocol proto = { }; struct protoent *ent; + char *e; if (*val == '!') { @@ -556,9 +551,9 @@ fw3_parse_protocol(void *ptr, const char *val, bool is_list) return true; } - proto.protocol = strtoul(val, NULL, 10); + proto.protocol = strtoul(val, &e, 10); - if (errno == ERANGE || errno == EINVAL) + if ((e == val) || (*e != 0)) return false; put_value(ptr, &proto, sizeof(proto), is_list); @@ -577,20 +572,22 @@ fw3_parse_ipset_datatype(void *ptr, const char *val, bool is_list) { struct fw3_ipset_datatype type = { }; + type.dir = "src"; + if (!strncmp(val, "dest_", 5)) { val += 5; - type.dest = true; + type.dir = "dst"; } else if (!strncmp(val, "dst_", 4)) { val += 4; - type.dest = true; + type.dir = "dst"; } else if (!strncmp(val, "src_", 4)) { val += 4; - type.dest = false; + type.dir = "src"; } if (parse_enum(&type.type, val, &fw3_ipset_type_names[FW3_IPSET_TYPE_IP], @@ -809,8 +806,64 @@ fw3_parse_mark(void *ptr, const char *val, bool is_list) return true; } +bool +fw3_parse_setmatch(void *ptr, const char *val, bool is_list) +{ + struct fw3_setmatch *m = ptr; + char *p, *s; + int i; + + if (*val == '!') + { + m->invert = true; + while (isspace(*++val)); + } + + if (!(s = strdup(val))) + return false; + + if (!(p = strtok(s, " \t"))) + { + free(s); + return false; + } + + strncpy(m->name, p, sizeof(m->name)); + + for (i = 0, p = strtok(NULL, " \t,"); + i < 3 && p != NULL; + i++, p = strtok(NULL, " \t,")) + { + if (!strncmp(p, "dest", 4) || !strncmp(p, "dst", 3)) + m->dir[i] = "dst"; + else if (!strncmp(p, "src", 3)) + m->dir[i] = "src"; + } + + free(s); + + m->set = true; + return true; +} + +bool +fw3_parse_direction(void *ptr, const char *val, bool is_list) +{ + bool *is_out = ptr; + bool valid = true; + + if (!strcmp(val, "in") || !strcmp(val, "ingress")) + *is_out = false; + else if (!strcmp(val, "out") || !strcmp(val, "egress")) + *is_out = true; + else + valid = false; + + return valid; +} + -void +bool fw3_parse_options(void *s, const struct fw3_option *opts, struct uci_section *section) { @@ -820,6 +873,7 @@ fw3_parse_options(void *s, const struct fw3_option *opts, struct uci_option *o; const struct fw3_option *opt; struct list_head *dest; + bool valid = true; uci_foreach_element(§ion->options, e) { @@ -839,6 +893,7 @@ fw3_parse_options(void *s, const struct fw3_option *opts, if (!opt->elem_size) { warn_elem(e, "must not be a list"); + valid = false; } else { @@ -852,6 +907,7 @@ fw3_parse_options(void *s, const struct fw3_option *opts, if (!opt->parse(dest, l->name, true)) { warn_elem(e, "has invalid value '%s'", l->name); + valid = false; continue; } } @@ -867,7 +923,10 @@ fw3_parse_options(void *s, const struct fw3_option *opts, if (!opt->elem_size) { if (!opt->parse((char *)s + opt->offset, o->v.string, false)) + { warn_elem(e, "has invalid value '%s'", o->v.string); + valid = false; + } } else { @@ -878,6 +937,7 @@ fw3_parse_options(void *s, const struct fw3_option *opts, if (!opt->parse(dest, p, true)) { warn_elem(e, "has invalid value '%s'", p); + valid = false; continue; } } @@ -891,6 +951,109 @@ fw3_parse_options(void *s, const struct fw3_option *opts, if (!known) warn_elem(e, "is unknown"); } + + return valid; +} + + +bool +fw3_parse_blob_options(void *s, const struct fw3_option *opts, + struct blob_attr *a) +{ + char *p, *v, buf[16]; + bool known; + unsigned rem, erem; + struct blob_attr *o, *e; + const struct fw3_option *opt; + struct list_head *dest; + bool valid = true; + + blobmsg_for_each_attr(o, a, rem) + { + known = false; + + for (opt = opts; opt->name; opt++) + { + if (!opt->parse) + continue; + + if (strcmp(opt->name, blobmsg_name(o))) + continue; + + if (blobmsg_type(o) == BLOBMSG_TYPE_ARRAY) + { + if (!opt->elem_size) + { + fprintf(stderr, "%s must not be a list\n", opt->name); + valid = false; + } + else + { + dest = (struct list_head *)((char *)s + opt->offset); + + blobmsg_for_each_attr(e, o, erem) + { + if (blobmsg_type(e) == BLOBMSG_TYPE_INT32) { + snprintf(buf, sizeof(buf), "%d", blobmsg_get_u32(e)); + v = buf; + } else { + v = blobmsg_get_string(e); + } + + if (!opt->parse(dest, v, true)) + { + fprintf(stderr, "%s has invalid value '%s'\n", opt->name, v); + valid = false; + continue; + } + } + } + } + else + { + if (blobmsg_type(o) == BLOBMSG_TYPE_INT32) { + snprintf(buf, sizeof(buf), "%d", blobmsg_get_u32(o)); + v = buf; + } else { + v = blobmsg_get_string(o); + } + + if (!v) + continue; + + if (!opt->elem_size) + { + if (!opt->parse((char *)s + opt->offset, v, false)) + { + fprintf(stderr, "%s has invalid value '%s'\n", opt->name, v); + valid = false; + } + } + else + { + dest = (struct list_head *)((char *)s + opt->offset); + + for (p = strtok(v, " \t"); p != NULL; p = strtok(NULL, " \t")) + { + if (!opt->parse(dest, p, true)) + { + fprintf(stderr, "%s has invalid value '%s'\n", opt->name, p); + valid = false; + continue; + } + } + } + } + + known = true; + break; + } + + if (!known) + fprintf(stderr, "%s is unknown\n", blobmsg_name(o)); + } + + return valid; }