From 53ef9f11d47a6a8c3c913970769fabde185fbcb6 Mon Sep 17 00:00:00 2001 From: Pierre Lebleu Date: Thu, 4 May 2017 10:52:57 +0200 Subject: [PATCH] firewall3: add UBUS support for include scripts It gives the ability to include scripts via procd services and netifd interface firewall data. Signed-off-by: Pierre Lebleu --- includes.c | 87 +++++++++++++++++++++++++++++++++++++++++------------- includes.h | 9 ++++-- main.c | 2 +- 3 files changed, 73 insertions(+), 25 deletions(-) diff --git a/includes.c b/includes.c index a2b37a3..8639210 100644 --- a/includes.c +++ b/includes.c @@ -30,52 +30,97 @@ const struct fw3_option fw3_include_opts[] = { { } }; +static bool +check_include(struct fw3_state *state, struct fw3_include *include, struct uci_element *e) +{ + if (!include->enabled) + return false; + + if (!include->path) + { + warn_section("include", include, e, "must specify a path"); + return false; + } + + if (include->type == FW3_INC_TYPE_RESTORE && !include->family) + warn_section("include", include, e, "does not specify a family, include will get" + "loaded with both iptables-restore and ip6tables-restore!"); + + return true; +} + +static struct fw3_include * +fw3_alloc_include(struct fw3_state *state) +{ + struct fw3_include *include; + + include = calloc(1, sizeof(*include)); + if (!include) + return NULL; + + include->enabled = true; + + list_add_tail(&include->list, &state->includes); + + return include; +} void -fw3_load_includes(struct fw3_state *state, struct uci_package *p) +fw3_load_includes(struct fw3_state *state, struct uci_package *p, + struct blob_attr *a) { struct uci_section *s; struct uci_element *e; struct fw3_include *include; + struct blob_attr *entry; + unsigned rem; INIT_LIST_HEAD(&state->includes); - uci_foreach_element(&p->sections, e) + blob_for_each_attr(entry, a, rem) { - s = uci_to_section(e); + const char *type; + const char *name = "ubus include"; - if (strcmp(s->type, "include")) + if (!fw3_attr_parse_name_type(entry, &name, &type)) continue; - include = calloc(1, sizeof(*include)); - if (!include) + if (strcmp(type, "script") && strcmp(type, "restore")) continue; - include->name = e->name; - include->enabled = true; - - if (!fw3_parse_options(include, fw3_include_opts, s)) - warn_elem(e, "has invalid options"); + include = fw3_alloc_include(state); + if (!include) + continue; - if (!include->enabled) + if (!fw3_parse_blob_options(include, fw3_include_opts, entry, name)) { + warn_section("include", include, NULL, "skipped due to invalid options"); fw3_free_include(include); continue; } - if (!include->path) - { - warn_elem(e, "must specify a path"); + if (!check_include(state, include, NULL)) fw3_free_include(include); + } + + uci_foreach_element(&p->sections, e) + { + s = uci_to_section(e); + + if (strcmp(s->type, "include")) + continue; + + include = fw3_alloc_include(state); + if (!include) continue; - } - if (include->type == FW3_INC_TYPE_RESTORE && !include->family) - warn_elem(e, "does not specify a family, include will get loaded " - "with both iptables-restore and ip6tables-restore!"); + include->name = e->name; - list_add_tail(&include->list, &state->includes); - continue; + if (!fw3_parse_options(include, fw3_include_opts, s)) + warn_elem(e, "has invalid options"); + + if (!check_include(state, include, e)) + fw3_free_include(include); } } diff --git a/includes.h b/includes.h index 070cb3a..3a0af1b 100644 --- a/includes.h +++ b/includes.h @@ -24,14 +24,17 @@ extern const struct fw3_option fw3_include_opts[]; -void fw3_load_includes(struct fw3_state *state, struct uci_package *p); +void fw3_load_includes(struct fw3_state *state, struct uci_package *p, struct blob_attr *a); void fw3_print_includes(struct fw3_state *state, enum fw3_family family, bool reload); void fw3_run_includes(struct fw3_state *state, bool reload); -#define fw3_free_include(include) \ - fw3_free_object(include, fw3_include_opts) +static inline void fw3_free_include(struct fw3_include *include) +{ + list_del(&include->list); + fw3_free_object(include, fw3_include_opts); +} #endif diff --git a/main.c b/main.c index 6e275ef..c4b8228 100644 --- a/main.c +++ b/main.c @@ -107,7 +107,7 @@ build_state(bool runtime) fw3_load_redirects(state, p, b.head); fw3_load_snats(state, p, b.head); fw3_load_forwards(state, p, b.head); - fw3_load_includes(state, p); + fw3_load_includes(state, p, b.head); return true; } -- 2.25.1