From 72205026edcd8e28b848cb4f5c4da44c2858b75a Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Wed, 18 Dec 2019 21:57:01 +0100 Subject: [PATCH] luci-mod-status: replace iptables controller actions with cgi-io calls Signed-off-by: Jo-Philipp Wich (backported from commit 43a4481e103d764d6f656f2ed1f5c57f8580858e) --- .../root/usr/share/rpcd/acl.d/luci-base.json | 4 +- .../resources/view/status/iptables.js | 8 ++-- .../luasrc/controller/admin/status.lua | 37 ------------------- 3 files changed, 8 insertions(+), 41 deletions(-) diff --git a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json index 298b5ed33..a7d3edaf2 100644 --- a/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json +++ b/modules/luci-base/root/usr/share/rpcd/acl.d/luci-base.json @@ -48,7 +48,9 @@ "/usr/bin/traceroute *": [ "exec" ], "/usr/bin/traceroute6 *": [ "exec" ], "/usr/bin/nslookup *": [ "exec" ], - "/usr/libexec/luci-peeraddr": [ "exec" ] + "/usr/libexec/luci-peeraddr": [ "exec" ], + "/usr/sbin/iptables --line-numbers -w -nvxL -t *": [ "exec" ], + "/usr/sbin/ip6tables --line-numbers -w -nvxL -t *": [ "exec" ] }, "ubus": { "file": [ "list", "read", "stat" ], diff --git a/modules/luci-mod-status/htdocs/luci-static/resources/view/status/iptables.js b/modules/luci-mod-status/htdocs/luci-static/resources/view/status/iptables.js index eaeba578f..966cd560c 100644 --- a/modules/luci-mod-status/htdocs/luci-static/resources/view/status/iptables.js +++ b/modules/luci-mod-status/htdocs/luci-static/resources/view/status/iptables.js @@ -246,8 +246,10 @@ function parse_output(table, s) } table_names.forEach(function(table) { - L.poll(5, L.url('admin/status/iptables_dump', current_mode, table.toLowerCase()), null, - function (xhr) { - parse_output(table, xhr.responseText); + L.Poll.add(function() { + var cmd = (current_mode == 6) ? '/usr/sbin/ip6tables' : '/usr/sbin/iptables'; + return L.fs.exec_direct(cmd, [ '--line-numbers', '-w', '-nvxL', '-t', table.toLowerCase() ]).then(function(output) { + parse_output(table, output); }); + }, 5); }); diff --git a/modules/luci-mod-status/luasrc/controller/admin/status.lua b/modules/luci-mod-status/luasrc/controller/admin/status.lua index 6f8414922..d289c54f6 100644 --- a/modules/luci-mod-status/luasrc/controller/admin/status.lua +++ b/modules/luci-mod-status/luasrc/controller/admin/status.lua @@ -10,8 +10,6 @@ function index() entry({"admin", "status", "overview"}, template("admin_status/index"), _("Overview"), 1) entry({"admin", "status", "iptables"}, template("admin_status/iptables"), _("Firewall"), 2).leaf = true - entry({"admin", "status", "iptables_dump"}, call("dump_iptables")).leaf = true - entry({"admin", "status", "iptables_action"}, post("action_iptables")).leaf = true entry({"admin", "status", "routes"}, template("admin_status/routes"), _("Routes"), 3) entry({"admin", "status", "syslog"}, call("action_syslog"), _("System Log"), 4) @@ -37,38 +35,3 @@ function action_dmesg() local dmesg = luci.sys.dmesg() luci.template.render("admin_status/dmesg", {dmesg=dmesg}) end - -function dump_iptables(family, table) - local prefix = (family == "6") and "ip6" or "ip" - local ok, lines = pcall(io.lines, "/proc/net/%s_tables_names" % prefix) - if ok and lines then - local s - for s in lines do - if s == table then - luci.http.prepare_content("text/plain") - luci.sys.process.exec({ - "/usr/sbin/%stables" % prefix, "-w", "-t", table, - "--line-numbers", "-nxvL" - }, luci.http.write) - return - end - end - end - - luci.http.status(404, "No such table") - luci.http.prepare_content("text/plain") -end - -function action_iptables() - if luci.http.formvalue("zero") then - if luci.http.formvalue("family") == "6" then - luci.util.exec("/usr/sbin/ip6tables -Z") - else - luci.util.exec("/usr/sbin/iptables -Z") - end - elseif luci.http.formvalue("restart") then - luci.util.exec("/etc/init.d/firewall restart") - end - - luci.http.redirect(luci.dispatcher.build_url("admin/status/iptables")) -end -- 2.25.1