Skip to content

Commit 02d6832

Browse files
pticonjow-
pticon
authored and
jow-
committed
firewall3: add UBUS support for forwarding sections
It gives the ability to create forward rules via procd services and netifd interface firewall data. Signed-off-by: Pierre Lebleu <[email protected]>
1 parent 0a7d36d commit 02d6832

File tree

3 files changed

+87
-43
lines changed

3 files changed

+87
-43
lines changed

forwards.c

+80-39
Original file line numberDiff line numberDiff line change
@@ -31,71 +31,112 @@ const struct fw3_option fw3_forward_opts[] = {
3131
{ }
3232
};
3333

34+
static bool
35+
check_forward(struct fw3_state *state, struct fw3_forward *forward, struct uci_element *e)
36+
{
37+
if (!forward->enabled)
38+
return false;
39+
40+
if (forward->src.invert || forward->dest.invert)
41+
{
42+
warn_section("forward", forward, e, "must not have inverted 'src' or 'dest' options");
43+
return false;
44+
}
45+
else if (forward->src.set && !forward->src.any &&
46+
!(forward->_src = fw3_lookup_zone(state, forward->src.name)))
47+
{
48+
warn_section("forward", forward, e, "refers to not existing zone '%s'",
49+
forward->src.name);
50+
return false;
51+
}
52+
else if (forward->dest.set && !forward->dest.any &&
53+
!(forward->_dest = fw3_lookup_zone(state, forward->dest.name)))
54+
{
55+
warn_section("forward", forward, e, "refers to not existing zone '%s'",
56+
forward->dest.name);
57+
return false;
58+
}
59+
60+
/* NB: forward family... */
61+
if (forward->_dest)
62+
{
63+
fw3_setbit(forward->_dest->flags[0], FW3_FLAG_ACCEPT);
64+
fw3_setbit(forward->_dest->flags[1], FW3_FLAG_ACCEPT);
65+
}
66+
67+
return true;
68+
}
69+
70+
static struct fw3_forward *
71+
fw3_alloc_forward(struct fw3_state *state)
72+
{
73+
struct fw3_forward *forward;
74+
75+
forward = calloc(1, sizeof(*forward));
76+
if (!forward)
77+
return NULL;
78+
79+
forward->enabled = true;
80+
81+
list_add_tail(&forward->list, &state->forwards);
82+
83+
return forward;
84+
}
3485

3586
void
36-
fw3_load_forwards(struct fw3_state *state, struct uci_package *p)
87+
fw3_load_forwards(struct fw3_state *state, struct uci_package *p,
88+
struct blob_attr *a)
3789
{
3890
struct uci_section *s;
3991
struct uci_element *e;
4092
struct fw3_forward *forward;
93+
struct blob_attr *entry;
94+
unsigned rem;
4195

4296
INIT_LIST_HEAD(&state->forwards);
4397

44-
uci_foreach_element(&p->sections, e)
98+
blob_for_each_attr(entry, a, rem)
4599
{
46-
s = uci_to_section(e);
100+
const char *type;
101+
const char *name = "ubus forward";
47102

48-
if (strcmp(s->type, "forwarding"))
103+
if (!fw3_attr_parse_name_type(entry, &name, &type))
49104
continue;
50105

51-
forward = calloc(1, sizeof(*forward));
52-
if (!forward)
106+
if (strcmp(type, "forwarding"))
53107
continue;
54108

55-
forward->enabled = true;
56-
57-
if (!fw3_parse_options(forward, fw3_forward_opts, s))
58-
warn_elem(e, "has invalid options");
59-
60-
if (!forward->enabled)
61-
{
62-
fw3_free_forward(forward);
109+
forward = fw3_alloc_forward(state);
110+
if (!forward)
63111
continue;
64-
}
65112

66-
if (forward->src.invert || forward->dest.invert)
113+
if (!fw3_parse_blob_options(forward, fw3_forward_opts, entry, name))
67114
{
68-
warn_elem(e, "must not have inverted 'src' or 'dest' options");
115+
warn_section("forward", forward, NULL, "skipped due to invalid options");
69116
fw3_free_forward(forward);
70117
continue;
71118
}
72-
else if (forward->src.set && !forward->src.any &&
73-
!(forward->_src = fw3_lookup_zone(state, forward->src.name)))
74-
{
75-
warn_elem(e, "refers to not existing zone '%s'", forward->src.name);
119+
120+
if (!check_forward(state, forward, NULL))
76121
fw3_free_forward(forward);
122+
}
123+
124+
uci_foreach_element(&p->sections, e)
125+
{
126+
s = uci_to_section(e);
127+
128+
if (strcmp(s->type, "forwarding"))
77129
continue;
78-
}
79-
else if (forward->dest.set && !forward->dest.any &&
80-
!(forward->_dest = fw3_lookup_zone(state, forward->dest.name)))
81-
{
82-
warn_elem(e, "refers to not existing zone '%s'", forward->dest.name);
83-
fw3_free_forward(forward);
130+
131+
forward = fw3_alloc_forward(state);
132+
if (!forward)
84133
continue;
85-
}
86134

87-
list_add_tail(&forward->list, &state->forwards);
88-
continue;
89-
}
135+
if (!fw3_parse_options(forward, fw3_forward_opts, s))
136+
warn_elem(e, "has invalid options");
90137

91-
list_for_each_entry(forward, &state->forwards, list)
92-
{
93-
/* NB: forward family... */
94-
if (forward->_dest)
95-
{
96-
fw3_setbit(forward->_dest->flags[0], FW3_FLAG_ACCEPT);
97-
fw3_setbit(forward->_dest->flags[1], FW3_FLAG_ACCEPT);
98-
}
138+
if (!check_forward(state, forward, e))
139+
fw3_free_forward(forward);
99140
}
100141
}
101142

forwards.h

+6-3
Original file line numberDiff line numberDiff line change
@@ -26,10 +26,13 @@
2626

2727
extern const struct fw3_option fw3_forward_opts[];
2828

29-
void fw3_load_forwards(struct fw3_state *state, struct uci_package *p);
29+
void fw3_load_forwards(struct fw3_state *state, struct uci_package *p, struct blob_attr *a);
3030
void fw3_print_forwards(struct fw3_ipt_handle *handle, struct fw3_state *state);
3131

32-
#define fw3_free_forward(forward) \
33-
fw3_free_object(forward, fw3_forward_opts)
32+
static inline void fw3_free_forward(struct fw3_forward *forward)
33+
{
34+
list_del(&forward->list);
35+
fw3_free_object(forward, fw3_forward_opts);
36+
}
3437

3538
#endif

main.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@ build_state(bool runtime)
106106
fw3_load_rules(state, p, b.head);
107107
fw3_load_redirects(state, p, b.head);
108108
fw3_load_snats(state, p, b.head);
109-
fw3_load_forwards(state, p);
109+
fw3_load_forwards(state, p, b.head);
110110
fw3_load_includes(state, p);
111111

112112
return true;

0 commit comments

Comments
 (0)