[LEDE-DEV] [PATCH 4/7] firewall3: add UBUS support for forwarding sections

Thu, 20 Apr 2017 09:06:45 -0700 

It gives the ability to create forward rules via procd
services and netifd interface firewall data.

Signed-off-by: Pierre Lebleu <pme.leb...@gmail.com>
---
 forwards.c |   68 +++++++++++++++++++++++++++++++++++++++++++++++-------------
 forwards.h |    9 +++++---
 main.c     |    2 +-
 3 files changed, 61 insertions(+), 18 deletions(-)

diff --git a/forwards.c b/forwards.c
index cf0c3a8..43f0978 100644
--- a/forwards.c
+++ b/forwards.c
@@ -31,16 +31,58 @@ const struct fw3_option fw3_forward_opts[] = {
        { }
 };
 
+static struct fw3_forward *
+fw3_alloc_forward(struct fw3_state *state)
+{
+       struct fw3_forward *forward;
+
+       forward = calloc(1, sizeof(*forward));
+       if (!forward)
+               return NULL;
+
+       forward->enabled = true;
+
+       list_add_tail(&forward->list, &state->forwards);
+
+       return forward;
+}
 
 void
-fw3_load_forwards(struct fw3_state *state, struct uci_package *p)
+fw3_load_forwards(struct fw3_state *state, struct uci_package *p,
+               struct blob_attr *a)
 {
        struct uci_section *s;
        struct uci_element *e;
-       struct fw3_forward *forward;
+       struct fw3_forward *forward, *n;
+       struct blob_attr *entry, *opt;
+       unsigned rem, orem;
 
        INIT_LIST_HEAD(&state->forwards);
 
+       blob_for_each_attr(entry, a, rem)
+       {
+               const char *type = NULL;
+               const char *name = "ubus forward";
+               blobmsg_for_each_attr(opt, entry, orem)
+                       if (!strcmp(blobmsg_name(opt), "type"))
+                               type = blobmsg_get_string(opt);
+                       else if (!strcmp(blobmsg_name(opt), "name"))
+                               name = blobmsg_get_string(opt);
+
+               if (!type || strcmp(type, "forwarding"))
+                       continue;
+
+               if (!(forward = fw3_alloc_forward(state)))
+                       continue;
+
+               if (!fw3_parse_blob_options(forward, fw3_forward_opts, entry, 
name))
+               {
+                       warn("%s skipped due to invalid options\n", name);
+                       fw3_free_forward(forward);
+                       continue;
+               }
+       }
+
        uci_foreach_element(&p->sections, e)
        {
                s = uci_to_section(e);
@@ -48,19 +90,20 @@ fw3_load_forwards(struct fw3_state *state, struct 
uci_package *p)
                if (strcmp(s->type, "forwarding"))
                        continue;
 
-               forward = calloc(1, sizeof(*forward));
+               forward = fw3_alloc_forward(state);
                if (!forward)
                        continue;
 
-               forward->enabled = true;
-
                if (!fw3_parse_options(forward, fw3_forward_opts, s))
                {
                        warn_elem(e, "skipped due to invalid options");
                        fw3_free_forward(forward);
                        continue;
                }
+       }
 
+       list_for_each_entry_safe(forward, n, &state->forwards, list)
+       {
                if (!forward->enabled)
                {
                        fw3_free_forward(forward);
@@ -69,31 +112,28 @@ fw3_load_forwards(struct fw3_state *state, struct 
uci_package *p)
 
                if (forward->src.invert || forward->dest.invert)
                {
-                       warn_elem(e, "must not have inverted 'src' or 'dest' 
options");
+                       warn("%s must not have inverted 'src' or 'dest' 
options",
+                               forward->name);
                        fw3_free_forward(forward);
                        continue;
                }
                else if (forward->src.set && !forward->src.any &&
                         !(forward->_src = fw3_lookup_zone(state, 
forward->src.name)))
                {
-                       warn_elem(e, "refers to not existing zone '%s'", 
forward->src.name);
+                       warn("%s refers to not existing zone '%s'", 
forward->name,
+                               forward->src.name);
                        fw3_free_forward(forward);
                        continue;
                }
                else if (forward->dest.set && !forward->dest.any &&
                         !(forward->_dest = fw3_lookup_zone(state, 
forward->dest.name)))
                {
-                       warn_elem(e, "refers to not existing zone '%s'", 
forward->dest.name);
+                       warn("%s refers to not existing zone '%s'", 
forward->name,
+                               forward->dest.name);
                        fw3_free_forward(forward);
                        continue;
                }
 
-               list_add_tail(&forward->list, &state->forwards);
-               continue;
-       }
-
-       list_for_each_entry(forward, &state->forwards, list)
-       {
                /* NB: forward family... */
                if (forward->_dest)
                {
diff --git a/forwards.h b/forwards.h
index 3006e9e..06d3e06 100644
--- a/forwards.h
+++ b/forwards.h
@@ -26,10 +26,13 @@
 
 extern const struct fw3_option fw3_forward_opts[];
 
-void fw3_load_forwards(struct fw3_state *state, struct uci_package *p);
+void fw3_load_forwards(struct fw3_state *state, struct uci_package *p, struct 
blob_attr *a);
 void fw3_print_forwards(struct fw3_ipt_handle *handle, struct fw3_state 
*state);
 
-#define fw3_free_forward(forward) \
-       fw3_free_object(forward, fw3_forward_opts)
+static inline void fw3_free_forward(struct fw3_forward *forward)
+{
+       list_del(&forward->list);
+       fw3_free_object(forward, fw3_forward_opts);
+}
 
 #endif
diff --git a/main.c b/main.c
index 5888ab5..4cf46fd 100644
--- a/main.c
+++ b/main.c
@@ -106,7 +106,7 @@ build_state(bool runtime)
        fw3_load_rules(state, p, b.head);
        fw3_load_redirects(state, p, b.head);
        fw3_load_snats(state, p, b.head);
-       fw3_load_forwards(state, p);
+       fw3_load_forwards(state, p, b.head);
        fw3_load_includes(state, p);
 
        return true;
-- 
1.7.9.5


_______________________________________________
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev

Reply via email to