2008-11-20 vadim <vadim@vk.crocodile.org>

* PolicyCompiler_PrintRule.cpp (PrintRule::_printLogPrefix): fixed bug #2318639: "bug in logging (rule number)". Added logging prefix macro %R that gets expanded to the ruleset name. This can be useful in logging prefixes for rules in branch rulesets. ;
2026-03-22 19:27:13 +01:00 · 2008-11-21 06:40:07 +00:00 · 2008-11-21 06:40:07 +00:00 · 21b6cf5084
commit 21b6cf5084
parent 9b7c774bfb
6 changed files with 117 additions and 50 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-#define BUILD_NUM 654
+#define BUILD_NUM 656
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,3 +1,10 @@
+2008-11-20  vadim  <vadim@vk.crocodile.org>
+
+	* PolicyCompiler_PrintRule.cpp (PrintRule::_printLogPrefix): fixed
+	bug #2318639: "bug in logging (rule number)". Added logging prefix
+	macro %R that gets expanded to the ruleset name. This can be
+	useful in logging prefixes for rules in branch rulesets.
+
 2008-11-19  vadim  <vadim@vk.crocodile.org>

 	* printerStream.cpp (printerStream::begin): fixed printing with QT
--- a/qmake.inc
+++ b/qmake.inc
@ -11,15 +11,15 @@ SO_VERSION    = @LIBFWBUILDER_SOLIB_VERSION@
 DEFINES      += $$(DEFINES)
 LANGUAGE      = C++
 UI_DIR        = ui
-MANDIR        = /home/vadim/src/fwb3-branch-v3/source/fwbuilder//share/man/
-DOCDIR        = /home/vadim/src/fwb3-branch-v3/source/fwbuilder//share/doc/fwbuilder-3.0.2
+MANDIR        = /Users/vadim/src/fwb3-branch-v3/install_root/share/man/
+DOCDIR        = /Users/vadim/src/fwb3-branch-v3/install_root/share/doc/fwbuilder-3.0.2

 HAVE_ANTLR_RUNTIME = 1
 HAVE_EXTERNAL_ANTLR = 0

 unix {
-    ANTLR_INCLUDEPATH =  /home/vadim/src/fwb3-branch-v3/source/fwbuilder/src/
-    ANTLR_LIBS =  /home/vadim/src/fwb3-branch-v3/source/fwbuilder/src/antlr/libantlr.a
+    ANTLR_INCLUDEPATH =  /Users/vadim/src/fwb3-branch-v3/source/fwbuilder/src/
+    ANTLR_LIBS =  /Users/vadim/src/fwb3-branch-v3/source/fwbuilder/src/antlr/libantlr.a
    FWBPARSER_LIB = ../parsers/libfwbparser.a
 }

@ -30,38 +30,38 @@ unix {
 	MOC_DIR = .moc
 	OBJECTS_DIR = .obj

-	PREFIX                  = /home/vadim/src/fwb3-branch-v3/source/fwbuilder/
+	PREFIX                  = /Users/vadim/src/fwb3-branch-v3/install_root
 	exec_prefix             = @EXEC_PREFIX@
 	DESTDIR                 =
-	ICONSDIR                = /home/vadim/src/fwb3-branch-v3/source/fwbuilder//share//icons/hicolor/
+	ICONSDIR                = 

-    INCLUDEPATH  += .. ../.. $$(INCLUDEPATH) /home/vadim/src/fwb3-branch-v3/install_root/include/ /home/vadim/src/fwb3-branch-v3/install_root/include/fwb-3 /usr/include/libxml2
+    INCLUDEPATH  += .. ../.. $$(INCLUDEPATH) /Users/vadim/src/fwb3-branch-v3/install_root/include/ /Users/vadim/src/fwb3-branch-v3/install_root/include/fwb-3 /usr/include/libxml2

-    LIBS_FWCOMPILER         = -L/home/vadim/src/fwb3-branch-v3/install_root/lib -pthread -lfwcompiler -lfwbuilder -lz -lxslt -lxml2 -lnetsnmp -lm -lwrap
-    LIBS_FWBUILDER          = -L/home/vadim/src/fwb3-branch-v3/install_root/lib -pthread -lfwbuilder -lz -lxslt -lxml2 -lnetsnmp -lm -lwrap
+    LIBS_FWCOMPILER         = -L/Users/vadim/src/fwb3-branch-v3/install_root/lib -lfwcompiler -lfwbuilder -lxslt -lxml2 -lz -lpthread -licucore -lm -lnetsnmp
+    LIBS_FWBUILDER          = -L/Users/vadim/src/fwb3-branch-v3/install_root/lib -lfwbuilder -lxslt -lxml2 -lz -lpthread -licucore -lm -lnetsnmp

 	target.path             = $$PREFIX/bin
 	dtd.path                = @TEMPLATE_DIR@/
 	migration.path          = @TEMPLATE_DIR@/migration
-	doc.path                = /home/vadim/src/fwb3-branch-v3/source/fwbuilder//share/doc/fwbuilder-3.0.2
-	datadir.path		    = /home/vadim/src/fwb3-branch-v3/source/fwbuilder//share/
+	doc.path                = /Users/vadim/src/fwb3-branch-v3/install_root/share/doc/fwbuilder-3.0.2
+	datadir.path		    = /Users/vadim/src/fwb3-branch-v3/install_root/share/


 #	win32:target.path    = $$PREFIX/
 #	unix:target.path     = $$PREFIX/share/fwbuilder/
 #	macx:target.path     = $$PREFIX/

-	res.path			= /home/vadim/src/fwb3-branch-v3/source/fwbuilder//share/fwbuilder-3.0.2
-	res_os.path 		= /home/vadim/src/fwb3-branch-v3/source/fwbuilder//share/fwbuilder-3.0.2/os/
-	res_platform.path 	= /home/vadim/src/fwb3-branch-v3/source/fwbuilder//share/fwbuilder-3.0.2/platform/
-	res_help.path 	    = /home/vadim/src/fwb3-branch-v3/source/fwbuilder//share/fwbuilder-3.0.2/help/
-	res_desktop.path	= /home/vadim/src/fwb3-branch-v3/source/fwbuilder//share//applications/
+	res.path			= ../Resources
+	res_os.path 		= ../Resources/os/
+	res_platform.path 	= ../Resources/platform/
+	res_help.path 	    = ../Resources/help/
+	res_desktop.path	= /Users/vadim/src/fwb3-branch-v3/install_root/share//applications/

    INSTALLS		   += res 
    INSTALLS		   += res_os
    INSTALLS		   += res_platform
 #        INSTALLS   += icns
-	LIBS                   += $$LIBS_FWBUILDER -lutil 
+	LIBS                   += $$LIBS_FWBUILDER  -L/sw/lib -lpoll

 	PKGLOCALEDIR			= $$res.path/locale

--- a/src/ipt/PolicyCompiler_PrintRule.cpp
+++ b/src/ipt/PolicyCompiler_PrintRule.cpp
@ -504,38 +504,46 @@ string PolicyCompiler_ipt::PrintRule::_printLogPrefix(const string &rule_num,
 						      const string &action,
 						      const string &interf,
 						      const string &chain,
+                                                      const string &ruleset,
 						      const string &rule_label,
 						      const string &prefix)
 {
-    string s=prefix;
+    string s = prefix;

 /* deal with our logging macros:
 * %N - rule number  ('2', or '2/3' for rule in a branch)
 * %A - action
 * %I - interface name
 * %C - chain name
+ * %R - ruleset name
 */
    string::size_type n;
    if ((n=s.find("%N"))!=string::npos ) 
    {
-      s.replace(n,2,rule_num);
+      s.replace(n, 2, rule_num);
    }
    if ((n=s.find("%A"))!=string::npos ) 
    {
-      s.replace(n,2,action);
+      s.replace(n, 2, action);
    }
    if ((n=s.find("%I"))!=string::npos ) 
    {
-      s.replace(n,2,interf);
+      s.replace(n, 2, interf);
    }
    if ((n=s.find("%C"))!=string::npos ) 
    {
-      s.replace(n,2,chain);
+      s.replace(n, 2, chain);
+    }
+    if ((n=s.find("%R"))!=string::npos ) 
+    {
+      s.replace(n, 2, ruleset);
    }

    if (s.length()>29)
    {
-        compiler->warning(_("Log prefix has been truncated to 29 characters in rule ")+rule_label);
+        compiler->warning(
+            "Log prefix has been truncated to 29 characters in rule " + 
+            rule_label);
        s=s.substr(0,29);
    }

@ -545,28 +553,31 @@ string PolicyCompiler_ipt::PrintRule::_printLogPrefix(const string &rule_num,
 string PolicyCompiler_ipt::PrintRule::_printLogPrefix(PolicyRule *rule,
                                                      const string &prefix)
 {
-  char action[64];
-  strncpy(action,rule->getStr("stored_action").c_str(),sizeof(action));
-  for (char *cptr=action; *cptr; cptr++)  *cptr=toupper(*cptr);
+    FWObject *ruleset = rule->getParent();

-  string rule_iface =  rule->getInterfaceStr();
-  if (rule_iface=="")  rule_iface = "global";
+    char action[64];
+    strncpy(action,rule->getStr("stored_action").c_str(),sizeof(action));
+    for (char *cptr=action; *cptr; cptr++)  *cptr=toupper(*cptr);

-  std::ostringstream s1;
-  int pos=rule->getPosition();
-  // parent_rule_num is set by processor "Branching" for branch rules
-  string ppos = rule->getStr("parent_rule_num");
+    string rule_iface =  rule->getInterfaceStr();
+    if (rule_iface=="")  rule_iface = "global";

-  if (ppos != "")
-      s1 << ppos << "/";
-  s1 << pos;
+    std::ostringstream s1;
+    int pos=rule->getPosition();
+    // parent_rule_num is set by processor "Branching" for branch rules
+    string ppos = rule->getStr("parent_rule_num");

-  return _printLogPrefix(s1.str(),
-			 action,
-			 rule_iface,
-			 rule->getStr("ipt_chain"),
-			 rule->getLabel(),
-			 prefix);
+    if (ppos != "")
+        s1 << ppos << "/";
+    s1 << pos;
+
+    return _printLogPrefix(s1.str(),
+                           action,
+                           rule_iface,
+                           rule->getStr("ipt_chain"),
+                           ruleset->getName(),
+                           rule->getLabel(),
+                           prefix);
 }

 string PolicyCompiler_ipt::PrintRule::_printLogParameters(PolicyRule *rule)
@ -591,7 +602,7 @@ string PolicyCompiler_ipt::PrintRule::_printLogParameters(PolicyRule *rule)
        s=ruleopt->getStr("log_prefix");
        if (s.empty())  s=compiler->getCachedFwOpt()->getStr("log_prefix");
        if (!s.empty()) 
-            str << " --ulog-prefix " << _printLogPrefix(rule,s);
+            str << " --ulog-prefix " << _printLogPrefix(rule, s);

        int r=compiler->getCachedFwOpt()->getInt("ulog_cprange");
        if (r!=0)  str << " --ulog-cprange " << r << " ";
@ -621,7 +632,7 @@ string PolicyCompiler_ipt::PrintRule::_printLogParameters(PolicyRule *rule)
        s=ruleopt->getStr("log_prefix");
        if (s.empty())  s=compiler->getCachedFwOpt()->getStr("log_prefix");
        if (!s.empty())
-            str << " --log-prefix " << _printLogPrefix(rule,s);
+            str << " --log-prefix " << _printLogPrefix(rule, s);

        if (ruleopt->getBool("log_tcp_seq") || compiler->getCachedFwOpt()->getBool("log_tcp_seq"))  
            str << " --log-tcp-sequence ";
@ -1677,9 +1688,16 @@ string PolicyCompiler_ipt::PrintRule::_printOptionalGlobalRules()
 	    if (s.empty())
 	        s = "INVALID state -- DENY ";

-	    res << _printLogPrefix("-1", "DENY","global","drop_invalid","BLOCK INVALID",s)
+	    res << _printLogPrefix("-1",
+                                   "DENY",
+                                   "global",
+                                   "drop_invalid",
+                                   "Policy",
+                                   "BLOCK INVALID",
+                                   s)
 	        << _endRuleLine()
-                << _startRuleLine() << "drop_invalid  -j DROP" << _endRuleLine();
+                << _startRuleLine() << "drop_invalid  -j DROP"
+                << _endRuleLine();
 
 	}
        res << endl;
--- a/src/ipt/PolicyCompiler_ipt.h
+++ b/src/ipt/PolicyCompiler_ipt.h
@ -902,6 +902,7 @@ namespace fwcompiler {
 						const std::string &action,
 						const std::string &interf,
 						const std::string &chain,
+                                                const std::string &ruleset,
 						const std::string &rule_label,
 						const std::string &prefix);
            virtual std::string _printLogPrefix(libfwbuilder::PolicyRule *r,
--- a/test/ipt/objects-for-regression-tests.fwb
+++ b/test/ipt/objects-for-regression-tests.fwb
@ -607,9 +607,8 @@
    <ObjectRef ref="id44F7082928576"/>
    <ObjectRef ref="id4848F19020246"/>
    <ServiceRef ref="id38142X1137"/>
-    <ObjectRef ref="sysid0"/>
-    <ServiceRef ref="sysid1"/>
    <ObjectRef ref="id4833F62B6131"/>
+    <ServiceRef ref="sysid1"/>
  </Library>
  <Library id="syslib001" color="#d2ffd0" name="User" comment="User defined objects" ro="False">
    <ObjectGroup id="stdid01_1" name="Objects" comment="" ro="False">
@ -27385,7 +27384,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
          <Option name="verify_interfaces">True</Option>
        </FirewallOptions>
      </Firewall>
-      <Firewall id="id4848A4294626" host_OS="linux24" inactive="False" lastCompiled="1215360866" lastInstalled="1142003872" lastModified="1212696562" platform="iptables" version="" name="firewall-base-rulesets" comment="this firewall is used to test a rule in the global policy of object &quot;firewall&quot;&#10;" ro="False">
+      <Firewall id="id4848A4294626" host_OS="linux24" inactive="False" lastCompiled="1215360866" lastInstalled="1142003872" lastModified="1227249554" platform="iptables" version="" name="firewall-base-rulesets" comment="this firewall is used to test a rule in the global policy of object &quot;firewall&quot;&#10;" ro="False">
        <NAT id="id4848A4304626" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
        <Policy id="id4848A42F4626" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
        <Policy id="id4848A4414626" name="web_server_inbound" comment="Basic rules for web servers.&#10;" ro="False" ipv6_rule_set="False" top_rule_set="False">
@ -27430,6 +27429,48 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
              <Option name="stateless">False</Option>
            </PolicyRuleOptions>
          </PolicyRule>
+          <PolicyRule id="id38434X42665" disabled="False" group="" log="True" position="2" action="Deny" direction="Both" comment="">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id3B4FEEEE"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="connlimit_masklen">0</Option>
+              <Option name="connlimit_value">0</Option>
+              <Option name="firewall_is_part_of_any_and_networks">False</Option>
+              <Option name="hashlimit_burst">0</Option>
+              <Option name="hashlimit_dstlimit">False</Option>
+              <Option name="hashlimit_expire">0</Option>
+              <Option name="hashlimit_gcinterval">0</Option>
+              <Option name="hashlimit_max">0</Option>
+              <Option name="hashlimit_mode_dstip">False</Option>
+              <Option name="hashlimit_mode_dstport">False</Option>
+              <Option name="hashlimit_mode_srcip">False</Option>
+              <Option name="hashlimit_mode_srcport">False</Option>
+              <Option name="hashlimit_name"></Option>
+              <Option name="hashlimit_size">0</Option>
+              <Option name="hashlimit_suffix"></Option>
+              <Option name="hashlimit_value">0</Option>
+              <Option name="limit_burst">0</Option>
+              <Option name="limit_suffix"></Option>
+              <Option name="limit_value">0</Option>
+              <Option name="log_level"></Option>
+              <Option name="log_prefix">%R/%N -- %A</Option>
+              <Option name="stateless">True</Option>
+              <Option name="ulog_nlgroup">1</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
        </Policy>
        <Policy id="id48493B6E4626" name="mail_server_inbound" comment="Basic rules for mail servers" ro="False" ipv6_rule_set="False" top_rule_set="False">
          <PolicyRule id="id48493B6F4626" disabled="False" log="False" position="0" action="Accept" direction="Inbound" comment="">
@ -27637,7 +27678,7 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
          <Option name="verify_interfaces">False</Option>
        </FirewallOptions>
      </Firewall>
-      <Firewall id="id484A05C44626" host_OS="linux24" inactive="False" lastCompiled="1215360289" lastInstalled="1142003872" lastModified="1212694117" platform="iptables" version="" name="firewall51" comment="testing branching rules that point&#10;at rule sets defined in object&#10;firewall-base-rulesets" ro="False">
+      <Firewall id="id484A05C44626" host_OS="linux24" inactive="False" lastCompiled="1227249571" lastInstalled="1142003872" lastModified="1212694117" platform="iptables" version="" name="firewall51" comment="testing branching rules that point&#10;at rule sets defined in object&#10;firewall-base-rulesets" ro="False">
        <NAT id="id484A06174626" name="NAT" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True"/>
        <Policy id="id484A05CA4626" name="Policy" comment="" ro="False" ipv6_rule_set="False" top_rule_set="True">
          <PolicyRule id="id484A05CB4626" disabled="False" log="False" position="0" action="Branch" direction="Both" comment="">