onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-25 04:37:22 +01:00
Code Issues Releases Wiki Activity

2009-05-12 vadim <vadim@vk.crocodile.org>

Browse Source 
* PolicyCompiler_pf_writers.cpp (PrintRule::processNext): fixed
bug #2790927: "Add support for "sloppy" state tracking for PF".
This commit is contained in:
Vadim Kurland 2009-05-12 22:43:57 +00:00
parent 68cd7c98c5
commit 331a1adaa9
6 changed files with 54 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build_num
View File

@ -1 +1 @@
#define BUILD_NUM 926
#define BUILD_NUM 928

3
doc/ChangeLog
View File

@ -1,5 +1,8 @@
2009-05-12 vadim <vadim@vk.crocodile.org>
* PolicyCompiler_pf_writers.cpp (PrintRule::processNext): fixed
bug #2790927: "Add support for "sloppy" state tracking for PF".
* FWWindowPrint.cpp (FWWindow::tableResolutionSettingChanged):
Using slider widget to set table scaling factor; now user can
choose any scaling factor between 1 and 200%. This fixes bug

14
src/gui/RuleOptionsDialog.cpp
View File

@ -176,9 +176,14 @@ void RuleOptionsDialog::loadFWObject(FWObject *o)
if (platform=="pf")
{
data.registerOption(m_dialog->pf_logPrefix, ropt, "log_prefix");
data.registerOption(m_dialog->pf_stateless, ropt, "stateless");
data.registerOption(m_dialog->pf_keep_state, ropt, "pf_keep_state");
data.registerOption(m_dialog->pf_logPrefix, ropt,
"log_prefix");
data.registerOption(m_dialog->pf_stateless, ropt,
"stateless");
data.registerOption(m_dialog->pf_keep_state, ropt,
"pf_keep_state");
data.registerOption(m_dialog->pf_sloppy_tracker, ropt,
"pf_sloppy_tracker");
data.registerOption(m_dialog->pf_rule_max_state, ropt,
"pf_rule_max_state");
data.registerOption(m_dialog->pf_source_tracking, ropt,
@ -187,7 +192,6 @@ void RuleOptionsDialog::loadFWObject(FWObject *o)
"pf_max_src_nodes");
data.registerOption(m_dialog->pf_max_src_states, ropt,
"pf_max_src_states");
data.registerOption(m_dialog->pf_max_src_conn, ropt,
"pf_max_src_conn");
data.registerOption(m_dialog->pf_overload_table, ropt,
@ -196,12 +200,10 @@ void RuleOptionsDialog::loadFWObject(FWObject *o)
"pf_max_src_conn_flush");
data.registerOption(m_dialog->pf_global, ropt,
"pf_max_src_conn_global");
data.registerOption(m_dialog->pf_max_src_conn_rate_num, ropt,
"pf_max_src_conn_rate_num");
data.registerOption(m_dialog->pf_max_src_conn_rate_seconds, ropt,
"pf_max_src_conn_rate_seconds");
data.registerOption(m_dialog->pf_modulate, ropt,
"pf_modulate_state");
data.registerOption(m_dialog->pf_synproxy, ropt,

6
src/gui/platforms.cpp
View File

@ -268,7 +268,8 @@ bool isDefaultPolicyRuleOptions(FWOptions *opt)
opt->getInt("pf_max_src_conn")<=0 &&
opt->getInt("pf_max_src_conn_rate_num")<=0 &&
opt->getInt("pf_max_src_conn_rate_seconds")<=0 &&
! opt->getBool("pf_keep_state")
! opt->getBool("pf_keep_state") &&
! opt->getBool("pf_sloppy_tracker")
);
}else
{
@ -277,7 +278,8 @@ bool isDefaultPolicyRuleOptions(FWOptions *opt)
! opt->getBool("pf_source_tracking") &&
opt->getInt("pf_max_src_conn")<=0 &&
opt->getInt("pf_max_src_conn_rate_num")<=0 &&
opt->getInt("pf_max_src_conn_rate_seconds")<=0
opt->getInt("pf_max_src_conn_rate_seconds")<=0 &&
! opt->getBool("pf_sloppy_tracker")
);
}
}

30
src/gui/ruleoptionsdialog_q.ui
View File

@ -1230,7 +1230,7 @@
<enum>QTabWidget::Triangular</enum>
</property>
<property name="currentIndex" >
<number>0</number>
<number>4</number>
</property>
<widget class="QWidget" name="tab10" >
<attribute name="title" >
@ -1737,7 +1737,7 @@
<attribute name="title" >
<string>TCP</string>
</attribute>
<layout class="QGridLayout" >
<layout class="QGridLayout" name="gridLayout" >
<item row="0" column="0" >
<widget class="QCheckBox" name="pf_modulate" >
<property name="text" >
@ -1753,6 +1753,13 @@
</widget>
</item>
<item row="2" column="0" >
<widget class="QCheckBox" name="pf_sloppy_tracker" >
<property name="text" >
<string>Use sloppy TCP state tracker for this rule</string>
</property>
</widget>
</item>
<item row="3" column="0" >
<spacer>
<property name="orientation" >
<enum>Qt::Vertical</enum>
@ -2875,5 +2882,24 @@
</hint>
</hints>
</connection>
<connection>
<sender>pf_sloppy_tracker</sender>
<signal>stateChanged(int)</signal>
<receiver>RuleOptionsDialog_q</receiver>
<slot>changed()</slot>
<hints>
<hint type="sourcelabel" >
<x>565</x>
<y>132</y>
</hint>
<hint type="destinationlabel" >
<x>561</x>
<y>142</y>
</hint>
</hints>
</connection>
</connections>
<slots>
<slot>changed()</slot>
</slots>
</ui>

14
src/pflib/PolicyCompiler_pf_writers.cpp
View File

@ -942,13 +942,11 @@ bool PolicyCompiler_pf::PrintRule::processNext()
// "keep state" can be used with any protocol, while "modulate state"
// and "synproxy state" can only be used with tcp.
if (compiler->getCachedFwOpt()->getBool("pf_synproxy") &&
tcpsrv!=NULL)
if (compiler->getCachedFwOpt()->getBool("pf_synproxy") && tcpsrv!=NULL)
compiler->output << "synproxy state ";
else
{
if (compiler->getCachedFwOpt()->getBool("pf_modulate_state") &&
tcpsrv!=NULL)
if (compiler->getCachedFwOpt()->getBool("pf_modulate_state") && tcpsrv!=NULL)
compiler->output << "modulate state ";
else
{
@ -984,6 +982,7 @@ bool PolicyCompiler_pf::PrintRule::processNext()
if (ruleopt->getInt("pf_max_src_conn")>0) nopt++;
if (ruleopt->getStr("pf_max_src_conn_overload_table")!="") nopt++;
if (ruleopt->getInt("pf_max_src_conn_rate_num")>0) nopt++;
if (ruleopt->getBool("pf_sloppy_tracker")) nopt++;
bool not_the_first = false;
if (nopt)
@ -997,6 +996,13 @@ bool PolicyCompiler_pf::PrintRule::processNext()
not_the_first = true;
}
if (ruleopt->getBool("pf_sloppy_tracker"))
{
if (not_the_first) compiler->output << ",";
compiler->output << " sloppy ";
not_the_first = true;
}
if (ruleopt->getBool("pf_source_tracking"))
{
if (not_the_first) compiler->output << ",";