onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-25 04:37:22 +01:00
Code Issues Releases Wiki Activity

checking for "proto ..." in the custom service code string before printing protocol in policy and nat compilers for pf"

Browse Source
This commit is contained in:
Vadim Kurland 2008-12-28 12:17:26 +00:00
parent a720640ffe
commit 53844b8060
5 changed files with 84 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build_num
View File

@ -1 +1 @@
#define BUILD_NUM 711
#define BUILD_NUM 712

6
doc/ChangeLog
View File

@ -1,3 +1,9 @@
2008-12-28 vadim <vadim@vk.crocodile.org>
* NATCompiler_pf_writers.cpp (PrintRule::_printProtocol):
'checking for "proto ..." in the custom service code string before
printing protocol part in policy and nat compilers for pf.
2008-12-27 vadim <vadim@vk.crocodile.org>
* feature req. #1111267 "CustomService should specify protocol and

49
src/pflib/NATCompiler_pf_writers.cpp
View File

@ -126,20 +126,22 @@ bool NATCompiler_pf::PrintRule::processNext()
char errstr[1024];
if (osrc==NULL ||
odst==NULL ||
osrv==NULL ||
tsrc==NULL ||
tdst==NULL ||
tsrv==NULL)
if (osrc==NULL || odst==NULL || osrv==NULL ||
tsrc==NULL || tdst==NULL || tsrv==NULL)
{
if (osrc==NULL)sprintf(errstr, "NAT rule %s: osrc==NULL", rule->getLabel().c_str() );
if (odst==NULL)sprintf(errstr, "NAT rule %s: odst==NULL", rule->getLabel().c_str() );
if (osrv==NULL)sprintf(errstr, "NAT rule %s: osrv==NULL", rule->getLabel().c_str() );
if (osrc==NULL)
sprintf(errstr,"NAT rule %s: osrc==NULL", rule->getLabel().c_str());
if (odst==NULL)
sprintf(errstr,"NAT rule %s: odst==NULL", rule->getLabel().c_str());
if (osrv==NULL)
sprintf(errstr,"NAT rule %s: osrv==NULL", rule->getLabel().c_str());
if (tsrc==NULL)sprintf(errstr, "NAT rule %s: tsrc==NULL", rule->getLabel().c_str() );
if (tdst==NULL)sprintf(errstr, "NAT rule %s: tdst==NULL", rule->getLabel().c_str() );
if (tsrv==NULL)sprintf(errstr, "NAT rule %s: tsrv==NULL", rule->getLabel().c_str() );
if (tsrc==NULL)
sprintf(errstr,"NAT rule %s: tsrc==NULL", rule->getLabel().c_str());
if (tdst==NULL)
sprintf(errstr,"NAT rule %s: tdst==NULL", rule->getLabel().c_str());
if (tsrv==NULL)
sprintf(errstr,"NAT rule %s: tsrv==NULL", rule->getLabel().c_str());
compiler->abort(errstr);
}
@ -228,6 +230,17 @@ bool NATCompiler_pf::PrintRule::processNext()
void NATCompiler_pf::PrintRule::_printProtocol(Service *srv)
{
// CustomService returns protocol name starting with v3.0.4
if (CustomService::isA(srv))
{
// check if the code string for this custom service already includes
// "proto ..." fragment
string code = CustomService::cast(srv)->getCodeForPlatform(
compiler->myPlatformName());
std::size_t minus_p = code.find("proto ");
if (minus_p != string::npos) return;
}
if ( !TagService::isA(srv))
{
string s = srv->getProtocolName();
@ -238,9 +251,10 @@ void NATCompiler_pf::PrintRule::_printProtocol(Service *srv)
void NATCompiler_pf::PrintRule::_printPort(Service *srv, bool print_range_end)
{
if (TCPService::isA(srv) || UDPService::isA(srv)) {
int drs=TCPUDPService::cast(srv)->getDstRangeStart();
int dre=TCPUDPService::cast(srv)->getDstRangeEnd();
if (TCPService::isA(srv) || UDPService::isA(srv))
{
int drs = TCPUDPService::cast(srv)->getDstRangeStart();
int dre = TCPUDPService::cast(srv)->getDstRangeEnd();
if (drs!=0)
{
compiler->output << "port " << drs;
@ -256,11 +270,12 @@ void NATCompiler_pf::PrintRule::_printPort(Service *srv, bool print_range_end)
}
if (TagService::isA(srv))
{
compiler->output << "tagged " << TagService::constcast(srv)->getCode() << " ";
compiler->output << "tagged "
<< TagService::constcast(srv)->getCode() << " ";
}
}
void NATCompiler_pf::PrintRule::_printNegation(libfwbuilder::RuleElement *rel)
void NATCompiler_pf::PrintRule::_printNegation(RuleElement *rel)
{
if (rel->getNeg())
compiler->output << "! ";

11
src/pflib/PolicyCompiler_pf_writers.cpp
View File

@ -416,15 +416,20 @@ void PolicyCompiler_pf::PrintRule::_printProtocol(Service *srv)
// However CustomService can return protocol name "any", which we should
// just skip.
// CustomService returns protocol name starting with v3.0.4
if (CustomService::isA(srv))
{
// check if the code string for this custom service already includes
// "proto ..." fragment
string code = CustomService::cast(srv)->getCodeForPlatform(
compiler->myPlatformName());
std::size_t minus_p = code.find("proto ");
if (minus_p != string::npos) return;
string pn = srv->getProtocolName();
if (pn == "any") return;
}
if (!srv->isAny() &&
!TagService::isA(srv) &&
!UserService::isA(srv) &&
if (!srv->isAny() && !TagService::isA(srv) && !UserService::isA(srv) &&
srv->getProtocolName()!="ip")
{
compiler->output << "proto ";

43
test/pf/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="10" lastModified="1228758183" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="10" lastModified="1230465686" id="root">
<Library id="sysid99" name="Deleted Objects" comment="" ro="False">
<ICMP6Service id="idE0C27650" code="0" type="1" name="ipv6 dest unreachable" comment="No route to destination" ro="False"/>
<Library id="id40E233F3" color="#FFFFFF" name="West Coast" comment="" ro="False">
@ -352,7 +352,7 @@
</PolicyRuleOptions>
</PolicyRule>
</Policy>
<ServiceRef ref="sysid1"/>
<ServiceRef ref="id41F9FFBA"/>
</Library>
<Library id="syslib001" color="#d2ffd0" name="User" comment="User defined objects" ro="False">
<ObjectGroup id="stdid01_1" name="Objects" comment="" ro="False">
@ -871,7 +871,7 @@
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
</CustomService>
<CustomService id="id41F9FFBA" name="natproto" comment="" ro="False" protocol=" {tcp udp icmp gre}" address_family="ipv4">
<CustomService id="id41F9FFBA" name="natproto" comment="for bug 1111267: should add proto {tcp udp icmp gre}" ro="False" protocol=" {tcp udp icmp gre}" address_family="ipv4">
<CustomServiceCommand platform="fwsm"></CustomServiceCommand>
<CustomServiceCommand platform="iosacl"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
@ -891,6 +891,16 @@
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
</CustomService>
<CustomService id="id15832X50242" name="natproto (old style)" comment="for bug 1111267: should add proto {tcp udp icmp gre}, compiler&#10;should recognize &quot;proto ...&quot; in the code string" ro="False" protocol="any" address_family="ipv4">
<CustomServiceCommand platform="fwsm"></CustomServiceCommand>
<CustomServiceCommand platform="iosacl"></CustomServiceCommand>
<CustomServiceCommand platform="ipf"></CustomServiceCommand>
<CustomServiceCommand platform="ipfw"></CustomServiceCommand>
<CustomServiceCommand platform="iptables"></CustomServiceCommand>
<CustomServiceCommand platform="pf">proto {tcp udp icmp gre}</CustomServiceCommand>
<CustomServiceCommand platform="pix"></CustomServiceCommand>
<CustomServiceCommand platform="unknown"></CustomServiceCommand>
</CustomService>
</ServiceGroup>
<ServiceGroup id="stdid05_1_userservices" name="Users" comment="" ro="False">
<UserService id="id4849253820246" name="user2000" comment="" ro="False" userid="2000"/>
@ -2705,7 +2715,7 @@
<Option name="use_tables">True</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id3AFB66C6" host_OS="openbsd" inactive="False" lastCompiled="1157930805" lastInstalled="0" lastModified="1230447763" platform="pf" version="" name="firewall2" comment="this object has several interfaces and shows different rules for NAT. Also testing policy rule options " ro="False">
<Firewall id="id3AFB66C6" host_OS="openbsd" inactive="False" lastCompiled="1230465811" lastInstalled="0" lastModified="1230466470" platform="pf" version="" name="firewall2" comment="this object has several interfaces and shows different rules for NAT. Also testing policy rule options " ro="False">
<NAT id="id3AFB66C7" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<NATRule id="id3AFB66C8" disabled="False" position="0" comment="">
<OSrc neg="False">
@ -3328,7 +3338,7 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id41F9FFBB" disabled="False" position="28" comment="">
<NATRule id="id41F9FFBB" disabled="False" position="28" comment="for bug 1111267: this custom service object has&#10;&quot;proto ...&quot; in the protocol string, compiler can put&#10;it in generated nat command in the right place.">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
@ -3349,7 +3359,28 @@
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id41FA0A82" disabled="False" position="29" comment="">
<NATRule id="id15833X50242" disabled="False" group="" position="29" comment="for bug 1111267: this custom service object&#10;has &quot;proto ..&quot; in the code string but we can't insert&#10;it in the generated nat command b/c it would appear &#10;in the wrong place, after &quot;from&quot;.&#10;">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>
<ODst neg="False">
<ObjectRef ref="sysid0"/>
</ODst>
<OSrv neg="False">
<ServiceRef ref="id15832X50242"/>
</OSrv>
<TSrc neg="False">
<ObjectRef ref="id3AFB6706-ipv4"/>
</TSrc>
<TDst neg="False">
<ObjectRef ref="sysid0"/>
</TDst>
<TSrv neg="False">
<ServiceRef ref="sysid1"/>
</TSrv>
<NATRuleOptions/>
</NATRule>
<NATRule id="id41FA0A82" disabled="False" position="30" comment="">
<OSrc neg="False">
<ObjectRef ref="net-Internal_net"/>
</OSrc>