From 5e1e377c6a2796633c0bf42bbf904a47e8f5dffe Mon Sep 17 00:00:00 2001 From: Vadim Kurland Date: Sun, 17 Apr 2011 12:30:31 -0700 Subject: [PATCH] * fwbedit.cpp (main): added command line switch "-d" to function "import" in fwbedit. This switch activates object deduplication on import. --- VERSION | 2 +- VERSION.h | 2 +- doc/ChangeLog | 6 ++ doc/fwbedit.1 | 121 +++++++++++++++-------------- packaging/fwbuilder-static-qt.spec | 2 +- packaging/fwbuilder.control | 2 +- packaging/fwbuilder.spec | 2 +- src/fwbedit/fwbedit.cpp | 20 ++++- src/fwbedit/fwbedit.h | 6 +- src/fwbedit/import.cpp | 29 +++++-- 10 files changed, 115 insertions(+), 77 deletions(-) diff --git a/VERSION b/VERSION index 9c9b054d2..05f7c7b6c 100644 --- a/VERSION +++ b/VERSION @@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0 # build number is like "nano" version number. I am incrementing build # number during development cycle # -BUILD_NUM="3527" +BUILD_NUM="3528" VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM" diff --git a/VERSION.h b/VERSION.h index 23d3608ae..b3d768c59 100644 --- a/VERSION.h +++ b/VERSION.h @@ -1,2 +1,2 @@ -#define VERSION "4.2.0.3527" +#define VERSION "4.2.0.3528" #define GENERATION "4.2" diff --git a/doc/ChangeLog b/doc/ChangeLog index 911e296b7..65d45a05e 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,9 @@ +2011-04-17 vadim + + * fwbedit.cpp (main): added command line switch "-d" to function + "import" in fwbedit. This switch activates object deduplication + on import. + 2011-04-15 vadim * fwbedit.cpp (main): see #2328 "Add ability to run firewall import diff --git a/doc/fwbedit.1 b/doc/fwbedit.1 index 3ab713510..d533d3174 100644 --- a/doc/fwbedit.1 +++ b/doc/fwbedit.1 @@ -31,29 +31,29 @@ below). Creates new object. - -f file.fwb: data file - -t objtype: create new object of this type - -p parent: create new object as a child of this object. - This parameter is mandatory. If you are adding an address - to an interface, corresponding interface onkect must be - specified as the parent. Similarly if you need to add an - interface to a host or a firewall, corresponding host or - firewall object is the parent. If you are adding an - object to one of the standard folders, the parent is the - library you want to add the object to or correct full - path to the folder in the tree. - -n name: the name of the new object - -c txt: specify comment for the new object - -a attribute1[,attribute2...] : specify attributes that - define parameters of the new object (see below) + -f file.fwb data file + -t objtype create new object of this type + -p parent create new object as a child of this object. + This parameter is mandatory. If you are adding an address + to an interface, corresponding interface onkect must be + specified as the parent. Similarly if you need to add an + interface to a host or a firewall, corresponding host or + firewall object is the parent. If you are adding an + object to one of the standard folders, the parent is the + library you want to add the object to or correct full + path to the folder in the tree. + -n name the name of the new object + -c txt specify comment for the new object + -a attribute1[,attribute2...] : specify attributes that + define parameters of the new object (see below) .B delete -f file.fwb -o object Deletes object specified by its full path in the tree or object ID. - -f file.fwb: data file - -o object: object to be deleted, full path or ID + -f file.fwb data file + -o object object to be deleted, full path or ID @@ -62,11 +62,11 @@ Deletes object specified by its full path in the tree or object ID. Modifies object specified by its full path in the tree or object ID. Object can not be renamed using this operation. - -f file.fwb: data file - -o object: object to be deleted, full path or ID - -c txt: specify comment for the new object - -a attribute1[,attribute2...] : specify attributes that - define parameters of the new object (see below) + -f file.fwb data file + -o object object to be deleted, full path or ID + -c txt specify comment for the new object + -a attribute1[,attribute2...] : specify attributes that + define parameters of the new object (see below) @@ -74,25 +74,25 @@ Object can not be renamed using this operation. Prints name and ID of an object. - -f file.fwb: data file - -o object: object to print, full path or ID - -r print specified object and all objects under it in the tree - -c print only children objects of the given object but do not - print the object itself. - -d print full dump of all object's attributes including internal - debugging information if available, this can be very - verbose. - -Fformat_string Program recognizes macros in the format string - and replaces them with values of corresponding object's - attributes. Macro is the name of the attribute surrounded - with '%', such as '%name%' or '%address%'. Here is the - list of some attribute names: "id", "name", "path", - "comment", "type", "address", "netmask", "dnsname". TCP - and UDP service objects provide attributes - "src_range_start", "src_range_end", "dst_range_start", - "dst_range_end" for the source and destination port - ranges. ICMP and ICMP6 service objects have attributes - "icmp_type" and "icmp_code". + -f file.fwb data file + -o object object to print, full path or ID + -r print specified object and all objects under it in the tree + -c print only children objects of the given object but do not + print the object itself. + -d print full dump of all object's attributes including internal + debugging information if available, this can be very + verbose. + -Fformat_string Program recognizes macros in the format string + and replaces them with values of corresponding object's + attributes. Macro is the name of the attribute surrounded + with '%', such as '%name%' or '%address%'. Here is the + list of some attribute names: "id", "name", "path", + "comment", "type", "address", "netmask", "dnsname". TCP + and UDP service objects provide attributes + "src_range_start", "src_range_end", "dst_range_start", + "dst_range_end" for the source and destination port + ranges. ICMP and ICMP6 service objects have attributes + "icmp_type" and "icmp_code". @@ -101,10 +101,10 @@ Prints name and ID of an object. Adds object specified by path or ID to a group, also specified by its path or ID. - -f file.fwb: data file - -g group: group the object should be added to, - full path or ID - -o object: object to be deleted, full path or ID + -f file.fwb data file + -g group group the object should be added to, + full path or ID + -o object object to be deleted, full path or ID @@ -112,17 +112,17 @@ path or ID. Removes object from a group. - -f file.fwb: data file - -g group: group the object should be removed from, - full path or ID - -o object: object to be deleted, full path or ID + -f file.fwb data file + -g group group the object should be removed from, + full path or ID + -o object object to be deleted, full path or ID .B upgrade -f file.fwb Upgrades data file to the latest data format version. - -f file.fwb: data file + -f file.fwb data file .B checktree -f file.fwb @@ -130,7 +130,7 @@ Upgrades data file to the latest data format version. Checks consistency and correctness of the object tree in the given data file and repairs it if necessary. - -f file.fwb: data file + -f file.fwb data file .B merge -f file1.fwb -i file2.fwb @@ -138,21 +138,24 @@ data file and repairs it if necessary. Objects from the file2.fwb are merged with objects in file1 and combined object tree saved in file1.fwb - -f file.fwb: data file #1 - -i file.fwb: data file #2 + -f file.fwb data file #1 + -i file.fwb data file #2 -.B import -f file1.fwb -i firewall_config.txt -o path_to_firewall_object +.B import -f file1.fwb -i firewall_config.txt -o path_to_firewall_object [-d] Firewall configuration from file firewall_config.txt is parsed and imported into data file file1.fwb. The program creates new firewall object located in the library and with the name defined by its path -path_to_firewall_object. This has to be full path, beginning with the -library name, such as "/User/Firewalls/my_new_firewall" +path_to_firewall_object. - -f file.fwb: data file #1 - -i config.txt: firewall configuration file - -o object_path + -f file.fwb data file #1 + -i config.txt firewall configuration file + -o object_path full path to the firewall object that will be + created. This has to be full path, beginning + with the library name, such as + "/User/Firewalls/my_new_firewall" + -d avoid creating duplicate objects on import currently (as of v4.2.0) fwbuilder supports import of iptables configuration saved with iptables-save command, as well as import of diff --git a/packaging/fwbuilder-static-qt.spec b/packaging/fwbuilder-static-qt.spec index 5aa7d739c..2aa3095d1 100644 --- a/packaging/fwbuilder-static-qt.spec +++ b/packaging/fwbuilder-static-qt.spec @@ -3,7 +3,7 @@ %define name fwbuilder -%define version 4.2.0.3527 +%define version 4.2.0.3528 %define release 1 %if "%_vendor" == "MandrakeSoft" diff --git a/packaging/fwbuilder.control b/packaging/fwbuilder.control index f12b483f9..5637945d8 100644 --- a/packaging/fwbuilder.control +++ b/packaging/fwbuilder.control @@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu Priority: extra Section: checkinstall Maintainer: vadim@fwbuilder.org -Version: 4.2.0.3527-1 +Version: 4.2.0.3528-1 Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15 Description: Firewall Builder GUI and policy compilers diff --git a/packaging/fwbuilder.spec b/packaging/fwbuilder.spec index 404d64bb0..273b186f9 100644 --- a/packaging/fwbuilder.spec +++ b/packaging/fwbuilder.spec @@ -1,6 +1,6 @@ %define name fwbuilder -%define version 4.2.0.3527 +%define version 4.2.0.3528 %define release 1 %if "%_vendor" == "MandrakeSoft" diff --git a/src/fwbedit/fwbedit.cpp b/src/fwbedit/fwbedit.cpp index 67ef45363..4e185c412 100644 --- a/src/fwbedit/fwbedit.cpp +++ b/src/fwbedit/fwbedit.cpp @@ -340,14 +340,16 @@ void usage_merge() void usage_import() { cout << - " import -f file1.fwb -i firewall_config.txt -o firewall_object_path\n" + " import -f file1.fwb -i firewall_config.txt -o firewall_object_path [-d]\n" "\n" " -f file1.fwb: data file #1\n" " -i firewall_config.txt: firewall configuration file that\n" " should be imported #2\n" " -o firewall_object_path: a full path to the firewall object\n" " to be created, e.g. '/User/Firewalls/my_new_firewall'\n" - " Note that path must start with the library name\n"; + " Note that path must start with the library name\n" + " -d reuse address and service objects created in the process\n" + " of import\n"; cout << endl; } @@ -452,6 +454,7 @@ int main(int argc, char * const *argv) string list_format = "%path%"; bool full_dump = false; string import_config; + bool deduplicate = false; if (argc<=1) { @@ -676,13 +679,14 @@ int main(int argc, char * const *argv) case IMPORT: // -f file.fwb -i config.txt -o /User/Firewalls/new_firewall - while( (opt=getopt(argc, args, "f:i:o:")) != EOF ) + while( (opt=getopt(argc, args, "f:i:o:d")) != EOF ) { switch(opt) { case 'f': filename = optarg; break; case 'i': import_config = optarg; break; case 'o': object = optarg; break; + case 'd': deduplicate = true; break; } } @@ -729,6 +733,7 @@ int main(int argc, char * const *argv) } mergeTree(objdb, filemerge, conflict_res); } + else if (cmd == IMPORT) { if (import_config.empty() || object.empty()) @@ -774,35 +779,42 @@ int main(int argc, char * const *argv) << "'" << endl; - importConfig(objdb, import_config, library, fw_name); + importConfig(import_config, library, fw_name, deduplicate); } + else if (cmd == STRUCT) { checkAndRepairTree(objdb); } + else if (cmd == LIST) { listObject(objdb, object, list_children, recursive, list_format, full_dump); return(0); } + else if (cmd == UPGRADE) { cout << "File upgraded; current data format version: " << libfwbuilder::Constants::getDataFormatVersion() << endl; } + else if (cmd == NEWOBJECT) { newObject(objdb, objtype, name, comment_txt, parent, ops); } + else if (cmd == DELOBJECT) { delObject(objdb, object); } + else if (cmd == MODOBJECT) { modObject(objdb, object, comment_txt, ops); } + else { diff --git a/src/fwbedit/fwbedit.h b/src/fwbedit/fwbedit.h index 416f689c4..15946174a 100644 --- a/src/fwbedit/fwbedit.h +++ b/src/fwbedit/fwbedit.h @@ -72,10 +72,10 @@ extern void checkAndRepairTree(libfwbuilder::FWObjectDatabase *objdb); extern void mergeTree(libfwbuilder::FWObjectDatabase *objdb, const std::string &mergefile, int conflict_res); -extern void importConfig(libfwbuilder::FWObjectDatabase *objdb, - const std::string &import_config, +extern void importConfig(const std::string &import_config, libfwbuilder::FWObject *library, - const std::string &fw_name); + const std::string &fw_name, + bool deduplicate); extern int splitStr(char ch,std::string s, operands * ops); extern std::string getNextOpt(operands &ops); diff --git a/src/fwbedit/import.cpp b/src/fwbedit/import.cpp index f050adc35..27a697915 100644 --- a/src/fwbedit/import.cpp +++ b/src/fwbedit/import.cpp @@ -42,10 +42,16 @@ using namespace libfwbuilder; using namespace std; -void importConfig(FWObjectDatabase *objdb, - const string &import_config, +Logger& operator<<(Logger &logger, const QString &str) +{ + logger << str.toUtf8().constData(); + return logger; +} + +void importConfig(const string &import_config, FWObject *library, - const string &fw_name) + const string &fw_name, + bool deduplicate) { QFile f(QString::fromUtf8(import_config.c_str())); f.open(QFile::ReadOnly); @@ -90,10 +96,21 @@ void importConfig(FWObjectDatabase *objdb, << endl; exit(1); } - - imp->run(); - imp->finalize(); + if (deduplicate) imp->prepareForDeduplication(); + + try + { + imp->run(); + } catch(ImporterException &e) + { + *logger << e.toString() << "\n"; + } catch(ObjectMakerException &e) + { + *logger << e.toString() << "\n"; + } + + imp->finalize(); }