onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-20 18:27:16 +01:00
Code Issues Releases Wiki Activity

fixes #462 ; adds a check to avoid running ifenslave -d if there are no slaves; updates "last_modified" attribute when inetrfaces or any other child object of the firewall is modified

Browse Source
This commit is contained in:
Vadim Kurland 2009-09-24 04:04:22 +00:00
parent a609e56348
commit 7346c32f2f
11 changed files with 105 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build_num
View File

@ -1 +1 @@
#define BUILD_NUM 1495
#define BUILD_NUM 1496

43
doc/ChangeLog
View File

@ -1,13 +1,30 @@
2009-09-23 vadim <vadim@vk.crocodile.org>
* ../src/res/configlets/linux24/update_bonding: Generated iptables
script incrementally updates bonding interfaces: it adds missing
slaves and removes those that are not configued in fwbuilder. It
also tries to load module "bonding" with protocol parameters
defined in the GUI. Bonding interfaces that exist on the firewall
but are not configured in fwbuilder are cleared of all slaves and
brought down. They can not be removed because that requires
removing module which kills bond interfaces that should be there.
script incrementally updates bonding interfaces:
- It creates new bonding interfaces with parameters configured in
the GUI if module 'bonding' is not loaded. This is what happens
if fwbuilder script runs after reboot.
- if there are no bonding interfaces in fwbuilder configuration,
the script removes bonding module to kill any bonding interfaces
that might exist on the machine
- if you add new bonding interface in fwbuilder, the script checks
if it exists on the machine. It will not create it because to do
so, it would have to remove the module which kills other bonding
interfaces. If this second bonding interface exists, it will be
configured with slaves and addresses. If it does not exist, script
aborts. In this case you need to either 1) reload module manually
or 2) add max_bonds=2 to /etc/modules.conf and reboot or 3) unload
module and run fwbuilder script again (if module is not loaded,
the script loads it with correct max_bonds parameter)
- if a bonding interface exists on the machine but not in
fwbuilder configuration, the script removes all slaves from it and
brings it down. It can not delete it because to do so it would
need to remove the module, which kills other bonding interfaces.
Limitation: currently all bonding interfaces will use the same
protocol parameters. This is because module loading with parameter
@ -15,12 +32,12 @@
bonding interface and also the way to specify different parameters
for different interfaces causes kernel panic in my tests. Tested
with bonding module v3.5.0 and kernel 2.6.29.4-167.fc11.i686.PAE
on Fedora Core 11. The only way to get two bonding interfaces that
works is to load the module with parameter max_bonds=2, but this
means all bonding interfaces work with the same protocol
parameters. If bond interfaces are configured with different
parameters in the GUI, compiler uses the first and issues warning
for others.
on Fedora Core 11. The only working way to get two bonding
interfaces I could find is to load the module with parameter
max_bonds=2, but this means all bonding interfaces work with the
same protocol parameters. If bond interfaces are configured with
different parameters in fwbuilder, compiler uses the first and
issues warning for others.
2009-09-18 vadim <vadim@vk.crocodile.org>

4
src/compiler_lib/interfacePropertiesObjectFactory.cpp
View File

@ -33,9 +33,9 @@ using namespace std;
interfaceProperties* interfacePropertiesObjectFactory::getInterfacePropertiesObject(
const std::string &host_os)
const std::string &os_family)
{
if (host_os == "linux24") return new linux24Interfaces();
if (os_family == "linux24") return new linux24Interfaces();
// by default return object of the base class. It performs some
// reasonable default actions.
return new interfaceProperties();

8
src/gui/DiscoveryDruid.cpp
View File

@ -2285,10 +2285,16 @@ void DiscoveryDruid::createRealObjects()
}
}
Resources* os_res = Resources::os_res[o->getStr("host_OS")];
string os_family = o->getStr("host_OS");
if (os_res!=NULL)
os_family = os_res->getResourceStr(
"/FWBuilderResources/Target/family");
list<InterfaceData*> interface_tree;
std::auto_ptr<interfaceProperties> int_prop(
interfacePropertiesObjectFactory::getInterfacePropertiesObject(
o->getStr("host_OS")));
os_family));
int_prop->rearrangeInterfaces(od.interfaces, interface_tree);
if (interface_tree.size() != od.interfaces.size())

11
src/gui/InterfaceDialog.cpp
View File

@ -357,9 +357,15 @@ void InterfaceDialog::validate(bool *res)
}
FWObject *f = Interface::cast(obj)->getParentHost();
Resources* os_res = Resources::os_res[f->getStr("host_OS")];
string os_family = f->getStr("host_OS");
if (os_res!=NULL)
os_family = os_res->getResourceStr("/FWBuilderResources/Target/family");
interfaceProperties *int_prop =
interfacePropertiesObjectFactory::getInterfacePropertiesObject(
f->getStr("host_OS"));
os_family);
if (int_prop->looksLikeVlanInterface(obj_name))
{
QString parent_name = obj->getParent()->getName().c_str();
@ -462,7 +468,7 @@ void InterfaceDialog::discardChanges()
void InterfaceDialog::openIfaceDialog()
{
// TODO: applyChanges() call enabled results in problems with FWBTree ...
//applyChanges();
applyChanges();
try
{
@ -478,7 +484,6 @@ void InterfaceDialog::openIfaceDialog()
// update object tree (if interface type has changed, the object properties
// summary text may have to change too)
mw->activeProject()->updateObjectInTree(obj, true);
// mw->updateLastModifiedTimestampForAllFirewalls(obj);
emit notify_changes_applied_sign();
}
}

38
src/gui/ObjectManipulator.cpp
View File

@ -764,9 +764,15 @@ void ObjectManipulator::autorenameVlans(list<FWObject*> &obj_list)
while (fw && Firewall::cast(fw)==NULL) fw = fw->getParent();
assert(fw);
QString obj_name = obj->getName().c_str();
Resources* os_res = Resources::os_res[fw->getStr("host_OS")];
string os_family = fw->getStr("host_OS");
if (os_res!=NULL)
os_family = os_res->getResourceStr("/FWBuilderResources/Target/family");
std::auto_ptr<interfaceProperties> int_prop(
interfacePropertiesObjectFactory::getInterfacePropertiesObject(
fw->getStr("host_OS")));
os_family));
if (int_prop->looksLikeVlanInterface(obj_name))
{
// even though we only call this function if the type of
@ -1088,9 +1094,14 @@ void ObjectManipulator::makeNameUnique(FWObject *target, FWObject *obj)
FWObject *fw = target;
while (fw && !Firewall::isA(fw)) fw = fw->getParent();
Resources* os_res = Resources::os_res[fw->getStr("host_OS")];
string os_family = fw->getStr("host_OS");
if (os_res!=NULL)
os_family = os_res->getResourceStr("/FWBuilderResources/Target/family");
std::auto_ptr<interfaceProperties> int_prop(
interfacePropertiesObjectFactory::getInterfacePropertiesObject(
fw->getStr("host_OS")));
os_family));
if (int_prop->looksLikeVlanInterface(obj_name)) return;
}
QString newname = makeNameUnique(target,
@ -2066,9 +2077,14 @@ bool ObjectManipulator::validateForPaste(FWObject *target, FWObject *obj,
if (Interface::isA(obj))
{
// check if obj is vlan interface
Resources* os_res = Resources::os_res[fw->getStr("host_OS")];
string os_family = fw->getStr("host_OS");
if (os_res!=NULL)
os_family = os_res->getResourceStr("/FWBuilderResources/Target/family");
std::auto_ptr<interfaceProperties> int_prop(
interfacePropertiesObjectFactory::getInterfacePropertiesObject(
fw->getStr("host_OS")));
os_family));
QString obj_name = obj->getName().c_str();
if (int_prop->looksLikeVlanInterface(obj_name))
{
@ -2102,9 +2118,15 @@ bool ObjectManipulator::validateForPaste(FWObject *target, FWObject *obj,
}
// check vlan conditions as well
FWObject *f = intf->getParentHost();
Resources* os_res = Resources::os_res[f->getStr("host_OS")];
string os_family = f->getStr("host_OS");
if (os_res!=NULL)
os_family = os_res->getResourceStr("/FWBuilderResources/Target/family");
std::auto_ptr<interfaceProperties> int_prop(
interfacePropertiesObjectFactory::getInterfacePropertiesObject(
f->getStr("host_OS")));
os_family));
QString obj_name = obj->getName().c_str();
if (int_prop->looksLikeVlanInterface(obj_name))
{
@ -4039,9 +4061,15 @@ void ObjectManipulator::guessSubInterfaceTypeAndAttributes(Interface *intf)
if (parent_intf == NULL) return;
FWObject *f = intf->getParentHost();
Resources* os_res = Resources::os_res[f->getStr("host_OS")];
string os_family = f->getStr("host_OS");
if (os_res!=NULL)
os_family = os_res->getResourceStr("/FWBuilderResources/Target/family");
interfaceProperties *int_prop =
interfacePropertiesObjectFactory::getInterfacePropertiesObject(
f->getStr("host_OS"));
os_family);
QString err;
if (int_prop->looksLikeVlanInterface(intf->getName().c_str()) &&
int_prop->isValidVlanInterfaceName(intf->getName().c_str(),

22
src/gui/ProjectPanel_events.cpp
View File

@ -77,27 +77,21 @@ bool ProjectPanel::event(QEvent *event)
// This should enable "Save" action since something has changed
mw->prepareFileMenu();
if (RuleElement::cast(obj) || Rule::cast(obj) || RuleSet::cast(obj))
FWObject *p = obj;
while (p && Firewall::cast(p)==NULL) p = p->getParent();
Firewall *f = Firewall::cast(p);
if (f)
{
FWObject *p = obj;
while (p && Firewall::cast(p)==NULL) p = p->getParent();
Firewall *f = Firewall::cast(p);
if (f)
{
f->updateLastModifiedTimestamp();
QCoreApplication::postEvent(
this, new updateObjectInTreeEvent(data_file,
f->getId()));
}
f->updateLastModifiedTimestamp();
QCoreApplication::postEvent(
this, new updateObjectInRulesetEvent(data_file,
obj->getId()));
this, new updateObjectInTreeEvent(data_file,
f->getId()));
} else
{
QCoreApplication::postEvent(
this, new updateObjectInTreeEvent(data_file, obj->getId()));
updateLastModifiedTimestampForAllFirewalls(obj);
}
updateLastModifiedTimestampForAllFirewalls(obj);
ev->accept();
return true;

7
src/gui/platforms.cpp
View File

@ -528,9 +528,14 @@ void setInterfaceTypes(QComboBox *iface_type,
QString host_os = p->getStr("host_OS").c_str();
QString obj_name = iface->getName().c_str();
Resources* os_res = Resources::os_res[p->getStr("host_OS")];
string os_family = p->getStr("host_OS");
if (os_res!=NULL)
os_family = os_res->getResourceStr("/FWBuilderResources/Target/family");
std::auto_ptr<interfaceProperties> int_prop(
interfacePropertiesObjectFactory::getInterfacePropertiesObject(
host_os.toStdString()));
os_family));
if (int_prop->looksLikeVlanInterface(obj_name))
{
QString parent_name = iface->getParent()->getName().c_str();

2
src/iptlib/CompilerDriver_ipt_run.cpp
View File

@ -181,7 +181,7 @@ string CompilerDriver_ipt::run(const std::string &cluster_id,
new OSConfigurator_ipcop(objdb , fw, false));
}
if (os_family == "linux24" || os_family == "sveasoft")
if (os_family == "linux24")
oscnf = std::auto_ptr<OSConfigurator_linux24>(
new OSConfigurator_linux24(objdb , fw, false));

14
src/res/configlets/linux24/update_bonding
View File

@ -159,11 +159,13 @@ clear_bonding_except_known() {
}
(!($1 in ignored_dict)) {print $1;}' | \
while read bond_intf; do
echo "Removing slaves and bringing unconfigured bonding interface $bond_intf down"
PROD_BOND_IFACE="${PROC_DIR}/$bond_intf"
slaves=$(cat $PROD_BOND_IFACE | awk '/[sS]lave [iI]nterface:/ { printf "%s ",$NF;}')
$FWBDEBUG $IFCONFIG $bond_intf up
$FWBDEBUG $IFENSLAVE -d $bond_intf $slaves
$FWBDEBUG $IFCONFIG $bond_intf down
PROD_BOND_IFACE="${PROC_DIR}/$bond_intf"
slaves=$(cat $PROD_BOND_IFACE | awk '/[sS]lave [iI]nterface:/ { printf "%s ",$NF;}')
test -n "$slaves" && {
echo "Removing slaves and bringing unconfigured bonding interface $bond_intf down"
$FWBDEBUG $IFCONFIG $bond_intf up
$FWBDEBUG $IFENSLAVE -d $bond_intf $slaves
$FWBDEBUG $IFCONFIG $bond_intf down
}
done
}

2
src/res/os/linksys.xml
View File

@ -3,7 +3,7 @@
<Target name="linksys">
<description>Linksys/Sveasoft</description>
<status>active</status>
<family>sveasoft</family>
<family>linux24</family>
<dialog>linksys</dialog>
<options>