onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-03-24 20:27:22 +01:00
Code Issues Releases Wiki Activity

fixed #1856 "Pemit - in Linux interface names". OpenWRT uses

Browse Source 
name "ppp-dsl" for PPPoE interfaces. In addition to that, Linux
      bridge interfaces may have names with a "-" such as
      "br-lan". We will now permit a "-" in Linux interface names.
This commit is contained in:
Vadim Kurland 2010-12-02 10:21:27 -08:00
parent 9085201840
commit d9641e730f
7 changed files with 190 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/compiler_lib/linux24Interfaces.cpp
View File

@ -57,29 +57,20 @@ bool linux24Interfaces::parseVlan(const QString &name, QString *base_name, int *
}
/*
* Bridge interfaces on Linux can have "-" in the name
* per #1856, OpenWRT uses "-" in ppp interface names, such as
* "ppp-dsl". Also bridge interfaces can have "-" in their names. It
* seems we should just allow "-" in names instead of cherry-picking
*/
bool linux24Interfaces::basicValidateInterfaceName(Interface *intf,
const QString &obj_name,
QString &err)
{
string interface_type = intf->getOptionsObject()->getStr("type");
if (interface_type == "bridge")
if (obj_name.indexOf(' ') != -1)
{
if (obj_name.indexOf(' ') != -1)
{
err = QObject::tr("Bridge interface name '%1' can not contain white space").arg(obj_name);
return false;
}
return true;
}
if (obj_name.indexOf(' ') != -1 || obj_name.indexOf('-') != -1)
{
err = QObject::tr("Interface name '%1' can not contain white space and \"-\"").arg(obj_name);
err = QObject::tr("Bridge interface name '%1' can not contain white space").arg(obj_name);
return false;
}
return true;
return true;
}

11
src/iptlib/NATCompiler_ipt.cpp
View File

@ -112,12 +112,23 @@ const std::list<std::string>& NATCompiler_ipt::getStandardChains()
string NATCompiler_ipt::myPlatformName() { return "iptables"; }
/*
* this function generates acceptable shell variable name from
* interface name. Note that
* OSConfigurator_linux24::getInterfaceVarName() and
* PolicyCompiler_ipt::getInterfaceVarName() do the same thing and
* these functions should be identical.
*
* TODO: really need to have one function for this instead of three in
* three different classes.
*/
string NATCompiler_ipt::getInterfaceVarName(FWObject *iface, bool v6)
{
ostringstream ostr;
string iname=iface->getName();
string::size_type p1;
while ( (p1=iname.find("."))!=string::npos) iname=iname.replace(p1,1,"_");
while ( (p1=iname.find("-"))!=string::npos) iname=iname.replace(p1,1,"_");
ostr << "i_" << iname;
if (v6) ostr << "_v6";
return ostr.str();

103
src/iptlib/OSConfigurator_linux24.cpp
View File

@ -88,6 +88,15 @@ OSConfigurator_linux24::~OSConfigurator_linux24()
delete command_wrappers;
}
/*
* this function generates acceptable shell variable name from
* interface name. Note that PolicyCompiler_ipt::getInterfaceVarName()
* and NATCompiler_ipt::getInterfaceVarName do the same thing and
* these functions should be identical.
*
* TODO: really need to have one function for this instead of three in
* three different classes.
*/
string OSConfigurator_linux24::getInterfaceVarName(FWObject *iface, bool v6)
{
ostringstream ostr;
@ -95,6 +104,8 @@ string OSConfigurator_linux24::getInterfaceVarName(FWObject *iface, bool v6)
string::size_type p1;
while ( (p1=iname.find("."))!=string::npos)
iname=iname.replace(p1,1,"_");
while ( (p1=iname.find("-"))!=string::npos)
iname=iname.replace(p1,1,"_");
ostr << "i_" << iname;
if (v6) ostr << "_v6";
return ostr.str();
@ -581,98 +592,6 @@ string OSConfigurator_linux24::printRunTimeWrappers(FWObject *rule,
command_wrappers->setVariable("command", combined_command);
return command_wrappers->expand().toStdString() + "\n";
#if V30_IMPLEMENTATION
string command_line = command;
ostringstream ext_command_line;
int nlines = 0;
string::size_type p1 = 0;
string::size_type p2, p3;
p1=command_line.find("$at_");
if ( p1!=string::npos )
{
p2=command_line.find(" ",p1);
string at_var= command_line.substr(p1+1,p2-p1-1); // skip '$'
string atfile = rule->getStr("address_table_file");
ext_command_line << "grep -Ev '^#|^;|^\\s*$' " << atfile << " | ";
ext_command_line << "while read L ; do" << endl;
ext_command_line << " set $L; " << at_var << "=$1; ";
ext_command_line << command_line;
ext_command_line << "done" << endl;
command_line = ext_command_line.str();
}
p1 = 0;
while (1)
{
p1=command_line.find_first_of("\n\r",p1);
if (p1==string::npos) break;
nlines++;
p1=command_line.find_first_not_of("\n\r",p1);
if (p1==string::npos) break;
}
string getaddr_function_name = "getaddr";
if (ipv6) getaddr_function_name = "getaddr6";
ostringstream res;
bool wildcard_interfaces = false;
p1=0;
while ((p1=command_line.find("$i_", p1))!=string::npos)
{
string iface_name;
string iface_var;
p2=command_line.find(" ",p1);
p3=command_line.find("_",p1) +1;
iface_name=command_line.substr(p3,p2-p3);
iface_var= command_line.substr(p1,p2-p1);
/* if interface name ends with '*', this is a wildcard interface. */
string::size_type p4;
if ((p4=iface_name.find("*"))!=string::npos)
{
wildcard_interfaces = true;
string cmdline=command_line;
string iface_family_name=iface_name.substr(0,p4);
res << "getinterfaces " << iface_family_name << " | while read I; do" << endl;
res << " ivar=`getInterfaceVarName $I`" << endl;
res << " " << getaddr_function_name << " $I $ivar" << endl;
res << " cmd=\"$\"$ivar" << endl;
res << " eval \"addr=$cmd\"" << endl;
cmdline.replace(p1,p2-p1,"$addr");
res << " test -n \"$addr\" && ";
if (nlines>1) res << "{" << endl;
res << cmdline;
if (nlines>1) res << "}" << endl;
res << "done" << endl;
} else
{
// bug #1851166: there could be two dynamic interfaces in
// the same rule. Just print "test" command here and continue
// in the "while" loop. We'll print actual commands when the loop
// ends.
res << "test -n \"" << iface_var << "\" && ";
}
p1++; // p1 points at the previous "$i_" fragment
}
// for wildcard interfaces we only support one such interface
// per rule and we have already printed the actual command above.
if (!wildcard_interfaces)
{
if (nlines>1) res << "{" << endl;
res << command_line;
if (nlines>1) res << "}" << endl;
}
return res.str();
#endif
}
string OSConfigurator_linux24::printIPForwardingCommands()

10
src/iptlib/PolicyCompiler_ipt.cpp
View File

@ -189,6 +189,14 @@ bool PolicyCompiler_ipt::isChainDescendantOfInput(const string &chain_name)
return false;
}
/*
* this function generates acceptable shell variable name from
* interface name. Note that OSConfigurator_linux24::getInterfaceVarName()
* does the same and these two functions should be identical.
*
* TODO: really need to have one function for this instead of two in
* two different classes.
*/
string PolicyCompiler_ipt::getInterfaceVarName(FWObject *iface, bool v6)
{
ostringstream ostr;
@ -196,6 +204,8 @@ string PolicyCompiler_ipt::getInterfaceVarName(FWObject *iface, bool v6)
string::size_type p1;
while ( (p1=iname.find("."))!=string::npos)
iname=iname.replace(p1,1,"_");
while ( (p1=iname.find("-"))!=string::npos)
iname=iname.replace(p1,1,"_");
ostr << "i_" << iname;
if (v6) ostr << "_v6";
return ostr.str();

33
src/res/help/en_US/release_notes_4.1.3.html
View File

@ -92,35 +92,10 @@
</p>
</li>
<li>
<p>
</p>
</li>
<li>
<p>
</p>
</li>
<li>
<p>
</p>
</li>
<li>
<p>
</p>
</li>
<li>
<p>
</p>
</li>
</ul>
<a name="libfwbuilder"></a>
<h2>Changes and improvements in the API library libfwbuilder</h2>
@ -140,6 +115,7 @@
</ul>
<a name="std_lib"></a>
<h2>Changes and improvements in the library of standard objects</h2>
@ -156,6 +132,7 @@
</ul>
<a name="iptables"></a>
<h2>Changes in support for iptables</h2>
@ -247,6 +224,10 @@
<li>
<p>
fixed #1856 "Pemit '-' in Linux interface names". OpenWRT uses
name "ppp-dsl" for PPPoE interfaces. In addition to that, Linux
bridge interfaces may have names with a "-" such as
"br-lan". We will now permit a "-" in Linux interface names.
</p>
</li>

13
src/unit_tests/compilerLibTest/interfacePropertiesTest.cpp
View File

@ -103,6 +103,9 @@ void interfacePropertiesTest::validateInterfaceNameCommon()
CPPUNIT_ASSERT(int_prop->basicValidateInterfaceName(
iface, "foo 0", err) == false);
CPPUNIT_ASSERT(int_prop->basicValidateInterfaceName(
iface, "foo-1", err) == false);
CPPUNIT_ASSERT(int_prop->basicValidateInterfaceName(
iface, "foo 12345", err) == false);
@ -148,6 +151,13 @@ void interfacePropertiesTest::validateInterfaceNameLinux()
CPPUNIT_ASSERT(int_prop->basicValidateInterfaceName(
iface, "bar0", err) == true);
// we do not have special type for p2p interfaces yet
// Linux permits "-" in interface names (see #1856)
CPPUNIT_ASSERT(int_prop->basicValidateInterfaceName(
iface, "ppp-dsl", err) == true);
iface->getOptionsObject()->setStr("type", "8021q");
CPPUNIT_ASSERT(int_prop->basicValidateInterfaceName(
iface, "vlan100", err) == true);
@ -172,10 +182,11 @@ void interfacePropertiesTest::validateInterfaceNameLinux()
CPPUNIT_ASSERT(int_prop->basicValidateInterfaceName(
iface, "Br0", err) == true);
// Linux permits "-" in bridge interface names
// Linux permits "-" in interface names (see #1856)
CPPUNIT_ASSERT(int_prop->basicValidateInterfaceName(
iface, "br-lan", err) == true);
// spaces are not permitted
CPPUNIT_ASSERT(int_prop->basicValidateInterfaceName(
iface, "br 200", err) == false);

134
test/ipt/objects-for-regression-tests.fwb
View File

@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1282244747" id="root">
<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1291313384" id="root">
<Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
<AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
<AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -3522,6 +3522,7 @@
<Policy id="id54807X99373" name="mangle_ruleset" comment="Pure mangle rule set. Checking that there will be only one COMMIT" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
<RuleSetOptions/>
</Policy>
<IPv4 id="id58766X17179" name="firewall93:eth0:ip-1" comment="" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
</Library>
<Library id="syslib001" color="#d2ffd0" name="User" comment="User defined objects" ro="False">
<ObjectGroup id="stdid01_1_clusters" name="Clusters" comment="" ro="False"/>
@ -55580,6 +55581,137 @@ echo '%FWBPROMPT%'; sh /tmp/%FWSCRIPT%
<Option name="verify_interfaces">True</Option>
</FirewallOptions>
</Firewall>
<Firewall id="id58536X16164" host_OS="linux24" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1291313406" platform="iptables" version="" name="firewall93" comment="testing shell code generated for dynamic interface with &quot;-&quot; in the name" ro="False">
<NAT id="id58540X16164" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</NAT>
<Policy id="id58538X16164" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<PolicyRule id="id58669X16164" disabled="False" log="False" position="0" action="Accept" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="id58536X16164"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id58546X16164"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id58554X16164" disabled="False" log="False" position="1" action="Accept" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="id58536X16164"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id58547X16164"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions/>
</Policy>
<Policy id="id58636X17179" name="Policy_v6" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="True" top_rule_set="False">
<PolicyRule id="id58697X17179" disabled="False" log="False" position="0" action="Accept" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="id58536X16164"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id58547X16164"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<PolicyRule id="id58743X17179" disabled="False" group="" log="False" position="1" action="Accept" direction="Inbound" comment="">
<Src neg="False">
<ObjectRef ref="id58536X16164"/>
</Src>
<Dst neg="False">
<ObjectRef ref="sysid0"/>
</Dst>
<Srv neg="False">
<ServiceRef ref="sysid1"/>
</Srv>
<Itf neg="False">
<ObjectRef ref="id58546X16164"/>
</Itf>
<When neg="False">
<IntervalRef ref="sysid2"/>
</When>
<PolicyRuleOptions>
<Option name="stateless">False</Option>
</PolicyRuleOptions>
</PolicyRule>
<RuleSetOptions>
<Option name="mangle_only_rule_set">False</Option>
</RuleSetOptions>
</Policy>
<Routing id="id58542X16164" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
<RuleSetOptions/>
</Routing>
<Interface id="id58544X16164" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
<IPv4 id="id58545X16164" name="firewall93:eth0:ip" comment="" ro="False" address="192.0.2.1" netmask="255.255.255.0"/>
<IPv6 id="id58771X17179" name="firewall93:eth0:ipv6" comment="" ro="False" address="fe80::20c:29ff:fe28:c078" netmask="64"/>
<InterfaceOptions/>
</Interface>
<Interface id="id58546X16164" dedicated_failover="False" dyn="True" label="" security_level="0" unnum="False" unprotected="False" name="ppp0" comment="" ro="False">
<InterfaceOptions/>
</Interface>
<Interface id="id58547X16164" dedicated_failover="False" dyn="True" label="" security_level="0" unnum="False" unprotected="False" name="ppp-dsl" comment="" ro="False">
<InterfaceOptions/>
</Interface>
<Management address="0.0.0.0">
<SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
<FWBDManagement enabled="False" identity="" port="-1"/>
<PolicyInstallScript arguments="" command="" enabled="False"/>
</Management>
<FirewallOptions>
<Option name="accept_established">true</Option>
<Option name="accept_new_tcp_with_no_syn">true</Option>
<Option name="check_shading">true</Option>
<Option name="configure_interfaces">true</Option>
<Option name="firewall_is_part_of_any_and_networks">true</Option>
<Option name="flush_and_set_default_policy">True</Option>
<Option name="limit_value">0</Option>
<Option name="linux24_ip_forward">1</Option>
<Option name="load_modules">true</Option>
<Option name="local_nat">false</Option>
<Option name="log_level">info</Option>
<Option name="log_prefix">RULE %N -- %A </Option>
<Option name="loopback_interface">lo</Option>
<Option name="manage_virtual_addr">true</Option>
<Option name="modules_dir">/lib/modules/`uname -r`/kernel/net/</Option>
<Option name="ulog_nlgroup">1</Option>
<Option name="verify_interfaces">true</Option>
</FirewallOptions>
</Firewall>
</ObjectGroup>
<IntervalGroup id="stdid11_1" name="Time" comment="" ro="False">
<Interval id="id3D6864D0" days_of_week="0,1" from_day="-1" from_hour="1" from_minute="1" from_month="-1" from_weekday="0" from_year="-1" to_day="-1" to_hour="2" to_minute="2" to_month="-1" to_weekday="1" to_year="-1" name="test time 1" comment="" ro="False"/>