onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2026-05-01 14:47:27 +02:00
Code Issues Releases Wiki Activity

see #2639 "support for vlan subinterfaces of bridge interfaces (e.g.

Browse Source 
br0.5)". Currently fwbuilder can not generate script to configure vlan
subinterfaces of bridge interfaces, however if user did not request
this configuration script to be generated, compiler should not abort
when it encounters this combination.
This commit is contained in:
Vadim Kurland 2011-08-11 16:35:50 -07:00
parent 1da73349d5
commit de1e3698a7
3 changed files with 116 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
doc/ChangeLog
View File

@ -1,5 +1,12 @@
2011-08-11 Vadim Kurland <vadim@netcitadel.com>
* OSConfigurator_linux24_interfaces.cpp (validateInterfaces):
see #2639 "support for vlan subinterfaces of bridge interfaces
(e.g. br0.5)". Currently fwbuilder can not generate script to
configure vlan subinterfaces of bridge interfaces, however if user
did not request this configuration script to be generated,
compiler should not abort when it encounters this combination.
* InterfaceEditorWidget.cpp (validateAddress): fixes #2641
"newFirewall dialog does not accept ipv6 addresses with long
prefixes". The dialog did not allow ipv6 addresses of inetrfaces

194
src/iptlib/OSConfigurator_linux24_interfaces.cpp
View File

@ -530,106 +530,126 @@ string OSConfigurator_linux24::printDynamicAddressesConfigurationCommands()
bool OSConfigurator_linux24::validateInterfaces()
{
/*
* Per #315:
*
* The test should scan all subinterfaces of each interface and
* try to find inetrfaces wth the same name, then check the
* type. So, for the combination br0/br1, the type of br1
* is (probably) "bridge" which is not allowed.
*/
FWObjectTypedChildIterator i = fw->findByType(Interface::TYPENAME);
for ( ; i!=i.end(); ++i )
FWOptions* options = fw->getOptionsObject();
if ( options->getBool("configure_bridge_interfaces") )
{
Interface *iface = Interface::cast(*i);
assert(iface);
FWObjectTypedChildIterator j = iface->findByType(Interface::TYPENAME);
for ( ; j!=j.end(); ++j )
/*
* Per #315:
*
* The test should scan all subinterfaces of each interface and
* try to find inetrfaces wth the same name, then check the
* type. So, for the combination br0/br1, the type of br1
* is (probably) "bridge" which is not allowed.
*/
FWObjectTypedChildIterator i = fw->findByType(Interface::TYPENAME);
for ( ; i!=i.end(); ++i )
{
Interface *subinterface = Interface::cast(*j);
FWObject::const_iterator it = find_if(
fw->begin(), fw->end(),
FWObjectNameEQPredicate(subinterface->getName()));
if (it != fw->end() && Interface::isA(*it))
Interface *iface = Interface::cast(*i);
assert(iface);
FWObjectTypedChildIterator j = iface->findByType(Interface::TYPENAME);
for ( ; j!=j.end(); ++j )
{
Interface *other_iface = Interface::cast(*it);
// Have top-level interface with the same name
if (other_iface->getOptionsObject()->getStr("type") == "bridge")
Interface *subinterface = Interface::cast(*j);
FWObject::const_iterator it = find_if(
fw->begin(), fw->end(),
FWObjectNameEQPredicate(subinterface->getName()));
if (it != fw->end() && Interface::isA(*it))
{
QString err(
"Subinterface '%1' of interface '%2' has the same name as "
"another bridge interface of the firewall '%3'. "
"The configuration where bridge interface is "
"a subinterface of another interface is not supported.");
abort(
err.arg(subinterface->getName().c_str()).
arg(iface->getName().c_str()).
arg(fw->getName().c_str()).toStdString());
return false;
}
Interface *other_iface = Interface::cast(*it);
// Have top-level interface with the same name
if (other_iface->getOptionsObject()->getStr("type") == "bridge")
{
QString err(
"Subinterface '%1' of interface '%2' has the same name as "
"another bridge interface of the firewall '%3'. "
"The configuration where bridge interface is "
"a subinterface of another interface is not supported.");
abort(
err.arg(subinterface->getName().c_str()).
arg(iface->getName().c_str()).
arg(fw->getName().c_str()).toStdString());
return false;
}
}
}
}
}
/*
* Per #324:
*
* Unsupported configurations:
*
* vlan interfaces under bridge interface (e.g. br0 = [eth1,
* eth2], vlan inetrface br0.100 is not supported)
*
* bridge interface as part of bonding interface (e.g. bond0 =
* [br0, br1]) (This is covered by the case above, including
* unusual interface names)
*
* vlan interface as a slave of bonding interface (e.g. eth0.100,
* eth1.100, bond0 = [eth0.100, eth1.100]). Only regular
* interfaces can be slaves of bonding interface. If subinterface
* type is "slave" but its name matches one of the vlan interface
* regexes, assume this is vlan. Slave subintrfaces do not have to
* be copies, one can have "eth4" only once, as a slave, so here
* we rely on the subinterface type.
*
* Allowed configurations:
*
* vlans can be created under bonding interface (e.g. bond0.100),
* both regular interfaces and vlans can be bridge ports. }
*/
i = fw->findByType(Interface::TYPENAME);
for ( ; i!=i.end(); ++i )
if (options->getBool("configure_vlan_interfaces"))
{
Interface *iface = Interface::cast(*i);
assert(iface);
FWObjectTypedChildIterator j = iface->findByType(Interface::TYPENAME);
for ( ; j!=j.end(); ++j )
{
Interface *subinterface = Interface::cast(*j);
if (subinterface->getOptionsObject()->getStr("type") == "8021q" &&
iface->getOptionsObject()->getStr("type") == "bridge")
{
QString err("Vlan subinterfaces of bridge interfaces are not supported. "
"Interface '%1', subinterface '%2'");
abort(
err.arg(iface->getName().c_str()).
arg(subinterface->getName().c_str()).toStdString());
}
/*
* Per #324:
*
* Unsupported configurations:
*
* vlan interfaces under bridge interface (e.g. br0 = [eth1,
* eth2], vlan inetrface br0.100 is not supported)
*
* bridge interface as part of bonding interface (e.g. bond0 =
* [br0, br1]) (This is covered by the case above, including
* unusual interface names)
*
* vlan interface as a slave of bonding interface (e.g. eth0.100,
* eth1.100, bond0 = [eth0.100, eth1.100]). Only regular
* interfaces can be slaves of bonding interface. If subinterface
* type is "slave" but its name matches one of the vlan interface
* regexes, assume this is vlan. Slave subintrfaces do not have to
* be copies, one can have "eth4" only once, as a slave, so here
* we rely on the subinterface type.
*
* Allowed configurations:
*
* vlans can be created under bonding interface (e.g. bond0.100),
* both regular interfaces and vlans can be bridge ports. }
*/
if (subinterface->getOptionsObject()->getStr("type") != "8021q" &&
iface->getOptionsObject()->getStr("type") == "bonding")
FWObjectTypedChildIterator i = fw->findByType(Interface::TYPENAME);
for ( ; i!=i.end(); ++i )
{
Interface *iface = Interface::cast(*i);
assert(iface);
FWObjectTypedChildIterator j = iface->findByType(Interface::TYPENAME);
for ( ; j!=j.end(); ++j )
{
QString subint_name = subinterface->getName().c_str();
QRegExp vlan1("[a-zA-Z-]+\\d{1,}\\.\\d{1,}");
QRegExp vlan2("vlan\\d{1,}");
if (vlan1.indexIn(subint_name) != -1 || vlan1.indexIn(subint_name) != -1)
Interface *subinterface = Interface::cast(*j);
if ( options->getBool("configure_bridge_interfaces") )
{
QString err("Vlan subinterfaces as slaves of bonding interfaces are not supported. "
"Interface '%1', subinterface '%2'");
abort(
err.arg(iface->getName().c_str()).
arg(subinterface->getName().c_str()).toStdString());
if (subinterface->getOptionsObject()->getStr("type") == "8021q" &&
iface->getOptionsObject()->getStr("type") == "bridge")
{
QString err(
"Vlan subinterfaces of bridge interfaces "
"are not supported. "
"Interface '%1', subinterface '%2'");
abort(
err.arg(iface->getName().c_str()).
arg(subinterface->getName().c_str()).toStdString());
}
}
if ( options->getBool("configure_bonding_interfaces"))
{
if (subinterface->getOptionsObject()->getStr("type") != "8021q" &&
iface->getOptionsObject()->getStr("type") == "bonding")
{
QString subint_name = subinterface->getName().c_str();
QRegExp vlan1("[a-zA-Z-]+\\d{1,}\\.\\d{1,}");
QRegExp vlan2("vlan\\d{1,}");
if (vlan1.indexIn(subint_name) != -1 ||
vlan1.indexIn(subint_name) != -1)
{
QString err(
"Vlan subinterfaces as slaves of bonding interfaces "
"are not supported. "
"Interface '%1', subinterface '%2'");
abort(
err.arg(iface->getName().c_str()).
arg(subinterface->getName().c_str()).toStdString());
}
}
}
}
}
}

4
test/ipt/rc.firewall.local
View File

@ -2,9 +2,9 @@
#
# This is automatically generated file. DO NOT MODIFY !
#
# Firewall Builder fwb_ipt v5.0.0.3557
# Firewall Builder fwb_ipt v5.0.1.3574
#
# Generated Wed Jul 6 17:48:03 2011 PDT by vadim
# Generated Thu Aug 11 16:28:50 2011 PDT by vadim
#
# files: * rc.firewall.local /etc/rc.d//rc.firewall.local
#