[LEDE-DEV] [PATCH 6/7] firewall3: add UBUS support for include scripts
Pierre Lebleu
pme.lebleu at gmail.com
Wed May 3 00:28:47 PDT 2017
2017-04-29 3:13 GMT+02:00 Philip Prindeville
<philipp_subx at redfish-solutions.com>:
> Inline…
>
>
>> On Apr 20, 2017, at 10:05 AM, Pierre Lebleu <pme.lebleu at gmail.com> wrote:
>>
>> It gives the ability to include scripts via procd
>> services and netifd interface firewall data.
>>
>> Signed-off-by: Pierre Lebleu <pme.lebleu at gmail.com>
>> ---
>> includes.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++++-----------
>> includes.h | 9 ++++++---
>> main.c | 2 +-
>> 3 files changed, 60 insertions(+), 15 deletions(-)
>>
>> diff --git a/includes.c b/includes.c
>> index 7ca164f..f373c9f 100644
>> --- a/includes.c
>> +++ b/includes.c
>> @@ -31,15 +31,58 @@ const struct fw3_option fw3_include_opts[] = {
>> };
>>
>>
>> +static struct fw3_include *
>> +fw3_alloc_include(struct fw3_state *state)
>> +{
>> + struct fw3_include *include;
>> +
>> + include = calloc(1, sizeof(*include));
>> + if (!include)
>> + return NULL;
>> +
>> + include->enabled = true;
>> +
>> + list_add_tail(&include->list, &state->includes);
>> +
>> + return include;
>> +}
>> +
>> void
>> -fw3_load_includes(struct fw3_state *state, struct uci_package *p)
>> +fw3_load_includes(struct fw3_state *state, struct uci_package *p,
>> + struct blob_attr *a)
>> {
>> struct uci_section *s;
>> struct uci_element *e;
>> - struct fw3_include *include;
>> + struct fw3_include *include, *n;
>> + struct blob_attr *entry, *opt;
>> + unsigned rem, orem;
>>
>> INIT_LIST_HEAD(&state->includes);
>>
>> + blob_for_each_attr(entry, a, rem)
>> + {
>> + const char *type = NULL;
>> + const char *name = "ubus include";
>> + blobmsg_for_each_attr(opt, entry, orem)
>> + if (!strcmp(blobmsg_name(opt), "type"))
>> + type = blobmsg_get_string(opt);
>> + else if (!strcmp(blobmsg_name(opt), "name"))
>> + name = blobmsg_get_string(opt);
>> +
>> + if (!type || (strcmp(type, "script") && strcmp(type, "restore")))
>> + continue;
>> +
>> + if (!(include = fw3_alloc_include(state)))
>
>
> Same issue: assignments in conditionals are hard to step through with a source-level debugger.
Fixed as suggested.
>
>
>> + continue;
>> +
>> + if (!fw3_parse_blob_options(include, fw3_include_opts, entry, name))
>> + {
>> + warn("%s skipped due to invalid options\n", name);
>
>
> Don’t most warnings NOT terminate with a newline? Why is this one different?
It was a copy/paste from "rules.c" and indeed, it is a mistake.
>
>
>> + fw3_free_include(include);
>> + continue;
>> + }
>> + }
>> +
>> uci_foreach_element(&p->sections, e)
>> {
>> s = uci_to_section(e);
>> @@ -47,12 +90,10 @@ fw3_load_includes(struct fw3_state *state, struct uci_package *p)
>> if (strcmp(s->type, "include"))
>> continue;
>>
>> - include = calloc(1, sizeof(*include));
>> - if (!include)
>> + if (!(include = fw3_alloc_include(state)))
>> continue;
>>
>> include->name = e->name;
>> - include->enabled = true;
>>
>> if (!fw3_parse_options(include, fw3_include_opts, s))
>> {
>> @@ -60,7 +101,10 @@ fw3_load_includes(struct fw3_state *state, struct uci_package *p)
>> fw3_free_include(include);
>> continue;
>> }
>> + }
>>
>> + list_for_each_entry_safe(include, n, &state->includes, list)
>> + {
>> if (!include->enabled)
>> {
>> fw3_free_include(include);
>> @@ -69,17 +113,15 @@ fw3_load_includes(struct fw3_state *state, struct uci_package *p)
>>
>> if (!include->path)
>> {
>> - warn_elem(e, "must specify a path");
>> + warn("%s must specify a path", include->name);
>> fw3_free_include(include);
>> continue;
>> }
>>
>> if (include->type == FW3_INC_TYPE_RESTORE && !include->family)
>> - warn_elem(e, "does not specify a family, include will get loaded "
>> - "with both iptables-restore and ip6tables-restore!");
>> -
>> - list_add_tail(&include->list, &state->includes);
>> - continue;
>> + warn("%s does not specify a family, include will get loaded "
>> + "with both iptables-restore and ip6tables-restore!",
>> + include->name);
>> }
>> }
>>
>> diff --git a/includes.h b/includes.h
>> index 070cb3a..3a0af1b 100644
>> --- a/includes.h
>> +++ b/includes.h
>> @@ -24,14 +24,17 @@
>>
>> extern const struct fw3_option fw3_include_opts[];
>>
>> -void fw3_load_includes(struct fw3_state *state, struct uci_package *p);
>> +void fw3_load_includes(struct fw3_state *state, struct uci_package *p, struct blob_attr *a);
>>
>> void fw3_print_includes(struct fw3_state *state, enum fw3_family family,
>> bool reload);
>>
>> void fw3_run_includes(struct fw3_state *state, bool reload);
>>
>> -#define fw3_free_include(include) \
>> - fw3_free_object(include, fw3_include_opts)
>> +static inline void fw3_free_include(struct fw3_include *include)
>> +{
>> + list_del(&include->list);
>> + fw3_free_object(include, fw3_include_opts);
>> +}
>>
>> #endif
>> diff --git a/main.c b/main.c
>> index 6e275ef..c4b8228 100644
>> --- a/main.c
>> +++ b/main.c
>> @@ -107,7 +107,7 @@ build_state(bool runtime)
>> fw3_load_redirects(state, p, b.head);
>> fw3_load_snats(state, p, b.head);
>> fw3_load_forwards(state, p, b.head);
>> - fw3_load_includes(state, p);
>> + fw3_load_includes(state, p, b.head);
>>
>> return true;
>> }
>> --
>> 1.7.9.5
>>
>>
>> _______________________________________________
>> Lede-dev mailing list
>> Lede-dev at lists.infradead.org
>> http://lists.infradead.org/mailman/listinfo/lede-dev
>
--
Pierre
More information about the Lede-dev
mailing list