From patchwork Fri Nov 3 16:12:09 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pierre Lebleu X-Patchwork-Id: 833973 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.infradead.org (client-ip=65.50.211.133; helo=bombadil.infradead.org; envelope-from=lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="P2odNBiM"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="X+BL83z/"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [65.50.211.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3yT6Rt3cfQz9sPk for ; Sat, 4 Nov 2017 03:12:41 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=o7qnA3IXP5vQHxfFrVBtP4wWKRGKZGvEPGOp1PJVgos=; b=P2odNBiMEQvnYY K5v531RsgMz5qPgdR1ntWjeXYANBGlXCvPwiv0We0VgIVJ641/mDEpRx6e2Dfb2jFoO4qdOZXjt4N pgyylGvqfZaBbWMB9jmjCjUwHqBQg49jpfO0I5J6+Eypz1uj2dmDUDgzj17BCr6iQgNrcWTmeV0IR XUKXB/cVrbiPeVYmc6xqvtxWT/amOwd7W8TCBMV44guFgkhjcSQiq6CnPSv47Qu+FBKjbUrF1L3yi /pn13nOe8C4UVEKKTllAkBPC5DdFWsH7HV9EGJEOWKTcMAwBVtL2wZGd8De5CEP8qROT/KJ/t5XQu N9zMx4R8FtzV/kAKZDuQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.87 #1 (Red Hat Linux)) id 1eAeaD-00050N-Gw; Fri, 03 Nov 2017 16:12:37 +0000 Received: from mail-wr0-x242.google.com ([2a00:1450:400c:c0c::242]) by bombadil.infradead.org with esmtps (Exim 4.87 #1 (Red Hat Linux)) id 1eAeaA-0004yR-Qg for lede-dev@lists.infradead.org; Fri, 03 Nov 2017 16:12:36 +0000 Received: by mail-wr0-x242.google.com with SMTP id u40so2930446wrf.10 for ; Fri, 03 Nov 2017 09:12:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=lHwEI6+kalF/hfNEQTBJsNZHGPugYZAuk0UQtPUfwOI=; b=X+BL83z/IKjcLYgxmEr+2OoU2MR70SPEiQPgqvm8n/2nK7UnCoxyRU4Kd+0TOjKM1L NvdneqIapKnlr1qJ3la348Wp46FTf8/mTs+F7bIEG3v1emh/BbFOZmfArX0wsDvcTKfN A6tr8IyidC0Q6lVpB9pqFg5va9zWD3Td7ALjvh1QBuvhvOFU7PkGOjJVBSANPOkrG2hW qx2/OKxU3rYzWgRcXs9izudPqOkeTCVAGvK7N8kBwbeTeYRvz8uqsc7GMezEcJI5SK3S KJU1CcTnploi0rhOln4dKRV598SIMYDJdI6o+ySC4ohs3X3IcyVMAwngH0Z9CSywEIGf c1uA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=lHwEI6+kalF/hfNEQTBJsNZHGPugYZAuk0UQtPUfwOI=; b=L6svj7a8UC2Xp0QeLxjnFOoHzsWV5Xqw84/++51OSC947cjN7YW8M2ofrxp9mo/jNc 8eZkkzv80sT4HradRJnne2L6yWozB0aZktELhlZSfpWYM4cwW9vM7z5Xkhi/eEO1/Miq tQvQk2jbhf8AIVTedZSJDyFPL1DUnd5IMz0MAC/dE0a4KQmTgZKFo6SxJ9o0i4j7653z FgapqF/c2PXYnMqCL0+dctLcOf0JeftuiH4WBK3b6u/i/+8CH+5j3puxp+gDVA8Q+/tg G1TvT3n6xjWUbTA9Wp6wdHw6HwI4DTfSfhXOZUKXpbR1HndOOSONylEm2h764VuY/iB0 GBWQ== X-Gm-Message-State: AMCzsaXUjaODLgJ0J0PPiY7XEOiq4zP/GRciU7KjL2aBrLdShkPafpKG yXd1yapNyNkL4As4PJzdxmwA6Dcn X-Google-Smtp-Source: ABhQp+SmmpnenvQTInjsq3ZWYr+9Vcd4Tk1nhoC6K1ay1LB0UHb+ui0KrrsdMgYdf+N7r0ns6M2jjg== X-Received: by 10.223.187.143 with SMTP id q15mr6010355wrg.184.1509725532368; Fri, 03 Nov 2017 09:12:12 -0700 (PDT) Received: from cplx1045.edegem.eu.thmulti.com (14.125.146.82.ipv4.evonet.be. [82.146.125.14]) by smtp.gmail.com with ESMTPSA id c67sm2011469wmd.25.2017.11.03.09.12.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 03 Nov 2017 09:12:11 -0700 (PDT) From: Pierre Lebleu To: lede-dev@lists.infradead.org, John Crispin , Jo-Philipp Wich Date: Fri, 3 Nov 2017 17:12:09 +0100 Message-Id: <1509725529-11167-1-git-send-email-pme.lebleu@gmail.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1508947373-7132-1-git-send-email-pme.lebleu@gmail.com> References: <1508947373-7132-1-git-send-email-pme.lebleu@gmail.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20171103_091235_018471_4ED8AD84 X-CRM114-Status: GOOD ( 11.27 ) X-Spam-Score: -2.0 (--) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-2.0 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [2a00:1450:400c:c0c:0:0:0:242 listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (pme.lebleu[at]gmail.com) -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain Subject: [LEDE-DEV] [PATCH v2] firewall3: ubus: parse the firewall data within the service itself X-BeenThere: lede-dev@lists.infradead.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Pierre Lebleu MIME-Version: 1.0 Sender: "Lede-dev" Errors-To: lede-dev-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org It gives the ability to create firewall rules within the service itself and independently of the instances. Changes since v1: - align coding style - if no instance is given (within the service), do not write it Signed-off-by: Pierre Lebleu --- ubus.c | 99 +++++++++++++++++++++++++++++++++++++----------------------------- 1 file changed, 56 insertions(+), 43 deletions(-) diff --git a/ubus.c b/ubus.c index bcbe1e8..5bb4f5d 100644 --- a/ubus.c +++ b/ubus.c @@ -240,14 +240,47 @@ fw3_ubus_zone_devices(struct fw3_zone *zone) } } +static void fw3_ubus_rules_add(struct blob_buf *b, const char *service, + const char *instance, const char *device, + const struct blob_attr *rule, unsigned n) +{ + void *k = blobmsg_open_table(b, ""); + struct blob_attr *ropt; + unsigned orem; + char *type = NULL; + char comment[256]; + + blobmsg_for_each_attr(ropt, rule, orem) { + if (!strcmp(blobmsg_name(ropt), "type")) + type = blobmsg_data(ropt); + if (device && !strcmp(blobmsg_name(ropt), "device")) + device = blobmsg_get_string(ropt); + else if (strcmp(blobmsg_name(ropt), "name")) + blobmsg_add_blob(b, ropt); + } + + if (instance) + snprintf(comment, sizeof(comment), "ubus:%s[%s] %s %d", + service, instance, type ? type : "rule", n); + else + snprintf(comment, sizeof(comment), "ubus:%s %s %d", + service, type ? type : "rule", n); + + blobmsg_add_string(b, "name", comment); + + if (device) + blobmsg_add_string(b, "device", device); + + blobmsg_close_table(b, k); +} + void fw3_ubus_rules(struct blob_buf *b) { blob_buf_init(b, 0); - struct blob_attr *c, *cur, *dcur, *rule, *ropt; - unsigned n, r, rem, drem, rrem, orem; - char comment[256]; + struct blob_attr *c, *cur, *dcur, *rule; + unsigned n, r, rem, drem, rrem; blobmsg_for_each_attr(c, interfaces, r) { const char *l3_device = NULL; @@ -275,28 +308,9 @@ fw3_ubus_rules(struct blob_buf *b) n = 0; - blobmsg_for_each_attr(rule, dcur, rrem) { - void *k = blobmsg_open_table(b, ""); - char *type = NULL; - - blobmsg_for_each_attr(ropt, rule, orem) { - if (!strcmp(blobmsg_name(ropt), "type")) - type = blobmsg_data(ropt); - if (!strcmp(blobmsg_name(ropt), "device")) - l3_device = blobmsg_get_string(ropt); - else if (strcmp(blobmsg_name(ropt), "name")) - blobmsg_add_blob(b, ropt); - } - - snprintf(comment, sizeof(comment), "ubus:%s[%s] %s %d", - iface_name, iface_proto, - type ? type : "rule", n++); - - blobmsg_add_string(b, "name", comment); - - blobmsg_add_string(b, "device", l3_device); - blobmsg_close_table(b, k); - } + blobmsg_for_each_attr(rule, dcur, rrem) + fw3_ubus_rules_add(b, iface_name, iface_proto, + l3_device, rule, n++); } } @@ -313,31 +327,30 @@ fw3_ubus_rules(struct blob_buf *b) if (!blobmsg_check_attr(cur, true)) continue; + /* fw rules within the service itself */ + if (!strcmp(blobmsg_name(cur), "firewall")) { + n = 0; + + blobmsg_for_each_attr(rule, cur, rrem) + fw3_ubus_rules_add(b, blobmsg_name(c), + NULL, NULL, rule, n++); + + continue; + } + /* type */ blobmsg_for_each_attr(dcur, cur, drem) { if (!blobmsg_check_attr(dcur, true)) continue; - n = 0; - - blobmsg_for_each_attr(rule, dcur, rrem) { - void *k = blobmsg_open_table(b, ""); - char *type = NULL; - - blobmsg_for_each_attr(ropt, rule, orem) { - if (!strcmp(blobmsg_name(ropt), "type")) - type = blobmsg_data(ropt); - if (strcmp(blobmsg_name(ropt), "name")) - blobmsg_add_blob(b, ropt); - } + if (strcmp(blobmsg_name(dcur), "firewall")) + continue; - snprintf(comment, sizeof(comment), "ubus:%s[%s] %s %d", - blobmsg_name(c), blobmsg_name(cur), - type ? type : "rule", n++); + n = 0; - blobmsg_add_string(b, "name", comment); - blobmsg_close_table(b, k); - } + blobmsg_for_each_attr(rule, dcur, rrem) + fw3_ubus_rules_add(b, blobmsg_name(c), + blobmsg_name(cur), NULL, rule, n++); } } }