diff options
| author | Jo-Philipp Wich <jow@openwrt.org> | 2013-03-13 14:01:52 +0100 |
|---|---|---|
| committer | Jo-Philipp Wich <jow@openwrt.org> | 2013-03-13 14:15:48 +0100 |
| commit | 62863ea95d3c2c7dd0b56ac0f1dee5a4590ca70c (patch) | |
| tree | 36b5247ec866acd9a49018665a820dc300437a0c | |
| parent | 061fdb168b98f6d4f23bebf5153d51bb3a85611e (diff) | |
| download | firewall3-62863ea95d3c2c7dd0b56ac0f1dee5a4590ca70c.tar.gz | |
Unify fw3_default and fw3_target enums
| -rw-r--r-- | defaults.c | 38 | ||||
| -rw-r--r-- | defaults.h | 2 | ||||
| -rw-r--r-- | forwards.c | 4 | ||||
| -rw-r--r-- | options.c | 6 | ||||
| -rw-r--r-- | options.h | 56 | ||||
| -rw-r--r-- | redirects.c | 36 | ||||
| -rw-r--r-- | rules.c | 24 | ||||
| -rw-r--r-- | zones.c | 36 | ||||
| -rw-r--r-- | zones.h | 2 |
9 files changed, 100 insertions, 104 deletions
@@ -20,7 +20,7 @@ #define C(f, tbl, def, fmt) \ - { FW3_FAMILY_##f, FW3_TABLE_##tbl, FW3_DEFAULT_##def, fmt } + { FW3_FAMILY_##f, FW3_TABLE_##tbl, FW3_FLAG_##def, fmt } static const struct fw3_rule_spec default_chains[] = { C(ANY, FILTER, UNSPEC, "delegate_input"), @@ -57,7 +57,7 @@ static const struct fw3_rule_spec toplevel_rules[] = { { } }; -const struct fw3_option fw3_default_opts[] = { +const struct fw3_option fw3_flag_opts[] = { FW3_OPT("input", target, defaults, policy_input), FW3_OPT("forward", target, defaults, policy_forward), FW3_OPT("output", target, defaults, policy_output), @@ -84,17 +84,17 @@ const struct fw3_option fw3_default_opts[] = { static void -check_policy(struct uci_element *e, enum fw3_target *pol, const char *name) +check_policy(struct uci_element *e, enum fw3_flag *pol, const char *name) { - if (*pol == FW3_TARGET_UNSPEC) + if (*pol == FW3_FLAG_UNSPEC) { warn_elem(e, "has no %s policy specified, defaulting to DROP", name); - *pol = FW3_TARGET_DROP; + *pol = FW3_FLAG_DROP; } - else if (*pol > FW3_TARGET_DROP) + else if (*pol > FW3_FLAG_DROP) { warn_elem(e, "has invalid %s policy, defaulting to DROP", name); - *pol = FW3_TARGET_DROP; + *pol = FW3_FLAG_DROP; } } @@ -126,7 +126,7 @@ fw3_load_defaults(struct fw3_state *state, struct uci_package *p) continue; } - fw3_parse_options(&state->defaults, fw3_default_opts, s); + fw3_parse_options(&state->defaults, fw3_flag_opts, s); check_policy(e, &defs->policy_input, "input"); check_policy(e, &defs->policy_output, "output"); @@ -143,7 +143,7 @@ fw3_print_default_chains(enum fw3_table table, enum fw3_family family, uint32_t custom_mask = ~0; #define policy(t) \ - ((t == FW3_TARGET_REJECT) ? "DROP" : fw3_flag_names[t]) + ((t == FW3_FLAG_REJECT) ? "DROP" : fw3_flag_names[t]) if (family == FW3_FAMILY_V6 && defs->disable_ipv6) return; @@ -157,13 +157,13 @@ fw3_print_default_chains(enum fw3_table table, enum fw3_family family, /* Don't touch user chains on reload */ if (reload) - delbit(custom_mask, FW3_DEFAULT_CUSTOM_CHAINS); + delbit(custom_mask, FW3_FLAG_CUSTOM_CHAINS); if (defs->custom_chains) - set(defs->flags, family, FW3_DEFAULT_CUSTOM_CHAINS); + set(defs->flags, family, FW3_FLAG_CUSTOM_CHAINS); if (defs->syn_flood) - set(defs->flags, family, FW3_DEFAULT_SYN_FLOOD); + set(defs->flags, family, FW3_FLAG_SYN_FLOOD); rv = fw3_pr_rulespec(table, family, defs->flags, custom_mask, default_chains, ":%s - [0:0]\n"); @@ -256,13 +256,13 @@ fw3_print_default_tail_rules(enum fw3_table table, enum fw3_family family, if (table != FW3_TABLE_FILTER) return; - if (defs->policy_input == FW3_TARGET_REJECT) + if (defs->policy_input == FW3_FLAG_REJECT) fw3_pr("-A delegate_input -j reject\n"); - if (defs->policy_output == FW3_TARGET_REJECT) + if (defs->policy_output == FW3_FLAG_REJECT) fw3_pr("-A delegate_output -j reject\n"); - if (defs->policy_forward == FW3_TARGET_REJECT) + if (defs->policy_forward == FW3_FLAG_REJECT) fw3_pr("-A delegate_forward -j reject\n"); } @@ -295,7 +295,7 @@ fw3_set_defaults(struct fw3_state *state) } static void -reset_policy(enum fw3_table table, enum fw3_target policy) +reset_policy(enum fw3_table table, enum fw3_flag policy) { if (table != FW3_TABLE_FILTER) return; @@ -317,11 +317,11 @@ fw3_flush_rules(enum fw3_table table, enum fw3_family family, /* don't touch user chains on selective stop */ if (reload) - delbit(custom_mask, FW3_DEFAULT_CUSTOM_CHAINS); + delbit(custom_mask, FW3_FLAG_CUSTOM_CHAINS); if (!pass2) { - reset_policy(table, reload ? FW3_TARGET_DROP : FW3_TARGET_ACCEPT); + reset_policy(table, reload ? FW3_FLAG_DROP : FW3_FLAG_ACCEPT); fw3_pr_rulespec(table, family, defs->flags, custom_mask, toplevel_rules, "-D %s\n"); @@ -341,7 +341,7 @@ fw3_flush_rules(enum fw3_table table, enum fw3_family family, void fw3_flush_all(enum fw3_table table) { - reset_policy(table, FW3_TARGET_ACCEPT); + reset_policy(table, FW3_FLAG_ACCEPT); fw3_pr("-F\n"); fw3_pr("-X\n"); @@ -21,7 +21,7 @@ #include "options.h" -extern const struct fw3_option fw3_default_opts[]; +extern const struct fw3_option fw3_flag_opts[]; void fw3_load_defaults(struct fw3_state *state, struct uci_package *p); @@ -89,8 +89,8 @@ fw3_load_forwards(struct fw3_state *state, struct uci_package *p) /* NB: forward family... */ if (forward->_dest) { - setbit(forward->_dest->flags[0], FW3_TARGET_ACCEPT); - setbit(forward->_dest->flags[1], FW3_TARGET_ACCEPT); + setbit(forward->_dest->flags[0], FW3_FLAG_ACCEPT); + setbit(forward->_dest->flags[1], FW3_FLAG_ACCEPT); if (forward->_src && (forward->_src->conntrack || forward->_dest->conntrack)) @@ -40,7 +40,7 @@ parse_enum(void *ptr, const char *val, const char **values, int min, int max) } -const char *fw3_flag_names[FW3_DEFAULT_DROP_INVALID + 1] = { +const char *fw3_flag_names[__FW3_FLAG_MAX] = { "filter", "nat", "mangle", @@ -132,8 +132,8 @@ fw3_parse_string(void *ptr, const char *val) bool fw3_parse_target(void *ptr, const char *val) { - return parse_enum(ptr, val, &fw3_flag_names[FW3_TARGET_ACCEPT], - FW3_TARGET_ACCEPT, FW3_TARGET_SNAT); + return parse_enum(ptr, val, &fw3_flag_names[FW3_FLAG_ACCEPT], + FW3_FLAG_ACCEPT, FW3_FLAG_SNAT); } bool @@ -61,31 +61,27 @@ enum fw3_family FW3_FAMILY_V6 = 5, }; -enum fw3_target +enum fw3_flag { - FW3_TARGET_UNSPEC = 0, - FW3_TARGET_ACCEPT = 6, - FW3_TARGET_REJECT = 7, - FW3_TARGET_DROP = 8, - FW3_TARGET_NOTRACK = 9, - FW3_TARGET_DNAT = 10, - FW3_TARGET_SNAT = 11, - FW3_TARGET_SRC_ACCEPT = 12, - FW3_TARGET_SRC_REJECT = 13, - FW3_TARGET_SRC_DROP = 14, - FW3_TARGET_CUSTOM_CHAINS = 15, + FW3_FLAG_UNSPEC = 0, + FW3_FLAG_ACCEPT = 6, + FW3_FLAG_REJECT = 7, + FW3_FLAG_DROP = 8, + FW3_FLAG_NOTRACK = 9, + FW3_FLAG_DNAT = 10, + FW3_FLAG_SNAT = 11, + FW3_FLAG_SRC_ACCEPT = 12, + FW3_FLAG_SRC_REJECT = 13, + FW3_FLAG_SRC_DROP = 14, + FW3_FLAG_CUSTOM_CHAINS = 15, + FW3_FLAG_SYN_FLOOD = 16, + FW3_FLAG_MTU_FIX = 17, + FW3_FLAG_DROP_INVALID = 18, + + __FW3_FLAG_MAX }; -enum fw3_default -{ - FW3_DEFAULT_UNSPEC = 0, - FW3_DEFAULT_CUSTOM_CHAINS = 16, - FW3_DEFAULT_SYN_FLOOD = 17, - FW3_DEFAULT_MTU_FIX = 18, - FW3_DEFAULT_DROP_INVALID = 19, -}; - -extern const char *fw3_flag_names[FW3_DEFAULT_DROP_INVALID + 1]; +extern const char *fw3_flag_names[__FW3_FLAG_MAX]; enum fw3_limit_unit @@ -222,9 +218,9 @@ struct fw3_time struct fw3_defaults { - enum fw3_target policy_input; - enum fw3_target policy_output; - enum fw3_target policy_forward; + enum fw3_flag policy_input; + enum fw3_flag policy_output; + enum fw3_flag policy_forward; bool drop_invalid; @@ -255,9 +251,9 @@ struct fw3_zone enum fw3_family family; - enum fw3_target policy_input; - enum fw3_target policy_output; - enum fw3_target policy_forward; + enum fw3_flag policy_input; + enum fw3_flag policy_output; + enum fw3_flag policy_forward; struct list_head networks; struct list_head devices; @@ -316,7 +312,7 @@ struct fw3_rule struct fw3_limit limit; struct fw3_time time; - enum fw3_target target; + enum fw3_flag target; const char *extra; }; @@ -353,7 +349,7 @@ struct fw3_redirect struct fw3_time time; - enum fw3_target target; + enum fw3_flag target; const char *extra; diff --git a/redirects.c b/redirects.c index 7cd26c8..f91cd47 100644 --- a/redirects.c +++ b/redirects.c @@ -184,18 +184,18 @@ fw3_load_redirects(struct fw3_state *state, struct uci_package *p) continue; } - if (redir->target == FW3_TARGET_UNSPEC) + if (redir->target == FW3_FLAG_UNSPEC) { warn_elem(e, "has no target specified, defaulting to DNAT"); - redir->target = FW3_TARGET_DNAT; + redir->target = FW3_FLAG_DNAT; } - else if (redir->target < FW3_TARGET_DNAT) + else if (redir->target < FW3_FLAG_DNAT) { warn_elem(e, "has invalid target specified, defaulting to DNAT"); - redir->target = FW3_TARGET_DNAT; + redir->target = FW3_FLAG_DNAT; } - if (redir->target == FW3_TARGET_DNAT) + if (redir->target == FW3_FLAG_DNAT) { if (redir->src.any) warn_elem(e, "must not have source '*' for DNAT target"); @@ -210,9 +210,9 @@ fw3_load_redirects(struct fw3_state *state, struct uci_package *p) if (redir->reflection && redir->_dest && redir->_src->masq) { - set(redir->_dest->flags, FW3_FAMILY_V4, FW3_TARGET_ACCEPT); - set(redir->_dest->flags, FW3_FAMILY_V4, FW3_TARGET_DNAT); - set(redir->_dest->flags, FW3_FAMILY_V4, FW3_TARGET_SNAT); + set(redir->_dest->flags, FW3_FAMILY_V4, FW3_FLAG_ACCEPT); + set(redir->_dest->flags, FW3_FAMILY_V4, FW3_FLAG_DNAT); + set(redir->_dest->flags, FW3_FAMILY_V4, FW3_FLAG_SNAT); } } else @@ -247,20 +247,20 @@ fw3_load_redirects(struct fw3_state *state, struct uci_package *p) static void print_chain_nat(struct fw3_redirect *redir) { - if (redir->target == FW3_TARGET_DNAT) + if (redir->target == FW3_FLAG_DNAT) fw3_pr("-A zone_%s_prerouting", redir->src.name); else fw3_pr("-A zone_%s_postrouting", redir->dest.name); } static void -print_snat_dnat(enum fw3_target target, +print_snat_dnat(enum fw3_flag target, struct fw3_address *addr, struct fw3_port *port) { const char *t; char s[sizeof("255.255.255.255 ")]; - if (target == FW3_TARGET_DNAT) + if (target == FW3_FLAG_DNAT) t = "DNAT --to-destination"; else t = "SNAT --to-source"; @@ -283,7 +283,7 @@ print_snat_dnat(enum fw3_target target, static void print_target_nat(struct fw3_redirect *redir) { - if (redir->target == FW3_TARGET_DNAT) + if (redir->target == FW3_FLAG_DNAT) print_snat_dnat(redir->target, &redir->ip_redir, &redir->port_redir); else print_snat_dnat(redir->target, &redir->ip_dest, &redir->port_dest); @@ -292,7 +292,7 @@ print_target_nat(struct fw3_redirect *redir) static void print_chain_filter(struct fw3_redirect *redir) { - if (redir->target == FW3_TARGET_DNAT) + if (redir->target == FW3_FLAG_DNAT) { /* XXX: check for local ip */ if (!redir->ip_redir.set) @@ -313,7 +313,7 @@ static void print_target_filter(struct fw3_redirect *redir) { /* XXX: check for local ip */ - if (redir->target == FW3_TARGET_DNAT && !redir->ip_redir.set) + if (redir->target == FW3_FLAG_DNAT && !redir->ip_redir.set) fw3_pr(" -m conntrack --ctstate DNAT -j ACCEPT\n"); else fw3_pr(" -j ACCEPT\n"); @@ -369,7 +369,7 @@ print_redirect(enum fw3_table table, enum fw3_family family, fw3_format_ipset(redir->_ipset, redir->ipset.invert); fw3_format_protocol(proto, family); - if (redir->target == FW3_TARGET_DNAT) + if (redir->target == FW3_FLAG_DNAT) { fw3_format_src_dest(&redir->ip_src, &redir->ip_dest); fw3_format_sport_dport(&redir->port_src, &redir->port_dest); @@ -402,7 +402,7 @@ print_redirect(enum fw3_table table, enum fw3_family family, } /* reflection rules */ - if (redir->target != FW3_TARGET_DNAT || !redir->reflection) + if (redir->target != FW3_FLAG_DNAT || !redir->reflection) return; if (!redir->_dest || !redir->_src->masq) @@ -443,7 +443,7 @@ print_redirect(enum fw3_table table, enum fw3_family family, fw3_format_sport_dport(NULL, &redir->port_dest); fw3_format_time(&redir->time); fw3_format_comment(redir->name, " (reflection)"); - print_snat_dnat(FW3_TARGET_DNAT, + print_snat_dnat(FW3_FLAG_DNAT, &redir->ip_redir, &redir->port_redir); fw3_pr("-A zone_%s_postrouting", redir->dest.name); @@ -452,7 +452,7 @@ print_redirect(enum fw3_table table, enum fw3_family family, fw3_format_sport_dport(NULL, &redir->port_redir); fw3_format_time(&redir->time); fw3_format_comment(redir->name, " (reflection)"); - print_snat_dnat(FW3_TARGET_SNAT, ext_addr, NULL); + print_snat_dnat(FW3_FLAG_SNAT, ext_addr, NULL); } else if (table == FW3_TABLE_FILTER) { @@ -137,7 +137,7 @@ fw3_load_rules(struct fw3_state *state, struct uci_package *p) continue; } - if (!rule->_src && rule->target == FW3_TARGET_NOTRACK) + if (!rule->_src && rule->target == FW3_FLAG_NOTRACK) { warn_elem(e, "is set to target NOTRACK but has no source assigned"); fw3_free_rule(rule); @@ -150,15 +150,15 @@ fw3_load_rules(struct fw3_state *state, struct uci_package *p) "- assuming an output rule"); } - if (rule->target == FW3_TARGET_UNSPEC) + if (rule->target == FW3_FLAG_UNSPEC) { warn_elem(e, "has no target specified, defaulting to REJECT"); - rule->target = FW3_TARGET_REJECT; + rule->target = FW3_FLAG_REJECT; } - else if (rule->target > FW3_TARGET_NOTRACK) + else if (rule->target > FW3_FLAG_NOTRACK) { warn_elem(e, "has invalid target specified, defaulting to REJECT"); - rule->target = FW3_TARGET_REJECT; + rule->target = FW3_FLAG_REJECT; } /* NB: rule family... */ @@ -181,7 +181,7 @@ print_chain(struct fw3_rule *rule) sprintf(chain, "delegate_output"); - if (rule->target == FW3_TARGET_NOTRACK) + if (rule->target == FW3_FLAG_NOTRACK) { sprintf(chain, "zone_%s_notrack", rule->src.name); } @@ -218,20 +218,20 @@ static void print_target(struct fw3_rule *rule) switch(rule->target) { - case FW3_TARGET_ACCEPT: - case FW3_TARGET_DROP: - case FW3_TARGET_NOTRACK: + case FW3_FLAG_ACCEPT: + case FW3_FLAG_DROP: + case FW3_FLAG_NOTRACK: target = fw3_flag_names[rule->target]; break; default: - target = fw3_flag_names[FW3_TARGET_REJECT]; + target = fw3_flag_names[FW3_FLAG_REJECT]; break; } if (rule->dest.set && !rule->dest.any) fw3_pr(" -j zone_%s_dest_%s\n", rule->dest.name, target); - else if (rule->target == FW3_TARGET_REJECT) + else if (rule->target == FW3_FLAG_REJECT) fw3_pr(" -j reject\n"); else fw3_pr(" -j %s\n", target); @@ -292,7 +292,7 @@ expand_rule(enum fw3_table table, enum fw3_family family, if (!fw3_is_family(rule, family)) return; - if ((table == FW3_TABLE_RAW && rule->target != FW3_TARGET_NOTRACK) || + if ((table == FW3_TABLE_RAW && rule->target != FW3_FLAG_NOTRACK) || (table != FW3_TABLE_FILTER)) return; @@ -21,7 +21,7 @@ #define C(f, tbl, tgt, fmt) \ - { FW3_FAMILY_##f, FW3_TABLE_##tbl, FW3_TARGET_##tgt, fmt } + { FW3_FAMILY_##f, FW3_TABLE_##tbl, FW3_FLAG_##tgt, fmt } static const struct fw3_rule_spec zone_chains[] = { C(ANY, FILTER, UNSPEC, "zone_%1$s_input"), @@ -99,15 +99,15 @@ const struct fw3_option fw3_zone_opts[] = { static void -check_policy(struct uci_element *e, enum fw3_target *pol, enum fw3_target def, +check_policy(struct uci_element *e, enum fw3_flag *pol, enum fw3_flag def, const char *name) { - if (*pol == FW3_TARGET_UNSPEC) + if (*pol == FW3_FLAG_UNSPEC) { warn_elem(e, "has no %s policy specified, using default", name); *pol = def; } - else if (*pol > FW3_TARGET_DROP) + else if (*pol > FW3_FLAG_DROP) { warn_elem(e, "has invalid %s policy, using default", name); *pol = def; @@ -219,14 +219,14 @@ fw3_load_zones(struct fw3_state *state, struct uci_package *p) if (zone->masq) { - setbit(zone->flags[0], FW3_TARGET_SNAT); + setbit(zone->flags[0], FW3_FLAG_SNAT); zone->conntrack = true; } if (zone->custom_chains) { - setbit(zone->flags[0], FW3_TARGET_SNAT); - setbit(zone->flags[0], FW3_TARGET_DNAT); + setbit(zone->flags[0], FW3_FLAG_SNAT); + setbit(zone->flags[0], FW3_FLAG_DNAT); } setbit(zone->flags[0], fw3_to_src_target(zone->policy_input)); @@ -256,13 +256,13 @@ print_zone_chain(enum fw3_table table, enum fw3_family family, /* Don't touch user chains on reload */ if (reload) - delbit(custom_mask, FW3_TARGET_CUSTOM_CHAINS); + delbit(custom_mask, FW3_FLAG_CUSTOM_CHAINS); if (zone->custom_chains) - set(zone->flags, family, FW3_TARGET_CUSTOM_CHAINS); + set(zone->flags, family, FW3_FLAG_CUSTOM_CHAINS); if (!zone->conntrack && !state->defaults.drop_invalid) - set(zone->flags, family, FW3_TARGET_NOTRACK); + set(zone->flags, family, FW3_FLAG_NOTRACK); c = fw3_pr_rulespec(table, family, zone->flags, custom_mask, zone_chains, ":%s - [0:0]\n", zone->name); @@ -284,14 +284,14 @@ print_interface_rule(enum fw3_table table, enum fw3_family family, struct fw3_zone *zone, struct fw3_device *dev, struct fw3_address *sub, bool reload, bool disable_notrack) { - enum fw3_target t; + enum fw3_flag t; #define jump_target(t) \ - ((t == FW3_TARGET_REJECT) ? "reject" : fw3_flag_names[t]) + ((t == FW3_FLAG_REJECT) ? "reject" : fw3_flag_names[t]) if (table == FW3_TABLE_FILTER) { - for (t = FW3_TARGET_ACCEPT; t <= FW3_TARGET_DROP; t++) + for (t = FW3_FLAG_ACCEPT; t <= FW3_FLAG_DROP; t++) { if (has(zone->flags, family, fw3_to_src_target(t))) { @@ -332,7 +332,7 @@ print_interface_rule(enum fw3_table table, enum fw3_family family, } else if (table == FW3_TABLE_NAT) { - if (has(zone->flags, family, FW3_TARGET_DNAT)) + if (has(zone->flags, family, FW3_FLAG_DNAT)) { fw3_pr("-A delegate_prerouting"); fw3_format_in_out(dev, NULL); @@ -341,7 +341,7 @@ print_interface_rule(enum fw3_table table, enum fw3_family family, fw3_pr(" -j zone_%s_prerouting\n", zone->name); } - if (has(zone->flags, family, FW3_TARGET_SNAT)) + if (has(zone->flags, family, FW3_FLAG_SNAT)) { fw3_pr("-A delegate_postrouting"); fw3_format_in_out(NULL, dev); @@ -414,7 +414,7 @@ print_zone_rule(enum fw3_table table, enum fw3_family family, struct fw3_address *msrc; struct fw3_address *mdest; - enum fw3_target t; + enum fw3_flag t; if (!fw3_is_family(zone, family)) return; @@ -433,7 +433,7 @@ print_zone_rule(enum fw3_table table, enum fw3_family family, if (zone->log) { - for (t = FW3_TARGET_REJECT; t <= FW3_TARGET_DROP; t++) + for (t = FW3_FLAG_REJECT; t <= FW3_FLAG_DROP; t++) { if (has(zone->flags, family, fw3_to_src_target(t))) { @@ -504,7 +504,7 @@ fw3_flush_zones(enum fw3_table table, enum fw3_family family, /* don't touch user chains on selective stop */ if (reload) - delbit(custom_mask, FW3_TARGET_CUSTOM_CHAINS); + delbit(custom_mask, FW3_FLAG_CUSTOM_CHAINS); list_for_each_entry_safe(z, tmp, &state->running_zones, running_list) { @@ -40,7 +40,7 @@ struct fw3_zone * fw3_lookup_zone(struct fw3_state *state, const char *name, bool running); #define fw3_to_src_target(t) \ - (FW3_TARGET_SRC_ACCEPT - FW3_TARGET_ACCEPT + t) + (FW3_FLAG_SRC_ACCEPT - FW3_FLAG_ACCEPT + t) #define fw3_free_zone(zone) \ fw3_free_object(zone, fw3_zone_opts) |