diff --git a/libbbfdm-api/dmcommon.c b/libbbfdm-api/dmcommon.c
index 0ffe2f87fa622b3873750b22308baa29225fd3f7..9a1a996c80dc46c2eb4055f4ee59679375f4ce18 100644
--- a/libbbfdm-api/dmcommon.c
+++ b/libbbfdm-api/dmcommon.c
@@ -69,6 +69,7 @@ char *MACAddress[] = {"^$", "^([0-9A-Fa-f][0-9A-Fa-f]:){5}([0-9A-Fa-f][0-9A-Fa-f
char *IPPrefix[] = {"^$", "^/(3[0-2]|[012]?[0-9])$", "^((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])/(3[0-2]|[012]?[0-9])$", "^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))/(12[0-8]|1[0-1][0-9]|[0-9]?[0-9])$", NULL};
char *IPv4Prefix[] = {"^$", "^/(3[0-2]|[012]?[0-9])$", "^((25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9]?[0-9])/(3[0-2]|[012]?[0-9])$", NULL};
char *IPv6Prefix[] = {"^$", "^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))/(12[0-8]|1[0-1][0-9]|[0-9]?[0-9])$", NULL};
+char *Origin[] = {"User", "System", "Controller", NULL};
struct option_tag_type TYPE_TAG_ARRAY[] = {
{1, OPTION_IP, 4},
diff --git a/libbbfdm-api/dmcommon.h b/libbbfdm-api/dmcommon.h
index d1d6348f9891c83e26b7cfd0835a1d7939f58600..470d0e41148f9b38094fd9a90c43181ee5264410 100644
--- a/libbbfdm-api/dmcommon.h
+++ b/libbbfdm-api/dmcommon.h
@@ -122,6 +122,7 @@ extern char *IPLayerCapacityRole[];
extern char *UDPPayloadContent[];
extern char *IPLayerCapacityTestType[];
extern char *RateAdjAlgorithm[];
+extern char *Origin[];
#define CRONTABS_ROOT "/etc/crontabs/root"
#define ACTIVATE_HANDLER_FILE "/usr/share/bbfdm/bbf_activate_handler.sh"
diff --git a/libbbfdm/dmtree/tr181/firewall.c b/libbbfdm/dmtree/tr181/firewall.c
index 046e23c561080011f76be2bab86036e4581141ed..418bf413a7caddb559f55e2993c225f1a95c96a4 100644
--- a/libbbfdm/dmtree/tr181/firewall.c
+++ b/libbbfdm/dmtree/tr181/firewall.c
@@ -353,6 +353,25 @@ static int browseRuleInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_d
return 0;
}
+/*#Device.Firewall.DMZ.{i}.!UCI:firewall/dmz/dmmap_dmz*/
+static int browseFirewallDMZInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_data, char *prev_instance)
+{
+ struct dmmap_dup *p = NULL;
+ char *inst = NULL;
+ LIST_HEAD(dup_list);
+
+ synchronize_specific_config_sections_with_dmmap("firewall", "dmz", "dmmap_dmz", &dup_list);
+ list_for_each_entry(p, &dup_list, list) {
+
+ inst = handle_instance(dmctx, parent_node, p->dmmap_section, "dmzinstance", "dmzalias");
+
+ if (DM_LINK_INST_OBJ(dmctx, parent_node, (void *)p, inst) == DM_STOP)
+ break;
+ }
+ free_dmmap_config_dup_list(&dup_list);
+ return 0;
+}
+
/*************************************************************
* ADD & DEL OBJ
**************************************************************/
@@ -1813,6 +1832,218 @@ static int set_rule_source_port_range_max(char *refparam, struct dmctx *ctx, voi
return 0;
}
+static int get_firewall_dmz_number_of_entries(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+ int cnt = get_number_of_entries(ctx, data, instance, browseFirewallDMZInst);
+ dmasprintf(value, "%d", cnt);
+ return 0;
+}
+
+static int addObjFirewallDMZ(char *refparam, struct dmctx *ctx, void *data, char **instance)
+{
+ struct uci_section *s = NULL, *dmmap = NULL;
+
+ dmuci_add_section("firewall", "dmz", &s);
+
+ dmuci_add_section_bbfdm("dmmap_dmz", "dmz", &dmmap);
+ dmuci_set_value_by_section(dmmap, "section_name", section_name(s));
+ dmuci_set_value_by_section(dmmap, "dmzinstance", *instance);
+ return 0;
+}
+
+static int delObjFirewallDMZ(char *refparam, struct dmctx *ctx, void *data, char *instance, unsigned char del_action)
+{
+ struct uci_section *s = NULL, *stmp = NULL;
+
+ switch (del_action) {
+ case DEL_INST:
+ dmuci_delete_by_section(((struct dmmap_dup *)data)->config_section, NULL, NULL);
+ dmuci_delete_by_section(((struct dmmap_dup *)data)->dmmap_section, NULL, NULL);
+ break;
+ case DEL_ALL:
+ uci_foreach_sections_safe("firewall", "dmz", stmp, s) {
+ struct uci_section *dmmap_section = NULL;
+ get_dmmap_section_of_config_section("dmmap_dmz", "dmz", section_name(s), &dmmap_section);
+ dmuci_delete_by_section(dmmap_section, NULL, NULL);
+ dmuci_delete_by_section(s, NULL, NULL);
+ }
+ break;
+ }
+ return 0;
+}
+
+/*#Device.Firewall.DMZ.{i}.Alias!UCI:dmmap_dmz/DMZ,@i-1/alias*/
+static int get_FirewallDMZ_Alias(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+ dmuci_get_value_by_section_string(((struct dmmap_dup *)data)->dmmap_section, "alias", value);
+ if ((*value)[0] == '\0')
+ dmasprintf(value, "cpe-%s", instance);
+ return 0;
+}
+
+static int set_FirewallDMZ_Alias(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+ switch (action) {
+ case VALUECHECK:
+ if (bbfdm_validate_string(ctx, value, -1, 64, NULL, NULL))
+ return FAULT_9007;
+ break;
+ case VALUESET:
+ dmuci_set_value_by_section(((struct dmmap_dup *)data)->config_section, "alias", value);
+ break;
+ }
+ return 0;
+}
+
+/*#Device.Firewall.DMZ.{i}.Enable!UCI:firewall/dmz,@i-1/enabled*/
+static int get_FirewallDMZ_Enable(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+ dmuci_get_value_by_section_string(((struct dmmap_dup *)data)->config_section, "enabled", value);
+ return 0;
+}
+
+static int set_FirewallDMZ_Enable(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+ bool b = 0;
+ switch (action) {
+ case VALUECHECK:
+ if (bbfdm_validate_boolean(ctx, value))
+ return FAULT_9007;
+ break;
+ case VALUESET:
+ string_to_bool(value, &b);
+ dmuci_set_value_by_section(((struct dmmap_dup *)data)->config_section, "enabled", b ? "1" : "0");
+ break;
+ }
+ return 0;
+}
+
+/*#Device.Firewall.DMZ.{i}.Status!UCI:firewall/dmz,@i-1/status*/
+static int get_FirewallDMZ_Status(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+ struct dmmap_dup *dmz_args = (struct dmmap_dup *)data;
+ char *v, *destip, *interface;
+
+ dmuci_get_value_by_section_string(dmz_args->config_section, "interface", &interface);
+ dmuci_get_value_by_section_string(dmz_args->config_section, "dest_ip", &destip);
+ if (DM_STRLEN(destip) == 0 || DM_STRLEN(interface) == 0) {
+ *value = "Error_Misconfigured";
+ return 0;
+ }
+
+ dmuci_get_value_by_section_string(dmz_args->config_section, "enabled", &v);
+ *value = (*v == 'n' || *v == '0') ? "Disabled" : "Enabled";
+
+ return 0;
+}
+
+/*#Device.Firewall.DMZ.{i}.Origin!UCI:firewall/dmz,@i-1/origin*/
+static int get_FirewallDMZ_Origin(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+ dmuci_get_value_by_section_string(((struct dmmap_dup *)data)->config_section, "origin", value);
+ if ((*value)[0] == '\0')
+ *value="Controller";
+ return 0;
+}
+
+static int set_FirewallDMZ_Origin(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+ switch (action) {
+ case VALUECHECK:
+ if (bbfdm_validate_string(ctx, value, -1, -1, Origin, NULL))
+ return FAULT_9007;
+ break;
+ case VALUESET:
+ dmuci_set_value_by_section(((struct dmmap_dup *)data)->config_section, "origin", value);
+ break;
+ }
+ return 0;
+}
+
+/*#Device.Firewall.DMZ.{i}.Description!UCI:firewall/dmz,@i-1/description*/
+static int get_FirewallDMZ_Description(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+ dmuci_get_value_by_section_string(((struct dmmap_dup *)data)->config_section, "description", value);
+ return 0;
+}
+
+static int set_FirewallDMZ_Description(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+ switch (action) {
+ case VALUECHECK:
+ if (bbfdm_validate_string(ctx, value, -1, 256, NULL, NULL))
+ return FAULT_9007;
+ break;
+ case VALUESET:
+ dmuci_set_value_by_section(((struct dmmap_dup *)data)->config_section, "description", value);
+ break;
+ }
+ return 0;
+}
+
+/*#Device.Firewall.DMZ.{i}.Interface!UCI:firewall/dmz,@i-1/interface*/
+static int get_FirewallDMZ_Interface(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+ dmuci_get_value_by_section_string(((struct dmmap_dup *)data)->config_section, "interface", value);
+ return 0;
+}
+
+static int set_FirewallDMZ_Interface(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+ switch (action) {
+ case VALUECHECK:
+ if (bbfdm_validate_string(ctx, value, -1, 256, NULL, NULL))
+ return FAULT_9007;
+ break;
+ case VALUESET:
+ dmuci_set_value_by_section(((struct dmmap_dup *)data)->config_section, "interface", value);
+ break;
+ }
+ return 0;
+}
+
+/*#Device.Firewall.DMZ.{i}.DestIP!UCI:firewall/dmz,@i-1/dest_ip*/
+static int get_FirewallDMZ_DestIP(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+ dmuci_get_value_by_section_string(((struct dmmap_dup *)data)->config_section, "dest_ip", value);
+ return 0;
+}
+
+static int set_FirewallDMZ_DestIP(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+ switch (action) {
+ case VALUECHECK:
+ if (bbfdm_validate_string(ctx, value, -1, 15, NULL, IPv4Address))
+ return FAULT_9007;
+ break;
+ case VALUESET:
+ dmuci_set_value_by_section(((struct dmmap_dup *)data)->config_section, "dest_ip", value);
+ break;
+ }
+ return 0;
+}
+
+/*#Device.Firewall.DMZ.{i}.SourcePrefix!UCI:firewall/dmz,@i-1/source_prefix*/
+static int get_FirewallDMZ_SourcePrefix(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+{
+ dmuci_get_value_by_section_string(((struct dmmap_dup *)data)->config_section, "source_prefix", value);
+ return 0;
+}
+
+static int set_FirewallDMZ_SourcePrefix(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
+{
+ switch (action) {
+ case VALUECHECK:
+ if (bbfdm_validate_string(ctx, value, -1, 18, NULL, IPv4Prefix))
+ return FAULT_9007;
+ break;
+ case VALUESET:
+ dmuci_set_value_by_section(((struct dmmap_dup *)data)->config_section, "source_prefix", value);
+ break;
+ }
+ return 0;
+}
+
/**********************************************************************************************************************************
* OBJ & PARAM DEFINITION
***********************************************************************************************************************************/
@@ -1821,6 +2052,7 @@ DMOBJ tFirewallObj[] = {
/* OBJ, permission, addobj, delobj, checkdep, browseinstobj, nextdynamicobj, dynamicleaf, nextobj, leaf, linker, bbfdm_type, uniqueKeys, version*/
{"Level", &DMREAD, NULL, NULL, NULL, browseLevelInst, NULL, NULL, NULL, tFirewallLevelParams, NULL, BBFDM_BOTH, LIST_KEY{"Name", "Alias", NULL}},
{"Chain", &DMREAD, NULL, NULL, NULL, browseChainInst, NULL, NULL, tFirewallChainObj, tFirewallChainParams, NULL, BBFDM_BOTH, LIST_KEY{"Name", "Alias", NULL}},
+{"DMZ", &DMWRITE, addObjFirewallDMZ, delObjFirewallDMZ, NULL, browseFirewallDMZInst, NULL, NULL, NULL, tFirewallDMZParams, NULL, BBFDM_BOTH, LIST_KEY{"Alias", "DestIP", "SourcePrefix", NULL}},
{0}
};
@@ -1831,6 +2063,7 @@ DMLEAF tFirewallParams[] = {
{"AdvancedLevel", &DMWRITE, DMT_STRING, get_firewall_advanced_level, set_firewall_advanced_level, BBFDM_BOTH},
{"LevelNumberOfEntries", &DMREAD, DMT_UNINT, get_firewall_level_number_of_entries, NULL, BBFDM_BOTH},
{"ChainNumberOfEntries", &DMREAD, DMT_UNINT, get_firewall_chain_number_of_entries, NULL, BBFDM_BOTH},
+{"DMZNumberOfEntries", &DMREAD, DMT_UNINT, get_firewall_dmz_number_of_entries, NULL, BBFDM_BOTH},
{0}
};
@@ -1893,3 +2126,17 @@ DMLEAF tFirewallChainRuleParams[] = {
{"SourcePortRangeMax", &DMRule, DMT_INT, get_rule_source_port_range_max, set_rule_source_port_range_max, BBFDM_BOTH},
{0}
};
+
+/* *** Device.Firewall.DMZ.{i}. *** */
+DMLEAF tFirewallDMZParams[] = {
+/* PARAM, permission, type, getvalue, setvalue, bbfdm_type */
+{"Alias", &DMWRITE, DMT_STRING, get_FirewallDMZ_Alias, set_FirewallDMZ_Alias, BBFDM_BOTH},
+{"Enable", &DMWRITE, DMT_BOOL, get_FirewallDMZ_Enable, set_FirewallDMZ_Enable, BBFDM_BOTH},
+{"Status", &DMREAD, DMT_STRING, get_FirewallDMZ_Status, NULL, BBFDM_BOTH},
+{"Origin", &DMWRITE, DMT_STRING, get_FirewallDMZ_Origin, set_FirewallDMZ_Origin, BBFDM_BOTH},
+{"Description", &DMWRITE, DMT_STRING, get_FirewallDMZ_Description, set_FirewallDMZ_Description, BBFDM_BOTH},
+{"Interface", &DMWRITE, DMT_STRING, get_FirewallDMZ_Interface, set_FirewallDMZ_Interface, BBFDM_BOTH},
+{"DestIP", &DMWRITE, DMT_STRING, get_FirewallDMZ_DestIP, set_FirewallDMZ_DestIP, BBFDM_BOTH},
+{"SourcePrefix", &DMWRITE, DMT_STRING, get_FirewallDMZ_SourcePrefix, set_FirewallDMZ_SourcePrefix, BBFDM_BOTH},
+{0}
+};
diff --git a/libbbfdm/dmtree/tr181/firewall.h b/libbbfdm/dmtree/tr181/firewall.h
index 02d44f74b36f34d89e84f7e768f9f512e6dab311..6c666ec57e8d70560cdb806f740953fbda8a4607 100644
--- a/libbbfdm/dmtree/tr181/firewall.h
+++ b/libbbfdm/dmtree/tr181/firewall.h
@@ -19,6 +19,7 @@ extern DMLEAF tFirewallLevelParams[];
extern DMLEAF tFirewallChainParams[];
extern DMOBJ tFirewallChainObj[];
extern DMLEAF tFirewallChainRuleParams[];
+extern DMLEAF tFirewallDMZParams[];
void firewall__create_zone_section(char *s_name);