firewallmngr: fix for new issue identified

d0a30520 · Amit Kumar · 2ec9e5e4 · d0a30520 · d0a30520
Commit d0a30520 authored Jul 11, 2024 by Amit Kumar
--- a/src/firewallmngr_backend_firewallmngr/bbf_plugin/firewall.c
+++ b/src/firewallmngr_backend_firewallmngr/bbf_plugin/firewall.c
@@ -226,20 +226,21 @@ static int set_FirewallChainRule_Description(char *refparam, struct dmctx *ctx,
 static int get_FirewallChainRule_Target(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
 {
-	char *target_arr[] = {"Drop", "Accept", "Reject", "Return", "TargetChain", NULL};
 	char *target = NULL;
-        target = bbf_uci_get_value_by_section_fallback_def(((struct dm_data *)data)->config_section, "target", "0");
+        target = bbf_uci_get_value_by_section_fallback_def(((struct dm_data *)data)->config_section, "target", "Drop");
-        if (target) {
-                int c = atoi(target);
-                if (c >=0 && c < 5)
+	if ((strcasecmp(target, "Accept") == 0) || (strcasecmp(target, "ACCEPT") == 0))
-                        *value = target_arr[c];
+		*value = "Accept";
+	else if ((strcasecmp(target, "Reject") == 0) || (strcasecmp(target, "REJECT") == 0))
+		*value = "Reject";
+	else if ((strcasecmp(target, "Drop") == 0) || (strcasecmp(target, "DROP") == 0))
+		*value = "Drop";
+	else if (strcasecmp(target, "MARK") == 0)
+		*value = "Return";
 	else
-                        *value = "Drop";//TODO verify default behaviour
+		*value = target;
-        }
 	return 0;
 }
@@ -476,9 +477,9 @@ static int get_FirewallChainRule_IPVersion(char *refparam, struct dmctx *ctx, vo
 		return 0;
 	}
-	if (strcasecmp(ipversion, "ipv4") == 0) {
+	if ((strcasecmp(ipversion, "ipv4") == 0) || (strcasecmp(ipversion, "4") == 0)) {
 		*value = "4";
-	} else if (strcasecmp(ipversion, "ipv6") == 0) {
+	} else if ((strcasecmp(ipversion, "ipv6") == 0) || (strcasecmp(ipversion, "6") == 0)) {
 		*value = "6";
 	} else {
 		*value = "-1";
@@ -496,9 +497,9 @@ static int set_FirewallChainRule_IPVersion(char *refparam, struct dmctx *ctx, vo
 			break;
 		case VALUESET:
 			if (DM_LSTRCMP(value, "4") == 0)
-				bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "family", "ipv4");
+				bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "family", "4");
 			else if (DM_LSTRCMP(value, "6") == 0)
-				bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "family", "ipv6");
+				bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "family", "6");
 			else if (DM_LSTRCMP(value, "-1") == 0)
 				bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "family", "");
 			break;

--- a/src/firewallmngr_backend_firewallmngr/bbf_plugin/nat_porttrigger.c
+++ b/src/firewallmngr_backend_firewallmngr/bbf_plugin/nat_porttrigger.c
@@ -16,15 +16,15 @@
 **************************************************************/
 /*#Device.NAT.PortTrigger.{i}.!UCI:port-trigger/port_trigger/dmmap_port_trigger*/
-static int browseNATPortTriggerInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_data, char *prev_instance)
+int browseNATPortTriggerInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_data, char *prev_instance)
 {
-	int inst = 0;
 	struct uci_section *p = NULL;
 	struct dm_data data = {0};
 	char *name = NULL;
 	char *buf = NULL;
 	uci_foreach_sections("port-trigger", "port_trigger", p) {
+		int inst = 0;
 		dmuci_get_section_name(section_name(p),&name);
 		if (name) {
 			sscanf(name, "port_trigger_%d",&inst);
@@ -45,14 +45,14 @@ static int browseNATPortTriggerRuleInst(struct dmctx *dmctx, DMNODE *parent_node
 {
        struct uci_section *p = NULL;
 	struct dm_data data = {0};
-	int inst = 0;
-	int ptg_inst = 0;
 	char *name = NULL;
 	char *buf = NULL;
 	int parent_inst = 0;
 	parent_inst = atoi(prev_instance);
 	uci_foreach_sections("port-trigger", "rule", p) {
+		int inst = 0;
+		int ptg_inst = 0;
 		dmuci_get_section_name(section_name(p),&name);
 		if (name) {
 			sscanf(name, "port_trigger_%d_rule_%d",&ptg_inst,&inst);
@@ -70,7 +70,7 @@ static int browseNATPortTriggerRuleInst(struct dmctx *dmctx, DMNODE *parent_node
 /*************************************************************
 * ADD & DEL OBJ
 **************************************************************/
-static int addObjNATPortTrigger(char *refparam, struct dmctx *ctx, void *data, char **instance)
+int addObjNATPortTrigger(char *refparam, struct dmctx *ctx, void *data, char **instance)
 {
 	struct uci_section *s = NULL;
 	char port_trigger_name[16] = {0};
@@ -86,7 +86,7 @@ static int addObjNATPortTrigger(char *refparam, struct dmctx *ctx, void *data, c
 	return 0;
 }
-static int delObjNATPortTrigger(char *refparam, struct dmctx *ctx, void *data, char *instance, unsigned char del_action)
+int delObjNATPortTrigger(char *refparam, struct dmctx *ctx, void *data, char *instance, unsigned char del_action)
 {
 	struct uci_section *s = NULL, *stmp = NULL;
 	char *name;
@@ -154,7 +154,7 @@ static int delObjNATPortTriggerRule(char *refparam, struct dmctx *ctx, void *dat
 * GET & SET PARAM
 **************************************************************/
 /*#Device.NAT.PortTriggerNumberOfEntries!UCI:port-trigger/port_trigger/*/
-static int get_NAT_PortTriggerNumberOfEntries(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
+int get_NAT_PortTriggerNumberOfEntries(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
 {
 	int cnt = get_number_of_entries(ctx, data, instance, browseNATPortTriggerInst);
 	dmasprintf(value, "%d", cnt);
@@ -256,7 +256,7 @@ static int get_NATPortTrigger_Interface(char *refparam, struct dmctx *ctx, void
 	dmuci_get_value_by_section_string(((struct dm_data *)data)->config_section, "src", &interf);
-	adm_entry_get_reference_param(ctx, "Device.IP.Interface.*.Name", interf, value);
+	_bbfdm_get_references(ctx, "Device.IP.Interface.", "Name", interf, value);
 	return 0;
 }
@@ -266,7 +266,7 @@ static int set_NATPortTrigger_Interface(char *refparam, struct dmctx *ctx, void
 	char *allowed_objects[] = {"Device.IP.Interface.", NULL};
 	struct dm_reference reference = {0};
-	bbf_get_reference_args(value, &reference);
+	bbfdm_get_reference_linker(ctx, value, &reference);
 	switch (action) {
 		case VALUECHECK:
@@ -385,6 +385,8 @@ static int get_NATPortTrigger_Protocol(char *refparam, struct dmctx *ctx, void *
 static int set_NATPortTrigger_Protocol(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
 {
+	char *NATProtocol[] = {"TCP", "UDP", NULL};
 	switch (action)	{
 		case VALUECHECK:
 			if (bbfdm_validate_string(ctx, value, -1, -1, NATProtocol, NULL))
@@ -467,6 +469,8 @@ static int get_NATPortTriggerRule_Protocol(char *refparam, struct dmctx *ctx, vo
 static int set_NATPortTriggerRule_Protocol(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action)
 {
+	char *NATProtocol[] = {"TCP", "UDP", NULL};
 	switch (action)	{
 		case VALUECHECK:
 			if (bbfdm_validate_string(ctx, value, -1, -1, NATProtocol, NULL))
@@ -529,12 +533,3 @@ DMOBJ tDeviceNATPortTriggerObj[] = {
 {"PortTrigger", &DMWRITE, addObjNATPortTrigger, delObjNATPortTrigger, NULL, browseNATPortTriggerInst, NULL, NULL, tNATPortTriggerObj, tNATPortTriggerParams, NULL, BBFDM_BOTH},
 {0}                                                                             
 };
-#if 0
-/* *** Device.NAT.PortTrigger. *** */
-DM_MAP_OBJ tDynamicObj[] = {                                                    
-/* parentobj, nextobject, parameter */                                          
-{"Device.NAT.", tDeviceNATPortTriggerObj, tDeviceNATPortTriggerParams},
-{0}                                                                             
-};
-#endif