From d0a3052078d188ce794384e609aba3d8d9f29b26 Mon Sep 17 00:00:00 2001 From: Amit Kumar <amit.kumar@genexis.eu> Date: Thu, 11 Jul 2024 11:00:48 +0530 Subject: [PATCH] firewallmngr: fix for new issue identified --- .../bbf_plugin/firewall.c | 29 ++++++++--------- .../bbf_plugin/nat_porttrigger.c | 31 ++++++++----------- 2 files changed, 28 insertions(+), 32 deletions(-) diff --git a/src/firewallmngr_backend_firewallmngr/bbf_plugin/firewall.c b/src/firewallmngr_backend_firewallmngr/bbf_plugin/firewall.c index 8e5897f..e4247f1 100644 --- a/src/firewallmngr_backend_firewallmngr/bbf_plugin/firewall.c +++ b/src/firewallmngr_backend_firewallmngr/bbf_plugin/firewall.c @@ -226,20 +226,21 @@ static int set_FirewallChainRule_Description(char *refparam, struct dmctx *ctx, static int get_FirewallChainRule_Target(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - char *target_arr[] = {"Drop", "Accept", "Reject", "Return", "TargetChain", NULL}; - char *target = NULL; - target = bbf_uci_get_value_by_section_fallback_def(((struct dm_data *)data)->config_section, "target", "0"); + target = bbf_uci_get_value_by_section_fallback_def(((struct dm_data *)data)->config_section, "target", "Drop"); - if (target) { - int c = atoi(target); + if ((strcasecmp(target, "Accept") == 0) || (strcasecmp(target, "ACCEPT") == 0)) + *value = "Accept"; + else if ((strcasecmp(target, "Reject") == 0) || (strcasecmp(target, "REJECT") == 0)) + *value = "Reject"; + else if ((strcasecmp(target, "Drop") == 0) || (strcasecmp(target, "DROP") == 0)) + *value = "Drop"; + else if (strcasecmp(target, "MARK") == 0) + *value = "Return"; + else + *value = target; - if (c >=0 && c < 5) - *value = target_arr[c]; - else - *value = "Drop";//TODO verify default behaviour - } return 0; } @@ -476,9 +477,9 @@ static int get_FirewallChainRule_IPVersion(char *refparam, struct dmctx *ctx, vo return 0; } - if (strcasecmp(ipversion, "ipv4") == 0) { + if ((strcasecmp(ipversion, "ipv4") == 0) || (strcasecmp(ipversion, "4") == 0)) { *value = "4"; - } else if (strcasecmp(ipversion, "ipv6") == 0) { + } else if ((strcasecmp(ipversion, "ipv6") == 0) || (strcasecmp(ipversion, "6") == 0)) { *value = "6"; } else { *value = "-1"; @@ -496,9 +497,9 @@ static int set_FirewallChainRule_IPVersion(char *refparam, struct dmctx *ctx, vo break; case VALUESET: if (DM_LSTRCMP(value, "4") == 0) - bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "family", "ipv4"); + bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "family", "4"); else if (DM_LSTRCMP(value, "6") == 0) - bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "family", "ipv6"); + bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "family", "6"); else if (DM_LSTRCMP(value, "-1") == 0) bbf_uci_set_value_by_section(((struct dm_data *)data)->config_section, "family", ""); break; diff --git a/src/firewallmngr_backend_firewallmngr/bbf_plugin/nat_porttrigger.c b/src/firewallmngr_backend_firewallmngr/bbf_plugin/nat_porttrigger.c index f7d8d35..13042d0 100644 --- a/src/firewallmngr_backend_firewallmngr/bbf_plugin/nat_porttrigger.c +++ b/src/firewallmngr_backend_firewallmngr/bbf_plugin/nat_porttrigger.c @@ -16,15 +16,15 @@ **************************************************************/ /*#Device.NAT.PortTrigger.{i}.!UCI:port-trigger/port_trigger/dmmap_port_trigger*/ -static int browseNATPortTriggerInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_data, char *prev_instance) +int browseNATPortTriggerInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_data, char *prev_instance) { - int inst = 0; struct uci_section *p = NULL; struct dm_data data = {0}; char *name = NULL; char *buf = NULL; uci_foreach_sections("port-trigger", "port_trigger", p) { + int inst = 0; dmuci_get_section_name(section_name(p),&name); if (name) { sscanf(name, "port_trigger_%d",&inst); @@ -45,14 +45,14 @@ static int browseNATPortTriggerRuleInst(struct dmctx *dmctx, DMNODE *parent_node { struct uci_section *p = NULL; struct dm_data data = {0}; - int inst = 0; - int ptg_inst = 0; char *name = NULL; char *buf = NULL; int parent_inst = 0; parent_inst = atoi(prev_instance); uci_foreach_sections("port-trigger", "rule", p) { + int inst = 0; + int ptg_inst = 0; dmuci_get_section_name(section_name(p),&name); if (name) { sscanf(name, "port_trigger_%d_rule_%d",&ptg_inst,&inst); @@ -70,7 +70,7 @@ static int browseNATPortTriggerRuleInst(struct dmctx *dmctx, DMNODE *parent_node /************************************************************* * ADD & DEL OBJ **************************************************************/ -static int addObjNATPortTrigger(char *refparam, struct dmctx *ctx, void *data, char **instance) +int addObjNATPortTrigger(char *refparam, struct dmctx *ctx, void *data, char **instance) { struct uci_section *s = NULL; char port_trigger_name[16] = {0}; @@ -86,7 +86,7 @@ static int addObjNATPortTrigger(char *refparam, struct dmctx *ctx, void *data, c return 0; } -static int delObjNATPortTrigger(char *refparam, struct dmctx *ctx, void *data, char *instance, unsigned char del_action) +int delObjNATPortTrigger(char *refparam, struct dmctx *ctx, void *data, char *instance, unsigned char del_action) { struct uci_section *s = NULL, *stmp = NULL; char *name; @@ -154,7 +154,7 @@ static int delObjNATPortTriggerRule(char *refparam, struct dmctx *ctx, void *dat * GET & SET PARAM **************************************************************/ /*#Device.NAT.PortTriggerNumberOfEntries!UCI:port-trigger/port_trigger/*/ -static int get_NAT_PortTriggerNumberOfEntries(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) +int get_NAT_PortTriggerNumberOfEntries(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { int cnt = get_number_of_entries(ctx, data, instance, browseNATPortTriggerInst); dmasprintf(value, "%d", cnt); @@ -256,7 +256,7 @@ static int get_NATPortTrigger_Interface(char *refparam, struct dmctx *ctx, void dmuci_get_value_by_section_string(((struct dm_data *)data)->config_section, "src", &interf); - adm_entry_get_reference_param(ctx, "Device.IP.Interface.*.Name", interf, value); + _bbfdm_get_references(ctx, "Device.IP.Interface.", "Name", interf, value); return 0; } @@ -266,7 +266,7 @@ static int set_NATPortTrigger_Interface(char *refparam, struct dmctx *ctx, void char *allowed_objects[] = {"Device.IP.Interface.", NULL}; struct dm_reference reference = {0}; - bbf_get_reference_args(value, &reference); + bbfdm_get_reference_linker(ctx, value, &reference); switch (action) { case VALUECHECK: @@ -385,6 +385,8 @@ static int get_NATPortTrigger_Protocol(char *refparam, struct dmctx *ctx, void * static int set_NATPortTrigger_Protocol(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { + char *NATProtocol[] = {"TCP", "UDP", NULL}; + switch (action) { case VALUECHECK: if (bbfdm_validate_string(ctx, value, -1, -1, NATProtocol, NULL)) @@ -467,6 +469,8 @@ static int get_NATPortTriggerRule_Protocol(char *refparam, struct dmctx *ctx, vo static int set_NATPortTriggerRule_Protocol(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { + char *NATProtocol[] = {"TCP", "UDP", NULL}; + switch (action) { case VALUECHECK: if (bbfdm_validate_string(ctx, value, -1, -1, NATProtocol, NULL)) @@ -529,12 +533,3 @@ DMOBJ tDeviceNATPortTriggerObj[] = { {"PortTrigger", &DMWRITE, addObjNATPortTrigger, delObjNATPortTrigger, NULL, browseNATPortTriggerInst, NULL, NULL, tNATPortTriggerObj, tNATPortTriggerParams, NULL, BBFDM_BOTH}, {0} }; - -#if 0 -/* *** Device.NAT.PortTrigger. *** */ -DM_MAP_OBJ tDynamicObj[] = { -/* parentobj, nextobject, parameter */ -{"Device.NAT.", tDeviceNATPortTriggerObj, tDeviceNATPortTriggerParams}, -{0} -}; -#endif -- GitLab