diff --git a/src/firewall.c b/src/firewall.c index 99b84b6e015d15d11766dbf81504e6df38da4dcc..a192f04e9f5b733f5b6471b7626d8d1f5f96031f 100644 --- a/src/firewall.c +++ b/src/firewall.c @@ -13,9 +13,6 @@ struct rule_sec { - struct list_head list; - struct uci_section *config_section; - struct uci_section *dmmap_section; char **dynamic_rule; char *creator; bool is_dynamic_rule; @@ -70,23 +67,31 @@ static void create_portmapping_section(bool b) static void add_firewall_config_dup_list(struct list_head *dup_list, struct uci_section *config_section, struct uci_section *dmmap_section, bool is_dynamic_rule) { - struct rule_sec *rule_args; + struct dm_data *dm_data = NULL; + struct rule_sec *rule = NULL; - rule_args = dmcalloc(1, sizeof(struct rule_sec)); - list_add_tail(&rule_args->list, dup_list); + dm_data = dmcalloc(1, sizeof(struct dm_data)); + list_add_tail(&dm_data->list, dup_list); - rule_args->config_section = config_section; - rule_args->dmmap_section = dmmap_section; - rule_args->is_dynamic_rule = is_dynamic_rule; + dm_data->config_section = config_section; + dm_data->dmmap_section = dmmap_section; + + rule = dmcalloc(1, sizeof(struct rule_sec)); + rule->is_dynamic_rule = is_dynamic_rule; + + dm_data->additional_data = (void *)rule; } static void free_firewall_config_dup_list(struct list_head *dup_list) { - struct rule_sec *rule_args = NULL, *tmp = NULL; + struct dm_data *dm_data = NULL, *tmp = NULL; + + list_for_each_entry_safe(dm_data, tmp, dup_list, list) { + struct rule_sec *rule = (struct rule_sec *)(dm_data->additional_data); + dmfree(rule); - list_for_each_entry_safe(rule_args, tmp, dup_list, list) { - list_del(&rule_args->list); - dmfree(rule_args); + list_del(&dm_data->list); + dmfree(dm_data); } } @@ -248,10 +253,13 @@ static int delService(char *refparam, struct dmctx *ctx, void *data, char *insta **************************************************************/ static int browseLevelInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_data, char *prev_instance) { + struct dm_data data = {0}; struct uci_section *s = is_dmmap_section_exist("dmmap_firewall", "level"); if (!s) dmuci_add_section_bbfdm("dmmap_firewall", "level", &s); + + data.dmmap_section = s; handle_instance(dmctx, parent_node, s, "firewall_level_instance", "firewall_level_alias"); - DM_LINK_INST_OBJ(dmctx, parent_node, s, "1"); + DM_LINK_INST_OBJ(dmctx, parent_node, &data, "1"); return 0; } @@ -259,6 +267,7 @@ static int browseChainInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_ { struct uci_section *s = NULL; char *inst = NULL; + struct dm_data data1 = {0}; s = is_dmmap_section_exist_eq("dmmap_firewall", "chain", "creator", "Defaults"); if (!s) { @@ -268,11 +277,13 @@ static int browseChainInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_ fill_rules_info(s); } + data1.dmmap_section = s; inst = handle_instance(dmctx, parent_node, s, "firewall_chain_instance", "firewall_chain_alias"); - if (DM_LINK_INST_OBJ(dmctx, parent_node, (void *)s, inst) == DM_STOP) + if (DM_LINK_INST_OBJ(dmctx, parent_node, &data1, inst) == DM_STOP) return 0; if (file_exists("/etc/config/upnpd")) { + struct dm_data data2 = {0}; s = is_dmmap_section_exist_eq("dmmap_firewall", "chain", "creator", "PortMapping"); if (!s) { dmuci_add_section_bbfdm("dmmap_firewall", "chain", &s); @@ -280,8 +291,9 @@ static int browseChainInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_ dmuci_set_value_by_section(s, "creator", "PortMapping"); } + data2.dmmap_section = s; inst = handle_instance(dmctx, parent_node, s, "firewall_chain_instance", "firewall_chain_alias"); - if (DM_LINK_INST_OBJ(dmctx, parent_node, (void *)s, inst) == DM_STOP) + if (DM_LINK_INST_OBJ(dmctx, parent_node, &data2, inst) == DM_STOP) return 0; } @@ -291,8 +303,9 @@ static int browseChainInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_ /*#Device.Firewall.Chain.{i}.Rule.{i}.!UCI:firewall/rule/dmmap_firewall*/ static int browseRuleInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_data, char *prev_instance) { - struct uci_section *chain_args = (struct uci_section *)prev_data; - struct rule_sec *p = NULL; + struct dm_data *prev = (struct dm_data *)prev_data; + struct uci_section *chain_args = prev->dmmap_section; + struct dm_data *p = NULL; LIST_HEAD(dup_list); char *creator = NULL; char *order = NULL; @@ -314,9 +327,11 @@ static int browseRuleInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_d dmuci_set_value_by_section(p->dmmap_section, "order", inst); } - p->creator = creator; + struct rule_sec *rule = (struct rule_sec *)(p->additional_data); + if (rule) + rule->creator = creator; - if (DM_LINK_INST_OBJ(dmctx, parent_node, (void *)p, inst) == DM_STOP) { + if (DM_LINK_INST_OBJ(dmctx, parent_node, p, inst) == DM_STOP) { free_firewall_config_dup_list(&dup_list); return 0; } @@ -335,9 +350,11 @@ static int browseRuleInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_d dmuci_set_value_by_section(p->dmmap_section, "order", inst); } - p->creator = creator; + struct rule_sec *rule = (struct rule_sec *)(p->additional_data); + if (rule) + rule->creator = creator; - if (DM_LINK_INST_OBJ(dmctx, parent_node, (void *)p, inst) == DM_STOP) + if (DM_LINK_INST_OBJ(dmctx, parent_node, p, inst) == DM_STOP) break; } free_firewall_config_dup_list(&dup_list); @@ -375,16 +392,19 @@ static int browseRuleInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_d dynamic_rule[idx] = dmstrdup(pch); } - p = dmcalloc(1, sizeof(struct rule_sec)); + p = dmcalloc(1, sizeof(struct dm_data)); list_add_tail(&p->list, &dup_list); - p->is_dynamic_rule = true; - p->dynamic_rule = dynamic_rule; - p->creator = creator; + struct rule_sec *rule = dmcalloc(1, sizeof(struct rule_sec)); + rule->is_dynamic_rule = true; + rule->dynamic_rule = dynamic_rule; + rule->creator = creator; + + p->additional_data = (void *)rule; inst = handle_instance_without_section(dmctx, parent_node, ++i); - if (DM_LINK_INST_OBJ(dmctx, parent_node, (void *)p, inst) == DM_STOP) + if (DM_LINK_INST_OBJ(dmctx, parent_node, p, inst) == DM_STOP) break; } @@ -436,7 +456,8 @@ static int browseServiceInst(struct dmctx *dmctx, DMNODE *parent_node, void *pre **************************************************************/ static int add_firewall_rule(char *refparam, struct dmctx *ctx, void *data, char **instance) { - struct uci_section *chain_args = (struct uci_section *)data; + struct dm_data *p = (struct dm_data *)data; + struct uci_section *chain_args = p->dmmap_section; struct uci_section *s = NULL, *dmmap_firewall_rule = NULL; char creation_date[32] = {0}; char s_name[16] = {0}; @@ -484,10 +505,12 @@ static int delete_firewall_rule(char *refparam, struct dmctx *ctx, void *data, c struct uci_section *s = NULL; char *order = NULL, *rules_num = NULL; char buf[8] = {0}; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule = (struct rule_sec *)(p->additional_data); switch (del_action) { case DEL_INST: - if (((struct rule_sec *)data)->is_dynamic_rule) { + if (rule->is_dynamic_rule) { bbfdm_set_fault_message(ctx, "This is a dynamic 'Rule' instance, therefore it's not permitted to delete it."); return FAULT_9003; } @@ -495,15 +518,15 @@ static int delete_firewall_rule(char *refparam, struct dmctx *ctx, void *data, c s = get_dup_section_in_dmmap_opt("dmmap_firewall", "chain", "creator", "Defaults"); dmuci_get_value_by_section_string(s, "rules_num", &rules_num); - dmuci_get_value_by_section_string(((struct rule_sec *)data)->dmmap_section, "order", &order); + dmuci_get_value_by_section_string(p->dmmap_section, "order", &order); update_rule_order(order, rules_num, false); // Update rules number snprintf(buf, sizeof(buf), "%lu", DM_STRTOUL(rules_num) - 1); dmuci_set_value_by_section(s, "rules_num", buf); - dmuci_delete_by_section(((struct rule_sec *)data)->config_section, NULL, NULL); - dmuci_delete_by_section(((struct rule_sec *)data)->dmmap_section, NULL, NULL); + dmuci_delete_by_section(p->config_section, NULL, NULL); + dmuci_delete_by_section(p->dmmap_section, NULL, NULL); break; case DEL_ALL: break; @@ -593,25 +616,28 @@ static int get_firewall_service_number_of_entries(char *refparam, struct dmctx * static int get_level_alias(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - return bbf_get_alias(ctx, (struct uci_section *)data, "firewall_level_alias", instance, value); + struct dm_data *p = (struct dm_data *)data; + return bbf_get_alias(ctx, p->dmmap_section, "firewall_level_alias", instance, value); } static int get_level_name(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - dmuci_get_value_by_section_string((struct uci_section *)data, "name", value); + struct dm_data *p = (struct dm_data *)data; + dmuci_get_value_by_section_string(p->dmmap_section, "name", value); return 0; } static int get_level_description(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - dmuci_get_value_by_section_string((struct uci_section *)data, "description", value); - return 0; + struct dm_data *p = (struct dm_data *)data; + dmuci_get_value_by_section_string(p->dmmap_section, "description", value); + return 0; } static int get_level_chain(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { *value = "Device.Firewall.Chain.1"; - return 0; + return 0; } static int get_level_port_mapping_enabled(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) @@ -676,18 +702,21 @@ static int get_chain_enable(char *refparam, struct dmctx *ctx, void *data, char static int get_chain_alias(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - return bbf_get_alias(ctx, (struct uci_section *)data, "firewall_chain_alias", instance, value); + struct dm_data *p = (struct dm_data *)data; + return bbf_get_alias(ctx, p->dmmap_section, "firewall_chain_alias", instance, value); } static int get_chain_name(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - dmuci_get_value_by_section_string((struct uci_section *)data, "name", value); + struct dm_data *p = (struct dm_data *)data; + dmuci_get_value_by_section_string(p->dmmap_section, "name", value); return 0; } static int get_chain_creator(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - dmuci_get_value_by_section_string((struct uci_section *)data, "creator", value); + struct dm_data *p = (struct dm_data *)data; + dmuci_get_value_by_section_string(p->dmmap_section, "creator", value); return 0; } @@ -702,14 +731,15 @@ static int get_chain_rule_number_of_entries(char *refparam, struct dmctx *ctx, v /*#Device.Firewall.Chain.{i}.Rule.{i}.Enable!UCI:firewall/rule,@i-1/enabled*/ static int get_rule_enable(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); if (rule_args->is_dynamic_rule) { *value = "1"; } else { char *v; - dmuci_get_value_by_section_string(rule_args->config_section, "enabled", &v); + dmuci_get_value_by_section_string(p->config_section, "enabled", &v); *value = (*v == 'n' || *v == '0' ) ? "0" : "1"; } @@ -719,14 +749,15 @@ static int get_rule_enable(char *refparam, struct dmctx *ctx, void *data, char * /*#Device.Firewall.Chain.{i}.Rule.{i}.Status!UCI:firewall/rule,@i-1/enabled*/ static int get_rule_status(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); if (rule_args->is_dynamic_rule) { *value = "Enabled"; } else { char *v; - dmuci_get_value_by_section_string(rule_args->config_section, "enabled", &v); + dmuci_get_value_by_section_string(p->config_section, "enabled", &v); *value = (*v == 'n' || *v == '0') ? "Disabled" : "Enabled"; } @@ -735,12 +766,13 @@ static int get_rule_status(char *refparam, struct dmctx *ctx, void *data, char * static int get_rule_order(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); if (rule_args->is_dynamic_rule && DM_STRCMP(rule_args->creator, "Defaults") != 0) { *value = instance; } else { - dmuci_get_value_by_section_string(rule_args->dmmap_section, "order", value); + dmuci_get_value_by_section_string(p->dmmap_section, "order", value); } return 0; @@ -749,25 +781,27 @@ static int get_rule_order(char *refparam, struct dmctx *ctx, void *data, char *i /*#Device.Firewall.Chain.{i}.Rule.{i}.Alias!UCI:dmmap_firewall/rule,@i-1/firewall_chain_rule_alias*/ static int get_rule_alias(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); if (!rule_args->is_dynamic_rule) - dmuci_get_value_by_section_string(rule_args->dmmap_section, "firewall_chain_rule_alias", value); + dmuci_get_value_by_section_string(p->dmmap_section, "firewall_chain_rule_alias", value); if ((*value)[0] == '\0') dmasprintf(value, "cpe-%s", instance); - return 0; + return 0; } /*#Device.Firewall.Chain.{i}.Rule.{i}.Description!UCI:firewall/rule,@i-1/name*/ static int get_rule_description(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); if (rule_args->is_dynamic_rule) { *value = (rule_args->dynamic_rule && rule_args->dynamic_rule[5]) ? rule_args->dynamic_rule[5] : ""; } else { - dmuci_get_value_by_section_string(rule_args->config_section, "name", value); + dmuci_get_value_by_section_string(p->config_section, "name", value); } return 0; @@ -776,14 +810,15 @@ static int get_rule_description(char *refparam, struct dmctx *ctx, void *data, c /*#Device.Firewall.Chain.{i}.Rule.{i}.Target!UCI:firewall/rule,@i-1/target*/ static int get_rule_target(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); if (rule_args->is_dynamic_rule) { *value = "Accept"; } else { char *target; - dmuci_get_value_by_section_string(rule_args->config_section, "target", &target); + dmuci_get_value_by_section_string(p->config_section, "target", &target); if (DM_STRLEN(target) == 0) { *value = "Accept"; } else { @@ -806,14 +841,15 @@ static int get_rule_target(char *refparam, struct dmctx *ctx, void *data, char * /*#Device.Firewall.Chain.{i}.Rule.{i}.Log!UCI:firewall/rule,@i-1/log*/ static int get_rule_log(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); if (rule_args->is_dynamic_rule) { *value = "0"; } else { char *v; - dmuci_get_value_by_section_string(rule_args->config_section, "log", &v); + dmuci_get_value_by_section_string(p->config_section, "log", &v); *value = (*v == '1' ) ? "1" : "0"; } @@ -822,12 +858,13 @@ static int get_rule_log(char *refparam, struct dmctx *ctx, void *data, char *ins static int get_FirewallChainRule_CreationDate(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); if (rule_args->is_dynamic_rule) { *value = "0001-01-01T00:00:00Z"; } else { - *value = dmuci_get_value_by_section_fallback_def(rule_args->dmmap_section, "creation_date", "0001-01-01T00:00:00Z"); + *value = dmuci_get_value_by_section_fallback_def(p->dmmap_section, "creation_date", "0001-01-01T00:00:00Z"); } return 0; @@ -836,13 +873,14 @@ static int get_FirewallChainRule_CreationDate(char *refparam, struct dmctx *ctx, /*#Device.Firewall.Chain.{i}.Rule.{i}.ExpiryDate!UCI:firewall/rule,@i-1/expiry*/ static int get_FirewallChainRule_ExpiryDate(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); char *expiry_date = NULL; if (rule_args->is_dynamic_rule) { expiry_date = (rule_args->dynamic_rule && rule_args->dynamic_rule[4]) ? rule_args->dynamic_rule[4] : ""; } else { - dmuci_get_value_by_section_string(rule_args->config_section, "expiry", &expiry_date); + dmuci_get_value_by_section_string(p->config_section, "expiry", &expiry_date); } if (DM_STRLEN(expiry_date) != 0 && DM_STRTOL(expiry_date) > 0) { @@ -860,7 +898,8 @@ static int get_FirewallChainRule_ExpiryDate(char *refparam, struct dmctx *ctx, v static int set_FirewallChainRule_ExpiryDate(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); char expiry_date[16]; struct tm tm; @@ -870,12 +909,12 @@ static int set_FirewallChainRule_ExpiryDate(char *refparam, struct dmctx *ctx, v return FAULT_9007; break; case VALUESET: - if (((struct rule_sec *)data)->is_dynamic_rule) + if (rule_args->is_dynamic_rule) break; strptime(value, "%Y-%m-%dT%H:%M:%SZ", &tm); snprintf(expiry_date, sizeof(expiry_date), "%lld", (long long)timegm(&tm)); - dmuci_set_value_by_section(rule_args->config_section, "expiry", expiry_date); + dmuci_set_value_by_section(p->config_section, "expiry", expiry_date); break; } return 0; @@ -883,7 +922,8 @@ static int set_FirewallChainRule_ExpiryDate(char *refparam, struct dmctx *ctx, v static int get_rule_source_interface(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); char *src = NULL; if (rule_args->is_dynamic_rule) { @@ -891,12 +931,12 @@ static int get_rule_source_interface(char *refparam, struct dmctx *ctx, void *da } else { struct uci_list *net_list = NULL; - dmuci_get_value_by_section_string(rule_args->config_section, "src", &src); + dmuci_get_value_by_section_string(p->config_section, "src", &src); if (src == NULL || *src == '\0') return 0; if (DM_LSTRCMP(src, "*") == 0) { - dmuci_get_value_by_section_string(rule_args->dmmap_section, "src", &src); + dmuci_get_value_by_section_string(p->dmmap_section, "src", &src); } else { struct uci_section *s = NULL; char *zone_name = NULL; @@ -929,14 +969,15 @@ static int get_rule_source_interface(char *refparam, struct dmctx *ctx, void *da static int get_rule_source_all_interfaces(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); if (rule_args->is_dynamic_rule) { *value = "0"; } else { char *v; - dmuci_get_value_by_section_string(rule_args->config_section, "src", &v); + dmuci_get_value_by_section_string(p->config_section, "src", &v); *value = (*v == '*') ? "1" : "0"; } @@ -945,7 +986,8 @@ static int get_rule_source_all_interfaces(char *refparam, struct dmctx *ctx, voi static int get_rule_dest_interface(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); char *dest = NULL; if (rule_args->is_dynamic_rule) { @@ -953,12 +995,12 @@ static int get_rule_dest_interface(char *refparam, struct dmctx *ctx, void *data } else { struct uci_list *net_list = NULL; - dmuci_get_value_by_section_string(rule_args->config_section, "dest", &dest); + dmuci_get_value_by_section_string(p->config_section, "dest", &dest); if (dest == NULL || *dest == '\0') return 0; if (DM_LSTRCMP(dest, "*") == 0) { - dmuci_get_value_by_section_string(rule_args->dmmap_section, "dest", &dest); + dmuci_get_value_by_section_string(p->dmmap_section, "dest", &dest); } else { struct uci_section *s = NULL; char *zone_name = NULL; @@ -991,14 +1033,15 @@ static int get_rule_dest_interface(char *refparam, struct dmctx *ctx, void *data static int get_rule_dest_all_interfaces(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); if (rule_args->is_dynamic_rule) { *value = "0"; } else { char *v; - dmuci_get_value_by_section_string(rule_args->config_section, "dest", &v); + dmuci_get_value_by_section_string(p->config_section, "dest", &v); *value = (*v == '*') ? "1" : "0"; } @@ -1008,14 +1051,15 @@ static int get_rule_dest_all_interfaces(char *refparam, struct dmctx *ctx, void /*#Device.Firewall.Chain.{i}.Rule.{i}.IPVersion!UCI:firewall/rule,@i-1/family*/ static int get_rule_i_p_version(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); if (rule_args->is_dynamic_rule) { *value = "-1"; } else { char *ipversion; - dmuci_get_value_by_section_string(rule_args->config_section, "family", &ipversion); + dmuci_get_value_by_section_string(p->config_section, "family", &ipversion); if (strcasecmp(ipversion, "ipv4") == 0) { *value = "4"; } else if (strcasecmp(ipversion, "ipv6") == 0) { @@ -1031,14 +1075,15 @@ static int get_rule_i_p_version(char *refparam, struct dmctx *ctx, void *data, c /*#Device.Firewall.Chain.{i}.Rule.{i}.DestIp!UCI:firewall/rule,@i-1/dest_ip*/ static int get_rule_dest_ip(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); if (rule_args->is_dynamic_rule) { *value = (rule_args->dynamic_rule && rule_args->dynamic_rule[2]) ? rule_args->dynamic_rule[2] : ""; } else { char buf[64], *pch, *destip; - dmuci_get_value_by_section_string(rule_args->config_section, "dest_ip", &destip); + dmuci_get_value_by_section_string(p->config_section, "dest_ip", &destip); DM_STRNCPY(buf, destip, sizeof(buf)); pch = DM_STRCHR(buf, '/'); if (pch) *pch = '\0'; @@ -1051,7 +1096,8 @@ static int get_rule_dest_ip(char *refparam, struct dmctx *ctx, void *data, char /*#Device.Firewall.Chain.{i}.Rule.{i}.DestMask!UCI:firewall/rule,@i-1/dest_ip*/ static int get_rule_dest_mask(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); char *pch, *destip; if (rule_args->is_dynamic_rule) { @@ -1059,7 +1105,7 @@ static int get_rule_dest_mask(char *refparam, struct dmctx *ctx, void *data, cha return 0; } - dmuci_get_value_by_section_string(rule_args->config_section, "dest_ip", &destip); + dmuci_get_value_by_section_string(p->config_section, "dest_ip", &destip); if (*destip == '\0') return 0; @@ -1069,7 +1115,7 @@ static int get_rule_dest_mask(char *refparam, struct dmctx *ctx, void *data, cha } else { char *family; - dmuci_get_value_by_section_string(rule_args->config_section, "family", &family); + dmuci_get_value_by_section_string(p->config_section, "family", &family); dmasprintf(value, "%s/%s", destip, DM_LSTRCMP(family, "ipv6") == 0 ? "128" : "32"); } return 0; @@ -1078,7 +1124,8 @@ static int get_rule_dest_mask(char *refparam, struct dmctx *ctx, void *data, cha /*#Device.Firewall.Chain.{i}.Rule.{i}.SourceIp!UCI:firewall/rule,@i-1/src_ip*/ static int get_rule_source_ip(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); char buf[64], *pch, *srcip; if (rule_args->is_dynamic_rule) { @@ -1086,7 +1133,7 @@ static int get_rule_source_ip(char *refparam, struct dmctx *ctx, void *data, cha return 0; } - dmuci_get_value_by_section_string(rule_args->config_section, "src_ip", &srcip); + dmuci_get_value_by_section_string(p->config_section, "src_ip", &srcip); DM_STRNCPY(buf, srcip, sizeof(buf)); pch = DM_STRCHR(buf, '/'); if (pch) @@ -1098,7 +1145,8 @@ static int get_rule_source_ip(char *refparam, struct dmctx *ctx, void *data, cha /*#Device.Firewall.Chain.{i}.Rule.{i}.SourceMask!UCI:firewall/rule,@i-1/src_ip*/ static int get_rule_source_mask(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); char *pch, *srcip; if (rule_args->is_dynamic_rule) { @@ -1106,7 +1154,7 @@ static int get_rule_source_mask(char *refparam, struct dmctx *ctx, void *data, c return 0; } - dmuci_get_value_by_section_string(rule_args->config_section, "src_ip", &srcip); + dmuci_get_value_by_section_string(p->config_section, "src_ip", &srcip); if (*srcip == '\0') return 0; @@ -1116,7 +1164,7 @@ static int get_rule_source_mask(char *refparam, struct dmctx *ctx, void *data, c } else { char *family; - dmuci_get_value_by_section_string(rule_args->config_section, "family", &family); + dmuci_get_value_by_section_string(p->config_section, "family", &family); dmasprintf(value, "%s/%s", srcip, DM_LSTRCMP(family, "ipv6") == 0 ? "128" : "32"); } return 0; @@ -1125,13 +1173,14 @@ static int get_rule_source_mask(char *refparam, struct dmctx *ctx, void *data, c /*#Device.Firewall.Chain.{i}.Rule.{i}.Protocol!UCI:firewall/rule,@i-1/proto*/ static int get_rule_protocol(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); char *proto = NULL, buf[256], protocol[32], protocol_nbr[16]; if (rule_args->is_dynamic_rule) { proto = (rule_args->dynamic_rule && rule_args->dynamic_rule[0]) ? rule_args->dynamic_rule[0] : "255"; } else { - dmuci_get_value_by_section_string(rule_args->config_section, "proto", &proto); + dmuci_get_value_by_section_string(p->config_section, "proto", &proto); if (DM_STRLEN(proto) == 0 || strchr(proto, ' ')) { *value = "255"; @@ -1169,14 +1218,15 @@ static int get_rule_protocol(char *refparam, struct dmctx *ctx, void *data, char /*#Device.Firewall.Chain.{i}.Rule.{i}.DestPort!UCI:firewall/rule,@i-1/dest_port*/ static int get_rule_dest_port(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); if (rule_args->is_dynamic_rule) { *value = (rule_args->dynamic_rule && rule_args->dynamic_rule[1]) ? rule_args->dynamic_rule[1] : "-1"; } else { char *tmp, *v; - dmuci_get_value_by_section_string(rule_args->config_section, "dest_port", &v); + dmuci_get_value_by_section_string(p->config_section, "dest_port", &v); v = dmstrdup(v); tmp = DM_STRCHR(v, ':'); if (tmp == NULL) @@ -1196,7 +1246,8 @@ static int get_rule_dest_port(char *refparam, struct dmctx *ctx, void *data, cha /*#Device.Firewall.Chain.{i}.Rule.{i}.DestPortRangeMax!UCI:firewall/rule,@i-1/dest_port*/ static int get_rule_dest_port_range_max(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); char *tmp, *v; if (rule_args->is_dynamic_rule) { @@ -1204,7 +1255,7 @@ static int get_rule_dest_port_range_max(char *refparam, struct dmctx *ctx, void return 0; } - dmuci_get_value_by_section_string(rule_args->config_section, "dest_port", &v); + dmuci_get_value_by_section_string(p->config_section, "dest_port", &v); tmp = DM_STRCHR(v, ':'); if (tmp == NULL) tmp = DM_STRCHR(v, '-'); @@ -1215,14 +1266,15 @@ static int get_rule_dest_port_range_max(char *refparam, struct dmctx *ctx, void /*#Device.Firewall.Chain.{i}.Rule.{i}.SourcePort!UCI:firewall/rule,@i-1/src_port*/ static int get_rule_source_port(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); if (rule_args->is_dynamic_rule) { *value = (rule_args->dynamic_rule && rule_args->dynamic_rule[3]) ? rule_args->dynamic_rule[3] : "-1"; } else { char *tmp, *v; - dmuci_get_value_by_section_string(rule_args->config_section, "src_port", &v); + dmuci_get_value_by_section_string(p->config_section, "src_port", &v); v = dmstrdup(v); tmp = DM_STRCHR(v, ':'); if (tmp == NULL) @@ -1242,7 +1294,8 @@ static int get_rule_source_port(char *refparam, struct dmctx *ctx, void *data, c /*#Device.Firewall.Chain.{i}.Rule.{i}.SourcePortRangeMax!UCI:firewall/rule,@i-1/src_port*/ static int get_rule_source_port_range_max(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value) { - struct rule_sec *rule_args = (struct rule_sec *)data; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule_args = (struct rule_sec *)(p->additional_data); char *tmp, *v; if (rule_args->is_dynamic_rule) { @@ -1250,7 +1303,7 @@ static int get_rule_source_port_range_max(char *refparam, struct dmctx *ctx, voi return 0; } - dmuci_get_value_by_section_string(rule_args->config_section, "src_port", &v); + dmuci_get_value_by_section_string(p->config_section, "src_port", &v); tmp = DM_STRCHR(v, ':'); if (tmp == NULL) tmp = DM_STRCHR(v, '-'); @@ -1312,18 +1365,20 @@ static int set_firewall_advanced_level(char *refparam, struct dmctx *ctx, void * static int set_level_alias(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { - return bbf_set_alias(ctx, (struct uci_section *)data, "firewall_level_alias", instance, value); + struct dm_data *p = (struct dm_data *)data; + return bbf_set_alias(ctx, p->dmmap_section, "firewall_level_alias", instance, value); } static int set_level_name(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { + struct dm_data *p = (struct dm_data *)data; switch (action) { case VALUECHECK: if (bbfdm_validate_string(ctx, value, -1, 64, NULL, NULL)) return FAULT_9007; break; case VALUESET: - dmuci_set_value_by_section_bbfdm((struct uci_section *)data, "name", value); + dmuci_set_value_by_section_bbfdm(p->dmmap_section, "name", value); break; } return 0; @@ -1331,13 +1386,14 @@ static int set_level_name(char *refparam, struct dmctx *ctx, void *data, char *i static int set_level_description(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { + struct dm_data *p = (struct dm_data *)data; switch (action) { case VALUECHECK: if (bbfdm_validate_string(ctx, value, -1, 256, NULL, NULL)) return FAULT_9007; break; case VALUESET: - dmuci_set_value_by_section_bbfdm((struct uci_section *)data, "description", value); + dmuci_set_value_by_section_bbfdm(p->dmmap_section, "description", value); break; } return 0; @@ -1438,18 +1494,20 @@ static int set_chain_enable(char *refparam, struct dmctx *ctx, void *data, char static int set_chain_alias(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { - return bbf_set_alias(ctx, (struct uci_section *)data, "firewall_chain_alias", instance, value); + struct dm_data *p = (struct dm_data *)data; + return bbf_set_alias(ctx, p->dmmap_section, "firewall_chain_alias", instance, value); } static int set_chain_name(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { + struct dm_data *p = (struct dm_data *)data; switch (action) { case VALUECHECK: if (bbfdm_validate_string(ctx, value, -1, 64, NULL, NULL)) return FAULT_9007; break; case VALUESET: - dmuci_set_value_by_section_bbfdm((struct uci_section *)data, "name", value); + dmuci_set_value_by_section_bbfdm(p->dmmap_section, "name", value); break; } return 0; @@ -1458,6 +1516,8 @@ static int set_chain_name(char *refparam, struct dmctx *ctx, void *data, char *i static int set_rule_enable(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { bool b; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule = (struct rule_sec *)(p->additional_data); switch (action) { case VALUECHECK: @@ -1465,11 +1525,11 @@ static int set_rule_enable(char *refparam, struct dmctx *ctx, void *data, char * return FAULT_9007; break; case VALUESET: - if (((struct rule_sec *)data)->is_dynamic_rule) + if (rule->is_dynamic_rule) break; string_to_bool(value, &b); - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "enabled", b ? "1" : "0"); + dmuci_set_value_by_section(p->config_section, "enabled", b ? "1" : "0"); break; } return 0; @@ -1482,6 +1542,8 @@ static int set_rule_order(char *refparam, struct dmctx *ctx, void *data, char *i char *rules_num = NULL; char *curr_order = NULL; char buf[8] = {0}; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule = (struct rule_sec *)(p->additional_data); s = get_dup_section_in_dmmap_opt("dmmap_firewall", "chain", "creator", "Defaults"); @@ -1498,10 +1560,10 @@ static int set_rule_order(char *refparam, struct dmctx *ctx, void *data, char *i break; case VALUESET: - if (((struct rule_sec *)data)->is_dynamic_rule) + if (rule->is_dynamic_rule) break; - dmuci_get_value_by_section_string(((struct rule_sec *)data)->dmmap_section, "order", &curr_order); + dmuci_get_value_by_section_string(p->dmmap_section, "order", &curr_order); if (DM_STRTOUL(curr_order) > DM_STRTOUL(value)) update_rule_order(value, curr_order, true); else @@ -1510,8 +1572,8 @@ static int set_rule_order(char *refparam, struct dmctx *ctx, void *data, char *i dmuci_get_value_by_section_string(s, "rule_start_pos", &rule_start_pos); snprintf(buf, sizeof(buf), "%lu", DM_STRTOUL(rule_start_pos) + DM_STRTOUL(value) - 1); - dmuci_reoder_section_by_section(((struct rule_sec *)data)->config_section, buf); - dmuci_set_value_by_section(((struct rule_sec *)data)->dmmap_section, "order", value); + dmuci_reoder_section_by_section(p->config_section, buf); + dmuci_set_value_by_section(p->dmmap_section, "order", value); break; } return 0; @@ -1519,21 +1581,24 @@ static int set_rule_order(char *refparam, struct dmctx *ctx, void *data, char *i static int set_rule_alias(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { - return bbf_set_alias(ctx, ((struct rule_sec *)data)->dmmap_section, "firewall_chain_rule_alias", instance, value); + struct dm_data *p = (struct dm_data *)data; + return bbf_set_alias(ctx, p->dmmap_section, "firewall_chain_rule_alias", instance, value); } static int set_rule_description(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule = (struct rule_sec *)(p->additional_data); switch (action) { case VALUECHECK: if (bbfdm_validate_string(ctx, value, -1, 256, NULL, NULL)) return FAULT_9007; break; case VALUESET: - if (((struct rule_sec *)data)->is_dynamic_rule) + if (rule->is_dynamic_rule) break; - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "name", value); + dmuci_set_value_by_section(p->config_section, "name", value); break; } return 0; @@ -1541,6 +1606,8 @@ static int set_rule_description(char *refparam, struct dmctx *ctx, void *data, c static int set_rule_target(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule = (struct rule_sec *)(p->additional_data); char *Target[] = {"Drop", "Accept", "Reject", "Return", "TargetChain", NULL}; switch (action) { @@ -1549,17 +1616,17 @@ static int set_rule_target(char *refparam, struct dmctx *ctx, void *data, char * return FAULT_9007; break; case VALUESET: - if (((struct rule_sec *)data)->is_dynamic_rule) + if (rule->is_dynamic_rule) break; if (strcasecmp(value, "Accept") == 0) - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "target", "ACCEPT"); + dmuci_set_value_by_section(p->config_section, "target", "ACCEPT"); else if (strcasecmp(value, "Reject") == 0) - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "target", "REJECT"); + dmuci_set_value_by_section(p->config_section, "target", "REJECT"); else if (strcasecmp(value, "Drop") == 0) - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "target", "DROP"); + dmuci_set_value_by_section(p->config_section, "target", "DROP"); else if (strcasecmp(value, "Return") == 0) - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "target", "MARK"); + dmuci_set_value_by_section(p->config_section, "target", "MARK"); break; } return 0; @@ -1567,6 +1634,8 @@ static int set_rule_target(char *refparam, struct dmctx *ctx, void *data, char * static int set_rule_log(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule = (struct rule_sec *)(p->additional_data); bool b; switch (action) { @@ -1575,11 +1644,11 @@ static int set_rule_log(char *refparam, struct dmctx *ctx, void *data, char *ins return FAULT_9007; break; case VALUESET: - if (((struct rule_sec *)data)->is_dynamic_rule) + if (rule->is_dynamic_rule) break; string_to_bool(value, &b); - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "log", b ? "1" : ""); + dmuci_set_value_by_section(p->config_section, "log", b ? "1" : ""); break; } return 0; @@ -1587,6 +1656,8 @@ static int set_rule_log(char *refparam, struct dmctx *ctx, void *data, char *ins static int set_rule_interface(struct dmctx *ctx, void *data, char *type, char *value, int action) { + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule = (struct rule_sec *)(p->additional_data); char *allowed_objects[] = {"Device.IP.Interface.", NULL}; struct dm_reference reference = {0}; char *option = NULL; @@ -1603,13 +1674,13 @@ static int set_rule_interface(struct dmctx *ctx, void *data, char *type, char *v break; case VALUESET: - if (((struct rule_sec *)data)->is_dynamic_rule) + if (rule->is_dynamic_rule) break; - dmuci_get_value_by_section_string(((struct rule_sec *)data)->config_section, type, &option); + dmuci_get_value_by_section_string(p->config_section, type, &option); if (DM_STRLEN(reference.path) == 0) { - dmuci_set_value_by_section((option && DM_LSTRCMP(option, "*") == 0) ? ((struct rule_sec *)data)->dmmap_section : ((struct rule_sec *)data)->config_section, type, ""); + dmuci_set_value_by_section((option && DM_LSTRCMP(option, "*") == 0) ? p->dmmap_section : p->config_section, type, ""); } else { if (DM_STRLEN(reference.value)) { @@ -1617,7 +1688,7 @@ static int set_rule_interface(struct dmctx *ctx, void *data, char *type, char *v if (!firewall_zone_exists(reference.value)) firewall__create_zone_section(reference.value); - dmuci_set_value_by_section((option && DM_LSTRCMP(option, "*") == 0) ? ((struct rule_sec *)data)->dmmap_section : ((struct rule_sec *)data)->config_section, type, reference.value); + dmuci_set_value_by_section((option && DM_LSTRCMP(option, "*") == 0) ? p->dmmap_section : p->config_section, type, reference.value); } } break; @@ -1634,6 +1705,8 @@ static int set_rule_source_all_interfaces(char *refparam, struct dmctx *ctx, voi { char *src; bool b; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule = (struct rule_sec *)(p->additional_data); switch (action) { case VALUECHECK: @@ -1641,25 +1714,25 @@ static int set_rule_source_all_interfaces(char *refparam, struct dmctx *ctx, voi return FAULT_9007; break; case VALUESET: - if (((struct rule_sec *)data)->is_dynamic_rule) + if (rule->is_dynamic_rule) break; string_to_bool(value, &b); if (b) { // Get the current 'src' option - dmuci_get_value_by_section_string(((struct rule_sec *)data)->config_section, "src", &src); + dmuci_get_value_by_section_string(p->config_section, "src", &src); // Save 'src' option in the associated dmmap rule section - dmuci_set_value_by_section(((struct rule_sec *)data)->dmmap_section, "src", src); + dmuci_set_value_by_section(p->dmmap_section, "src", src); // Set the current 'src' option - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "src", "*"); + dmuci_set_value_by_section(p->config_section, "src", "*"); } else { // Get 'src' option from the associated dmmap rule section - dmuci_get_value_by_section_string(((struct rule_sec *)data)->dmmap_section, "src", &src); + dmuci_get_value_by_section_string(p->dmmap_section, "src", &src); // Set the current 'src' option - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "src", src); + dmuci_set_value_by_section(p->config_section, "src", src); } break; } @@ -1675,6 +1748,8 @@ static int set_rule_dest_all_interfaces(char *refparam, struct dmctx *ctx, void { char *dest; bool b; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule = (struct rule_sec *)(p->additional_data); switch (action) { case VALUECHECK: @@ -1682,25 +1757,25 @@ static int set_rule_dest_all_interfaces(char *refparam, struct dmctx *ctx, void return FAULT_9007; break; case VALUESET: - if (((struct rule_sec *)data)->is_dynamic_rule) + if (rule->is_dynamic_rule) break; string_to_bool(value, &b); if (b) { // Get the current 'dest' option - dmuci_get_value_by_section_string(((struct rule_sec *)data)->config_section, "dest", &dest); + dmuci_get_value_by_section_string(p->config_section, "dest", &dest); // Save 'dest' option in the associated dmmap rule section - dmuci_set_value_by_section(((struct rule_sec *)data)->dmmap_section, "dest", dest); + dmuci_set_value_by_section(p->dmmap_section, "dest", dest); // Set the current 'dest' option - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "dest", "*"); + dmuci_set_value_by_section(p->config_section, "dest", "*"); } else { // Get 'dest' option from the associated dmmap rule section - dmuci_get_value_by_section_string(((struct rule_sec *)data)->dmmap_section, "dest", &dest); + dmuci_get_value_by_section_string(p->dmmap_section, "dest", &dest); // Set the current 'dest' option - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "dest", dest); + dmuci_set_value_by_section(p->config_section, "dest", dest); } break; } @@ -1709,21 +1784,23 @@ static int set_rule_dest_all_interfaces(char *refparam, struct dmctx *ctx, void static int set_rule_i_p_version(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule = (struct rule_sec *)(p->additional_data); switch (action) { case VALUECHECK: if (bbfdm_validate_int(ctx, value, RANGE_ARGS{{"-1","15"}}, 1)) return FAULT_9007; break; case VALUESET: - if (((struct rule_sec *)data)->is_dynamic_rule) + if (rule->is_dynamic_rule) break; if (DM_LSTRCMP(value, "4") == 0) - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "family", "ipv4"); + dmuci_set_value_by_section(p->config_section, "family", "ipv4"); else if (DM_LSTRCMP(value, "6") == 0) - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "family", "ipv6"); + dmuci_set_value_by_section(p->config_section, "family", "ipv6"); else if (DM_LSTRCMP(value, "-1") == 0) - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "family", ""); + dmuci_set_value_by_section(p->config_section, "family", ""); break; } return 0; @@ -1732,6 +1809,8 @@ static int set_rule_i_p_version(char *refparam, struct dmctx *ctx, void *data, c static int set_rule_dest_ip(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { char buf[64], new[64], *pch, *destip; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule = (struct rule_sec *)(p->additional_data); switch (action) { case VALUECHECK: @@ -1739,17 +1818,17 @@ static int set_rule_dest_ip(char *refparam, struct dmctx *ctx, void *data, char return FAULT_9007; break; case VALUESET: - if (((struct rule_sec *)data)->is_dynamic_rule) + if (rule->is_dynamic_rule) break; - dmuci_get_value_by_section_string(((struct rule_sec *)data)->config_section, "dest_ip", &destip); + dmuci_get_value_by_section_string(p->config_section, "dest_ip", &destip); DM_STRNCPY(buf, destip, sizeof(buf)); pch = DM_STRCHR(buf, '/'); if (pch) snprintf(new, sizeof(new), "%s%s", value, pch); else DM_STRNCPY(new, value, sizeof(new)); - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "dest_ip", new); + dmuci_set_value_by_section(p->config_section, "dest_ip", new); break; } return 0; @@ -1758,6 +1837,8 @@ static int set_rule_dest_ip(char *refparam, struct dmctx *ctx, void *data, char static int set_rule_dest_mask(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { char new[64], *pch, *destip; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule = (struct rule_sec *)(p->additional_data); switch (action) { case VALUECHECK: @@ -1765,10 +1846,10 @@ static int set_rule_dest_mask(char *refparam, struct dmctx *ctx, void *data, cha return FAULT_9007; break; case VALUESET: - if (((struct rule_sec *)data)->is_dynamic_rule) + if (rule->is_dynamic_rule) break; - dmuci_get_value_by_section_string(((struct rule_sec *)data)->config_section, "dest_ip", &destip); + dmuci_get_value_by_section_string(p->config_section, "dest_ip", &destip); pch = DM_STRCHR(destip, '/'); if (pch) *pch = '\0'; @@ -1778,7 +1859,7 @@ static int set_rule_dest_mask(char *refparam, struct dmctx *ctx, void *data, cha return 0; snprintf(new, sizeof(new), "%s%s", destip, pch); - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "dest_ip", new); + dmuci_set_value_by_section(p->config_section, "dest_ip", new); break; } return 0; @@ -1787,6 +1868,8 @@ static int set_rule_dest_mask(char *refparam, struct dmctx *ctx, void *data, cha static int set_rule_source_ip(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { char buf[64], new[64], *pch, *srcip; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule = (struct rule_sec *)(p->additional_data); switch (action) { case VALUECHECK: @@ -1794,17 +1877,17 @@ static int set_rule_source_ip(char *refparam, struct dmctx *ctx, void *data, cha return FAULT_9007; break; case VALUESET: - if (((struct rule_sec *)data)->is_dynamic_rule) + if (rule->is_dynamic_rule) break; - dmuci_get_value_by_section_string(((struct rule_sec *)data)->config_section, "src_ip", &srcip); + dmuci_get_value_by_section_string(p->config_section, "src_ip", &srcip); DM_STRNCPY(buf, srcip, sizeof(buf)); pch = DM_STRCHR(buf, '/'); if (pch) snprintf(new, sizeof(new), "%s%s", value, pch); else DM_STRNCPY(new, value, sizeof(new)); - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "src_ip", new); + dmuci_set_value_by_section(p->config_section, "src_ip", new); break; } return 0; @@ -1813,6 +1896,8 @@ static int set_rule_source_ip(char *refparam, struct dmctx *ctx, void *data, cha static int set_rule_source_mask(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { char new[64], *pch, *srcip; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule = (struct rule_sec *)(p->additional_data); switch (action) { case VALUECHECK: @@ -1820,10 +1905,10 @@ static int set_rule_source_mask(char *refparam, struct dmctx *ctx, void *data, c return FAULT_9007; break; case VALUESET: - if (((struct rule_sec *)data)->is_dynamic_rule) + if (rule->is_dynamic_rule) break; - dmuci_get_value_by_section_string(((struct rule_sec *)data)->config_section, "src_ip", &srcip); + dmuci_get_value_by_section_string(p->config_section, "src_ip", &srcip); pch = DM_STRCHR(srcip, '/'); if (pch) *pch = '\0'; @@ -1833,7 +1918,7 @@ static int set_rule_source_mask(char *refparam, struct dmctx *ctx, void *data, c return 0; snprintf(new, sizeof(new), "%s%s", srcip, pch); - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "src_ip", new); + dmuci_set_value_by_section(p->config_section, "src_ip", new); break; } return 0; @@ -1841,16 +1926,18 @@ static int set_rule_source_mask(char *refparam, struct dmctx *ctx, void *data, c static int set_rule_protocol(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule = (struct rule_sec *)(p->additional_data); switch (action) { case VALUECHECK: if (bbfdm_validate_int(ctx, value, RANGE_ARGS{{"-1","255"}}, 1)) return FAULT_9007; break; case VALUESET: - if (((struct rule_sec *)data)->is_dynamic_rule) + if (rule->is_dynamic_rule) break; - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "proto", (*value == '-') ? "0" : value); + dmuci_set_value_by_section(p->config_section, "proto", (*value == '-') ? "0" : value); break; } return 0; @@ -1859,6 +1946,8 @@ static int set_rule_protocol(char *refparam, struct dmctx *ctx, void *data, char static int set_rule_dest_port(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { char buffer[64], *v, *tmp = NULL; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule = (struct rule_sec *)(p->additional_data); switch (action) { case VALUECHECK: @@ -1866,12 +1955,12 @@ static int set_rule_dest_port(char *refparam, struct dmctx *ctx, void *data, cha return FAULT_9007; break; case VALUESET: - if (((struct rule_sec *)data)->is_dynamic_rule) + if (rule->is_dynamic_rule) break; if (*value == '-') value = ""; - dmuci_get_value_by_section_string(((struct rule_sec *)data)->config_section, "dest_port", &v); + dmuci_get_value_by_section_string(p->config_section, "dest_port", &v); tmp = DM_STRCHR(v, ':'); if (tmp == NULL) tmp = DM_STRCHR(v, '-'); @@ -1879,7 +1968,7 @@ static int set_rule_dest_port(char *refparam, struct dmctx *ctx, void *data, cha snprintf(buffer, sizeof(buffer), "%s", value); else snprintf(buffer, sizeof(buffer), "%s%s", value, tmp); - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "dest_port", buffer); + dmuci_set_value_by_section(p->config_section, "dest_port", buffer); break; } return 0; @@ -1888,6 +1977,8 @@ static int set_rule_dest_port(char *refparam, struct dmctx *ctx, void *data, cha static int set_rule_dest_port_range_max(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { char *v, *tmp, *buf, buffer[64]; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule = (struct rule_sec *)(p->additional_data); switch (action) { case VALUECHECK: @@ -1895,10 +1986,10 @@ static int set_rule_dest_port_range_max(char *refparam, struct dmctx *ctx, void return FAULT_9007; break; case VALUESET: - if (((struct rule_sec *)data)->is_dynamic_rule) + if (rule->is_dynamic_rule) break; - dmuci_get_value_by_section_string(((struct rule_sec *)data)->config_section, "dest_port", &v); + dmuci_get_value_by_section_string(p->config_section, "dest_port", &v); buf = dmstrdup(v); v = buf; tmp = DM_STRCHR(buf, ':'); @@ -1911,7 +2002,7 @@ static int set_rule_dest_port_range_max(char *refparam, struct dmctx *ctx, void else snprintf(buffer, sizeof(buffer), "%s:%s", v, value); dmfree(buf); - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "dest_port", buffer); + dmuci_set_value_by_section(p->config_section, "dest_port", buffer); break; } return 0; @@ -1920,6 +2011,8 @@ static int set_rule_dest_port_range_max(char *refparam, struct dmctx *ctx, void static int set_rule_source_port(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { char buffer[64], *v, *tmp = NULL; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule = (struct rule_sec *)(p->additional_data); switch (action) { case VALUECHECK: @@ -1927,12 +2020,12 @@ static int set_rule_source_port(char *refparam, struct dmctx *ctx, void *data, c return FAULT_9007; break; case VALUESET: - if (((struct rule_sec *)data)->is_dynamic_rule) + if (rule->is_dynamic_rule) break; if (*value == '-') value = ""; - dmuci_get_value_by_section_string(((struct rule_sec *)data)->config_section, "src_port", &v); + dmuci_get_value_by_section_string(p->config_section, "src_port", &v); tmp = DM_STRCHR(v, ':'); if (tmp == NULL) tmp = DM_STRCHR(v, '-'); @@ -1940,7 +2033,7 @@ static int set_rule_source_port(char *refparam, struct dmctx *ctx, void *data, c snprintf(buffer, sizeof(buffer), "%s", value); else snprintf(buffer, sizeof(buffer), "%s%s", value, tmp); - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "src_port", buffer); + dmuci_set_value_by_section(p->config_section, "src_port", buffer); break; } return 0; @@ -1949,6 +2042,8 @@ static int set_rule_source_port(char *refparam, struct dmctx *ctx, void *data, c static int set_rule_source_port_range_max(char *refparam, struct dmctx *ctx, void *data, char *instance, char *value, int action) { char *v, *tmp, *buf, buffer[64]; + struct dm_data *p = (struct dm_data *)data; + struct rule_sec *rule = (struct rule_sec *)(p->additional_data); switch (action) { case VALUECHECK: @@ -1956,10 +2051,10 @@ static int set_rule_source_port_range_max(char *refparam, struct dmctx *ctx, voi return FAULT_9007; break; case VALUESET: - if (((struct rule_sec *)data)->is_dynamic_rule) + if (rule->is_dynamic_rule) break; - dmuci_get_value_by_section_string(((struct rule_sec *)data)->config_section, "src_port", &v); + dmuci_get_value_by_section_string(p->config_section, "src_port", &v); buf = dmstrdup(v); v = buf; tmp = DM_STRCHR(buf, ':'); @@ -1972,7 +2067,7 @@ static int set_rule_source_port_range_max(char *refparam, struct dmctx *ctx, voi else snprintf(buffer, sizeof(buffer), "%s:%s", v, value); dmfree(buf); - dmuci_set_value_by_section(((struct rule_sec *)data)->config_section, "src_port", buffer); + dmuci_set_value_by_section(p->config_section, "src_port", buffer); break; } return 0; diff --git a/src/nat_porttrigger.c b/src/nat_porttrigger.c index 6d212f5dbab91327eff7514343c8f6c17215a67c..b74d45658f5d951548f9889cc749fdb1a27cd7d0 100644 --- a/src/nat_porttrigger.c +++ b/src/nat_porttrigger.c @@ -18,13 +18,13 @@ /*#Device.NAT.PortTrigger.{i}.!UCI:port-trigger/port_trigger/dmmap_port_trigger*/ int browseNATPortTriggerInst(struct dmctx *dmctx, DMNODE *parent_node, void *prev_data, char *prev_instance) { - int inst = 0; struct uci_section *p = NULL; struct dm_data data = {0}; char *name = NULL; char *buf = NULL; uci_foreach_sections("port-trigger", "port_trigger", p) { + int inst = 0; dmuci_get_section_name(section_name(p),&name); if (name) { sscanf(name, "port_trigger_%d",&inst); @@ -45,14 +45,14 @@ static int browseNATPortTriggerRuleInst(struct dmctx *dmctx, DMNODE *parent_node { struct uci_section *p = NULL; struct dm_data data = {0}; - int inst = 0; - int ptg_inst = 0; char *name = NULL; char *buf = NULL; int parent_inst = 0; parent_inst = atoi(prev_instance); uci_foreach_sections("port-trigger", "rule", p) { + int inst = 0; + int ptg_inst = 0; dmuci_get_section_name(section_name(p),&name); if (name) { sscanf(name, "port_trigger_%d_rule_%d",&ptg_inst,&inst);