mirror/bbfdm
1
0
Fork 0
mirror of https://dev.iopsys.eu/bbf/bbfdm.git synced 2025-12-10 07:44:39 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Ticket refs #7367: Firewall: Wrong default value for Device.Firewall.Chain.{i}.Rule.Protocol

Browse source
This commit is contained in:
Amin Ben Ramdhane 2022-03-10 23:27:53 +01:00
parent 3efc5ce5e6
commit 0fb8187f07
2 changed files with 22 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
dmtree/tr181/firewall.c
View file

@ -112,6 +112,7 @@ static int add_firewall_rule(char *refparam, struct dmctx *ctx, void *data, char
dmuci_rename_section_by_section(s, s_name);
dmuci_set_value_by_section(s, "enabled", "0");
dmuci_set_value_by_section(s, "target", "DROP");
dmuci_set_value_by_section(s, "proto", "0");
dmuci_add_section_bbfdm("dmmap_firewall", "rule", &dmmap_firewall_rule);
dmuci_set_value_by_section(dmmap_firewall_rule, "section_name", s_name);
@ -606,24 +607,32 @@ static int get_rule_source_mask(char *refparam, struct dmctx *ctx, void *data, c
/*#Device.Firewall.Chain.{i}.Rule.{i}.Protocol!UCI:firewall/rule,@i-1/proto*/
static int get_rule_protocol(char *refparam, struct dmctx *ctx, void *data, char *instance, char **value)
{
FILE *fp;
char *v, buf[256], protocol[32], protocol_nbr[16];
char *proto = NULL, buf[256], protocol[32], protocol_nbr[16];
dmuci_get_value_by_section_string(((struct dmmap_dup *)data)->config_section, "proto", &v);
*value = "-1";
if (*v == '\0' || *v == '0') {
dmuci_get_value_by_section_string(((struct dmmap_dup *)data)->config_section, "proto", &proto);
if (!proto || *proto == 0 || strchr(proto, ' ')) {
*value = "255";
return 0;
}
if (isdigit_str(v)) {
*value = v;
if (*proto == '0' || strcmp(proto, "all") == 0) {
*value = "-1";
return 0;
}
fp = fopen("/etc/protocols", "r");
if (isdigit_str(proto)) {
*value = proto;
return 0;
}
FILE *fp = fopen("/etc/protocols", "r");
if (fp == NULL)
return 0;
while (fgets (buf , 256 , fp) != NULL) {
sscanf(buf, "%31s %15s", protocol, protocol_nbr);
if (DM_STRCMP(protocol, v) == 0) {
if (DM_STRCMP(protocol, proto) == 0) {
*value = dmstrdup(protocol_nbr);
fclose(fp);
return 0;
@ -1248,7 +1257,7 @@ static int set_rule_protocol(char *refparam, struct dmctx *ctx, void *data, char
return FAULT_9007;
break;
case VALUESET:
dmuci_set_value_by_section(((struct dmmap_dup *)data)->config_section, "proto", (*value == '-') ? "" : value);
dmuci_set_value_by_section(((struct dmmap_dup *)data)->config_section, "proto", (*value == '-') ? "0" : value);
break;
}
return 0;

3
docs/firewall.md Normal file
View file

@ -0,0 +1,3 @@
# How Device.Firewall.Chain.{i}.Rule.{i}. Object handles the Protocol parameter:
For Firewall rule sections, if the protocol(proto option) is not defined or if there are multiple protocols defined in the rule like proto='tcp udp' then in those cases the 'Device.Firewall.Chain.{i}.Rule.{i}.Protocol' parameter will have as value '255' which is reserved in the protocol specification.