[bwm-tools-devel] COMMIT - r21 - trunk/bwm_firewall
Brought to you by:
nkukard
Menu
▾
▴
[bwm-tools-devel] COMMIT - r21 - trunk/bwm_firewall
|
From: SVN C. <sv...@li...> - 2005-01-03 13:39:51
|
Author: nkukard
Date: 2005-01-03 15:39:32 +0200 (Mon, 03 Jan 2005)
New Revision: 21
Modified:
trunk/bwm_firewall/bwm_firewall.c
Log:
* Change 1/4: Depletion of lib
Modified: trunk/bwm_firewall/bwm_firewall.c
===================================================================
--- trunk/bwm_firewall/bwm_firewall.c 2005-01-03 08:11:13 UTC (rev 20)
+++ trunk/bwm_firewall/bwm_firewall.c 2005-01-03 13:39:32 UTC (rev 21)
@@ -26,16 +26,20 @@
#include <glib.h>
#include <errno.h>
#include <fcntl.h>
+#include <libxml/parser.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
+#include <time.h>
#include <unistd.h>
#include "../config.h"
#include "common.h"
#include "xmlConf.h"
+
+
// return current date string like
// Sun Jan 2 21:52:25 2005
static char *date2str(char *buffer)
@@ -45,6 +49,160 @@
return buffer;
}
+
+// Function to build a list of rules which iptables-restore takes
+static GList *createFirewallRules(char *filename)
+{
+ xmlDocPtr doc;
+ xmlNodePtr cur;
+ GHashTable *classHash = NULL;
+ GHashTable *fwHash = NULL;
+ GList *result = NULL;
+ struct confACLTable_t *tmpTable;
+ struct confACLChain_t *aChain;
+ char *tableList[] = {"filter","mangle",NULL};
+ char *tableName;
+ int i;
+
+
+ // Loop with a table
+ void processTable(gpointer p_key, gpointer p_value, gpointer p_user_data)
+ {
+ char *aRule;
+ char *tableName = (char *) p_key;
+ struct confACLTable_t *table = (struct confACLTable_t*) p_value;
+
+
+ // Create chains...
+ void processChains(gpointer p1_key, gpointer p1_value, gpointer p1_user_data)
+ {
+ struct confACLChain_t *chain = (struct confACLChain_t*) p1_value;
+
+
+ aRule = (char *) malloc0(BUFFER_SIZE);
+ // Check if we have a default target for the chain or not
+ if (chain->defaultTarget)
+ snprintf(aRule,BUFFER_SIZE,":%s %s\n",chain->name,chain->defaultTarget);
+ else
+ snprintf(aRule,BUFFER_SIZE,":%s -\n",chain->name);
+ result = g_list_append(result,aRule);
+ }
+
+ // Print out rules
+ void processRules(gpointer p1_key, gpointer p1_value, gpointer p1_user_data)
+ {
+ struct confACLChain_t *chain = (struct confACLChain_t*) p1_value;
+
+
+ // And each item therein
+ void processRuleset(gpointer data, gpointer user_data)
+ {
+ char *rule = (char *) data;
+
+
+ aRule = (char *) malloc0(BUFFER_SIZE);
+ snprintf(aRule,BUFFER_SIZE,"%s\n",rule);
+ result = g_list_append(result,aRule);
+ }
+
+ // Loop with all the ruleset items
+ g_list_foreach(chain->ruleset,processRuleset,NULL);
+ }
+
+
+ aRule = (char *) malloc0(BUFFER_SIZE);
+ snprintf(aRule,BUFFER_SIZE,"*%s\n",tableName);
+ result = g_list_append(result,aRule);
+
+ // First generate chain names
+ g_hash_table_foreach(table->chains,processChains,NULL);
+ // Then the rules for the chains
+ g_hash_table_foreach(table->chains,processRules,NULL);
+
+ aRule = (char *) malloc0(BUFFER_SIZE);
+ snprintf(aRule,BUFFER_SIZE,"COMMIT\n");
+ result = g_list_append(result,aRule);
+ }
+
+
+
+ // COMPAT: Do not genrate nodes for formatting spaces
+ LIBXML_TEST_VERSION
+ xmlKeepBlanksDefault(0);
+
+ // FIXME - check if file exists
+ // Build an XML tree from a the file
+ doc = xmlParseFile(filename);
+ if (doc == NULL)
+ return(NULL);
+
+ // Check the document is of the right kind
+ cur = xmlDocGetRootElement(doc);
+ if (cur == NULL)
+ {
+ fprintf(stderr,"ERROR: Empty document\n");
+ xmlFreeDoc(doc);
+ return(NULL);
+ }
+
+ // Check if we have the right root element & block
+ if (xmlStrcmp(cur->name, (const xmlChar *) "firewall"))
+ {
+ fprintf(stderr,"ERROR: Document of the wrong type, root node != firewall");
+ xmlFreeDoc(doc);
+ return(NULL);
+ }
+
+
+ // Init everything...
+ fwHash = g_hash_table_new(g_str_hash,g_str_equal);
+ i = 0;
+ tableName = tableList[i];
+ while (tableName)
+ {
+ // See if we have a table by this name
+ tmpTable = lookupTable(fwHash,tableName);
+ // Check if we already did the chain or not
+ aChain = lookupChain(tmpTable->chains,"INPUT");
+ aChain->defaultTarget = "ACCEPT";
+ aChain = lookupChain(tmpTable->chains,"FORWARD");
+ aChain->defaultTarget = "ACCEPT";
+ aChain = lookupChain(tmpTable->chains,"OUTPUT");
+ aChain->defaultTarget = "ACCEPT";
+ // Advance...
+ i++;
+ tableName = tableList[i];
+ }
+
+ // Walk the tree.
+ cur = cur->xmlChildrenNode;
+ while (cur)
+ {
+ // Try find sections
+ if (!xmlStrcmp(cur->name, (const xmlChar *) "global"))
+ classHash = parseGlobal(doc,cur);
+ if (!xmlStrcmp(cur->name, (const xmlChar *) "acl"))
+ parseACL(doc,cur,fwHash,classHash);
+ if (!xmlStrcmp(cur->name, (const xmlChar *) "nat"))
+ parseNAT(doc,cur,fwHash,classHash);
+ if (!xmlStrcmp(cur->name, (const xmlChar *) "traffic"))
+ parseTraffic(doc,cur,fwHash,classHash);
+
+ // Next plz!!
+ cur = cur->next;
+ }
+
+
+ // Clean up everything else before quitting.
+ xmlCleanupParser();
+
+ // Build rule list
+ g_hash_table_foreach(fwHash,processTable,NULL);
+
+ return(result);
+}
+
+
// Function to write firewall to file
static int writeFirewall(GList *ruleList, char *filename)
{
@@ -80,7 +238,7 @@
buffer = (char *) malloc0(BUFFER_SIZE);
// Write out comment to say what version & at what datetime we generated the firewall
- snprintf(buffer,BUFFER_SIZE,"# Generated using BWM Firewall v%s: %s\n",PACKAGE_VERSION, date2str(&datetime));
+ snprintf(buffer,BUFFER_SIZE,"# Generated using BWM Firewall v%s: %s\n",PACKAGE_VERSION, date2str((char *) &datetime));
write(fd,buffer,strlen(buffer));
// Loop with all rules
|
