[bwm-tools-devel] COMMIT - r29 - trunk/bwm_firewall

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Author: nkukard
Date: 2005-01-05 10:59:28 +0200 (Wed, 05 Jan 2005)
New Revision: 29

Modified:
   trunk/bwm_firewall/Makefile.am
   trunk/bwm_firewall/bwm_firewall.c
   trunk/bwm_firewall/bwm_firewall.h
Log:
* Added optional resetting of counters
* Modified options to the following...

-c,  --config=<config_file>     Specify non-default BWM Tools config file
-f,  --file[=<output_file>]     Generate iptables-restore file from BWM Tools firewall
-h,  --help                     Display this page
-r,  --reset-counters           Reset iptables counters, usable with "iptables-restore -c"




Modified: trunk/bwm_firewall/Makefile.am
===================================================================

--- trunk/bwm_firewall/Makefile.am	2005-01-04 13:41:55 UTC (rev 28)
+++ trunk/bwm_firewall/Makefile.am	2005-01-05 08:59:28 UTC (rev 29)
@@ -1,6 +1,6 @@
 #
 # 	makefile.am - Makefile for BWM Firewall
-# 	Copyright (C) 2003-2004, Linux Based Systems Design
+# 	Copyright (C) 2003-2005, Linux Based Systems Design
 #
 # 	This program is free software; you can redistribute it and/or modify
 # 	it under the terms of the GNU General Public License as published by

Modified: trunk/bwm_firewall/bwm_firewall.c
===================================================================
--- trunk/bwm_firewall/bwm_firewall.c	2005-01-04 13:41:55 UTC (rev 28)
+++ trunk/bwm_firewall/bwm_firewall.c	2005-01-05 08:59:28 UTC (rev 29)
@@ -1,6 +1,6 @@
 /*
  * 	bwm_firewall.c - BWM Firewall
- * 	Copyright (C) 2003-2004, Linux Based Systems Design
+ * 	Copyright (C) 2003-2005, Linux Based Systems Design
  *
  * 	This program is free software; you can redistribute it and/or modify
  * 	it under the terms of the GNU General Public License as published by
@@ -51,7 +51,7 @@
 
 
 // Function to build a list of rules which iptables-restore takes
-static GList *createFirewallRules(char *filename) 
+static GList *createFirewallRules(char *filename, char resetCounters) 
 {
 	xmlDocPtr doc;
     	xmlNodePtr cur;
@@ -63,6 +63,7 @@
 	char *tableList[] = {"filter","mangle",NULL};
 	char *tableName;
 	int i;
+	char counters[7] = "";
 
 
 	// Loop with a table	
@@ -77,14 +78,16 @@
 		void processChains(gpointer p1_key, gpointer p1_value, gpointer p1_user_data)
 		{
 			struct confACLChain_t *chain = (struct confACLChain_t*) p1_value;
-
 			
+			
 			aRule = (char *) malloc0(BUFFER_SIZE);
-			// Check if we have a default target for the chain or not		
+
+			// Check if we have a default target for the chain or not	
 			if (chain->defaultTarget)	
-				snprintf(aRule,BUFFER_SIZE,":%s %s\n",chain->name,chain->defaultTarget);
+				snprintf(aRule,BUFFER_SIZE,":%s %s%s\n",chain->name,chain->defaultTarget,counters);
 			else
-				snprintf(aRule,BUFFER_SIZE,":%s -\n",chain->name);
+				snprintf(aRule,BUFFER_SIZE,":%s -%s\n",chain->name,counters);
+
 			result = g_list_append(result,aRule);		
 		}
 			
@@ -127,7 +130,7 @@
 
 	
 	// COMPAT: Do not genrate nodes for formatting spaces
-    	LIBXML_TEST_VERSION
+    LIBXML_TEST_VERSION
 	xmlKeepBlanksDefault(0);
 	
 	// FIXME - check if file exists
@@ -196,6 +199,10 @@
 	// Clean up everything else before quitting.
 	xmlCleanupParser();
 
+	/* Check if we appending zero counters */
+	if (resetCounters)
+		sprintf(counters,"%s"," [0:0]");
+
 	// Build rule list
 	g_hash_table_foreach(fwHash,processTable,NULL);	
 
@@ -238,7 +245,8 @@
 
 	buffer = (char *) malloc0(BUFFER_SIZE);
 	// Write out comment to say what version & at what datetime we generated the firewall
-	snprintf(buffer,BUFFER_SIZE,"# Generated using BWM Firewall v%s: %s\n",PACKAGE_VERSION, date2str((char *) &datetime));
+	snprintf(buffer,BUFFER_SIZE,"# Generated using BWM Firewall v%s: %s\n",PACKAGE_VERSION,
+			date2str((char *) &datetime));
 	write(fd,buffer,strlen(buffer));
 	
 	// Loop with all rules
@@ -254,7 +262,15 @@
 // Print out our usage
 void printUsage(char **argv)
 {
-	printf("Usage: %s [-h|--help] [-f|--force] [-c|--config=<config_file>] [-o|--output=<output_file>]\n",argv[0]);
+	printf("Usage: %s <options>\n",argv[0]);
+	printf("\n");
+	printf("Options:\n");
+	printf("    -c,  --config=<config_file>     Specify non-default BWM Tools config file\n");
+	printf("    -f,  --file[=<output_file>]     Generate iptables-restore file from BWM Tools firewall\n");
+//	printf("    -l,  --load						Load BWM Tools firewall directly into kernel\n");
+	printf("    -h,  --help                     Display this page\n");
+	printf("    -r,  --reset-counters           Reset iptables counters, usable with \"iptables-restore -c\"\n");
+	printf("\n");
 }
 
 
@@ -265,22 +281,25 @@
 	int c;
 	char *configFile = CONFIG_FILE;
 	char *outputFile = IPTABLES_FILE;
-	int force = 0;
+	char resetCounters = 0;
 	int res = 1; // signal we return error status
+	char writeFile = 0;
+	char loadFirewall = 0;
 	
 	
 	// Our options
 	struct option long_options[] =
 	{
-		{"config",1,0,'c'},
-		{"force",0,0,'f'},
-		{"help",0,0,'h'},
-		{"output",1,0,'o'},
+		{"config",required_argument,0,'c'},
+		{"file",optional_argument,0,'f'},
+//		{"load",no_argument,0,'l'},
+		{"help",no_argument,0,'h'},
+		{"reset-counters",no_argument,0,'r'},
 		{0,0,0,0}
 	};
 	
 
-	printf("BWM Firewall v%s - Copyright (c) 2003-2004 Linux Based Systems Design\n\n",PACKAGE_VERSION);
+	printf("BWM Firewall v%s - Copyright (c) 2003-2005 Linux Based Systems Design\n\n",PACKAGE_VERSION);
 
 	// Check if we have no args
 	if (argc == 1)
@@ -295,7 +314,8 @@
 		int option_index = 0;
 		
 		// Process
-		c = getopt_long(argc,argv,"c:hfo:",long_options,&option_index);
+//		c = getopt_long(argc,argv,"c=f:lhr",long_options,&option_index);
+		c = getopt_long(argc,argv,"c:f::hr",long_options,&option_index);
 		if (c == -1)
 			break;
 
@@ -305,30 +325,48 @@
 			case 'c':
 				configFile = strdup(optarg);
 				break;
+
 			case 'f':
-				force = 1;
-				break;		
+				// If we have an option, save it
+				if (optarg)
+					outputFile = strdup(optarg);
+				writeFile = 1;
+				break;
+			
+			case 'l':
+				loadFirewall = 1;
+				break;
+			
 			case 'h':
 				printUsage(argv);
 				return(0);
-			case 'o':
-				outputFile = strdup(optarg);
+				
+			case 'r':
+				resetCounters = 1;
 				break;
 		}
 		
 	}
-
+	
 	// Let us know about ahy unknown options
 	if (optind < argc)
 	{
 		while (optind < argc)
 			fprintf(stderr,"%s: invalid option -- %s\n",argv[0],argv[optind++]);
-		return(1);
+		return 1;
 	}
 
+	// Check if we actually going to do anything
+	if (!writeFile && !loadFirewall)
+	{
+		printf("ERROR: No action to take\n");
+		printUsage(argv);
+		return 1;
+	}
+	
 	// Load configuration
 	printf("Loading configuration from \"%s\"...\n",configFile);	
-	fw = createFirewallRules(configFile);
+	fw = createFirewallRules(configFile,resetCounters);
 
 	// Write out firewall
 	if (fw)

Modified: trunk/bwm_firewall/bwm_firewall.h
===================================================================
--- trunk/bwm_firewall/bwm_firewall.h	2005-01-04 13:41:55 UTC (rev 28)
+++ trunk/bwm_firewall/bwm_firewall.h	2005-01-05 08:59:28 UTC (rev 29)
@@ -1,6 +1,6 @@
 /*
  * 	bwm_firewall.h - BWM Firewall headers
- * 	Copyright (C) 2003-2004, Linux Based Systems Design
+ * 	Copyright (C) 2003-2005, Linux Based Systems Design
  *
  * 	This program is free software; you can redistribute it and/or modify
  * 	it under the terms of the GNU General Public License as published by



