[fwbuilder-commits] r1594 - in branches/v3_1: . doc src/gui src/pflib
Brought to you by:
mikehorn
Menu
▾
▴
[fwbuilder-commits] r1594 - in branches/v3_1: . doc src/gui src/pflib
|
From: <va...@in...> - 2009-10-13 22:12:18
|
Author: vadim
Date: 2009-10-13 15:11:42 -0700 (Tue, 13 Oct 2009)
New Revision: 1594
Modified:
branches/v3_1/
branches/v3_1/build_num
branches/v3_1/doc/ChangeLog
branches/v3_1/src/gui/CustomServiceDialog.cpp
branches/v3_1/src/gui/FWBSettings.cpp
branches/v3_1/src/gui/FWWindow.cpp
branches/v3_1/src/pflib/PolicyCompiler_ipf.cpp
branches/v3_1/src/pflib/PolicyCompiler_ipf.h
Log:
merge from branch v3 Merging r1480 through r1593
Property changes on: branches/v3_1
___________________________________________________________________
Modified: svn:mergeinfo
- /branches/v3:801-1479
/branches/v3_1_merge:1411-1486
/branches/v3_1_new_window_layout:1536-1553
/branches/v3_1_secunet:804-1485
+ /branches/v3:801-1593
/branches/v3_1_merge:1411-1486
/branches/v3_1_new_window_layout:1536-1553
/branches/v3_1_secunet:804-1485
Modified: branches/v3_1/build_num
===================================================================
--- branches/v3_1/build_num 2009-10-13 21:56:02 UTC (rev 1593)
+++ branches/v3_1/build_num 2009-10-13 22:11:42 UTC (rev 1594)
@@ -1 +1 @@
-#define BUILD_NUM 1585
+#define BUILD_NUM 1586
Modified: branches/v3_1/doc/ChangeLog
===================================================================
--- branches/v3_1/doc/ChangeLog 2009-10-13 21:56:02 UTC (rev 1593)
+++ branches/v3_1/doc/ChangeLog 2009-10-13 22:11:42 UTC (rev 1594)
@@ -1,3 +1,43 @@
+2009-10-13 vadim <va...@vk...>
+
+ * PolicyCompiler_ipf.cpp (SplitDirectionIpfilter::processNext):
+ fixed bug #2874571: "ipfilter version 3.4.29 issues after
+ introduction of 282860". Optimizations added for PF broke rule
+ generation for ipfilter which does not allow rule without explicit
+ direction specification.
+
+ * FWBSettings.cpp (FWBSettings::getCollapsedRuleGroups): fixed bug
+ #2872365: "problem with group names containing comma". State of
+ the rule group with a comma in the name could not be saved in
+ program settings and the group could not be expanded once it was
+ collapsed.
+
+ * CustomServiceDialog.cpp (CustomServiceDialog::loadFWObject):
+ fixed bug #2870562: "custom service - protocol name
+ options". Added protocol "ipv6-icmp" to the list of predefined
+ protocols in the CustomService object and fixed the dialog to make
+ it properly save protocol name entered by the user (the widget
+ where user choses protocol name also supports editing so the user
+ can enter any protocol name not offered in the list of standard
+ protocols).
+
+ * FWWindow.cpp (FWWindow::toolsDiscoveryDruid): fixed bug
+ #2867550: "Discovery Druid dieswhen there is no active'project
+ window".
+
+ * debugDialog.cpp (debugDialog::debugDialog),
+ DiscoveryDruid.cpp (DiscoveryDruid::DiscoveryDruid) Reversing the
+ change made in 3.0.7 in the debug and discovery druid windows, the
+ change was intended to make the window title bar show "close"
+ button on Mac OS X. Unfortunately the caused the title bar to
+ disappear all together on Linux under some window managers. Modal
+ QT dialogs do not have title bar buttons on Mac OS X, but since
+ they always have "OK", "Finish", "Close" or "Cancel" buttons as
+ part of the dialog contents, absense of the "close" button in the
+ title bar is not critical.
+
+ * VERSION (VERSION): started v3.0.8
+
2009-10-07 vadim <va...@vk...>
* FindWhereUsedWidget.cpp (FindWhereUsedWidget::itemClicked):
Modified: branches/v3_1/src/gui/CustomServiceDialog.cpp
===================================================================
--- branches/v3_1/src/gui/CustomServiceDialog.cpp 2009-10-13 21:56:02 UTC (rev 1593)
+++ branches/v3_1/src/gui/CustomServiceDialog.cpp 2009-10-13 22:11:42 UTC (rev 1594)
@@ -118,6 +118,7 @@
m_dialog->protocol->addItem("tcp");
m_dialog->protocol->addItem("udp");
m_dialog->protocol->addItem("icmp");
+ m_dialog->protocol->addItem("ipv6-icmp");
bool standard_protocol = false;
int proto_index = 0;
@@ -209,12 +210,7 @@
s->setCodeForPlatform( platform.toUtf8().constData(),
string(code.toUtf8().constData()));
}
- int protocol_index = m_dialog->protocol->currentIndex();
- QString protocol;
- if (protocol_index >= 0)
- protocol = m_dialog->protocol->itemText(protocol_index).toUtf8().constData();
- else
- protocol = m_dialog->protocol->lineEdit()->text();
+ QString protocol = m_dialog->protocol->lineEdit()->text();
s->setProtocol(string(protocol.toUtf8().constData()));
int af = (m_dialog->ipv6->isChecked()) ? AF_INET6 : AF_INET;
s->setAddressFamily(af);
Modified: branches/v3_1/src/gui/FWBSettings.cpp
===================================================================
--- branches/v3_1/src/gui/FWBSettings.cpp 2009-10-13 21:56:02 UTC (rev 1593)
+++ branches/v3_1/src/gui/FWBSettings.cpp 2009-10-13 22:11:42 UTC (rev 1594)
@@ -38,6 +38,8 @@
#include <QDir>
#include <QDesktopWidget>
#include <QUuid>
+#include <QRegExp>
+#include <QtDebug>
#include <sys/types.h>
#include <sys/stat.h>
@@ -817,10 +819,29 @@
const QString &ruleset,
QStringList &collapsed_groups)
{
- QString strl = value(QString(SETTINGS_PATH_PREFIX "/") +
- "Window/" + filename + "/" + firewall + "/" +
- ruleset + "/CollapsedRuleGroups").toString();
- collapsed_groups = strl.split(",");
+ QString key = "Window/" + filename + "/" + firewall + "/" +
+ ruleset + "/CollapsedRuleGroups";
+ QString strl = value(QString(SETTINGS_PATH_PREFIX "/") + key).toString();
+ // QT regexp does not support negative lookbehind that we need to
+ // find all "," if they are not preceded by a "\". Will split the
+ // string on all commas, then find elements of the array that end
+ // with "\" and combine them with the following ones.
+ QStringList lst = strl.split(",");
+
+ QStringListIterator i(lst);
+ while (i.hasNext())
+ {
+ QString group_name = i.next();
+ while (group_name.endsWith("\\") && i.hasNext())
+ group_name += QString(",") + i.next();
+ group_name.replace("\\,", ",");
+ collapsed_groups.push_back(group_name);
+ }
+
+ if (fwbdebug)
+ qDebug() << "FWBSettings::getCollapsedRuleGroups"
+ << key
+ << collapsed_groups.join(" ||| ");
}
void FWBSettings::setCollapsedRuleGroups(const QString &filename,
@@ -828,10 +849,20 @@
const QString &ruleset,
const QStringList &collapsed_groups)
{
- setValue(QString(SETTINGS_PATH_PREFIX "/") +
- "Window/" + filename + "/" + firewall + "/" + ruleset +
- "/CollapsedRuleGroups",
- collapsed_groups.join(","));
+ QStringList lst;
+ foreach(QString group_name, collapsed_groups)
+ {
+ group_name.replace(",", "\\,");
+ lst.push_back(group_name);
+ }
+ QString key = "Window/" + filename + "/" + firewall + "/" + ruleset +
+ "/CollapsedRuleGroups";
+ QString val = lst.join(",");
+ if (fwbdebug)
+ qDebug() << "FWBSettings::setCollapsedRuleGroups"
+ << key
+ << val;
+ setValue(QString(SETTINGS_PATH_PREFIX "/") + key, val);
}
QStringList FWBSettings::getRecentFiles()
Modified: branches/v3_1/src/gui/FWWindow.cpp
===================================================================
--- branches/v3_1/src/gui/FWWindow.cpp 2009-10-13 21:56:02 UTC (rev 1593)
+++ branches/v3_1/src/gui/FWWindow.cpp 2009-10-13 22:11:42 UTC (rev 1594)
@@ -638,14 +638,20 @@
void FWWindow::toolsDiscoveryDruid()
{
- DiscoveryDruid druid(this);
- druid.exec();
+ if (activeProject())
+ {
+ DiscoveryDruid druid(this);
+ druid.exec();
+ }
}
void FWWindow::importPolicy()
{
- DiscoveryDruid druid(this, true);
- druid.exec();
+ if (activeProject())
+ {
+ DiscoveryDruid druid(this, true);
+ druid.exec();
+ }
}
void FWWindow::setActionsEnabled(bool en)
Modified: branches/v3_1/src/pflib/PolicyCompiler_ipf.cpp
===================================================================
--- branches/v3_1/src/pflib/PolicyCompiler_ipf.cpp 2009-10-13 21:56:02 UTC (rev 1593)
+++ branches/v3_1/src/pflib/PolicyCompiler_ipf.cpp 2009-10-13 22:11:42 UTC (rev 1594)
@@ -379,7 +379,32 @@
return true;
}
+bool PolicyCompiler_ipf::SplitDirectionIpfilter::processNext()
+{
+ PolicyRule *rule=getNext(); if (rule==NULL) return false;
+ if (rule->getDirection()==PolicyRule::Both)
+ {
+ PolicyRule *r= compiler->dbcopy->createPolicyRule();
+ compiler->temp_ruleset->add(r);
+ r->duplicate(rule);
+ r->setDirection(PolicyRule::Inbound);
+ tmp_queue.push_back(r);
+
+ r= compiler->dbcopy->createPolicyRule();
+ compiler->temp_ruleset->add(r);
+ r->duplicate(rule);
+ r->setDirection(PolicyRule::Outbound);
+ tmp_queue.push_back(r);
+
+ } else
+ tmp_queue.push_back(rule);
+
+ return true;
+}
+
+
+
void PolicyCompiler_ipf::compile()
{
info(" Compiling policy for " + fw->getName());
@@ -478,7 +503,7 @@
add( new splitIfFirewallInSrc("split rule if firewall is in Src") );
add( new splitIfFirewallInDst("split rule if firewall is in Dst") );
add( new fillDirection("determine directions") );
- add( new SplitDirection("split rules with direction 'both'" ) );
+ add( new SplitDirectionIpfilter("split rules with direction 'both'" ) );
add( new ExpandMultipleAddresses(
"expand objects with multiple addresses") );
add( new checkForDynamicInterfacesOfOtherObjects(
Modified: branches/v3_1/src/pflib/PolicyCompiler_ipf.h
===================================================================
--- branches/v3_1/src/pflib/PolicyCompiler_ipf.h 2009-10-13 21:56:02 UTC (rev 1593)
+++ branches/v3_1/src/pflib/PolicyCompiler_ipf.h 2009-10-13 22:11:42 UTC (rev 1594)
@@ -65,6 +65,10 @@
*/
virtual std::string debugPrintRule(libfwbuilder::Rule *rule);
+ /**
+ * split rules if direction is "Both"
+ */
+ DECLARE_POLICY_RULE_PROCESSOR(SplitDirectionIpfilter);
/**
* splits rules with service 'any' because ipf can keep state
|