From: Kevin Day Date: Thu, 19 Sep 2024 03:52:32 +0000 (-0500) Subject: Feature: The firewall program should have better IPv4 vs IPv6 support. X-Git-Url: https://git.kevux.org/?a=commitdiff_plain;h=fadb352cb4613722ac3d32a24e7c0d681c274a1f;p=fll Feature: The firewall program should have better IPv4 vs IPv6 support. Add two parameters to explicitly chose between IPv4 and IPv6 (`-4` and `-6`, respectively). The default behavior is to display both. This default `firewall show` will now therefore show both IPv4 and IPv6. Add `(IPv4)` and `(IPv6)` to the output from the `firewall show` command. When the firewall rules set the tool to either IPv4 or IPv6 but the command line is designating that either IPv4 or IPv6 is specifically enabled or not, then do operate on the tools that are not enabled. Therefore if the firewall rules have an IPv6 tool (as is the case in the example/default settings for `icmpv6`) and something like `firewall start -4` is used then those IPv6 ruls are ignored. --- diff --git a/level_3/firewall/c/main/common.c b/level_3/firewall/c/main/common.c index 1bc476b..a66e89d 100644 --- a/level_3/firewall/c/main/common.c +++ b/level_3/firewall/c/main/common.c @@ -98,6 +98,20 @@ extern "C" { } } + if (main->program.parameters.array[firewall_parameter_4_e].result & f_console_result_found_e) { + if (main->program.parameters.array[firewall_parameter_6_e].result & f_console_result_found_e) { + main->setting.flag |= firewall_main_flag_ipv46_d; + } + else { + main->setting.flag &= ~firewall_main_flag_ipv6_d; + main->setting.flag |= firewall_main_flag_ipv4_d; + } + } + else if (main->program.parameters.array[firewall_parameter_6_e].result & f_console_result_found_e) { + main->setting.flag &= ~firewall_main_flag_ipv4_d; + main->setting.flag |= firewall_main_flag_ipv6_d; + } + if (main->program.pipe & fll_program_data_pipe_input_e) { main->setting.flag |= firewall_main_flag_pipe_d; } diff --git a/level_3/firewall/c/main/common/define.h b/level_3/firewall/c/main/common/define.h index 8782633..3d87704 100644 --- a/level_3/firewall/c/main/common/define.h +++ b/level_3/firewall/c/main/common/define.h @@ -59,6 +59,9 @@ extern "C" { * - none: No flags set. * - copyright: Print copyright. * - help: Print help. + * - ipv4: Operate in IPv4 by default or enable ipv4 when calling "show" commands. + * - ipv6: Operate in IPv6 by default or enable ipv6 when calling "show" commands. + * - ipv46: A helper flag representing both ipv4 and ipv6 flag bits being set. * - operation: A helper flag representing every operation flag bit being set. * - operation_lock: Perform the lock operation. * - operation_restart: Perform the restart operation. @@ -80,22 +83,25 @@ extern "C" { #define firewall_main_flag_none_d 0x0 #define firewall_main_flag_copyright_d 0x1 #define firewall_main_flag_help_d 0x2 - #define firewall_main_flag_operation_d 0x31c - #define firewall_main_flag_operation_lock_d 0x4 - #define firewall_main_flag_operation_restart_d 0x8 - #define firewall_main_flag_operation_show_d 0x10 - #define firewall_main_flag_operation_show_nat_d 0x20 - #define firewall_main_flag_operation_show_mangle_d 0x40 - #define firewall_main_flag_operation_show_filter_d 0x80 - #define firewall_main_flag_operation_show_filter_nat_mangle_d 0xe0 - #define firewall_main_flag_operation_start_d 0x100 - #define firewall_main_flag_operation_start_restart_d 0x108 - #define firewall_main_flag_operation_stop_d 0x200 - #define firewall_main_flag_operation_stop_restart_d 0x208 - #define firewall_main_flag_operation_stop_restart_lock_d 0x20c - #define firewall_main_flag_pipe_d 0x400 - #define firewall_main_flag_version_d 0x800 - #define firewall_main_flag_version_copyright_help_d 0x803 + #define firewall_main_flag_ipv4_d 0x4 + #define firewall_main_flag_ipv6_d 0x8 + #define firewall_main_flag_ipv46_d 0xc + #define firewall_main_flag_operation_d 0xff0 + #define firewall_main_flag_operation_lock_d 0x10 + #define firewall_main_flag_operation_restart_d 0x20 + #define firewall_main_flag_operation_show_d 0x40 + #define firewall_main_flag_operation_show_nat_d 0x80 + #define firewall_main_flag_operation_show_mangle_d 0x100 + #define firewall_main_flag_operation_show_filter_d 0x200 + #define firewall_main_flag_operation_show_filter_nat_mangle_d 0x380 + #define firewall_main_flag_operation_start_d 0x400 + #define firewall_main_flag_operation_start_restart_d 0x420 + #define firewall_main_flag_operation_stop_d 0x800 + #define firewall_main_flag_operation_stop_restart_d 0x820 + #define firewall_main_flag_operation_stop_restart_lock_d 0x830 + #define firewall_main_flag_pipe_d 0x1000 + #define firewall_main_flag_version_d 0x2000 + #define firewall_main_flag_version_copyright_help_d 0x2003 #endif // _di_firewall_main_flag_d_ /** diff --git a/level_3/firewall/c/main/common/enumeration.h b/level_3/firewall/c/main/common/enumeration.h index 8ae581c..936df98 100644 --- a/level_3/firewall/c/main/common/enumeration.h +++ b/level_3/firewall/c/main/common/enumeration.h @@ -117,7 +117,9 @@ extern "C" { */ #ifndef _di_firewall_parameter_e_ enum { - firewall_parameter_operation_lock_e = f_console_standard_parameter_last_e, + firewall_parameter_4_e = f_console_standard_parameter_last_e, + firewall_parameter_6_e, + firewall_parameter_operation_lock_e, firewall_parameter_operation_restart_e, firewall_parameter_operation_show_e, firewall_parameter_operation_start_e, @@ -128,6 +130,8 @@ extern "C" { { \ macro_fll_program_console_parameter_standard_initialize, \ \ + macro_f_console_parameter_t_initialize_4(firewall_short_4_s, 0, f_console_flag_normal_e), \ + macro_f_console_parameter_t_initialize_4(firewall_short_6_s, 0, f_console_flag_normal_e), \ macro_f_console_parameter_t_initialize_6(firewall_operation_lock_s, 0, f_console_flag_simple_e), \ macro_f_console_parameter_t_initialize_6(firewall_operation_restart_s, 0, f_console_flag_simple_e), \ macro_f_console_parameter_t_initialize_6(firewall_operation_show_s, 0, f_console_flag_simple_e), \ @@ -135,7 +139,7 @@ extern "C" { macro_f_console_parameter_t_initialize_6(firewall_operation_stop_s, 0, f_console_flag_simple_e), \ } - #define firewall_parameter_total_d (f_console_parameter_state_type_total_d + 5) + #define firewall_parameter_total_d (f_console_parameter_state_type_total_d + 7) #endif // _di_firewall_parameter_e_ /** diff --git a/level_3/firewall/c/main/common/string.c b/level_3/firewall/c/main/common/string.c index 42a6675..a390902 100644 --- a/level_3/firewall/c/main/common/string.c +++ b/level_3/firewall/c/main/common/string.c @@ -17,6 +17,11 @@ extern "C" { const f_string_static_t firewall_program_help_parameters_s = macro_f_string_static_t_initialize_1(FIREWALL_program_help_parameters_s, 0, FIREWALL_program_help_parameters_s_length); #endif // _di_firewall_program_help_parameters_s_ +#ifndef _di_firewall_program_parameters_s_ + const f_string_static_t firewall_short_4_s = macro_f_string_static_t_initialize_1(FIREWALL_short_4_s, 0, FIREWALL_short_4_s_length); + const f_string_static_t firewall_short_6_s = macro_f_string_static_t_initialize_1(FIREWALL_short_6_s, 0, FIREWALL_short_6_s_length); +#endif // _di_firewall_program_parameters_s_ + #ifndef _di_firewall_s_ const f_string_static_t firewall_action_s = macro_f_string_static_t_initialize_1(FIREWALL_action_s, 0, FIREWALL_action_s_length); const f_string_static_t firewall_action_append_s = macro_f_string_static_t_initialize_1(FIREWALL_action_append_s, 0, FIREWALL_action_append_s_length); @@ -105,6 +110,8 @@ extern "C" { #ifndef _di_firewall_print_show_s_ const f_string_static_t firewall_print_show_filter_s = macro_f_string_static_t_initialize_1(FIREWALL_print_show_filter_s, 0, FIREWALL_print_show_filter_s_length); + const f_string_static_t firewall_print_show_ipv4_s = macro_f_string_static_t_initialize_1(FIREWALL_print_show_ipv4_s, 0, FIREWALL_print_show_ipv4_s_length); + const f_string_static_t firewall_print_show_ipv6_s = macro_f_string_static_t_initialize_1(FIREWALL_print_show_ipv6_s, 0, FIREWALL_print_show_ipv6_s_length); const f_string_static_t firewall_print_show_mangle_s = macro_f_string_static_t_initialize_1(FIREWALL_print_show_mangle_s, 0, FIREWALL_print_show_mangle_s_length); const f_string_static_t firewall_print_show_nat_s = macro_f_string_static_t_initialize_1(FIREWALL_print_show_nat_s, 0, FIREWALL_print_show_nat_s_length); diff --git a/level_3/firewall/c/main/common/string.h b/level_3/firewall/c/main/common/string.h index 47d695d..a6124f2 100644 --- a/level_3/firewall/c/main/common/string.h +++ b/level_3/firewall/c/main/common/string.h @@ -70,6 +70,20 @@ extern "C" { #endif // _di_firewall_program_help_parameters_s_ /** + * The main program parameters. + */ +#ifndef _di_firewall_parameter_s_ + #define FIREWALL_short_4_s "4" + #define FIREWALL_short_6_s "6" + + #define FIREWALL_short_4_s_length 1 + #define FIREWALL_short_6_s_length 1 + + extern const f_string_static_t firewall_short_4_s; + extern const f_string_static_t firewall_short_6_s; +#endif // _di_firewall_parameter_s_ + +/** * The firewall strings. */ #ifndef _di_firewall_s_ @@ -353,6 +367,8 @@ extern "C" { */ #ifndef _di_firewall_print_show_s_ #define FIREWALL_print_show_filter_s "FILTER" + #define FIREWALL_print_show_ipv4_s "IPv4" + #define FIREWALL_print_show_ipv6_s "IPv6" #define FIREWALL_print_show_mangle_s "MANGLE" #define FIREWALL_print_show_nat_s "NAT" @@ -361,6 +377,8 @@ extern "C" { #define FIREWALL_print_show_bars_28_s "============================" #define FIREWALL_print_show_filter_s_length 6 + #define FIREWALL_print_show_ipv4_s_length 4 + #define FIREWALL_print_show_ipv6_s_length 4 #define FIREWALL_print_show_mangle_s_length 6 #define FIREWALL_print_show_nat_s_length 3 @@ -369,6 +387,8 @@ extern "C" { #define FIREWALL_print_show_bars_28_s_length 28 extern const f_string_static_t firewall_print_show_filter_s; + extern const f_string_static_t firewall_print_show_ipv4_s; + extern const f_string_static_t firewall_print_show_ipv6_s; extern const f_string_static_t firewall_print_show_mangle_s; extern const f_string_static_t firewall_print_show_nat_s; diff --git a/level_3/firewall/c/main/main.c b/level_3/firewall/c/main/main.c index d14c13b..8c99d86 100644 --- a/level_3/firewall/c/main/main.c +++ b/level_3/firewall/c/main/main.c @@ -21,6 +21,8 @@ int main(const int argc, const f_string_t *argv, const f_string_t *envp) { data.program.parameters.used = firewall_parameter_total_d; data.program.environment = envp; + data.setting.flag |= firewall_main_flag_ipv46_d; + if (f_pipe_input_exists()) { data.program.pipe = fll_program_data_pipe_input_e; } diff --git a/level_3/firewall/c/main/operate/create.c b/level_3/firewall/c/main/operate/create.c index 676fd77..3484f0f 100644 --- a/level_3/firewall/c/main/operate/create.c +++ b/level_3/firewall/c/main/operate/create.c @@ -9,15 +9,16 @@ extern "C" { if (!main || F_status_is_error_not(main->setting.state.status) && main->setting.state.status == F_child) return; - bool new_chain = F_false; - bool create_chain = F_false; + uint8_t new_chain = F_false; + uint8_t create_chain = F_false; int return_code = 0; f_number_unsigned_t i = 0; f_number_unsigned_t j = 0; + f_number_unsigned_t t = 0; f_number_unsigned_t length = 0; - f_string_static_t tool = firewall_tool_iptables_s; + const f_string_static_t tools[2] = { main->setting.flag & firewall_main_flag_ipv4_d ? firewall_tool_iptables_s : f_string_empty_s, main->setting.flag & firewall_main_flag_ipv6_d ? firewall_tool_ip6tables_s : f_string_empty_s }; main->data.chain_ids.used = 0; main->cache.arguments.used = 0; @@ -172,56 +173,45 @@ extern "C" { } if (create_chain) { - tool = firewall_tool_iptables_s; - return_code = 0; + for (t = 0; t < 2; ++t) { - firewall_print_debug_tool(&main->program.warning, tool, main->cache.arguments); + if (!tools[t].used) continue; - main->setting.state.status = fll_execute_program(tool, main->cache.arguments, 0, 0, (void *) &return_code); - - if (main->setting.state.status == F_child) { - main->program.child = return_code; + return_code = 0; - return; - } + firewall_print_debug_tool(&main->program.warning, tools[t], main->cache.arguments); - if (firewall_signal_check(main)) return; + main->setting.state.status = fll_execute_program(tools[t], main->cache.arguments, 0, 0, (void *) &return_code); - if (return_code && F_status_is_error_not(main->setting.state.status)) { - firewall_print_error_operation_return_code(&main->program.error, tool, main->cache.arguments, return_code); - } + if (main->setting.state.status == F_child) { + main->program.child = return_code; - if (F_status_is_error_not(main->setting.state.status) && main->setting.state.status != F_child) { - tool = firewall_tool_ip6tables_s; - return_code = 0; - - firewall_print_debug_tool(&main->program.warning, tool, main->cache.arguments); + return; + } - main->setting.state.status = fll_execute_program(tool, main->cache.arguments, 0, 0, (void *) &return_code); + if (firewall_signal_check(main)) return; if (return_code && F_status_is_error_not(main->setting.state.status)) { - firewall_print_error_operation_return_code(&main->program.error, tool, main->cache.arguments, return_code); + firewall_print_error_operation_return_code(&main->program.error, tools[t], main->cache.arguments, return_code); } - } - if (main->setting.state.status == F_child) { - main->program.child = return_code; + if (main->setting.state.status == F_child) { + main->program.child = return_code; - return; - } + return; + } - if (firewall_signal_check(main)) return; + if (F_status_is_error(main->setting.state.status)) { + if (F_status_set_fine(main->setting.state.status) == F_failure) { + firewall_print_error_operation(&main->program.error, tools[t], main->cache.arguments); + } + else { + firewall_print_error(&main->program.error, macro_firewall_f(fll_execute_program)); + } - if (F_status_is_error(main->setting.state.status)) { - if (F_status_set_fine(main->setting.state.status) == F_failure) { - firewall_print_error_operation(&main->program.error, tool, main->cache.arguments); + return; } - else { - firewall_print_error(&main->program.error, macro_firewall_f(fll_execute_program)); - } - - return; - } + } // for } ++main->setting.chains.used; diff --git a/level_3/firewall/c/main/operate/default.c b/level_3/firewall/c/main/operate/default.c index 31725bf..2ed071e 100644 --- a/level_3/firewall/c/main/operate/default.c +++ b/level_3/firewall/c/main/operate/default.c @@ -10,7 +10,7 @@ extern "C" { if (!main || F_status_is_error_not(main->setting.state.status) && main->setting.state.status == F_child) return; const f_string_static_t chains[3] = { firewall_chain_input_s, firewall_chain_output_s, firewall_chain_forward_s }; - const f_string_static_t tools[2] = { firewall_tool_iptables_s, firewall_tool_ip6tables_s }; + const f_string_static_t tools[2] = { main->setting.flag & firewall_main_flag_ipv4_d ? firewall_tool_iptables_s : f_string_empty_s, main->setting.flag & firewall_main_flag_ipv6_d ? firewall_tool_ip6tables_s : f_string_empty_s }; f_string_statics_t arguments = f_string_statics_t_initialize; arguments.used = 3; @@ -22,19 +22,23 @@ extern "C" { int return_code = 0; uint8_t i = 0; - uint8_t j = 0; + uint8_t t = 0; for (; i < 3; ++i) { arguments.array[1] = chains[i]; - for (j = 0; j < 2; ++j) { + for (t = 0; t < 2; ++t) { - firewall_print_debug_tool(&main->program.warning, tools[j], arguments); + if (firewall_signal_check(main)) return; + + if (!tools[t].used) continue; + + firewall_print_debug_tool(&main->program.warning, tools[t], arguments); return_code = 0; - main->setting.state.status = fll_execute_program(tools[j], arguments, 0, 0, (void *) &return_code); + main->setting.state.status = fll_execute_program(tools[t], arguments, 0, 0, (void *) &return_code); if (main->setting.state.status == F_child) { main->program.child = return_code; @@ -46,7 +50,7 @@ extern "C" { if (F_status_is_error(main->setting.state.status)) { if (F_status_set_fine(main->setting.state.status) == F_failure) { - firewall_print_error_operation(&main->program.error, tools[j], arguments); + firewall_print_error_operation(&main->program.error, tools[t], arguments); } else { firewall_print_error(&main->program.error, macro_firewall_f(fll_execute_program)); @@ -55,7 +59,7 @@ extern "C" { return; } else if (return_code) { - firewall_print_error_operation_return_code(&main->program.error, tools[j], main->cache.arguments, return_code); + firewall_print_error_operation_return_code(&main->program.error, tools[t], main->cache.arguments, return_code); } } // for } // for diff --git a/level_3/firewall/c/main/operate/delete.c b/level_3/firewall/c/main/operate/delete.c index 00e324a..a915ffd 100644 --- a/level_3/firewall/c/main/operate/delete.c +++ b/level_3/firewall/c/main/operate/delete.c @@ -9,7 +9,7 @@ extern "C" { if (!main || F_status_is_error_not(main->setting.state.status) && main->setting.state.status == F_child) return; - const f_string_static_t tools[2] = { firewall_tool_iptables_s, firewall_tool_ip6tables_s }; + const f_string_static_t tools[2] = { main->setting.flag & firewall_main_flag_ipv4_d ? firewall_tool_iptables_s : f_string_empty_s, main->setting.flag & firewall_main_flag_ipv6_d ? firewall_tool_ip6tables_s : f_string_empty_s }; const f_string_static_t command[2] = { firewall_chain_flush_operation_s, firewall_chain_delete_operation_s }; f_string_statics_t arguments = f_string_statics_t_initialize; @@ -21,21 +21,23 @@ extern "C" { int return_code = 0; uint8_t i = 0; - uint8_t j = 0; + uint8_t t = 0; for (i = 0; i < 2; ++i) { argument_array[0] = command[i]; - for (j = 0; j < 2; ++j) { + for (t = 0; t < 2; ++t) { if (firewall_signal_check(main)) return; + if (!tools[t].used) continue; + return_code = 0; - firewall_print_debug_tool(&main->program.warning, tools[j], arguments); + firewall_print_debug_tool(&main->program.warning, tools[t], arguments); - main->setting.state.status = fll_execute_program(tools[j], arguments, 0, 0, (void *) &return_code); + main->setting.state.status = fll_execute_program(tools[t], arguments, 0, 0, (void *) &return_code); if (main->setting.state.status == F_child) { main->program.child = return_code; @@ -45,7 +47,7 @@ extern "C" { if (F_status_is_error(main->setting.state.status)) { if (F_status_set_fine(main->setting.state.status) == F_failure) { - firewall_print_error_operation(&main->program.error, tools[j], arguments); + firewall_print_error_operation(&main->program.error, tools[t], arguments); } else { firewall_print_error(&main->program.error, macro_firewall_f(fll_execute_program)); @@ -54,7 +56,7 @@ extern "C" { return; } else if (return_code) { - firewall_print_error_operation_return_code(&main->program.error, tools[j], main->cache.arguments, return_code); + firewall_print_error_operation_return_code(&main->program.error, tools[t], main->cache.arguments, return_code); } } // for } // for diff --git a/level_3/firewall/c/main/operate/process.c b/level_3/firewall/c/main/operate/process.c index f03f55c..68042dc 100644 --- a/level_3/firewall/c/main/operate/process.c +++ b/level_3/firewall/c/main/operate/process.c @@ -9,10 +9,10 @@ extern "C" { if (!main || F_status_is_error_not(main->setting.state.status) && main->setting.state.status == F_child) return; - bool valid = F_true; - bool is_ip_list = F_false; - bool ip_list_direction = F_false; // false = source, true = destination. - bool use_protocol = F_false; + uint8_t valid = F_true; + uint8_t is_ip_list = F_false; + uint8_t ip_list_direction = F_false; // false = source, true = destination. + uint8_t use_protocol = F_false; uint8_t chain = firewall_chain_none_e; uint8_t direction = firewall_direction_none_e; uint8_t action = firewall_action_append_e; @@ -20,10 +20,11 @@ extern "C" { int return_code = 0; f_number_unsigned_t at = 0; f_number_unsigned_t i = 0; - f_number_unsigned_t j = 0; - f_number_unsigned_t repeat = 2; + f_number_unsigned_t t = 0; + + // Set the default here, but allow for the firewall rules to override these settings. + f_string_static_t tools[2] = { main->setting.flag & firewall_main_flag_ipv4_d ? firewall_tool_iptables_s : f_string_empty_s, main->setting.flag & firewall_main_flag_ipv6_d ? firewall_tool_ip6tables_s : f_string_empty_s }; - f_string_static_t tool = firewall_tool_iptables_s; f_ranges_t * const rule_objects = &main->data.rule_objects; f_rangess_t * const rule_contents = &main->data.rule_contents; @@ -216,16 +217,16 @@ extern "C" { } else { if (f_compare_dynamic_partial_string(firewall_tool_iptables_s.string, main->data.buffer, firewall_tool_iptables_s.used, rule_contents->array[i].array[0]) == F_equal_to) { - tool = firewall_tool_iptables_s; - repeat = 1; + tools[0] = (main->setting.flag & firewall_main_flag_ipv4_d) ? firewall_tool_iptables_s : f_string_empty_s; + tools[1] = f_string_empty_s; } else if (f_compare_dynamic_partial_string(firewall_tool_ip6tables_s.string, main->data.buffer, firewall_tool_ip6tables_s.used, rule_contents->array[i].array[0]) == F_equal_to) { - tool = firewall_tool_ip6tables_s; - repeat = 1; + tools[0] = f_string_empty_s; + tools[1] = (main->setting.flag & firewall_main_flag_ipv6_d) ? firewall_tool_ip6tables_s : f_string_empty_s; } else if (f_compare_dynamic_partial_string(firewall_tool_ip46tables_s.string, main->data.buffer, firewall_tool_ip46tables_s.used, rule_contents->array[i].array[0]) == F_equal_to) { - tool = firewall_tool_ip46tables_s; - repeat = 2; + tools[0] = (main->setting.flag & firewall_main_flag_ipv4_d) ? firewall_tool_iptables_s : f_string_empty_s; + tools[1] = (main->setting.flag & firewall_main_flag_ipv6_d) ? firewall_tool_ip6tables_s : f_string_empty_s; } else { valid = F_false; @@ -248,20 +249,18 @@ extern "C" { continue; } - for (j = repeat; j; --j) { + for (t = 0; t < 2; ++t) { if (firewall_signal_check(main)) return; + if (!tools[t].used) continue; + // First add the program name. main->cache.arguments.used = 0; main->setting.state.status = f_memory_array_increase(firewall_allocation_small_d, sizeof(f_string_dynamic_t), (void **) &main->cache.arguments.array, &main->cache.arguments.used, &main->cache.arguments.size); if (F_status_is_error(main->setting.state.status)) return; - if (repeat == 2) { - tool = (j == 2) ? firewall_tool_iptables_s : firewall_tool_ip6tables_s; - } - // Process the action when a non-none chain is specified. if (chain != firewall_chain_none_e && action != firewall_action_none_e) { main->setting.state.status = f_memory_array_increase(firewall_allocation_small_d, sizeof(f_string_dynamic_t), (void **) &main->cache.arguments.array, &main->cache.arguments.used, &main->cache.arguments.size); @@ -539,9 +538,9 @@ extern "C" { ++main->cache.arguments.used; return_code = 0; - firewall_print_debug_tool(&main->program.warning, tool, main->cache.arguments); + firewall_print_debug_tool(&main->program.warning, tools[t], main->cache.arguments); - main->setting.state.status = fll_execute_program(tool, main->cache.arguments, 0, 0, (void *) &return_code); + main->setting.state.status = fll_execute_program(tools[t], main->cache.arguments, 0, 0, (void *) &return_code); if (main->setting.state.status == F_child) { main->program.child = return_code; @@ -554,7 +553,7 @@ extern "C" { if (F_status_is_error(main->setting.state.status)) { if (F_status_set_fine(main->setting.state.status) == F_failure) { - firewall_print_error_operation(&main->program.error, tool, main->cache.arguments); + firewall_print_error_operation(&main->program.error, tools[t], main->cache.arguments); } else { firewall_print_error(&main->program.error, macro_firewall_f(fll_execute_program)); @@ -563,7 +562,7 @@ extern "C" { return; } else if (return_code) { - firewall_print_error_operation_return_code(&main->program.error, tool, main->cache.arguments, return_code); + firewall_print_error_operation_return_code(&main->program.error, tools[t], main->cache.arguments, return_code); } } // for @@ -576,9 +575,9 @@ extern "C" { else { return_code = 0; - firewall_print_debug_tool(&main->program.warning, tool, main->cache.arguments); + firewall_print_debug_tool(&main->program.warning, tools[t], main->cache.arguments); - main->setting.state.status = fll_execute_program(tool, main->cache.arguments, 0, 0, (void *) &return_code); + main->setting.state.status = fll_execute_program(tools[t], main->cache.arguments, 0, 0, (void *) &return_code); if (main->setting.state.status == F_child) { main->program.child = return_code; @@ -588,7 +587,7 @@ extern "C" { if (F_status_is_error(main->setting.state.status)) { if (F_status_set_fine(main->setting.state.status) == F_failure) { - firewall_print_error_operation(&main->program.error, tool, main->cache.arguments); + firewall_print_error_operation(&main->program.error, tools[t], main->cache.arguments); } else { firewall_print_error(&main->program.error, macro_firewall_f(fll_execute_program)); @@ -597,7 +596,7 @@ extern "C" { return; } else if (return_code) { - firewall_print_error_operation_return_code(&main->program.error, tool, main->cache.arguments, return_code); + firewall_print_error_operation_return_code(&main->program.error, tools[t], main->cache.arguments, return_code); } } } diff --git a/level_3/firewall/c/main/operate/show.c b/level_3/firewall/c/main/operate/show.c index f20b63f..fdaf248 100644 --- a/level_3/firewall/c/main/operate/show.c +++ b/level_3/firewall/c/main/operate/show.c @@ -75,37 +75,48 @@ extern "C" { firewall_main_flag_operation_show_filter_d, }; - for (uint8_t i = 0; i < 3; ++i) { + const f_string_static_t tools[2] = { main->setting.flag & firewall_main_flag_ipv4_d ? firewall_tool_iptables_s : f_string_empty_s, main->setting.flag & firewall_main_flag_ipv6_d ? firewall_tool_ip6tables_s : f_string_empty_s }; - if (!show_flags[i]) continue; + uint8_t i = 0; + uint8_t t = 0; - parameters.array = show_arrays[i]; - parameters.used = show_lengths[i]; - return_code = 0; + for (; t < 2; ++t) { - // A newline should be printed before each inner message header, but not the first. - if (i) { - f_print_dynamic_raw(f_string_eol_s, main->program.output.to); - } + if (!tools[t].used) continue; - firewall_print_message_show_header(&main->program.output, show_lefts[i], show_headers[i], show_rights[i]); + for (i = 0; i < 3; ++i) { - main->setting.state.status = fll_execute_program(firewall_tool_iptables_s, parameters, 0, 0, (void *) &return_code); + if (!show_flags[i]) continue; - if (main->setting.state.status == F_child) { - main->program.child = return_code; + parameters.array = show_arrays[i]; + parameters.used = show_lengths[i]; + return_code = 0; - return; - } + // A newline should be printed before each inner message header, but not the first. + if (i) { + f_print_dynamic_raw(f_string_eol_s, main->program.output.to); + } - if (F_status_is_error(main->setting.state.status)) { - firewall_print_error_operation(&main->program.error, firewall_tool_iptables_s, parameters); + firewall_print_message_show_header(&main->program.output, show_lefts[i], show_headers[i], show_rights[i], t); - return; - } - else if (return_code) { - firewall_print_error_operation_return_code(&main->program.error, firewall_tool_iptables_s, main->cache.arguments, return_code); - } + main->setting.state.status = fll_execute_program(tools[t], parameters, 0, 0, (void *) &return_code); + + if (main->setting.state.status == F_child) { + main->program.child = return_code; + + return; + } + + if (F_status_is_error(main->setting.state.status)) { + firewall_print_error_operation(&main->program.error, tools[t], parameters); + + return; + } + + if (return_code) { + firewall_print_error_operation_return_code(&main->program.error, tools[t], main->cache.arguments, return_code); + } + } // for } // for main->setting.state.status = F_okay; diff --git a/level_3/firewall/c/main/print/message.c b/level_3/firewall/c/main/print/message.c index 38b1b16..3e5c5c1 100644 --- a/level_3/firewall/c/main/print/message.c +++ b/level_3/firewall/c/main/print/message.c @@ -17,6 +17,11 @@ extern "C" { f_print_dynamic_raw(f_string_eol_s, print->to); + fll_program_print_help_option_short(print, firewall_short_4_s, f_console_symbol_short_normal_s, "Explicitly use IPv4 for show and rules to use iptables."); + fll_program_print_help_option_short(print, firewall_short_6_s, f_console_symbol_short_normal_s, "Explicitly use IPv6 and rules to use ip6tables."); + + f_print_dynamic_raw(f_string_eol_s, print->to); + fll_program_print_help_operations(print); fll_program_print_help_option_other(print, firewall_operation_lock_s, " Switch to rules intended to prevent all communication."); @@ -37,7 +42,7 @@ extern "C" { #endif // _di_firewall_print_message_help_ #ifndef _di_firewall_print_message_show_header_ - f_status_t firewall_print_message_show_header(fl_print_t * const print, const f_string_static_t left, const f_string_static_t header, const f_string_static_t right) { + f_status_t firewall_print_message_show_header(fl_print_t * const print, const f_string_static_t left, const f_string_static_t header, const f_string_static_t right, const uint8_t ipv6) { if (!print) return F_status_set_error(F_output_not); @@ -47,7 +52,7 @@ extern "C" { fl_print_format("%[%Q%] ", print->to, print->set->standout, left, print->set->standout); } - fll_print_format("%[%Q%]", print->to, print->set->title, header, print->set->title, f_string_eol_s); + fll_print_format("%[%Q (%Q)%]", print->to, print->set->title, header, ipv6 ? firewall_print_show_ipv6_s: firewall_print_show_ipv4_s, print->set->title, f_string_eol_s); if (left.used) { fl_print_format(" %[%Q%]", print->to, print->set->standout, right, print->set->standout); diff --git a/level_3/firewall/c/main/print/message.h b/level_3/firewall/c/main/print/message.h index b4d8c9e..50afb1c 100644 --- a/level_3/firewall/c/main/print/message.h +++ b/level_3/firewall/c/main/print/message.h @@ -61,6 +61,9 @@ extern "C" { * @param right * The option to show on the right side of the header text. * The right.used may be 0. + * @param ipv6 + * If TRUE, then print IPv6 string. + * If FALSE, then print IPv4 string. * * @return * F_okay on success. @@ -75,7 +78,7 @@ extern "C" { * @see fl_print_format() */ #ifndef _di_firewall_print_message_show_header_ - extern f_status_t firewall_print_message_show_header(fl_print_t * const print, const f_string_static_t left, const f_string_static_t header, const f_string_static_t right); + extern f_status_t firewall_print_message_show_header(fl_print_t * const print, const f_string_static_t left, const f_string_static_t header, const f_string_static_t right, const uint8_t ipv6); #endif // _di_firewall_print_message_show_header_ #ifdef __cplusplus