Kevin Day [Sat, 31 Aug 2019 20:59:55 +0000 (15:59 -0500)]
Update: handle invalid UTF-8 fragments
A 1-width UTF-8 character (that is not a valid ASCII character) is used to designate part of a complete UTF-8 character block (aka: 1-width UTF-8 characters are fragments).
Because this fragment cannot exist in isolation, it must be handled as either an invalid or an incomplete UTF-8 fragment.
Provide new status codes for handling incomplete UTF-8 fragments.
Update appropriate functions to detect and handle these invalid or incomplete fragments.
Kevin Day [Fri, 30 Aug 2019 17:48:54 +0000 (12:48 -0500)]
Update: redesign console processing code
Simplify the console structure and reduce the size of codes and parameters.
The "extra" parameter seems a bit overkill, remove it and help keep this project more along the lines of the idea of "Featureless".
Rewrite and document fl_process_parameters().
Implementing functions were only functionally updated.
Additional changes are likely necessary for the logic, such as supporting multiple calls like "program -h +n +l", which by order of operation the final "+l" should override the "+n".
Kevin Day [Fri, 30 Aug 2019 01:10:01 +0000 (20:10 -0500)]
Cleanup: f_color, fl_color, and related
In particular, some of the color print functions are not following the naming convention.
The function fl_print_color() should instead be fl_color_print().
Make sure appropriate #define statements have macro in their name.
Add some @fixme comments because f_dynamic_string is designed with the intentions of not being NULL terminated.
Directly using it with standard functions like fprint is dangerous.
Kevin Day [Thu, 29 Aug 2019 21:57:34 +0000 (16:57 -0500)]
Cleanup: rename f_errors to f_status, fl_errors to fl_status, and fll_errors to fll_status
Originally f_errors was meant only for error handling but it quickly turned into status code handling (which includes errors).
The naming system of f_errors is now confusing and misleading so change it to f_status.
This makes far more sense, for example:
- f_error_is_error vs f_status_is_error.
- f_error_set_error vs f_status_set_error
Kevin Day [Thu, 29 Aug 2019 19:40:25 +0000 (14:40 -0500)]
Cleanup: rename return_code to status_code and fss_return_code to fss_status_code
The "return codes" were originally intended to be literal return codes.
When the error codes were converted to have error bits, warning bits, and signal bits, this no longer became the case.
Refactor return_code into status_code to be more accurate.
Kevin Day [Fri, 23 Aug 2019 03:50:50 +0000 (22:50 -0500)]
Update: implement UTF-8 support in fss processing code and add additional functionality
Additional functionality includes implementing f_utf_character in f_utf.
Includes numerous other small UTF-8 updates.
Some macros have been wrapped in parenthesis to avoid unobvious issues such as when adding an exclamation before a macro call (and the possible order of operation issues).
Kevin Day [Fri, 9 Aug 2019 00:13:21 +0000 (19:13 -0500)]
Feature: support custom 'defines'
Some libraries or packages have custom defines, such as the firewall _en_firewall_debug_.
Provide simple documentation of the defines, in the data/build/defines file.
Provide build settings values for specifying these custom defines.
Provide parameter for manually overriding defines.
Some path settings have been renamed to avoid confusion (such as '--c_path' is now '--path_c').
Kevin Day [Tue, 30 Jul 2019 01:35:02 +0000 (20:35 -0500)]
Update: add build_libraries_fll build setting
Add a new parameter to make it easier to switch between individual compilation, level compilation, and monolithic compilation.
This parameter will only be used for fll-specific libraries.
For programs (aka: "level 3") commented out examples for linking against level-based and monolithic are provided.
The configurations can then be easily swapped out by a couple of simple sed statements, such as:
- sed -i -e 's|^build_libraries_fll\>|#&|g' data/build/settings
- sed -i -e 's|^#build_libraries_fll-level\>|build_libraries_fll|g' data/build/settings
The above example will switch to the level based compiling, while disabling the individual compiling.
The level based compiling compiles each of the levels 0, 1, and 2 as a single library for each level, resulting in libraries such as:
- libfll_0-0.5.0.so
- libfll_1-0.5.0.so
- libfll_2-0.5.0.so
The monolithic based compiling compiles all of the levels 0, 1, and 2 as a single library, resulting in libraries such as:
- libfll-0.5.0.so
The standard names of individual, level, and monolithic do not overlap by default and can therefoe be installed side-by-side.
Kevin Day [Mon, 29 Jul 2019 04:01:42 +0000 (23:01 -0500)]
Feature: work directory support
Work Directory provides an easier way for developers to compile and test a particular set of FLL libraries and programs without conflicting with the host system.
If the host system has some version of the FLL project installed, the versions in the work directory will be used instead of the system directories.
Specifying the work directory is done via the '-w' or '--work_directory' commands.
To better achieve this functionality in the install.sh script, four new additional parameters were created:
- --libraries-static
- --libraries-shared
- --programs-static
- --programs-shared
These provide additional relative or absolute paths for installing the programs and libraries into.
The relative paths for --libraries-static and --libraries-shared is the library directory (which can be specified via --libdir).
The relative paths for --programs-static and --programs-shared is the program directory (which can be specified via --bindir).
Kevin Day [Mon, 29 Jul 2019 01:34:08 +0000 (20:34 -0500)]
Cleanup: private firewall files do not need to be #ifdef wrapped
The #ifdef wrappers are intended for custom overrides, which should apply only to functions treated as "public".
These firewall files beginning with private- are private and do not need these wrappings.
Kevin Day [Sun, 28 Jul 2019 22:02:49 +0000 (17:02 -0500)]
Bugfix: install script destination parameters not being respected
I used the wrong name in the grab_next variable when designating to grab the next includedir and libdir.
There is also a mistake where I was copying the destination_prefix onto itself.
Kevin Day [Sun, 28 Jul 2019 21:48:42 +0000 (16:48 -0500)]
Update: always return 1 on failure
There were some cases where exit is not being called and other cases where exit 0 is being called.
Make sure that exit 1 is called on error so that this script can then be scriptable.
Kevin Day [Sat, 27 Jul 2019 21:31:09 +0000 (16:31 -0500)]
Security: set default policy to DROP after deleting chains
Performing numerous syscalls can by slow.
During this time, if the default behavior is open, then unwanted packets may make it through.
By dropping by default, these packets will not go through.
Kevin Day [Fri, 26 Jul 2019 03:00:43 +0000 (22:00 -0500)]
Cleanup: Use new comment structure at the tops of files
Just put the comments in the header files.
Simplify the comment stucture.
The git repository provides the authors/credits, no need to explicitly do so in the files anymore.
Do not provide the micro version, instead provide the major and minor versions in the files (which effectively represent the API version).
Kevin Day [Fri, 26 Jul 2019 02:31:55 +0000 (21:31 -0500)]
Revert: remove custom type defines, including use of f_autochar
The intent of these custom types is to allow for easily replacing what the type represents.
I have decided that this extent of doing such is overkill.
Revert the custom types to instead rely on the C/C++ defined types, where appropriate.
After having gained more experience with utf-8 an other unicode standards, I have come to conclude that the wchar type should not be used.
This project will support the char type instead of the wchar type.
All uses have been replaced with char.
Kevin Day [Fri, 26 Jul 2019 01:49:29 +0000 (20:49 -0500)]
Bugfix: bash/linux does not support setting high bits on return codes
These bits are generally reserved for process-specific behavior.
Explicitly return 0 for success and 1 for failure.
The firewall program already does this.
The return codes from the main functions of each project will continue to utilize all of the bits as designed.
This will allow for projects that link to the library to get the actual return codes while simultaneously being compatible with Linux and Bash.
Later versions may provide alternative ways to get the error code from within the shell.
For example, if a specific return code environment variable is set, then the program could populate that environment variable on exit (clearing it on start).
This was originally defined online, but I had lost the data at some point.
The internet archive didn't cache the page and the data lost happened during the time I was changing the website.
The specifications were simple enough to be rewritten, but I have done so in haste.
Some of the specifications will be documented at a later date.
I do not remember what advanced reverse mapping was intended to be, so I replaced it with the custom json-like specification.
The goal of the json-like specification is to write it such that it is still valid json (minus any comments).
It is currently added to preserve the idea but there are no immediate plans to implement this specification.
Kevin Day [Thu, 25 Jul 2019 04:43:28 +0000 (23:43 -0500)]
Cleanup: fix comments and remove commented out memset
According to the standards that I have read, calloc() guarantees zero'd memory, so memset is not needed.
It so happens that the memset was commented out already, so just remove it.
There are some memset related comments that incorrectly use the word 'bool' when the word 'char' should be used.
Kevin Day [Tue, 23 Jul 2019 03:58:01 +0000 (22:58 -0500)]
Update: Add additional options, fix minor problems, and other miscellaneous fixes in regards to generate.sh and package.sh scripts
Add functionality provided in install.sh, such as configure based system compatible options: --enable-statuc, --disable-static, --enable-shared, and --disable-shared.
Fix some typos (such as failire which should instead be failure).
Tweak highlight colors used.
Use a separate "operation_failure" variable instead of recycling "operation" for parameter operation problems.
Add -S/--path_s parameter option for specifying a custom settings path.
If paths have a leading slash (/), remove duplicate slashes (such as "///bin/" -> "/bin/").
Make sure the new install.sh script gets added by the package.sh script.
The variable "sources_settings" is using the wrong source path (which was "path_c").
Instead, use the newly added "path_s".
Kevin Day [Tue, 23 Jul 2019 03:55:51 +0000 (22:55 -0500)]
Feature: add install.sh helper script
Provide a very basic install helper script for systems (or users) that do not have or do not want to use their package system to install the compiled files.
This is only intended to help someone install.
It is still recommended that a distribution or packager should povide their own tools to perform the installation.
Kevin Day [Sun, 21 Jul 2019 21:06:13 +0000 (16:06 -0500)]
Update: fix firewall utility and utilize recently added functionality
There were a few logic flaws in regards to the processing and memory management.
Switch to new logic where f_new_* and f_clear_* is utilized.
Update accodingly to the fll_execute changes.
Update the default configuration files.
Update the debugging code to work as expected.
Replace string cuntions with memory functions, such as replacing strncat with memcpy.
Add some new helper macros.
Delete all custom chains when rewriting rules to prevent problems.
Iptables unfortunately does not provide a way to check and see if a chain already exists.
Kevin Day [Sun, 21 Jul 2019 20:59:30 +0000 (15:59 -0500)]
Update: rewrite fll_execute, ensuring f_eol are properly added (and auto-add progam name where possible)
Previously, the f_eol was added but it assumed that there was actual room at the end of the allocated buffer to do so.
This now explicilty allocates a new buffer with room for the terminating f_eol.
The progam name is already provided, so do not require it to be added to the arguments (auto-add it).
Kevin Day [Fri, 19 Jul 2019 03:38:41 +0000 (22:38 -0500)]
Bugfix: firewall show command operating as lock
The debug parameters is conditionally enabled/disabled but the enum is not.
Make the enum conditionally enable/disable the debug option to prevent the wrong id from being used when debug is disabled.
Fix the alignment of the debug message.
Conditionally enable/disable displaying the debug in the help.
Kevin Day [Fri, 19 Jul 2019 03:12:16 +0000 (22:12 -0500)]
Bugfix: project compiled libraries are not being found
This is the result of an oversight when I converted the libraries directory to have static and shared into subdirectories.
The explicit link path was not updated accordingly.
Kevin Day [Fri, 19 Jul 2019 01:14:38 +0000 (20:14 -0500)]
Feature: add package generation helper scrript
There are four intended package design modes:
1) individual - each package is separated into their own individual directory and version.
2) level - Each of the three levels (level 0, level 1, and level 2) are put into their own directory and version.
3) monolothic - All three levels (level 0, level 1, and level 2) are put into a single directory and version.
Monolithic is not currently implemented due to design limitations in the generate.sh script and build settings files.
Kevin Day [Thu, 18 Jul 2019 01:11:17 +0000 (20:11 -0500)]
Security: use signed integers for string lengths and array lenghts by default
Standard functions, such as strnlen(), appear to operate on signed integers instead of unsigned.
Not being able to handle unsigned integers provides unknown behavior that could lead to potential security vulnerabilities.
Future versions of this project will likely need to abandon these methods for more flexible alternatives.
Example problem:
sources/c/console.c:36:23: warning: 'strnlen' specified bound 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Wstringop-overflow=]
36 | string_length = strnlen(argv[location], f_console_max_size);
That is 2^63 instead of the expected 2^64.
The array lengths were converted to signed as well.
Kevin Day [Wed, 17 Jul 2019 03:07:13 +0000 (22:07 -0500)]
Bugfix: variables not being stored in array
Do not directly use string in bash array arguments.
More recent versions of bash do not handle this as expected.
Move explicit string to a variable and then use that variable to access the array.
Kevin Day [Sun, 17 Jan 2016 20:29:41 +0000 (14:29 -0600)]
Progress: add the current (draft) of the custom init program
This is effectively a draft of my ideas and is entirely experimental and incomplete.
I am adding it now because of numerous hard-drive failures and data loss of late.
Kevin Day [Sun, 17 Jan 2016 20:20:56 +0000 (14:20 -0600)]
Update: add new rules to firewall (while fixing accident in previous commit)
The earlier commit that applied stale changes apparently had deleted all the rules in the firewall file.
This data has been added back in addition to the new rules and structure.
Kevin Day [Sun, 17 Jan 2016 20:19:36 +0000 (14:19 -0600)]
Progress: miscellaneous changes
I was working on stuff a while back and was taken away from the project for quite a while.
These are some uncommitted changes that I would rather commit immediately and then move forward.
There are some other changes I will follow up in separate commits, such as the socket work and the init work.
Kevin Day [Wed, 14 Jan 2015 10:19:01 +0000 (04:19 -0600)]
Bugfix: direction option was confusing because it was mixed with chains
- Separate direction command into two separate commands: direction, and chain.
- The chain command mimics iptables chains and is automatically populated by the custom lists (aka: custom chains).
- When direction is set to something other than none, then the active ethernet device is used.
- Code cleanup and changes were performed while working on this.
- Added basic support for debugging, define _en_firewall_debug_ to enable custom debugging parameter.
Kevin Day [Wed, 14 Jan 2015 04:21:34 +0000 (22:21 -0600)]
Update: improve the contents firewall settings files
- Add more information to the example firewall settings.
- Improve/fix dhcp client/server rules
- Block/Blackhole unicasts, multicasts, and broadcasts.
- Add some examples rules on conntrack and some security rules.
Kevin Day [Fri, 9 Jan 2015 03:17:48 +0000 (21:17 -0600)]
Bugfix: reverse order of library links
It seems I got the order backwards.
I was using -lc and all the lowest level libraries on the left of the libraries that depend on it.
This caused unobvious linkage errors down the road.
Reversing the order prevented the problem and allowed for static libraries to link.
It is possible the order issue is with ar and not with gcc.
Kevin Day [Fri, 9 Jan 2015 00:55:55 +0000 (18:55 -0600)]
Bugfix: fix order of library linkage for firewall build settings
The ar command is sensitive to the order in which libraries are added.
Prior to this change, building a static library could have dependencies used before they are defined due to the order in which libraries were added.
Change the order so that libraries are to the right of their dependencies in the command line argument order
Kevin Day [Fri, 9 Jan 2015 00:51:57 +0000 (18:51 -0600)]
Bugfix: fix order of library linkage
The ar command is sensitive to the order in which libraries are added.
Prior to this change, building a static library could have dependencies used before they are defined due to the order in which libraries were added.
Change the order so that libraries are to the right of their dependencies in the command line argument order.
Kevin Day [Fri, 9 Jan 2015 00:34:06 +0000 (18:34 -0600)]
Bugfix: revert compiler workaround 5bdaa0b, place arguments after source
The problem turns out to be that, for gcc at the very least, linker options such as -lc are not properly passed to the linker when it is before the source files.
Using the examples:
1) gcc -lc main.c
2) gcc main.c -lc
In case of #1, the -lc is not passed to the linker.
In case of #2, the -lc is passed to the linker.
All arguments are now being moved after the source parts.
see: 5bdaa0b Workaround: compilers on some systems seem to be sensitive to the order of arguments
see: http://gcc.gnu.org/onlinedocs/gcc/Link-Options.html
Kevin Day [Thu, 8 Jan 2015 03:14:41 +0000 (21:14 -0600)]
Update: f_error changes and more signals
- Added more signal commands.
- Added more signal codes for up to 64 signals.
- Replaced f_error_unmask with f_error_set_fine to be more consistent with the other f_error_set_* names.
- The signal bit is intended to be both the error and warning bit set so it is mathematically the same as the mask bit.
- Change f_none starting point to 197 to handle all possible 64 signals.
Kevin Day [Wed, 31 Dec 2014 02:37:46 +0000 (20:37 -0600)]
Update: add signal code support to f_errors and move error code starting point to 166
Signals are used as the high order bits in a process that exits, which is where I provide error and similar return codes.
For this reason I am adding wrappers to the x86 signal codes in f_errors instead of a separate custom project such as the non-existant f_signals.
It looks like bash mixes the exit codes and signals into the numbers 129 to 165, so start with 166 as well.
Kevin Day [Thu, 16 Oct 2014 04:23:11 +0000 (23:23 -0500)]
Feature: add support for -p, --project in generate.sh
This adds support for defining a custom name for the use of preparing and building a project.
The files will be called .built-$project and .prepare-$project.
This allows for building multiple projects in the same directory path back to back.
Kevin Day [Fri, 8 Aug 2014 00:55:00 +0000 (19:55 -0500)]
Bugfix: add missing required library link dependencies
It seems I got away with forgetting some important libraries that were required by some libraries.
This makes me wonder if this is the cause of the bug that forced me to create the build_alt option.
Kevin Day [Sun, 3 Aug 2014 22:40:35 +0000 (17:40 -0500)]
Bugfix: programs incorrectly reporting version
I noticed, unfortunately after the release and not before, that the proper version number was not being reported.
This seems to have been an oversight.
To reduce the chances of this happening, I decided to make the next version number be the default.
I will make a release after a month or two fixing this.