Kevin Day [Fri, 9 Jan 2015 03:17:48 +0000 (21:17 -0600)]
Bugfix: reverse order of library links
It seems I got the order backwards.
I was using -lc and all the lowest level libraries on the left of the libraries that depend on it.
This caused unobvious linkage errors down the road.
Reversing the order prevented the problem and allowed for static libraries to link.
It is possible the order issue is with ar and not with gcc.
Kevin Day [Fri, 9 Jan 2015 00:55:55 +0000 (18:55 -0600)]
Bugfix: fix order of library linkage for firewall build settings
The ar command is sensitive to the order in which libraries are added.
Prior to this change, building a static library could have dependencies used before they are defined due to the order in which libraries were added.
Change the order so that libraries are to the right of their dependencies in the command line argument order
Kevin Day [Fri, 9 Jan 2015 00:51:57 +0000 (18:51 -0600)]
Bugfix: fix order of library linkage
The ar command is sensitive to the order in which libraries are added.
Prior to this change, building a static library could have dependencies used before they are defined due to the order in which libraries were added.
Change the order so that libraries are to the right of their dependencies in the command line argument order.
Kevin Day [Fri, 9 Jan 2015 00:34:06 +0000 (18:34 -0600)]
Bugfix: revert compiler workaround 5bdaa0b, place arguments after source
The problem turns out to be that, for gcc at the very least, linker options such as -lc are not properly passed to the linker when it is before the source files.
Using the examples:
1) gcc -lc main.c
2) gcc main.c -lc
In case of #1, the -lc is not passed to the linker.
In case of #2, the -lc is passed to the linker.
All arguments are now being moved after the source parts.
see: 5bdaa0b Workaround: compilers on some systems seem to be sensitive to the order of arguments
see: http://gcc.gnu.org/onlinedocs/gcc/Link-Options.html
Kevin Day [Thu, 8 Jan 2015 03:14:41 +0000 (21:14 -0600)]
Update: f_error changes and more signals
- Added more signal commands.
- Added more signal codes for up to 64 signals.
- Replaced f_error_unmask with f_error_set_fine to be more consistent with the other f_error_set_* names.
- The signal bit is intended to be both the error and warning bit set so it is mathematically the same as the mask bit.
- Change f_none starting point to 197 to handle all possible 64 signals.
Kevin Day [Wed, 31 Dec 2014 02:37:46 +0000 (20:37 -0600)]
Update: add signal code support to f_errors and move error code starting point to 166
Signals are used as the high order bits in a process that exits, which is where I provide error and similar return codes.
For this reason I am adding wrappers to the x86 signal codes in f_errors instead of a separate custom project such as the non-existant f_signals.
It looks like bash mixes the exit codes and signals into the numbers 129 to 165, so start with 166 as well.
Kevin Day [Thu, 16 Oct 2014 04:23:11 +0000 (23:23 -0500)]
Feature: add support for -p, --project in generate.sh
This adds support for defining a custom name for the use of preparing and building a project.
The files will be called .built-$project and .prepare-$project.
This allows for building multiple projects in the same directory path back to back.
Kevin Day [Fri, 8 Aug 2014 00:55:00 +0000 (19:55 -0500)]
Bugfix: add missing required library link dependencies
It seems I got away with forgetting some important libraries that were required by some libraries.
This makes me wonder if this is the cause of the bug that forced me to create the build_alt option.
Kevin Day [Sun, 3 Aug 2014 22:40:35 +0000 (17:40 -0500)]
Bugfix: programs incorrectly reporting version
I noticed, unfortunately after the release and not before, that the proper version number was not being reported.
This seems to have been an oversight.
To reduce the chances of this happening, I decided to make the next version number be the default.
I will make a release after a month or two fixing this.
Kevin Day [Thu, 26 Jun 2014 03:29:51 +0000 (22:29 -0500)]
Workaround: compilers on some systems seem to be sensitive to the order of arguments
As far as I can tell, some systems (in my case, it was on linuxmint, either debian or ubuntu) the compiler interprets the following differently:
1) gcc -lc main.c
2) gcc main.c -lc
The should be the same, but they are not for some compilers.
This is also not as obvious, some programs or libraries compile while others do not.
In my case, I ran the entire compilation of the f_* fl_* and fll_* libraries using the approach from (1).
Everything compiled and worked, up until I tried to compile my firewall program.
It complained that firewall_main was not found, despite all of the libraries in the path being valid.
I had to recompile the entire f_* fl_* and fll_* libraries using (2) for the firewall program to compile.
No functional changes were made, simply the order of compile arguments.
Therefore, I have implemented an alternative version of the build command, called build_alt.
This should be used if you are using a system where (2) is required over (1).
Kevin Day [Tue, 27 Aug 2013 00:27:33 +0000 (19:27 -0500)]
Release: FLL 0.4.0
On second thought, 0.3.1 does not need to be released because there is no further development going on in the 0.3.x branch.
Instead, make a stable release (0.4.0).
Kevin Day [Sat, 7 Jul 2012 23:40:04 +0000 (18:40 -0500)]
Update: Report total number of content parts when doing a total
This is uneeded for basic and basic list, but extended supports multiple content parts.
When -t is passed while doing a selection using -c, report the total number of content parts instead of the total number found.
Kevin Day [Sun, 17 Jun 2012 23:40:05 +0000 (18:40 -0500)]
Bugfix: fl_execute is now fll_execute
At some point fl_execute and level_1/execute.h where moved to level 2: fll_execute and level_2/execute.h.
This corrects files that did not get updated to reflect this change.
Kevin Day [Sun, 10 Jun 2012 19:41:20 +0000 (14:41 -0500)]
Bugfix: ipv6 icmp is different than ipv4 icmp, adjust rules accordingly
The ipv6 in iptables uses a separate command called icmpv6, with the parameter called icmpv6-type.
Adjust the default settings files to use ipv4 icmp only with iptables and ipv6 icmp only with ip6tables.
This also updates the icmp types for ipv6, adding comments on what each type is.
Kevin Day [Sun, 10 Jun 2012 18:31:20 +0000 (13:31 -0500)]
Bugfix: Fix usage of rule_contents for protocol none option
The if condition that is checking for the existing of the protocol option 'none' was improperly setup.
It was using the rule_objects instead of the rule_contents and therefore would never validate.
Kevin Day [Sat, 9 Jun 2012 19:48:41 +0000 (14:48 -0500)]
Cleanup: move color context structure from level 2 to level 1
Nothing in it depends on level 2.
Move it to level 1, making it available to all level 2 projects.
This renames the structure from fll_color_context to fl_color_context.
Appropriate initializers and memory related macros are renamed accordingly.
Kevin Day [Sat, 9 Jun 2012 16:21:09 +0000 (11:21 -0500)]
Cleanup: rename/move f_output to f_print
Be consinstent with the project+names wherever possible.
In this case, it is very much possible.
The functions area already called f_print*, so change the name of the project to f_print.
Kevin Day [Sat, 9 Jun 2012 04:49:36 +0000 (23:49 -0500)]
Update: remove *_initialize for specific types
Data types that are numeric, non-pointer, and non-structure should not need an *_initializer macros.
It has been decided for simplicity purposes that these will be left alone.
All other data types that are either non-numeric, pointers, or structures will continue to require *_initialize macros.
Kevin Day [Sat, 9 Jun 2012 04:25:40 +0000 (23:25 -0500)]
Update: return f_unknown at end of f_is_digit
If for some reason the end of the function is reached, f_unknown is returned.
This should be impossible and if compilers give an error, then that line can be removed.
Kevin Day [Sat, 9 Jun 2012 04:19:00 +0000 (23:19 -0500)]
Update: redesign error codes
This is a major rewrite of the error code system.
Previously, the error system did the following:
- used an unsigned short data type
- allowed for all 16 bits to be used
- because it was unsigned short, different architectures might have different size.
- it is rather inefficient and ugly to check for errors when there may be as many as 30 different error codes to compare against.
The new error system does the following:
- enforce exactly 16-bit unsigned integer by using uint16_t.
- reserves the first two high order bits in the following manner:
- bit 1 = error bit (1000 0000 0000 0000)
- bit 2 = warning bit (0100 0000 0000 0000)
- (note setting both bit 1 and bit 2 is unsupported)
- provide a series of macros to quickly detect and manage the new bits
- limits the total available number of error codes to 14-bits instead of 16-bits
The advantage of the new system is that what the status code is can be detected in one or two conditionals (using bitwise operations).
This should speed up performance and make the code easier to read.
Kevin Day [Fri, 8 Jun 2012 00:39:11 +0000 (19:39 -0500)]
Update: add the new default/example firewall setting files
I forgot to add this with one of the previous commits.
This is the rewrite of the setting rules using custom chains.
This also utilizes the newly added protocol support.
Kevin Day [Fri, 8 Jun 2012 00:36:34 +0000 (19:36 -0500)]
Feature: add support for 'protocol' option
The protocol option adds support for mass adding things like '-p tcp' in front of every rule.
This reduces repetition of the -p * commands.
The 'protocol' option accepts any single parameter or the reserved parameter 'none'.
Using 'none' will turn off the protocol option.
Other than 'none', this poses no restrictions on what the protocol may be.
Instead, that is left to iptables.
Kevin Day [Thu, 7 Jun 2012 23:06:57 +0000 (18:06 -0500)]
Update: rewrite firewall, adding support for custom chains
This is a major redesign of the firewall program.
Iptables chains are now supported automatically.
Each new basic list is itself a chain.
Reserved words not allowed for custom chains are:
- main
- stop
- lock
The 'main' chain signifies use of the default iptables chain.
The layout and structure of the files have been rewritten to utilize chains.
The default-firewall file has been removed and replaced with the following files:
- firewall-first
- firewall-last
- firewall-other
The newly written rules defines default firewall rules and chains such that there the following self-explanatory chains:
- input-tcp
- input-udp
- input-icmp
- output-tcp
- output-udp
- output-firewall
In addition to the above changes, the base functionality has been broken up into smaller functions to improve code quality.
Kevin Day [Thu, 7 Jun 2012 05:33:03 +0000 (00:33 -0500)]
Update: add support for array_length arrays
Because this uses memory operations it was moved to a separate file called types_arrays.h
This adds a dependency on f_memory.
While the dependency is circular, f_types will never provide source files.
Therefore chicken and the egg issues should not be a problem (f_types is always installed before f_memory).
Kevin Day [Thu, 7 Jun 2012 00:45:00 +0000 (19:45 -0500)]
Bugfix: reset position on back to back lists
If two lists are back to back such that one does not have content, then make sure that the position resets to the start.
If this does not happen, then the next object will be skipped.
Kevin Day [Wed, 6 Jun 2012 23:11:55 +0000 (18:11 -0500)]
Update: remove used vs size parameter checking
Remove this so that non-dynamic strings can be placed in a dynamic string data type.
In such cases, the dynamic string has a used but not a size.
This means allocations should not be performed on the string.
Kevin Day [Tue, 3 Apr 2012 23:16:40 +0000 (18:16 -0500)]
Cleanup: Move private functions into its own source and header files
It has become painfully apparent that much of the firewall main function needs to be broken down into smaller functions for managability and readability purposes.
The first step in doing such is to create a privte header and source files and move all internal functions there.
Everything in the private-* files are intended to never be exposed in the library.
Its only purpose is to make programming large projects more managable and readable.
As such, none of the functions should ever be considered part of the libraries/programs api.
Kevin Day [Sun, 1 Apr 2012 20:54:28 +0000 (15:54 -0500)]
Update: add support for custom user chains
Users should now be able to add their own custom chains.
Chains can be created by creating a new fss object that is not one of the following: first, last, stop, lock, or main.
Kevin Day [Sat, 31 Mar 2012 23:14:54 +0000 (18:14 -0500)]
Bugfix: set stop point to before a valid close quote, not after
The following reproduces the error:
- fss_basic_write -t object -s 'Hell o\' | fss_basic_read -o
Should produce the original string, but instead included the double quote used to signify object close.
Kevin Day [Sat, 31 Mar 2012 23:04:56 +0000 (18:04 -0500)]
Update: rework delimit management to ensure delimits are only applied when valid.
This unfortunately increases the complexity slightly as deallocation must occur before functions exist.
On the other hand doing so avoids overly complicated loops that would probably make the code less readable.
Kevin Day [Sat, 31 Mar 2012 20:19:34 +0000 (15:19 -0500)]
Bugfix: be sure to delimit trailing \ if it is an the end of a quoted content
What happens is that if the content is (ignore single quotes): 'hell o\'.
The fss extended content conversion should be (include double quotes): "hell o\\".
The code must realize that the last \ is a would end up before a quote, or one would get: "hell o\".
That content string would then be classified as an unterminated group.
Kevin Day [Sat, 31 Mar 2012 18:54:00 +0000 (13:54 -0500)]
Bugfix: Do not de-allocate the additional array
Do not de-allocate this array when some allocation error happens.
The data is defined outside of this function, so leave it to the caller to handle deallocation.
This allows for giving the caller more choices when trying to decided what to do on allocation problem.
For example, some program may want to try to continue anyway even if there is an allocation problem.
It will be tricky, but in such a case one would just have to make do with what is already allocated.
Kevin Day [Sat, 31 Mar 2012 02:34:23 +0000 (21:34 -0500)]
Bugfix: checking for == on fwrite size results is not an error
The code was checking the total number of bytes written and the total number expected to be written.
If both numbers are the same, then this cannot be an error.
Kevin Day [Fri, 30 Mar 2012 00:47:03 +0000 (19:47 -0500)]
Update: rewrite basic list object and content read functions
Follow the new approach.
Also, it occured to me that there is no reason to support quoted object names for a basic list.
The reasoning behind this is that the basic list object always terminates on a newline and there cannot be any content on that newline.
If there is no content, then there is no reason to protect the object by wrapping it in quotes as done in basic an extended.
Quote support has been removed and as a result the implementation of the object and content reads are much simpler.
Kevin Day [Mon, 26 Mar 2012 00:20:48 +0000 (19:20 -0500)]
Update: return stop points even when no object/content is found
This makes a things a little more consistent.
If an object was not found, then the code would seek to the end of line or a stop point.
Prior to this patch, after doing the sleep, the appropriate object/content not found is returned when a stop point was reached.
Now, the appropriate no_data or none stop point return value is used in such a case.
Kevin Day [Sun, 25 Mar 2012 20:44:44 +0000 (15:44 -0500)]
Bugfix: fix return state codes for stop point
For objects, if an object was not found and a stop point was reached, return approproate f_no_data codes.
For objects and content, if a stop state was reached during a quoted group, return appropriate f_unterminated_group codes.
For objects and content, if a stop state was reached during a valid pass, return appropriate f_none codes.
Kevin Day [Sat, 24 Mar 2012 21:46:56 +0000 (16:46 -0500)]
Update: rewrite fss extended content read function
This was rewritten to follow the same style that the object read uses.
Because content can have multiple "groups", an outer loop had to be added.
For some reason I feel like I am forgetting something or doing something wrong here, but I cannot tell what that is and so I note my concern here.
Kevin Day [Thu, 22 Mar 2012 00:43:44 +0000 (19:43 -0500)]
Bugfix: initial slash + quote only needs one additional slash on match at start when writing
If the object or content group begins with any number of slashes followed by a single or double quite, only a single slash is needed to delimit the quote.
This is done because no valid object or content group can start with a slash and expected to be treated as if it were quoted.
That means the quote is meaningless.
The initial slash delimit is necessary in case the object name starts with a single or double quote but it should not be treated as such.
This for an object name of " would be written as \".
Kevin Day [Wed, 21 Mar 2012 03:01:23 +0000 (22:01 -0500)]
Bugfix: delimit whitespaces on write
I believe I had a mental lapse on this one.
The previous code was acting like a read operation in certain cases when dealing with whitespace.
When doing a write if a white space exists treat don't ignore it; instead, wrap it in quotes so that object names can contain spaces.
For example " " is a valid object name which is a object whose name is a single space.
Kevin Day [Tue, 20 Mar 2012 03:25:45 +0000 (22:25 -0500)]
Bugfix: remove default from switch to avoid returning f_unknown
While it is good practice to always have a default: in switch, I believe this is a case where it is not.
Do not provide a default switch so that the default return statement is always false.
This prevents having to return f_unknown at the end of the function as it is now possible to get to the end of the function.
Kevin Day [Tue, 20 Mar 2012 03:14:18 +0000 (22:14 -0500)]
Update: handle eol when doing writes
If the buffer being read from contains an eol, then do not process any further.
This prevents writing newlines without ignoring them entirely.
This returns f_none_on_eol, which does not exist yet.
A commit following this one will add the eol return codes.
Kevin Day [Tue, 20 Mar 2012 03:10:50 +0000 (22:10 -0500)]
Bugfix: add buffer overflow checks
When I added the input parameter to the write functions I forgot to do buffer size checks now that the input size could be different than the buffer size.
Kevin Day [Fri, 16 Mar 2012 22:00:06 +0000 (17:00 -0500)]
Cleanup: mass change ){ into ) {
I have decided that the syntax style should have a space between ){ from now on.
I did this change in mass via a sed script.
I did not notice any incorrect changes, but there is more to review than I am willing to review.
Kevin Day [Fri, 16 Mar 2012 21:54:24 +0000 (16:54 -0500)]
Bugfix: process quotes at the start of a basic object
This was overlooked.
If the first character is a single quote or a double quote, then it must be delimited.
If the first character is a slash, followed by any number of slashes and then followed by a single or double quote, then all slashes and the quote must be delimited.
Starting slashed that are not followed by a single or double quote must not be delimited.
Kevin Day [Fri, 16 Mar 2012 03:50:36 +0000 (22:50 -0500)]
Update: add write support for fss basic
This adds the write functions for converting a dynamic string that represents an fss basic object into a valid object.
This adds the write functions for converting a dynamic string that represents an fss basic content into a valid content.