Kevin Day [Fri, 8 Jun 2012 00:36:34 +0000 (19:36 -0500)]
Feature: add support for 'protocol' option
The protocol option adds support for mass adding things like '-p tcp' in front of every rule.
This reduces repetition of the -p * commands.
The 'protocol' option accepts any single parameter or the reserved parameter 'none'.
Using 'none' will turn off the protocol option.
Other than 'none', this poses no restrictions on what the protocol may be.
Instead, that is left to iptables.
Kevin Day [Thu, 7 Jun 2012 23:06:57 +0000 (18:06 -0500)]
Update: rewrite firewall, adding support for custom chains
This is a major redesign of the firewall program.
Iptables chains are now supported automatically.
Each new basic list is itself a chain.
Reserved words not allowed for custom chains are:
- main
- stop
- lock
The 'main' chain signifies use of the default iptables chain.
The layout and structure of the files have been rewritten to utilize chains.
The default-firewall file has been removed and replaced with the following files:
- firewall-first
- firewall-last
- firewall-other
The newly written rules defines default firewall rules and chains such that there the following self-explanatory chains:
- input-tcp
- input-udp
- input-icmp
- output-tcp
- output-udp
- output-firewall
In addition to the above changes, the base functionality has been broken up into smaller functions to improve code quality.
Kevin Day [Thu, 7 Jun 2012 05:33:03 +0000 (00:33 -0500)]
Update: add support for array_length arrays
Because this uses memory operations it was moved to a separate file called types_arrays.h
This adds a dependency on f_memory.
While the dependency is circular, f_types will never provide source files.
Therefore chicken and the egg issues should not be a problem (f_types is always installed before f_memory).
Kevin Day [Thu, 7 Jun 2012 00:45:00 +0000 (19:45 -0500)]
Bugfix: reset position on back to back lists
If two lists are back to back such that one does not have content, then make sure that the position resets to the start.
If this does not happen, then the next object will be skipped.
Kevin Day [Wed, 6 Jun 2012 23:11:55 +0000 (18:11 -0500)]
Update: remove used vs size parameter checking
Remove this so that non-dynamic strings can be placed in a dynamic string data type.
In such cases, the dynamic string has a used but not a size.
This means allocations should not be performed on the string.
Kevin Day [Tue, 3 Apr 2012 23:16:40 +0000 (18:16 -0500)]
Cleanup: Move private functions into its own source and header files
It has become painfully apparent that much of the firewall main function needs to be broken down into smaller functions for managability and readability purposes.
The first step in doing such is to create a privte header and source files and move all internal functions there.
Everything in the private-* files are intended to never be exposed in the library.
Its only purpose is to make programming large projects more managable and readable.
As such, none of the functions should ever be considered part of the libraries/programs api.
Kevin Day [Sun, 1 Apr 2012 20:54:28 +0000 (15:54 -0500)]
Update: add support for custom user chains
Users should now be able to add their own custom chains.
Chains can be created by creating a new fss object that is not one of the following: first, last, stop, lock, or main.
Kevin Day [Sat, 31 Mar 2012 23:14:54 +0000 (18:14 -0500)]
Bugfix: set stop point to before a valid close quote, not after
The following reproduces the error:
- fss_basic_write -t object -s 'Hell o\' | fss_basic_read -o
Should produce the original string, but instead included the double quote used to signify object close.
Kevin Day [Sat, 31 Mar 2012 23:04:56 +0000 (18:04 -0500)]
Update: rework delimit management to ensure delimits are only applied when valid.
This unfortunately increases the complexity slightly as deallocation must occur before functions exist.
On the other hand doing so avoids overly complicated loops that would probably make the code less readable.
Kevin Day [Sat, 31 Mar 2012 20:19:34 +0000 (15:19 -0500)]
Bugfix: be sure to delimit trailing \ if it is an the end of a quoted content
What happens is that if the content is (ignore single quotes): 'hell o\'.
The fss extended content conversion should be (include double quotes): "hell o\\".
The code must realize that the last \ is a would end up before a quote, or one would get: "hell o\".
That content string would then be classified as an unterminated group.
Kevin Day [Sat, 31 Mar 2012 18:54:00 +0000 (13:54 -0500)]
Bugfix: Do not de-allocate the additional array
Do not de-allocate this array when some allocation error happens.
The data is defined outside of this function, so leave it to the caller to handle deallocation.
This allows for giving the caller more choices when trying to decided what to do on allocation problem.
For example, some program may want to try to continue anyway even if there is an allocation problem.
It will be tricky, but in such a case one would just have to make do with what is already allocated.
Kevin Day [Sat, 31 Mar 2012 02:34:23 +0000 (21:34 -0500)]
Bugfix: checking for == on fwrite size results is not an error
The code was checking the total number of bytes written and the total number expected to be written.
If both numbers are the same, then this cannot be an error.
Kevin Day [Fri, 30 Mar 2012 00:47:03 +0000 (19:47 -0500)]
Update: rewrite basic list object and content read functions
Follow the new approach.
Also, it occured to me that there is no reason to support quoted object names for a basic list.
The reasoning behind this is that the basic list object always terminates on a newline and there cannot be any content on that newline.
If there is no content, then there is no reason to protect the object by wrapping it in quotes as done in basic an extended.
Quote support has been removed and as a result the implementation of the object and content reads are much simpler.
Kevin Day [Mon, 26 Mar 2012 00:20:48 +0000 (19:20 -0500)]
Update: return stop points even when no object/content is found
This makes a things a little more consistent.
If an object was not found, then the code would seek to the end of line or a stop point.
Prior to this patch, after doing the sleep, the appropriate object/content not found is returned when a stop point was reached.
Now, the appropriate no_data or none stop point return value is used in such a case.
Kevin Day [Sun, 25 Mar 2012 20:44:44 +0000 (15:44 -0500)]
Bugfix: fix return state codes for stop point
For objects, if an object was not found and a stop point was reached, return approproate f_no_data codes.
For objects and content, if a stop state was reached during a quoted group, return appropriate f_unterminated_group codes.
For objects and content, if a stop state was reached during a valid pass, return appropriate f_none codes.
Kevin Day [Sat, 24 Mar 2012 21:46:56 +0000 (16:46 -0500)]
Update: rewrite fss extended content read function
This was rewritten to follow the same style that the object read uses.
Because content can have multiple "groups", an outer loop had to be added.
For some reason I feel like I am forgetting something or doing something wrong here, but I cannot tell what that is and so I note my concern here.
Kevin Day [Thu, 22 Mar 2012 00:43:44 +0000 (19:43 -0500)]
Bugfix: initial slash + quote only needs one additional slash on match at start when writing
If the object or content group begins with any number of slashes followed by a single or double quite, only a single slash is needed to delimit the quote.
This is done because no valid object or content group can start with a slash and expected to be treated as if it were quoted.
That means the quote is meaningless.
The initial slash delimit is necessary in case the object name starts with a single or double quote but it should not be treated as such.
This for an object name of " would be written as \".
Kevin Day [Wed, 21 Mar 2012 03:01:23 +0000 (22:01 -0500)]
Bugfix: delimit whitespaces on write
I believe I had a mental lapse on this one.
The previous code was acting like a read operation in certain cases when dealing with whitespace.
When doing a write if a white space exists treat don't ignore it; instead, wrap it in quotes so that object names can contain spaces.
For example " " is a valid object name which is a object whose name is a single space.
Kevin Day [Tue, 20 Mar 2012 03:25:45 +0000 (22:25 -0500)]
Bugfix: remove default from switch to avoid returning f_unknown
While it is good practice to always have a default: in switch, I believe this is a case where it is not.
Do not provide a default switch so that the default return statement is always false.
This prevents having to return f_unknown at the end of the function as it is now possible to get to the end of the function.
Kevin Day [Tue, 20 Mar 2012 03:14:18 +0000 (22:14 -0500)]
Update: handle eol when doing writes
If the buffer being read from contains an eol, then do not process any further.
This prevents writing newlines without ignoring them entirely.
This returns f_none_on_eol, which does not exist yet.
A commit following this one will add the eol return codes.
Kevin Day [Tue, 20 Mar 2012 03:10:50 +0000 (22:10 -0500)]
Bugfix: add buffer overflow checks
When I added the input parameter to the write functions I forgot to do buffer size checks now that the input size could be different than the buffer size.
Kevin Day [Fri, 16 Mar 2012 22:00:06 +0000 (17:00 -0500)]
Cleanup: mass change ){ into ) {
I have decided that the syntax style should have a space between ){ from now on.
I did this change in mass via a sed script.
I did not notice any incorrect changes, but there is more to review than I am willing to review.
Kevin Day [Fri, 16 Mar 2012 21:54:24 +0000 (16:54 -0500)]
Bugfix: process quotes at the start of a basic object
This was overlooked.
If the first character is a single quote or a double quote, then it must be delimited.
If the first character is a slash, followed by any number of slashes and then followed by a single or double quote, then all slashes and the quote must be delimited.
Starting slashed that are not followed by a single or double quote must not be delimited.
Kevin Day [Fri, 16 Mar 2012 03:50:36 +0000 (22:50 -0500)]
Update: add write support for fss basic
This adds the write functions for converting a dynamic string that represents an fss basic object into a valid object.
This adds the write functions for converting a dynamic string that represents an fss basic content into a valid content.
Kevin Day [Fri, 16 Mar 2012 02:06:22 +0000 (21:06 -0500)]
Update: use the error code source name instead of a human friendly name for error code translation
The human friendly variant is more convenient, but it is probably better to use the machien name directly on error output.
This should make things script-friendly and also allow for distinguishing something simimarl to f_my_error and fl_my_error.
With f_my_error and fl_my_error, using the previous method, both would report as "my error", when in fact they are different errors.
The down side is that this now requires 1 more step to convert the codes into a human friendly name.
Kevin Day [Thu, 15 Mar 2012 01:46:29 +0000 (20:46 -0500)]
Cleanup: remove useless code
I was considering to use status to return true or false, but later changed my mind.
There was a line of code where I was initialize status, this code is no longer needed.
Kevin Day [Thu, 15 Mar 2012 01:45:20 +0000 (20:45 -0500)]
Bugfix: correct linkage agains fll_execute
The fll_execute used to be fl_execute, when it was changed the projects that depended on it did not get changed.
This updates the build settings to link to the proper library.
Kevin Day [Tue, 13 Mar 2012 03:03:13 +0000 (22:03 -0500)]
Update: rename *error_code projects to *return_code
This should make the applications make a little more sense.
That is, when testing for not-error codes, it makes more sense to say not-error return codes than to say not-error error codes.
Kevin Day [Mon, 12 Mar 2012 16:48:49 +0000 (11:48 -0500)]
Update: add support for identifying errors, warnings, and okays
Add three new parameters: is_okay, is_warning, and is_error.
These should test to see if the error code is in fact an error, a warning, or not an error.
Kevin Day [Mon, 12 Mar 2012 16:23:33 +0000 (11:23 -0500)]
Update: change return codes enum to start at 131
This should makes things sort of compatible with bash shell scripts.
Bash limits its return states to 255, so the fss return codes may still not always function..
This at least allows for some sort of compatibility.
Kevin Day [Sun, 11 Mar 2012 05:31:03 +0000 (23:31 -0600)]
Update: return the literal error code
The error code was being converted into 0 if the code was f_none.
Stop doing this behavior, all the scripts need to be fll return state aware from this point forward.
Kevin Day [Sun, 11 Mar 2012 02:58:10 +0000 (20:58 -0600)]
Bugfix: fix logic flaws with file input buffers
The first mistake made was that when adding the fread result to the buffer, the actual size of each read byte needs to be taken into mind.
If the characters were wide characters with a byte size of 2 instead of 1, then the buffer->used counter would increase at a rate of 2x of what was actually in use.
The second mistake made was that the fread max read size was being set to the entire buffer size instead of what was available.
This should have been producing some sort of buffer overflow, but none was reported.
Instead of request a read of (buffer->size - 1), only request a size
equal to that of the available allocated space (buffer->size - buffer->used - 1).
The third mistake made was not performing sanity checking on the buffer->used and buffer->size variables.
Kevin Day [Sat, 10 Mar 2012 20:59:38 +0000 (14:59 -0600)]
Add Project: pipe
This adds the level 0 implementation of project pipe.
At this time, all it does is provide a way to tell if the current instance of some program has piped data being passed to it.
Kevin Day [Sat, 10 Mar 2012 20:56:38 +0000 (14:56 -0600)]
Update: add all types of file open modes
This also changes f_file_read_write to not create the file if it does not exist.
To create the file if it does not exist, use f_file_read_write_create.
Kevin Day [Sat, 10 Mar 2012 17:08:52 +0000 (11:08 -0600)]
Update: add pipe console parameter
The fll standard console arguments now inclide +p, ++pipe.
This pipe command requires a single numeric argument that represents the size of the pipe.
When this is specified, it tells the application to read from pipe in byte chunks of the specified size.
The default pipe size is left up to the application when this is not specified.
Kevin Day [Fri, 9 Mar 2012 01:27:55 +0000 (19:27 -0600)]
Update: implement fll_execute_program and fix fll_execute_path
This adds fll_execute_program and changes how fll_execute_path works to function properly.
Prior to this change, fll_execute_path did not set the first argument which would cause the programs argv[0] to not be equivalent to the program name.
This also corrects a few mistakes where level_1 syntax and comments were not changed to level_2.
Kevin Day [Thu, 8 Mar 2012 03:53:36 +0000 (21:53 -0600)]
Update: rework and cleanup serialized project
Simplify the serialize functions by:
- replace f_serialized data type with f_dynamic_string
- remove the serialized strategy and change serialized function names to communicate the strategy.
Fixed a few logic flaws and mistakes with the serialized functions.
Kevin Day [Thu, 8 Mar 2012 03:37:38 +0000 (21:37 -0600)]
Bugfix: fix definition of array_length_printf macros
Use ifndef and not ifdef for _di_f_array_length_printf_ because using #ifdef _di_f_array_length_printf_ is completely wrong.
Use #define and not typedef as these are not data types, but instead are strings.
Kevin Day [Thu, 8 Mar 2012 00:07:40 +0000 (18:07 -0600)]
Update: change version number in settings file to 0.3.0
The version number in the settings files is the actual version number of the given project.
Assign this value for all projects to 0.3.0.
All micro releases will have their micro number changed immediately prior to officially releasing a given micro version..
Kevin Day [Wed, 7 Mar 2012 23:53:34 +0000 (17:53 -0600)]
Update: switch to 0.3.x version
This is now the development release series 0.3.x.
The version number for the source files will now end in an x instead of a number to make project management simpler.
Kevin Day [Wed, 7 Mar 2012 04:55:12 +0000 (22:55 -0600)]
Bugfix: -t -n (somename) should show total of (somename) not all objects
This fixes an oversight or logic flaw where the total count was returned in all cases.
When a specific object name is requested, the total count should be the total number of objects that match the given name.
Kevin Day [Wed, 7 Mar 2012 04:46:54 +0000 (22:46 -0600)]
Bugfix: fix the argc argument for the *_read_main() functions
The commit 8fef4128c71a3010d4facf05f0d801118add5f7a changed the argc argument from f_s_int to f_array_length.
The header files were not updated and thus making the header definitions inconsistent.
Kevin Day [Wed, 7 Mar 2012 04:40:57 +0000 (22:40 -0600)]
Bugfix: build headers first
It is entirely possible that building the headers first is the smarter thing to do.
Afterall, the source files may in fact actually use the headers they provide.