Kevin Day [Tue, 3 Sep 2019 04:21:08 +0000 (23:21 -0500)]
Update: console code and some macros
Add explicit dark mode console option.
Add support for order of operations priority on parameters ("+n +l +d" would result in colors for dark background because +d overrides both +n and +l due to being the right-most parameter).
Rewrite level_3 programs to utilize the new fll_program_process_parameters() helper function.
Fix some screwed up macro definitions and uses.
Kevin Day [Mon, 2 Sep 2019 05:50:51 +0000 (00:50 -0500)]
Update: rename fl_program as fll_program, rename f_colors and fl_colors, move functions from fll_colors into fl_colors, and provide addition fll_programs functions
Cleanup the parameter processing code.
In the process:
- The fl_program was moved into fll_program.
- fll_colors_load_context() is at too high of a level, move it to fl_colors_load_context() (and deleting the now empty fll_colors project).
- Update programs to use the update fll_program helpers.
- The f_colors and fl_colors should now be f_color and fl_color.
Kevin Day [Mon, 2 Sep 2019 00:21:40 +0000 (19:21 -0500)]
Feature: add 'dependency' generation to package.sh and update all dependencies
This will help ensure that dependencies will be accurate and less error prone (so long as the script is run after making changes to any projects).
Dependencies are processed from the projects individual data/build/dependencies file.
The order of the dependencies does matter and is processed from top to bottom.
The 4 core dependencies must be first if they are depended on (and in this order: f_type, f_status, f_memory, and f_string).
The dependency generation for individual projects will generate the libraries to link against if a given project has any library source files.
Linking is done in highest level to lowest level to help ensure no linking errors happen.
The dependency generation for level projects and monolithic project are done based on the library and header sources.
All files specified in the build_sources_library and build_sources_headers are generated.
This script has been run and the dependency updates generated by this script are included in this commit.
Kevin Day [Sun, 1 Sep 2019 07:13:01 +0000 (02:13 -0500)]
Update: implement utf strings, ensure endianess, and add isgraph()/isspace() methods to UTF-8 equivalents
Expand the UTF-8 character type (a 4-byte wide character represented as a big-endian 32-bit integer) into working like f_string and f_dynamic_string.
Provide all similar functionality.
I have decided that the isgraph(), isspace(), etc.. functions fo UTF-8 should also call the ASCII equivalents.
Update all relating code.
Use memcmp() and memcpy() for comparing UTF-8 characters class (4-byte integer) to the UTF-8 char strings (multiple 1-byte char).
When doing this, make sure to do so with the proper endianess.
Add missing f_utf_character_to_char() function.
Wrap some of the macros parameters in parenthesis for safety reasons.
Add f_utf_is_big_endian() and document its use.
Provide custom EOL, EOS, and placeholder defines for UTF characters (4-byte integers).
Kevin Day [Sat, 31 Aug 2019 23:07:16 +0000 (18:07 -0500)]
Update: improve status code handling, remove unnecessary code, and update status programs
The fl_status_is_fine(), fl_status_is_warning(), and fl_status_is_error() functions are no longer needed or valid with the current design around using error and warning bits.
The status conversion code should be more aware of digits.
Get rid of the "context" parameter in the status programs.
Redesign logic in the status programs to work with changes and function correctly (and consistently).
The status programs will eventually need to perform more extensive tests on parameters when digits or non-digits are required.
The current design only provides a very basic test on the first character of a given parameter.
Kevin Day [Sat, 31 Aug 2019 21:19:10 +0000 (16:19 -0500)]
Bugfix: do not include private headers
Manually including private headers from within public headers will result in compilation errors.
The private headers will still get included via the private source file.
Kevin Day [Sat, 31 Aug 2019 20:59:55 +0000 (15:59 -0500)]
Update: handle invalid UTF-8 fragments
A 1-width UTF-8 character (that is not a valid ASCII character) is used to designate part of a complete UTF-8 character block (aka: 1-width UTF-8 characters are fragments).
Because this fragment cannot exist in isolation, it must be handled as either an invalid or an incomplete UTF-8 fragment.
Provide new status codes for handling incomplete UTF-8 fragments.
Update appropriate functions to detect and handle these invalid or incomplete fragments.
Kevin Day [Fri, 30 Aug 2019 17:48:54 +0000 (12:48 -0500)]
Update: redesign console processing code
Simplify the console structure and reduce the size of codes and parameters.
The "extra" parameter seems a bit overkill, remove it and help keep this project more along the lines of the idea of "Featureless".
Rewrite and document fl_process_parameters().
Implementing functions were only functionally updated.
Additional changes are likely necessary for the logic, such as supporting multiple calls like "program -h +n +l", which by order of operation the final "+l" should override the "+n".
Kevin Day [Fri, 30 Aug 2019 01:10:01 +0000 (20:10 -0500)]
Cleanup: f_color, fl_color, and related
In particular, some of the color print functions are not following the naming convention.
The function fl_print_color() should instead be fl_color_print().
Make sure appropriate #define statements have macro in their name.
Add some @fixme comments because f_dynamic_string is designed with the intentions of not being NULL terminated.
Directly using it with standard functions like fprint is dangerous.
Kevin Day [Thu, 29 Aug 2019 21:57:34 +0000 (16:57 -0500)]
Cleanup: rename f_errors to f_status, fl_errors to fl_status, and fll_errors to fll_status
Originally f_errors was meant only for error handling but it quickly turned into status code handling (which includes errors).
The naming system of f_errors is now confusing and misleading so change it to f_status.
This makes far more sense, for example:
- f_error_is_error vs f_status_is_error.
- f_error_set_error vs f_status_set_error
Kevin Day [Thu, 29 Aug 2019 19:40:25 +0000 (14:40 -0500)]
Cleanup: rename return_code to status_code and fss_return_code to fss_status_code
The "return codes" were originally intended to be literal return codes.
When the error codes were converted to have error bits, warning bits, and signal bits, this no longer became the case.
Refactor return_code into status_code to be more accurate.
Kevin Day [Fri, 23 Aug 2019 03:50:50 +0000 (22:50 -0500)]
Update: implement UTF-8 support in fss processing code and add additional functionality
Additional functionality includes implementing f_utf_character in f_utf.
Includes numerous other small UTF-8 updates.
Some macros have been wrapped in parenthesis to avoid unobvious issues such as when adding an exclamation before a macro call (and the possible order of operation issues).
Kevin Day [Fri, 9 Aug 2019 00:13:21 +0000 (19:13 -0500)]
Feature: support custom 'defines'
Some libraries or packages have custom defines, such as the firewall _en_firewall_debug_.
Provide simple documentation of the defines, in the data/build/defines file.
Provide build settings values for specifying these custom defines.
Provide parameter for manually overriding defines.
Some path settings have been renamed to avoid confusion (such as '--c_path' is now '--path_c').
Kevin Day [Tue, 30 Jul 2019 01:35:02 +0000 (20:35 -0500)]
Update: add build_libraries_fll build setting
Add a new parameter to make it easier to switch between individual compilation, level compilation, and monolithic compilation.
This parameter will only be used for fll-specific libraries.
For programs (aka: "level 3") commented out examples for linking against level-based and monolithic are provided.
The configurations can then be easily swapped out by a couple of simple sed statements, such as:
- sed -i -e 's|^build_libraries_fll\>|#&|g' data/build/settings
- sed -i -e 's|^#build_libraries_fll-level\>|build_libraries_fll|g' data/build/settings
The above example will switch to the level based compiling, while disabling the individual compiling.
The level based compiling compiles each of the levels 0, 1, and 2 as a single library for each level, resulting in libraries such as:
- libfll_0-0.5.0.so
- libfll_1-0.5.0.so
- libfll_2-0.5.0.so
The monolithic based compiling compiles all of the levels 0, 1, and 2 as a single library, resulting in libraries such as:
- libfll-0.5.0.so
The standard names of individual, level, and monolithic do not overlap by default and can therefoe be installed side-by-side.
Kevin Day [Mon, 29 Jul 2019 04:01:42 +0000 (23:01 -0500)]
Feature: work directory support
Work Directory provides an easier way for developers to compile and test a particular set of FLL libraries and programs without conflicting with the host system.
If the host system has some version of the FLL project installed, the versions in the work directory will be used instead of the system directories.
Specifying the work directory is done via the '-w' or '--work_directory' commands.
To better achieve this functionality in the install.sh script, four new additional parameters were created:
- --libraries-static
- --libraries-shared
- --programs-static
- --programs-shared
These provide additional relative or absolute paths for installing the programs and libraries into.
The relative paths for --libraries-static and --libraries-shared is the library directory (which can be specified via --libdir).
The relative paths for --programs-static and --programs-shared is the program directory (which can be specified via --bindir).
Kevin Day [Mon, 29 Jul 2019 01:34:08 +0000 (20:34 -0500)]
Cleanup: private firewall files do not need to be #ifdef wrapped
The #ifdef wrappers are intended for custom overrides, which should apply only to functions treated as "public".
These firewall files beginning with private- are private and do not need these wrappings.
Kevin Day [Sun, 28 Jul 2019 22:02:49 +0000 (17:02 -0500)]
Bugfix: install script destination parameters not being respected
I used the wrong name in the grab_next variable when designating to grab the next includedir and libdir.
There is also a mistake where I was copying the destination_prefix onto itself.
Kevin Day [Sun, 28 Jul 2019 21:48:42 +0000 (16:48 -0500)]
Update: always return 1 on failure
There were some cases where exit is not being called and other cases where exit 0 is being called.
Make sure that exit 1 is called on error so that this script can then be scriptable.
Kevin Day [Sat, 27 Jul 2019 21:31:09 +0000 (16:31 -0500)]
Security: set default policy to DROP after deleting chains
Performing numerous syscalls can by slow.
During this time, if the default behavior is open, then unwanted packets may make it through.
By dropping by default, these packets will not go through.
Kevin Day [Fri, 26 Jul 2019 03:00:43 +0000 (22:00 -0500)]
Cleanup: Use new comment structure at the tops of files
Just put the comments in the header files.
Simplify the comment stucture.
The git repository provides the authors/credits, no need to explicitly do so in the files anymore.
Do not provide the micro version, instead provide the major and minor versions in the files (which effectively represent the API version).
Kevin Day [Fri, 26 Jul 2019 02:31:55 +0000 (21:31 -0500)]
Revert: remove custom type defines, including use of f_autochar
The intent of these custom types is to allow for easily replacing what the type represents.
I have decided that this extent of doing such is overkill.
Revert the custom types to instead rely on the C/C++ defined types, where appropriate.
After having gained more experience with utf-8 an other unicode standards, I have come to conclude that the wchar type should not be used.
This project will support the char type instead of the wchar type.
All uses have been replaced with char.
Kevin Day [Fri, 26 Jul 2019 01:49:29 +0000 (20:49 -0500)]
Bugfix: bash/linux does not support setting high bits on return codes
These bits are generally reserved for process-specific behavior.
Explicitly return 0 for success and 1 for failure.
The firewall program already does this.
The return codes from the main functions of each project will continue to utilize all of the bits as designed.
This will allow for projects that link to the library to get the actual return codes while simultaneously being compatible with Linux and Bash.
Later versions may provide alternative ways to get the error code from within the shell.
For example, if a specific return code environment variable is set, then the program could populate that environment variable on exit (clearing it on start).
This was originally defined online, but I had lost the data at some point.
The internet archive didn't cache the page and the data lost happened during the time I was changing the website.
The specifications were simple enough to be rewritten, but I have done so in haste.
Some of the specifications will be documented at a later date.
I do not remember what advanced reverse mapping was intended to be, so I replaced it with the custom json-like specification.
The goal of the json-like specification is to write it such that it is still valid json (minus any comments).
It is currently added to preserve the idea but there are no immediate plans to implement this specification.
Kevin Day [Thu, 25 Jul 2019 04:43:28 +0000 (23:43 -0500)]
Cleanup: fix comments and remove commented out memset
According to the standards that I have read, calloc() guarantees zero'd memory, so memset is not needed.
It so happens that the memset was commented out already, so just remove it.
There are some memset related comments that incorrectly use the word 'bool' when the word 'char' should be used.
Kevin Day [Tue, 23 Jul 2019 03:58:01 +0000 (22:58 -0500)]
Update: Add additional options, fix minor problems, and other miscellaneous fixes in regards to generate.sh and package.sh scripts
Add functionality provided in install.sh, such as configure based system compatible options: --enable-statuc, --disable-static, --enable-shared, and --disable-shared.
Fix some typos (such as failire which should instead be failure).
Tweak highlight colors used.
Use a separate "operation_failure" variable instead of recycling "operation" for parameter operation problems.
Add -S/--path_s parameter option for specifying a custom settings path.
If paths have a leading slash (/), remove duplicate slashes (such as "///bin/" -> "/bin/").
Make sure the new install.sh script gets added by the package.sh script.
The variable "sources_settings" is using the wrong source path (which was "path_c").
Instead, use the newly added "path_s".
Kevin Day [Tue, 23 Jul 2019 03:55:51 +0000 (22:55 -0500)]
Feature: add install.sh helper script
Provide a very basic install helper script for systems (or users) that do not have or do not want to use their package system to install the compiled files.
This is only intended to help someone install.
It is still recommended that a distribution or packager should povide their own tools to perform the installation.
Kevin Day [Sun, 21 Jul 2019 21:06:13 +0000 (16:06 -0500)]
Update: fix firewall utility and utilize recently added functionality
There were a few logic flaws in regards to the processing and memory management.
Switch to new logic where f_new_* and f_clear_* is utilized.
Update accodingly to the fll_execute changes.
Update the default configuration files.
Update the debugging code to work as expected.
Replace string cuntions with memory functions, such as replacing strncat with memcpy.
Add some new helper macros.
Delete all custom chains when rewriting rules to prevent problems.
Iptables unfortunately does not provide a way to check and see if a chain already exists.
Kevin Day [Sun, 21 Jul 2019 20:59:30 +0000 (15:59 -0500)]
Update: rewrite fll_execute, ensuring f_eol are properly added (and auto-add progam name where possible)
Previously, the f_eol was added but it assumed that there was actual room at the end of the allocated buffer to do so.
This now explicilty allocates a new buffer with room for the terminating f_eol.
The progam name is already provided, so do not require it to be added to the arguments (auto-add it).
Kevin Day [Fri, 19 Jul 2019 03:38:41 +0000 (22:38 -0500)]
Bugfix: firewall show command operating as lock
The debug parameters is conditionally enabled/disabled but the enum is not.
Make the enum conditionally enable/disable the debug option to prevent the wrong id from being used when debug is disabled.
Fix the alignment of the debug message.
Conditionally enable/disable displaying the debug in the help.
Kevin Day [Fri, 19 Jul 2019 03:12:16 +0000 (22:12 -0500)]
Bugfix: project compiled libraries are not being found
This is the result of an oversight when I converted the libraries directory to have static and shared into subdirectories.
The explicit link path was not updated accordingly.
Kevin Day [Fri, 19 Jul 2019 01:14:38 +0000 (20:14 -0500)]
Feature: add package generation helper scrript
There are four intended package design modes:
1) individual - each package is separated into their own individual directory and version.
2) level - Each of the three levels (level 0, level 1, and level 2) are put into their own directory and version.
3) monolothic - All three levels (level 0, level 1, and level 2) are put into a single directory and version.
Monolithic is not currently implemented due to design limitations in the generate.sh script and build settings files.
Kevin Day [Thu, 18 Jul 2019 01:11:17 +0000 (20:11 -0500)]
Security: use signed integers for string lengths and array lenghts by default
Standard functions, such as strnlen(), appear to operate on signed integers instead of unsigned.
Not being able to handle unsigned integers provides unknown behavior that could lead to potential security vulnerabilities.
Future versions of this project will likely need to abandon these methods for more flexible alternatives.
Example problem:
sources/c/console.c:36:23: warning: 'strnlen' specified bound 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Wstringop-overflow=]
36 | string_length = strnlen(argv[location], f_console_max_size);
That is 2^63 instead of the expected 2^64.
The array lengths were converted to signed as well.
Kevin Day [Wed, 17 Jul 2019 03:07:13 +0000 (22:07 -0500)]
Bugfix: variables not being stored in array
Do not directly use string in bash array arguments.
More recent versions of bash do not handle this as expected.
Move explicit string to a variable and then use that variable to access the array.
Kevin Day [Sun, 17 Jan 2016 20:29:41 +0000 (14:29 -0600)]
Progress: add the current (draft) of the custom init program
This is effectively a draft of my ideas and is entirely experimental and incomplete.
I am adding it now because of numerous hard-drive failures and data loss of late.
Kevin Day [Sun, 17 Jan 2016 20:20:56 +0000 (14:20 -0600)]
Update: add new rules to firewall (while fixing accident in previous commit)
The earlier commit that applied stale changes apparently had deleted all the rules in the firewall file.
This data has been added back in addition to the new rules and structure.
Kevin Day [Sun, 17 Jan 2016 20:19:36 +0000 (14:19 -0600)]
Progress: miscellaneous changes
I was working on stuff a while back and was taken away from the project for quite a while.
These are some uncommitted changes that I would rather commit immediately and then move forward.
There are some other changes I will follow up in separate commits, such as the socket work and the init work.
Kevin Day [Wed, 14 Jan 2015 10:19:01 +0000 (04:19 -0600)]
Bugfix: direction option was confusing because it was mixed with chains
- Separate direction command into two separate commands: direction, and chain.
- The chain command mimics iptables chains and is automatically populated by the custom lists (aka: custom chains).
- When direction is set to something other than none, then the active ethernet device is used.
- Code cleanup and changes were performed while working on this.
- Added basic support for debugging, define _en_firewall_debug_ to enable custom debugging parameter.
Kevin Day [Wed, 14 Jan 2015 04:21:34 +0000 (22:21 -0600)]
Update: improve the contents firewall settings files
- Add more information to the example firewall settings.
- Improve/fix dhcp client/server rules
- Block/Blackhole unicasts, multicasts, and broadcasts.
- Add some examples rules on conntrack and some security rules.
Kevin Day [Fri, 9 Jan 2015 03:17:48 +0000 (21:17 -0600)]
Bugfix: reverse order of library links
It seems I got the order backwards.
I was using -lc and all the lowest level libraries on the left of the libraries that depend on it.
This caused unobvious linkage errors down the road.
Reversing the order prevented the problem and allowed for static libraries to link.
It is possible the order issue is with ar and not with gcc.
Kevin Day [Fri, 9 Jan 2015 00:55:55 +0000 (18:55 -0600)]
Bugfix: fix order of library linkage for firewall build settings
The ar command is sensitive to the order in which libraries are added.
Prior to this change, building a static library could have dependencies used before they are defined due to the order in which libraries were added.
Change the order so that libraries are to the right of their dependencies in the command line argument order
Kevin Day [Fri, 9 Jan 2015 00:51:57 +0000 (18:51 -0600)]
Bugfix: fix order of library linkage
The ar command is sensitive to the order in which libraries are added.
Prior to this change, building a static library could have dependencies used before they are defined due to the order in which libraries were added.
Change the order so that libraries are to the right of their dependencies in the command line argument order.