From 042dc40d6e494f667e242aa3c322e56e87ba2cab Mon Sep 17 00:00:00 2001 From: Kevin Day Date: Fri, 16 Feb 2024 22:18:49 -0600 Subject: [PATCH] Progress: Continue refactoring firewall from 0.6.x to 0.7.x/0.8.x. Fix a few more bugs and add file path to some warnings. This appears to partially work now with some of the rules not being applied. More in depth review of the problems is required to wrap this up. --- level_3/firewall/c/main/common/type.h | 3 + level_3/firewall/c/main/operate.c | 126 ++++++++++++++++-------------- level_3/firewall/c/main/operate/process.c | 24 +++--- level_3/firewall/c/main/print/warning.c | 43 +++++++++- 4 files changed, 123 insertions(+), 73 deletions(-) diff --git a/level_3/firewall/c/main/common/type.h b/level_3/firewall/c/main/common/type.h index 209d725..65a933a 100644 --- a/level_3/firewall/c/main/common/type.h +++ b/level_3/firewall/c/main/common/type.h @@ -83,6 +83,7 @@ extern "C" { * - stop: The stop position. * - range: A range used during operation processing. * + * - file: The file name currently in use. * - buffer: The entire set of chains and rules to operate on. * * - chain_ids: The list of chain IDs. @@ -104,6 +105,7 @@ extern "C" { f_number_unsigned_t stop; f_range_t range; + f_string_static_t file; f_string_dynamic_t buffer; f_number_unsigneds_t chain_ids; @@ -125,6 +127,7 @@ extern "C" { 0, \ 0, \ f_range_t_initialize, \ + f_string_static_t_initialize, \ f_string_dynamic_t_initialize, \ f_number_unsigneds_t_initialize, \ f_ranges_t_initialize, \ diff --git a/level_3/firewall/c/main/operate.c b/level_3/firewall/c/main/operate.c index e9ee255..2927a03 100644 --- a/level_3/firewall/c/main/operate.c +++ b/level_3/firewall/c/main/operate.c @@ -34,7 +34,6 @@ extern "C" { } f_number_unsigned_t i = 0; - f_string_static_t buffer = f_string_static_t_initialize; // Remove "lo" (loopback) from the device listing. for (; i < main->setting.devices.used; ++i) { @@ -42,27 +41,30 @@ extern "C" { if (firewall_signal_check(main)) return; if (f_compare_dynamic(firewall_device_loop_s, main->setting.devices.array[i]) == F_equal_to) { - buffer = main->setting.devices.array[i]; + main->data.file = main->setting.devices.array[i]; for (--main->setting.devices.used; i < main->setting.devices.used; ++i) { main->setting.devices.array[i] = main->setting.devices.array[i + 1]; } // for - main->setting.devices.array[main->setting.devices.used] = buffer; + main->setting.devices.array[main->setting.devices.used] = main->data.file; } } // for + main->data.file.string = 0; + main->data.file.used = 0; + if (main->setting.flag & firewall_main_flag_operation_stop_restart_lock_e) { - buffer.used = firewall_network_path_s.used + firewall_file_other_s.used; + main->data.file.used = firewall_network_path_s.used + firewall_file_other_s.used; - f_char_t path_file_other[buffer.used + 1]; - buffer.string = path_file_other; - path_file_other[buffer.used] = 0; + f_char_t path_file_other[main->data.file.used + 1]; + main->data.file.string = path_file_other; + path_file_other[main->data.file.used] = 0; memcpy(path_file_other, firewall_network_path_s.string, sizeof(f_char_t) * firewall_network_path_s.used); memcpy(path_file_other + firewall_network_path_s.used, firewall_file_other_s.string, sizeof(f_char_t) * firewall_file_other_s.used); - firewall_operate_buffer_chain(main, buffer, F_false); + firewall_operate_buffer_chain(main, main->data.file, F_false); if (F_status_is_error(main->setting.state.status) || main->setting.state.status == F_child) return; for (i = 0; i < main->data.chain_objects.used; ++i) { @@ -99,13 +101,13 @@ extern "C" { else { main->setting.state.status = F_status_set_error(F_data); - firewall_print_error_operation_files_missing(&main->program.error, firewall_operation_lock_s, buffer); + firewall_print_error_operation_files_missing(&main->program.error, firewall_operation_lock_s, main->data.file); } return; } - if (main->data.has & firewall_main_flag_operation_stop_restart_e) { + if (main->setting.flag & firewall_main_flag_operation_stop_restart_e) { if (main->data.has & firewall_data_has_stop_e) { firewall_operate_delete_chains(main); @@ -127,24 +129,27 @@ extern "C" { else { main->setting.state.status = F_status_set_error(F_data); - firewall_print_error_operation_files_missing(&main->program.error, firewall_operation_stop_s, buffer); + firewall_print_error_operation_files_missing(&main->program.error, firewall_operation_stop_s, main->data.file); return; } } + + main->data.file.string = 0; + main->data.file.used = 0; } if (main->setting.flag & firewall_main_flag_operation_start_restart_e) { - buffer.used = firewall_network_path_s.used + firewall_file_first_s.used; + main->data.file.used = firewall_network_path_s.used + firewall_file_first_s.used; - f_char_t path_file_first[buffer.used + 1]; - buffer.string = path_file_first; - path_file_first[buffer.used] = 0; + f_char_t path_file_first[main->data.file.used + 1]; + main->data.file.string = path_file_first; + path_file_first[main->data.file.used] = 0; memcpy(path_file_first, firewall_network_path_s.string, sizeof(f_char_t) * firewall_network_path_s.used); memcpy(path_file_first + firewall_network_path_s.used, firewall_file_first_s.string, sizeof(f_char_t) * firewall_file_first_s.used); - firewall_operate_buffer_chain(main, buffer, F_false); + firewall_operate_buffer_chain(main, main->data.file, F_false); if (main->setting.flag & firewall_main_flag_operation_start_e) { firewall_operate_delete_chains(main); @@ -160,54 +165,31 @@ extern "C" { if (F_status_is_error(main->setting.state.status) || main->setting.state.status == F_child || (main->setting.flag & firewall_main_flag_operation_stop_e)) return; - { - for (f_number_unsigned_t j = 0; j < main->setting.devices.used; ++j) { - - if (firewall_signal_check(main)) return; - - main->cache.path_file.used = 0; - main->data.device = j; - - main->setting.state.status = f_memory_array_increase_by(firewall_network_path_s.used + main->setting.devices.array[j].used + firewall_file_suffix_s.used + 1, sizeof(f_char_t), (void **) &main->cache.path_file.string, &main->cache.path_file.used, &main->cache.path_file.size); - - if (F_status_is_error(main->setting.state.status)) { - firewall_print_error(&main->program.error, macro_firewall_f(f_memory_array_increase_by)); - - return; - } - - main->setting.state.status = f_string_dynamic_append(firewall_network_path_s, &main->cache.path_file); - - if (F_status_is_error_not(main->setting.state.status)) { - main->setting.state.status = f_string_dynamic_append(main->setting.devices.array[j], &main->cache.path_file); - } - - if (F_status_is_error_not(main->setting.state.status)) { - main->setting.state.status = f_string_dynamic_append(firewall_file_suffix_s, &main->cache.path_file); - } + for (f_number_unsigned_t j = 0; j < main->setting.devices.used; ++j) { - if (F_status_is_error(main->setting.state.status)) { - firewall_print_error(&main->program.error, macro_firewall_f(f_string_dynamic_append)); - - return; - } + if (firewall_signal_check(main)) return; - firewall_operate_buffer_chain(main, main->cache.path_file, F_true); + main->cache.path_file.used = 0; + main->data.device = j; - firewall_operate_create_custom_chains(main); + main->setting.state.status = f_memory_array_increase_by(firewall_network_path_s.used + main->setting.devices.array[j].used + firewall_file_suffix_s.used + 1, sizeof(f_char_t), (void **) &main->cache.path_file.string, &main->cache.path_file.used, &main->cache.path_file.size); - main->data.is = 0; + if (F_status_is_error(main->setting.state.status)) { + firewall_print_error(&main->program.error, macro_firewall_f(f_memory_array_increase_by)); - firewall_operate_chains(main); - if (F_status_is_error(main->setting.state.status) || main->setting.state.status == F_child || (main->setting.flag & firewall_main_flag_operation_stop_e)) return; - } // for + return; + } - main->cache.path_file.used = 0; + main->data.file = main->cache.path_file; main->setting.state.status = f_string_dynamic_append(firewall_network_path_s, &main->cache.path_file); if (F_status_is_error_not(main->setting.state.status)) { - main->setting.state.status = f_string_dynamic_append(firewall_file_last_s, &main->cache.path_file); + main->setting.state.status = f_string_dynamic_append(main->setting.devices.array[j], &main->cache.path_file); + } + + if (F_status_is_error_not(main->setting.state.status)) { + main->setting.state.status = f_string_dynamic_append(firewall_file_suffix_s, &main->cache.path_file); } if (F_status_is_error(main->setting.state.status)) { @@ -216,15 +198,43 @@ extern "C" { return; } - firewall_operate_buffer_chain(main, main->cache.path_file, F_false); + firewall_operate_buffer_chain(main, main->cache.path_file, F_true); firewall_operate_create_custom_chains(main); - main->data.is = firewall_data_is_global_e; + main->data.is = 0; firewall_operate_chains(main); - if (F_status_is_error(main->setting.state.status) || main->setting.state.status == F_child) return; + if (F_status_is_error(main->setting.state.status) || main->setting.state.status == F_child || (main->setting.flag & firewall_main_flag_operation_stop_e)) return; + } // for + + main->cache.path_file.used = 0; + + main->setting.state.status = f_string_dynamic_append(firewall_network_path_s, &main->cache.path_file); + + if (F_status_is_error_not(main->setting.state.status)) { + main->setting.state.status = f_string_dynamic_append(firewall_file_last_s, &main->cache.path_file); + } + + if (F_status_is_error(main->setting.state.status)) { + firewall_print_error(&main->program.error, macro_firewall_f(f_string_dynamic_append)); + + return; } + + main->data.file.used = main->cache.path_file.used; + + firewall_operate_buffer_chain(main, main->cache.path_file, F_false); + + firewall_operate_create_custom_chains(main); + + main->data.is = firewall_data_is_global_e; + + firewall_operate_chains(main); + if (F_status_is_error(main->setting.state.status) || main->setting.state.status == F_child) return; + + main->data.file.string = 0; + main->data.file.used = 0; } main->setting.state.status = F_okay; @@ -268,7 +278,7 @@ extern "C" { firewall_operate_process_rules(main); if (F_status_is_error(main->setting.state.status)) { - if (F_status_set_fine(main->setting.state.status) != F_failure) { + if (F_status_set_fine(main->setting.state.status) != F_failure && F_status_set_fine(main->setting.state.status) != F_interrupt) { firewall_print_error_unhandled(&main->program.error, macro_firewall_f(firewall_operate_process_rules), f_string_empty_s); } diff --git a/level_3/firewall/c/main/operate/process.c b/level_3/firewall/c/main/operate/process.c index 9496f5a..e601d8d 100644 --- a/level_3/firewall/c/main/operate/process.c +++ b/level_3/firewall/c/main/operate/process.c @@ -183,6 +183,8 @@ extern "C" { valid = F_false; } } + + // Process protocol rule. else if (f_compare_dynamic_partial_string(firewall_protocol_s.string, main->data.buffer, firewall_protocol_s.used, rule_objects->array[i]) == F_equal_to) { if (rule_contents->array[i].used != 1) { valid = F_false; @@ -234,7 +236,7 @@ extern "C" { } // If the remaining rule does not match as firewall_rule_s, then it is an invalid rule. - else if (f_compare_dynamic_partial_string(firewall_rule_s.string, main->data.buffer, firewall_rule_s.used, rule_objects->array[i]) == F_equal_to) { + else if (f_compare_dynamic_partial_string(firewall_rule_s.string, main->data.buffer, firewall_rule_s.used, rule_objects->array[i]) == F_equal_to_not) { firewall_print_warning_object_invalid_missing_line(&main->program.warning, i, main->data.buffer, main->data.rule_objects.array[i]); continue; @@ -246,7 +248,7 @@ extern "C" { continue; } - for (j = repeat; F_status_is_error_not(main->setting.state.status) && j; --j) { + for (j = repeat; j; --j) { if (firewall_signal_check(main)) return; @@ -381,25 +383,25 @@ extern "C" { // Last up is the "rule". if ((!is_ip_list && rule_contents->array[i].used > 0) || (is_ip_list && rule_contents->array[i].used > 1)) { - j = 0; + at = 0; if (is_ip_list) { // Skip past the chain. - ++j; + ++at; - if (rule_contents->array[i].array[j].start <= rule_contents->array[i].array[j].stop) { + if (rule_contents->array[i].array[at].start <= rule_contents->array[i].array[at].stop) { main->cache.ip_list.used = 0; - main->setting.state.status = f_string_dynamic_partial_append(main->data.buffer, rule_contents->array[i].array[j], &main->cache.ip_list); + main->setting.state.status = f_string_dynamic_partial_append(main->data.buffer, rule_contents->array[i].array[at], &main->cache.ip_list); if (F_status_is_error(main->setting.state.status)) { // Prevent the loop below from being processed. - j = rule_contents->array[i].used; + at = rule_contents->array[i].used; } else { - ++j; + ++at; } } } @@ -407,14 +409,14 @@ extern "C" { main->setting.state.status = f_memory_array_increase_by(rule_contents->array[i].used, sizeof(f_string_dynamic_t), (void **) &main->cache.arguments.array, &main->cache.arguments.used, &main->cache.arguments.size); if (F_status_is_error(main->setting.state.status)) return; - for (; j < rule_contents->array[i].used; ++j) { + for (; at < rule_contents->array[i].used; ++at) { if (firewall_signal_check(main)) return; - if (rule_contents->array[i].array[j].start <= rule_contents->array[i].array[j].stop) { + if (rule_contents->array[i].array[at].start <= rule_contents->array[i].array[at].stop) { main->cache.arguments.array[main->cache.arguments.used].used = 0; - main->setting.state.status = f_string_dynamic_partial_append(main->data.buffer, rule_contents->array[i].array[j], &main->cache.arguments.array[main->cache.arguments.used]); + main->setting.state.status = f_string_dynamic_partial_append(main->data.buffer, rule_contents->array[i].array[at], &main->cache.arguments.array[main->cache.arguments.used]); if (F_status_is_error(main->setting.state.status)) return; ++main->cache.arguments.used; diff --git a/level_3/firewall/c/main/print/warning.c b/level_3/firewall/c/main/print/warning.c index 2d44f2b..361f6e1 100644 --- a/level_3/firewall/c/main/print/warning.c +++ b/level_3/firewall/c/main/print/warning.c @@ -7,14 +7,26 @@ extern "C" { #ifndef _di_firewall_print_warning_chain_meaningless_line_ f_status_t firewall_print_warning_chain_meaningless_line(fl_print_t * const print, const f_number_unsigned_t line) { - if (!print) return F_status_set_error(F_output_not); + if (!print || !print->custom) return F_status_set_error(F_output_not); if (print->verbosity < f_console_verbosity_verbose_e) return F_output_not; + firewall_main_t * const main = (firewall_main_t *) print->custom; + f_file_stream_lock(print->to); fl_print_format("%[%QAt line%] ", print->to, print->context, print->prefix, print->context); fl_print_format(f_string_format_un_single_s.string, print->to, print->notable, line, print->notable); - fl_print_format("%[ the chain option is meaningless inside of a custom chain%]%r", print->to, print->context, print->context, f_string_eol_s); + + if (main->data.file.used && main->data.file.string) { + fl_print_format(" %[of '%]", print->to, print->context, print->prefix, print->context); + fl_print_format(f_string_format_Q_single_s.string, print->to, print->notable, main->data.file, print->notable); + fl_print_format("%[' ", print->to, print->context); + } + else { + fl_print_format(" %[", print->to, print->context); + } + + fl_print_format("the chain option is meaningless inside of a custom chain%]%r", print->to, print->context, f_string_eol_s); f_file_stream_unlock(print->to); f_file_stream_flush(print->to); @@ -26,12 +38,24 @@ extern "C" { #ifndef _di_firewall_print_warning_content_invalid_missing_line_ f_status_t firewall_print_warning_content_invalid_missing_line(fl_print_t * const print, const f_number_unsigned_t line, const f_string_static_t buffer, const f_range_t range) { - if (!print) return F_status_set_error(F_output_not); + if (!print || !print->custom) return F_status_set_error(F_output_not); if (print->verbosity < f_console_verbosity_verbose_e) return F_output_not; + firewall_main_t * const main = (firewall_main_t *) print->custom; + f_file_stream_lock(print->to); fl_print_format("%[%QAt line%] ", print->to, print->context, print->prefix, print->context); + + if (main->data.file.used && main->data.file.string) { + fl_print_format(" %[of '%]", print->to, print->context, print->prefix, print->context); + fl_print_format(f_string_format_Q_single_s.string, print->to, print->notable, main->data.file, print->notable); + fl_print_format("%[' ", print->to, print->context); + } + else { + fl_print_format(" %[", print->to, print->context); + } + fl_print_format(f_string_format_un_single_s.string, print->to, print->notable, line, print->notable); fl_print_format(" %[the object '%]", print->to, print->context, print->prefix, print->context); fl_print_format(f_string_format_Q_range_single_s.string, print->to, print->notable, buffer, range, print->notable); @@ -53,14 +77,25 @@ extern "C" { #ifndef _di_firewall_print_warning_object_invalid_missing_line_ f_status_t firewall_print_warning_object_invalid_missing_line(fl_print_t * const print, const f_number_unsigned_t line, const f_string_static_t buffer, const f_range_t range) { - if (!print) return F_status_set_error(F_output_not); + if (!print || !print->custom) return F_status_set_error(F_output_not); if (print->verbosity < f_console_verbosity_verbose_e) return F_output_not; + firewall_main_t * const main = (firewall_main_t *) print->custom; + f_file_stream_lock(print->to); fl_print_format("%[%QAt line%] ", print->to, print->context, print->prefix, print->context); fl_print_format(f_string_format_un_single_s.string, print->to, print->notable, line, print->notable); + if (main->data.file.used && main->data.file.string) { + fl_print_format(" %[of '%]", print->to, print->context, print->prefix, print->context); + fl_print_format(f_string_format_Q_single_s.string, print->to, print->notable, main->data.file, print->notable); + fl_print_format("%[' ", print->to, print->context); + } + else { + fl_print_format(" %[", print->to, print->context); + } + if (range.start > range.stop) { fl_print_format(" %[the object is missing.%]%r", print->to, print->context, print->context, f_string_eol_s); } -- 1.8.3.1