From 0c9f66a48128dcfe4447e17c83b02165a82017f5 Mon Sep 17 00:00:00 2001 From: Kevin Day Date: Sat, 17 Feb 2024 22:11:20 -0600 Subject: [PATCH] Update: Backport improved return code failure reporting to firewall from 0.7 development. The return code may be returned as non-zero for error returned by iptables. This error is now being reported. This error does not prevent the firewall from continuing. --- level_3/firewall/c/firewall.c | 3 +++ level_3/firewall/c/private-common.c | 20 ++++++++++++++++++++ level_3/firewall/c/private-common.h | 14 ++++++++++++++ level_3/firewall/c/private-firewall.c | 29 +++++++++++++++++++++++++++++ 4 files changed, 66 insertions(+) diff --git a/level_3/firewall/c/firewall.c b/level_3/firewall/c/firewall.c index ef6812a..7170dd3 100644 --- a/level_3/firewall/c/firewall.c +++ b/level_3/firewall/c/firewall.c @@ -364,6 +364,9 @@ extern "C" { status = F_status_set_error(status); } + else if (return_code) { + firewall_print_error_on_operation_return_code(main->error, firewall_tool_iptables_s, parameters, return_code); + } firewall_delete_local_data(&local); firewall_data_delete(&data); diff --git a/level_3/firewall/c/private-common.c b/level_3/firewall/c/private-common.c index dadb9e2..79efe24 100644 --- a/level_3/firewall/c/private-common.c +++ b/level_3/firewall/c/private-common.c @@ -71,6 +71,26 @@ void firewall_print_error_on_operation(const fl_print_t output, const f_string_s funlockfile(output.to.stream); } +void firewall_print_error_on_operation_return_code(const fl_print_t output, const f_string_static_t tool, const f_string_statics_t arguments, const int return_code) { + + if (output.verbosity == f_console_verbosity_quiet_e) return; + + flockfile(output.to.stream); + + fl_print_format("%r%[%QFailed to perform requested %r operation '%]", output.to.stream, f_string_eol_s, output.context, output.prefix, tool, output.context); + fl_print_format("%[%r", output.to.stream, output.notable, tool); + + for (f_array_length_t i = 0; i < arguments.used; ++i) { + fl_print_format(" %Q", output.to.stream, arguments.array[i]); + } // for + + fl_print_format("%]%[' returned with code of%] ", output.to.stream, output.notable, output.context, output.context); + fl_print_format("%[%i%]", output.to.stream, output.notable, return_code, output.notable); + fl_print_format("%[.%]%r", output.to.stream, output.context, output.context, f_string_eol_s); + + funlockfile(output.to.stream); +} + void firewall_print_error_on_unhandled(const fl_print_t output, const char *function, const f_status_t status) { if (output.verbosity == f_console_verbosity_quiet_e) return; diff --git a/level_3/firewall/c/private-common.h b/level_3/firewall/c/private-common.h index d2f25f2..0b2eb75 100644 --- a/level_3/firewall/c/private-common.h +++ b/level_3/firewall/c/private-common.h @@ -163,6 +163,20 @@ extern void firewall_print_error_on_invalid_parameter_for_file(const fl_print_t extern void firewall_print_error_on_operation(const fl_print_t output, const f_string_static_t tool, const f_string_statics_t arguments) F_attribute_visibility_internal_d; /** + * Print an error about the given operation failed. + * + * @param output + * The output to print to. + * @param tool + * The iptables tool that failed. + * @param arguments + * The arguments passed to the tool. + * @param return_code + * The return code that represents the failure. + */ +extern void firewall_print_error_on_operation_return_code(const fl_print_t output, const f_string_static_t tool, const f_string_statics_t arguments, const int return_code) F_attribute_visibility_internal_d; + +/** * Print an unhandled error for the given function. * * @param output diff --git a/level_3/firewall/c/private-firewall.c b/level_3/firewall/c/private-firewall.c index 3e05fa2..22d07eb 100644 --- a/level_3/firewall/c/private-firewall.c +++ b/level_3/firewall/c/private-firewall.c @@ -671,6 +671,7 @@ f_status_t firewall_perform_commands(firewall_data_t * const data, firewall_loca for (f_array_length_t at = 0; at < basic_objects.used; ++at) { arguments.array[arguments.used].used = 0; + return_code = 0; status = f_string_dynamic_partial_append(local_buffer, basic_objects.array[at], &arguments.array[arguments.used]); if (F_status_is_error(status)) break; @@ -710,6 +711,9 @@ f_status_t firewall_perform_commands(firewall_data_t * const data, firewall_loca break; } + else if (return_code) { + firewall_print_error_on_operation_return_code(data->main->error, current_tool, arguments, return_code); + } } // for // Remove ip_list_action from arguments string. @@ -729,6 +733,8 @@ f_status_t firewall_perform_commands(firewall_data_t * const data, firewall_loca if (F_status_set_fine(status) == F_failure || F_status_set_fine(status) == F_parameter) break; } else { + return_code = 0; + firewall_print_debug_tool(data->main->warning, current_tool, arguments); status = fll_execute_program(current_tool, arguments, 0, 0, (void *) &return_code); @@ -757,6 +763,9 @@ f_status_t firewall_perform_commands(firewall_data_t * const data, firewall_loca break; } + else if (return_code) { + firewall_print_error_on_operation_return_code(data->main->error, current_tool, arguments, return_code); + } } } } // for @@ -917,6 +926,8 @@ f_status_t firewall_create_custom_chains(firewall_data_t * const data, firewall_ firewall_print_debug_tool(data->main->warning, firewall_tool_iptables_s, arguments); tool = firewall_program_iptables_e; + return_code = 0; + status = fll_execute_program(firewall_tool_iptables_s, arguments, 0, 0, (void *) &return_code); if (status == F_child) { @@ -932,6 +943,12 @@ f_status_t firewall_create_custom_chains(firewall_data_t * const data, firewall_ break; } + if (return_code) { + firewall_print_error_on_operation_return_code(data->main->error, firewall_tool_iptables_s, arguments, return_code); + } + + return_code = 0; + firewall_print_debug_tool(data->main->warning, firewall_tool_ip6tables_s, arguments); tool = firewall_program_ip6tables_e; @@ -957,6 +974,9 @@ f_status_t firewall_create_custom_chains(firewall_data_t * const data, firewall_ break; } + else if (return_code) { + firewall_print_error_on_operation_return_code(data->main->error, firewall_tool_ip6tables_s, arguments, return_code); + } } ++data->chains.used; @@ -1013,6 +1033,9 @@ f_status_t firewall_delete_chains(firewall_data_t * const data) { return status; } + else if (return_code) { + firewall_print_error_on_operation_return_code(data->main->error, tools[i], arguments, return_code); + } } // for int return_code = 0; @@ -1057,6 +1080,9 @@ f_status_t firewall_delete_chains(firewall_data_t * const data) { break; } + else if (return_code) { + firewall_print_error_on_operation_return_code(data->main->error, tools[i], arguments, return_code); + } } // for return status; @@ -1121,6 +1147,9 @@ f_status_t firewall_default_lock(firewall_data_t * const data) { break; } + else if (return_code) { + firewall_print_error_on_operation_return_code(data->main->error, tools[j], arguments, return_code); + } } // for } // for -- 1.8.3.1