#define BUF_SIZE_FOR_IP 64
-#define RULE_CHAIN "chain"
-#define RULE_DIRECTION "direction"
-#define RULE_IFNAME "ifname"
-#define RULE_PROTOCOL "protocol"
-#define RULE_TARGET "target"
-
-#define RULE_FAMILY "family"
-#define RULE_SIPTYPE "s_ip_type"
-#define RULE_SIP1 "s_ip1"
-#define RULE_SIP2 "s_ip2"
-#define RULE_DIPTYPE "d_ip_type"
-#define RULE_DIP1 "d_ip1"
-#define RULE_DIP2 "d_ip2"
-#define RULE_SPORTTYPE "s_port_type"
-#define RULE_SPORT1 "s_port1"
-#define RULE_SPORT2 "s_port2"
-#define RULE_DPORTTYPE "d_port_type"
-#define RULE_DPORT1 "d_port1"
-#define RULE_DPORT2 "d_port2"
-
static void __fw_add_rule_info_to_builder(GVariantBuilder *builder,
firewall_rule_s *rule)
{
switch (rule->family) {
case STC_FW_FAMILY_V4:
- if (rule->s_ip1.Ipv4.s_addr)
- g_variant_builder_add(builder, "{sv}", RULE_SIP1,
- g_variant_new_uint32(rule->s_ip1.Ipv4.s_addr));
+ if (rule->s_ip_type != STC_FW_IP_NONE) {
+ if (rule->s_ip1.Ipv4.s_addr)
+ g_variant_builder_add(builder, "{sv}", RULE_SIP1,
+ g_variant_new_uint32(rule->s_ip1.Ipv4.s_addr));
- if (rule->s_ip2.Ipv4.s_addr)
- g_variant_builder_add(builder, "{sv}", RULE_SIP2,
- g_variant_new_uint32(rule->s_ip2.Ipv4.s_addr));
+ if (rule->s_ip2.Ipv4.s_addr)
+ g_variant_builder_add(builder, "{sv}", RULE_SIP2,
+ g_variant_new_uint32(rule->s_ip2.Ipv4.s_addr));
+ }
- if (rule->d_ip1.Ipv4.s_addr)
- g_variant_builder_add(builder, "{sv}", RULE_DIP1,
- g_variant_new_uint32(rule->d_ip1.Ipv4.s_addr));
+ if (rule->d_ip_type != STC_FW_IP_NONE) {
+ if (rule->d_ip1.Ipv4.s_addr)
+ g_variant_builder_add(builder, "{sv}", RULE_DIP1,
+ g_variant_new_uint32(rule->d_ip1.Ipv4.s_addr));
- if (rule->d_ip2.Ipv4.s_addr)
- g_variant_builder_add(builder, "{sv}", RULE_DIP2,
- g_variant_new_uint32(rule->d_ip2.Ipv4.s_addr));
+ if (rule->d_ip2.Ipv4.s_addr)
+ g_variant_builder_add(builder, "{sv}", RULE_DIP2,
+ g_variant_new_uint32(rule->d_ip2.Ipv4.s_addr));
+ }
break;
case STC_FW_FAMILY_V6:
{
char buf[BUF_SIZE_FOR_IP];
- if (rule->s_ip1.Ipv6.s6_addr32[0] || rule->s_ip1.Ipv6.s6_addr32[1] ||
- rule->s_ip1.Ipv6.s6_addr32[2] || rule->s_ip1.Ipv6.s6_addr32[3]) {
- memset(buf, 0, sizeof(buf));
- snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
- rule->s_ip1.Ipv6.s6_addr32[0], rule->s_ip1.Ipv6.s6_addr32[1],
- rule->s_ip1.Ipv6.s6_addr32[2], rule->s_ip1.Ipv6.s6_addr32[3]);
- g_variant_builder_add(builder, "{sv}", RULE_SIP1,
- g_variant_new_string(buf));
+ if (rule->s_ip_type != STC_FW_IP_NONE) {
+ if (rule->s_ip1.Ipv6.s6_addr32[0] || rule->s_ip1.Ipv6.s6_addr32[1] ||
+ rule->s_ip1.Ipv6.s6_addr32[2] || rule->s_ip1.Ipv6.s6_addr32[3]) {
+ memset(buf, 0, sizeof(buf));
+ snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
+ rule->s_ip1.Ipv6.s6_addr32[0], rule->s_ip1.Ipv6.s6_addr32[1],
+ rule->s_ip1.Ipv6.s6_addr32[2], rule->s_ip1.Ipv6.s6_addr32[3]);
+ g_variant_builder_add(builder, "{sv}", RULE_SIP1,
+ g_variant_new_string(buf));
+ }
+
+ if (rule->s_ip2.Ipv6.s6_addr32[0] || rule->s_ip2.Ipv6.s6_addr32[1] ||
+ rule->s_ip2.Ipv6.s6_addr32[2] || rule->s_ip2.Ipv6.s6_addr32[3]) {
+ memset(buf, 0, sizeof(buf));
+ snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
+ rule->s_ip2.Ipv6.s6_addr32[0], rule->s_ip2.Ipv6.s6_addr32[1],
+ rule->s_ip2.Ipv6.s6_addr32[2], rule->s_ip2.Ipv6.s6_addr32[3]);
+ g_variant_builder_add(builder, "{sv}", RULE_SIP2,
+ g_variant_new_string(buf));
+ }
}
- if (rule->s_ip2.Ipv6.s6_addr32[0] || rule->s_ip2.Ipv6.s6_addr32[1] ||
- rule->s_ip2.Ipv6.s6_addr32[2] || rule->s_ip2.Ipv6.s6_addr32[3]) {
- memset(buf, 0, sizeof(buf));
- snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
- rule->s_ip2.Ipv6.s6_addr32[0], rule->s_ip2.Ipv6.s6_addr32[1],
- rule->s_ip2.Ipv6.s6_addr32[2], rule->s_ip2.Ipv6.s6_addr32[3]);
- g_variant_builder_add(builder, "{sv}", RULE_SIP2,
- g_variant_new_string(buf));
+ if (rule->d_ip_type != STC_FW_IP_NONE) {
+ if (rule->d_ip1.Ipv6.s6_addr32[0] || rule->d_ip1.Ipv6.s6_addr32[1] ||
+ rule->d_ip1.Ipv6.s6_addr32[2] || rule->d_ip1.Ipv6.s6_addr32[3]) {
+ memset(buf, 0, sizeof(buf));
+ snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
+ rule->d_ip1.Ipv6.s6_addr32[0], rule->d_ip1.Ipv6.s6_addr32[1],
+ rule->d_ip1.Ipv6.s6_addr32[2], rule->d_ip1.Ipv6.s6_addr32[3]);
+ g_variant_builder_add(builder, "{sv}", RULE_DIP1,
+ g_variant_new_string(buf));
+ }
+
+ if (rule->d_ip2.Ipv6.s6_addr32[0] || rule->d_ip2.Ipv6.s6_addr32[1] ||
+ rule->d_ip2.Ipv6.s6_addr32[2] || rule->d_ip2.Ipv6.s6_addr32[3]) {
+ memset(buf, 0, sizeof(buf));
+ snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
+ rule->d_ip2.Ipv6.s6_addr32[0], rule->d_ip2.Ipv6.s6_addr32[1],
+ rule->d_ip2.Ipv6.s6_addr32[2], rule->d_ip2.Ipv6.s6_addr32[3]);
+ g_variant_builder_add(builder, "{sv}", RULE_DIP2,
+ g_variant_new_string(buf));
+ }
}
- if (rule->d_ip1.Ipv6.s6_addr32[0] || rule->d_ip1.Ipv6.s6_addr32[1] ||
- rule->d_ip1.Ipv6.s6_addr32[2] || rule->d_ip1.Ipv6.s6_addr32[3]) {
- memset(buf, 0, sizeof(buf));
- snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
- rule->d_ip1.Ipv6.s6_addr32[0], rule->d_ip1.Ipv6.s6_addr32[1],
- rule->d_ip1.Ipv6.s6_addr32[2], rule->d_ip1.Ipv6.s6_addr32[3]);
- g_variant_builder_add(builder, "{sv}", RULE_DIP1,
- g_variant_new_string(buf));
- }
-
- if (rule->d_ip2.Ipv6.s6_addr32[0] || rule->d_ip2.Ipv6.s6_addr32[1] ||
- rule->d_ip2.Ipv6.s6_addr32[2] || rule->d_ip2.Ipv6.s6_addr32[3]) {
- memset(buf, 0, sizeof(buf));
- snprintf(buf, sizeof(buf), "%08x:%08x:%08x:%08x",
- rule->d_ip2.Ipv6.s6_addr32[0], rule->d_ip2.Ipv6.s6_addr32[1],
- rule->d_ip2.Ipv6.s6_addr32[2], rule->d_ip2.Ipv6.s6_addr32[3]);
- g_variant_builder_add(builder, "{sv}", RULE_DIP2,
- g_variant_new_string(buf));
- }
}
break;
default:
break;
}
- if (rule->s_port1)
- g_variant_builder_add(builder, "{sv}", RULE_SPORT1,
- g_variant_new_uint32(rule->s_port1));
+ if (rule->s_port_type != STC_FW_PORT_NONE) {
+ if (rule->s_port1)
+ g_variant_builder_add(builder, "{sv}", RULE_SPORT1,
+ g_variant_new_uint32(rule->s_port1));
- if (rule->s_port2)
- g_variant_builder_add(builder, "{sv}", RULE_SPORT2,
- g_variant_new_uint32(rule->s_port2));
+ if (rule->s_port2)
+ g_variant_builder_add(builder, "{sv}", RULE_SPORT2,
+ g_variant_new_uint32(rule->s_port2));
+ }
- if (rule->d_port1)
- g_variant_builder_add(builder, "{sv}", RULE_DPORT1,
- g_variant_new_uint32(rule->d_port1));
+ if (rule->s_port_type != STC_FW_PORT_NONE) {
+ if (rule->d_port1)
+ g_variant_builder_add(builder, "{sv}", RULE_DPORT1,
+ g_variant_new_uint32(rule->d_port1));
- if (rule->d_port2)
- g_variant_builder_add(builder, "{sv}", RULE_DPORT2,
- g_variant_new_uint32(rule->d_port2));
+ if (rule->d_port2)
+ g_variant_builder_add(builder, "{sv}", RULE_DPORT2,
+ g_variant_new_uint32(rule->d_port2));
+ }
- if (rule->ifname)
- g_variant_builder_add(builder, "{sv}", RULE_IFNAME,
- g_variant_new_string(rule->ifname));
+ if (rule->direction != STC_FW_DIRECTION_NONE) {
+ if (rule->ifname && rule->ifname[0] != '\0')
+ g_variant_builder_add(builder, "{sv}", RULE_IFNAME,
+ g_variant_new_string(rule->ifname));
+ }
- if (rule->target_str)
+ if (rule->target_str && rule->target_str[0] != '\0')
g_variant_builder_add(builder, "{sv}", RULE_TARGET,
g_variant_new_string(rule->target_str));
+
+ if (rule->target != STC_FW_RULE_TARGET_NONE)
+ g_variant_builder_add(builder, "{sv}", RULE_TARGETTYPE,
+ g_variant_new_uint16(rule->target));
+
+ switch (rule->target) {
+ case STC_FW_RULE_TARGET_LOG:
+ g_variant_builder_add(builder, "{sv}", RULE_LOG_LEVEL,
+ g_variant_new_uint16(rule->log_level));
+
+ if (rule->log_prefix && rule->log_prefix[0] != '\0')
+ g_variant_builder_add(builder, "{sv}", RULE_LOG_PREFIX,
+ g_variant_new_string(rule->log_prefix));
+ break;
+ case STC_FW_RULE_TARGET_NFLOG:
+ g_variant_builder_add(builder, "{sv}", RULE_NFLOG_GROUP,
+ g_variant_new_uint16(rule->nflog_group));
+
+ if (rule->nflog_prefix && rule->nflog_prefix[0] != '\0')
+ g_variant_builder_add(builder, "{sv}", RULE_NFLOG_PREFIX,
+ g_variant_new_string(rule->nflog_prefix));
+
+ g_variant_builder_add(builder, "{sv}", RULE_NFLOG_RANGE,
+ g_variant_new_uint16(rule->nflog_range));
+
+ g_variant_builder_add(builder, "{sv}", RULE_NFLOG_THRESHOLD,
+ g_variant_new_uint16(rule->nflog_threshold));
+ break;
+ default:
+ break;
+ }
}
static int __fw_add_chain(GDBusConnection *connection,
stc_error_e firewall_rule_add(firewall_rule_s *rule)
{
- __STC_LOG_FUNC_ENTER__;
-
stc_error_e ret = STC_ERROR_NONE;
stc_s *stc = stc_get_manager();
break;
}
- __STC_LOG_FUNC_EXIT__;
return ret;
}
stc_error_e firewall_rule_remove(firewall_rule_s *rule)
{
- __STC_LOG_FUNC_ENTER__;
-
stc_error_e ret = STC_ERROR_NONE;
stc_s *stc = stc_get_manager();
break;
}
- __STC_LOG_FUNC_EXIT__;
return ret;
}