From: hyunuktak Date: Thu, 23 Aug 2018 05:43:33 +0000 (+0900) Subject: Make firewall rule param properly X-Git-Tag: submit/tizen/20180828.063057^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=1d53367693cd90500023ccffe61cf7ae915bc4ec;p=platform%2Fcore%2Fapi%2Fsmart-traffic-control.git Make firewall rule param properly Change-Id: I39fb9ec9782d18f628b94e46f75aeaee74a7ad14 Signed-off-by: hyunuktak --- diff --git a/packaging/capi-network-stc.spec b/packaging/capi-network-stc.spec index 3a02074..ff56639 100755 --- a/packaging/capi-network-stc.spec +++ b/packaging/capi-network-stc.spec @@ -1,6 +1,6 @@ Name: capi-network-stc Summary: A Smart Traffic Control (STC) libraries in Native API -Version: 0.0.33 +Version: 0.0.34 Release: 1 Group: Network & Connectivity/API License: Apache-2.0 diff --git a/src/internal/stc-private.c b/src/internal/stc-private.c index 4b4a880..eb7fbaa 100755 --- a/src/internal/stc-private.c +++ b/src/internal/stc-private.c @@ -105,8 +105,6 @@ int _stc_convert_error_string_to_enum(const char *error) if (NULL != strstr(error, "NoReply")) return STC_ERROR_INVALID_OPERATION; - else if (NULL != strstr(error, "Failed")) - return STC_ERROR_OPERATION_FAILED; else if (NULL != strstr(error, "UnknownMethod")) return STC_ERROR_INVALID_OPERATION; else if (NULL != strstr(error, "InvalidArguments")) @@ -119,6 +117,14 @@ int _stc_convert_error_string_to_enum(const char *error) return STC_ERROR_NOT_SUPPORTED; else if (NULL != strstr(error, "InProgress")) return STC_ERROR_IN_PROGRESS; + else if (NULL != strstr(error, "OUT_OF_MEMORY")) + return STC_ERROR_OUT_OF_MEMORY; + else if (NULL != strstr(error, "INVALID_PARAMETER")) + return STC_ERROR_INVALID_PARAMETER; + else if (NULL != strstr(error, "UNINITIALIZED")) + return STC_ERROR_NOT_INITIALIZED; + else if (NULL != strstr(error, "PERMISSION_DENIED")) + return STC_ERROR_PERMISSION_DENIED; return STC_ERROR_OPERATION_FAILED; } diff --git a/src/stc-firewall.c b/src/stc-firewall.c index 845276b..7378802 100755 --- a/src/stc-firewall.c +++ b/src/stc-firewall.c @@ -237,120 +237,130 @@ static void __stc_fw_make_rule_params( STC_FW_RULE_CHAIN, g_variant_new_string(rule->chain)); - if (rule->direction != STC_FIREWALL_DIRECTION_NONE) + if (rule->direction != STC_FIREWALL_DIRECTION_NONE) { g_variant_builder_add(builder, "{sv}", STC_FW_RULE_DIRECTION, g_variant_new_uint16(rule->direction)); - if (rule->s_ip_type != STC_FIREWALL_IP_NONE) + if (rule->ifname) + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_IFNAME, + g_variant_new_string(rule->ifname)); + } + + if (rule->family != STC_FIREWALL_FAMILY_NONE) + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_FAMILY, + g_variant_new_uint16(rule->family)); + + if (rule->s_ip_type != STC_FIREWALL_IP_NONE) { g_variant_builder_add(builder, "{sv}", STC_FW_RULE_SIPTYPE, g_variant_new_uint16(rule->s_ip_type)); - if (rule->d_ip_type != STC_FIREWALL_IP_NONE) + if (rule->s_ip1) + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_SIP1, + g_variant_new_string(rule->s_ip1)); + + if (rule->s_ip2) + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_SIP2, + g_variant_new_string(rule->s_ip2)); + } + + if (rule->d_ip_type != STC_FIREWALL_IP_NONE) { g_variant_builder_add(builder, "{sv}", STC_FW_RULE_DIPTYPE, g_variant_new_uint16(rule->d_ip_type)); - if (rule->s_port_type != STC_FIREWALL_PORT_NONE) - g_variant_builder_add(builder, "{sv}", - STC_FW_RULE_SPORTTYPE, - g_variant_new_uint16(rule->s_port_type)); + if (rule->d_ip1) + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_DIP1, + g_variant_new_string(rule->d_ip1)); - if (rule->d_port_type != STC_FIREWALL_PORT_NONE) - g_variant_builder_add(builder, "{sv}", - STC_FW_RULE_DPORTTYPE, - g_variant_new_uint16(rule->d_port_type)); + if (rule->d_ip2) + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_DIP2, + g_variant_new_string(rule->d_ip2)); + } - if (rule->protocol != STC_FIREWALL_PROTOCOL_NONE) + if (rule->protocol != STC_FIREWALL_PROTOCOL_NONE) { g_variant_builder_add(builder, "{sv}", STC_FW_RULE_PROTOCOL, g_variant_new_uint16(rule->protocol)); - if (rule->family != STC_FIREWALL_FAMILY_NONE) - g_variant_builder_add(builder, "{sv}", - STC_FW_RULE_FAMILY, - g_variant_new_uint16(rule->family)); + if (rule->s_port_type != STC_FIREWALL_PORT_NONE) { + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_SPORTTYPE, + g_variant_new_uint16(rule->s_port_type)); - if (rule->s_ip1) - g_variant_builder_add(builder, "{sv}", - STC_FW_RULE_SIP1, - g_variant_new_string(rule->s_ip1)); + if (rule->s_port1) + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_SPORT1, + g_variant_new_uint32(rule->s_port1)); - if (rule->s_ip2) - g_variant_builder_add(builder, "{sv}", - STC_FW_RULE_SIP2, - g_variant_new_string(rule->s_ip2)); + if (rule->s_port2) + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_SPORT2, + g_variant_new_uint32(rule->s_port2)); + } - if (rule->d_ip1) - g_variant_builder_add(builder, "{sv}", - STC_FW_RULE_DIP1, - g_variant_new_string(rule->d_ip1)); + if (rule->d_port_type != STC_FIREWALL_PORT_NONE) { + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_DPORTTYPE, + g_variant_new_uint16(rule->d_port_type)); - if (rule->d_ip2) - g_variant_builder_add(builder, "{sv}", - STC_FW_RULE_DIP2, - g_variant_new_string(rule->d_ip2)); - - if (rule->s_port1) - g_variant_builder_add(builder, "{sv}", - STC_FW_RULE_SPORT1, - g_variant_new_uint32(rule->s_port1)); - - if (rule->s_port2) - g_variant_builder_add(builder, "{sv}", - STC_FW_RULE_SPORT2, - g_variant_new_uint32(rule->s_port2)); + if (rule->d_port1) + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_DPORT1, + g_variant_new_uint32(rule->d_port1)); - if (rule->d_port1) - g_variant_builder_add(builder, "{sv}", - STC_FW_RULE_DPORT1, - g_variant_new_uint32(rule->d_port1)); - - if (rule->d_port2) - g_variant_builder_add(builder, "{sv}", - STC_FW_RULE_DPORT2, - g_variant_new_uint32(rule->d_port2)); - - if (rule->ifname) - g_variant_builder_add(builder, "{sv}", - STC_FW_RULE_IFNAME, - g_variant_new_string(rule->ifname)); + if (rule->d_port2) + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_DPORT2, + g_variant_new_uint32(rule->d_port2)); + } + } if (rule->target) g_variant_builder_add(builder, "{sv}", STC_FW_RULE_TARGET, g_variant_new_uint16(rule->target)); - if (rule->log_level) - g_variant_builder_add(builder, "{sv}", - STC_FW_RULE_LOG_LEVEL, - g_variant_new_uint16(rule->log_level)); + if (rule->target == STC_FIREWALL_RULE_TARGET_LOG) { + if (rule->log_level) + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_LOG_LEVEL, + g_variant_new_uint16(rule->log_level)); - if (rule->log_prefix) - g_variant_builder_add(builder, "{sv}", - STC_FW_RULE_LOG_PREFIX, - g_variant_new_string(rule->log_prefix)); + if (rule->log_prefix) + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_LOG_PREFIX, + g_variant_new_string(rule->log_prefix)); + } - if (rule->nflog_group) - g_variant_builder_add(builder, "{sv}", - STC_FW_RULE_NFLOG_GROUP, - g_variant_new_uint16(rule->nflog_group)); + if (rule->target == STC_FIREWALL_RULE_TARGET_NFLOG) { + if (rule->nflog_group) + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_NFLOG_GROUP, + g_variant_new_uint16(rule->nflog_group)); - if (rule->nflog_prefix) - g_variant_builder_add(builder, "{sv}", - STC_FW_RULE_NFLOG_PREFIX, - g_variant_new_string(rule->nflog_prefix)); + if (rule->nflog_prefix) + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_NFLOG_PREFIX, + g_variant_new_string(rule->nflog_prefix)); - if (rule->nflog_range) - g_variant_builder_add(builder, "{sv}", - STC_FW_RULE_NFLOG_RANGE, - g_variant_new_uint16(rule->nflog_range)); + if (rule->nflog_range) + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_NFLOG_RANGE, + g_variant_new_uint16(rule->nflog_range)); - if (rule->nflog_threshold) - g_variant_builder_add(builder, "{sv}", - STC_FW_RULE_NFLOG_THRESHOLD, - g_variant_new_uint16(rule->nflog_threshold)); + if (rule->nflog_threshold) + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_NFLOG_THRESHOLD, + g_variant_new_uint16(rule->nflog_threshold)); + } if (rule->identifier) g_variant_builder_add(builder, "{sv}", diff --git a/test/firewall.c b/test/firewall.c index 01b1093..1e2f300 100755 --- a/test/firewall.c +++ b/test/firewall.c @@ -97,7 +97,7 @@ static void __test_stc_fw_print_rule(stc_firewall_rule_h rule_h) unsigned int s_port2 = 0; unsigned int d_port1 = 0; unsigned int d_port2 = 0; - unsigned int log_level = 0; + unsigned char log_level = 0; unsigned int nflog_group = 0; unsigned int nflog_range = 0; unsigned int nflog_threshold = 0; @@ -113,16 +113,19 @@ static void __test_stc_fw_print_rule(stc_firewall_rule_h rule_h) } ret = stc_firewall_rule_get_direction(rule_h, &direction); - if (ret == STC_ERROR_NONE) + if (ret == STC_ERROR_NONE) { msg("Direction: " LOG_CYAN "[%s]" LOG_END, test_stc_convert_fw_direction_to_string(direction)); - ret = stc_firewall_rule_get_ifname(rule_h, &ifname); - if (ret == STC_ERROR_NONE) { - if (ifname) - msg("Ifname: " LOG_CYAN "[%s]" LOG_END, ifname); + if (direction != STC_FIREWALL_DIRECTION_NONE) { + ret = stc_firewall_rule_get_ifname(rule_h, &ifname); + if (ret == STC_ERROR_NONE) { + if (ifname) + msg("Ifname: " LOG_CYAN "[%s]" LOG_END, ifname); - FREE(ifname); + FREE(ifname); + } + } } ret = stc_firewall_rule_get_family_type(rule_h, &family); @@ -131,58 +134,71 @@ static void __test_stc_fw_print_rule(stc_firewall_rule_h rule_h) test_stc_convert_fw_family_type_to_string(family)); ret = stc_firewall_rule_get_src_ip_type(rule_h, &s_ip_type); - if (ret == STC_ERROR_NONE) + if (ret == STC_ERROR_NONE) { msg("SrcIPtype: " LOG_CYAN "[%s]" LOG_END, test_stc_convert_fw_ip_type_to_string(s_ip_type)); - ret = stc_firewall_rule_get_src_ip(rule_h, &s_ip1, &s_ip2); - if (ret == STC_ERROR_NONE) { - if (s_ip1 || s_ip2) - msg("SrcIP: " LOG_CYAN "[%s:%s]" LOG_END, s_ip1, s_ip2); + if (s_ip_type != STC_FIREWALL_IP_NONE) { + ret = stc_firewall_rule_get_src_ip(rule_h, &s_ip1, &s_ip2); + if (ret == STC_ERROR_NONE) { + if (s_ip1 || s_ip2) + msg("SrcIP: " LOG_CYAN "[%s:%s]" LOG_END, s_ip1, s_ip2); - FREE(s_ip1); - FREE(s_ip2); + FREE(s_ip1); + FREE(s_ip2); + } + } } ret = stc_firewall_rule_get_dst_ip_type(rule_h, &d_ip_type); - if (ret == STC_ERROR_NONE) + if (ret == STC_ERROR_NONE) { msg("DstIPtype: " LOG_CYAN "[%s]" LOG_END, test_stc_convert_fw_ip_type_to_string(d_ip_type)); - ret = stc_firewall_rule_get_dst_ip(rule_h, &d_ip1, &d_ip2); - if (ret == STC_ERROR_NONE) { - if (d_ip1 || d_ip2) - msg("DstIP: " LOG_CYAN "[%s:%s]" LOG_END, d_ip1, d_ip2); + if (d_ip_type != STC_FIREWALL_IP_NONE) { + ret = stc_firewall_rule_get_dst_ip(rule_h, &d_ip1, &d_ip2); + if (ret == STC_ERROR_NONE) { + if (d_ip1 || d_ip2) + msg("DstIP: " LOG_CYAN "[%s:%s]" LOG_END, d_ip1, d_ip2); - FREE(d_ip1); - FREE(d_ip2); + FREE(d_ip1); + FREE(d_ip2); + } + } } ret = stc_firewall_rule_get_protocol_type(rule_h, &protocol); - if (ret == STC_ERROR_NONE) + if (ret == STC_ERROR_NONE) { msg("Protocol: " LOG_CYAN "[%s]" LOG_END, test_stc_convert_fw_protocol_type_to_string(protocol)); - ret = stc_firewall_rule_get_src_port_type(rule_h, &s_port_type); - if (ret == STC_ERROR_NONE) - msg("SrcPorttype: " LOG_CYAN "[%s]" LOG_END, - test_stc_convert_fw_port_type_to_string(s_port_type)); - - ret = stc_firewall_rule_get_src_port(rule_h, &s_port1, &s_port2); - if (ret == STC_ERROR_NONE) { - if (s_port1 || s_port2) - msg("SrcPort: " LOG_CYAN "[%u:%u]" LOG_END, s_port1, s_port2); - } - - ret = stc_firewall_rule_get_dst_port_type(rule_h, &d_port_type); - if (ret == STC_ERROR_NONE) - msg("DstPorttype: " LOG_CYAN "[%s]" LOG_END, - test_stc_convert_fw_port_type_to_string(d_port_type)); - - ret = stc_firewall_rule_get_dst_port(rule_h, &d_port1, &d_port2); - if (ret == STC_ERROR_NONE) { - if (d_port1 || d_port2) - msg("DstPort: " LOG_CYAN "[%u:%u]" LOG_END, d_port1, d_port2); + if (protocol != STC_FIREWALL_PROTOCOL_NONE) { + ret = stc_firewall_rule_get_src_port_type(rule_h, &s_port_type); + if (ret == STC_ERROR_NONE) + msg("SrcPorttype: " LOG_CYAN "[%s]" LOG_END, + test_stc_convert_fw_port_type_to_string(s_port_type)); + + if (s_port_type != STC_FIREWALL_PORT_NONE) { + ret = stc_firewall_rule_get_src_port(rule_h, &s_port1, &s_port2); + if (ret == STC_ERROR_NONE) { + if (s_port1 || s_port2) + msg("SrcPort: " LOG_CYAN "[%u:%u]" LOG_END, s_port1, s_port2); + } + } + + ret = stc_firewall_rule_get_dst_port_type(rule_h, &d_port_type); + if (ret == STC_ERROR_NONE) + msg("DstPorttype: " LOG_CYAN "[%s]" LOG_END, + test_stc_convert_fw_port_type_to_string(d_port_type)); + + if (d_port_type != STC_FIREWALL_PORT_NONE) { + ret = stc_firewall_rule_get_dst_port(rule_h, &d_port1, &d_port2); + if (ret == STC_ERROR_NONE) { + if (d_port1 || d_port2) + msg("DstPort: " LOG_CYAN "[%u:%u]" LOG_END, d_port1, d_port2); + } + } + } } ret = stc_firewall_rule_get_target(rule_h, &target); @@ -316,162 +332,156 @@ static int __test_stc_fw_set_rule_info(void) msg("Fail to set chain of rule " LOG_RED "[%s]" LOG_END, test_stc_convert_error_type_to_string(ret)); - if (direction > STC_FIREWALL_DIRECTION_NONE && - direction <= STC_FIREWALL_DIRECTION_OUT) { + if (direction <= STC_FIREWALL_DIRECTION_OUT) { ret = stc_firewall_rule_set_direction(g_fw_rule_h, direction); if (ret == STC_ERROR_NONE) msg(LOG_GREEN "Success to set direction of rule" LOG_END); else msg("Fail to set direction of rule " LOG_RED "[%s]" LOG_END, test_stc_convert_error_type_to_string(ret)); - } - if (s_ip_type > STC_FIREWALL_IP_NONE && - s_ip_type <= STC_FIREWALL_IP_RANGE) { - ret = stc_firewall_rule_set_src_ip_type(g_fw_rule_h, s_ip_type); + ret = stc_firewall_rule_set_ifname(g_fw_rule_h, g_rule_ifname); if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set source IP type of rule" LOG_END); + msg(LOG_GREEN "Success to set interface name of rule" LOG_END); else - msg("Fail to set source IP type of rule " LOG_RED "[%s]" LOG_END, + msg("Fail to set interface name of rule " LOG_RED "[%s]" LOG_END, test_stc_convert_error_type_to_string(ret)); } - if (d_ip_type > STC_FIREWALL_IP_NONE && - d_ip_type <= STC_FIREWALL_IP_RANGE) { - ret = stc_firewall_rule_set_dst_ip_type(g_fw_rule_h, d_ip_type); + if (family <= STC_FIREWALL_FAMILY_V6) { + ret = stc_firewall_rule_set_family_type(g_fw_rule_h, family); if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set destination IP type of rule" LOG_END); + msg(LOG_GREEN "Success to set family type of rule" LOG_END); else - msg("Fail to set destination IP type of rule " LOG_RED "[%s]" LOG_END, + msg("Fail to set family type of rule " LOG_RED "[%s]" LOG_END, test_stc_convert_error_type_to_string(ret)); } - if (s_port_type > STC_FIREWALL_PORT_NONE && - s_port_type <= STC_FIREWALL_PORT_RANGE) { - ret = stc_firewall_rule_set_src_port_type(g_fw_rule_h, s_port_type); + if (s_ip_type <= STC_FIREWALL_IP_RANGE) { + ret = stc_firewall_rule_set_src_ip_type(g_fw_rule_h, s_ip_type); if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set source port type of rule" LOG_END); + msg(LOG_GREEN "Success to set source IP type of rule" LOG_END); else - msg("Fail to set source port type of rule " LOG_RED "[%s]" LOG_END, + msg("Fail to set source IP type of rule " LOG_RED "[%s]" LOG_END, test_stc_convert_error_type_to_string(ret)); - } - if (d_port_type > STC_FIREWALL_PORT_NONE && - d_port_type <= STC_FIREWALL_PORT_RANGE) { - ret = stc_firewall_rule_set_dst_port_type(g_fw_rule_h, d_port_type); + ret = stc_firewall_rule_set_src_ip(g_fw_rule_h, g_rule_s_ip1, g_rule_s_ip2); if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set destination port type of rule" LOG_END); + msg(LOG_GREEN "Success to set source IP of rule" LOG_END); else - msg("Fail to set destination port type of rule " LOG_RED "[%s]" LOG_END, + msg("Fail to set source IP of rule " LOG_RED "[%s]" LOG_END, test_stc_convert_error_type_to_string(ret)); } - if (protocol > STC_FIREWALL_PROTOCOL_NONE && - protocol <= STC_FIREWALL_PROTOCOL_ALL) { - ret = stc_firewall_rule_set_protocol_type(g_fw_rule_h, protocol); + if (d_ip_type <= STC_FIREWALL_IP_RANGE) { + ret = stc_firewall_rule_set_dst_ip_type(g_fw_rule_h, d_ip_type); if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set protocol type of rule" LOG_END); + msg(LOG_GREEN "Success to set destination IP type of rule" LOG_END); else - msg("Fail to set protocol type of rule " LOG_RED "[%s]" LOG_END, + msg("Fail to set destination IP type of rule " LOG_RED "[%s]" LOG_END, test_stc_convert_error_type_to_string(ret)); - } - if (family > STC_FIREWALL_FAMILY_NONE && - family <= STC_FIREWALL_FAMILY_V6) { - ret = stc_firewall_rule_set_family_type(g_fw_rule_h, family); + ret = stc_firewall_rule_set_dst_ip(g_fw_rule_h, g_rule_d_ip1, g_rule_d_ip2); if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set family type of rule" LOG_END); + msg(LOG_GREEN "Success to set destination IP of rule" LOG_END); else - msg("Fail to set family type of rule " LOG_RED "[%s]" LOG_END, + msg("Fail to set destination IP of rule " LOG_RED "[%s]" LOG_END, test_stc_convert_error_type_to_string(ret)); } - ret = stc_firewall_rule_set_src_ip(g_fw_rule_h, g_rule_s_ip1, g_rule_s_ip2); - if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set source IP of rule" LOG_END); - else - msg("Fail to set source IP of rule " LOG_RED "[%s]" LOG_END, - test_stc_convert_error_type_to_string(ret)); - - ret = stc_firewall_rule_set_dst_ip(g_fw_rule_h, g_rule_d_ip1, g_rule_d_ip2); - if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set destination IP of rule" LOG_END); - else - msg("Fail to set destination IP of rule " LOG_RED "[%s]" LOG_END, - test_stc_convert_error_type_to_string(ret)); - - ret = stc_firewall_rule_set_src_port(g_fw_rule_h, s_port1, s_port2); - if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set source port of rule" LOG_END); - else - msg("Fail to set source port of rule " LOG_RED "[%s]" LOG_END, - test_stc_convert_error_type_to_string(ret)); + if (protocol <= STC_FIREWALL_PROTOCOL_ALL) { + ret = stc_firewall_rule_set_protocol_type(g_fw_rule_h, protocol); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set protocol type of rule" LOG_END); + else + msg("Fail to set protocol type of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); - ret = stc_firewall_rule_set_dst_port(g_fw_rule_h, d_port1, d_port2); - if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set destination port of rule" LOG_END); - else - msg("Fail to set destination port of rule " LOG_RED "[%s]" LOG_END, - test_stc_convert_error_type_to_string(ret)); + if (s_port_type <= STC_FIREWALL_PORT_RANGE) { + ret = stc_firewall_rule_set_src_port_type(g_fw_rule_h, s_port_type); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set source port type of rule" LOG_END); + else + msg("Fail to set source port type of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); + + ret = stc_firewall_rule_set_src_port(g_fw_rule_h, s_port1, s_port2); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set source port of rule" LOG_END); + else + msg("Fail to set source port of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); + } - ret = stc_firewall_rule_set_ifname(g_fw_rule_h, g_rule_ifname); - if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set interface name of rule" LOG_END); - else - msg("Fail to set interface name of rule " LOG_RED "[%s]" LOG_END, - test_stc_convert_error_type_to_string(ret)); + if (d_port_type <= STC_FIREWALL_PORT_RANGE) { + ret = stc_firewall_rule_set_dst_port_type(g_fw_rule_h, d_port_type); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set destination port type of rule" LOG_END); + else + msg("Fail to set destination port type of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); + + ret = stc_firewall_rule_set_dst_port(g_fw_rule_h, d_port1, d_port2); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set destination port of rule" LOG_END); + else + msg("Fail to set destination port of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); + } + } - if (target > STC_FIREWALL_RULE_TARGET_NONE && - target < STC_FIREWALL_RULE_TARGET_MAX) { + if (target < STC_FIREWALL_RULE_TARGET_MAX) { ret = stc_firewall_rule_set_target(g_fw_rule_h, target); if (ret == STC_ERROR_NONE) msg(LOG_GREEN "Success to set target of rule" LOG_END); else msg("Fail to set target of rule " LOG_RED "[%s]" LOG_END, test_stc_convert_error_type_to_string(ret)); - } - - ret = stc_firewall_rule_set_log_level(g_fw_rule_h, log_level); - if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set log level of rule" LOG_END); - else - msg("Fail to set log level of rule " LOG_RED "[%s]" LOG_END, - test_stc_convert_error_type_to_string(ret)); - - ret = stc_firewall_rule_set_log_prefix(g_fw_rule_h, g_rule_log_prefix); - if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set log prefix of rule" LOG_END); - else - msg("Fail to set log prefix of rule " LOG_RED "[%s]" LOG_END, - test_stc_convert_error_type_to_string(ret)); - ret = stc_firewall_rule_set_nflog_group(g_fw_rule_h, nflog_group); - if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set nflog group of rule" LOG_END); - else - msg("Fail to set nflog group of rule " LOG_RED "[%s]" LOG_END, - test_stc_convert_error_type_to_string(ret)); - - ret = stc_firewall_rule_set_nflog_prefix(g_fw_rule_h, g_rule_nflog_prefix); - if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set nflog prefix of rule" LOG_END); - else - msg("Fail to set nflog prefix of rule " LOG_RED "[%s]" LOG_END, - test_stc_convert_error_type_to_string(ret)); - - ret = stc_firewall_rule_set_nflog_range(g_fw_rule_h, nflog_range); - if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set nflog range of rule" LOG_END); - else - msg("Fail to set nflog range of rule " LOG_RED "[%s]" LOG_END, - test_stc_convert_error_type_to_string(ret)); - - ret = stc_firewall_rule_set_nflog_threshold(g_fw_rule_h, nflog_threshold); - if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set nflog threshold of rule" LOG_END); - else - msg("Fail to set nflog threshold of rule " LOG_RED "[%s]" LOG_END, - test_stc_convert_error_type_to_string(ret)); + if (target == STC_FIREWALL_RULE_TARGET_LOG) { + ret = stc_firewall_rule_set_log_level(g_fw_rule_h, log_level); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set log level of rule" LOG_END); + else + msg("Fail to set log level of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); + + ret = stc_firewall_rule_set_log_prefix(g_fw_rule_h, g_rule_log_prefix); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set log prefix of rule" LOG_END); + else + msg("Fail to set log prefix of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); + } else if (target == STC_FIREWALL_RULE_TARGET_NFLOG) { + ret = stc_firewall_rule_set_nflog_group(g_fw_rule_h, nflog_group); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set nflog group of rule" LOG_END); + else + msg("Fail to set nflog group of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); + + ret = stc_firewall_rule_set_nflog_prefix(g_fw_rule_h, g_rule_nflog_prefix); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set nflog prefix of rule" LOG_END); + else + msg("Fail to set nflog prefix of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); + + ret = stc_firewall_rule_set_nflog_range(g_fw_rule_h, nflog_range); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set nflog range of rule" LOG_END); + else + msg("Fail to set nflog range of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); + + ret = stc_firewall_rule_set_nflog_threshold(g_fw_rule_h, nflog_threshold); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set nflog threshold of rule" LOG_END); + else + msg("Fail to set nflog threshold of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); + } + } msg(HR_SINGLE); @@ -518,162 +528,156 @@ static int __test_stc_fw_update_rule_info(stc_firewall_rule_h rule_h) (unsigned int)strtol(g_rule_nflog_threshold, NULL, 10); int ret = STC_ERROR_NONE; - if (direction > STC_FIREWALL_DIRECTION_NONE && - direction <= STC_FIREWALL_DIRECTION_OUT) { + if (direction <= STC_FIREWALL_DIRECTION_OUT) { ret = stc_firewall_rule_set_direction(rule_h, direction); if (ret == STC_ERROR_NONE) msg(LOG_GREEN "Success to set direction of rule" LOG_END); else msg("Fail to set direction of rule " LOG_RED "[%s]" LOG_END, test_stc_convert_error_type_to_string(ret)); - } - if (s_ip_type > STC_FIREWALL_IP_NONE && - s_ip_type <= STC_FIREWALL_IP_RANGE) { - ret = stc_firewall_rule_set_src_ip_type(rule_h, s_ip_type); + ret = stc_firewall_rule_set_ifname(rule_h, g_rule_ifname); if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set source IP type of rule" LOG_END); + msg(LOG_GREEN "Success to set interface name of rule" LOG_END); else - msg("Fail to set source IP type of rule " LOG_RED "[%s]" LOG_END, + msg("Fail to set interface name of rule " LOG_RED "[%s]" LOG_END, test_stc_convert_error_type_to_string(ret)); } - if (d_ip_type > STC_FIREWALL_IP_NONE && - d_ip_type <= STC_FIREWALL_IP_RANGE) { - ret = stc_firewall_rule_set_dst_ip_type(rule_h, d_ip_type); + if (family <= STC_FIREWALL_FAMILY_V6) { + ret = stc_firewall_rule_set_family_type(rule_h, family); if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set destination IP type of rule" LOG_END); + msg(LOG_GREEN "Success to set family type of rule" LOG_END); else - msg("Fail to set destination IP type of rule " LOG_RED "[%s]" LOG_END, + msg("Fail to set family type of rule " LOG_RED "[%s]" LOG_END, test_stc_convert_error_type_to_string(ret)); } - if (s_port_type > STC_FIREWALL_PORT_NONE && - s_port_type <= STC_FIREWALL_PORT_RANGE) { - ret = stc_firewall_rule_set_src_port_type(rule_h, s_port_type); + if (s_ip_type <= STC_FIREWALL_IP_RANGE) { + ret = stc_firewall_rule_set_src_ip_type(rule_h, s_ip_type); if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set source port type of rule" LOG_END); + msg(LOG_GREEN "Success to set source IP type of rule" LOG_END); else - msg("Fail to set source port type of rule " LOG_RED "[%s]" LOG_END, + msg("Fail to set source IP type of rule " LOG_RED "[%s]" LOG_END, test_stc_convert_error_type_to_string(ret)); - } - if (d_port_type > STC_FIREWALL_PORT_NONE && - d_port_type <= STC_FIREWALL_PORT_RANGE) { - ret = stc_firewall_rule_set_dst_port_type(rule_h, d_port_type); + ret = stc_firewall_rule_set_src_ip(rule_h, g_rule_s_ip1, g_rule_s_ip2); if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set destination port type of rule" LOG_END); + msg(LOG_GREEN "Success to set source IP of rule" LOG_END); else - msg("Fail to set destination port type of rule " LOG_RED "[%s]" LOG_END, + msg("Fail to set source IP of rule " LOG_RED "[%s]" LOG_END, test_stc_convert_error_type_to_string(ret)); } - if (protocol > STC_FIREWALL_PROTOCOL_NONE && - protocol <= STC_FIREWALL_PROTOCOL_ALL) { - ret = stc_firewall_rule_set_protocol_type(rule_h, protocol); + if (d_ip_type <= STC_FIREWALL_IP_RANGE) { + ret = stc_firewall_rule_set_dst_ip_type(rule_h, d_ip_type); if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set protocol type of rule" LOG_END); + msg(LOG_GREEN "Success to set destination IP type of rule" LOG_END); else - msg("Fail to set protocol type of rule " LOG_RED "[%s]" LOG_END, + msg("Fail to set destination IP type of rule " LOG_RED "[%s]" LOG_END, test_stc_convert_error_type_to_string(ret)); - } - if (family > STC_FIREWALL_FAMILY_NONE && - family <= STC_FIREWALL_FAMILY_V6) { - ret = stc_firewall_rule_set_family_type(rule_h, family); + ret = stc_firewall_rule_set_dst_ip(rule_h, g_rule_d_ip1, g_rule_d_ip2); if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set family type of rule" LOG_END); + msg(LOG_GREEN "Success to set destination IP of rule" LOG_END); else - msg("Fail to set family type of rule " LOG_RED "[%s]" LOG_END, + msg("Fail to set destination IP of rule " LOG_RED "[%s]" LOG_END, test_stc_convert_error_type_to_string(ret)); } - ret = stc_firewall_rule_set_src_ip(rule_h, g_rule_s_ip1, g_rule_s_ip2); - if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set source IP of rule" LOG_END); - else - msg("Fail to set source IP of rule " LOG_RED "[%s]" LOG_END, - test_stc_convert_error_type_to_string(ret)); - - ret = stc_firewall_rule_set_dst_ip(rule_h, g_rule_d_ip1, g_rule_d_ip2); - if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set destination IP of rule" LOG_END); - else - msg("Fail to set destination IP of rule " LOG_RED "[%s]" LOG_END, - test_stc_convert_error_type_to_string(ret)); - - ret = stc_firewall_rule_set_src_port(rule_h, s_port1, s_port2); - if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set source port of rule" LOG_END); - else - msg("Fail to set source port of rule " LOG_RED "[%s]" LOG_END, - test_stc_convert_error_type_to_string(ret)); + if (protocol <= STC_FIREWALL_PROTOCOL_ALL) { + ret = stc_firewall_rule_set_protocol_type(rule_h, protocol); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set protocol type of rule" LOG_END); + else + msg("Fail to set protocol type of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); - ret = stc_firewall_rule_set_dst_port(rule_h, d_port1, d_port2); - if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set destination port of rule" LOG_END); - else - msg("Fail to set destination port of rule " LOG_RED "[%s]" LOG_END, - test_stc_convert_error_type_to_string(ret)); + if (s_port_type <= STC_FIREWALL_PORT_RANGE) { + ret = stc_firewall_rule_set_src_port_type(rule_h, s_port_type); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set source port type of rule" LOG_END); + else + msg("Fail to set source port type of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); + + ret = stc_firewall_rule_set_src_port(rule_h, s_port1, s_port2); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set source port of rule" LOG_END); + else + msg("Fail to set source port of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); + } - ret = stc_firewall_rule_set_ifname(rule_h, g_rule_ifname); - if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set interface name of rule" LOG_END); - else - msg("Fail to set interface name of rule " LOG_RED "[%s]" LOG_END, - test_stc_convert_error_type_to_string(ret)); + if (d_port_type <= STC_FIREWALL_PORT_RANGE) { + ret = stc_firewall_rule_set_dst_port_type(rule_h, d_port_type); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set destination port type of rule" LOG_END); + else + msg("Fail to set destination port type of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); + + ret = stc_firewall_rule_set_dst_port(rule_h, d_port1, d_port2); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set destination port of rule" LOG_END); + else + msg("Fail to set destination port of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); + } + } - if (target > STC_FIREWALL_RULE_TARGET_NONE && - target < STC_FIREWALL_RULE_TARGET_MAX) { + if (target < STC_FIREWALL_RULE_TARGET_MAX) { ret = stc_firewall_rule_set_target(rule_h, target); if (ret == STC_ERROR_NONE) msg(LOG_GREEN "Success to set target of rule" LOG_END); else msg("Fail to set target of rule " LOG_RED "[%s]" LOG_END, test_stc_convert_error_type_to_string(ret)); - } - - ret = stc_firewall_rule_set_log_level(rule_h, log_level); - if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set log level of rule" LOG_END); - else - msg("Fail to set log level of rule " LOG_RED "[%s]" LOG_END, - test_stc_convert_error_type_to_string(ret)); - ret = stc_firewall_rule_set_log_prefix(rule_h, g_rule_log_prefix); - if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set log prefix of rule" LOG_END); - else - msg("Fail to set log prefix of rule " LOG_RED "[%s]" LOG_END, - test_stc_convert_error_type_to_string(ret)); - - ret = stc_firewall_rule_set_nflog_group(rule_h, nflog_group); - if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set nflog group of rule" LOG_END); - else - msg("Fail to set nflog group of rule " LOG_RED "[%s]" LOG_END, - test_stc_convert_error_type_to_string(ret)); - - ret = stc_firewall_rule_set_nflog_prefix(rule_h, g_rule_nflog_prefix); - if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set nflog prefix of rule" LOG_END); - else - msg("Fail to set nflog prefix of rule " LOG_RED "[%s]" LOG_END, - test_stc_convert_error_type_to_string(ret)); - - ret = stc_firewall_rule_set_nflog_range(rule_h, nflog_range); - if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set nflog range of rule" LOG_END); - else - msg("Fail to set nflog range of rule " LOG_RED "[%s]" LOG_END, - test_stc_convert_error_type_to_string(ret)); - - ret = stc_firewall_rule_set_nflog_threshold(rule_h, nflog_threshold); - if (ret == STC_ERROR_NONE) - msg(LOG_GREEN "Success to set nflog threshold of rule" LOG_END); - else - msg("Fail to set nflog threshold of rule " LOG_RED "[%s]" LOG_END, - test_stc_convert_error_type_to_string(ret)); + if (target == STC_FIREWALL_RULE_TARGET_LOG) { + ret = stc_firewall_rule_set_log_level(rule_h, log_level); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set log level of rule" LOG_END); + else + msg("Fail to set log level of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); + + ret = stc_firewall_rule_set_log_prefix(rule_h, g_rule_log_prefix); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set log prefix of rule" LOG_END); + else + msg("Fail to set log prefix of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); + } else if (target == STC_FIREWALL_RULE_TARGET_NFLOG) { + ret = stc_firewall_rule_set_nflog_group(rule_h, nflog_group); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set nflog group of rule" LOG_END); + else + msg("Fail to set nflog group of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); + + ret = stc_firewall_rule_set_nflog_prefix(rule_h, g_rule_nflog_prefix); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set nflog prefix of rule" LOG_END); + else + msg("Fail to set nflog prefix of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); + + ret = stc_firewall_rule_set_nflog_range(rule_h, nflog_range); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set nflog range of rule" LOG_END); + else + msg("Fail to set nflog range of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); + + ret = stc_firewall_rule_set_nflog_threshold(rule_h, nflog_threshold); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set nflog threshold of rule" LOG_END); + else + msg("Fail to set nflog threshold of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); + } + } msg(HR_SINGLE);