From: hyunuktak Date: Wed, 18 Jul 2018 05:30:57 +0000 (+0900) Subject: Added new CAPIs for log and nflog X-Git-Tag: submit/tizen/20180724.092802~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d7f3a3e07c02f92c38eefe0886fc0218015d2c82;p=platform%2Fcore%2Fapi%2Fsmart-traffic-control.git Added new CAPIs for log and nflog Change-Id: I1505fe5aaf60220fa24bc63338fd34c4adfda5db Signed-off-by: hyunuktak --- diff --git a/include/stc_internal.h b/include/stc_internal.h index 9d688bc..8225ed1 100755 --- a/include/stc_internal.h +++ b/include/stc_internal.h @@ -186,7 +186,8 @@ typedef enum { typedef enum { STC_FIREWALL_CHAIN_TARGET_NONE, STC_FIREWALL_CHAIN_TARGET_INPUT, - STC_FIREWALL_CHAIN_TARGET_OUTPUT + STC_FIREWALL_CHAIN_TARGET_OUTPUT, + STC_FIREWALL_CHAIN_TARGET_MAX } stc_firewall_chain_target_e; /** @@ -198,6 +199,8 @@ typedef enum { STC_FIREWALL_RULE_TARGET_ACCEPT, STC_FIREWALL_RULE_TARGET_DROP, STC_FIREWALL_RULE_TARGET_LOG, + STC_FIREWALL_RULE_TARGET_NFLOG, + STC_FIREWALL_RULE_TARGET_MAX, } stc_firewall_rule_target_e; /** @@ -2426,6 +2429,156 @@ int stc_firewall_rule_set_ifname(stc_firewall_rule_h rule_h, char *ifname); int stc_firewall_rule_set_target(stc_firewall_rule_h rule_h, stc_firewall_rule_target_e target); +/** + * @brief Sets log level to rule. + * @since_tizen 5.0 + * + * @param[in] rule The firewall rule handle + * @param[in] level The level + * + * @return 0 on success, otherwise a negative error value + * @retval #STC_ERROR_NONE Successful + * @retval #STC_ERROR_OPERATION_FAILED General error + * @retval #STC_ERROR_OUT_OF_MEMORY Out of memory + * @retval #STC_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #STC_ERROR_INVALID_OPERATION Invalid operation + * @retval #STC_ERROR_NOT_INITIALIZED Not initialized + * @retval #STC_ERROR_NOT_SUPPORTED Not supported + * @retval #STC_ERROR_PERMISSION_DENIED Permission denied + * + * @see #stc_firewall_rule_h + * @see stc_firewall_rule_create() + * @see stc_firewall_rule_destroy() + * @see stc_firewall_rule_get_log_level() + */ +int stc_firewall_rule_set_log_level(stc_firewall_rule_h rule_h, + unsigned char level); + +/** + * @brief Sets log prefix to rule. + * @since_tizen 5.0 + * + * @param[in] rule The firewall rule handle + * @param[in] prefix The prefix + * + * @return 0 on success, otherwise a negative error value + * @retval #STC_ERROR_NONE Successful + * @retval #STC_ERROR_OPERATION_FAILED General error + * @retval #STC_ERROR_OUT_OF_MEMORY Out of memory + * @retval #STC_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #STC_ERROR_INVALID_OPERATION Invalid operation + * @retval #STC_ERROR_NOT_INITIALIZED Not initialized + * @retval #STC_ERROR_NOT_SUPPORTED Not supported + * @retval #STC_ERROR_PERMISSION_DENIED Permission denied + * + * @see #stc_firewall_rule_h + * @see stc_firewall_rule_create() + * @see stc_firewall_rule_destroy() + * @see stc_firewall_rule_get_log_prefix() + */ +int stc_firewall_rule_set_log_prefix(stc_firewall_rule_h rule_h, + char *prefix); + +/** + * @brief Sets nflog group to rule. + * @since_tizen 5.0 + * + * @param[in] rule The firewall rule handle + * @param[in] group The group + * + * @return 0 on success, otherwise a negative error value + * @retval #STC_ERROR_NONE Successful + * @retval #STC_ERROR_OPERATION_FAILED General error + * @retval #STC_ERROR_OUT_OF_MEMORY Out of memory + * @retval #STC_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #STC_ERROR_INVALID_OPERATION Invalid operation + * @retval #STC_ERROR_NOT_INITIALIZED Not initialized + * @retval #STC_ERROR_NOT_SUPPORTED Not supported + * @retval #STC_ERROR_PERMISSION_DENIED Permission denied + * + * @see #stc_firewall_rule_h + * @see stc_firewall_rule_create() + * @see stc_firewall_rule_destroy() + * @see stc_firewall_rule_get_nflog_group() + */ +int stc_firewall_rule_set_nflog_group(stc_firewall_rule_h rule_h, + unsigned int group); + +/** + * @brief Sets nflog prefix to rule. + * @since_tizen 5.0 + * + * @param[in] rule The firewall rule handle + * @param[in] prefix The prefix + * + * @return 0 on success, otherwise a negative error value + * @retval #STC_ERROR_NONE Successful + * @retval #STC_ERROR_OPERATION_FAILED General error + * @retval #STC_ERROR_OUT_OF_MEMORY Out of memory + * @retval #STC_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #STC_ERROR_INVALID_OPERATION Invalid operation + * @retval #STC_ERROR_NOT_INITIALIZED Not initialized + * @retval #STC_ERROR_NOT_SUPPORTED Not supported + * @retval #STC_ERROR_PERMISSION_DENIED Permission denied + * + * @see #stc_firewall_rule_h + * @see stc_firewall_rule_create() + * @see stc_firewall_rule_destroy() + * @see stc_firewall_rule_get_nflog_prefix() + */ +int stc_firewall_rule_set_nflog_prefix(stc_firewall_rule_h rule_h, + char *prefix); + +/** + * @brief Sets nflog range to rule. + * @since_tizen 5.0 + * + * @param[in] rule The firewall rule handle + * @param[in] range The range + * + * @return 0 on success, otherwise a negative error value + * @retval #STC_ERROR_NONE Successful + * @retval #STC_ERROR_OPERATION_FAILED General error + * @retval #STC_ERROR_OUT_OF_MEMORY Out of memory + * @retval #STC_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #STC_ERROR_INVALID_OPERATION Invalid operation + * @retval #STC_ERROR_NOT_INITIALIZED Not initialized + * @retval #STC_ERROR_NOT_SUPPORTED Not supported + * @retval #STC_ERROR_PERMISSION_DENIED Permission denied + * + * @see #stc_firewall_rule_h + * @see stc_firewall_rule_create() + * @see stc_firewall_rule_destroy() + * @see stc_firewall_rule_get_nflog_range() + */ +int stc_firewall_rule_set_nflog_range(stc_firewall_rule_h rule_h, + unsigned int range); + +/** + * @brief Sets nflog threshold to rule. + * @since_tizen 5.0 + * + * @param[in] rule The firewall rule handle + * @param[in] threshold The threshold + * + * @return 0 on success, otherwise a negative error value + * @retval #STC_ERROR_NONE Successful + * @retval #STC_ERROR_OPERATION_FAILED General error + * @retval #STC_ERROR_OUT_OF_MEMORY Out of memory + * @retval #STC_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #STC_ERROR_INVALID_OPERATION Invalid operation + * @retval #STC_ERROR_NOT_INITIALIZED Not initialized + * @retval #STC_ERROR_NOT_SUPPORTED Not supported + * @retval #STC_ERROR_PERMISSION_DENIED Permission denied + * + * @see #stc_firewall_rule_h + * @see stc_firewall_rule_create() + * @see stc_firewall_rule_destroy() + * @see stc_firewall_rule_get_nflog_threshold() + */ +int stc_firewall_rule_set_nflog_threshold(stc_firewall_rule_h rule_h, + unsigned int threshold); + /** * @brief Gets the chain name from rule. * @since_tizen 5.0 @@ -2782,6 +2935,68 @@ int stc_firewall_rule_get_ifname(stc_firewall_rule_h rule_h, char **ifname); int stc_firewall_rule_get_target(stc_firewall_rule_h rule_h, stc_firewall_rule_target_e *target); +/** + * @brief Gets log level from rule. + * @since_tizen 5.0 + * + * @param[in] rule The firewall rule handle + * @param[out] level The level + * + * @return 0 on success, otherwise a negative error value + * @retval #STC_ERROR_NONE Successful + * @retval #STC_ERROR_OPERATION_FAILED General error + * @retval #STC_ERROR_OUT_OF_MEMORY Out of memory + * @retval #STC_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #STC_ERROR_INVALID_OPERATION Invalid operation + * @retval #STC_ERROR_NOT_INITIALIZED Not initialized + * @retval #STC_ERROR_NOT_SUPPORTED Not supported + * @retval #STC_ERROR_PERMISSION_DENIED Permission denied + * + * @see #stc_firewall_rule_h + * @see stc_firewall_rule_create() + * @see stc_firewall_rule_destroy() + * @see stc_firewall_rule_set_log_level() + */ +int stc_firewall_rule_get_log_level(stc_firewall_rule_h rule_h, + unsigned char *level); + +int stc_firewall_rule_get_log_prefix(stc_firewall_rule_h rule_h, + char **prefix); + +/** + * @brief Gets nflog group from rule. + * @since_tizen 5.0 + * + * @param[in] rule The firewall rule handle + * @param[out] group The group + * + * @return 0 on success, otherwise a negative error value + * @retval #STC_ERROR_NONE Successful + * @retval #STC_ERROR_OPERATION_FAILED General error + * @retval #STC_ERROR_OUT_OF_MEMORY Out of memory + * @retval #STC_ERROR_INVALID_PARAMETER Invalid parameter + * @retval #STC_ERROR_INVALID_OPERATION Invalid operation + * @retval #STC_ERROR_NOT_INITIALIZED Not initialized + * @retval #STC_ERROR_NOT_SUPPORTED Not supported + * @retval #STC_ERROR_PERMISSION_DENIED Permission denied + * + * @see #stc_firewall_rule_h + * @see stc_firewall_rule_create() + * @see stc_firewall_rule_destroy() + * @see stc_firewall_rule_set_nflog_group() + */ +int stc_firewall_rule_get_nflog_group(stc_firewall_rule_h rule_h, + unsigned int *group); + +int stc_firewall_rule_get_nflog_prefix(stc_firewall_rule_h rule_h, + char **prefix); + +int stc_firewall_rule_get_nflog_range(stc_firewall_rule_h rule_h, + unsigned int *range); + +int stc_firewall_rule_get_nflog_threshold(stc_firewall_rule_h rule_h, + unsigned int *threshold); + /** * @brief Adds the rule. * @since_tizen 5.0 diff --git a/packaging/capi-network-stc.spec b/packaging/capi-network-stc.spec index dac4323..2d86252 100755 --- a/packaging/capi-network-stc.spec +++ b/packaging/capi-network-stc.spec @@ -1,6 +1,6 @@ Name: capi-network-stc Summary: A Smart Traffic Control (STC) libraries in Native API -Version: 0.0.31 +Version: 0.0.32 Release: 1 Group: Network & Connectivity/API License: Apache-2.0 diff --git a/src/include/stc-firewall.h b/src/include/stc-firewall.h index 631b35c..767bf82 100755 --- a/src/include/stc-firewall.h +++ b/src/include/stc-firewall.h @@ -95,6 +95,12 @@ extern "C" { #define STC_FW_RULE_DPORT2 "d_port2" #define STC_FW_RULE_IFNAME "ifname" #define STC_FW_RULE_TARGET "target" +#define STC_FW_RULE_LOG_LEVEL "log_level" +#define STC_FW_RULE_LOG_PREFIX "log_prefix" +#define STC_FW_RULE_NFLOG_GROUP "nflog_group" +#define STC_FW_RULE_NFLOG_PREFIX "nflog_prefix" +#define STC_FW_RULE_NFLOG_RANGE "nflog_range" +#define STC_FW_RULE_NFLOG_THRESHOLD "nflog_threshold" #define STC_FW_RULE_IDENTIFIER "identifier" #define STC_FW_RULE_KEY "key" @@ -108,6 +114,7 @@ typedef struct { typedef struct { char *chain; stc_firewall_direction_e direction; + char *ifname; stc_firewall_ip_type_e s_ip_type; stc_firewall_ip_type_e d_ip_type; stc_firewall_port_type_e s_port_type; @@ -122,8 +129,13 @@ typedef struct { guint s_port2; guint d_port1; guint d_port2; - char *ifname; stc_firewall_rule_target_e target; + guchar log_level; + char *log_prefix; + guint nflog_group; + char *nflog_prefix; + guint nflog_range; + guint nflog_threshold; char *identifier; guint key; } stc_fw_rule_s; diff --git a/src/internal/stc-private.c b/src/internal/stc-private.c index cba8717..4b4a880 100755 --- a/src/internal/stc-private.c +++ b/src/internal/stc-private.c @@ -360,6 +360,8 @@ const char *_stc_convert_fw_rule_target_to_string( return "DROP"; case STC_FIREWALL_RULE_TARGET_LOG: return "LOG"; + case STC_FIREWALL_RULE_TARGET_NFLOG: + return "NFLOG"; default: return "Unknown"; } diff --git a/src/stc-firewall.c b/src/stc-firewall.c index a548fc6..9a8d51c 100755 --- a/src/stc-firewall.c +++ b/src/stc-firewall.c @@ -113,6 +113,7 @@ static void __stc_fw_clone_rule(void *a, void *b) stc_fw_rule_s *origin = (stc_fw_rule_s *)a; stc_fw_rule_s *cloned = (stc_fw_rule_s *)b; + FREE(cloned->chain); cloned->chain = g_strdup(origin->chain); cloned->direction = origin->direction; cloned->s_ip_type = origin->s_ip_type; @@ -121,6 +122,10 @@ static void __stc_fw_clone_rule(void *a, void *b) cloned->d_port_type = origin->d_port_type; cloned->protocol = origin->protocol; cloned->family = origin->family; + FREE(cloned->s_ip1); + FREE(cloned->s_ip2); + FREE(cloned->d_ip1); + FREE(cloned->d_ip2); cloned->s_ip1 = g_strdup(origin->s_ip1); cloned->s_ip2 = g_strdup(origin->s_ip2); cloned->d_ip1 = g_strdup(origin->d_ip1); @@ -129,8 +134,18 @@ static void __stc_fw_clone_rule(void *a, void *b) cloned->s_port2 = origin->s_port2; cloned->d_port1 = origin->d_port1; cloned->d_port2 = origin->d_port2; + FREE(cloned->ifname); cloned->ifname = g_strdup(origin->ifname); cloned->target = origin->target; + cloned->log_level = origin->log_level; + FREE(cloned->log_prefix); + cloned->log_prefix = g_strdup(origin->log_prefix); + cloned->nflog_group = origin->nflog_group; + FREE(cloned->nflog_prefix); + cloned->nflog_prefix = g_strdup(origin->nflog_prefix); + cloned->nflog_range = origin->nflog_range; + cloned->nflog_threshold = origin->nflog_threshold; + FREE(cloned->identifier); cloned->identifier = g_strdup(origin->identifier); cloned->key = origin->key; } @@ -145,6 +160,8 @@ static void __stc_fw_deinit_rule(void *data) FREE(rule->d_ip1); FREE(rule->d_ip2); FREE(rule->ifname); + FREE(rule->log_prefix); + FREE(rule->nflog_prefix); FREE(rule->identifier); FREE(rule); rule = NULL; @@ -305,6 +322,36 @@ static void __stc_fw_make_rule_params( STC_FW_RULE_TARGET, g_variant_new_uint16(rule->target)); + if (rule->log_level) + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_LOG_LEVEL, + g_variant_new_uint16(rule->log_level)); + + if (rule->log_prefix) + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_LOG_PREFIX, + g_variant_new_string(rule->log_prefix)); + + if (rule->nflog_group) + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_NFLOG_GROUP, + g_variant_new_uint16(rule->nflog_group)); + + if (rule->nflog_prefix) + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_NFLOG_PREFIX, + g_variant_new_string(rule->nflog_prefix)); + + if (rule->nflog_range) + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_NFLOG_RANGE, + g_variant_new_uint16(rule->nflog_range)); + + if (rule->nflog_threshold) + g_variant_builder_add(builder, "{sv}", + STC_FW_RULE_NFLOG_THRESHOLD, + g_variant_new_uint16(rule->nflog_threshold)); + if (rule->identifier) g_variant_builder_add(builder, "{sv}", STC_FW_RULE_IDENTIFIER, @@ -416,6 +463,28 @@ static void __stc_fw_extract_rule(const char *key, } else if (!g_strcmp0(key, STC_FW_RULE_TARGET)) { rule->target = g_variant_get_uint16(value); + } else if (!g_strcmp0(key, STC_FW_RULE_LOG_LEVEL)) { + rule->log_level = g_variant_get_uint16(value); + + } else if (!g_strcmp0(key, STC_FW_RULE_LOG_PREFIX)) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + rule->log_prefix = g_strdup(str); + + } else if (!g_strcmp0(key, STC_FW_RULE_NFLOG_GROUP)) { + rule->nflog_group = g_variant_get_uint16(value); + + } else if (!g_strcmp0(key, STC_FW_RULE_NFLOG_PREFIX)) { + guint str_length; + const gchar *str = g_variant_get_string(value, &str_length); + rule->nflog_prefix = g_strdup(str); + + } else if (!g_strcmp0(key, STC_FW_RULE_NFLOG_RANGE)) { + rule->nflog_range = g_variant_get_uint16(value); + + } else if (!g_strcmp0(key, STC_FW_RULE_NFLOG_THRESHOLD)) { + rule->nflog_threshold = g_variant_get_uint16(value); + } else if (!g_strcmp0(key, STC_FW_RULE_IDENTIFIER)) { guint str_length; const gchar *str = g_variant_get_string(value, &str_length); @@ -435,9 +504,9 @@ static void __stc_fw_print_chain(stc_fw_chain_s *chain) STC_LOGD(STC_HR_SINGLE); - STC_LOGD("Chain: [%s]", (chain->chain) ? chain->chain : ""); - STC_LOGD("Target: [%s]", _stc_convert_fw_chain_target_to_string(chain->target)); - STC_LOGD("Priority: [%u]", chain->priority); + STC_LOGD("[%s][%s][%u]", (chain->chain) ? chain->chain : "", + _stc_convert_fw_chain_target_to_string(chain->target), + chain->priority); STC_LOGD(STC_HR_SINGLE); } @@ -449,8 +518,7 @@ static void __stc_fw_print_rule(stc_fw_rule_s *rule) STC_LOGD(STC_HR_SINGLE); - STC_LOGD("[%s][%s][%s][%s][%s][%s][%s][%s]" - "[%s][%s][%s][%s][%d][%d][%s][%d][%d][%s]", + STC_LOGD("[%s][%s][%s][%s][%s][%s][%s][%s][%s][%s]", (rule->chain) ? rule->chain : "", _stc_convert_fw_direction_to_string(rule->direction), (rule->ifname) ? rule->ifname : "", @@ -460,7 +528,9 @@ static void __stc_fw_print_rule(stc_fw_rule_s *rule) (rule->s_ip2) ? rule->s_ip2 : "", _stc_convert_fw_ip_type_to_string(rule->d_ip_type), (rule->d_ip1) ? rule->d_ip1 : "", - (rule->d_ip2) ? rule->d_ip2 : "", + (rule->d_ip2) ? rule->d_ip2 : ""); + + STC_LOGD("[%s][%s][%d][%d][%s][%d][%d][%s][%d][%s][%d][%s][%d][%d]", _stc_convert_fw_protocol_type_to_string(rule->protocol), _stc_convert_fw_port_type_to_string(rule->s_port_type), rule->s_port1, @@ -468,8 +538,13 @@ static void __stc_fw_print_rule(stc_fw_rule_s *rule) _stc_convert_fw_port_type_to_string(rule->d_port_type), rule->d_port1, rule->d_port2, - _stc_convert_fw_rule_target_to_string(rule->target) - ); + _stc_convert_fw_rule_target_to_string(rule->target), + rule->log_level, + rule->log_prefix, + rule->nflog_group, + rule->nflog_prefix, + rule->nflog_range, + rule->nflog_threshold); STC_LOGD(STC_HR_SINGLE); } @@ -1650,6 +1725,122 @@ EXPORT_API int stc_firewall_rule_set_target(stc_firewall_rule_h rule_h, return STC_ERROR_NONE; } +EXPORT_API int stc_firewall_rule_set_log_level(stc_firewall_rule_h rule_h, + unsigned char level) +{ + CHECK_FEATURE_SUPPORTED(TIZEN_FEATURE_STC_FW); + + if (__stc_fw_check_rule_validity(rule_h) == false) { + STC_LOGE("Invalid parameter"); + return STC_ERROR_INVALID_PARAMETER; + } + + stc_fw_rule_s *fw_rule = (stc_fw_rule_s *)rule_h; + + fw_rule->log_level = level; + + STC_LOGI("Log level [%u]", fw_rule->log_level); + + return STC_ERROR_NONE; +} + +EXPORT_API int stc_firewall_rule_set_log_prefix(stc_firewall_rule_h rule_h, + char *prefix) +{ + CHECK_FEATURE_SUPPORTED(TIZEN_FEATURE_STC_FW); + + if (__stc_fw_check_rule_validity(rule_h) == false) { + STC_LOGE("Invalid parameter"); + return STC_ERROR_INVALID_PARAMETER; + } + + stc_fw_rule_s *fw_rule = (stc_fw_rule_s *)rule_h; + + FREE(fw_rule->log_prefix); + fw_rule->log_prefix = g_strdup(prefix); + + STC_LOGI("Log prefix [%s]", fw_rule->log_prefix); + + return STC_ERROR_NONE; +} + +EXPORT_API int stc_firewall_rule_set_nflog_group(stc_firewall_rule_h rule_h, + unsigned int group) +{ + CHECK_FEATURE_SUPPORTED(TIZEN_FEATURE_STC_FW); + + if (__stc_fw_check_rule_validity(rule_h) == false) { + STC_LOGE("Invalid parameter"); + return STC_ERROR_INVALID_PARAMETER; + } + + stc_fw_rule_s *fw_rule = (stc_fw_rule_s *)rule_h; + + fw_rule->nflog_group = group; + + STC_LOGI("Nflog group [%d]", fw_rule->nflog_group); + + return STC_ERROR_NONE; +} + +EXPORT_API int stc_firewall_rule_set_nflog_prefix(stc_firewall_rule_h rule_h, + char *prefix) +{ + CHECK_FEATURE_SUPPORTED(TIZEN_FEATURE_STC_FW); + + if (__stc_fw_check_rule_validity(rule_h) == false) { + STC_LOGE("Invalid parameter"); + return STC_ERROR_INVALID_PARAMETER; + } + + stc_fw_rule_s *fw_rule = (stc_fw_rule_s *)rule_h; + + FREE(fw_rule->nflog_prefix); + fw_rule->nflog_prefix = g_strdup(prefix); + + STC_LOGI("Nflog prefix [%s]", fw_rule->nflog_prefix); + + return STC_ERROR_NONE; +} + +EXPORT_API int stc_firewall_rule_set_nflog_range(stc_firewall_rule_h rule_h, + unsigned int range) +{ + CHECK_FEATURE_SUPPORTED(TIZEN_FEATURE_STC_FW); + + if (__stc_fw_check_rule_validity(rule_h) == false) { + STC_LOGE("Invalid parameter"); + return STC_ERROR_INVALID_PARAMETER; + } + + stc_fw_rule_s *fw_rule = (stc_fw_rule_s *)rule_h; + + fw_rule->nflog_range = range; + + STC_LOGI("Nflog range [%d]", fw_rule->nflog_range); + + return STC_ERROR_NONE; +} + +EXPORT_API int stc_firewall_rule_set_nflog_threshold(stc_firewall_rule_h rule_h, + unsigned int threshold) +{ + CHECK_FEATURE_SUPPORTED(TIZEN_FEATURE_STC_FW); + + if (__stc_fw_check_rule_validity(rule_h) == false) { + STC_LOGE("Invalid parameter"); + return STC_ERROR_INVALID_PARAMETER; + } + + stc_fw_rule_s *fw_rule = (stc_fw_rule_s *)rule_h; + + fw_rule->nflog_threshold = threshold; + + STC_LOGI("Nflog threshold [%d]", fw_rule->nflog_threshold); + + return STC_ERROR_NONE; +} + EXPORT_API int stc_firewall_rule_get_chain(stc_firewall_rule_h rule_h, char **chain) { CHECK_FEATURE_SUPPORTED(TIZEN_FEATURE_STC_FW); @@ -1988,6 +2179,150 @@ EXPORT_API int stc_firewall_rule_get_target(stc_firewall_rule_h rule_h, return STC_ERROR_NONE; } +EXPORT_API int stc_firewall_rule_get_log_level(stc_firewall_rule_h rule_h, + unsigned char *level) +{ + CHECK_FEATURE_SUPPORTED(TIZEN_FEATURE_STC_FW); + + if (__stc_fw_check_rule_validity(rule_h) == false) { + STC_LOGE("Invalid parameter"); + return STC_ERROR_INVALID_PARAMETER; + } + + if (!level) { + STC_LOGE("Invalid parameter"); + return STC_ERROR_INVALID_PARAMETER; + } + + stc_fw_rule_s *fw_rule = (stc_fw_rule_s *)rule_h; + + *level = fw_rule->log_level; + + STC_LOGI("Log level [%u]", *level); + + return STC_ERROR_NONE; +} + +EXPORT_API int stc_firewall_rule_get_log_prefix(stc_firewall_rule_h rule_h, + char **prefix) +{ + CHECK_FEATURE_SUPPORTED(TIZEN_FEATURE_STC_FW); + + if (__stc_fw_check_rule_validity(rule_h) == false) { + STC_LOGE("Invalid parameter"); + return STC_ERROR_INVALID_PARAMETER; + } + + if (!prefix) { + STC_LOGE("Invalid parameter"); + return STC_ERROR_INVALID_PARAMETER; + } + + stc_fw_rule_s *fw_rule = (stc_fw_rule_s *)rule_h; + + *prefix = g_strdup(fw_rule->log_prefix); + + STC_LOGI("Log prefix [%s]", *prefix); + + return STC_ERROR_NONE; +} + +EXPORT_API int stc_firewall_rule_get_nflog_group(stc_firewall_rule_h rule_h, + unsigned int *group) +{ + CHECK_FEATURE_SUPPORTED(TIZEN_FEATURE_STC_FW); + + if (__stc_fw_check_rule_validity(rule_h) == false) { + STC_LOGE("Invalid parameter"); + return STC_ERROR_INVALID_PARAMETER; + } + + if (!group) { + STC_LOGE("Invalid parameter"); + return STC_ERROR_INVALID_PARAMETER; + } + + stc_fw_rule_s *fw_rule = (stc_fw_rule_s *)rule_h; + + *group = fw_rule->nflog_group; + + STC_LOGI("Nflog group [%d]", *group); + + return STC_ERROR_NONE; +} + +EXPORT_API int stc_firewall_rule_get_nflog_prefix(stc_firewall_rule_h rule_h, + char **prefix) +{ + CHECK_FEATURE_SUPPORTED(TIZEN_FEATURE_STC_FW); + + if (__stc_fw_check_rule_validity(rule_h) == false) { + STC_LOGE("Invalid parameter"); + return STC_ERROR_INVALID_PARAMETER; + } + + if (!prefix) { + STC_LOGE("Invalid parameter"); + return STC_ERROR_INVALID_PARAMETER; + } + + stc_fw_rule_s *fw_rule = (stc_fw_rule_s *)rule_h; + + *prefix = g_strdup(fw_rule->nflog_prefix); + + STC_LOGI("Nflog prefix [%s]", *prefix); + + return STC_ERROR_NONE; +} + +EXPORT_API int stc_firewall_rule_get_nflog_range(stc_firewall_rule_h rule_h, + unsigned int *range) +{ + CHECK_FEATURE_SUPPORTED(TIZEN_FEATURE_STC_FW); + + if (__stc_fw_check_rule_validity(rule_h) == false) { + STC_LOGE("Invalid parameter"); + return STC_ERROR_INVALID_PARAMETER; + } + + if (!range) { + STC_LOGE("Invalid parameter"); + return STC_ERROR_INVALID_PARAMETER; + } + + stc_fw_rule_s *fw_rule = (stc_fw_rule_s *)rule_h; + + *range = fw_rule->nflog_range; + + STC_LOGI("Nflog range [%d]", *range); + + return STC_ERROR_NONE; +} + +EXPORT_API int stc_firewall_rule_get_nflog_threshold(stc_firewall_rule_h rule_h, + unsigned int *threshold) +{ + CHECK_FEATURE_SUPPORTED(TIZEN_FEATURE_STC_FW); + + if (__stc_fw_check_rule_validity(rule_h) == false) { + STC_LOGE("Invalid parameter"); + return STC_ERROR_INVALID_PARAMETER; + } + + if (!threshold) { + STC_LOGE("Invalid parameter"); + return STC_ERROR_INVALID_PARAMETER; + } + + stc_fw_rule_s *fw_rule = (stc_fw_rule_s *)rule_h; + + *threshold = fw_rule->nflog_threshold; + + STC_LOGI("Nflog threshold [%d]", *threshold); + + return STC_ERROR_NONE; +} + EXPORT_API int stc_firewall_rule_add(stc_firewall_rule_h rule_h) { int ret = STC_ERROR_NONE; diff --git a/test/firewall.c b/test/firewall.c index 0efc210..0567613 100755 --- a/test/firewall.c +++ b/test/firewall.c @@ -64,6 +64,12 @@ static char g_rule_protocol[MENU_DATA_SIZE] = "1"; static char g_rule_family[MENU_DATA_SIZE] = "1"; static char g_rule_ifname[MENU_DATA_SIZE] = "seth_w0"; static char g_rule_target[MENU_DATA_SIZE] = "1"; +static char g_rule_log_level[MENU_DATA_SIZE] = "4"; +static char g_rule_log_prefix[MENU_DATA_SIZE] = "STC_LOG:"; +static char g_rule_nflog_group[MENU_DATA_SIZE] = "0"; +static char g_rule_nflog_prefix[MENU_DATA_SIZE] = "STC_NFLOG:"; +static char g_rule_nflog_range[MENU_DATA_SIZE] = "0"; +static char g_rule_nflog_threshold[MENU_DATA_SIZE] = "0"; static char g_rule_index[MENU_DATA_SIZE] = "0"; extern stc_h g_stc; @@ -91,54 +97,68 @@ static void __test_stc_fw_print_rule(stc_firewall_rule_h rule_h) unsigned int s_port2 = 0; unsigned int d_port1 = 0; unsigned int d_port2 = 0; + unsigned int log_level = 0; + unsigned int nflog_group = 0; + unsigned int nflog_range = 0; + unsigned int nflog_threshold = 0; char *ifname = NULL; + char *log_prefix = NULL; + char *nflog_prefix = NULL; stc_firewall_rule_target_e target = STC_FIREWALL_RULE_TARGET_NONE; ret = stc_firewall_rule_get_chain(rule_h, &chain); if (ret == STC_ERROR_NONE) { - msg("Chain: " LOG_CYAN "[%s]" LOG_END, chain); + msg("Chain: " LOG_CYAN "[%s]" LOG_END, chain); FREE(chain); } - ret = stc_firewall_rule_get_direction(rule_h, &direction); - if (ret == STC_ERROR_NONE) - msg("Direction: " LOG_CYAN "[%s]" LOG_END, - test_stc_convert_fw_direction_to_string(direction)); + if (direction > STC_FIREWALL_DIRECTION_NONE && + direction <= STC_FIREWALL_DIRECTION_OUT) { + ret = stc_firewall_rule_get_direction(rule_h, &direction); + if (ret == STC_ERROR_NONE) + msg("Direction: " LOG_CYAN "[%s]" LOG_END, + test_stc_convert_fw_direction_to_string(direction)); + } ret = stc_firewall_rule_get_ifname(rule_h, &ifname); if (ret == STC_ERROR_NONE) { - msg("Ifname: " LOG_CYAN "[%s]" LOG_END, ifname); + if (ifname) + msg("Ifname: " LOG_CYAN "[%s]" LOG_END, ifname); + FREE(ifname); } ret = stc_firewall_rule_get_family_type(rule_h, &family); if (ret == STC_ERROR_NONE) - msg("Family: " LOG_CYAN "[%s]" LOG_END, + msg("Family: " LOG_CYAN "[%s]" LOG_END, test_stc_convert_fw_family_type_to_string(family)); ret = stc_firewall_rule_get_src_ip_type(rule_h, &s_ip_type); if (ret == STC_ERROR_NONE) - msg("SrcIPtype: " LOG_CYAN "[%s]" LOG_END, + msg("SrcIPtype: " LOG_CYAN "[%s]" LOG_END, test_stc_convert_fw_ip_type_to_string(s_ip_type)); ret = stc_firewall_rule_get_src_ip(rule_h, &s_ip1, &s_ip2); if (ret == STC_ERROR_NONE) { if (s_ip1 || s_ip2) - msg("SrcIP: " LOG_CYAN "[%s:%s]" LOG_END, s_ip1, s_ip2); + msg("SrcIP: " LOG_CYAN "[%s:%s]" LOG_END, s_ip1, s_ip2); FREE(s_ip1); FREE(s_ip2); } - ret = stc_firewall_rule_get_dst_ip_type(rule_h, &d_ip_type); - if (ret == STC_ERROR_NONE) - msg("DstIPtype: " LOG_CYAN "[%s]" LOG_END, - test_stc_convert_fw_ip_type_to_string(d_ip_type)); + if (d_ip_type > STC_FIREWALL_IP_NONE && + d_ip_type <= STC_FIREWALL_IP_RANGE) { + ret = stc_firewall_rule_get_dst_ip_type(rule_h, &d_ip_type); + if (ret == STC_ERROR_NONE) + msg("DstIPtype: " LOG_CYAN "[%s]" LOG_END, + test_stc_convert_fw_ip_type_to_string(d_ip_type)); + } ret = stc_firewall_rule_get_dst_ip(rule_h, &d_ip1, &d_ip2); if (ret == STC_ERROR_NONE) { if (d_ip1 || d_ip2) - msg("DstIP: " LOG_CYAN "[%s:%s]" LOG_END, d_ip1, d_ip2); + msg("DstIP: " LOG_CYAN "[%s:%s]" LOG_END, d_ip1, d_ip2); FREE(d_ip1); FREE(d_ip2); @@ -146,35 +166,71 @@ static void __test_stc_fw_print_rule(stc_firewall_rule_h rule_h) ret = stc_firewall_rule_get_protocol_type(rule_h, &protocol); if (ret == STC_ERROR_NONE) - msg("Protocol: " LOG_CYAN "[%s]" LOG_END, + msg("Protocol: " LOG_CYAN "[%s]" LOG_END, test_stc_convert_fw_protocol_type_to_string(protocol)); ret = stc_firewall_rule_get_src_port_type(rule_h, &s_port_type); if (ret == STC_ERROR_NONE) - msg("SrcPorttype: " LOG_CYAN "[%s]" LOG_END, + msg("SrcPorttype: " LOG_CYAN "[%s]" LOG_END, test_stc_convert_fw_port_type_to_string(s_port_type)); ret = stc_firewall_rule_get_src_port(rule_h, &s_port1, &s_port2); if (ret == STC_ERROR_NONE) { if (s_port1 || s_port2) - msg("SrcPort: " LOG_CYAN "[%u:%u]" LOG_END, s_port1, s_port2); + msg("SrcPort: " LOG_CYAN "[%u:%u]" LOG_END, s_port1, s_port2); } ret = stc_firewall_rule_get_dst_port_type(rule_h, &d_port_type); if (ret == STC_ERROR_NONE) - msg("DstPorttype: " LOG_CYAN "[%s]" LOG_END, + msg("DstPorttype: " LOG_CYAN "[%s]" LOG_END, test_stc_convert_fw_port_type_to_string(d_port_type)); ret = stc_firewall_rule_get_dst_port(rule_h, &d_port1, &d_port2); if (ret == STC_ERROR_NONE) { if (d_port1 || d_port2) - msg("DstPort: " LOG_CYAN "[%u:%u]" LOG_END, d_port1, d_port2); + msg("DstPort: " LOG_CYAN "[%u:%u]" LOG_END, d_port1, d_port2); } ret = stc_firewall_rule_get_target(rule_h, &target); if (ret == STC_ERROR_NONE) - msg("Target: " LOG_CYAN "[%s]" LOG_END, + msg("Target: " LOG_CYAN "[%s]" LOG_END, test_stc_convert_fw_rule_target_to_string(target)); + + if (target == STC_FIREWALL_RULE_TARGET_LOG) { + ret = stc_firewall_rule_get_log_level(rule_h, &log_level); + if (ret == STC_ERROR_NONE) + msg("Log level: " LOG_CYAN "[%u]" LOG_END, log_level); + + ret = stc_firewall_rule_get_log_prefix(rule_h, &log_prefix); + if (ret == STC_ERROR_NONE) { + if (log_prefix) + msg("Log prefix: " LOG_CYAN "[%s]" LOG_END, log_prefix); + + FREE(log_prefix); + } + } + + if (target == STC_FIREWALL_RULE_TARGET_NFLOG) { + ret = stc_firewall_rule_get_nflog_group(rule_h, &nflog_group); + if (ret == STC_ERROR_NONE) + msg("Nflog group: " LOG_CYAN "[%u]" LOG_END, nflog_group); + + ret = stc_firewall_rule_get_nflog_prefix(rule_h, &nflog_prefix); + if (ret == STC_ERROR_NONE) { + if (nflog_prefix) + msg("Nflog prefix: " LOG_CYAN "[%s]" LOG_END, nflog_prefix); + + FREE(nflog_prefix); + } + + ret = stc_firewall_rule_get_nflog_range(rule_h, &nflog_range); + if (ret == STC_ERROR_NONE) + msg("Nflog range: " LOG_CYAN "[%u]" LOG_END, nflog_range); + + ret = stc_firewall_rule_get_nflog_threshold(rule_h, &nflog_threshold); + if (ret == STC_ERROR_NONE) + msg("Nflog threshold: " LOG_CYAN "[%u]" LOG_END, nflog_threshold); + } } static int __test_stc_fw_print_all_rule(MManager *mm, struct menu_data *menu) @@ -188,7 +244,7 @@ static int __test_stc_fw_print_all_rule(MManager *mm, struct menu_data *menu) for (list = g_rule_list; list; list = list->next) { stc_firewall_rule_h rule_h = (stc_firewall_rule_h)list->data; msg(HR_SINGLE); - msg("Index: " LOG_CYAN "[%u]" LOG_END, index); + msg("Index: " LOG_CYAN "[%u]" LOG_END, index); __test_stc_fw_print_rule(rule_h); ++index; } @@ -244,12 +300,14 @@ static int __test_stc_fw_set_rule_info(void) (unsigned int)strtol(g_rule_d_port1, NULL, 10); unsigned int d_port2 = (unsigned int)strtol(g_rule_d_port2, NULL, 10); - char *chain = NULL; - char *s_ip1 = NULL; - char *s_ip2 = NULL; - char *d_ip1 = NULL; - char *d_ip2 = NULL; - char *ifname = NULL; + unsigned int log_level = + (unsigned int)strtol(g_rule_log_level, NULL, 10); + unsigned int nflog_group = + (unsigned int)strtol(g_rule_nflog_group, NULL, 10); + unsigned int nflog_range = + (unsigned int)strtol(g_rule_nflog_range, NULL, 10); + unsigned int nflog_threshold = + (unsigned int)strtol(g_rule_nflog_threshold, NULL, 10); int ret = STC_ERROR_NONE; if (strlen(g_rule_chain) == 0) { @@ -370,7 +428,7 @@ static int __test_stc_fw_set_rule_info(void) test_stc_convert_error_type_to_string(ret)); if (target > STC_FIREWALL_RULE_TARGET_NONE && - target <= STC_FIREWALL_RULE_TARGET_LOG) { + target < STC_FIREWALL_RULE_TARGET_MAX) { ret = stc_firewall_rule_set_target(g_fw_rule_h, target); if (ret == STC_ERROR_NONE) msg(LOG_GREEN "Success to set target of rule" LOG_END); @@ -379,97 +437,51 @@ static int __test_stc_fw_set_rule_info(void) test_stc_convert_error_type_to_string(ret)); } - msg(HR_SINGLE); - - ret = stc_firewall_rule_get_chain(g_fw_rule_h, &chain); - if (ret == STC_ERROR_NONE) { - msg("Chain: " LOG_CYAN "[%s]" LOG_END, chain); - FREE(chain); - } - - if (direction > STC_FIREWALL_DIRECTION_NONE && - direction <= STC_FIREWALL_DIRECTION_OUT) { - ret = stc_firewall_rule_get_direction(g_fw_rule_h, &direction); - if (ret == STC_ERROR_NONE) - msg("Direction: " LOG_CYAN "[%s]" LOG_END, - test_stc_convert_fw_direction_to_string(direction)); - } - - ret = stc_firewall_rule_get_ifname(g_fw_rule_h, &ifname); - if (ret == STC_ERROR_NONE) { - if (ifname) - msg("Ifname: " LOG_CYAN "[%s]" LOG_END, ifname); - - FREE(ifname); - } - - ret = stc_firewall_rule_get_family_type(g_fw_rule_h, &family); + ret = stc_firewall_rule_set_log_level(g_fw_rule_h, log_level); if (ret == STC_ERROR_NONE) - msg("Family: " LOG_CYAN "[%s]" LOG_END, - test_stc_convert_fw_family_type_to_string(family)); + msg(LOG_GREEN "Success to set log level of rule" LOG_END); + else + msg("Fail to set log level of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); - ret = stc_firewall_rule_get_src_ip_type(g_fw_rule_h, &s_ip_type); + ret = stc_firewall_rule_set_log_prefix(g_fw_rule_h, g_rule_log_prefix); if (ret == STC_ERROR_NONE) - msg("SrcIPtype: " LOG_CYAN "[%s]" LOG_END, - test_stc_convert_fw_ip_type_to_string(s_ip_type)); - - ret = stc_firewall_rule_get_src_ip(g_fw_rule_h, &s_ip1, &s_ip2); - if (ret == STC_ERROR_NONE) { - if (s_ip1 || s_ip2) - msg("SrcIP: " LOG_CYAN "[%s:%s]" LOG_END, s_ip1, s_ip2); - - FREE(s_ip1); - FREE(s_ip2); - } - - if (d_ip_type > STC_FIREWALL_IP_NONE && - d_ip_type <= STC_FIREWALL_IP_RANGE) { - ret = stc_firewall_rule_get_dst_ip_type(g_fw_rule_h, &d_ip_type); - if (ret == STC_ERROR_NONE) - msg("DstIPtype: " LOG_CYAN "[%s]" LOG_END, - test_stc_convert_fw_ip_type_to_string(d_ip_type)); - } - - ret = stc_firewall_rule_get_dst_ip(g_fw_rule_h, &d_ip1, &d_ip2); - if (ret == STC_ERROR_NONE) { - if (d_ip1 || d_ip2) - msg("DstIP: " LOG_CYAN "[%s:%s]" LOG_END, d_ip1, d_ip2); - - FREE(d_ip1); - FREE(d_ip2); - } + msg(LOG_GREEN "Success to set log prefix of rule" LOG_END); + else + msg("Fail to set log prefix of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); - ret = stc_firewall_rule_get_protocol_type(g_fw_rule_h, &protocol); + ret = stc_firewall_rule_set_nflog_group(g_fw_rule_h, nflog_group); if (ret == STC_ERROR_NONE) - msg("Protocol: " LOG_CYAN "[%s]" LOG_END, - test_stc_convert_fw_protocol_type_to_string(protocol)); + msg(LOG_GREEN "Success to set nflog group of rule" LOG_END); + else + msg("Fail to set nflog group of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); - ret = stc_firewall_rule_get_src_port_type(g_fw_rule_h, &s_port_type); + ret = stc_firewall_rule_set_nflog_prefix(g_fw_rule_h, g_rule_nflog_prefix); if (ret == STC_ERROR_NONE) - msg("SrcPorttype: " LOG_CYAN "[%s]" LOG_END, - test_stc_convert_fw_port_type_to_string(s_port_type)); + msg(LOG_GREEN "Success to set nflog prefix of rule" LOG_END); + else + msg("Fail to set nflog prefix of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); - ret = stc_firewall_rule_get_src_port(g_fw_rule_h, &s_port1, &s_port2); - if (ret == STC_ERROR_NONE) { - if (s_port1 || s_port2) - msg("SrcPort: " LOG_CYAN "[%u:%u]" LOG_END, s_port1, s_port2); - } + ret = stc_firewall_rule_set_nflog_range(g_fw_rule_h, nflog_range); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set nflog range of rule" LOG_END); + else + msg("Fail to set nflog range of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); - ret = stc_firewall_rule_get_dst_port_type(g_fw_rule_h, &d_port_type); + ret = stc_firewall_rule_set_nflog_threshold(g_fw_rule_h, nflog_threshold); if (ret == STC_ERROR_NONE) - msg("DstPorttype: " LOG_CYAN "[%s]" LOG_END, - test_stc_convert_fw_port_type_to_string(d_port_type)); + msg(LOG_GREEN "Success to set nflog threshold of rule" LOG_END); + else + msg("Fail to set nflog threshold of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); - ret = stc_firewall_rule_get_dst_port(g_fw_rule_h, &d_port1, &d_port2); - if (ret == STC_ERROR_NONE) { - if (d_port1 || d_port2) - msg("DstPort: " LOG_CYAN "[%u:%u]" LOG_END, d_port1, d_port2); - } + msg(HR_SINGLE); - ret = stc_firewall_rule_get_target(g_fw_rule_h, &target); - if (ret == STC_ERROR_NONE) - msg("Target: " LOG_CYAN "[%s]" LOG_END, - test_stc_convert_fw_rule_target_to_string(target)); + __test_stc_fw_print_rule(g_fw_rule_h); msg(HR_SINGLE); @@ -502,12 +514,14 @@ static int __test_stc_fw_update_rule_info(stc_firewall_rule_h rule_h) (unsigned int)strtol(g_rule_d_port1, NULL, 10); unsigned int d_port2 = (unsigned int)strtol(g_rule_d_port2, NULL, 10); - char *chain = NULL; - char *s_ip1 = NULL; - char *s_ip2 = NULL; - char *d_ip1 = NULL; - char *d_ip2 = NULL; - char *ifname = NULL; + unsigned int log_level = + (unsigned int)strtol(g_rule_log_level, NULL, 10); + unsigned int nflog_group = + (unsigned int)strtol(g_rule_nflog_group, NULL, 10); + unsigned int nflog_range = + (unsigned int)strtol(g_rule_nflog_range, NULL, 10); + unsigned int nflog_threshold = + (unsigned int)strtol(g_rule_nflog_threshold, NULL, 10); int ret = STC_ERROR_NONE; if (direction > STC_FIREWALL_DIRECTION_NONE && @@ -616,7 +630,7 @@ static int __test_stc_fw_update_rule_info(stc_firewall_rule_h rule_h) test_stc_convert_error_type_to_string(ret)); if (target > STC_FIREWALL_RULE_TARGET_NONE && - target <= STC_FIREWALL_RULE_TARGET_LOG) { + target < STC_FIREWALL_RULE_TARGET_MAX) { ret = stc_firewall_rule_set_target(rule_h, target); if (ret == STC_ERROR_NONE) msg(LOG_GREEN "Success to set target of rule" LOG_END); @@ -625,97 +639,51 @@ static int __test_stc_fw_update_rule_info(stc_firewall_rule_h rule_h) test_stc_convert_error_type_to_string(ret)); } - msg(HR_SINGLE); - - ret = stc_firewall_rule_get_chain(rule_h, &chain); - if (ret == STC_ERROR_NONE) { - msg("Chain: " LOG_CYAN "[%s]" LOG_END, chain); - FREE(chain); - } - - if (direction > STC_FIREWALL_DIRECTION_NONE && - direction <= STC_FIREWALL_DIRECTION_OUT) { - ret = stc_firewall_rule_get_direction(rule_h, &direction); - if (ret == STC_ERROR_NONE) - msg("Direction: " LOG_CYAN "[%s]" LOG_END, - test_stc_convert_fw_direction_to_string(direction)); - } - - ret = stc_firewall_rule_get_ifname(rule_h, &ifname); - if (ret == STC_ERROR_NONE) { - if (ifname) - msg("Ifname: " LOG_CYAN "[%s]" LOG_END, ifname); - - FREE(ifname); - } - - ret = stc_firewall_rule_get_family_type(rule_h, &family); + ret = stc_firewall_rule_set_log_level(rule_h, log_level); if (ret == STC_ERROR_NONE) - msg("Family: " LOG_CYAN "[%s]" LOG_END, - test_stc_convert_fw_family_type_to_string(family)); + msg(LOG_GREEN "Success to set log level of rule" LOG_END); + else + msg("Fail to set log level of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); - ret = stc_firewall_rule_get_src_ip_type(rule_h, &s_ip_type); + ret = stc_firewall_rule_set_log_prefix(rule_h, g_rule_log_prefix); if (ret == STC_ERROR_NONE) - msg("SrcIPtype: " LOG_CYAN "[%s]" LOG_END, - test_stc_convert_fw_ip_type_to_string(s_ip_type)); - - ret = stc_firewall_rule_get_src_ip(rule_h, &s_ip1, &s_ip2); - if (ret == STC_ERROR_NONE) { - if (s_ip1 || s_ip2) - msg("SrcIP: " LOG_CYAN "[%s:%s]" LOG_END, s_ip1, s_ip2); - - FREE(s_ip1); - FREE(s_ip2); - } - - if (d_ip_type > STC_FIREWALL_IP_NONE && - d_ip_type <= STC_FIREWALL_IP_RANGE) { - ret = stc_firewall_rule_get_dst_ip_type(rule_h, &d_ip_type); - if (ret == STC_ERROR_NONE) - msg("DstIPtype: " LOG_CYAN "[%s]" LOG_END, - test_stc_convert_fw_ip_type_to_string(d_ip_type)); - } - - ret = stc_firewall_rule_get_dst_ip(rule_h, &d_ip1, &d_ip2); - if (ret == STC_ERROR_NONE) { - if (d_ip1 || d_ip2) - msg("DstIP: " LOG_CYAN "[%s:%s]" LOG_END, d_ip1, d_ip2); - - FREE(d_ip1); - FREE(d_ip2); - } + msg(LOG_GREEN "Success to set log prefix of rule" LOG_END); + else + msg("Fail to set log prefix of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); - ret = stc_firewall_rule_get_protocol_type(rule_h, &protocol); + ret = stc_firewall_rule_set_nflog_group(rule_h, nflog_group); if (ret == STC_ERROR_NONE) - msg("Protocol: " LOG_CYAN "[%s]" LOG_END, - test_stc_convert_fw_protocol_type_to_string(protocol)); + msg(LOG_GREEN "Success to set nflog group of rule" LOG_END); + else + msg("Fail to set nflog group of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); - ret = stc_firewall_rule_get_src_port_type(rule_h, &s_port_type); + ret = stc_firewall_rule_set_nflog_prefix(rule_h, g_rule_nflog_prefix); if (ret == STC_ERROR_NONE) - msg("SrcPorttype: " LOG_CYAN "[%s]" LOG_END, - test_stc_convert_fw_port_type_to_string(s_port_type)); + msg(LOG_GREEN "Success to set nflog prefix of rule" LOG_END); + else + msg("Fail to set nflog prefix of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); - ret = stc_firewall_rule_get_src_port(rule_h, &s_port1, &s_port2); - if (ret == STC_ERROR_NONE) { - if (s_port1 || s_port2) - msg("SrcPort: " LOG_CYAN "[%u:%u]" LOG_END, s_port1, s_port2); - } + ret = stc_firewall_rule_set_nflog_range(rule_h, nflog_range); + if (ret == STC_ERROR_NONE) + msg(LOG_GREEN "Success to set nflog range of rule" LOG_END); + else + msg("Fail to set nflog range of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); - ret = stc_firewall_rule_get_dst_port_type(rule_h, &d_port_type); + ret = stc_firewall_rule_set_nflog_threshold(rule_h, nflog_threshold); if (ret == STC_ERROR_NONE) - msg("DstPorttype: " LOG_CYAN "[%s]" LOG_END, - test_stc_convert_fw_port_type_to_string(d_port_type)); + msg(LOG_GREEN "Success to set nflog threshold of rule" LOG_END); + else + msg("Fail to set nflog threshold of rule " LOG_RED "[%s]" LOG_END, + test_stc_convert_error_type_to_string(ret)); - ret = stc_firewall_rule_get_dst_port(rule_h, &d_port1, &d_port2); - if (ret == STC_ERROR_NONE) { - if (d_port1 || d_port2) - msg("DstPort: " LOG_CYAN "[%u:%u]" LOG_END, d_port1, d_port2); - } + msg(HR_SINGLE); - ret = stc_firewall_rule_get_target(rule_h, &target); - if (ret == STC_ERROR_NONE) - msg("Target: " LOG_CYAN "[%s]" LOG_END, - test_stc_convert_fw_rule_target_to_string(target)); + __test_stc_fw_print_rule(rule_h); msg(HR_SINGLE); @@ -1057,7 +1025,7 @@ static int _test_stc_fw_set_chain(MManager *mm, struct menu_data *menu) return STC_ERROR_INVALID_PARAMETER; } - if (target > STC_FIREWALL_CHAIN_TARGET_OUTPUT) { + if (target >= STC_FIREWALL_CHAIN_TARGET_MAX) { msg(LOG_RED "Invalid target parameter" LOG_END); return STC_ERROR_INVALID_PARAMETER; } @@ -1156,7 +1124,13 @@ static struct menu_data menu_firewall_rule_add[] = { { "7", "Protocol type(0.None/1.TCP/2.UDP/3.ICMP/4.ALL)", NULL, NULL, g_rule_protocol}, { "8", "Family(0.None/1.IPv4/2.IPv6)", NULL, NULL, g_rule_family}, { "9", "Interface name", NULL, NULL, g_rule_ifname}, - { "0", "Target(0.None/1.ACCEPT/2.DROP/3.LOG)", NULL, NULL, g_rule_target}, + { "0", "Target(0.None/1.ACCEPT/2.DROP/3.LOG/4.NFLOG)", NULL, NULL, g_rule_target}, + { "01", "Log level", NULL, NULL, g_rule_log_level}, + { "02", "Log Prefix", NULL, NULL, g_rule_log_prefix}, + { "03", "Nflog Group", NULL, NULL, g_rule_nflog_group}, + { "04", "Nflog Prefix", NULL, NULL, g_rule_nflog_prefix}, + { "05", "Nflog Range", NULL, NULL, g_rule_nflog_range}, + { "06", "Nflog Threshold", NULL, NULL, g_rule_nflog_threshold}, { "a", LOG_LIGHTBLUE "[Add]" LOG_END " rule", NULL, _test_stc_fw_add_rule, NULL}, { NULL, NULL, }, }; @@ -1179,7 +1153,13 @@ static struct menu_data menu_firewall_rule_update[] = { { "7", "Protocol type(0.None/1.TCP/2.UDP/3.ICMP/4.ALL)", NULL, NULL, g_rule_protocol}, { "8", "Family(0.None/1.IPv4/2.IPv6)", NULL, NULL, g_rule_family}, { "9", "Interface name", NULL, NULL, g_rule_ifname}, - { "0", "Target(0.None/1.ACCEPT/2.DROP/3.LOG)", NULL, NULL, g_rule_target}, + { "0", "Target(0.None/1.ACCEPT/2.DROP/3.LOG/4.NFLOG)", NULL, NULL, g_rule_target}, + { "01", "Log level", NULL, NULL, g_rule_log_level}, + { "02", "Log Prefix", NULL, NULL, g_rule_log_prefix}, + { "03", "Nflog Group", NULL, NULL, g_rule_nflog_group}, + { "04", "Nflog Prefix", NULL, NULL, g_rule_nflog_prefix}, + { "05", "Nflog Range", NULL, NULL, g_rule_nflog_range}, + { "06", "Nflog Threshold", NULL, NULL, g_rule_nflog_threshold}, { "u", LOG_LIGHTBLUE "[Update]" LOG_END " rule", NULL, _test_stc_fw_update_rule, NULL}, { NULL, NULL, }, }; diff --git a/test/stc_test.c b/test/stc_test.c index 420215e..88a3638 100755 --- a/test/stc_test.c +++ b/test/stc_test.c @@ -334,6 +334,8 @@ const char *test_stc_convert_fw_rule_target_to_string( return "DROP"; case STC_FIREWALL_RULE_TARGET_LOG: return "LOG"; + case STC_FIREWALL_RULE_TARGET_NFLOG: + return "NFLOG"; default: return "Unknown"; }