projects
/
project
/
firewall3.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
ipsets: permit default timeout of 0
[project/firewall3.git]
/
utils.c
diff --git
a/utils.c
b/utils.c
index da6563243c0673f8393c16f65116aeb88ba0ea6c..17d5bf97d18f43a54cb721604ee60f9bb34590ff 100644
(file)
--- a/
utils.c
+++ b/
utils.c
@@
-191,8
+191,7
@@
fw3_find_command(const char *cmd)
if ((plen + clen) >= sizeof(path))
continue;
if ((plen + clen) >= sizeof(path))
continue;
- strncpy(path, search, plen);
- sprintf(path + plen, "/%s", cmd);
+ snprintf(path, sizeof(path), "%.*s/%s", plen, search, cmd);
if (!stat(path, &s) && S_ISREG(s.st_mode))
return path;
if (!stat(path, &s) && S_ISREG(s.st_mode))
return path;
@@
-316,23
+315,19
@@
fw3_command_close(void)
pipe_pid = -1;
}
pipe_pid = -1;
}
-bool
-f
w3_has_table(bool ipv6, const char *table
)
+
static
bool
+f
ile_contains(const char *path, const char *str
)
{
FILE *f;
{
FILE *f;
-
char line[12];
bool seen = false;
char line[12];
bool seen = false;
- const char *path = ipv6
- ? "/proc/net/ip6_tables_names" : "/proc/net/ip_tables_names";
-
if (!(f = fopen(path, "r")))
return false;
while (fgets(line, sizeof(line), f))
{
if (!(f = fopen(path, "r")))
return false;
while (fgets(line, sizeof(line), f))
{
- if (!strncmp(line,
table, strlen(table
)))
+ if (!strncmp(line,
str, strlen(str
)))
{
seen = true;
break;
{
seen = true;
break;
@@
-345,31
+340,21
@@
fw3_has_table(bool ipv6, const char *table)
}
bool
}
bool
-fw3_has_ta
rget(const bool ipv6, const char *target
)
+fw3_has_ta
ble(const bool ipv6, const char *table
)
{
{
- FILE *f;
+ const char *path = ipv6
+ ? "/proc/net/ip6_tables_names" : "/proc/net/ip_tables_names";
-
char line[12]
;
- bool seen = false;
+
return file_contains(path, table)
;
+}
+bool
+fw3_has_target(const bool ipv6, const char *target)
+{
const char *path = ipv6
? "/proc/net/ip6_tables_targets" : "/proc/net/ip_tables_targets";
const char *path = ipv6
? "/proc/net/ip6_tables_targets" : "/proc/net/ip_tables_targets";
- if (!(f = fopen(path, "r")))
- return false;
-
- while (fgets(line, sizeof(line), f))
- {
- if (!strcmp(line, target))
- {
- seen = true;
- break;
- }
- }
-
- fclose(f);
-
- return seen;
+ return file_contains(path, target);
}
bool
}
bool
@@
-429,7
+414,7
@@
static void
write_defaults_uci(struct uci_context *ctx, struct fw3_defaults *d,
struct uci_package *dest)
{
write_defaults_uci(struct uci_context *ctx, struct fw3_defaults *d,
struct uci_package *dest)
{
- char buf[sizeof("0xffffffff
\0
")];
+ char buf[sizeof("0xffffffff")];
struct uci_ptr ptr = { .p = dest };
uci_add_section(ctx, dest, "defaults", &ptr.s);
struct uci_ptr ptr = { .p = dest };
uci_add_section(ctx, dest, "defaults", &ptr.s);
@@
-449,13
+434,13
@@
write_defaults_uci(struct uci_context *ctx, struct fw3_defaults *d,
ptr.value = fw3_flag_names[d->policy_forward];
uci_set(ctx, &ptr);
ptr.value = fw3_flag_names[d->policy_forward];
uci_set(ctx, &ptr);
- s
printf(buf
, "0x%x", d->flags[0]);
+ s
nprintf(buf, sizeof(buf)
, "0x%x", d->flags[0]);
ptr.o = NULL;
ptr.option = "__flags_v4";
ptr.value = buf;
uci_set(ctx, &ptr);
ptr.o = NULL;
ptr.option = "__flags_v4";
ptr.value = buf;
uci_set(ctx, &ptr);
- s
printf(buf
, "0x%x", d->flags[1]);
+ s
nprintf(buf, sizeof(buf)
, "0x%x", d->flags[1]);
ptr.o = NULL;
ptr.option = "__flags_v6";
ptr.value = buf;
ptr.o = NULL;
ptr.option = "__flags_v6";
ptr.value = buf;
@@
-612,13
+597,13
@@
write_zone_uci(struct uci_context *ctx, struct fw3_zone *z,
uci_set(ctx, &ptr);
}
uci_set(ctx, &ptr);
}
- s
printf(buf
, "0x%x", z->flags[0]);
+ s
nprintf(buf, sizeof(buf)
, "0x%x", z->flags[0]);
ptr.o = NULL;
ptr.option = "__flags_v4";
ptr.value = buf;
uci_set(ctx, &ptr);
ptr.o = NULL;
ptr.option = "__flags_v4";
ptr.value = buf;
uci_set(ctx, &ptr);
- s
printf(buf
, "0x%x", z->flags[1]);
+ s
nprintf(buf, sizeof(buf)
, "0x%x", z->flags[1]);
ptr.o = NULL;
ptr.option = "__flags_v6";
ptr.value = buf;
ptr.o = NULL;
ptr.option = "__flags_v6";
ptr.value = buf;
@@
-631,7
+616,7
@@
write_ipset_uci(struct uci_context *ctx, struct fw3_ipset *s,
{
struct fw3_ipset_datatype *type;
{
struct fw3_ipset_datatype *type;
- char buf[sizeof("65535-65535
\0
")];
+ char buf[sizeof("65535-65535")];
struct uci_ptr ptr = { .p = dest };
struct uci_ptr ptr = { .p = dest };
@@
-660,7
+645,7
@@
write_ipset_uci(struct uci_context *ctx, struct fw3_ipset *s,
list_for_each_entry(type, &s->datatypes, list)
{
list_for_each_entry(type, &s->datatypes, list)
{
- s
printf(buf
, "%s_%s", type->dir, fw3_ipset_type_names[type->type]);
+ s
nprintf(buf, sizeof(buf)
, "%s_%s", type->dir, fw3_ipset_type_names[type->type]);
ptr.o = NULL;
ptr.option = "match";
ptr.value = buf;
ptr.o = NULL;
ptr.option = "match";
ptr.value = buf;
@@
-677,7
+662,7
@@
write_ipset_uci(struct uci_context *ctx, struct fw3_ipset *s,
if (s->portrange.set)
{
if (s->portrange.set)
{
- s
printf(buf
, "%u-%u", s->portrange.port_min, s->portrange.port_max);
+ s
nprintf(buf, sizeof(buf)
, "%u-%u", s->portrange.port_min, s->portrange.port_max);
ptr.o = NULL;
ptr.option = "portrange";
ptr.value = buf;
ptr.o = NULL;
ptr.option = "portrange";
ptr.value = buf;
@@
-1021,7
+1006,7
@@
fw3_check_loopback_dev(const char *name)
return false;
memset(&ifr, 0, sizeof(ifr));
return false;
memset(&ifr, 0, sizeof(ifr));
- s
trncpy(ifr.ifr_name, name, sizeof(ifr.ifr_name) - 1
);
+ s
nprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s", name
);
if (ioctl(s, SIOCGIFFLAGS, &ifr) >= 0) {
if (ifr.ifr_flags & IFF_LOOPBACK)
if (ioctl(s, SIOCGIFFLAGS, &ifr) >= 0) {
if (ifr.ifr_flags & IFF_LOOPBACK)