"Fossies" - the Fresh Open Source Software Archive

Member "shorewall-core-5.2.8/lib.core" (24 Sep 2020, 8155 Bytes) of package /linux/misc/shorewall/shorewall-core-5.2.8.tar.bz2:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the last Fossies "Diffs" side-by-side code changes report for "lib.core": 5.2.6_vs_5.2.6.1.

    1 #
    2 # Shorewall 5.2 -- /usr/share/shorewall/lib.core
    3 #
    4 #     (c) 1999-2017 - Tom Eastep (teastep@shorewall.net)
    5 #
    6 #	Complete documentation is available at https://shorewall.org
    7 #
    8 #       This program is part of Shorewall.
    9 #
   10 #	This program is free software; you can redistribute it and/or modify
   11 #	it under the terms of the GNU General Public License as published by the
   12 #       Free Software Foundation, either version 2 of the license or, at your
   13 #       option, any later version.
   14 #
   15 #	This program is distributed in the hope that it will be useful,
   16 #	but WITHOUT ANY WARRANTY; without even the implied warranty of
   17 #	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
   18 #	GNU General Public License for more details.
   19 #
   20 #	You should have received a copy of the GNU General Public License
   21 #	along with this program; if not, see <http://www.gnu.org/licenses/>.
   22 #
   23 # This library contains the code common to all Shorewall components except the
   24 # generated scripts.
   25 #
   26 
   27 SHOREWALL_LIBVERSION=50108
   28 
   29 #
   30 # Fatal Error
   31 #
   32 fatal_error() # $@ = Message
   33 {
   34     echo "   ERROR: $@" >&2
   35     exit 2
   36 }
   37 
   38 setup_product_environment() { # $1 = if non-empty, source shorewallrc again now that we have the correct product
   39     g_basedir=${SHAREDIR}/shorewall
   40 
   41     g_sharedir="$SHAREDIR"/$PRODUCT
   42     g_confdir="$CONFDIR"/$PRODUCT
   43 
   44     case $PRODUCT in
   45 	shorewall)
   46 	    g_product="Shorewall"
   47 	    g_family=4
   48 	    g_tool=iptables
   49 	    g_lite=
   50 	    ;;
   51 	shorewall6)
   52 	    g_product="Shorewall6"
   53 	    g_family=6
   54 	    g_tool=ip6tables
   55 	    g_lite=
   56 	    ;;
   57 	shorewall-lite)
   58 	    g_product="Shorewall Lite"
   59 	    g_family=4
   60 	    g_tool=iptables
   61 	    g_lite=Yes
   62 	    ;;
   63 	shorewall6-lite)
   64 	    g_product="Shorewall6 Lite"
   65 	    g_family=6
   66 	    g_tool=ip6tables
   67 	    g_lite=Yes
   68 	    ;;
   69 	*)
   70 	    fatal_error "Unknown PRODUCT ($PRODUCT)"
   71 	    ;;
   72     esac
   73 
   74     [ -f ${SHAREDIR}/${PRODUCT}/version ] || fatal_error "$g_product does not appear to be installed on this system"
   75     #
   76     # We need to do this again, now that we have the correct product
   77     #
   78     [ -n "$1" ] && . ${g_basedir}/shorewallrc
   79 
   80     if [ -z "${VARLIB}" ]; then
   81 	VARLIB=${VARDIR}
   82 	VARDIR=${VARLIB}/${PRODUCT}
   83     elif [ -z "${VARDIR}" ]; then
   84 	VARDIR="${VARLIB}/${PRODUCT}"
   85     fi
   86 }
   87 
   88 set_default_product() {
   89     case $(basename $0) in
   90 	shorewall6)
   91 	    PRODUCT=shorewall6
   92 	    ;;
   93 	shorewall4)
   94 	    PRODUCT=shorewall
   95 	    ;;
   96 	shorewall-lite)
   97 	    PRODUCT=shorewall-lite
   98 	    ;;
   99 	shorewall6-lite)
  100 	    PRODUCT=shorewall6-lite
  101 	    ;;
  102 	*)
  103 	    if [ -f ${g_basedir}/version ]; then
  104 		PRODUCT=shorewall
  105 	    elif [ -f ${SHAREDIR}/shorewall-lite/version ]; then
  106 		PRODUCT=shorewall-lite
  107 	    elif [ -f ${SHAREDIR}/shorewall6-lite/version ]; then
  108 		PRODUCT=shorewall6-lite
  109 	    else
  110 		fatal_error "No Shorewall firewall product is installed"
  111 	    fi
  112 	    ;;
  113     esac
  114 }
  115 
  116 # Not configured Error
  117 #
  118 not_configured_error() # $@ = Message
  119 {
  120     echo "   ERROR: $@" >&2
  121     exit 6
  122 }
  123 
  124 #
  125 # Conditionally produce message
  126 #
  127 progress_message() # $* = Message
  128 {
  129     local timestamp
  130     timestamp=
  131 
  132     if [ $VERBOSITY -gt 1 ]; then
  133 	[ -n "$g_timestamp" ] && timestamp="$(date +%H:%M:%S) "
  134 	echo "${timestamp}$@"
  135     fi
  136 }
  137 
  138 progress_message2() # $* = Message
  139 {
  140     local timestamp
  141     timestamp=
  142 
  143     if [ $VERBOSITY -gt 0 ]; then
  144 	[ -n "$g_timestamp" ] && timestamp="$(date +%H:%M:%S) "
  145 	echo "${timestamp}$@"
  146     fi
  147 }
  148 
  149 progress_message3() # $* = Message
  150 {
  151     local timestamp
  152     timestamp=
  153 
  154     if [ $VERBOSITY -ge 0 ]; then
  155 	[ -n "$g_timestamp" ] && timestamp="$(date +%H:%M:%S) "
  156 	echo "${timestamp}$@"
  157     fi
  158 }
  159 
  160 #
  161 # Undo the effect of 'separate_list()'
  162 #
  163 combine_list()
  164 {
  165     local f
  166     local o
  167     o=
  168 
  169     for f in $* ; do
  170         o="${o:+$o,}$f"
  171     done
  172 
  173     echo $o
  174 }
  175 
  176 #
  177 # Validate an IP address
  178 #
  179 valid_address() {
  180     local x
  181     local y
  182     local ifs
  183     ifs=$IFS
  184 
  185     IFS=.
  186 
  187     for x in $1; do
  188 	case $x in
  189 	    [0-9]|[0-9][0-9]|[1-2][0-9][0-9])
  190 		[ $x -lt 256 ] || { IFS=$ifs; return 2; }
  191                 ;;
  192 	    *)
  193 	        IFS=$ifs
  194 		return 2
  195 		;;
  196 	esac
  197     done
  198 
  199     IFS=$ifs
  200 
  201     return 0
  202 }
  203 
  204 #
  205 # Miserable Hack to work around broken BusyBox ash in OpenWRT
  206 #
  207 addr_comp() {
  208     test $(bc <<EOF
  209 $1 > $2
  210 EOF
  211 ) -eq 1
  212 
  213 }
  214 
  215 #
  216 # Enumerate the members of an IP range -- When using a shell supporting only
  217 # 32-bit signed arithmetic, the range cannot span 128.0.0.0.
  218 #
  219 # Comes in two flavors:
  220 #
  221 # ip_range() - produces a mimimal list of network/host addresses that spans
  222 #              the range.
  223 #
  224 # ip_range_explicit() - explicitly enumerates the range.
  225 #
  226 ip_range() {
  227     local first
  228     local last
  229     local l
  230     local x
  231     local y
  232     local z
  233     local vlsm
  234 
  235     case $1 in
  236 	!*)
  237 	    #
  238 	    # Let iptables complain if it's a range
  239 	    #
  240 	    echo $1
  241 	    return
  242 	    ;;
  243 	[0-9]*.*.*.*-*.*.*.*)
  244             ;;
  245 	*)
  246 	    echo $1
  247 	    return
  248 	    ;;
  249     esac
  250 
  251     first=$(decodeaddr ${1%-*})
  252     last=$(decodeaddr ${1#*-})
  253 
  254     if addr_comp $first $last; then
  255 	fatal_error "Invalid IP address range: $1"
  256     fi
  257 
  258     l=$(( $last + 1 ))
  259 
  260     while addr_comp $l $first; do
  261 	vlsm=
  262 	x=31
  263 	y=2
  264 	z=1
  265 
  266 	while [ $(( $first % $y )) -eq 0 ] && ! addr_comp $(( $first + $y )) $l; do
  267 	    vlsm=/$x
  268 	    x=$(( $x - 1 ))
  269 	    z=$y
  270 	    y=$(( $y * 2 ))
  271 	done
  272 
  273 	echo $(encodeaddr $first)$vlsm
  274 	first=$(($first + $z))
  275     done
  276 }
  277 
  278 ip_range_explicit() {
  279     local first
  280     local last
  281 
  282     case $1 in
  283     [0-9]*.*.*.*-*.*.*.*)
  284 	;;
  285     *)
  286 	echo $1
  287 	return
  288 	;;
  289     esac
  290 
  291     first=$(decodeaddr ${1%-*})
  292     last=$(decodeaddr ${1#*-})
  293 
  294     if addr_comp $first $last; then
  295 	fatal_error "Invalid IP address range: $1"
  296     fi
  297 
  298     while ! addr_comp $first $last; do
  299 	echo $(encodeaddr $first)
  300 	first=$(($first + 1))
  301     done
  302 }
  303 
  304 [ -z "$LEFTSHIFT" ] && . ${g_basedir}/lib.common
  305 
  306 #
  307 # Netmask to VLSM
  308 #
  309 ip_vlsm() {
  310     local mask
  311     mask=$(decodeaddr $1)
  312     local vlsm
  313     vlsm=0
  314     local x
  315     x=$(( 128 << 24 )) # 0x80000000
  316 
  317     while [ $(( $x & $mask )) -ne 0 ]; do
  318 	[ $mask -eq $x ] && mask=0 || mask=$(( $mask $LEFTSHIFT 1 )) # Not all shells shift 0x80000000 left properly.
  319 	vlsm=$(($vlsm + 1))
  320     done
  321 
  322     if [ $(( $mask & 2147483647 )) -ne 0 ]; then # 2147483647 = 0x7fffffff
  323 	echo "Invalid net mask: $1" >&2
  324     else
  325 	echo $vlsm
  326     fi
  327 }
  328 
  329 #
  330 # Set default config path
  331 #
  332 ensure_config_path() {
  333     local F
  334     F=${g_sharedir}/configpath
  335     if [ -z "$CONFIG_PATH" ]; then
  336 	[ -f $F ] || { echo "   ERROR: $F does not exist"; exit 2; }
  337 	. $F
  338     fi
  339 
  340     if [ -n "$g_shorewalldir" ] && [ "${CONFIG_PATH%%:*}" = "$g_shorewalldir" ];then
  341 	case $CONFIG_PATH in
  342 	    :*)
  343 		CONFIG_PATH=${g_shorewalldir}${CONFIG_PATH}
  344 		;;
  345 	    *)
  346 		CONFIG_PATH=$g_shorewalldir:$CONFIG_PATH
  347 		;;
  348 	esac
  349     fi
  350 }
  351 
  352 #
  353 # Get fully-qualified name of file
  354 #
  355 resolve_file() # $1 = file name
  356 {
  357     local pwd
  358     pwd=$PWD
  359 
  360     case $1 in
  361 	/*)
  362 	    echo $1
  363 	    ;;
  364 	.)
  365 	    echo $pwd
  366 	    ;;
  367 	./*)
  368 	    echo ${pwd}${1#.}
  369 	    ;;
  370 	..)
  371 	    cd ..
  372 	    echo $PWD
  373 	    cd $pwd
  374 	    ;;
  375 	../*)
  376 	    cd ..
  377 	    resolve_file ${1#../}
  378 	    cd $pwd
  379 	    ;;
  380 	*)
  381 	    echo $pwd/$1
  382 	    ;;
  383     esac
  384 }
  385 
  386 # Determine which version of mktemp is present (if any) and set MKTEMP accortingly:
  387 #
  388 #     None - No mktemp
  389 #     BSD  - BSD mktemp (Mandrake)
  390 #     STD  - mktemp.org mktemp
  391 #
  392 find_mktemp() {
  393     local mktemp
  394     mktemp=`mywhich mktemp 2> /dev/null`
  395 
  396     if [ -n "$mktemp" ]; then
  397 	if qt mktemp -V ; then
  398 	    MKTEMP=STD
  399 	else
  400 	    MKTEMP=BSD
  401 	fi
  402     else
  403 	MKTEMP=None
  404     fi
  405 }
  406 
  407 #
  408 # create a temporary file. If a directory name is passed, the file will be created in
  409 # that directory. Otherwise, it will be created in a temporary directory.
  410 #
  411 mktempfile() {
  412 
  413     [ -z "$MKTEMP" ] && find_mktemp
  414 
  415     if [ $# -gt 0 ]; then
  416 	case "$MKTEMP" in
  417 	    BSD)
  418 		mktemp $1/shorewall.XXXXXX
  419 		;;
  420 	    STD)
  421 		mktemp -p $1 shorewall.XXXXXX
  422 		;;
  423 	    None)
  424 		> $1/shorewall-$$ && echo $1/shorewall-$$
  425 		;;
  426 	    *)
  427 		error_message "ERROR:Internal error in mktempfile"
  428 		;;
  429 	esac
  430     else
  431 	case "$MKTEMP" in
  432 	    BSD)
  433 		mktemp ${TMPDIR:-/tmp}/shorewall.XXXXXX
  434 		;;
  435 	    STD)
  436 		mktemp -t shorewall.XXXXXX
  437 		;;
  438 	    None)
  439 		rm -f ${TMPDIR:-/tmp}/shorewall-$$
  440 		> ${TMPDIR:-}/shorewall-$$ && echo ${TMPDIR:-/tmp}/shorewall-$$
  441 		;;
  442 	    *)
  443 		error_message "ERROR:Internal error in mktempfile"
  444 		;;
  445 	esac
  446     fi
  447 }