void ipt_triggered(ipt_table_t table)
{
char *nv, *nvp, *b;
const char *proto, *mports, *fports;
const char *c;
char *p;
int i;
int first;
char s[256];
nvp = nv = strdup(nvram_safe_get("trigforward"));
if (!nv) return;
first = 1;
while ((b = strsep(&nvp, ">")) != NULL) {
if ((vstrsep(b, "<", &c, &proto, &mports, &fports) != 4) || (*c != '1')) continue;
for (i = 0; i < 2; ++i) {
if ((1 << i) & (*proto - '0')) {
if (first) {
// should only be created if there is at least one enabled
if (table == IPT_TABLE_NAT) {
ipt_write("-A %s -j TRIGGER --trigger-type dnat\n", chain_wan_prerouting);
goto QUIT;
}
ipt_write(":triggers - [0:0]\n"
"-A wanout -j triggers\n"
"-A wanin -j TRIGGER --trigger-type in\n");
first = 0;
}
strlcpy(s, mports, sizeof(s));
if ((p = strchr(s, ':')) != NULL) *p = '-';
if ((p = strchr(fports, ':')) != NULL) *p = '-';
c = tcpudp[i];
ipt_write("-A triggers -p %s -m %s --dport %s "
"-j TRIGGER --trigger-type out --trigger-proto %s --trigger-match %s --trigger-relate %s\n",
c, c, mports,
c, s, fports);
// can't use multiport... trigger-match must be set to the same
// ports as dport since it's used to refresh timer during inbound -- zzz
}
}
}
QUIT:
free(nv);
}
void ipt_qoslimit(int chain)
{
char *buf;
char *g;
char *p;
char *ibw,*obw;//bandwidth
char seq[4];//mark number
int iSeq = 10;
char *ipaddr_old;
char ipaddr[30];//ip address
char *dlrate,*dlceil;//guaranteed rate & maximum rate for download
char *ulrate,*ulceil;//guaranteed rate & maximum rate for upload
char *priority;//priority
char *lanipaddr; //lan ip address
char *lanmask; //lan netmask
char *tcplimit,*udplimit;//tcp connection limit & udp packets per second
int priority_num;
char *qosl_tcp,*qosl_udp;
int i, address_type;
//qos1 is enable
if (!nvram_get_int("new_qoslimit_enable")) return;
//read qos1rules from nvram
g = buf = strdup(nvram_safe_get("new_qoslimit_rules"));
ibw = nvram_safe_get("qos_ibw"); // Read from QOS setting - KRP
obw = nvram_safe_get("qos_obw"); // Read from QOS setting - KRP
lanipaddr = nvram_safe_get("lan_ipaddr");
lanmask = nvram_safe_get("lan_netmask");
qosl_tcp = nvram_safe_get("qosl_tcp");
qosl_udp = nvram_safe_get("qosl_udp");
//MANGLE
if (chain == 1)
{
if (nvram_get_int("qosl_enable") == 1) {
ipt_write(
"-A POSTROUTING ! -s %s/%s -d %s/%s -j MARK --set-mark 100\n"
"-A PREROUTING -s %s/%s ! -d %s/%s -j MARK --set-mark 100\n"
,lanipaddr,lanmask,lanipaddr,lanmask
,lanipaddr,lanmask,lanipaddr,lanmask);
}
//shibby br1
if (nvram_get_int("limit_br1_enable") == 1) {
char *lan1_ipaddr; //lan1 ip address
char *lan1_mask; //lan1 netmask
lan1_ipaddr = nvram_safe_get("lan1_ipaddr");
lan1_mask = nvram_safe_get("lan1_netmask");
ipt_write(
"-A POSTROUTING -d %s/%s -j MARK --set-mark 401\n"
"-A PREROUTING -s %s/%s -j MARK --set-mark 501\n"
,lan1_ipaddr,lan1_mask
,lan1_ipaddr,lan1_mask);
}
//shibby br2
if (nvram_get_int("limit_br2_enable") == 1) {
char *lan2_ipaddr; //lan2 ip address
char *lan2_mask; //lan2 netmask
lan2_ipaddr = nvram_safe_get("lan2_ipaddr");
lan2_mask = nvram_safe_get("lan2_netmask");
ipt_write(
"-A POSTROUTING -d %s/%s -j MARK --set-mark 601\n"
"-A PREROUTING -s %s/%s -j MARK --set-mark 701\n"
,lan2_ipaddr,lan2_mask
,lan2_ipaddr,lan2_mask);
}
//shibby br3
if (nvram_get_int("limit_br3_enable") == 1) {
char *lan3_ipaddr; //lan3 ip address
char *lan3_mask; //lan3 netmask
lan3_ipaddr = nvram_safe_get("lan3_ipaddr");
lan3_mask = nvram_safe_get("lan3_netmask");
ipt_write(
"-A POSTROUTING -d %s/%s -j MARK --set-mark 801\n"
"-A PREROUTING -s %s/%s -j MARK --set-mark 901\n"
,lan3_ipaddr,lan3_mask
,lan3_ipaddr,lan3_mask);
}
}
//NAT
if (chain == 2)
{
if (nvram_get_int("qosl_enable") == 1) {
if (nvram_get_int("qosl_tcp") > 0) {
ipt_write(
"-A PREROUTING -s %s/%s -p tcp --syn -m connlimit --connlimit-above %s -j DROP\n"
,lanipaddr,lanmask,qosl_tcp);
}
if (nvram_get_int("qosl_udp") > 0) {
ipt_write(
"-A PREROUTING -s %s/%s -p udp -m limit --limit %s/sec -j ACCEPT\n"
,lanipaddr,lanmask,qosl_udp);
}
}
}
while (g) {
/*
ipaddr_old<dlrate<dlceil<ulrate<ulceil<priority<tcplimit<udplimit
*/
if ((p = strsep(&g, ">")) == NULL) break;
i = vstrsep(p, "<", &ipaddr_old, &dlrate, &dlceil, &ulrate, &ulceil, &priority, &tcplimit, &udplimit);
if (i!=8) continue;
priority_num = atoi(priority);
if ((priority_num < 0) || (priority_num > 5)) continue;
if (!strcmp(ipaddr_old,"")) continue;
address_checker (&address_type, ipaddr_old, ipaddr);
sprintf(seq,"%d",iSeq);
iSeq++;
if (!strcmp(dlceil,"")) strcpy(dlceil, dlrate);
if (strcmp(dlrate,"") && strcmp(dlceil, "")) {
if(chain == 1) {
switch (address_type)
{
case IP_ADDRESS:
ipt_write(
"-A POSTROUTING ! -s %s/%s -d %s -j MARK --set-mark %s\n"
,lanipaddr,lanmask,ipaddr,seq);
break;
case MAC_ADDRESS:
break;
case IP_RANGE:
ipt_write(
"-A POSTROUTING ! -s %s/%s -m iprange --dst-range %s -j MARK --set-mark %s\n"
,lanipaddr,lanmask,ipaddr,seq);
break;
}
}
}
if (!strcmp(ulceil,"")) strcpy(ulceil, ulrate);
if (strcmp(ulrate,"") && strcmp(ulceil, "")) {
if (chain == 1) {
switch (address_type)
{
case IP_ADDRESS:
ipt_write(
"-A PREROUTING -s %s ! -d %s/%s -j MARK --set-mark %s\n"
,ipaddr,lanipaddr,lanmask,seq);
break;
case MAC_ADDRESS:
ipt_write(
"-A PREROUTING -m mac --mac-source %s ! -d %s/%s -j MARK --set-mark %s\n"
,ipaddr,lanipaddr,lanmask,seq);
break;
case IP_RANGE:
ipt_write(
"-A PREROUTING -m iprange --src-range %s ! -d %s/%s -j MARK --set-mark %s\n"
,ipaddr,lanipaddr,lanmask,seq);
break;
}
}
}
if(atoi(tcplimit) > 0){
if (chain == 2) {
switch (address_type)
{
case IP_ADDRESS:
ipt_write(
"-A PREROUTING -s %s -p tcp --syn -m connlimit --connlimit-above %s -j DROP\n"
,ipaddr,tcplimit);
break;
case MAC_ADDRESS:
ipt_write(
"-A PREROUTING -m mac --mac-source %s -p tcp --syn -m connlimit --connlimit-above %s -j DROP\n"
,ipaddr,tcplimit);
break;
case IP_RANGE:
ipt_write(
"-A PREROUTING -m iprange --src-range %s -p tcp --syn -m connlimit --connlimit-above %s -j DROP\n"
,ipaddr,tcplimit);
break;
}
}
}
if(atoi(udplimit) > 0){
if (chain == 2) {
switch (address_type)
{
case IP_ADDRESS:
ipt_write(
"-A PREROUTING -s %s -p udp -m limit --limit %s/sec -j ACCEPT\n"
,ipaddr,udplimit);
break;
case MAC_ADDRESS:
ipt_write(
"-A PREROUTING -m mac --mac-source %s -p udp -m limit --limit %s/sec -j ACCEPT\n"
,ipaddr,udplimit);
break;
case IP_RANGE:
ipt_write(
"-A PREROUTING -m iprange --src-range %s -p udp -m limit --limit %s/sec -j ACCEPT\n"
,ipaddr,udplimit);
break;
}
}
}
}
free(buf);
}
// in mangle table
void ipt_qos(void)
{
char *buf;
char *g;
char *p;
char *addr_type, *addr;
char *proto;
char *port_type, *port;
char *class_prio;
char *ipp2p, *layer7;
char *bcount;
char *dscp;
char *desc;
int class_num;
int proto_num;
int v4v6_ok;
int i;
char sport[192];
char saddr[256];
char end[256];
char s[32];
char app[128];
int inuse;
const char *chain;
unsigned long min;
unsigned long max;
unsigned long prev_max;
int gum;
const char *qface;
int sizegroup;
int class_flag;
int rule_num;
if (!nvram_get_int("qos_enable")) return;
inuse = 0;
gum = 0x100;
sizegroup = 0;
prev_max = 0;
rule_num = 0;
ip46t_write(
":QOSO - [0:0]\n"
"-A QOSO -j CONNMARK --restore-mark --mask 0xff\n"
"-A QOSO -m connmark ! --mark 0/0x0f00 -j RETURN\n");
g = buf = strdup(nvram_safe_get("qos_orules"));
while (g) {
/*
addr_type<addr<proto<port_type<port<ipp2p<L7<bcount<dscp<class_prio<desc
addr_type:
0 = any
1 = dest ip
2 = src ip
3 = src mac
addr:
ip/mac if addr_type == 1-3
proto:
0-65535 = protocol
-1 = tcp or udp
-2 = any protocol
port_type:
if proto == -1,tcp,udp:
d = dest
s = src
x = both
a = any
port:
port # if proto == -1,tcp,udp
bcount:
min:max
blank = none
dscp:
empty - any
numeric (0:63) - dscp value
afXX, csX, be, ef - dscp class
class_prio:
0-10 // was 0-8 - Changed from 8 in pkt_sched.h - Toastman
-1 = disabled
*/
if ((p = strsep(&g, ">")) == NULL) break;
i = vstrsep(p, "<", &addr_type, &addr, &proto, &port_type, &port, &ipp2p, &layer7, &bcount, &dscp, &class_prio, &desc);
rule_num++;
if (i == 10) {
// fixup < v1.28.XX55
desc = class_prio;
class_prio = dscp;
dscp = "";
}
else if (i == 9) {
// fixup < v0.08 // !!! temp
desc = class_prio;
class_prio = bcount;
bcount = "";
dscp = "";
}
else if (i != 11) continue;
class_num = atoi(class_prio);
if ((class_num < 0) || (class_num > 9)) continue;
i = 1 << class_num;
++class_num;
if ((inuse & i) == 0) {
inuse |= i;
}
v4v6_ok = IPT_V4;
#ifdef TCONFIG_IPV6
if (ipv6_enabled())
v4v6_ok |= IPT_V6;
#endif
class_flag = gum;
saddr[0] = '\0';
end[0] = '\0';
// mac or ip address
if ((*addr_type == '1') || (*addr_type == '2')) { // match ip
v4v6_ok &= ipt_addr(saddr, sizeof(saddr), addr, (*addr_type == '1') ? "dst" : "src",
v4v6_ok, (v4v6_ok==IPT_V4), "QoS", desc);
if (!v4v6_ok) continue;
}
else if (*addr_type == '3') { // match mac
sprintf(saddr, "-m mac --mac-source %s", addr); // (-m mac modified, returns !match in OUTPUT)
}
// IPP2P/Layer7
if (ipt_ipp2p(ipp2p, app)) v4v6_ok &= ~IPT_V6;
else ipt_layer7(layer7, app);
if (app[0]) {
v4v6_ok &= ~IPT_V6; // temp: l7 not working either!
class_flag = 0x100;
// IPP2P and L7 rules may need more than one packet before matching
// so port-based rules that come after them in the list can't be sticky
// or else these rules might never match.
gum = 0;
strcat(saddr, app);
}
// dscp
if (ipt_dscp(dscp, s)) {
#ifndef LINUX26
v4v6_ok &= ~IPT_V6; // dscp ipv6 match is not present in K2.4
#endif
strcat(saddr, s);
}
// -m connbytes --connbytes x:y --connbytes-dir both --connbytes-mode bytes
if (*bcount) {
min = strtoul(bcount, &p, 10);
if (*p != 0) {
strcat(saddr, " -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes ");
++p;
if (*p == 0) {
sprintf(saddr + strlen(saddr), "%lu:", min * 1024);
}
else {
max = strtoul(p, NULL, 10);
sprintf(saddr + strlen(saddr), "%lu:%lu", min * 1024, (max * 1024) - 1);
if (gum) {
if (!sizegroup) {
// Create table of connbytes sizes, pass appropriate connections there
// and only continue processing them if mark was wiped
ip46t_write(
":QOSSIZE - [0:0]\n"
"-I QOSO 3 -m connmark ! --mark 0/0xff000 -j QOSSIZE\n"
"-I QOSO 4 -m connmark ! --mark 0/0xff000 -j RETURN\n");
}
if (max != prev_max && sizegroup<255) {
class_flag = ++sizegroup << 12;
prev_max = max;
ip46t_flagged_write(v4v6_ok,
"-A QOSSIZE -m connmark --mark 0x%x/0xff000"
" -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes %lu: -j CONNMARK --set-return 0x00000/0xFF\n",
(sizegroup << 12), (max * 1024));
#ifdef BCMARM
ip46t_flagged_write(v4v6_ok,
"-A QOSSIZE -m connmark --mark 0x%x/0xff000"
" -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes %lu: -j RETURN\n",
(sizegroup << 12), (max * 1024));
#endif
}
else {
class_flag = sizegroup << 12;
}
}
}
}
else {
bcount = "";
}
}
chain = "QOSO";
class_num |= class_flag;
class_num |= rule_num << 20;
sprintf(end + strlen(end), " -j CONNMARK --set-return 0x%x/0xFF\n", class_num);
// protocol & ports
proto_num = atoi(proto);
if (proto_num > -2) {
if ((proto_num == 6) || (proto_num == 17) || (proto_num == -1)) {
if (*port_type != 'a') {
if ((*port_type == 'x') || (strchr(port, ','))) {
// dst-or-src port matches, and anything with multiple lists "," use multiport
sprintf(sport, "-m multiport --%sports %s", (*port_type == 's') ? "s" : ((*port_type == 'd') ? "d" : ""), port);
}
else {
// single or simple x:y range, use built-in tcp/udp match
sprintf(sport, "--%sport %s", (*port_type == 's') ? "s" : ((*port_type == 'd') ? "d" : ""), port);
}
}
else {
sport[0] = 0;
}
if (proto_num != 6) {
ip46t_flagged_write(v4v6_ok, "-A %s -p %s %s %s %s", chain, "udp", sport, saddr, end);
#ifdef BCMARM
ip46t_flagged_write(v4v6_ok, "-A %s -p %s %s %s -j RETURN\n", chain, "udp", sport, saddr);
#endif
}
if (proto_num != 17) {
ip46t_flagged_write(v4v6_ok, "-A %s -p %s %s %s %s", chain, "tcp", sport, saddr, end);
#ifdef BCMARM
ip46t_flagged_write(v4v6_ok, "-A %s -p %s %s %s -j RETURN\n", chain, "tcp", sport, saddr);
#endif
}
}
else {
ip46t_flagged_write(v4v6_ok, "-A %s -p %d %s %s", chain, proto_num, saddr, end);
#ifdef BCMARM
ip46t_flagged_write(v4v6_ok, "-A %s -p %d %s -j RETURN\n", chain, proto_num, saddr);
#endif
}
}
else { // any protocol
ip46t_flagged_write(v4v6_ok, "-A %s %s %s", chain, saddr, end);
#ifdef BCMARM
ip46t_flagged_write(v4v6_ok, "-A %s %s -j RETURN\n", chain, saddr);
#endif
}
}
free(buf);
qface = wanfaces.iface[0].name;
i = nvram_get_int("qos_default");
if ((i < 0) || (i > 9)) i = 3; // "low"
class_num = i + 1;
class_num |= 0xFF00000; // use rule_num=255 for default
ip46t_write("-A QOSO -j CONNMARK --set-return 0x%x\n", class_num);
#ifdef BCMARM
ip46t_write("-A QOSO -j RETURN\n");
#endif
ipt_write(
"-A FORWARD -o %s -j QOSO\n"
"-A OUTPUT -o %s -j QOSO\n"
"-A FORWARD -o %s -m connmark ! --mark 0 -j CONNMARK --save-mark\n"
"-A OUTPUT -o %s -m connmark ! --mark 0 -j CONNMARK --save-mark\n",
qface, qface, qface, qface);
#ifdef TCONFIG_IPV6
if (*wan6face) {
ip6t_write(
"-A FORWARD -o %s -j QOSO\n"
"-A OUTPUT -o %s -j QOSO\n"
"-A FORWARD -o %s -m connmark ! --mark 0 -j CONNMARK --save-mark\n"
"-A OUTPUT -o %s -m connmark ! --mark 0 -j CONNMARK --save-mark\n",
wan6face, wan6face, wan6face, wan6face);
}
#endif
inuse |= (1 << i) | 1; // default and highest are always built
sprintf(s, "%d", inuse);
nvram_set("qos_inuse", s);
g = buf = strdup(nvram_safe_get("qos_irates"));
for (i = 0; i < 10; ++i)
{
if ((!g) || ((p = strsep(&g, ",")) == NULL)) continue;
if ((inuse & (1 << i)) == 0) continue;
unsigned int rate;
unsigned int ceil;
// check if we've got a percentage definition in the form of "rate-ceiling"
// and that rate > 1
if ((sscanf(p, "%u-%u", &rate, &ceil) == 2) && (rate >= 1))
{
ipt_write("-A PREROUTING -i %s -j CONNMARK --restore-mark --mask 0xff\n", qface);
#ifdef BCMARM
ipt_write("-A PREROUTING -i %s -j RETURN\n", qface);
#endif
#ifdef TCONFIG_IPV6
if (*wan6face) {
ip6t_write("-A PREROUTING -i %s -j CONNMARK --restore-mark --mask 0xff\n", wan6face);
#ifdef BCMARM
ip6t_write("-A PREROUTING -i %s -j RETURN\n", wan6face);
#endif
}
#endif
break;
}
}
free(buf);
}
void ipt_forward(ipt_table_t table)
{
char *nv, *nvp, *b;
const char *proto, *saddr, *xports, *iport, *iaddr, *desc;
const char *c;
const char *mdport;
int i, n;
char ip[64];
char src[64];
nvp = nv = strdup(nvram_safe_get("portforward"));
if (!nv) return;
while ((b = strsep(&nvp, ">")) != NULL) {
/*
[<1.01] 1<3<30,40-45<60<5<desc
[<1.07] 1<3<30,40-45<60<192.168.1.5<desc
1<3<71.72.73.74<30,40-45<60<192.168.1.5<desc
1 = enabled
3 = tcp & udp
71.72.73.74 = src addr
30,40-45 = ext port
60 = int port
192.168.1.5 = dst addr
desc = desc
*/
n = vstrsep(b, "<", &c, &proto, &saddr, &xports, &iport, &iaddr, &desc);
if ((n < 6) || (*c != '1')) continue;
if (n == 6) {
// <1.07
desc = iaddr;
iaddr = iport;
iport = xports;
xports = saddr;
saddr = "";
}
if (!ipt_addr(src, sizeof(src), saddr, "src", IPT_V4, 1, "IPv4 port forwarding", desc))
continue;
if (strchr(iaddr, '.') == NULL && strtol(iaddr, NULL, 10) > 0) {
// < 1.01: 5 -> 192.168.1.5
strcpy(ip, lan_cclass);
strlcat(ip, iaddr, sizeof(ip));
}
else {
if (host_addrtypes(iaddr, IPT_V4) != IPT_V4) {
ipt_log_unresolved(iaddr, "IPv4", "IPv4 port forwarding", desc);
continue;
}
strlcpy(ip, iaddr, sizeof(ip));
}
mdport = (strchr(xports, ',') != NULL) ? "-m multiport --dports" : "--dport";
for (i = 0; i < 2; ++i) {
if ((1 << i) & (*proto - '0')) {
c = tcpudp[i];
if (table == IPT_TABLE_NAT) {
ipt_write("-A %s -p %s %s %s %s -j DNAT --to-destination %s%s%s\n",
chain_wan_prerouting,
c,
src,
mdport, xports,
ip, *iport ? ":" : "", iport);
if (nvram_get_int("nf_loopback") == 1) {
for (n = 0; n < wanfaces.count; ++n) {
if (*(wanfaces.iface[n].name)) {
ipt_write("-A POSTROUTING -p %s %s %s -s %s/%s -d %s -j SNAT --to-source %s\n",
c,
mdport, *iport ? iport : xports,
nvram_safe_get("lan_ipaddr"), // corrected by ipt
nvram_safe_get("lan_netmask"),
ip,
wanfaces.iface[n].ip);
}
}
}
}
else { // filter
ipt_write("-A wanin %s -p %s -m %s -d %s %s %s -j %s\n",
src,
c,
c,
ip,
mdport, *iport ? iport : xports,
chain_in_accept);
}
}
}
}
free(nv);
}
void ipt_restrictions(void)
{
char buf[8192];
char *p, *q;
int n;
char *comps, *matches, *http;
int nrule;
int blockall;
char reschain[32];
char devchain[32];
char nextchain[32];
int need_web;
char *pproto;
char *dir;
char *pport;
int proto;
char *ipp2p;
char *layer7;
char *addr_type, *addr;
char app[256];
char ports[256];
char iptaddr[192];
int http_file;
int ex;
int first;
int v4v6_ok;
need_web = 0;
first = 1;
nvram_unset("rrules_timewarn");
nvram_set("rrules_radio", "-1");
unsched_restrictions();
for (nrule = 0; nrule < MAX_NRULES; ++nrule) {
sprintf(buf, "rrule%d", nrule);
if ((p = nvram_get(buf)) == NULL) continue;
if (strlen(p) >= sizeof(buf)) continue;
strcpy(buf, p);
if ((vstrsep(buf, "|",
&q, // 0/1
&p, &p, &p, // time (ignored)
&comps, //
&matches, //
&http, //
&p // http file match
) != 8) || (*q != '1')) continue;
http_file = atoi(p);
if (comps[0] == '~') {
// a wireless disable rule, skip
continue;
}
if (first) {
first = 0;
ip46t_write(":restrict - [0:0]\n");
#ifdef TCONFIG_IPV6
if (*wan6face)
ip6t_write("-A FORWARD -o %s -j restrict\n",
wan6face);
#endif
for (n = 0; n < wanfaces.count; ++n) {
if (*(wanfaces.iface[n].name)) {
ipt_write("-A FORWARD -o %s -j restrict\n",
wanfaces.iface[n].name);
}
}
// Only mess with DNS requests that are coming in on INPUT
ip46t_write("-I INPUT 1 ! -i lo -p udp --dport 53 -j restrict\n");
}
sprintf(reschain, "rres%02d", nrule);
ip46t_write(":%s - [0:0]\n", reschain);
blockall = 1;
while ((q = strsep(&matches, ">")) != NULL) {
n = vstrsep(q, "<", &pproto, &dir, &pport, &ipp2p, &layer7, &addr_type, &addr);
if (n == 5) {
// fixup for backward compatibility
addr_type = "0";
}
else if (n != 7) continue;
if ((*dir != 'a') && (*dir != 's') && (*dir != 'd') && (*dir != 'x')) continue;
// p2p, layer7
if (!ipt_ipp2p(ipp2p, app)) {
if (ipt_layer7(layer7, app) == -1) continue;
}
#ifdef TCONFIG_IPV6
v4v6_ok = ((*app) ? 0 : IPT_V6) | IPT_V4;
#else
v4v6_ok = IPT_V4;
#endif
// dest ip/domain address
if ((*addr_type == '1') || (*addr_type == '2')) {
v4v6_ok = ipt_addr(iptaddr, sizeof(iptaddr), addr, (*addr_type == '1') ? "dst" : "src", v4v6_ok, (v4v6_ok == IPT_V4), "restrictions", NULL);
if (!v4v6_ok)
continue;
}
else {
iptaddr[0] = 0;
}
blockall = 0;
// proto & ports
proto = atoi(pproto);
if (proto <= -2) {
// shortcut if any proto+any port
ip46t_flagged_write(v4v6_ok, "-A %s %s %s -j %s\n", reschain, iptaddr, app, chain_out_drop);
continue;
}
else if ((proto == 6) || (proto == 17) || (proto == -1)) {
if ((*dir != 'a') && (*pport)) {
if ((*dir == 'x') || (strchr(pport, ','))) {
// use multiport for multiple ports or src-or-dst type matches
snprintf(ports, sizeof(ports), "-m multiport --%sports %s", (*dir == 'x') ? "" : dir, pport);
}
else {
// else, use built-in
snprintf(ports, sizeof(ports), "--%sport %s", dir, pport);
}
}
else {
ports[0] = 0;
}
if (proto != 17)
ip46t_flagged_write(v4v6_ok, "-A %s -p tcp %s %s %s -j %s\n", reschain, ports, iptaddr, app, chain_out_drop);
if (proto != 6)
ip46t_flagged_write(v4v6_ok, "-A %s -p udp %s %s %s -j %s\n", reschain, ports, iptaddr, app, chain_out_drop);
}
else {
ip46t_flagged_write(v4v6_ok, "-A %s -p %d %s %s -j %s\n", reschain, proto, iptaddr, app, chain_out_drop);
}
}
//
p = http;
while (*p) {
if ((*p == '\t') || (*p == '\r') || (*p == '\n') || (*p == '"')) *p = ' ';
++p;
}
while ((n = strlen(http)) > 0) {
if (n >= 511) {
p = http + 510;
while ((p > http) && (*p != ' ')) --p;
if (p <= http) {
// too long
break;
}
*p = 0;
}
else p = NULL;
ip46t_write("-A %s -p tcp -m web --hore \"%s\" -j %s\n", reschain, http, chain_out_reject);
need_web = 1;
blockall = 0;
if (p == NULL) break;
http = p + 1;
}
//
app[0] = 0;
if (http_file & 1) strcat(app, ".ocx$ .cab$ ");
if (http_file & 2) strcpy(app, ".swf$ ");
if (http_file & 4) strcat(app, ".class$ .jar$");
if (app[0]) {
ip46t_write("-A %s -p tcp -m multiport --dports %s -m web --path \"%s\" -j %s\n",
reschain, nvram_safe_get("rrulewp"), app, chain_out_reject);
need_web = 1;
blockall = 0;
}
if (*comps) {
if (blockall) {
ip46t_write("-X %s\n", reschain); // chain not needed
sprintf(nextchain, "-j %s", chain_out_drop);
}
else {
sprintf(nextchain, "-g %s", reschain);
}
ex = 0;
sprintf(devchain, "rdev%02d", nrule);
ip46t_write(":%s - [0:0]\n", devchain);
while ((q = strsep(&comps, ">")) != NULL) {
if (*q == 0) continue;
if (*q == '!') {
ex = 1;
continue;
}
#ifdef TCONFIG_IPV6
v4v6_ok = IPT_V6 | IPT_V4;
#else
v4v6_ok = IPT_V4;
#endif
if (sscanf(q, "%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx",
iptaddr, iptaddr, iptaddr, iptaddr, iptaddr, iptaddr) == 6) {
snprintf(iptaddr, sizeof(iptaddr), "-m mac --mac-source %s", q);
}
else {
v4v6_ok = ipt_addr(iptaddr, sizeof(iptaddr), q, "src", v4v6_ok, (v4v6_ok == IPT_V4), "restrictions", "filtering");
if (!v4v6_ok)
continue;
}
ip46t_flagged_write(v4v6_ok,
"-A %s %s %s\n", devchain, iptaddr, ex ? "-j RETURN" : nextchain);
}
if (ex) {
ip46t_write("-A %s %s\n", devchain, nextchain);
}
}
else if (blockall) {
ip46t_write("-A %s -j %s\n", reschain, chain_out_drop);
}
}
nvram_set("rrules_activated", "0");
if (need_web)
modprobe("ipt_web");
}
void * listfile(SINT cmd,LONG info,CHAR *str)
{
#define MAX_X 20
#define MAX_Y 30
static struct WINSCR buf[MAX_Y];
static struct WS_INFO ws;
LONG a;
LONG pt;
static SINT IptMirror;
static SINT scrhdl=-1;
//struct ffblk file;
FFBLK Fblk;
SINT fine;
static CHAR *p,*pmem=NULL;
static CHAR extcur[4];
//WORD sgm;
CHAR serv[255];
CHAR Bsys.szMouseCursorName[NOMEICONE_SIZE+1]; // Icone corrente del mouse
SINT BMS_ax,BMS_ay;
//-------------------------------------------------
if (cmd==WS_INF) return &ws;
switch (cmd) {
case WS_BUF : // Richiesta buffer
if (scrhdl==-1) break;
for (a=0;a<ws.numcam;a++) {
pt=a+ws.offset; if (pt>=ws.maxcam) break;
buf[(SINT) a].keypt=(CHAR *) (pmem+((SINT) pt*MAX_X));
}
break;
case WS_OFF : // Settaggio offset
ws.offset=info;
break;
case WS_KEYPRESS :
if (key_press(9)||key_press2(_FDX)) strcpy(str,"ESC:->");
if (key_press2(15)||key_press2(_FSX)) strcpy(str,"ESC:<-");
//if (key_press(9)) strcpy(str,"ESC:->");
//if (key_press2(15)) strcpy(str,"ESC:<-");
break;
case WS_FINDKEY :
case WS_FIND : // Ricerca la Chiave selezionata
if (scrhdl==-1) break;
strupr(str);
a=ws.selez+1;
if (memcmp(str,pmem+((SINT) a*MAX_X),strlen(str))==0)
{listfile(WS_OFF,a,"");
if (ws.offset>(ws.maxcam-ws.numcam))
ws.offset=(ws.maxcam-ws.numcam);
if (ws.offset<0) ws.offset=0;
listfile(WS_SEL,a,"");
break;}
{
for(a=0;a<ws.maxcam;a++)
{
if (memcmp(str,pmem+((SINT) a*MAX_X),strlen(str))<=0)
{listfile(WS_OFF,a,"");
if (ws.offset>(ws.maxcam-ws.numcam))
{ws.offset=(ws.maxcam-ws.numcam);}
if (ws.offset<0) ws.offset=0;
listfile(WS_SEL,a,"");
break;}
}
}
break;
case WS_SEL : // Settaggio selez
ws.selez=info;
if ((info>-1)&&IptMirror)
{ipt_write(1,(CHAR *) (pmem+((SINT) info*MAX_X)),0);
ipt_vedisolo(1);
}
//sonic(2000,1,1,1,1,6); //ehSleep(30);
break;
case WS_PTREC : // Restituisce pt alla chiave selezionata
buf[0].record=ws.selez;
buf[0].keypt=(CHAR *) (pmem+((SINT) ws.selez*MAX_X));
break;
case WS_REFON : // Richiesta di refresh schermo
ws.refre=ON;
break;
case WS_REFOFF : // Schermo rifreshato
ws.refre=OFF;
break;
case WS_OPEN : // PREPARA I DATI
if ((info<4)||(info>MAX_Y))
{
ehExit("Errore di assegnazione campi in listfile");
}
ws.sizecam=MAX_X;
ws.numcam=info;// Assegna il numero di campi da visualizzare
case WS_LOAD :
if (scrhdl>-1) memoFree(scrhdl,"Cr2");// Libera la memoria
scrhdl=-1;
ws.maxcam=0;
ws.offset=0;
ws.selez=-1;
ws.koffset=-1;
ws.kselez=-1;
ws.dispext=ON;
ws.refre=ON;
// Conta i file
strcpy(serv,PathNow);
strcat(serv,"*.");
strcat(serv,extcur); //strcat(serv,extcur);
// Cambia il mouse
strcpy(Bsys.szMouseCursorName,sys.szMouseCursorName);
BMS_ax=MS_ax; BMS_ay=MS_ay;
mouse_graph(0,0,"CLEX");
/*
typedef struct {
LONG Handle;
struct _finddata_t ffile;
CHAR *ff_name;
SINT ff_attrib;
CHAR ff_date[9];
} FFBLK;
#endif
SINT f_findfirst(CHAR *fname,FFBLK *,SINT attrib);
*/
os_errset(OFF);
fine=f_findFirst(serv,&Fblk,FA_ARCH);
while (!fine) {ws.maxcam++; fine=f_findNext(&Fblk);}
f_findClose(&Fblk);
// Non ci sono pi— files
if ((fine)&&(DE_coden==0x12)) {fine=0;}
os_errset(POP);
if (fine) os_errvedi("ListFile()\n");
if (ws.maxcam==0) goto FINEC;// No file
scrhdl=memoAlloc(M_HEAP,
(LONG) ws.maxcam*MAX_X,
"listfile()");
if (scrhdl<0) ehExit("Memoria insufficiente in line");
pmem=memoPtr(scrhdl);
// Copia i nomi dei file in memoria
os_errset(OFF);
fine=f_findFirst(serv,&Fblk,FA_ARCH);
if (fine) {os_errset(POP);goto FINEC;}
p=pmem; a=0;
while (!fine) {
a++;
if (a>ws.maxcam) ehExit("Errore in listafile");
strcpy((CHAR *) p,Fblk.ff_name);
p+=MAX_X;
fine=f_findNext(&Fblk);
}
f_findClose(&Fblk);
// Non ci sono pi— files
if ((fine)&&(DE_coden==0x12)) {fine=0;}
os_errset(POP);
if (fine) os_errvedi("ListFile2()\n");
// ORDINA I FILE IN MODO ALFABETICO
sort(pmem,(SINT) ws.maxcam,MAX_X);
FINEC:
mouse_graph(BMS_ax,BMS_ay,Bsys.szMouseCursorName);
return (SINT *) fine;
//break;
case WS_CLOSE : // LIBERA LA MEMORIA
if (scrhdl>-1) memoFree(scrhdl,"Cr3");// Libera la memoria
scrhdl=-1;
break;
case FBEXT:
if (strlen(str)>3) break;
strcpy(extcur,str);
IptMirror=(SINT) info; // Per la copia nell'input
break;
case WS_REALSET :
PathNow=str;
break;
}
return &buf;
#undef MAX_X
#undef MAX_Y
}
// versione Windows
void * listfile(struct OBJ *objCalled,EN_MESSAGE cmd,LONG info,CHAR *str)
{
#define MAX_X 20
#define MAX_Y 30
static struct WINSCR buf[MAX_Y];
static struct WS_INFO ws;
CHAR *ptr;
LONG a;
LONG pt;
struct WS_DISPEXT *DExt;
static SINT IptMirror;
static SINT scrhdl=-1;
//struct ffblk file;
// FFBLK Fblk;
EH_DIR sDir;
SINT fine=0;
static CHAR *p,*pmem=NULL;
static CHAR extcur[4];
//WORD sgm;
CHAR serv[255];
//CHAR Bsys.szMouseCursorName[NOMEICONE_SIZE+1]; // Icone corrente del mouse
//SINT BMS_ax,BMS_ay;
//-------------------------------------------------
if (cmd==WS_INF) return &ws;
switch (cmd) {
case WS_BUF : // Richiesta buffer
if (scrhdl==-1) break;
for (a=0;a<ws.numcam;a++) {
pt=a+ws.offset; if (pt>=ws.maxcam) break;
buf[(SINT) a].keypt=(CHAR *) (pmem+((SINT) pt*MAX_X));
}
break;
case WS_DISPLAY : // Richiesta buffer
DExt=(struct WS_DISPEXT *) str;
ptr=pmem+((SINT) info*MAX_X);
dispfm_h(DExt->px+2,DExt->py,DExt->col1,DExt->col2,DExt->hdl,ptr);
break;
case WS_OFF : // Settaggio offset
ws.offset=info;
break;
case WS_KEYPRESS :
if (key_press(9)||key_press2(_FDX)) strcpy(str,"ESC:->");
if (key_press2(15)||key_press2(_FSX)) strcpy(str,"ESC:<-");
//if (key_press(9)) strcpy(str,"ESC:->");
//if (key_press2(15)) strcpy(str,"ESC:<-");
break;
case WS_FINDKEY :
case WS_FIND : // Ricerca la Chiave selezionata
if (scrhdl==-1) break;
strupr(str);
a=ws.selez+1;
if (memcmp(str,pmem+((SINT) a*MAX_X),strlen(str))==0)
{listfile(NULL,WS_OFF,a,"");
if (ws.offset>(ws.maxcam-ws.numcam))
ws.offset=(ws.maxcam-ws.numcam);
if (ws.offset<0) ws.offset=0;
listfile(NULL,WS_SEL,a,"");
break;}
{
for(a=0;a<ws.maxcam;a++)
{
if (memcmp(str,pmem+((SINT) a*MAX_X),strlen(str))<=0)
{listfile(NULL,WS_OFF,a,"");
if (ws.offset>(ws.maxcam-ws.numcam))
{ws.offset=(ws.maxcam-ws.numcam);}
if (ws.offset<0) ws.offset=0;
listfile(NULL,WS_SEL,a,"");
break;}
}
}
break;
case WS_SEL : // Settaggio selez
ws.selez=info;
if ((info>-1)&&IptMirror)
{ipt_write(1,(CHAR *) (pmem+((SINT) info*MAX_X)),0);
ipt_vedisolo(1);
}
//sonic(2000,1,1,1,1,6); //ehSleep(30);
break;
case WS_PTREC : // Restituisce pt alla chiave selezionata
buf[0].record=ws.selez;
buf[0].keypt=(CHAR *) (pmem+((SINT) ws.selez*MAX_X));
break;
case WS_REFON : // Richiesta di refresh schermo
ws.refre=ON;
break;
case WS_REFOFF : // Schermo rifreshato
ws.refre=OFF;
break;
case WS_OPEN : // PREPARA I DATI
if ((info<4)||(info>MAX_Y))
{
ehExit("Errore di assegnazione campi in listfile");
}
ws.sizecam=MAX_X;
ws.numcam=info;// Assegna il numero di campi da visualizzare
case WS_LOAD :
if (scrhdl>-1) memoFree(scrhdl,"Cr2");// Libera la memoria
scrhdl=-1;
ws.maxcam=0;
ws.offset=0;
ws.selez=-1;
ws.koffset=-1;
ws.kselez=-1;
ws.dispext=ON;
ws.refre=ON;
// Conta i file
strcpy(serv,szFolder); AddBs(serv);
strcat(serv,"*.");
strcat(serv,extcur); //strcat(serv,extcur);
// Cambia il mouse
// strcpy(Bsys.szMouseCursorName,sys.szMouseCursorName);
// BMS_ax=MS_ax; BMS_ay=MS_ay;
mouse_graph(0,0,"CLEX");
/*
fine=f_findFirst(serv,&Fblk,FA_ARCH);
while (!fine) {ws.maxcam++; fine=f_findNext(&Fblk);}
f_findClose(&Fblk);
*/
fileDirOpen(serv,&sDir);
while (fileDirGet(&sDir)) {ws.maxcam++;}
fileDirClose(&sDir);
/*
// Non ci sono pi— files
if (ws.maxcam)
{
if ((DE_coden==ERROR_FILE_NOT_FOUND)||(DE_coden==ERROR_NO_MORE_FILES)) fine=0;
}
if (fine) win_infoarg("ListFile() %d\n",DE_coden);
*/
if (ws.maxcam==0) goto FINEC;// No file
scrhdl=memoAlloc(M_HEAP,(LONG) ws.maxcam*(MAX_X),"listfile()");
if (scrhdl<0) ehExit("Memoria insufficiente in line");
pmem=memoPtr(scrhdl,NULL);
// Copia i nomi dei file in memoria
fileDirOpen(serv,&sDir);
p=pmem; a=0;
while (fileDirGet(&sDir)) {
// BYTE *psz;
a++;
// if (a>ws.maxcam) ehExit("Errore in listafile");
// psz=wcsToStr(sDir.sFileInfoW.wcsFileName);
strcpy((CHAR *) p,sDir.sFileInfo.szFileName);
// ehFree(psz);
*p=(BYTE) toupper((SINT) *p);
p+=MAX_X;
}
fileDirClose(&sDir);
/*
// Non ci sono pi— files
if (fine)
{if ((DE_coden==ERROR_FILE_NOT_FOUND)||
(DE_coden==ERROR_NO_MORE_FILES)) fine=0;
}
if (fine) win_infoarg("ListFile() %d\n",DE_coden);
*/
// ORDINA I FILE IN MODO ALFABETICO
sort(pmem,(SINT) ws.maxcam,MAX_X);
FINEC:
// mouse_graph(BMS_ax,BMS_ay,Bsys.szMouseCursorName);
return (SINT *) fine;
//break;
case WS_CLOSE : // LIBERA LA MEMORIA
if (scrhdl>-1) memoFree(scrhdl,"Cr3");// Libera la memoria
scrhdl=-1;
break;
case FBEXT:
if (strlen(str)>3) break;
strcpy(extcur,str);
IptMirror=(SINT) info; // Per la copia nell'input
break;
case WS_REALSET :
strcpy(szFolder,str);
break;
}
return &buf;
#undef MAX_X
#undef MAX_Y
}
