void ipt_triggered(ipt_table_t table) { char *nv, *nvp, *b; const char *proto, *mports, *fports; const char *c; char *p; int i; int first; char s[256]; nvp = nv = strdup(nvram_safe_get("trigforward")); if (!nv) return; first = 1; while ((b = strsep(&nvp, ">")) != NULL) { if ((vstrsep(b, "<", &c, &proto, &mports, &fports) != 4) || (*c != '1')) continue; for (i = 0; i < 2; ++i) { if ((1 << i) & (*proto - '0')) { if (first) { // should only be created if there is at least one enabled if (table == IPT_TABLE_NAT) { ipt_write("-A %s -j TRIGGER --trigger-type dnat\n", chain_wan_prerouting); goto QUIT; } ipt_write(":triggers - [0:0]\n" "-A wanout -j triggers\n" "-A wanin -j TRIGGER --trigger-type in\n"); first = 0; } strlcpy(s, mports, sizeof(s)); if ((p = strchr(s, ':')) != NULL) *p = '-'; if ((p = strchr(fports, ':')) != NULL) *p = '-'; c = tcpudp[i]; ipt_write("-A triggers -p %s -m %s --dport %s " "-j TRIGGER --trigger-type out --trigger-proto %s --trigger-match %s --trigger-relate %s\n", c, c, mports, c, s, fports); // can't use multiport... trigger-match must be set to the same // ports as dport since it's used to refresh timer during inbound -- zzz } } } QUIT: free(nv); }
void ipt_qoslimit(int chain) { char *buf; char *g; char *p; char *ibw,*obw;//bandwidth char seq[4];//mark number int iSeq = 10; char *ipaddr_old; char ipaddr[30];//ip address char *dlrate,*dlceil;//guaranteed rate & maximum rate for download char *ulrate,*ulceil;//guaranteed rate & maximum rate for upload char *priority;//priority char *lanipaddr; //lan ip address char *lanmask; //lan netmask char *tcplimit,*udplimit;//tcp connection limit & udp packets per second int priority_num; char *qosl_tcp,*qosl_udp; int i, address_type; //qos1 is enable if (!nvram_get_int("new_qoslimit_enable")) return; //read qos1rules from nvram g = buf = strdup(nvram_safe_get("new_qoslimit_rules")); ibw = nvram_safe_get("qos_ibw"); // Read from QOS setting - KRP obw = nvram_safe_get("qos_obw"); // Read from QOS setting - KRP lanipaddr = nvram_safe_get("lan_ipaddr"); lanmask = nvram_safe_get("lan_netmask"); qosl_tcp = nvram_safe_get("qosl_tcp"); qosl_udp = nvram_safe_get("qosl_udp"); //MANGLE if (chain == 1) { if (nvram_get_int("qosl_enable") == 1) { ipt_write( "-A POSTROUTING ! -s %s/%s -d %s/%s -j MARK --set-mark 100\n" "-A PREROUTING -s %s/%s ! -d %s/%s -j MARK --set-mark 100\n" ,lanipaddr,lanmask,lanipaddr,lanmask ,lanipaddr,lanmask,lanipaddr,lanmask); } //shibby br1 if (nvram_get_int("limit_br1_enable") == 1) { char *lan1_ipaddr; //lan1 ip address char *lan1_mask; //lan1 netmask lan1_ipaddr = nvram_safe_get("lan1_ipaddr"); lan1_mask = nvram_safe_get("lan1_netmask"); ipt_write( "-A POSTROUTING -d %s/%s -j MARK --set-mark 401\n" "-A PREROUTING -s %s/%s -j MARK --set-mark 501\n" ,lan1_ipaddr,lan1_mask ,lan1_ipaddr,lan1_mask); } //shibby br2 if (nvram_get_int("limit_br2_enable") == 1) { char *lan2_ipaddr; //lan2 ip address char *lan2_mask; //lan2 netmask lan2_ipaddr = nvram_safe_get("lan2_ipaddr"); lan2_mask = nvram_safe_get("lan2_netmask"); ipt_write( "-A POSTROUTING -d %s/%s -j MARK --set-mark 601\n" "-A PREROUTING -s %s/%s -j MARK --set-mark 701\n" ,lan2_ipaddr,lan2_mask ,lan2_ipaddr,lan2_mask); } //shibby br3 if (nvram_get_int("limit_br3_enable") == 1) { char *lan3_ipaddr; //lan3 ip address char *lan3_mask; //lan3 netmask lan3_ipaddr = nvram_safe_get("lan3_ipaddr"); lan3_mask = nvram_safe_get("lan3_netmask"); ipt_write( "-A POSTROUTING -d %s/%s -j MARK --set-mark 801\n" "-A PREROUTING -s %s/%s -j MARK --set-mark 901\n" ,lan3_ipaddr,lan3_mask ,lan3_ipaddr,lan3_mask); } } //NAT if (chain == 2) { if (nvram_get_int("qosl_enable") == 1) { if (nvram_get_int("qosl_tcp") > 0) { ipt_write( "-A PREROUTING -s %s/%s -p tcp --syn -m connlimit --connlimit-above %s -j DROP\n" ,lanipaddr,lanmask,qosl_tcp); } if (nvram_get_int("qosl_udp") > 0) { ipt_write( "-A PREROUTING -s %s/%s -p udp -m limit --limit %s/sec -j ACCEPT\n" ,lanipaddr,lanmask,qosl_udp); } } } while (g) { /* ipaddr_old<dlrate<dlceil<ulrate<ulceil<priority<tcplimit<udplimit */ if ((p = strsep(&g, ">")) == NULL) break; i = vstrsep(p, "<", &ipaddr_old, &dlrate, &dlceil, &ulrate, &ulceil, &priority, &tcplimit, &udplimit); if (i!=8) continue; priority_num = atoi(priority); if ((priority_num < 0) || (priority_num > 5)) continue; if (!strcmp(ipaddr_old,"")) continue; address_checker (&address_type, ipaddr_old, ipaddr); sprintf(seq,"%d",iSeq); iSeq++; if (!strcmp(dlceil,"")) strcpy(dlceil, dlrate); if (strcmp(dlrate,"") && strcmp(dlceil, "")) { if(chain == 1) { switch (address_type) { case IP_ADDRESS: ipt_write( "-A POSTROUTING ! -s %s/%s -d %s -j MARK --set-mark %s\n" ,lanipaddr,lanmask,ipaddr,seq); break; case MAC_ADDRESS: break; case IP_RANGE: ipt_write( "-A POSTROUTING ! -s %s/%s -m iprange --dst-range %s -j MARK --set-mark %s\n" ,lanipaddr,lanmask,ipaddr,seq); break; } } } if (!strcmp(ulceil,"")) strcpy(ulceil, ulrate); if (strcmp(ulrate,"") && strcmp(ulceil, "")) { if (chain == 1) { switch (address_type) { case IP_ADDRESS: ipt_write( "-A PREROUTING -s %s ! -d %s/%s -j MARK --set-mark %s\n" ,ipaddr,lanipaddr,lanmask,seq); break; case MAC_ADDRESS: ipt_write( "-A PREROUTING -m mac --mac-source %s ! -d %s/%s -j MARK --set-mark %s\n" ,ipaddr,lanipaddr,lanmask,seq); break; case IP_RANGE: ipt_write( "-A PREROUTING -m iprange --src-range %s ! -d %s/%s -j MARK --set-mark %s\n" ,ipaddr,lanipaddr,lanmask,seq); break; } } } if(atoi(tcplimit) > 0){ if (chain == 2) { switch (address_type) { case IP_ADDRESS: ipt_write( "-A PREROUTING -s %s -p tcp --syn -m connlimit --connlimit-above %s -j DROP\n" ,ipaddr,tcplimit); break; case MAC_ADDRESS: ipt_write( "-A PREROUTING -m mac --mac-source %s -p tcp --syn -m connlimit --connlimit-above %s -j DROP\n" ,ipaddr,tcplimit); break; case IP_RANGE: ipt_write( "-A PREROUTING -m iprange --src-range %s -p tcp --syn -m connlimit --connlimit-above %s -j DROP\n" ,ipaddr,tcplimit); break; } } } if(atoi(udplimit) > 0){ if (chain == 2) { switch (address_type) { case IP_ADDRESS: ipt_write( "-A PREROUTING -s %s -p udp -m limit --limit %s/sec -j ACCEPT\n" ,ipaddr,udplimit); break; case MAC_ADDRESS: ipt_write( "-A PREROUTING -m mac --mac-source %s -p udp -m limit --limit %s/sec -j ACCEPT\n" ,ipaddr,udplimit); break; case IP_RANGE: ipt_write( "-A PREROUTING -m iprange --src-range %s -p udp -m limit --limit %s/sec -j ACCEPT\n" ,ipaddr,udplimit); break; } } } } free(buf); }
// in mangle table void ipt_qos(void) { char *buf; char *g; char *p; char *addr_type, *addr; char *proto; char *port_type, *port; char *class_prio; char *ipp2p, *layer7; char *bcount; char *dscp; char *desc; int class_num; int proto_num; int v4v6_ok; int i; char sport[192]; char saddr[256]; char end[256]; char s[32]; char app[128]; int inuse; const char *chain; unsigned long min; unsigned long max; unsigned long prev_max; int gum; const char *qface; int sizegroup; int class_flag; int rule_num; if (!nvram_get_int("qos_enable")) return; inuse = 0; gum = 0x100; sizegroup = 0; prev_max = 0; rule_num = 0; ip46t_write( ":QOSO - [0:0]\n" "-A QOSO -j CONNMARK --restore-mark --mask 0xff\n" "-A QOSO -m connmark ! --mark 0/0x0f00 -j RETURN\n"); g = buf = strdup(nvram_safe_get("qos_orules")); while (g) { /* addr_type<addr<proto<port_type<port<ipp2p<L7<bcount<dscp<class_prio<desc addr_type: 0 = any 1 = dest ip 2 = src ip 3 = src mac addr: ip/mac if addr_type == 1-3 proto: 0-65535 = protocol -1 = tcp or udp -2 = any protocol port_type: if proto == -1,tcp,udp: d = dest s = src x = both a = any port: port # if proto == -1,tcp,udp bcount: min:max blank = none dscp: empty - any numeric (0:63) - dscp value afXX, csX, be, ef - dscp class class_prio: 0-10 // was 0-8 - Changed from 8 in pkt_sched.h - Toastman -1 = disabled */ if ((p = strsep(&g, ">")) == NULL) break; i = vstrsep(p, "<", &addr_type, &addr, &proto, &port_type, &port, &ipp2p, &layer7, &bcount, &dscp, &class_prio, &desc); rule_num++; if (i == 10) { // fixup < v1.28.XX55 desc = class_prio; class_prio = dscp; dscp = ""; } else if (i == 9) { // fixup < v0.08 // !!! temp desc = class_prio; class_prio = bcount; bcount = ""; dscp = ""; } else if (i != 11) continue; class_num = atoi(class_prio); if ((class_num < 0) || (class_num > 9)) continue; i = 1 << class_num; ++class_num; if ((inuse & i) == 0) { inuse |= i; } v4v6_ok = IPT_V4; #ifdef TCONFIG_IPV6 if (ipv6_enabled()) v4v6_ok |= IPT_V6; #endif class_flag = gum; saddr[0] = '\0'; end[0] = '\0'; // mac or ip address if ((*addr_type == '1') || (*addr_type == '2')) { // match ip v4v6_ok &= ipt_addr(saddr, sizeof(saddr), addr, (*addr_type == '1') ? "dst" : "src", v4v6_ok, (v4v6_ok==IPT_V4), "QoS", desc); if (!v4v6_ok) continue; } else if (*addr_type == '3') { // match mac sprintf(saddr, "-m mac --mac-source %s", addr); // (-m mac modified, returns !match in OUTPUT) } // IPP2P/Layer7 if (ipt_ipp2p(ipp2p, app)) v4v6_ok &= ~IPT_V6; else ipt_layer7(layer7, app); if (app[0]) { v4v6_ok &= ~IPT_V6; // temp: l7 not working either! class_flag = 0x100; // IPP2P and L7 rules may need more than one packet before matching // so port-based rules that come after them in the list can't be sticky // or else these rules might never match. gum = 0; strcat(saddr, app); } // dscp if (ipt_dscp(dscp, s)) { #ifndef LINUX26 v4v6_ok &= ~IPT_V6; // dscp ipv6 match is not present in K2.4 #endif strcat(saddr, s); } // -m connbytes --connbytes x:y --connbytes-dir both --connbytes-mode bytes if (*bcount) { min = strtoul(bcount, &p, 10); if (*p != 0) { strcat(saddr, " -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes "); ++p; if (*p == 0) { sprintf(saddr + strlen(saddr), "%lu:", min * 1024); } else { max = strtoul(p, NULL, 10); sprintf(saddr + strlen(saddr), "%lu:%lu", min * 1024, (max * 1024) - 1); if (gum) { if (!sizegroup) { // Create table of connbytes sizes, pass appropriate connections there // and only continue processing them if mark was wiped ip46t_write( ":QOSSIZE - [0:0]\n" "-I QOSO 3 -m connmark ! --mark 0/0xff000 -j QOSSIZE\n" "-I QOSO 4 -m connmark ! --mark 0/0xff000 -j RETURN\n"); } if (max != prev_max && sizegroup<255) { class_flag = ++sizegroup << 12; prev_max = max; ip46t_flagged_write(v4v6_ok, "-A QOSSIZE -m connmark --mark 0x%x/0xff000" " -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes %lu: -j CONNMARK --set-return 0x00000/0xFF\n", (sizegroup << 12), (max * 1024)); #ifdef BCMARM ip46t_flagged_write(v4v6_ok, "-A QOSSIZE -m connmark --mark 0x%x/0xff000" " -m connbytes --connbytes-mode bytes --connbytes-dir both --connbytes %lu: -j RETURN\n", (sizegroup << 12), (max * 1024)); #endif } else { class_flag = sizegroup << 12; } } } } else { bcount = ""; } } chain = "QOSO"; class_num |= class_flag; class_num |= rule_num << 20; sprintf(end + strlen(end), " -j CONNMARK --set-return 0x%x/0xFF\n", class_num); // protocol & ports proto_num = atoi(proto); if (proto_num > -2) { if ((proto_num == 6) || (proto_num == 17) || (proto_num == -1)) { if (*port_type != 'a') { if ((*port_type == 'x') || (strchr(port, ','))) { // dst-or-src port matches, and anything with multiple lists "," use multiport sprintf(sport, "-m multiport --%sports %s", (*port_type == 's') ? "s" : ((*port_type == 'd') ? "d" : ""), port); } else { // single or simple x:y range, use built-in tcp/udp match sprintf(sport, "--%sport %s", (*port_type == 's') ? "s" : ((*port_type == 'd') ? "d" : ""), port); } } else { sport[0] = 0; } if (proto_num != 6) { ip46t_flagged_write(v4v6_ok, "-A %s -p %s %s %s %s", chain, "udp", sport, saddr, end); #ifdef BCMARM ip46t_flagged_write(v4v6_ok, "-A %s -p %s %s %s -j RETURN\n", chain, "udp", sport, saddr); #endif } if (proto_num != 17) { ip46t_flagged_write(v4v6_ok, "-A %s -p %s %s %s %s", chain, "tcp", sport, saddr, end); #ifdef BCMARM ip46t_flagged_write(v4v6_ok, "-A %s -p %s %s %s -j RETURN\n", chain, "tcp", sport, saddr); #endif } } else { ip46t_flagged_write(v4v6_ok, "-A %s -p %d %s %s", chain, proto_num, saddr, end); #ifdef BCMARM ip46t_flagged_write(v4v6_ok, "-A %s -p %d %s -j RETURN\n", chain, proto_num, saddr); #endif } } else { // any protocol ip46t_flagged_write(v4v6_ok, "-A %s %s %s", chain, saddr, end); #ifdef BCMARM ip46t_flagged_write(v4v6_ok, "-A %s %s -j RETURN\n", chain, saddr); #endif } } free(buf); qface = wanfaces.iface[0].name; i = nvram_get_int("qos_default"); if ((i < 0) || (i > 9)) i = 3; // "low" class_num = i + 1; class_num |= 0xFF00000; // use rule_num=255 for default ip46t_write("-A QOSO -j CONNMARK --set-return 0x%x\n", class_num); #ifdef BCMARM ip46t_write("-A QOSO -j RETURN\n"); #endif ipt_write( "-A FORWARD -o %s -j QOSO\n" "-A OUTPUT -o %s -j QOSO\n" "-A FORWARD -o %s -m connmark ! --mark 0 -j CONNMARK --save-mark\n" "-A OUTPUT -o %s -m connmark ! --mark 0 -j CONNMARK --save-mark\n", qface, qface, qface, qface); #ifdef TCONFIG_IPV6 if (*wan6face) { ip6t_write( "-A FORWARD -o %s -j QOSO\n" "-A OUTPUT -o %s -j QOSO\n" "-A FORWARD -o %s -m connmark ! --mark 0 -j CONNMARK --save-mark\n" "-A OUTPUT -o %s -m connmark ! --mark 0 -j CONNMARK --save-mark\n", wan6face, wan6face, wan6face, wan6face); } #endif inuse |= (1 << i) | 1; // default and highest are always built sprintf(s, "%d", inuse); nvram_set("qos_inuse", s); g = buf = strdup(nvram_safe_get("qos_irates")); for (i = 0; i < 10; ++i) { if ((!g) || ((p = strsep(&g, ",")) == NULL)) continue; if ((inuse & (1 << i)) == 0) continue; unsigned int rate; unsigned int ceil; // check if we've got a percentage definition in the form of "rate-ceiling" // and that rate > 1 if ((sscanf(p, "%u-%u", &rate, &ceil) == 2) && (rate >= 1)) { ipt_write("-A PREROUTING -i %s -j CONNMARK --restore-mark --mask 0xff\n", qface); #ifdef BCMARM ipt_write("-A PREROUTING -i %s -j RETURN\n", qface); #endif #ifdef TCONFIG_IPV6 if (*wan6face) { ip6t_write("-A PREROUTING -i %s -j CONNMARK --restore-mark --mask 0xff\n", wan6face); #ifdef BCMARM ip6t_write("-A PREROUTING -i %s -j RETURN\n", wan6face); #endif } #endif break; } } free(buf); }
void ipt_forward(ipt_table_t table) { char *nv, *nvp, *b; const char *proto, *saddr, *xports, *iport, *iaddr, *desc; const char *c; const char *mdport; int i, n; char ip[64]; char src[64]; nvp = nv = strdup(nvram_safe_get("portforward")); if (!nv) return; while ((b = strsep(&nvp, ">")) != NULL) { /* [<1.01] 1<3<30,40-45<60<5<desc [<1.07] 1<3<30,40-45<60<192.168.1.5<desc 1<3<71.72.73.74<30,40-45<60<192.168.1.5<desc 1 = enabled 3 = tcp & udp 71.72.73.74 = src addr 30,40-45 = ext port 60 = int port 192.168.1.5 = dst addr desc = desc */ n = vstrsep(b, "<", &c, &proto, &saddr, &xports, &iport, &iaddr, &desc); if ((n < 6) || (*c != '1')) continue; if (n == 6) { // <1.07 desc = iaddr; iaddr = iport; iport = xports; xports = saddr; saddr = ""; } if (!ipt_addr(src, sizeof(src), saddr, "src", IPT_V4, 1, "IPv4 port forwarding", desc)) continue; if (strchr(iaddr, '.') == NULL && strtol(iaddr, NULL, 10) > 0) { // < 1.01: 5 -> 192.168.1.5 strcpy(ip, lan_cclass); strlcat(ip, iaddr, sizeof(ip)); } else { if (host_addrtypes(iaddr, IPT_V4) != IPT_V4) { ipt_log_unresolved(iaddr, "IPv4", "IPv4 port forwarding", desc); continue; } strlcpy(ip, iaddr, sizeof(ip)); } mdport = (strchr(xports, ',') != NULL) ? "-m multiport --dports" : "--dport"; for (i = 0; i < 2; ++i) { if ((1 << i) & (*proto - '0')) { c = tcpudp[i]; if (table == IPT_TABLE_NAT) { ipt_write("-A %s -p %s %s %s %s -j DNAT --to-destination %s%s%s\n", chain_wan_prerouting, c, src, mdport, xports, ip, *iport ? ":" : "", iport); if (nvram_get_int("nf_loopback") == 1) { for (n = 0; n < wanfaces.count; ++n) { if (*(wanfaces.iface[n].name)) { ipt_write("-A POSTROUTING -p %s %s %s -s %s/%s -d %s -j SNAT --to-source %s\n", c, mdport, *iport ? iport : xports, nvram_safe_get("lan_ipaddr"), // corrected by ipt nvram_safe_get("lan_netmask"), ip, wanfaces.iface[n].ip); } } } } else { // filter ipt_write("-A wanin %s -p %s -m %s -d %s %s %s -j %s\n", src, c, c, ip, mdport, *iport ? iport : xports, chain_in_accept); } } } } free(nv); }
void ipt_restrictions(void) { char buf[8192]; char *p, *q; int n; char *comps, *matches, *http; int nrule; int blockall; char reschain[32]; char devchain[32]; char nextchain[32]; int need_web; char *pproto; char *dir; char *pport; int proto; char *ipp2p; char *layer7; char *addr_type, *addr; char app[256]; char ports[256]; char iptaddr[192]; int http_file; int ex; int first; int v4v6_ok; need_web = 0; first = 1; nvram_unset("rrules_timewarn"); nvram_set("rrules_radio", "-1"); unsched_restrictions(); for (nrule = 0; nrule < MAX_NRULES; ++nrule) { sprintf(buf, "rrule%d", nrule); if ((p = nvram_get(buf)) == NULL) continue; if (strlen(p) >= sizeof(buf)) continue; strcpy(buf, p); if ((vstrsep(buf, "|", &q, // 0/1 &p, &p, &p, // time (ignored) &comps, // &matches, // &http, // &p // http file match ) != 8) || (*q != '1')) continue; http_file = atoi(p); if (comps[0] == '~') { // a wireless disable rule, skip continue; } if (first) { first = 0; ip46t_write(":restrict - [0:0]\n"); #ifdef TCONFIG_IPV6 if (*wan6face) ip6t_write("-A FORWARD -o %s -j restrict\n", wan6face); #endif for (n = 0; n < wanfaces.count; ++n) { if (*(wanfaces.iface[n].name)) { ipt_write("-A FORWARD -o %s -j restrict\n", wanfaces.iface[n].name); } } // Only mess with DNS requests that are coming in on INPUT ip46t_write("-I INPUT 1 ! -i lo -p udp --dport 53 -j restrict\n"); } sprintf(reschain, "rres%02d", nrule); ip46t_write(":%s - [0:0]\n", reschain); blockall = 1; while ((q = strsep(&matches, ">")) != NULL) { n = vstrsep(q, "<", &pproto, &dir, &pport, &ipp2p, &layer7, &addr_type, &addr); if (n == 5) { // fixup for backward compatibility addr_type = "0"; } else if (n != 7) continue; if ((*dir != 'a') && (*dir != 's') && (*dir != 'd') && (*dir != 'x')) continue; // p2p, layer7 if (!ipt_ipp2p(ipp2p, app)) { if (ipt_layer7(layer7, app) == -1) continue; } #ifdef TCONFIG_IPV6 v4v6_ok = ((*app) ? 0 : IPT_V6) | IPT_V4; #else v4v6_ok = IPT_V4; #endif // dest ip/domain address if ((*addr_type == '1') || (*addr_type == '2')) { v4v6_ok = ipt_addr(iptaddr, sizeof(iptaddr), addr, (*addr_type == '1') ? "dst" : "src", v4v6_ok, (v4v6_ok == IPT_V4), "restrictions", NULL); if (!v4v6_ok) continue; } else { iptaddr[0] = 0; } blockall = 0; // proto & ports proto = atoi(pproto); if (proto <= -2) { // shortcut if any proto+any port ip46t_flagged_write(v4v6_ok, "-A %s %s %s -j %s\n", reschain, iptaddr, app, chain_out_drop); continue; } else if ((proto == 6) || (proto == 17) || (proto == -1)) { if ((*dir != 'a') && (*pport)) { if ((*dir == 'x') || (strchr(pport, ','))) { // use multiport for multiple ports or src-or-dst type matches snprintf(ports, sizeof(ports), "-m multiport --%sports %s", (*dir == 'x') ? "" : dir, pport); } else { // else, use built-in snprintf(ports, sizeof(ports), "--%sport %s", dir, pport); } } else { ports[0] = 0; } if (proto != 17) ip46t_flagged_write(v4v6_ok, "-A %s -p tcp %s %s %s -j %s\n", reschain, ports, iptaddr, app, chain_out_drop); if (proto != 6) ip46t_flagged_write(v4v6_ok, "-A %s -p udp %s %s %s -j %s\n", reschain, ports, iptaddr, app, chain_out_drop); } else { ip46t_flagged_write(v4v6_ok, "-A %s -p %d %s %s -j %s\n", reschain, proto, iptaddr, app, chain_out_drop); } } // p = http; while (*p) { if ((*p == '\t') || (*p == '\r') || (*p == '\n') || (*p == '"')) *p = ' '; ++p; } while ((n = strlen(http)) > 0) { if (n >= 511) { p = http + 510; while ((p > http) && (*p != ' ')) --p; if (p <= http) { // too long break; } *p = 0; } else p = NULL; ip46t_write("-A %s -p tcp -m web --hore \"%s\" -j %s\n", reschain, http, chain_out_reject); need_web = 1; blockall = 0; if (p == NULL) break; http = p + 1; } // app[0] = 0; if (http_file & 1) strcat(app, ".ocx$ .cab$ "); if (http_file & 2) strcpy(app, ".swf$ "); if (http_file & 4) strcat(app, ".class$ .jar$"); if (app[0]) { ip46t_write("-A %s -p tcp -m multiport --dports %s -m web --path \"%s\" -j %s\n", reschain, nvram_safe_get("rrulewp"), app, chain_out_reject); need_web = 1; blockall = 0; } if (*comps) { if (blockall) { ip46t_write("-X %s\n", reschain); // chain not needed sprintf(nextchain, "-j %s", chain_out_drop); } else { sprintf(nextchain, "-g %s", reschain); } ex = 0; sprintf(devchain, "rdev%02d", nrule); ip46t_write(":%s - [0:0]\n", devchain); while ((q = strsep(&comps, ">")) != NULL) { if (*q == 0) continue; if (*q == '!') { ex = 1; continue; } #ifdef TCONFIG_IPV6 v4v6_ok = IPT_V6 | IPT_V4; #else v4v6_ok = IPT_V4; #endif if (sscanf(q, "%2hhx:%2hhx:%2hhx:%2hhx:%2hhx:%2hhx", iptaddr, iptaddr, iptaddr, iptaddr, iptaddr, iptaddr) == 6) { snprintf(iptaddr, sizeof(iptaddr), "-m mac --mac-source %s", q); } else { v4v6_ok = ipt_addr(iptaddr, sizeof(iptaddr), q, "src", v4v6_ok, (v4v6_ok == IPT_V4), "restrictions", "filtering"); if (!v4v6_ok) continue; } ip46t_flagged_write(v4v6_ok, "-A %s %s %s\n", devchain, iptaddr, ex ? "-j RETURN" : nextchain); } if (ex) { ip46t_write("-A %s %s\n", devchain, nextchain); } } else if (blockall) { ip46t_write("-A %s -j %s\n", reschain, chain_out_drop); } } nvram_set("rrules_activated", "0"); if (need_web) modprobe("ipt_web"); }
void * listfile(SINT cmd,LONG info,CHAR *str) { #define MAX_X 20 #define MAX_Y 30 static struct WINSCR buf[MAX_Y]; static struct WS_INFO ws; LONG a; LONG pt; static SINT IptMirror; static SINT scrhdl=-1; //struct ffblk file; FFBLK Fblk; SINT fine; static CHAR *p,*pmem=NULL; static CHAR extcur[4]; //WORD sgm; CHAR serv[255]; CHAR Bsys.szMouseCursorName[NOMEICONE_SIZE+1]; // Icone corrente del mouse SINT BMS_ax,BMS_ay; //------------------------------------------------- if (cmd==WS_INF) return &ws; switch (cmd) { case WS_BUF : // Richiesta buffer if (scrhdl==-1) break; for (a=0;a<ws.numcam;a++) { pt=a+ws.offset; if (pt>=ws.maxcam) break; buf[(SINT) a].keypt=(CHAR *) (pmem+((SINT) pt*MAX_X)); } break; case WS_OFF : // Settaggio offset ws.offset=info; break; case WS_KEYPRESS : if (key_press(9)||key_press2(_FDX)) strcpy(str,"ESC:->"); if (key_press2(15)||key_press2(_FSX)) strcpy(str,"ESC:<-"); //if (key_press(9)) strcpy(str,"ESC:->"); //if (key_press2(15)) strcpy(str,"ESC:<-"); break; case WS_FINDKEY : case WS_FIND : // Ricerca la Chiave selezionata if (scrhdl==-1) break; strupr(str); a=ws.selez+1; if (memcmp(str,pmem+((SINT) a*MAX_X),strlen(str))==0) {listfile(WS_OFF,a,""); if (ws.offset>(ws.maxcam-ws.numcam)) ws.offset=(ws.maxcam-ws.numcam); if (ws.offset<0) ws.offset=0; listfile(WS_SEL,a,""); break;} { for(a=0;a<ws.maxcam;a++) { if (memcmp(str,pmem+((SINT) a*MAX_X),strlen(str))<=0) {listfile(WS_OFF,a,""); if (ws.offset>(ws.maxcam-ws.numcam)) {ws.offset=(ws.maxcam-ws.numcam);} if (ws.offset<0) ws.offset=0; listfile(WS_SEL,a,""); break;} } } break; case WS_SEL : // Settaggio selez ws.selez=info; if ((info>-1)&&IptMirror) {ipt_write(1,(CHAR *) (pmem+((SINT) info*MAX_X)),0); ipt_vedisolo(1); } //sonic(2000,1,1,1,1,6); //ehSleep(30); break; case WS_PTREC : // Restituisce pt alla chiave selezionata buf[0].record=ws.selez; buf[0].keypt=(CHAR *) (pmem+((SINT) ws.selez*MAX_X)); break; case WS_REFON : // Richiesta di refresh schermo ws.refre=ON; break; case WS_REFOFF : // Schermo rifreshato ws.refre=OFF; break; case WS_OPEN : // PREPARA I DATI if ((info<4)||(info>MAX_Y)) { ehExit("Errore di assegnazione campi in listfile"); } ws.sizecam=MAX_X; ws.numcam=info;// Assegna il numero di campi da visualizzare case WS_LOAD : if (scrhdl>-1) memoFree(scrhdl,"Cr2");// Libera la memoria scrhdl=-1; ws.maxcam=0; ws.offset=0; ws.selez=-1; ws.koffset=-1; ws.kselez=-1; ws.dispext=ON; ws.refre=ON; // Conta i file strcpy(serv,PathNow); strcat(serv,"*."); strcat(serv,extcur); //strcat(serv,extcur); // Cambia il mouse strcpy(Bsys.szMouseCursorName,sys.szMouseCursorName); BMS_ax=MS_ax; BMS_ay=MS_ay; mouse_graph(0,0,"CLEX"); /* typedef struct { LONG Handle; struct _finddata_t ffile; CHAR *ff_name; SINT ff_attrib; CHAR ff_date[9]; } FFBLK; #endif SINT f_findfirst(CHAR *fname,FFBLK *,SINT attrib); */ os_errset(OFF); fine=f_findFirst(serv,&Fblk,FA_ARCH); while (!fine) {ws.maxcam++; fine=f_findNext(&Fblk);} f_findClose(&Fblk); // Non ci sono pi— files if ((fine)&&(DE_coden==0x12)) {fine=0;} os_errset(POP); if (fine) os_errvedi("ListFile()\n"); if (ws.maxcam==0) goto FINEC;// No file scrhdl=memoAlloc(M_HEAP, (LONG) ws.maxcam*MAX_X, "listfile()"); if (scrhdl<0) ehExit("Memoria insufficiente in line"); pmem=memoPtr(scrhdl); // Copia i nomi dei file in memoria os_errset(OFF); fine=f_findFirst(serv,&Fblk,FA_ARCH); if (fine) {os_errset(POP);goto FINEC;} p=pmem; a=0; while (!fine) { a++; if (a>ws.maxcam) ehExit("Errore in listafile"); strcpy((CHAR *) p,Fblk.ff_name); p+=MAX_X; fine=f_findNext(&Fblk); } f_findClose(&Fblk); // Non ci sono pi— files if ((fine)&&(DE_coden==0x12)) {fine=0;} os_errset(POP); if (fine) os_errvedi("ListFile2()\n"); // ORDINA I FILE IN MODO ALFABETICO sort(pmem,(SINT) ws.maxcam,MAX_X); FINEC: mouse_graph(BMS_ax,BMS_ay,Bsys.szMouseCursorName); return (SINT *) fine; //break; case WS_CLOSE : // LIBERA LA MEMORIA if (scrhdl>-1) memoFree(scrhdl,"Cr3");// Libera la memoria scrhdl=-1; break; case FBEXT: if (strlen(str)>3) break; strcpy(extcur,str); IptMirror=(SINT) info; // Per la copia nell'input break; case WS_REALSET : PathNow=str; break; } return &buf; #undef MAX_X #undef MAX_Y }
// versione Windows void * listfile(struct OBJ *objCalled,EN_MESSAGE cmd,LONG info,CHAR *str) { #define MAX_X 20 #define MAX_Y 30 static struct WINSCR buf[MAX_Y]; static struct WS_INFO ws; CHAR *ptr; LONG a; LONG pt; struct WS_DISPEXT *DExt; static SINT IptMirror; static SINT scrhdl=-1; //struct ffblk file; // FFBLK Fblk; EH_DIR sDir; SINT fine=0; static CHAR *p,*pmem=NULL; static CHAR extcur[4]; //WORD sgm; CHAR serv[255]; //CHAR Bsys.szMouseCursorName[NOMEICONE_SIZE+1]; // Icone corrente del mouse //SINT BMS_ax,BMS_ay; //------------------------------------------------- if (cmd==WS_INF) return &ws; switch (cmd) { case WS_BUF : // Richiesta buffer if (scrhdl==-1) break; for (a=0;a<ws.numcam;a++) { pt=a+ws.offset; if (pt>=ws.maxcam) break; buf[(SINT) a].keypt=(CHAR *) (pmem+((SINT) pt*MAX_X)); } break; case WS_DISPLAY : // Richiesta buffer DExt=(struct WS_DISPEXT *) str; ptr=pmem+((SINT) info*MAX_X); dispfm_h(DExt->px+2,DExt->py,DExt->col1,DExt->col2,DExt->hdl,ptr); break; case WS_OFF : // Settaggio offset ws.offset=info; break; case WS_KEYPRESS : if (key_press(9)||key_press2(_FDX)) strcpy(str,"ESC:->"); if (key_press2(15)||key_press2(_FSX)) strcpy(str,"ESC:<-"); //if (key_press(9)) strcpy(str,"ESC:->"); //if (key_press2(15)) strcpy(str,"ESC:<-"); break; case WS_FINDKEY : case WS_FIND : // Ricerca la Chiave selezionata if (scrhdl==-1) break; strupr(str); a=ws.selez+1; if (memcmp(str,pmem+((SINT) a*MAX_X),strlen(str))==0) {listfile(NULL,WS_OFF,a,""); if (ws.offset>(ws.maxcam-ws.numcam)) ws.offset=(ws.maxcam-ws.numcam); if (ws.offset<0) ws.offset=0; listfile(NULL,WS_SEL,a,""); break;} { for(a=0;a<ws.maxcam;a++) { if (memcmp(str,pmem+((SINT) a*MAX_X),strlen(str))<=0) {listfile(NULL,WS_OFF,a,""); if (ws.offset>(ws.maxcam-ws.numcam)) {ws.offset=(ws.maxcam-ws.numcam);} if (ws.offset<0) ws.offset=0; listfile(NULL,WS_SEL,a,""); break;} } } break; case WS_SEL : // Settaggio selez ws.selez=info; if ((info>-1)&&IptMirror) {ipt_write(1,(CHAR *) (pmem+((SINT) info*MAX_X)),0); ipt_vedisolo(1); } //sonic(2000,1,1,1,1,6); //ehSleep(30); break; case WS_PTREC : // Restituisce pt alla chiave selezionata buf[0].record=ws.selez; buf[0].keypt=(CHAR *) (pmem+((SINT) ws.selez*MAX_X)); break; case WS_REFON : // Richiesta di refresh schermo ws.refre=ON; break; case WS_REFOFF : // Schermo rifreshato ws.refre=OFF; break; case WS_OPEN : // PREPARA I DATI if ((info<4)||(info>MAX_Y)) { ehExit("Errore di assegnazione campi in listfile"); } ws.sizecam=MAX_X; ws.numcam=info;// Assegna il numero di campi da visualizzare case WS_LOAD : if (scrhdl>-1) memoFree(scrhdl,"Cr2");// Libera la memoria scrhdl=-1; ws.maxcam=0; ws.offset=0; ws.selez=-1; ws.koffset=-1; ws.kselez=-1; ws.dispext=ON; ws.refre=ON; // Conta i file strcpy(serv,szFolder); AddBs(serv); strcat(serv,"*."); strcat(serv,extcur); //strcat(serv,extcur); // Cambia il mouse // strcpy(Bsys.szMouseCursorName,sys.szMouseCursorName); // BMS_ax=MS_ax; BMS_ay=MS_ay; mouse_graph(0,0,"CLEX"); /* fine=f_findFirst(serv,&Fblk,FA_ARCH); while (!fine) {ws.maxcam++; fine=f_findNext(&Fblk);} f_findClose(&Fblk); */ fileDirOpen(serv,&sDir); while (fileDirGet(&sDir)) {ws.maxcam++;} fileDirClose(&sDir); /* // Non ci sono pi— files if (ws.maxcam) { if ((DE_coden==ERROR_FILE_NOT_FOUND)||(DE_coden==ERROR_NO_MORE_FILES)) fine=0; } if (fine) win_infoarg("ListFile() %d\n",DE_coden); */ if (ws.maxcam==0) goto FINEC;// No file scrhdl=memoAlloc(M_HEAP,(LONG) ws.maxcam*(MAX_X),"listfile()"); if (scrhdl<0) ehExit("Memoria insufficiente in line"); pmem=memoPtr(scrhdl,NULL); // Copia i nomi dei file in memoria fileDirOpen(serv,&sDir); p=pmem; a=0; while (fileDirGet(&sDir)) { // BYTE *psz; a++; // if (a>ws.maxcam) ehExit("Errore in listafile"); // psz=wcsToStr(sDir.sFileInfoW.wcsFileName); strcpy((CHAR *) p,sDir.sFileInfo.szFileName); // ehFree(psz); *p=(BYTE) toupper((SINT) *p); p+=MAX_X; } fileDirClose(&sDir); /* // Non ci sono pi— files if (fine) {if ((DE_coden==ERROR_FILE_NOT_FOUND)|| (DE_coden==ERROR_NO_MORE_FILES)) fine=0; } if (fine) win_infoarg("ListFile() %d\n",DE_coden); */ // ORDINA I FILE IN MODO ALFABETICO sort(pmem,(SINT) ws.maxcam,MAX_X); FINEC: // mouse_graph(BMS_ax,BMS_ay,Bsys.szMouseCursorName); return (SINT *) fine; //break; case WS_CLOSE : // LIBERA LA MEMORIA if (scrhdl>-1) memoFree(scrhdl,"Cr3");// Libera la memoria scrhdl=-1; break; case FBEXT: if (strlen(str)>3) break; strcpy(extcur,str); IptMirror=(SINT) info; // Per la copia nell'input break; case WS_REALSET : strcpy(szFolder,str); break; } return &buf; #undef MAX_X #undef MAX_Y }