mirrors/fort
1
0
Fork 0
mirror of https://github.com/tnodir/fort synced 2024-11-15 05:46:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add ability to use more IPv4 Address Groups.

Browse Source
This commit is contained in:
Nodir Temirkhodjaev 2018-01-20 13:57:22 +05:00
parent e42c0c0be0
commit 8c468aaa69
29 changed files with 516 additions and 244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
src/common/fortconf.c
View File

@ -15,8 +15,7 @@ fort_memcmp (const char *p1, const char *p2, size_t len)
#endif
static BOOL
fort_conf_ip_inrange (UINT32 ip, UINT32 count,
const UINT32 *iprange_from, const UINT32 *iprange_to)
fort_conf_ip_inrange (UINT32 ip, UINT32 count, const UINT32 *iprange)
{
int low, high;
@ -27,7 +26,7 @@ fort_conf_ip_inrange (UINT32 ip, UINT32 count,
do {
const int mid = (low + high) / 2;
const UINT32 mid_ip = iprange_from[mid];
const UINT32 mid_ip = iprange[mid];
if (ip < mid_ip)
high = mid - 1;
@ -37,32 +36,56 @@ fort_conf_ip_inrange (UINT32 ip, UINT32 count,
return TRUE;
} while (low <= high);
return high >= 0 && ip >= iprange_from[high] && ip <= iprange_to[high];
return high >= 0 && ip >= iprange[high]
&& ip <= iprange[count + high];
}
static BOOL
fort_conf_ip_included (const PFORT_CONF conf, UINT32 remote_ip)
static const PFORT_CONF_ADDR_GROUP
fort_conf_addr_group_ref (const PFORT_CONF conf, int addr_group_index)
{
const char *data = (const char *) conf + conf->data_off;
const UINT32 *addr_group_offsets = (const UINT32 *)
(conf->data + conf->addr_groups_off);
const char *addr_group_data = (const char *) addr_group_offsets;
const BOOL include_all = conf->flags.ip_include_all;
const BOOL exclude_all = conf->flags.ip_exclude_all;
return (PFORT_CONF_ADDR_GROUP)
(addr_group_data + addr_group_offsets[addr_group_index]);
}
#define fort_conf_addr_group_include_ref(addr_group) \
(addr_group)->ip
#define fort_conf_addr_group_exclude_ref(addr_group) \
&(addr_group)->ip[(addr_group)->include_n * 2]
static BOOL
fort_conf_ip_included (const PFORT_CONF conf, UINT32 remote_ip,
int addr_group_index)
{
const PFORT_CONF_ADDR_GROUP addr_group = fort_conf_addr_group_ref(
conf, addr_group_index);
const BOOL include_all = addr_group->include_all;
const BOOL exclude_all = addr_group->exclude_all;
const BOOL ip_included = include_all ? TRUE
: fort_conf_ip_inrange(remote_ip, conf->ip_include_n,
(const UINT32 *) (data + conf->ip_from_include_off),
(const UINT32 *) (data + conf->ip_to_include_off));
: fort_conf_ip_inrange(remote_ip, addr_group->include_n,
fort_conf_addr_group_include_ref(addr_group));
const BOOL ip_excluded = exclude_all ? TRUE
: fort_conf_ip_inrange(remote_ip, conf->ip_exclude_n,
(const UINT32 *) (data + conf->ip_from_exclude_off),
(const UINT32 *) (data + conf->ip_to_exclude_off));
: fort_conf_ip_inrange(remote_ip, addr_group->exclude_n,
fort_conf_addr_group_exclude_ref(addr_group));
return include_all ? !ip_excluded
: (exclude_all ? ip_included
: (ip_included && !ip_excluded));
}
#define fort_conf_ip_is_inet(conf, remote_ip) \
fort_conf_ip_included((conf), (remote_ip), 0)
#define fort_conf_ip_inet_included(conf, remote_ip) \
fort_conf_ip_included((conf), (remote_ip), 1)
static int
fort_conf_app_cmp (UINT32 path_len, const char *path,
const char *apps, const UINT32 *app_offp)
@ -90,7 +113,7 @@ fort_conf_app_index (const PFORT_CONF conf,
if (count == 0)
return -1;
data = (const char *) conf + conf->data_off;
data = conf->data;
app_offsets = (const UINT32 *) (data + conf->apps_off);
apps = (const char *) (app_offsets + count + 1);
@ -115,7 +138,7 @@ fort_conf_app_index (const PFORT_CONF conf,
static UCHAR
fort_conf_app_group_index (const PFORT_CONF conf, int app_index)
{
const char *data = (const char *) conf + conf->data_off;
const char *data = conf->data;
const UCHAR *app_groups = (const UCHAR *) (data + conf->app_groups_off);
const BOOL app_found = (app_index != -1);
@ -126,7 +149,7 @@ fort_conf_app_group_index (const PFORT_CONF conf, int app_index)
static BOOL
fort_conf_app_blocked (const PFORT_CONF conf, int app_index)
{
const char *data = (const char *) conf + conf->data_off;
const char *data = conf->data;
const UINT32 *app_perms = (const UINT32 *) (data + conf->app_perms_off);

31
src/common/fortconf.h
View File

@ -1,7 +1,8 @@
#ifndef FORTCONF_H
#define FORTCONF_H
#define FORT_CONF_IP_MAX (1 * 1024 * 1024)
#define FORT_CONF_IP_MAX (10 * 1024 * 1024)
#define FORT_CONF_IP_RANGE_SIZE(n) ((n) * sizeof(UINT32) * 2)
#define FORT_CONF_GROUP_MAX 16
#define FORT_CONF_APPS_LEN_MAX (64 * 1024 * 1024)
#define FORT_CONF_APP_PATH_MAX (2 * 1024)
@ -14,16 +15,24 @@ typedef struct fort_conf_flags {
UINT32 filter_enabled : 1;
UINT32 stop_traffic : 1;
UINT32 stop_inet_traffic : 1;
UINT32 ip_include_all : 1;
UINT32 ip_exclude_all : 1;
UINT32 app_block_all : 1;
UINT32 app_allow_all : 1;
UINT32 log_blocked : 1;
UINT32 log_stat : 1;
UINT32 _reserved_ : 7;
UINT32 _reserved_ : 9;
UINT32 group_bits : 16;
} FORT_CONF_FLAGS, *PFORT_CONF_FLAGS;
typedef struct fort_conf_addr_group {
UINT32 include_all : 1;
UINT32 exclude_all : 1;
UINT32 include_n;
UINT32 exclude_n;
UINT32 ip[2];
} FORT_CONF_ADDR_GROUP, *PFORT_CONF_ADDR_GROUP;
typedef struct fort_conf_limit {
/* Bytes per 0.5 sec. */
UINT32 in_bytes;
@ -33,27 +42,18 @@ typedef struct fort_conf_limit {
typedef struct fort_conf {
FORT_CONF_FLAGS flags;
UINT16 data_off;
UINT16 ip_include_n;
UINT16 ip_exclude_n;
UINT16 apps_n;
UINT32 app_perms_block_mask;
UINT32 app_perms_allow_mask;
UINT32 ip_from_include_off;
UINT32 ip_to_include_off;
UINT32 ip_from_exclude_off;
UINT32 ip_to_exclude_off;
UINT32 addr_groups_off;
UINT32 app_groups_off;
UINT32 app_perms_off;
UINT32 apps_off;
UCHAR data[4];
char data[4];
} FORT_CONF, *PFORT_CONF;
typedef struct fort_conf_io {
@ -68,5 +68,6 @@ typedef struct fort_conf_io {
#define FORT_CONF_DATA_OFF offsetof(FORT_CONF, data)
#define FORT_CONF_IO_CONF_OFF offsetof(FORT_CONF_IO, conf)
#define FORT_CONF_ADDR_DATA_OFF offsetof(FORT_CONF_ADDR_GROUP, ip)
#endif FORTCONF_H

2
src/common/version.h
View File

@ -7,6 +7,6 @@
#define APP_UPDATES_URL "https://github.com/tnodir/fort/releases"
#define APP_UPDATES_API_URL "https://api.github.com/repos/tnodir/fort/releases/latest"
#define DRIVER_VERSION 4
#define DRIVER_VERSION 5
#endif // VERSION_H

49
src/driver/fortdrv.c
View File

@ -214,14 +214,12 @@ fort_callout_classify_v4 (const FWPS_INCOMING_VALUES0 *inFixedValues,
int flagsField, int remoteIpField)
{
PFORT_CONF_REF conf_ref;
PVOID path;
FORT_CONF_FLAGS conf_flags;
UINT32 flags;
UINT32 remote_ip;
UINT32 process_id;
UINT32 path_len;
PVOID path;
int app_index;
BOOL ip_included, blocked;
PIRP irp = NULL;
ULONG_PTR info;
@ -252,42 +250,41 @@ fort_callout_classify_v4 (const FWPS_INCOMING_VALUES0 *inFixedValues,
if (conf_flags.stop_traffic)
goto block;
if (!conf_flags.filter_enabled)
if (!conf_flags.filter_enabled
|| !fort_conf_ip_is_inet(&conf_ref->conf, remote_ip))
goto permit;
ip_included = fort_conf_ip_included(&conf_ref->conf, remote_ip);
if (ip_included && conf_flags.stop_inet_traffic)
if (conf_flags.stop_inet_traffic)
goto block;
process_id = (UINT32) inMetaValues->processId;
path_len = inMetaValues->processPath->size - sizeof(WCHAR); // chop terminating zero
path = inMetaValues->processPath->data;
blocked = ip_included
&& ((app_index = fort_conf_app_index(&conf_ref->conf, path_len, path)),
fort_conf_app_blocked(&conf_ref->conf, app_index));
if (fort_conf_ip_inet_included(&conf_ref->conf, remote_ip)) {
const int app_index = fort_conf_app_index(&conf_ref->conf, path_len, path);
if (!blocked) {
if (ip_included && conf_flags.log_stat) {
const UINT64 flowId = inMetaValues->flowHandle;
const UCHAR group_index = fort_conf_app_group_index(
&conf_ref->conf, app_index);
BOOL is_new_proc = FALSE;
NTSTATUS status;
if (!fort_conf_app_blocked(&conf_ref->conf, app_index)) {
if (conf_flags.log_stat) {
const UINT64 flowId = inMetaValues->flowHandle;
const UCHAR group_index = fort_conf_app_group_index(
&conf_ref->conf, app_index);
BOOL is_new_proc = FALSE;
NTSTATUS status;
status = fort_stat_flow_associate(&g_device->stat,
flowId, process_id, group_index, &is_new_proc);
status = fort_stat_flow_associate(&g_device->stat,
flowId, process_id, group_index, &is_new_proc);
if (!NT_SUCCESS(status)) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Classify v4: Flow assoc. error: %d\n", status);
} else if (is_new_proc) {
fort_buffer_proc_new_write(&g_device->buffer,
process_id, path_len, path, &irp, &info);
if (!NT_SUCCESS(status)) {
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
"FORT: Classify v4: Flow assoc. error: %d\n", status);
} else if (is_new_proc) {
fort_buffer_proc_new_write(&g_device->buffer,
process_id, path_len, path, &irp, &info);
}
}
goto permit;
}
goto permit;
}
if (conf_flags.log_blocked) {

6
src/tests/confutil/ConfUtil.pro
View File

@ -5,7 +5,8 @@ SOURCES += \
$$UIPATH/conf/appgroup.cpp \
$$UIPATH/conf/firewallconf.cpp \
$$UIPATH/fortcommon.cpp \
$$UIPATH/util/confutil.cpp \
$$UIPATH/util/conf/addressrange.cpp \
$$UIPATH/util/conf/confutil.cpp \
$$UIPATH/util/fileutil.cpp \
$$UIPATH/util/net/ip4range.cpp \
$$UIPATH/util/net/netutil.cpp
@ -15,7 +16,8 @@ HEADERS += \
$$UIPATH/conf/appgroup.h \
$$UIPATH/conf/firewallconf.h \
$$UIPATH/fortcommon.h \
$$UIPATH/util/confutil.h \
$$UIPATH/util/conf/addressrange.h \
$$UIPATH/util/conf/confutil.h \
$$UIPATH/util/fileutil.h \
$$UIPATH/util/net/ip4range.h \
$$UIPATH/util/net/netutil.h

22
src/tests/confutil/test.cpp
View File

@ -6,7 +6,7 @@
#include "conf/appgroup.h"
#include "conf/firewallconf.h"
#include "fortcommon.h"
#include "util/confutil.h"
#include "util/conf/confutil.h"
#include "util/fileutil.h"
#include "util/net/netutil.h"
@ -14,21 +14,19 @@ void Test::confWriteRead()
{
FirewallConf conf;
conf.ipInclude()->setUseAll(true);
conf.ipExclude()->setUseAll(false);
AddressGroup *inetGroup = conf.inetAddressGroup();
inetGroup->setIncludeAll(true);
inetGroup->setExcludeAll(false);
inetGroup->setIncludeText(QString());
inetGroup->setExcludeText(
NetUtil::localIpv4Networks().join('\n')
);
conf.setAppBlockAll(true);
conf.setAppAllowAll(false);
conf.ipInclude()->setText(QString());
conf.ipExclude()->setText(
"10.0.0.0/8\n"
"127.0.0.0/8\n"
"169.254.0.0/16\n"
"172.16.0.0/12\n"
"192.168.0.0/16\n"
);
AppGroup *appGroup1 = new AppGroup();
appGroup1->setName("Base");
appGroup1->setEnabled(true);

6
src/tests/logreader/LogReader.pro
View File

@ -10,7 +10,8 @@ SOURCES += \
$$UIPATH/log/logentryblocked.cpp \
$$UIPATH/log/logentryprocnew.cpp \
$$UIPATH/log/logentrystattraf.cpp \
$$UIPATH/util/confutil.cpp \
$$UIPATH/util/conf/addressrange.cpp \
$$UIPATH/util/conf/confutil.cpp \
$$UIPATH/util/device.cpp \
$$UIPATH/util/fileutil.cpp \
$$UIPATH/util/net/ip4range.cpp \
@ -28,7 +29,8 @@ HEADERS += \
$$UIPATH/log/logentryblocked.h \
$$UIPATH/log/logentryprocnew.h \
$$UIPATH/log/logentrystattraf.h \
$$UIPATH/util/confutil.h \
$$UIPATH/util/conf/addressrange.h \
$$UIPATH/util/conf/confutil.h \
$$UIPATH/util/device.h \
$$UIPATH/util/fileutil.h \
$$UIPATH/util/net/ip4range.h \

20
src/tests/logreader/test.cpp
View File

@ -10,7 +10,7 @@
#include "fortcommon.h"
#include "log/logbuffer.h"
#include "log/logentryblocked.h"
#include "util/confutil.h"
#include "util/conf/confutil.h"
#include "util/device.h"
#include "util/fileutil.h"
#include "util/net/netutil.h"
@ -42,22 +42,20 @@ void Test::setConf(Device &device)
conf.setProvBoot(true);
conf.ipInclude()->setUseAll(true);
conf.ipExclude()->setUseAll(false);
AddressGroup *inetGroup = conf.inetAddressGroup();
inetGroup->setIncludeAll(true);
inetGroup->setExcludeAll(false);
inetGroup->setExcludeText(
NetUtil::localIpv4Networks().join('\n')
);
conf.setAppBlockAll(true);
conf.setAppAllowAll(false);
conf.setLogBlocked(true);
conf.ipExclude()->setText(
"10.0.0.0/8\n"
"127.0.0.0/8\n"
"169.254.0.0/16\n"
"172.16.0.0/12\n"
"192.168.0.0/16\n"
);
ConfUtil confUtil;
QByteArray buf;

6
src/ui/FortFirewall.pro
View File

@ -41,7 +41,8 @@ SOURCES += \
task/taskuzonline.cpp \
task/taskworker.cpp \
translationmanager.cpp \
util/confutil.cpp \
util/conf/addressrange.cpp \
util/conf/confutil.cpp \
util/dateutil.cpp \
util/device.cpp \
util/fileutil.cpp \
@ -89,7 +90,8 @@ HEADERS += \
task/taskuzonline.h \
task/taskworker.h \
translationmanager.h \
util/confutil.h \
util/conf/addressrange.h \
util/conf/confutil.h \
util/dateutil.h \
util/device.h \
util/fileutil.h \

47
src/ui/conf/addressgroup.cpp
View File

@ -2,23 +2,40 @@
AddressGroup::AddressGroup(QObject *parent) :
QObject(parent),
m_useAll(false)
m_includeAll(true),
m_excludeAll(false)
{
}
void AddressGroup::setUseAll(bool useAll)
void AddressGroup::setIncludeAll(bool includeAll)
{
if (m_useAll != useAll) {
m_useAll = useAll;
emit useAllChanged();
if (m_includeAll != includeAll) {
m_includeAll = includeAll;
emit includeAllChanged();
}
}
void AddressGroup::setText(const QString &text)
void AddressGroup::setExcludeAll(bool excludeAll)
{
if (m_text != text) {
m_text = text;
emit textChanged();
if (m_excludeAll != excludeAll) {
m_excludeAll = excludeAll;
emit excludeAllChanged();
}
}
void AddressGroup::setIncludeText(const QString &includeText)
{
if (m_includeText != includeText) {
m_includeText = includeText;
emit includeTextChanged();
}
}
void AddressGroup::setExcludeText(const QString &excludeText)
{
if (m_excludeText != excludeText) {
m_excludeText = excludeText;
emit excludeTextChanged();
}
}
@ -26,7 +43,11 @@ QVariant AddressGroup::toVariant() const
{
QVariantMap map;
map["text"] = text();
map["includeAll"] = includeAll();
map["excludeAll"] = excludeAll();
map["includeText"] = includeText();
map["excludeText"] = excludeText();
return map;
}
@ -35,5 +56,9 @@ void AddressGroup::fromVariant(const QVariant &v)
{
const QVariantMap map = v.toMap();
m_text = map["text"].toString();
m_includeAll = map["includeAll"].toBool();
m_excludeAll = map["excludeAll"].toBool();
m_includeText = map["includeText"].toString();
m_excludeText = map["excludeText"].toString();
}

32
src/ui/conf/addressgroup.h
View File

@ -7,31 +7,43 @@
class AddressGroup : public QObject
{
Q_OBJECT
Q_PROPERTY(bool useAll READ useAll WRITE setUseAll NOTIFY useAllChanged)
Q_PROPERTY(QString text READ text WRITE setText NOTIFY textChanged)
Q_PROPERTY(bool includeAll READ includeAll WRITE setIncludeAll NOTIFY includeAllChanged)
Q_PROPERTY(bool excludeAll READ excludeAll WRITE setExcludeAll NOTIFY excludeAllChanged)
Q_PROPERTY(QString includeText READ includeText WRITE setIncludeText NOTIFY includeTextChanged)
Q_PROPERTY(QString excludeText READ excludeText WRITE setExcludeText NOTIFY excludeTextChanged)
public:
explicit AddressGroup(QObject *parent = nullptr);
bool useAll() const { return m_useAll; }
void setUseAll(bool useAll);
bool includeAll() const { return m_includeAll; }
void setIncludeAll(bool includeAll);
QString text() const { return m_text; }
void setText(const QString &text);
bool excludeAll() const { return m_excludeAll; }
void setExcludeAll(bool excludeAll);
QString includeText() const { return m_includeText; }
void setIncludeText(const QString &includeText);
QString excludeText() const { return m_excludeText; }
void setExcludeText(const QString &excludeText);
QVariant toVariant() const;
void fromVariant(const QVariant &v);
signals:
void useAllChanged();
void textChanged();
void includeAllChanged();
void excludeAllChanged();
void includeTextChanged();
void excludeTextChanged();
public slots:
private:
uint m_useAll : 1;
uint m_includeAll : 1;
uint m_excludeAll : 1;
QString m_text;
QString m_includeText;
QString m_excludeText;
};
#endif // ADDRESSGROUP_H

32
src/ui/conf/firewallconf.cpp
View File

@ -22,10 +22,10 @@ FirewallConf::FirewallConf(QObject *parent) :
m_trafHourKeepDays(DEFAULT_TRAF_HOUR_KEEP_DAYS),
m_trafDayKeepDays(DEFAULT_TRAF_DAY_KEEP_DAYS),
m_trafMonthKeepMonths(DEFAULT_TRAF_MONTH_KEEP_MONTHS),
m_trafUnit(UnitAdaptive),
m_ipInclude(new AddressGroup(this)),
m_ipExclude(new AddressGroup(this))
m_trafUnit(UnitAdaptive)
{
m_addressGroups.append(new AddressGroup(this));
m_addressGroups.append(new AddressGroup(this));
}
void FirewallConf::setProvBoot(bool provBoot)
@ -178,6 +178,11 @@ void FirewallConf::setAppGroupBits(quint32 groupBits)
}
}
QQmlListProperty<AddressGroup> FirewallConf::addressGroups()
{
return QQmlListProperty<AddressGroup>(this, m_addressGroups);
}
QQmlListProperty<AppGroup> FirewallConf::appGroups()
{
return QQmlListProperty<AppGroup>(this, m_appGroups);
@ -226,8 +231,6 @@ void FirewallConf::copyFlags(const FirewallConf &o)
setStopTraffic(o.stopTraffic());
setStopInetTraffic(o.stopInetTraffic());
setLogErrors(o.logErrors());
ipInclude()->setUseAll(o.ipInclude()->useAll());
ipExclude()->setUseAll(o.ipExclude()->useAll());
setAppBlockAll(o.appBlockAll());
setAppAllowAll(o.appAllowAll());
setPasswordHash(o.passwordHash());
@ -255,8 +258,11 @@ QVariant FirewallConf::toVariant() const
map["passwordHash"] = m_passwordHash;
map["ipInclude"] = ipInclude()->toVariant();
map["ipExclude"] = ipExclude()->toVariant();
QVariantList addresses;
foreach (const AddressGroup *addressGroup, addressGroupsList()) {
addresses.append(addressGroup->toVariant());
}
map["addressGroups"] = addresses;
QVariantList groups;
foreach (const AppGroup *appGroup, appGroupsList()) {
@ -273,8 +279,12 @@ void FirewallConf::fromVariant(const QVariant &v)
m_passwordHash = map["passwordHash"].toString();
m_ipInclude->fromVariant(map["ipInclude"]);
m_ipExclude->fromVariant(map["ipExclude"]);
const QVariantList addresses = map["addressGroups"].toList();
int addrGroupIndex = 0;
foreach (const QVariant &av, addresses) {
AddressGroup *addressGroup = m_addressGroups.at(addrGroupIndex++);
addressGroup->fromVariant(av);
}
const QVariantList groups = map["appGroups"].toList();
foreach (const QVariant &gv, groups) {
@ -286,8 +296,8 @@ void FirewallConf::fromVariant(const QVariant &v)
void FirewallConf::setupDefault()
{
m_ipInclude->setUseAll(true);
m_ipExclude->setText(NetUtil::localIpv4Networks().join('\n'));
AddressGroup *inetGroup = inetAddressGroup();
inetGroup->setExcludeText(NetUtil::localIpv4Networks().join('\n'));
AppGroup *appGroup = new AppGroup();
appGroup->setName("Main");

15
src/ui/conf/firewallconf.h
View File

@ -34,8 +34,8 @@ class FirewallConf : public QObject
Q_PROPERTY(int trafUnit READ trafUnit WRITE setTrafUnit NOTIFY trafUnitChanged)
Q_PROPERTY(bool hasPassword READ hasPassword NOTIFY passwordHashChanged)
Q_PROPERTY(QString passwordHash READ passwordHash WRITE setPasswordHash NOTIFY passwordHashChanged)
Q_PROPERTY(AddressGroup *ipInclude READ ipInclude CONSTANT)
Q_PROPERTY(AddressGroup *ipExclude READ ipExclude CONSTANT)
Q_PROPERTY(AddressGroup *inetAddressGroup READ inetAddressGroup NOTIFY addressGroupsChanged)
Q_PROPERTY(QQmlListProperty<AddressGroup> addressGroups READ addressGroups NOTIFY addressGroupsChanged)
Q_PROPERTY(QQmlListProperty<AppGroup> appGroups READ appGroups NOTIFY appGroupsChanged)
Q_CLASSINFO("DefaultProperty", "appGroups")
@ -105,8 +105,10 @@ public:
quint32 appGroupBits() const;
void setAppGroupBits(quint32 groupBits);
AddressGroup *ipInclude() const { return m_ipInclude; }
AddressGroup *ipExclude() const { return m_ipExclude; }
AddressGroup *inetAddressGroup() const { return m_addressGroups.at(0); }
const QList<AddressGroup *> &addressGroupsList() const { return m_addressGroups; }
QQmlListProperty<AddressGroup> addressGroups();
const QList<AppGroup *> &appGroupsList() const { return m_appGroups; }
QQmlListProperty<AppGroup> appGroups();
@ -136,6 +138,7 @@ signals:
void trafMonthKeepMonthsChanged();
void trafUnitChanged();
void passwordHashChanged();
void addressGroupsChanged();
void appGroupsChanged();
public slots:
@ -169,9 +172,7 @@ private:
QString m_passwordHash;
AddressGroup *m_ipInclude;
AddressGroup *m_ipExclude;
QList<AddressGroup *> m_addressGroups;
QList<AppGroup *> m_appGroups;
};

2
src/ui/driver/drivermanager.cpp
View File

@ -5,7 +5,7 @@
#include "../conf/firewallconf.h"
#include "../fortcommon.h"
#include "../log/logbuffer.h"
#include "../util/confutil.h"
#include "../util/conf/confutil.h"
#include "../util/device.h"
#include "../util/osutil.h"
#include "driverworker.h"

17
src/ui/fortcommon.cpp
View File

@ -131,18 +131,19 @@ void FortCommon::confAppPermsMaskInit(void *drvConf)
}
bool FortCommon::confIpInRange(const void *drvConf, quint32 ip,
bool included)
bool included, int addrGroupIndex)
{
const PFORT_CONF conf = (const PFORT_CONF) drvConf;
const char *data = (const char *) conf + conf->data_off;
const PFORT_CONF_ADDR_GROUP addr_group = fort_conf_addr_group_ref(
conf, addrGroupIndex);
const quint32 count = included ? conf->ip_include_n : conf->ip_exclude_n;
const quint32 fromOff = included ? conf->ip_from_include_off : conf->ip_from_exclude_off;
const quint32 toOff = included ? conf->ip_to_include_off : conf->ip_to_exclude_off;
const UINT32 count = included ? addr_group->include_n
: addr_group->exclude_n;
const UINT32 *iprange = included
? fort_conf_addr_group_include_ref(addr_group)
: fort_conf_addr_group_exclude_ref(addr_group);
return fort_conf_ip_inrange(ip, count,
(const quint32 *) (data + fromOff),
(const quint32 *) (data + toOff));
return fort_conf_ip_inrange(ip, count, iprange);
}
int FortCommon::confAppIndex(const void *drvConf,

2
src/ui/fortcommon.h
View File

@ -51,7 +51,7 @@ public:
static void confAppPermsMaskInit(void *drvConf);
static bool confIpInRange(const void *drvConf, quint32 ip,
bool included = false);
bool included = false, int addrGroupIndex = 0);
static int confAppIndex(const void *drvConf,
const QString &kernelPath);
static quint8 confAppGroupIndex(const void *drvConf, int appIndex);

59
src/ui/fortsettings.cpp
View File

@ -160,7 +160,11 @@ bool FortSettings::tryToReadConf(FirewallConf &conf, const QString &filePath)
return false;
}
conf.fromVariant(jsonDoc.toVariant());
QVariant confVar = jsonDoc.toVariant();
confVar = migrateConf(confVar);
conf.fromVariant(confVar);
return true;
}
@ -191,6 +195,8 @@ bool FortSettings::writeConf(const FirewallConf &conf)
return false;
}
removeMigratedKeys();
return true;
}
@ -220,8 +226,6 @@ bool FortSettings::readConfIni(FirewallConf &conf) const
conf.setLogErrors(iniBool("logErrors"));
conf.setLogBlocked(iniBool("logBlocked"));
conf.setLogStat(iniBool("logStat"));
conf.ipInclude()->setUseAll(iniBool("ipIncludeAll"));
conf.ipExclude()->setUseAll(iniBool("ipExcludeAll"));
conf.setAppBlockAll(iniBool("appBlockAll", true));
conf.setAppAllowAll(iniBool("appAllowAll"));
conf.setAppGroupBits(iniUInt("appGroupBits", DEFAULT_APP_GROUP_BITS));
@ -249,8 +253,6 @@ bool FortSettings::writeConfIni(const FirewallConf &conf)
setIniValue("logErrors", conf.logErrors());
setIniValue("logBlocked", conf.logBlocked());
setIniValue("logStat", conf.logStat());
setIniValue("ipIncludeAll", conf.ipInclude()->useAll());
setIniValue("ipExcludeAll", conf.ipExclude()->useAll());
setIniValue("appBlockAll", conf.appBlockAll());
setIniValue("appAllowAll", conf.appAllowAll());
setIniValue("appGroupBits", conf.appGroupBits(), DEFAULT_APP_GROUP_BITS);
@ -267,6 +269,53 @@ bool FortSettings::writeConfIni(const FirewallConf &conf)
return iniSync();
}
QVariant FortSettings::migrateConf(const QVariant &confVar)
{
const int version = iniVersion();
if (version == APP_VERSION)
return confVar;
QVariantMap map = confVar.toMap();
// v1.7.0: AddressGroups
if (version < 0x010700) {
const QVariantMap oldIncMap = map["ipInclude"].toMap();
const QVariantMap oldExcMap = map["ipExclude"].toMap();
QVariantMap inetMap;
inetMap["includeAll"] = iniBool("confFlags/ipIncludeAll");
inetMap["excludeAll"] = iniBool("confFlags/ipExcludeAll");
inetMap["includeText"] = oldIncMap["text"];
inetMap["excludeText"] = oldExcMap["text"];
QVariantList addrList;
addrList.append(inetMap);
map["addressGroups"] = addrList;
}
return map;
}
void FortSettings::removeMigratedKeys()
{
const int version = iniVersion();
if (version == APP_VERSION)
return;
setIniVersion(APP_VERSION);
// v1.7.0: AddressGroups
if (version < 0x010700) {
removeIniKey("confFlags/ipIncludeAll");
removeIniKey("confFlags/ipExcludeAll");
}
iniSync();
}
bool FortSettings::iniBool(const QString &key, bool defaultValue) const
{
return iniValue(key, defaultValue).toBool();

6
src/ui/fortsettings.h
View File

@ -39,6 +39,9 @@ public:
QString language() const { return iniText("base/language", "en"); }
void setLanguage(const QString &v) { setIniValue("base/language", v); }
int iniVersion() const { return iniInt("base/version"); }
void setIniVersion(int v) { setIniValue("base/version", v); }
QRect windowGeometry() const { return iniValue("window/geometry").toRect(); }
void setWindowGeometry(const QRect &v) { setIniValue("window/geometry", v); }
@ -87,6 +90,9 @@ private:
bool tryToReadConf(FirewallConf &conf, const QString &filePath);
bool tryToWriteConf(const FirewallConf &conf, const QString &filePath);
QVariant migrateConf(const QVariant &confVar);
void removeMigratedKeys();
bool iniBool(const QString &key, bool defaultValue = false) const;
int iniInt(const QString &key, int defaultValue = 0) const;
uint iniUInt(const QString &key, int defaultValue = 0) const;

BIN
src/ui/i18n/i18n_ru.qm
View File

Binary file not shown.

35
src/ui/i18n/i18n_ru.ts
View File

@ -4,32 +4,37 @@
<context>
<name>ConfUtil</name>
<message>
<location filename="../util/confutil.cpp" line="39"/>
<location filename="../util/conf/confutil.cpp" line="118"/>
<source>Bad Include IP address: %1</source>
<translation>Некорректный IP адрес для включения: %1</translation>
</message>
<message>
<location filename="../util/confutil.cpp" line="46"/>
<location filename="../util/conf/confutil.cpp" line="126"/>
<source>Bad Exclude IP address: %1</source>
<translation>Некорректный IP адрес для исключения: %1</translation>
</message>
<message>
<location filename="../util/confutil.cpp" line="65"/>
<source>Size of configuration is too big</source>
<translation>Конфигурация слишком большая</translation>
<location filename="../util/conf/confutil.cpp" line="137"/>
<source>Too many IP addresses</source>
<translation>Слишком много IP адресов</translation>
</message>
<message>
<location filename="../util/confutil.cpp" line="118"/>
<location filename="../util/conf/confutil.cpp" line="57"/>
<source>Too many application paths</source>
<translation>Слишком много путей приложений</translation>
</message>
<message>
<location filename="../util/conf/confutil.cpp" line="159"/>
<source>Number of Application Groups must be &lt; %1</source>
<translation>Количество групп приложений должно быть &lt; %1</translation>
</message>
<message>
<location filename="../util/confutil.cpp" line="130"/>
<location filename="../util/conf/confutil.cpp" line="171"/>
<source>Length of Application Group&apos;s Name must be &lt; %1</source>
<translation>Длина наименования группы приложения должна быть &lt; %1</translation>
</message>
<message>
<location filename="../util/confutil.cpp" line="176"/>
<location filename="../util/conf/confutil.cpp" line="217"/>
<source>Length of Application&apos;s Path must be &lt; %1</source>
<translation>Длина пути приложения должна быть &lt; %1</translation>
</message>
@ -103,33 +108,33 @@
<context>
<name>Ip4Range</name>
<message>
<location filename="../util/net/ip4range.cpp" line="32"/>
<location filename="../util/net/ip4range.cpp" line="41"/>
<source>Error at line %1: %2</source>
<translation>Ошибка в строке %1: %2</translation>
</message>
<message>
<location filename="../util/net/ip4range.cpp" line="92"/>
<location filename="../util/net/ip4range.cpp" line="100"/>
<source>Bad format</source>
<translation>Некорректный формат</translation>
</message>
<message>
<location filename="../util/net/ip4range.cpp" line="110"/>
<location filename="../util/net/ip4range.cpp" line="118"/>
<source>Bad IP address</source>
<translation>Некорректный IP адрес</translation>
</message>
<message>
<location filename="../util/net/ip4range.cpp" line="117"/>
<location filename="../util/net/ip4range.cpp" line="125"/>
<source>Bad second IP address</source>
<translation>Некорректный второй IP адрес</translation>
</message>
<message>
<location filename="../util/net/ip4range.cpp" line="121"/>
<location filename="../util/net/ip4range.cpp" line="129"/>
<source>Bad range</source>
<translation>Некорректный диапазон</translation>
</message>
<message>
<location filename="../util/net/ip4range.cpp" line="102"/>
<location filename="../util/net/ip4range.cpp" line="129"/>
<location filename="../util/net/ip4range.cpp" line="110"/>
<location filename="../util/net/ip4range.cpp" line="137"/>
<source>Bad mask</source>
<translation>Некорректная маска</translation>
</message>

26
src/ui/qml/pages/AddressesPage.qml
View File

@ -6,6 +6,8 @@ import com.fortfirewall 1.0
BasePage {
property AddressGroup addressGroup: firewallConf.inetAddressGroup
RowLayout {
anchors.fill: parent
spacing: 10
@ -13,8 +15,6 @@ BasePage {
AddressesColumn {
id: includeAddresses
addressGroup: firewallConf.ipInclude
title {
text: translationManager.dummyBool
&& qsTranslate("qml", "Include")
@ -25,13 +25,21 @@ BasePage {
text: translationManager.dummyBool
&& qsTranslate("qml", "Include All")
}
useAll: addressGroup.includeAll
ipText: addressGroup.includeText
onUseAllToggled: {
addressGroup.includeAll = checked;
}
onIpTextEdited: {
addressGroup.includeText = ipText;
}
}
AddressesColumn {
id: excludeAddresses
addressGroup: firewallConf.ipExclude
title {
text: translationManager.dummyBool
&& qsTranslate("qml", "Exclude")
@ -42,6 +50,16 @@ BasePage {
text: translationManager.dummyBool
&& qsTranslate("qml", "Exclude All")
}
useAll: addressGroup.excludeAll
ipText: addressGroup.excludeText
onUseAllToggled: {
addressGroup.excludeAll = checked;
}
onIpTextEdited: {
addressGroup.excludeText = ipText;
}
}
}
}

16
src/ui/qml/pages/addresses/AddressesColumn.qml
View File

@ -9,10 +9,14 @@ ColumnLayout {
Layout.fillWidth: true
Layout.fillHeight: true
signal useAllToggled(bool checked)
signal ipTextEdited(string ipText)
readonly property alias title: title
readonly property alias checkBoxAll: checkBoxAll
property AddressGroup addressGroup
property bool useAll
property string ipText
RowLayout {
Label {
@ -22,9 +26,9 @@ ColumnLayout {
}
CheckBox {
id: checkBoxAll
checked: addressGroup.useAll
checked: useAll
onToggled: {
addressGroup.useAll = checked;
useAllToggled(checked);
setConfFlagsEdited();
}
@ -37,14 +41,14 @@ ColumnLayout {
textArea {
placeholderText: netUtil.localIpv4Networks().join('\n')
text: addressGroup.text
text: ipText
}
onTextChanged: {
if (addressGroup.text == textArea.text)
if (ipText === textArea.text)
return;
addressGroup.text = textArea.text;
ipTextEdited(textArea.text);
setConfEdited();
}

6
src/ui/task/tasktasix.cpp
View File

@ -36,12 +36,12 @@ bool TaskTasix::processResult(FortManager *fortManager)
{
#ifndef TASK_TEST
FirewallConf *conf = fortManager->firewallConf();
AddressGroup *ipExclude = conf->ipExclude();
AddressGroup *inetGroup = conf->inetAddressGroup();
if (ipExclude->text() == m_rangeText)
if (inetGroup->excludeText() == m_rangeText)
return false;
ipExclude->setText(m_rangeText);
inetGroup->setExcludeText(m_rangeText);
return fortManager->saveOriginConf(successMessage());
#else

7
src/ui/util/conf/addressrange.cpp Normal file
View File

@ -0,0 +1,7 @@
#include "addressrange.h"
AddressRange::AddressRange() :
m_includeAll(false),
m_excludeAll(false)
{
}

34
src/ui/util/conf/addressrange.h Normal file
View File

@ -0,0 +1,34 @@
#ifndef ADDRESSRANGE_H
#define ADDRESSRANGE_H
#include <QObject>
#include <QVariant>
#include "../net/ip4range.h"
class AddressRange
{
public:
explicit AddressRange();
bool includeAll() const { return m_includeAll; }
void setIncludeAll(bool includeAll) { m_includeAll = includeAll; }
bool excludeAll() const { return m_excludeAll; }
void setExcludeAll(bool excludeAll) { m_excludeAll = excludeAll; }
Ip4Range &includeRange() { return m_includeRange; }
Ip4Range &excludeRange() { return m_excludeRange; }
const Ip4Range &includeRange() const { return m_includeRange; }
const Ip4Range &excludeRange() const { return m_excludeRange; }
private:
uint m_includeAll : 1;
uint m_excludeAll : 1;
Ip4Range m_includeRange;
Ip4Range m_excludeRange;
};
#endif // ADDRESSRANGE_H

181
src/ui/util/confutil.cpp → src/ui/util/conf/confutil.cpp
View File

@ -5,15 +5,16 @@
#define UCHAR quint8
#define UINT16 quint16
#define UINT32 quint32
#define UINT64 quint64
#include "../common/fortconf.h"
#include "../common/version.h"
#include "../conf/addressgroup.h"
#include "../conf/appgroup.h"
#include "../conf/firewallconf.h"
#include "../fortcommon.h"
#include "fileutil.h"
#include "net/ip4range.h"
#include "../../common/fortconf.h"
#include "../../common/version.h"
#include "../../conf/addressgroup.h"
#include "../../conf/appgroup.h"
#include "../../conf/firewallconf.h"
#include "../../fortcommon.h"
#include "../fileutil.h"
#include "../net/ip4range.h"
#define APP_GROUP_MAX FORT_CONF_GROUP_MAX
#define APP_GROUP_NAME_MAX 128
@ -34,23 +35,17 @@ void ConfUtil::setErrorMessage(const QString &errorMessage)
int ConfUtil::write(const FirewallConf &conf, QByteArray &buf)
{
Ip4Range incRange;
if (!incRange.fromText(conf.ipInclude()->text())) {
setErrorMessage(tr("Bad Include IP address: %1")
.arg(incRange.errorLineAndMessage()));
return false;
}
quint32 addressGroupsSize = 0;
numbers_arr_t addressGroupOffsets;
addrranges_arr_t addressRanges(conf.addressGroupsList().size());
Ip4Range excRange;
if (!excRange.fromText(conf.ipExclude()->text())) {
setErrorMessage(tr("Bad Exclude IP address: %1")
.arg(excRange.errorLineAndMessage()));
if (!parseAddressGroups(conf.addressGroupsList(), addressRanges,
addressGroupOffsets, addressGroupsSize))
return false;
}
int appPathsLen = 0;
quint32 appPathsLen = 0;
QStringList appPaths;
appperms_arr_t appPerms;
numbers_arr_t appPerms;
appgroups_map_t appGroupIndexes;
if (!parseAppGroups(conf.appGroupsList(),
@ -58,17 +53,14 @@ int ConfUtil::write(const FirewallConf &conf, QByteArray &buf)
appPerms, appGroupIndexes))
return false;
// Calculate maximum required buffer size
if (incRange.size() > FORT_CONF_IP_MAX
|| excRange.size() > FORT_CONF_IP_MAX
|| appPathsLen > FORT_CONF_APPS_LEN_MAX) {
setErrorMessage(tr("Size of configuration is too big"));
if (appPathsLen > FORT_CONF_APPS_LEN_MAX) {
setErrorMessage(tr("Too many application paths"));
return false;
}
// Fill the buffer
const int confIoSize = FORT_CONF_IO_CONF_OFF + FORT_CONF_DATA_OFF
+ (incRange.size() + excRange.size()) * 2 * sizeof(quint32)
+ addressGroupsSize
+ FORT_CONF_STR_DATA_SIZE(appGroupIndexes.size())
+ appPaths.size() * sizeof(quint32)
+ FORT_CONF_STR_HEADER_SIZE(appPaths.size())
@ -77,8 +69,8 @@ int ConfUtil::write(const FirewallConf &conf, QByteArray &buf)
buf.reserve(confIoSize);
writeData(buf.data(), conf,
incRange, excRange, appPaths,
appPerms, appGroupIndexes);
addressRanges, addressGroupOffsets,
appPaths, appPerms, appGroupIndexes);
return confIoSize;
}
@ -96,8 +88,6 @@ int ConfUtil::writeFlags(const FirewallConf &conf, QByteArray &buf)
confFlags->filter_enabled = conf.filterEnabled();
confFlags->stop_traffic = conf.stopTraffic();
confFlags->stop_inet_traffic = conf.stopInetTraffic();
confFlags->ip_include_all = conf.ipInclude()->useAll();
confFlags->ip_exclude_all = conf.ipExclude()->useAll();
confFlags->app_block_all = conf.appBlockAll();
confFlags->app_allow_all = conf.appAllowAll();
confFlags->log_blocked = conf.logBlocked();
@ -107,10 +97,61 @@ int ConfUtil::writeFlags(const FirewallConf &conf, QByteArray &buf)
return flagsSize;
}
bool ConfUtil::parseAddressGroups(const QList<AddressGroup *> &addressGroups,
addrranges_arr_t &addressRanges,
numbers_arr_t &addressGroupOffsets,
quint32 &addressGroupsSize)
{
const int groupsCount = addressGroups.size();
addressGroupsSize = groupsCount * sizeof(quint32); // offsets
for (int i = 0; i < groupsCount; ++i) {
AddressGroup *addressGroup = addressGroups.at(i);
AddressRange &addressRange = addressRanges[i];
addressRange.setIncludeAll(addressGroup->includeAll());
addressRange.setExcludeAll(addressGroup->excludeAll());
if (!addressRange.includeRange()
.fromText(addressGroup->includeText())) {
setErrorMessage(tr("Bad Include IP address: %1")
.arg(addressRange.includeRange()
.errorLineAndMessage()));
return false;
}
if (!addressRange.excludeRange()
.fromText(addressGroup->excludeText())) {
setErrorMessage(tr("Bad Exclude IP address: %1")
.arg(addressRange.excludeRange()
.errorLineAndMessage()));
return false;
}
const int incRangeSize = addressRange.includeRange().size();
const int excRangeSize = addressRange.excludeRange().size();
if (incRangeSize > FORT_CONF_IP_MAX
|| excRangeSize > FORT_CONF_IP_MAX) {
setErrorMessage(tr("Too many IP addresses"));
return false;
}
addressGroupOffsets.append(addressGroupsSize);
addressGroupsSize += FORT_CONF_ADDR_DATA_OFF
+ FORT_CONF_IP_RANGE_SIZE(incRangeSize)
+ FORT_CONF_IP_RANGE_SIZE(excRangeSize);
}
return true;
}
bool ConfUtil::parseAppGroups(const QList<AppGroup *> &appGroups,
QStringList &appPaths,
int &appPathsLen,
appperms_arr_t &appPerms,
quint32 &appPathsLen,
numbers_arr_t &appPerms,
appgroups_map_t &appGroupIndexes)
{
const int groupsCount = appGroups.size();
@ -213,33 +254,23 @@ QString ConfUtil::parseAppPath(const QStringRef &line)
}
void ConfUtil::writeData(char *output, const FirewallConf &conf,
const Ip4Range &incRange, const Ip4Range &excRange,
const addrranges_arr_t &addressRanges,
const numbers_arr_t &addressGroupOffsets,
const QStringList &appPaths,
const appperms_arr_t &appPerms,
const numbers_arr_t &appPerms,
const appgroups_map_t &appGroupIndexes)
{
PFORT_CONF_IO drvConfIo = (PFORT_CONF_IO) output;
PFORT_CONF drvConf = &drvConfIo->conf;
char *data = (char *) &drvConf->data;
const quint32 incRangeSize = incRange.size();
const quint32 excRangeSize = excRange.size();
char *data = drvConf->data;
const quint32 appPathsSize = appPaths.size();
quint32 incRangeFromOff, incRangeToOff;
quint32 excRangeFromOff, excRangeToOff;
quint32 addrGroupsOff;
quint32 appPathsOff, appPermsOff, appGroupsOff;
#define CONF_DATA_OFFSET (data - (char *) &drvConf->data)
incRangeFromOff = CONF_DATA_OFFSET;
writeNumbers(&data, incRange.fromArray());
incRangeToOff = CONF_DATA_OFFSET;
writeNumbers(&data, incRange.toArray());
excRangeFromOff = CONF_DATA_OFFSET;
writeNumbers(&data, excRange.fromArray());
excRangeToOff = CONF_DATA_OFFSET;
writeNumbers(&data, excRange.toArray());
#define CONF_DATA_OFFSET (data - drvConf->data)
addrGroupsOff = CONF_DATA_OFFSET;
writeNumbers(&data, addressGroupOffsets);
writeAddressRanges(&data, addressRanges);
appGroupsOff = CONF_DATA_OFFSET;
writeChars(&data, appGroupIndexes.values().toVector());
@ -261,9 +292,6 @@ void ConfUtil::writeData(char *output, const FirewallConf &conf,
drvConf->flags.stop_traffic = conf.stopTraffic();
drvConf->flags.stop_inet_traffic = conf.stopInetTraffic();
drvConf->flags.ip_include_all = conf.ipInclude()->useAll();
drvConf->flags.ip_exclude_all = conf.ipExclude()->useAll();
drvConf->flags.app_block_all = conf.appBlockAll();
drvConf->flags.app_allow_all = conf.appAllowAll();
@ -274,18 +302,9 @@ void ConfUtil::writeData(char *output, const FirewallConf &conf,
FortCommon::confAppPermsMaskInit(drvConf);
drvConf->data_off = FORT_CONF_DATA_OFF;
drvConf->ip_include_n = incRangeSize;
drvConf->ip_exclude_n = excRangeSize;
drvConf->apps_n = appPathsSize;
drvConf->ip_from_include_off = incRangeFromOff;
drvConf->ip_to_include_off = incRangeToOff;
drvConf->ip_from_exclude_off = excRangeFromOff;
drvConf->ip_to_exclude_off = excRangeToOff;
drvConf->addr_groups_off = addrGroupsOff;
drvConf->app_groups_off = appGroupsOff;
drvConf->app_perms_off = appPermsOff;
@ -316,6 +335,38 @@ quint16 ConfUtil::writeLimits(struct fort_conf_limit *limits,
return limitBits;
}
void ConfUtil::writeAddressRanges(char **data,
const addrranges_arr_t &addressRanges)
{
const int rangesCount = addressRanges.size();
for (int i = 0; i < rangesCount; ++i) {
const AddressRange &addressRange = addressRanges[i];
writeAddressRange(data, addressRange);
}
}
void ConfUtil::writeAddressRange(char **data,
const AddressRange &addressRange)
{
PFORT_CONF_ADDR_GROUP addrGroup = PFORT_CONF_ADDR_GROUP(*data);
addrGroup->include_all = addressRange.includeAll();
addrGroup->exclude_all = addressRange.excludeAll();
addrGroup->include_n = addressRange.includeRange().fromArray().size();
addrGroup->exclude_n = addressRange.excludeRange().fromArray().size();
*data += FORT_CONF_ADDR_DATA_OFF;
writeNumbers(data, addressRange.includeRange().fromArray());
writeNumbers(data, addressRange.includeRange().toArray());
writeNumbers(data, addressRange.excludeRange().fromArray());
writeNumbers(data, addressRange.excludeRange().toArray());
}
void ConfUtil::writeNumbers(char **data, const QVector<quint32> &array)
{
const int arraySize = array.size() * sizeof(quint32);

28
src/ui/util/confutil.h → src/ui/util/conf/confutil.h
View File

@ -7,14 +7,19 @@
#include <QObject>
#include <QVector>
#include "addressrange.h"
QT_FORWARD_DECLARE_CLASS(AddressGroup)
QT_FORWARD_DECLARE_CLASS(AppGroup)
QT_FORWARD_DECLARE_CLASS(FirewallConf)
QT_FORWARD_DECLARE_CLASS(Ip4Range)
QT_FORWARD_DECLARE_STRUCT(fort_conf_limit)
typedef QVector<quint32> numbers_arr_t;
typedef QVarLengthArray<AddressRange, 2> addrranges_arr_t;
typedef QMap<QString, quint32> appperms_map_t;
typedef QVector<quint32> appperms_arr_t;
typedef QMap<QString, qint8> appgroups_map_t;
class ConfUtil : public QObject
@ -37,11 +42,16 @@ public slots:
private:
void setErrorMessage(const QString &errorMessage);
bool parseAddressGroups(const QList<AddressGroup *> &addressGroups,
addrranges_arr_t &addressRanges,
numbers_arr_t &addressGroupOffsets,
quint32 &addressGroupsSize);
// Convert app. groups to plain lists
bool parseAppGroups(const QList<AppGroup *> &appGroups,
QStringList &appPaths,
int &appPathsLen,
appperms_arr_t &appPerms,
quint32 &appPathsLen,
numbers_arr_t &appPerms,
appgroups_map_t &appGroupIndexes);
bool parseApps(const QString &text, bool blocked,
@ -52,14 +62,20 @@ private:
static QString parseAppPath(const QStringRef &line);
static void writeData(char *output, const FirewallConf &conf,
const Ip4Range &incRange, const Ip4Range &excRange,
const addrranges_arr_t &addressRanges,
const numbers_arr_t &addressGroupOffsets,
const QStringList &appPaths,
const appperms_arr_t &appPerms,
const numbers_arr_t &appPerms,
const appgroups_map_t &appGroupIndexes);
static quint16 writeLimits(struct fort_conf_limit *limits,
const QList<AppGroup *> &appGroups);
static void writeAddressRanges(char **data,
const addrranges_arr_t &addressRanges);
static void writeAddressRange(char **data,
const AddressRange &addressRange);
static void writeNumbers(char **data, const QVector<quint32> &array);
static void writeChars(char **data, const QVector<qint8> &array);
static void writeStrings(char **data, const QStringList &list);

12
src/ui/util/net/ip4range.cpp
View File

@ -11,6 +11,15 @@ Ip4Range::Ip4Range(QObject *parent) :
{
}
void Ip4Range::clear()
{
m_errorLineNo = 0;
m_errorMessage = QString();
m_fromArray.clear();
m_toArray.clear();
}
void Ip4Range::setErrorLineNo(int lineNo)
{
if (m_errorLineNo != lineNo) {
@ -52,8 +61,7 @@ QString Ip4Range::toText()
bool Ip4Range::fromText(const QString &text)
{
m_fromArray.clear();
m_toArray.clear();
clear();
ip4range_map_t ipRangeMap;

2
src/ui/util/net/ip4range.h
View File

@ -40,6 +40,8 @@ signals:
void errorMessageChanged();
public slots:
void clear();
QString toText();
// Parse IPv4 ranges from text