Permalink
Browse files

Update to make _exp_ string a #define

Replaced all instances of "_exp_" with the #define EXPIRE_COMMENT_PREFIX so
that the prefix can easily be changed. so
that the prefix can easily be changed. so
that the prefix can easily be changed. so
that the prefix can easily be changed.
  • Loading branch information...
1 parent 2531896 commit 88b6d44f1f70daf951cf7e1d237114f96ad30a9a @mrash committed Sep 8, 2011
Showing with 18 additions and 16 deletions.
  1. +2 −0 server/fw_util.h
  2. +3 −3 server/fw_util_ipfw.c
  3. +1 −1 server/fw_util_ipfw.h
  4. +3 −3 server/fw_util_iptables.c
  5. +5 −5 server/fw_util_iptables.h
  6. +3 −3 server/fw_util_pf.c
  7. +1 −1 server/fw_util_pf.h
View
2 server/fw_util.h
@@ -36,6 +36,8 @@
#define STANDARD_CMD_OUT_BUFSIZE 4096
+#define EXPIRE_COMMENT_PREFIX "_exp_"
+
#if FIREWALL_IPTABLES
#include "fw_util_iptables.h"
#elif FIREWALL_IPFW
View
6 server/fw_util_ipfw.c
@@ -525,7 +525,7 @@ check_firewall_rules(fko_srv_options_t *opts)
/* Find the first _exp_ string (if any).
*/
- ndx = strstr(cmd_out, "_exp_");
+ ndx = strstr(cmd_out, EXPIRE_COMMENT_PREFIX);
if(ndx == NULL)
{
@@ -543,7 +543,7 @@ check_firewall_rules(fko_srv_options_t *opts)
while (ndx != NULL) {
/* Jump forward and extract the timestamp
*/
- ndx +=5;
+ ndx += strlen(EXPIRE_COMMENT_PREFIX);
/* remember this spot for when we look for the next
* rule.
@@ -634,7 +634,7 @@ check_firewall_rules(fko_srv_options_t *opts)
/* Push our tracking index forward beyond (just processed) _exp_
* string so we can continue to the next rule in the list.
*/
- ndx = strstr(tmp_mark, "_exp_");
+ ndx = strstr(tmp_mark, EXPIRE_COMMENT_PREFIX);
}
/* Set the next pending expire time accordingly. 0 if there are no
View
2 server/fw_util_ipfw.h
@@ -40,7 +40,7 @@ enum {
/* ipfw command args
*/
-#define IPFW_ADD_RULE_ARGS "add %u set %u pass %u from %s to me dst-port %u setup keep-state // _exp_%u"
+#define IPFW_ADD_RULE_ARGS "add %u set %u pass %u from %s to me dst-port %u setup keep-state // " EXPIRE_COMMENT_PREFIX "%u"
#define IPFW_ADD_CHECK_STATE_ARGS "add %u set %u check-state"
#define IPFW_MOVE_RULE_ARGS "set move rule %u to %u"
#define IPFW_MOVE_SET_ARGS "set move %u to %u"
View
6 server/fw_util_iptables.c
@@ -798,7 +798,7 @@ check_firewall_rules(fko_srv_options_t *opts)
if(opts->verbose > 2)
log_msg(LOG_INFO, "RES=%i, CMD_BUF: %s\nRULES LIST: %s", res, cmd_buf, cmd_out);
- ndx = strstr(cmd_out, "_exp_");
+ ndx = strstr(cmd_out, EXPIRE_COMMENT_PREFIX);
if(ndx == NULL)
{
/* we did not find an expected rule.
@@ -815,7 +815,7 @@ check_firewall_rules(fko_srv_options_t *opts)
while (ndx != NULL) {
/* Jump forward and extract the timestamp
*/
- ndx +=5;
+ ndx += strlen(EXPIRE_COMMENT_PREFIX);
/* remember this spot for when we look for the next
* rule.
@@ -901,7 +901,7 @@ check_firewall_rules(fko_srv_options_t *opts)
/* Push our tracking index forward beyond (just processed) _exp_
* string so we can continue to the next rule in the list.
*/
- ndx = strstr(tmp_mark, "_exp_");
+ ndx = strstr(tmp_mark, EXPIRE_COMMENT_PREFIX);
}
/* Set the next pending expire time accordingly. 0 if there are no
View
10 server/fw_util_iptables.h
@@ -35,11 +35,11 @@
/* iptables command args
*/
-#define IPT_ADD_RULE_ARGS "-t %s -A %s -p %i -s %s --dport %i -m comment --comment _exp_%u -j %s 2>&1"
-#define IPT_ADD_OUT_RULE_ARGS "-t %s -A %s -p %i -d %s --sport %i -m comment --comment _exp_%u -j %s 2>&1"
-#define IPT_ADD_FWD_RULE_ARGS "-t %s -A %s -p %i -s %s -d %s --dport %i -m comment --comment _exp_%u -j %s 2>&1"
-#define IPT_ADD_DNAT_RULE_ARGS "-t %s -A %s -p %i -s %s --dport %i -m comment --comment _exp_%u -j %s --to-destination %s:%i 2>&1"
-#define IPT_ADD_SNAT_RULE_ARGS "-t %s -A %s -p %i -d %s --dport %i -m comment --comment _exp_%u -j %s %s 2>&1"
+#define IPT_ADD_RULE_ARGS "-t %s -A %s -p %i -s %s --dport %i -m comment --comment " EXPIRE_COMMENT_PREFIX "%u -j %s 2>&1"
+#define IPT_ADD_OUT_RULE_ARGS "-t %s -A %s -p %i -d %s --sport %i -m comment --comment " EXPIRE_COMMENT_PREFIX "%u -j %s 2>&1"
+#define IPT_ADD_FWD_RULE_ARGS "-t %s -A %s -p %i -s %s -d %s --dport %i -m comment --comment " EXPIRE_COMMENT_PREFIX "%u -j %s 2>&1"
+#define IPT_ADD_DNAT_RULE_ARGS "-t %s -A %s -p %i -s %s --dport %i -m comment --comment " EXPIRE_COMMENT_PREFIX "%u -j %s --to-destination %s:%i 2>&1"
+#define IPT_ADD_SNAT_RULE_ARGS "-t %s -A %s -p %i -d %s --dport %i -m comment --comment " EXPIRE_COMMENT_PREFIX "%u -j %s %s 2>&1"
#define IPT_DEL_RULE_ARGS "-t %s -D %s %i 2>&1"
#define IPT_NEW_CHAIN_ARGS "-t %s -N %s 2>&1"
#define IPT_FLUSH_CHAIN_ARGS "-t %s -F %s 2>&1"
View
6 server/fw_util_pf.c
@@ -394,7 +394,7 @@ check_firewall_rules(fko_srv_options_t *opts)
/* Find the first _exp_ string (if any).
*/
- ndx = strstr(cmd_out, "_exp_");
+ ndx = strstr(cmd_out, EXPIRE_COMMENT_PREFIX);
if(ndx == NULL)
{
@@ -414,7 +414,7 @@ check_firewall_rules(fko_srv_options_t *opts)
{
/* Jump forward and extract the timestamp
*/
- ndx +=5;
+ ndx += strlen(EXPIRE_COMMENT_PREFIX);
/* remember this spot for when we look for the next
* rule.
@@ -499,7 +499,7 @@ check_firewall_rules(fko_srv_options_t *opts)
/* Push our tracking index forward beyond (just processed) _exp_
* string so we can continue to the next rule in the list.
*/
- ndx = strstr(tmp_mark, "_exp_");
+ ndx = strstr(tmp_mark, EXPIRE_COMMENT_PREFIX);
}
View
2 server/fw_util_pf.h
@@ -37,7 +37,7 @@
/* pf command args
*/
-#define PF_ADD_RULE_ARGS "pass in quick proto %u from %s to any port %u keep state label _exp_%u"
+#define PF_ADD_RULE_ARGS "pass in quick proto %u from %s to any port %u keep state label " EXPIRE_COMMENT_PREFIX "%u"
#define PF_WRITE_ANCHOR_RULES_ARGS "-a %s -f -"
#define PF_LIST_ANCHOR_RULES_ARGS "-a %s -s rules 2>&1"
#define PF_LIST_ALL_RULES_ARGS "-s rules 2>&1" /* to check for fwknop anchor */

0 comments on commit 88b6d44

Please sign in to comment.