Merge branch 'feature/UCIFirewall' into develop
Cadoles/owrt/develop There was a failure building this commit Details
Cadoles/owrt/pipeline/head There was a failure building this commit Details

This commit is contained in:
Philippe Caseiro 2018-11-07 16:37:54 +01:00
commit 62269fbc86
12 changed files with 552 additions and 24 deletions

27
uci.go
View File

@ -13,22 +13,25 @@ type Action struct {
// UCI "Object"
type UCI struct {
exec Executor
Wireless *UCIWirelessConf
exec Executor
CustomFirewallFile string
Wireless *UCIWirelessConf
}
// NewUCI return an UCI instance to interact with UCI
func NewUCI() *UCI {
exec := &localExecutor{}
customFWFile := "/etc/"
wireless := &UCIWirelessConf{}
return &UCI{exec, wireless}
return &UCI{exec, customFWFile, wireless}
}
// NewUCIWithExecutor returns a UCI Instance an gives you the ability to provide
// a different command executor than the default one.
func NewUCIWithExecutor(exec Executor) *UCI {
func NewUCIWithExecutor(exec Executor, customFWFile string) *UCI {
wireless := &UCIWirelessConf{}
return &UCI{exec, wireless}
return &UCI{exec, customFWFile, wireless}
}
// uciRun, private method to run the UCI command
@ -157,3 +160,17 @@ func (u *UCI) GetWifiDeviceByName(name string) map[string]string {
}
return nil
}
// Service make restart services via the UCI client possible
func (u *UCI) Service(name string, action string) error {
sys := NewSystemWithExecutor(u.exec)
res := sys.Service(name, action)
if res.ReturnCode != 0 {
return fmt.Errorf("%d - %s - %s - %s",
res.ReturnCode,
res.Command,
res.Stdout,
res.Stderr)
}
return nil
}

View File

@ -20,7 +20,7 @@ const (
func TestNetCreateWithDHCP(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
iface := NewUCINetworkInterface(uci)
iface.Name = ifNameDHCP
@ -44,7 +44,7 @@ func TestNetCreateWithDHCP(t *testing.T) {
func TestNetUpdateWithDHCP(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
iface := NewUCINetworkInterface(uci)
iface.Name = ifNameDHCP
@ -80,7 +80,7 @@ func TestNetUpdateWithDHCP(t *testing.T) {
func TestNetDeleteWithDHCP(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
iface := NewUCINetworkInterface(uci)
iface.Name = ifNameDHCP

View File

@ -0,0 +1,109 @@
package owrt
import (
"fmt"
"io/ioutil"
"os"
"strings"
)
// UCIFirewallCustomRule is the description of an Wireless interface (cf Openwrt doc) on top of an Wireless Device
type UCIFirewallCustomRule struct {
Name string
Rule string
UCI *UCI
}
// NewUCIFirewallCustomRule builds a new UCIFirewallCustomRule instance
func NewUCIFirewallCustomRule(client *UCI) *UCIFirewallCustomRule {
return &UCIFirewallCustomRule{
UCI: client,
}
}
// Create add a new firewall rule in UCI Configuration
func (cr *UCIFirewallCustomRule) Create() error {
var file *os.File
customFWFile := cr.UCI.CustomFirewallFile
fmt.Printf("DEBUG %s\n", customFWFile)
_, stErr := os.Stat(customFWFile)
if os.IsNotExist(stErr) {
var err error
file, err = os.Create(customFWFile)
if err != nil {
return err
}
} else {
var oErr error
file, oErr = os.OpenFile(customFWFile, os.O_RDWR, 0644)
if oErr != nil {
return oErr
}
}
defer file.Close()
line := fmt.Sprintf("%s # %s", cr.Rule, cr.Name)
_, err := file.WriteString(line)
return err
}
// Save commit and relaod configuration (writes it to files !)
func (cr *UCIFirewallCustomRule) Save() error {
reload := cr.UCI.Reload()
if reload.ReturnCode != 0 {
return fmt.Errorf("%d - %s - %s - %s",
reload.ReturnCode,
reload.Command,
reload.Stdout,
reload.Stderr)
}
sErr := cr.UCI.Service("firewall", "restart")
return sErr
}
// Delete remove wifi interface from UCI Configuration
func (cr *UCIFirewallCustomRule) Delete() error {
input, err := ioutil.ReadFile(cr.UCI.CustomFirewallFile)
if err != nil {
return err
}
lines := strings.Split(string(input), "\n")
var out []string
for _, line := range lines {
if !strings.Contains(line, cr.Name) {
out = append(out, line)
}
}
output := strings.Join(out, "\n")
err = ioutil.WriteFile(cr.UCI.CustomFirewallFile, []byte(output), 0644)
return err
}
// Update add a new entry for wifi interface in UCI Configuration
func (cr *UCIFirewallCustomRule) Update() error {
input, err := ioutil.ReadFile(cr.UCI.CustomFirewallFile)
if err != nil {
return err
}
lines := strings.Split(string(input), "\n")
var out []string
for _, line := range lines {
if strings.Contains(line, cr.Name) {
nContent := fmt.Sprintf("%s # %s", cr.Rule, cr.Name)
out = append(out, nContent)
} else {
out = append(out, line)
}
}
output := strings.Join(out, "\n")
err = ioutil.WriteFile(cr.UCI.CustomFirewallFile, []byte(output), 0644)
return err
}

View File

@ -0,0 +1,71 @@
package owrt
import (
"io/ioutil"
"os"
"strings"
"testing"
)
const (
ruleA = "iptables -A PREROUTING -i br-dds -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.100.10.1:8443"
ruleB = "iptables -A PREROUTING -i br-dds -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.100.10.1:8080"
)
func TestFWCustomRuleCreate(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec, "/tmp/myCustomRuleFile")
_, sErr := os.Stat(uci.CustomFirewallFile)
if os.IsExist(sErr) {
rErr := os.Remove(uci.CustomFirewallFile)
if rErr != nil {
t.Fatal("Error cleaning temporary file")
}
}
custom := NewUCIFirewallCustomRule(uci)
custom.Name = "TestRule"
custom.Rule = ruleA
create := custom.Create()
if create != nil {
t.Fatalf("UCIFirewallCustomRule.Create() failed !\n%s", create.Error())
}
sv := custom.Save()
if sv != nil {
t.Fatalf("%s", sv.Error())
}
}
func TestFWCustomRuleUpdate(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec, "/tmp/myCustomRuleFile")
custom := NewUCIFirewallCustomRule(uci)
custom.Name = "SecondRule"
custom.Rule = ruleB
if cr := custom.Create(); cr != nil {
t.Fatalf("UCIFirewallCustomRule.Create() failed !\n%s", cr.Error())
}
b, err := ioutil.ReadFile(uci.CustomFirewallFile)
if err != nil {
t.Fatalf("%s", err.Error())
}
if !strings.Contains(string(b), ruleB) {
t.Fatalf("Rule is not present in %s file", uci.CustomFirewallFile)
}
custom.Rule = ruleA
if uErr := custom.Update(); uErr != nil {
t.Fatalf("UCIFirewallCustomRule.Update() faild ! %s", uErr.Error())
}
sv := custom.Save()
if sv != nil {
t.Fatalf("%s", sv.Error())
}
}

90
uci_firewall_redirect.go Normal file
View File

@ -0,0 +1,90 @@
package owrt
import (
"fmt"
)
// UCIFirewallRedirect is the description of an Wireless interface (cf Openwrt doc) on top of an Wireless Device
type UCIFirewallRedirect struct {
Name string
Index int
Src string
Dest string
Target string
Proto string
SrcDIP string
SrcDPort string
DestIP string
DestPort string
}
// NewUCIFirewallRedirect builds a new UCIFirewallRedirect instance
func NewUCIFirewallRedirect() *UCIFirewallRedirect {
return &UCIFirewallRedirect{}
}
// Create add a new firewall rule in UCI Configuration
func (rd *UCIFirewallRedirect) Create(uci *UCI) *Action {
confPrefix := fmt.Sprintf("firewall.@redirect[%d]", rd.Index)
conf := make(map[string][]string)
conf["name"] = append(conf["name"], fmt.Sprintf("%s.name", confPrefix), rd.Name)
conf["src"] = append(conf["src"], fmt.Sprintf("%s.src", confPrefix), rd.Src)
conf["target"] = append(conf["target"], fmt.Sprintf("%s.target", confPrefix), rd.Target)
conf["proto"] = append(conf["proto"], fmt.Sprintf("%s.proto", confPrefix), rd.Proto)
conf["src_dip"] = append(conf["src_dip"], fmt.Sprintf("%s.src_dip", confPrefix), rd.SrcDIP)
conf["src_dport"] = append(conf["src_dport"], fmt.Sprintf("%s.src_dport", confPrefix), rd.SrcDPort)
conf["dest_ip"] = append(conf["dest_ip"], fmt.Sprintf("%s.dest_ip", confPrefix), rd.DestIP)
conf["dest_port"] = append(conf["dest_port"], fmt.Sprintf("%s.dest_port", confPrefix), rd.DestPort)
uci.Add("firewall", "redirect")
for _, value := range conf {
if value[1] != "" {
result := uci.Set(value[0], value[1])
if result.ReturnCode != 0 {
return result
}
}
}
return &Action{
CommandResult: &CommandResult{
Stdout: "",
Stderr: "",
ReturnCode: 0,
},
}
}
// Save commit and relaod configuration (writes it to files !)
func (rd *UCIFirewallRedirect) Save(uci *UCI) *Action {
commitRes := uci.Commit()
if commitRes.ReturnCode != 0 {
return commitRes
}
reload := uci.Reload()
return reload
}
// Delete remove wifi interface from UCI Configuration
func (rd *UCIFirewallRedirect) Delete(uci *UCI) *Action {
toDelete := fmt.Sprintf("firewall.@redirect[%d]", rd.Index)
del := uci.Delete(toDelete)
if del.ReturnCode != 0 {
return del
}
return uci.Commit()
}
// Update add a new entry for wifi interface in UCI Configuration
func (rd *UCIFirewallRedirect) Update(uci *UCI) *Action {
rd.Delete(uci)
create := rd.Create(uci)
if create.ReturnCode != 0 {
return create
}
return uci.Commit()
}

View File

@ -0,0 +1,83 @@
package owrt
import (
"testing"
)
const (
redirectName = "Test"
redirectIndex = -1
redirectSrc = "10.10.10.10/24"
redirectTarget = "ACCEPT"
redirectProto = "tcp"
redirectSrcDIP = "1.1.1.1"
redirectSrcDPort = "333"
redirectDestIP = "10.10.10.10"
redirectDestPort = "22"
)
func TestFWRedirectCreate(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec, "")
redirect := NewUCIFirewallRedirect()
redirect.Name = redirectName
redirect.Index = redirectIndex
redirect.Src = redirectSrc
redirect.Target = redirectTarget
redirect.Proto = redirectProto
redirect.SrcDIP = redirectSrcDIP
redirect.SrcDPort = redirectSrcDPort
redirect.DestIP = redirectDestIP
redirect.DestPort = redirectDestPort
if redirect.Create(uci).ReturnCode != 0 {
t.Fatalf("UCIFirewallRedirect.Create() failed !")
}
}
func TestFWRedirectUpdate(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec, "")
redirect := NewUCIFirewallRedirect()
redirect.Name = redirectName
redirect.Index = redirectIndex
redirect.Src = redirectSrc
redirect.Target = redirectTarget
redirect.Proto = redirectProto
redirect.SrcDIP = redirectSrcDIP
redirect.SrcDPort = redirectSrcDPort
redirect.DestIP = redirectDestIP
redirect.DestPort = redirectDestPort
if redirect.Create(uci).ReturnCode != 0 {
t.Fatalf("UCIFirewallRedirect.Create() failed !")
}
redirect.Name = "NewRedirect"
if redirect.Update(uci).ReturnCode != 0 {
t.Fatalf("UCIFirewallRedirect.Update() failed !")
}
}
func TestFWRedirectDelete(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec, "")
redirect := NewUCIFirewallRedirect()
redirect.Name = redirectName
redirect.Index = redirectIndex
redirect.Src = redirectSrc
redirect.Target = redirectTarget
redirect.Proto = redirectProto
redirect.SrcDIP = redirectSrcDIP
redirect.SrcDPort = redirectSrcDPort
redirect.DestIP = redirectDestIP
redirect.DestPort = redirectDestPort
if redirect.Delete(uci).ReturnCode != 0 {
t.Fatalf("UCIWirelessInterface.Delete() failed !")
}
}

83
uci_firewall_rules.go Normal file
View File

@ -0,0 +1,83 @@
package owrt
import (
"fmt"
)
// UCIFirewallRule is the description of an Wireless interface (cf Openwrt doc) on top of an Wireless Device
type UCIFirewallRule struct {
Name string
Index int
Src string
Target string
Proto string
DestPort string
SourcePort string
}
// NewUCIFirewallRule builds a new UCIFirewallRule instance
func NewUCIFirewallRule() *UCIFirewallRule {
return &UCIFirewallRule{}
}
// Create add a new firewall rule in UCI Configuration
func (fw *UCIFirewallRule) Create(uci *UCI) *Action {
confPrefix := fmt.Sprintf("firewall.@rule[%d]", fw.Index)
conf := make(map[string][]string)
conf["name"] = append(conf["network"], fmt.Sprintf("%s.name", confPrefix), fw.Name)
conf["src"] = append(conf["src"], fmt.Sprintf("%s.src", confPrefix), fw.Src)
conf["target"] = append(conf["target"], fmt.Sprintf("%s.target", confPrefix), fw.Target)
conf["proto"] = append(conf["proto"], fmt.Sprintf("%s.proto", confPrefix), fw.Proto)
conf["dest_port"] = append(conf["dest_port"], fmt.Sprintf("%s.dest_port", confPrefix), fw.DestPort)
conf["src_port"] = append(conf["src_port"], fmt.Sprintf("%s.src_port", confPrefix), fw.SourcePort)
uci.Add("firewall", "rule")
for _, value := range conf {
if value[1] != "" {
result := uci.Set(value[0], value[1])
if result.ReturnCode != 0 {
return result
}
}
}
return &Action{
CommandResult: &CommandResult{
Stdout: "",
Stderr: "",
ReturnCode: 0,
},
}
}
// Save commit and relaod configuration (writes it to files !)
func (fw *UCIFirewallRule) Save(uci *UCI) *Action {
commitRes := uci.Commit()
if commitRes.ReturnCode != 0 {
return commitRes
}
reload := uci.Reload()
return reload
}
// Delete remove wifi interface from UCI Configuration
func (fw *UCIFirewallRule) Delete(uci *UCI) *Action {
toDelete := fmt.Sprintf("firewall.@rule[%d]", fw.Index)
del := uci.Delete(toDelete)
if del.ReturnCode != 0 {
return del
}
return uci.Commit()
}
// Update add a new entry for wifi interface in UCI Configuration
func (fw *UCIFirewallRule) Update(uci *UCI) *Action {
fw.Delete(uci)
create := fw.Create(uci)
if create.ReturnCode != 0 {
return create
}
return uci.Commit()
}

View File

@ -0,0 +1,75 @@
package owrt
import (
"testing"
)
const (
ruleName = "Test"
ruleIndex = -1
ruleSrc = "10.10.10.10/24"
ruleTarget = "ACCEPT"
ruleProto = "tcp"
ruleDestPort = "80"
ruleSourcePort = "8080"
)
func TestFWRuleCreate(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec, "")
rule := NewUCIFirewallRule()
rule.Name = ruleName
rule.Index = ruleIndex
rule.Src = ruleSrc
rule.Target = ruleTarget
rule.Proto = ruleProto
rule.DestPort = ruleDestPort
rule.SourcePort = ruleSourcePort
if rule.Create(uci).ReturnCode != 0 {
t.Fatalf("UCIFirewallRule.Create() failed !")
}
}
func TestFWRuleUpdate(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec, "")
rule := NewUCIFirewallRule()
rule.Name = ruleName
rule.Index = ruleIndex
rule.Src = ruleSrc
rule.Target = ruleTarget
rule.Proto = ruleProto
rule.DestPort = ruleDestPort
rule.SourcePort = ruleSourcePort
if rule.Create(uci).ReturnCode != 0 {
t.Fatalf("UCIFirewallRule.Create() failed !")
}
rule.Name = "Tutu"
if rule.Update(uci).ReturnCode != 0 {
t.Fatalf("UCIFirewallRule.Update() failed !")
}
}
func TestFWRuleDelete(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec, "")
rule := NewUCIFirewallRule()
rule.Name = ruleName
rule.Index = ruleIndex
rule.Src = ruleSrc
rule.Target = ruleTarget
rule.Proto = ruleProto
rule.DestPort = ruleDestPort
rule.SourcePort = ruleSourcePort
if rule.Delete(uci).ReturnCode != 0 {
t.Fatalf("UCIWirelessInterface.Delete() failed !")
}
}

View File

@ -17,7 +17,7 @@ const (
func TestNetCreate(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
iface := NewUCINetworkInterface(uci)
iface.Name = ifName
@ -36,7 +36,7 @@ func TestNetCreate(t *testing.T) {
func TestNetUpdate(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
iface := NewUCINetworkInterface(uci)
iface.Name = ifName
@ -61,7 +61,7 @@ func TestNetUpdate(t *testing.T) {
func TestNetDelete(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
iface := NewUCINetworkInterface(uci)
iface.Name = ifName

View File

@ -8,7 +8,7 @@ import (
func TestUCIAdd(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
res := uci.Add("wireless", "test")
if res.ReturnCode != 0 {
t.Error("Bad Return Code !")
@ -25,7 +25,7 @@ func TestUCIAdd(t *testing.T) {
func TestUCIAddFailed(t *testing.T) {
exec := createMockExecutor("", "BigError", 3)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
res := uci.Add("wireless", "test")
if res.ReturnCode != 3 {
t.Error("Bad Return Code !")
@ -34,7 +34,7 @@ func TestUCIAddFailed(t *testing.T) {
func TestUCIDelete(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
res := uci.Delete("wireless.@wifi-iface[1]")
if res.ReturnCode != 0 {
t.Error("Bad Return Code !")
@ -51,7 +51,7 @@ func TestUCIDelete(t *testing.T) {
func TestUCISet(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
res := uci.Set("wireless.@wifi-iface[1].network", "OrionNetwork")
if res.ReturnCode != 0 {
t.Error("Bad Return Code !")
@ -68,7 +68,7 @@ func TestUCISet(t *testing.T) {
func TestUCICommit(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
res := uci.Commit()
if res.ReturnCode != 0 {
t.Error("Bad Return Code !")
@ -85,7 +85,7 @@ func TestUCICommit(t *testing.T) {
func TestUCIReload(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
res := uci.Reload()
if res.ReturnCode != 0 {
t.Error("Bad Return Code !")
@ -106,7 +106,7 @@ func TestGetWifiIfaceBySSID(t *testing.T) {
t.Fatal(err)
}
exec := createMockExecutor(string(config), "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
uci.LoadWirelessConf()
wifi := uci.GetWifiIfaceBySSID("Pyxis2")
fmt.Printf("%s\n", wifi.Ssid)

View File

@ -11,7 +11,7 @@ func TestUCIGetWirelessConf(t *testing.T) {
t.Fatal(err)
}
exec := createMockExecutor(string(config), "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
uci.LoadWirelessConf()
if g, e := uci.Wireless.DefaultInterface["Name"], "wifi-iface"; g != e {
t.Fatalf("DefaultDevice.Name is expected to be [%s] and we have [%s]", e, g)
@ -22,7 +22,7 @@ func TestUCIGetWirelessConf(t *testing.T) {
t.Fatal(err)
}
exec = createMockExecutor(string(config), "", 0)
uci = NewUCIWithExecutor(exec)
uci = NewUCIWithExecutor(exec, "")
uci.LoadWirelessConf()
if g, e := uci.Wireless.Interfaces[1].Name, "wifi-iface"; g != e {
t.Fatalf("DefaultDevice.Name is expected to be [%s] and we have [%s]", e, g)

View File

@ -56,7 +56,7 @@ func TestGetSysDevName(t *testing.T) {
func TestCreate(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
iface := NewUCIWirelessInterface()
iface.Name = ifaceName
@ -75,7 +75,7 @@ func TestCreate(t *testing.T) {
func TestUpdate(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
iface := NewUCIWirelessInterface()
iface.Name = ifaceName
@ -102,7 +102,7 @@ func TestUpdate(t *testing.T) {
func TestDelete(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
iface := NewUCIWirelessInterface()
iface.Name = ifaceName
@ -124,7 +124,7 @@ func TestDelete(t *testing.T) {
func TestConnect(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
iface := NewUCIWirelessInterface()
iface.Name = ifaceName