Cadoles
/
owrt
10
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'feature/UCIFirewall' into develop
Cadoles/owrt/develop There was a failure building this commit Details
Cadoles/owrt/pipeline/head There was a failure building this commit Details

This commit is contained in:
Philippe Caseiro 2018-11-07 16:37:54 +01:00
parent a36ecb2f68 77fe2a91dd
commit 62269fbc86
12 changed files with 552 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
uci.go
View File

@ -13,22 +13,25 @@ type Action struct {
// UCI "Object"
type UCI struct {
exec Executor
Wireless *UCIWirelessConf
exec Executor
CustomFirewallFile string
Wireless *UCIWirelessConf
}
// NewUCI return an UCI instance to interact with UCI
func NewUCI() *UCI {
exec := &localExecutor{}
customFWFile := "/etc/"
wireless := &UCIWirelessConf{}
return &UCI{exec, wireless}
return &UCI{exec, customFWFile, wireless}
}
// NewUCIWithExecutor returns a UCI Instance an gives you the ability to provide
// a different command executor than the default one.
func NewUCIWithExecutor(exec Executor) *UCI {
func NewUCIWithExecutor(exec Executor, customFWFile string) *UCI {
wireless := &UCIWirelessConf{}
return &UCI{exec, wireless}
return &UCI{exec, customFWFile, wireless}
}
// uciRun, private method to run the UCI command
@ -157,3 +160,17 @@ func (u *UCI) GetWifiDeviceByName(name string) map[string]string {
}
return nil
}
// Service make restart services via the UCI client possible
func (u *UCI) Service(name string, action string) error {
sys := NewSystemWithExecutor(u.exec)
res := sys.Service(name, action)
if res.ReturnCode != 0 {
return fmt.Errorf("%d - %s - %s - %s",
res.ReturnCode,
res.Command,
res.Stdout,
res.Stderr)
}
return nil
}

6
uci_dhcp_conf_test.go
View File

@ -20,7 +20,7 @@ const (
func TestNetCreateWithDHCP(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
iface := NewUCINetworkInterface(uci)
iface.Name = ifNameDHCP
@ -44,7 +44,7 @@ func TestNetCreateWithDHCP(t *testing.T) {
func TestNetUpdateWithDHCP(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
iface := NewUCINetworkInterface(uci)
iface.Name = ifNameDHCP
@ -80,7 +80,7 @@ func TestNetUpdateWithDHCP(t *testing.T) {
func TestNetDeleteWithDHCP(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
iface := NewUCINetworkInterface(uci)
iface.Name = ifNameDHCP

109
uci_firewall_custom_rules.go Normal file
View File

@ -0,0 +1,109 @@
package owrt
import (
"fmt"
"io/ioutil"
"os"
"strings"
)
// UCIFirewallCustomRule is the description of an Wireless interface (cf Openwrt doc) on top of an Wireless Device
type UCIFirewallCustomRule struct {
Name string
Rule string
UCI *UCI
}
// NewUCIFirewallCustomRule builds a new UCIFirewallCustomRule instance
func NewUCIFirewallCustomRule(client *UCI) *UCIFirewallCustomRule {
return &UCIFirewallCustomRule{
UCI: client,
}
}
// Create add a new firewall rule in UCI Configuration
func (cr *UCIFirewallCustomRule) Create() error {
var file *os.File
customFWFile := cr.UCI.CustomFirewallFile
fmt.Printf("DEBUG %s\n", customFWFile)
_, stErr := os.Stat(customFWFile)
if os.IsNotExist(stErr) {
var err error
file, err = os.Create(customFWFile)
if err != nil {
return err
}
} else {
var oErr error
file, oErr = os.OpenFile(customFWFile, os.O_RDWR, 0644)
if oErr != nil {
return oErr
}
}
defer file.Close()
line := fmt.Sprintf("%s # %s", cr.Rule, cr.Name)
_, err := file.WriteString(line)
return err
}
// Save commit and relaod configuration (writes it to files !)
func (cr *UCIFirewallCustomRule) Save() error {
reload := cr.UCI.Reload()
if reload.ReturnCode != 0 {
return fmt.Errorf("%d - %s - %s - %s",
reload.ReturnCode,
reload.Command,
reload.Stdout,
reload.Stderr)
}
sErr := cr.UCI.Service("firewall", "restart")
return sErr
}
// Delete remove wifi interface from UCI Configuration
func (cr *UCIFirewallCustomRule) Delete() error {
input, err := ioutil.ReadFile(cr.UCI.CustomFirewallFile)
if err != nil {
return err
}
lines := strings.Split(string(input), "\n")
var out []string
for _, line := range lines {
if !strings.Contains(line, cr.Name) {
out = append(out, line)
}
}
output := strings.Join(out, "\n")
err = ioutil.WriteFile(cr.UCI.CustomFirewallFile, []byte(output), 0644)
return err
}
// Update add a new entry for wifi interface in UCI Configuration
func (cr *UCIFirewallCustomRule) Update() error {
input, err := ioutil.ReadFile(cr.UCI.CustomFirewallFile)
if err != nil {
return err
}
lines := strings.Split(string(input), "\n")
var out []string
for _, line := range lines {
if strings.Contains(line, cr.Name) {
nContent := fmt.Sprintf("%s # %s", cr.Rule, cr.Name)
out = append(out, nContent)
} else {
out = append(out, line)
}
}
output := strings.Join(out, "\n")
err = ioutil.WriteFile(cr.UCI.CustomFirewallFile, []byte(output), 0644)
return err
}

71
uci_firewall_custom_rules_test.go Normal file
View File

@ -0,0 +1,71 @@
package owrt
import (
"io/ioutil"
"os"
"strings"
"testing"
)
const (
ruleA = "iptables -A PREROUTING -i br-dds -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.100.10.1:8443"
ruleB = "iptables -A PREROUTING -i br-dds -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.100.10.1:8080"
)
func TestFWCustomRuleCreate(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec, "/tmp/myCustomRuleFile")
_, sErr := os.Stat(uci.CustomFirewallFile)
if os.IsExist(sErr) {
rErr := os.Remove(uci.CustomFirewallFile)
if rErr != nil {
t.Fatal("Error cleaning temporary file")
}
}
custom := NewUCIFirewallCustomRule(uci)
custom.Name = "TestRule"
custom.Rule = ruleA
create := custom.Create()
if create != nil {
t.Fatalf("UCIFirewallCustomRule.Create() failed !\n%s", create.Error())
}
sv := custom.Save()
if sv != nil {
t.Fatalf("%s", sv.Error())
}
}
func TestFWCustomRuleUpdate(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec, "/tmp/myCustomRuleFile")
custom := NewUCIFirewallCustomRule(uci)
custom.Name = "SecondRule"
custom.Rule = ruleB
if cr := custom.Create(); cr != nil {
t.Fatalf("UCIFirewallCustomRule.Create() failed !\n%s", cr.Error())
}
b, err := ioutil.ReadFile(uci.CustomFirewallFile)
if err != nil {
t.Fatalf("%s", err.Error())
}
if !strings.Contains(string(b), ruleB) {
t.Fatalf("Rule is not present in %s file", uci.CustomFirewallFile)
}
custom.Rule = ruleA
if uErr := custom.Update(); uErr != nil {
t.Fatalf("UCIFirewallCustomRule.Update() faild ! %s", uErr.Error())
}
sv := custom.Save()
if sv != nil {
t.Fatalf("%s", sv.Error())
}
}

90
uci_firewall_redirect.go Normal file
View File

@ -0,0 +1,90 @@
package owrt
import (
"fmt"
)
// UCIFirewallRedirect is the description of an Wireless interface (cf Openwrt doc) on top of an Wireless Device
type UCIFirewallRedirect struct {
Name string
Index int
Src string
Dest string
Target string
Proto string
SrcDIP string
SrcDPort string
DestIP string
DestPort string
}
// NewUCIFirewallRedirect builds a new UCIFirewallRedirect instance
func NewUCIFirewallRedirect() *UCIFirewallRedirect {
return &UCIFirewallRedirect{}
}
// Create add a new firewall rule in UCI Configuration
func (rd *UCIFirewallRedirect) Create(uci *UCI) *Action {
confPrefix := fmt.Sprintf("firewall.@redirect[%d]", rd.Index)
conf := make(map[string][]string)
conf["name"] = append(conf["name"], fmt.Sprintf("%s.name", confPrefix), rd.Name)
conf["src"] = append(conf["src"], fmt.Sprintf("%s.src", confPrefix), rd.Src)
conf["target"] = append(conf["target"], fmt.Sprintf("%s.target", confPrefix), rd.Target)
conf["proto"] = append(conf["proto"], fmt.Sprintf("%s.proto", confPrefix), rd.Proto)
conf["src_dip"] = append(conf["src_dip"], fmt.Sprintf("%s.src_dip", confPrefix), rd.SrcDIP)
conf["src_dport"] = append(conf["src_dport"], fmt.Sprintf("%s.src_dport", confPrefix), rd.SrcDPort)
conf["dest_ip"] = append(conf["dest_ip"], fmt.Sprintf("%s.dest_ip", confPrefix), rd.DestIP)
conf["dest_port"] = append(conf["dest_port"], fmt.Sprintf("%s.dest_port", confPrefix), rd.DestPort)
uci.Add("firewall", "redirect")
for _, value := range conf {
if value[1] != "" {
result := uci.Set(value[0], value[1])
if result.ReturnCode != 0 {
return result
}
}
}
return &Action{
CommandResult: &CommandResult{
Stdout: "",
Stderr: "",
ReturnCode: 0,
},
}
}
// Save commit and relaod configuration (writes it to files !)
func (rd *UCIFirewallRedirect) Save(uci *UCI) *Action {
commitRes := uci.Commit()
if commitRes.ReturnCode != 0 {
return commitRes
}
reload := uci.Reload()
return reload
}
// Delete remove wifi interface from UCI Configuration
func (rd *UCIFirewallRedirect) Delete(uci *UCI) *Action {
toDelete := fmt.Sprintf("firewall.@redirect[%d]", rd.Index)
del := uci.Delete(toDelete)
if del.ReturnCode != 0 {
return del
}
return uci.Commit()
}
// Update add a new entry for wifi interface in UCI Configuration
func (rd *UCIFirewallRedirect) Update(uci *UCI) *Action {
rd.Delete(uci)
create := rd.Create(uci)
if create.ReturnCode != 0 {
return create
}
return uci.Commit()
}

83
uci_firewall_redirect_test.go Normal file
View File

@ -0,0 +1,83 @@
package owrt
import (
"testing"
)
const (
redirectName = "Test"
redirectIndex = -1
redirectSrc = "10.10.10.10/24"
redirectTarget = "ACCEPT"
redirectProto = "tcp"
redirectSrcDIP = "1.1.1.1"
redirectSrcDPort = "333"
redirectDestIP = "10.10.10.10"
redirectDestPort = "22"
)
func TestFWRedirectCreate(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec, "")
redirect := NewUCIFirewallRedirect()
redirect.Name = redirectName
redirect.Index = redirectIndex
redirect.Src = redirectSrc
redirect.Target = redirectTarget
redirect.Proto = redirectProto
redirect.SrcDIP = redirectSrcDIP
redirect.SrcDPort = redirectSrcDPort
redirect.DestIP = redirectDestIP
redirect.DestPort = redirectDestPort
if redirect.Create(uci).ReturnCode != 0 {
t.Fatalf("UCIFirewallRedirect.Create() failed !")
}
}
func TestFWRedirectUpdate(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec, "")
redirect := NewUCIFirewallRedirect()
redirect.Name = redirectName
redirect.Index = redirectIndex
redirect.Src = redirectSrc
redirect.Target = redirectTarget
redirect.Proto = redirectProto
redirect.SrcDIP = redirectSrcDIP
redirect.SrcDPort = redirectSrcDPort
redirect.DestIP = redirectDestIP
redirect.DestPort = redirectDestPort
if redirect.Create(uci).ReturnCode != 0 {
t.Fatalf("UCIFirewallRedirect.Create() failed !")
}
redirect.Name = "NewRedirect"
if redirect.Update(uci).ReturnCode != 0 {
t.Fatalf("UCIFirewallRedirect.Update() failed !")
}
}
func TestFWRedirectDelete(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec, "")
redirect := NewUCIFirewallRedirect()
redirect.Name = redirectName
redirect.Index = redirectIndex
redirect.Src = redirectSrc
redirect.Target = redirectTarget
redirect.Proto = redirectProto
redirect.SrcDIP = redirectSrcDIP
redirect.SrcDPort = redirectSrcDPort
redirect.DestIP = redirectDestIP
redirect.DestPort = redirectDestPort
if redirect.Delete(uci).ReturnCode != 0 {
t.Fatalf("UCIWirelessInterface.Delete() failed !")
}
}

83
uci_firewall_rules.go Normal file
View File

@ -0,0 +1,83 @@
package owrt
import (
"fmt"
)
// UCIFirewallRule is the description of an Wireless interface (cf Openwrt doc) on top of an Wireless Device
type UCIFirewallRule struct {
Name string
Index int
Src string
Target string
Proto string
DestPort string
SourcePort string
}
// NewUCIFirewallRule builds a new UCIFirewallRule instance
func NewUCIFirewallRule() *UCIFirewallRule {
return &UCIFirewallRule{}
}
// Create add a new firewall rule in UCI Configuration
func (fw *UCIFirewallRule) Create(uci *UCI) *Action {
confPrefix := fmt.Sprintf("firewall.@rule[%d]", fw.Index)
conf := make(map[string][]string)
conf["name"] = append(conf["network"], fmt.Sprintf("%s.name", confPrefix), fw.Name)
conf["src"] = append(conf["src"], fmt.Sprintf("%s.src", confPrefix), fw.Src)
conf["target"] = append(conf["target"], fmt.Sprintf("%s.target", confPrefix), fw.Target)
conf["proto"] = append(conf["proto"], fmt.Sprintf("%s.proto", confPrefix), fw.Proto)
conf["dest_port"] = append(conf["dest_port"], fmt.Sprintf("%s.dest_port", confPrefix), fw.DestPort)
conf["src_port"] = append(conf["src_port"], fmt.Sprintf("%s.src_port", confPrefix), fw.SourcePort)
uci.Add("firewall", "rule")
for _, value := range conf {
if value[1] != "" {
result := uci.Set(value[0], value[1])
if result.ReturnCode != 0 {
return result
}
}
}
return &Action{
CommandResult: &CommandResult{
Stdout: "",
Stderr: "",
ReturnCode: 0,
},
}
}
// Save commit and relaod configuration (writes it to files !)
func (fw *UCIFirewallRule) Save(uci *UCI) *Action {
commitRes := uci.Commit()
if commitRes.ReturnCode != 0 {
return commitRes
}
reload := uci.Reload()
return reload
}
// Delete remove wifi interface from UCI Configuration
func (fw *UCIFirewallRule) Delete(uci *UCI) *Action {
toDelete := fmt.Sprintf("firewall.@rule[%d]", fw.Index)
del := uci.Delete(toDelete)
if del.ReturnCode != 0 {
return del
}
return uci.Commit()
}
// Update add a new entry for wifi interface in UCI Configuration
func (fw *UCIFirewallRule) Update(uci *UCI) *Action {
fw.Delete(uci)
create := fw.Create(uci)
if create.ReturnCode != 0 {
return create
}
return uci.Commit()
}

75
uci_firewall_rules_test.go Normal file
View File

@ -0,0 +1,75 @@
package owrt
import (
"testing"
)
const (
ruleName = "Test"
ruleIndex = -1
ruleSrc = "10.10.10.10/24"
ruleTarget = "ACCEPT"
ruleProto = "tcp"
ruleDestPort = "80"
ruleSourcePort = "8080"
)
func TestFWRuleCreate(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec, "")
rule := NewUCIFirewallRule()
rule.Name = ruleName
rule.Index = ruleIndex
rule.Src = ruleSrc
rule.Target = ruleTarget
rule.Proto = ruleProto
rule.DestPort = ruleDestPort
rule.SourcePort = ruleSourcePort
if rule.Create(uci).ReturnCode != 0 {
t.Fatalf("UCIFirewallRule.Create() failed !")
}
}
func TestFWRuleUpdate(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec, "")
rule := NewUCIFirewallRule()
rule.Name = ruleName
rule.Index = ruleIndex
rule.Src = ruleSrc
rule.Target = ruleTarget
rule.Proto = ruleProto
rule.DestPort = ruleDestPort
rule.SourcePort = ruleSourcePort
if rule.Create(uci).ReturnCode != 0 {
t.Fatalf("UCIFirewallRule.Create() failed !")
}
rule.Name = "Tutu"
if rule.Update(uci).ReturnCode != 0 {
t.Fatalf("UCIFirewallRule.Update() failed !")
}
}
func TestFWRuleDelete(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec, "")
rule := NewUCIFirewallRule()
rule.Name = ruleName
rule.Index = ruleIndex
rule.Src = ruleSrc
rule.Target = ruleTarget
rule.Proto = ruleProto
rule.DestPort = ruleDestPort
rule.SourcePort = ruleSourcePort
if rule.Delete(uci).ReturnCode != 0 {
t.Fatalf("UCIWirelessInterface.Delete() failed !")
}
}

6
uci_network_interface_test.go
View File

@ -17,7 +17,7 @@ const (
func TestNetCreate(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
iface := NewUCINetworkInterface(uci)
iface.Name = ifName
@ -36,7 +36,7 @@ func TestNetCreate(t *testing.T) {
func TestNetUpdate(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
iface := NewUCINetworkInterface(uci)
iface.Name = ifName
@ -61,7 +61,7 @@ func TestNetUpdate(t *testing.T) {
func TestNetDelete(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
iface := NewUCINetworkInterface(uci)
iface.Name = ifName

14
uci_test.go
View File

@ -8,7 +8,7 @@ import (
func TestUCIAdd(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
res := uci.Add("wireless", "test")
if res.ReturnCode != 0 {
t.Error("Bad Return Code !")
@ -25,7 +25,7 @@ func TestUCIAdd(t *testing.T) {
func TestUCIAddFailed(t *testing.T) {
exec := createMockExecutor("", "BigError", 3)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
res := uci.Add("wireless", "test")
if res.ReturnCode != 3 {
t.Error("Bad Return Code !")
@ -34,7 +34,7 @@ func TestUCIAddFailed(t *testing.T) {
func TestUCIDelete(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
res := uci.Delete("wireless.@wifi-iface[1]")
if res.ReturnCode != 0 {
t.Error("Bad Return Code !")
@ -51,7 +51,7 @@ func TestUCIDelete(t *testing.T) {
func TestUCISet(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
res := uci.Set("wireless.@wifi-iface[1].network", "OrionNetwork")
if res.ReturnCode != 0 {
t.Error("Bad Return Code !")
@ -68,7 +68,7 @@ func TestUCISet(t *testing.T) {
func TestUCICommit(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
res := uci.Commit()
if res.ReturnCode != 0 {
t.Error("Bad Return Code !")
@ -85,7 +85,7 @@ func TestUCICommit(t *testing.T) {
func TestUCIReload(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
res := uci.Reload()
if res.ReturnCode != 0 {
t.Error("Bad Return Code !")
@ -106,7 +106,7 @@ func TestGetWifiIfaceBySSID(t *testing.T) {
t.Fatal(err)
}
exec := createMockExecutor(string(config), "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
uci.LoadWirelessConf()
wifi := uci.GetWifiIfaceBySSID("Pyxis2")
fmt.Printf("%s\n", wifi.Ssid)

4
uci_wireless_conf_test.go
View File

@ -11,7 +11,7 @@ func TestUCIGetWirelessConf(t *testing.T) {
t.Fatal(err)
}
exec := createMockExecutor(string(config), "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
uci.LoadWirelessConf()
if g, e := uci.Wireless.DefaultInterface["Name"], "wifi-iface"; g != e {
t.Fatalf("DefaultDevice.Name is expected to be [%s] and we have [%s]", e, g)
@ -22,7 +22,7 @@ func TestUCIGetWirelessConf(t *testing.T) {
t.Fatal(err)
}
exec = createMockExecutor(string(config), "", 0)
uci = NewUCIWithExecutor(exec)
uci = NewUCIWithExecutor(exec, "")
uci.LoadWirelessConf()
if g, e := uci.Wireless.Interfaces[1].Name, "wifi-iface"; g != e {
t.Fatalf("DefaultDevice.Name is expected to be [%s] and we have [%s]", e, g)

8
uci_wireless_interface_test.go
View File

@ -56,7 +56,7 @@ func TestGetSysDevName(t *testing.T) {
func TestCreate(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
iface := NewUCIWirelessInterface()
iface.Name = ifaceName
@ -75,7 +75,7 @@ func TestCreate(t *testing.T) {
func TestUpdate(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
iface := NewUCIWirelessInterface()
iface.Name = ifaceName
@ -102,7 +102,7 @@ func TestUpdate(t *testing.T) {
func TestDelete(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
iface := NewUCIWirelessInterface()
iface.Name = ifaceName
@ -124,7 +124,7 @@ func TestDelete(t *testing.T) {
func TestConnect(t *testing.T) {
exec := createMockExecutor("", "", 0)
uci := NewUCIWithExecutor(exec)
uci := NewUCIWithExecutor(exec, "")
iface := NewUCIWirelessInterface()
iface.Name = ifaceName