Adding new UCIFirewall struct

This is to manage all Firewall
2018-11-12 09:16:41 +01:00 · 2018-11-12 09:16:41 +01:00 · da4fa533b4
parent b9559bb9f3
commit da4fa533b4
3 changed files with 154 additions and 2 deletions
--- a/uci.go
+++ b/uci.go
@ -16,6 +16,7 @@ type UCI struct {
 	exec               Executor
 	CustomFirewallFile string
 	Wireless           *UCIWirelessConf
+	Firewall           *UCIFirewall
 }

 // NewUCI return an UCI instance to interact with UCI
@ -23,7 +24,8 @@ func NewUCI() *UCI {
 	exec := &localExecutor{}
 	customFWFile := "/etc/"
 	wireless := &UCIWirelessConf{}
-	return &UCI{exec, customFWFile, wireless}
+	firewall := &UCIFirewall{}
+	return &UCI{exec, customFWFile, wireless, firewall}
 }

 // NewUCIWithExecutor returns a UCI Instance an gives you the ability to provide
@ -31,7 +33,8 @@ func NewUCI() *UCI {
 func NewUCIWithExecutor(exec Executor, customFWFile string) *UCI {

 	wireless := &UCIWirelessConf{}
-	return &UCI{exec, customFWFile, wireless}
+	firewall := &UCIFirewall{}
+	return &UCI{exec, customFWFile, wireless, firewall}
 }

 // uciRun, private method to run the UCI command
@ -103,6 +106,13 @@ func (u *UCI) LoadWirelessConf() {
 	u.Wireless.Load()
 }

+// LoadFirewallConf scan UCI configration and load saved firewall rules
+func (u *UCI) LoadFirewallConf() error {
+	fmt.Println("DEBUG ICI ICI ICI ICI !!!")
+	u.Firewall = NewUCIFirewall(u)
+	return u.Firewall.Load()
+}
+
 // GetWifiIface returns the wifi Interface by Index
 func (u *UCI) GetWifiIface(idx int) *UCIWirelessInterface {
 	ifaces := u.Wireless.Interfaces
--- a/uci_firewall.go
+++ b/uci_firewall.go
@ -0,0 +1,119 @@
+package owrt
+
+import (
+	"fmt"
+	"regexp"
+	"strconv"
+	"strings"
+)
+
+// UCIFirewall is the description of the OpenWRT Firewall rules (all types)
+type UCIFirewall struct {
+	UCI       *UCI
+	Rules     map[int]*UCIFirewallRule
+	Redirects map[int]*UCIFirewallRedirect
+	Customs   map[int]*UCIFirewallCustomRule
+}
+
+// NewUCIFirewall builds a new UCIFirewall instance
+func NewUCIFirewall(uci *UCI) *UCIFirewall {
+	return &UCIFirewall{
+		UCI:       uci,
+		Rules:     map[int]*UCIFirewallRule{},
+		Redirects: map[int]*UCIFirewallRedirect{},
+		Customs:   map[int]*UCIFirewallCustomRule{},
+	}
+}
+
+// loadRules loads existing firewall rules
+func (f *UCIFirewall) loadRules() error {
+	var rules = map[int]*UCIFirewallRule{}
+	var lines []string
+
+	matches := map[string]*regexp.Regexp{
+		"Name":     regexp.MustCompile(`@rule\[[0-9]*\].name=`),
+		"Src":      regexp.MustCompile(`@rule\[[0-9]*\].src=`),
+		"Target":   regexp.MustCompile(`@rule\[[0-9]*\].target=`),
+		"Proto":    regexp.MustCompile(`@rule\[[0-9]*\].porto=`),
+		"DestPort": regexp.MustCompile(`@rule\[[0-9]*\].dest_port=`),
+	}
+
+	if f.UCI == nil {
+		return fmt.Errorf("No UCI Client present ... this could not append")
+	}
+
+	firewallRes := f.UCI.uciRun("uci", "show", "firewall")
+	if firewallRes.ReturnCode == 0 {
+		lines = grep(firewallRes.Stdout, "firewall.@rule")
+		//	lines = strings.Split(firewallRes.Stdout, "\n")
+	} else {
+		return fmt.Errorf("%d - %s %s %s",
+			firewallRes.ReturnCode,
+			firewallRes.Command,
+			firewallRes.Stdout,
+			firewallRes.Stdout)
+	}
+
+	for _, li := range lines {
+		var idx int
+		var sIdx string
+
+		if li != "" {
+			sIdx = strings.Split(li, "[")[1]
+			sIdx = strings.Split(sIdx, "]")[0]
+
+			if s, err := strconv.ParseInt(sIdx, 10, 32); err == nil {
+				idx = int(s)
+			}
+		}
+
+		if _, exists := rules[idx]; !exists {
+			rules[idx] = NewUCIFirewallRule(f.UCI)
+			rules[idx].Index = idx
+		}
+
+		for key, expr := range matches {
+			if expr.MatchString(li) {
+				value := strings.Split(li, "=")[1]
+				value = strings.Trim(value, "'")
+				if key == "Name" {
+					fmt.Printf("Setting Name %s for rule #%d\n", value, idx)
+					rules[idx].Name = value
+				}
+				if key == "Src" {
+					rules[idx].Src = value
+				}
+				if key == "Proto" {
+					rules[idx].Proto = value
+				}
+				if key == "DestPort" {
+					rules[idx].DestPort = value
+				}
+				if key == "Target" {
+					rules[idx].Target = value
+				}
+			}
+		}
+	}
+	f.Rules = rules
+	return nil
+}
+
+func (f *UCIFirewall) loadRedirects() error {
+	return nil
+}
+
+func (f *UCIFirewall) loadCustoms() error {
+	return nil
+}
+
+// Load run uci show firewall and creates an nice UCIFirewall Object
+func (f *UCIFirewall) Load() error {
+	if r := f.loadRules(); r != nil {
+		return r
+	}
+	if r := f.loadRedirects(); r != nil {
+		return r
+	}
+	return f.loadCustoms()
+}
--- a/uci_firewall_test.go
+++ b/uci_firewall_test.go
@ -0,0 +1,23 @@
+package owrt
+
+import (
+	"io/ioutil"
+	"testing"
+)
+
+func TestUCILoadFirewall(t *testing.T) {
+	config, err := ioutil.ReadFile("./testdata/uci_show_firewall.txt")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	exec := createMockExecutor(string(config), "", 0)
+	uci := NewUCIWithExecutor(exec, "")
+	if err := uci.LoadFirewallConf(); err != nil {
+		t.Fatalf("%s", err.Error())
+	}
+
+	//if uci.Firewall.Rules[13].Name != "MyTestRule" {
+	//	t.Fatalf("Something is wrong with the last firewall rule")
+	//}
+}