Fix bugs related to parsing rules file and saving rules file

shw_dev
dma 7 years ago
parent 14e1f99b03
commit 6cdb400d32

@ -196,6 +196,7 @@ func (p *prompter) processConnection(pc pendingConnection) {
p.removePolicy(pc.policy()) p.removePolicy(pc.policy())
} }
if fscope == APPLY_FOREVER { if fscope == APPLY_FOREVER {
r.mode = RULE_MODE_PERMANENT
policy.fw.saveRules() policy.fw.saveRules()
} }
dbusp.alertRule("sgfw prompt added new rule") dbusp.alertRule("sgfw prompt added new rule")

@ -52,13 +52,19 @@ func (r *Rule) getString(redact bool) string {
if r.mode == RULE_MODE_SYSTEM { if r.mode == RULE_MODE_SYSTEM {
rmode = "|" + RuleModeString[RULE_MODE_SYSTEM] rmode = "|" + RuleModeString[RULE_MODE_SYSTEM]
} }
if r.mode == RULE_MODE_PERMANENT {
rmode = "|" + RuleModeString[RULE_MODE_PERMANENT]
}
protostr := "" protostr := ""
if r.proto != "tcp" { if r.proto != "tcp" {
protostr = r.proto + ":" protostr = r.proto + ":"
} }
return fmt.Sprintf("%s|%s%s%s", rtype, protostr, r.AddrString(redact), rmode)
rpriv := fmt.Sprintf("|%d:%d", r.uid, r.gid)
return fmt.Sprintf("%s|%s%s%s%s", rtype, protostr, r.AddrString(redact), rmode, rpriv)
} }
func (r *Rule) AddrString(redact bool) string { func (r *Rule) AddrString(redact bool) string {
@ -204,15 +210,20 @@ func (r *Rule) parse(s string) bool {
r.saddr = nil r.saddr = nil
parts := strings.Split(s, "|") parts := strings.Split(s, "|")
if len(parts) < 4 || len(parts) > 5 { if len(parts) < 4 || len(parts) > 5 {
log.Notice("invalid number ", len(parts), " of rule parts in line ", s)
return false return false
} }
if parts[2] == "SYSTEM" { if parts[2] == "SYSTEM" {
r.mode = RULE_MODE_SYSTEM r.mode = RULE_MODE_SYSTEM
} else if parts[2] == "PERMANENT" {
r.mode = RULE_MODE_PERMANENT
} else if parts[2] != "" { } else if parts[2] != "" {
log.Notice("invalid rule mode ", parts[2], " in line ", s)
return false return false
} }
if !r.parsePrivs(parts[3]) { if !r.parsePrivs(parts[3]) {
log.Notice("invalid privs ", parts[3], " in line ", s)
return false return false
} }
@ -222,11 +233,11 @@ func (r *Rule) parse(s string) bool {
r.saddr = net.ParseIP(parts[4]) r.saddr = net.ParseIP(parts[4])
if r.saddr == nil { if r.saddr == nil {
log.Notice("invalid source IP ", parts[4], " in line ", s)
return false return false
} }
} }
return r.parseVerb(parts[0]) && r.parseTarget(parts[1]) return r.parseVerb(parts[0]) && r.parseTarget(parts[1])
} }

Loading…
Cancel
Save