[LEDE-DEV] [PATCH] firewall3: check the return value of fw3_parse_options()

The return value of fw3_parse_options() should be checked and when it fails the section should be skipped. Signed-off-by: Pierre Lebleu --- defaults.c |6 +- forwards.c |7 ++- includes.c |7 ++- ipsets.c |7 ++- zones.c|7 ++- 5 files changed, 29

[LEDE-DEV] [PATCH 4/7] firewall3: add UBUS support for forwarding sections

It gives the ability to create forward rules via procd services and netifd interface firewall data. Signed-off-by: Pierre Lebleu --- forwards.c | 68 +++- forwards.h |9 +--- main.c |2 +- 3 files changed, 61 insertions

[LEDE-DEV] [PATCH 1/7] firewall3: check the return value of fw3_parse_options()

The return value of fw3_parse_options() should be checked and when it fails the section should be skipped. Signed-off-by: Pierre Lebleu --- defaults.c |6 +- forwards.c |7 ++- includes.c |7 ++- ipsets.c |7 ++- zones.c|7 ++- 5 files changed, 29

[LEDE-DEV] [PATCH 2/7] firewall3: do not use a wrong pointer in the warn() function

In the function fw3_load_rules(), warm_elem() used a pointer to an UCI section which was not valid anymore. Signed-off-by: Pierre Lebleu --- rules.c | 31 --- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/rules.c b/rules.c index 8f232d3..a1b154d

[LEDE-DEV] [PATCH 6/7] firewall3: add UBUS support for include scripts

It gives the ability to include scripts via procd services and netifd interface firewall data. Signed-off-by: Pierre Lebleu --- includes.c | 64 +--- includes.h |9 ++--- main.c |2 +- 3 files changed, 60 insertions

[LEDE-DEV] [PATCH 3/7] firewall3: add UBUS support for redirect sections

It gives the ability to create redirect rules via procd services and netifd interface firewall data. Signed-off-by: Pierre Lebleu --- main.c |2 +- redirects.c | 108 ++- redirects.h | 10 -- 3 files changed, 85 insertions

[LEDE-DEV] [PATCH 5/7] firewall3: add UBUS support for ipset sections

It gives the ability to create ipset rules via procd services and netifd interface firewall data. Signed-off-by: Pierre Lebleu --- ipsets.c | 83 +++--- ipsets.h | 11 + main.c |2 +- 3 files changed, 65 insertions(+), 31

[LEDE-DEV] [PATCH 7/7] firewall3: display the section type for UBUS rules

It gives the ability to display the section type for rules pushed via procd services and netifd interface firewall data. Signed-off-by: Pierre Lebleu --- ubus.c | 24 +--- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/ubus.c b/ubus.c index f353d01..dd1075f

Re: [LEDE-DEV] [PATCH 5/7] firewall3: add UBUS support for ipset sections

;> Op 2 mei 2017, om 18:43 heeft Philip Prindeville >>> het volgende geschreven: >>> >>> >>>> On May 2, 2017, at 6:15 AM, Pierre Lebleu wrote: >>>> >>>> Hi Philip, >>>> >>>> 2017-04-29 3:11 GMT+02:00 Philip Prindevil

Re: [LEDE-DEV] [PATCH 6/7] firewall3: add UBUS support for include scripts

2017-04-29 3:13 GMT+02:00 Philip Prindeville : > Inline… > > >> On Apr 20, 2017, at 10:05 AM, Pierre Lebleu wrote: >> >> It gives the ability to include scripts via procd >> services and netifd interface firewall data. >> >> Signed-off-b

[LEDE-DEV] Build dependencies issue

Hi all, When I try to compile "openssh-server-without-pam", the build system tries to compile the "libpam" first and then compile my target without using this library. $ make package/openssh/{clean,compile} make[1] package/openssh/clean make[2] -C feeds/packages/net/openssh clean make[2] -C fe

Re: [LEDE-DEV] [PATCH][RFC] procd: service: add data within the service itself

service is called "*". 2017-10-04 12:50 GMT+02:00 : > From: Pierre Lebleu > > It gives the ability to create firewall data within the > service itself rather than within an instance. > > Signed-off-by: Pierre Lebleu >

Re: [LEDE-DEV] [PATCH] procd: service_handle_set() should use SERVICE_SET_NAME rather than SERVICE_ATTR_NAME

2017-10-04 12:54 GMT+02:00 Mathias Kresin : > 2017-10-04 12:49 GMT+02:00 : >> From: Pierre Lebleu >> > > ^^^ and here should be an explanation why SERVICE_SET_NAME should be > used in favour of SERVICE_ATTR_NAME. The SERVICE_SET_NAME belongs to enum SERVICE_SET_XXX

[LEDE-DEV] [PATCH] service: fix service_handle_event array

The array concerning the "config.change" is __VALIDATE_MAX length, not __DATA_MAX length. Signed-off-by: Pierre Lebleu --- service/service.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service/service.c b/service/service.c index f425c0a..45cb9aa 100644 ---

Re: [LEDE-DEV] [PATCH][RFC] procd: service: add data within the service itself

"dest_port": "", "target": "DROP" }, { "type": "rule", "src": "wan

[LEDE-DEV] [PATCH] firewall3: ubus: parse the firewall data within the service itself

It gives the ability to create firewall rules within the service itself and independently of the instances. Signed-off-by: Pierre Lebleu --- ubus.c | 97 +- 1 file changed, 54 insertions(+), 43 deletions(-) diff --git a/ubus.c b

[LEDE-DEV] [PATCH] procd: service_data: Support data within the service itself

Use the same approach than the service_triggers for the service_data. Signed-off-by: Pierre Lebleu --- package/base-files/files/etc/rc.common | 4 package/system/procd/files/procd.sh| 15 +++ 2 files changed, 19 insertions(+) diff --git a/package/base-files/files/etc

[LEDE-DEV] [PATCH v2][RFC] procd: service: add data within the service itself

It gives the ability to create data within the service itself. Change since v1: - dump the data inside the service rather than in a "*" instance. Signed-off-by: Pierre Lebleu --- service/service.c | 44 +--- service/service.h | 3 +++ 2 fil

[LEDE-DEV] [PATCH v2] firewall3: ubus: parse the firewall data within the service itself

It gives the ability to create firewall rules within the service itself and independently of the instances. Changes since v1: - align coding style - if no instance is given (within the service), do not write it Signed-off-by: Pierre Lebleu --- ubus.c | 99

[LEDE-DEV] [PATCH] service: fix calls to blobmsg_parse()

We should use blobmsg_data() rather than blob_data() and blobmsg_data_len() rather than blob_len(). Signed-off-by: Pierre Lebleu --- service/service.c | 20 ++-- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/service/service.c b/service/service.c index ce730bc

[LEDE-DEV] [PATCH] service: add data within the service itself

It gives the ability to create firewall data within the service itself. Change since v1: - dump the data inside the service rather than in a "*" instance. Change since v2: - remove the fix concerning the blobmsg_parse() - rename the firewall field to data_blob Signed-off-by: Pie

[LEDE-DEV] [PATCH] dropbear: automatically add firewall rules based on the config

ear[lan] rule 0" -j ACCEPT iptables -t filter -A zone_wan_input -p tcp -s 1.2.3.4/255.255.255.255 -m tcp --dport 2223 -m comment --comment "!fw3: ubus:dropbear[wan] rule 0" -j ACCEPT Signed-off-by: Pierre Lebleu --- package/network/services/dropbear/files/dropbear.init | 47

[LEDE-DEV] [PATCH v2] dropbear: automatically add firewall rules based on the config

An extra option (AllowedClientIPs:list) is available to allow specific clients to use this service. v2: do not create the firewall data if there is no valid interface. Signed-off-by: Pierre Lebleu --- .../network/services/dropbear/files/dropbear.init | 49 -- 1 file

[LEDE-DEV] [PATCH 1/2] helpers: make the proto field as a list rather than one option

option description 'SIP VoIP connection tracking' option module 'nf_conntrack_sip' option family 'any' option proto 'tcpudp' option port '5060' Signed-off-by: Pierre Lebleu --- helpers.c | 56 ++

[LEDE-DEV] [PATCH 2/2] helpers.conf: support also tcp in the CT sip helper

Signed-off-by: Pierre Lebleu --- helpers.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helpers.conf b/helpers.conf index 5591a8f..b8ae857 100644 --- a/helpers.conf +++ b/helpers.conf @@ -67,7 +67,7 @@ config helper option description 'SIP VoIP conne

[LEDE-DEV] [PATCH] helpers: fix the set_helper in the rule structure

The set_helper field has to be set by set_helper and not helper. Signed-off-by: Pierre Lebleu --- rules.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rules.c b/rules.c index ea66771..f6b6044 100644 --- a/rules.c +++ b/rules.c @@ -33,7 +33,7 @@ const struct fw3_option