sad/firehol
1
0
Fork 0
mirror of https://github.com/firehol/firehol.git synced 2024-06-28 18:02:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Extract common functions to functions.common.sh

Browse Source 
Version number detection, command detection, terminal setup and a few
other bits have moved.

The processed (not .in) scripts will look for it in e.g. /usr/local/lib/firehol
or wherever the system will install it. The .in scripts will look for it in
their own directory.

Updated the configure system so that it correctly replaces paths rather
via the Makefile rather than trying to subsitute NONE in configire.ac.

Extracted all of the configure-time command substitutions to a single
sed file which is used to process the script.in files. Extended the
package checks to cover this file.
This commit is contained in:
Philip Whineray 2015-11-25 23:05:05 +00:00
parent d2c85854a0
commit 2c9a2d4000
18 changed files with 614 additions and 1128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -29,6 +29,7 @@ doc/apa*.html
doc/services-?.xml
doc/service-links
doc/tools/pandoc-post
sbin/commands.sed
sbin/firehol
sbin/fireqos
sbin/link-balancer

10
configure.ac
View File

@ -114,9 +114,6 @@ else
fi
fi
FIREHOL_CONFIG_DIR=$(eval echo "$sysconfdir/firehol" | sed -e 's|^NONE|/usr/local|')
AC_SUBST(FIREHOL_CONFIG_DIR)
PATH=$PATH:/sbin:/usr/sbin:/usr/local/sbin:/usr/local/bin
if test x"$USE_MAINTAINER_MODE" = xno; then
@ -316,6 +313,7 @@ AC_SUBST(AUTOCONF_RUN)
AC_CONFIG_FILES([
Makefile
sbin/Makefile
sbin/commands.sed
m4/Makefile
doc/Makefile
doc/firehol/Makefile
@ -329,10 +327,4 @@ AC_CONFIG_FILES([
packaging/Makefile
])
AC_CONFIG_FILES([sbin/firehol], [chmod +x sbin/firehol])
AC_CONFIG_FILES([sbin/fireqos], [chmod +x sbin/fireqos])
AC_CONFIG_FILES([sbin/link-balancer], [chmod +x sbin/link-balancer])
AC_CONFIG_FILES([sbin/update-ipsets], [chmod +x sbin/update-ipsets])
AC_CONFIG_FILES([sbin/vnetbuild], [chmod +x sbin/vnetbuild])
AC_OUTPUT

1
doc/fireqos/Makefile.am
View File

@ -19,6 +19,7 @@ MANUALMAN_GENERATED = \
man/man1/fireqos.1 \
man/man5/fireqos-class.5 \
man/man5/fireqos-conf.5 \
man/man5/fireqos-dscp.5 \
man/man5/fireqos-interface.5 \
man/man5/fireqos-match.5 \
man/man5/fireqos-params.5 \

2
html/ipsets/Makefile.am
View File

@ -24,5 +24,5 @@ EXTRA_DIST = \
$(ipsetsweb_DATA)
uninstall-local:
@-rmdir --ignore-fail-on-non-empty $(DESTDIR)$(webdir)
@-rmdir --ignore-fail-on-non-empty $(DESTDIR)$(ipsetswebdir)
@-rmdir --ignore-fail-on-non-empty $(DESTDIR)$(ipsetsdir)

2
packaging/check-contents
View File

@ -46,4 +46,4 @@ diff -r "$1" $MYTMP/unpack/* | grep "^Only" | sed \
-e '/: firehol.*\.tar\.\(gz\|bz2\|xz\)$/d' \
-e '/: unittest$/d' \
-e '/sbin: \(firehol\|fireqos\|link-balancer\)$/d' \
-e '/sbin: \(update-ipsets\|vnetbuild\)$/d'
-e '/sbin: \(update-ipsets\|vnetbuild\|commands.sed\)$/d'

7
packaging/check-files
View File

@ -96,6 +96,13 @@ do
sbin/Makefile.in)
:
;;
configure.ac|sbin/commands.sed.in)
check_commands sbin/firehol.in || status=1
check_commands sbin/fireqos.in || status=1
check_commands sbin/link-balancer.in || status=1
check_commands sbin/update-ipsets.in || status=1
check_commands sbin/vnetbuild.in || status=1
;;
sbin/*.in)
check_commands $filename || status=1
;;

28
packaging/check-files.functions
View File

@ -46,8 +46,19 @@ check_version_matches() {
check_commands() {
local status=0
touch $MYTMP/commands-checked
if grep -q -F -z "$1" $MYTMP/commands-checked
then
# Only check a file once - an edit to some files checks multiple
return 0
else
echo "$1" >> $MYTMP/commands-checked
fi
get_staged_file $1
get_staged_file configure.ac
get_staged_file sbin/commands.sed.in
get_staged_file sbin/functions.common.sh
# Find commands that have been enclosed in quotes and remove anything after
# if nothing matched the substitution, proceed to the next line
@ -79,7 +90,7 @@ check_commands() {
# proceed to next line if command starts with a dollar
# proceed to next line if command ends with equals (assignment)
# print line number
sed -n -e '/^[YN]|/b' -e '/require_cmd/b' \
sed -n -e '/^ *[YN]|/b' -e '/require_cmd/b' \
-e 's/^/ /' -e 's/$/ /' -e T \
-e 's/.*\(..\<[A-Z0-9_]*_CMD..\).*/\1/' -e T \
-e 's/[{}]//' \
@ -94,11 +105,11 @@ check_commands() {
cat $MYTMP/errors
fi
grep "^[YN]|" $MYTMP/files/$1 > $MYTMP/commands-defined
sed -n -e "s/^ *[YN]|//p" $MYTMP/files/$1 > $MYTMP/commands-defined
for cmd in $(tr " " "\n" < $MYTMP/files/$1 |
sed -n -e 's/.*\(\<[A-Z0-9_]*\)_CMD.*/\1/p' | sort | uniq)
do
if ! grep -q "^[YN]|${cmd}_CMD|" $MYTMP/commands-defined
if ! grep -q "^${cmd}_CMD|" $MYTMP/commands-defined
then
status=1
echo "Missing definition of $cmd in $1 detection table."
@ -114,12 +125,17 @@ check_commands() {
fi
done
while IFS="|" read yn cmd rest
while IFS="|" read cmd subst defaults
do
if ! grep -q "\${*$cmd" $MYTMP/files/$1
if ! grep -q "\${*$cmd" $MYTMP/files/$1 $MYTMP/files/sbin/*.sh
then
status=1
echo "$cmd detected but never used in $1"
echo "$cmd detected but never used in $1 or function libraries"
fi
if ! grep -q "#$subst#" $MYTMP/files/sbin/commands.sed.in
then
status=1
echo "$cmd detected but $subst never substituted by sbin/commands.sed.in"
fi
done < $MYTMP/commands-defined

2
packaging/detect-cmd.pl
View File

@ -39,7 +39,7 @@ sub printit {
my $case = 0;
my $case_start = 0;
while (<>) {
next if (/^[YN]\|/); # Skip command tables
next if (/^\t*[YN]\|/); # Skip command tables
next if (/^[[:space:]]*$/); # Skip blank lines
next if (/^[[:space:]]#/); # Skip pure comments for efficiency
next if (/`which .*head/); # Skip special case - initial command detection

2
packaging/gen-config-detect.pl
View File

@ -22,7 +22,7 @@ while (<>) {
my $required;
my $conf_cmd;
my $options;
if (/^([YN])[|][^|]+[|]@([^|]+)@[|](.*)/) {
if (/^\t*([YN])[|][^|]+[|]@([^|]+)@[|](.*)/) {
$required = $1;
$conf_cmd = $2;
$options = $3;

40
sbin/Makefile.am
View File

@ -1,5 +1,37 @@
# Process this file with automake to produce Makefile.in
scriptsin = \
firehol.in \
fireqos.in \
link-balancer.in \
update-ipsets.in \
vnetbuild.in
inclibdir = $(libdir)/firehol
SUFFIXES = .in
.in:
if [ "$@" = "commands.sed.in" ]; then \
true; \
elif sed \
-e '/^# Start defaults before configure/,/^# End/d' \
-e 's#[$$]prefix_POST#$(prefix)#g' \
-e 's#[$$]bindir_POST#$(bindir)#g' \
-e 's#[$$]libdir_POST#$(libdir)/firehol#g' \
-e 's#[$$]localstatedir_POST#$(localstatedir)#g' \
-e 's#[$$]sysconfdir_POST#$(sysconfdir)#g' \
-f commands.sed \
$< > $@.tmp; then \
mv "$@.tmp" "$@"; \
chmod 755 "$@"; \
else \
rm -f "$@.tmp"; \
false; \
fi
inclib_DATA = \
functions.common.sh
scripts =
if ENABLE_FIREHOL
scripts += firehol
@ -22,3 +54,11 @@ scripts += vnetbuild
endif
sbin_SCRIPTS = $(scripts)
EXTRA_DIST = \
commands.sed.in \
$(scriptsin) \
$(inclib_DATA)
uninstall-local:
@-rmdir --ignore-fail-on-non-empty $(DESTDIR)$(inclibdir)

72
sbin/commands.sed.in Normal file
View File

@ -0,0 +1,72 @@
s#[@]BRIDGE@#@BRIDGE@#g
s#[@]CAT@#@CAT@#g
s#[@]CHMOD@#@CHMOD@#g
s#[@]CHOWN@#@CHOWN@#g
s#[@]CP@#@CP@#g
s#[@]CURL@#@CURL@#g
s#[@]CUT@#@CUT@#g
s#[@]DATE@#@DATE@#g
s#[@]DIFF@#@DIFF@#g
s#[@]DIRNAME@#@DIRNAME@#g
s#[@]EGREP@#@EGREP@#g
s#[@]ENV@#@ENV@#g
s#[@]EXPR@#@EXPR@#g
s#[@]FIND@#@FIND@#g
s#[@]FLOCK@#@FLOCK@#g
s#[@]FOLD@#@FOLD@#g
s#[@]FUNZIP@#@FUNZIP@#g
s#[@]GAWK@#@GAWK@#g
s#[@]GIT@#@GIT@#g
s#[@]GREP@#@GREP@#g
s#[@]HEAD@#@HEAD@#g
s#[@]HOSTNAMECMD@#@HOSTNAMECMD@#g
s#[@]IP6TABLES@#@IP6TABLES@#g
s#[@]IP6TABLES_RESTORE@#@IP6TABLES_RESTORE@#g
s#[@]IP6TABLES_SAVE@#@IP6TABLES_SAVE@#g
s#[@]IP@#@IP@#g
s#[@]IPRANGE@#@IPRANGE@#g
s#[@]IPSET@#@IPSET@#g
s#[@]IPTABLES@#@IPTABLES@#g
s#[@]IPTABLES_RESTORE@#@IPTABLES_RESTORE@#g
s#[@]IPTABLES_SAVE@#@IPTABLES_SAVE@#g
s#[@]JQ@#@JQ@#g
s#[@]LN@#@LN@#g
s#[@]LOGGER@#@LOGGER@#g
s#[@]LS@#@LS@#g
s#[@]LSMOD@#@LSMOD@#g
s#[@]MKDIR@#@MKDIR@#g
s#[@]MKTEMP@#@MKTEMP@#g
s#[@]MODPROBE@#@MODPROBE@#g
s#[@]MORE@#@MORE@#g
s#[@]MV@#@MV@#g
s#[@]NEATO@#@NEATO@#g
s#[@]NFACCT@#@NFACCT@#g
s#[@]PING6@#@PING6@#g
s#[@]PING@#@PING@#g
s#[@]RENICE@#@RENICE@#g
s#[@]RMMOD@#@RMMOD@#g
s#[@]RM@#@RM@#g
s#[@]SCREEN@#@SCREEN@#g
s#[@]SED@#@SED@#g
s#[@]SEQ@#@SEQ@#g
s#[@]SH@#@SH@#g
s#[@]SLEEP@#@SLEEP@#g
s#[@]SORT@#@SORT@#g
s#[@]SS@#@SS@#g
s#[@]STTY@#@STTY@#g
s#[@]SYSCTL@#@SYSCTL@#g
s#[@]TAIL@#@TAIL@#g
s#[@]TAR@#@TAR@#g
s#[@]TCPDUMP@#@TCPDUMP@#g
s#[@]TC@#@TC@#g
s#[@]TOUCH@#@TOUCH@#g
s#[@]TPUT@#@TPUT@#g
s#[@]TRACEROUTE@#@TRACEROUTE@#g
s#[@]TR@#@TR@#g
s#[@]UNAME@#@UNAME@#g
s#[@]UNIQ@#@UNIQ@#g
s#[@]UNZIP@#@UNZIP@#g
s#[@]WC@#@WC@#g
s#[@]WGET@#@WGET@#g
s#[@]WHOIS@#@WHOIS@#g
s#[@]ZCAT@#@ZCAT@#g

302
sbin/firehol.in
View File

@ -25,8 +25,6 @@
# See the file COPYING for details.
#
#set -x -v
if [ $(( ${BASH_VERSINFO[0]} )) -lt 4 ]
then
echo >&2
@ -38,61 +36,33 @@ then
exit 1
fi
get_version() {
GIT_REF='$Format:%d,commit-%h$'
local IFS=":(), "
set -- "$GIT_REF"
ver='$Id$'
for i in ${@}
do
case "$i" in
*[0-9].[0-9]*)
echo "$i" | $SED_CMD -e 's/^v//'
return 0
;;
commit-[0-9a-zA-Z]*)
ver="$i"
;;
esac
done
echo "$ver"
return 0
}
emit_version() {
${CAT_CMD} <<EOF
FireHOL $VERSION
(C) Copyright 2003-2015 Costa Tsaousis <costa@tsaousis.gr>
(C) Copyright 2012-2015 Phil Whineray <phil@firehol.org>
FireHOL is distributed under the GPL v2+.
Home Page: http://firehol.org
-------------------------------------------------------------------------
Get notified of new FireHOL releases by subscribing to the mailing list:
http://lists.firehol.org/mailman/listinfo/firehol-support/
-------------------------------------------------------------------------
EOF
}
# Make sure only root can run us.
if [ ! "${UID}" = 0 ]
then
echo >&2
echo >&2 "ERROR:"
echo >&2 "Only user root can run FireHOL."
echo >&2
exit 1
fi
# Remember who you are.
PROGRAM_FILE="${0}"
declare -a FIREHOL_ORIGINAL_ARGS=("${@}")
FIREHOL_DEFAULT_WORKING_DIRECTORY="${PWD}"
PROGRAM_DIR="${0%/*}"
if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi
PROGRAM_PWD="${PWD}"
declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
# Make sure we don't get localized results
export LC_ALL=C
# Start defaults before configure
prefix_POST=/usr
sysconfdir_POST=/etc
localstatedir_POST=/var
libdir_POST=$PROGRAM_DIR
# End defaults before configure
for functions_file in $libdir_POST/functions.common.sh
do
if [ -r $functions_file ]
then
source $functions_file
else
1>&2 echo "Cannot access $functions_file"
exit 1
fi
done
FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol"
common_disable_localization || exit
common_private_umask || exit
common_require_root || exit
# ------------------------------------------------------------------------------
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
@ -856,150 +826,7 @@ fi
# XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
# ------------------------------------------------------------------------------
# Load commands FireHOL will need.
which_cmd() {
local name="$1"
shift
if [ "$1" = ":" ]
then
eval $name=":"
return 0
fi
unalias $1 >/dev/null 2>&1
local cmd=`which $1 2>/dev/null | head -n 1`
if [ $? -gt 0 -o ! -x "${cmd}" ]
then
return 1
fi
shift
if [ $# -eq 0 ]
then
eval $name="'${cmd}'"
else
eval $name="'${cmd} ${@}'"
fi
return 0
}
require_cmd() {
local var= val= block=1
if [ "$1" = "-n" ]
then
block=0
shift
fi
var="$1"
shift
eval val=\$\{${var}\}
if [ "${val}" ]
then
local cmd="${val/ */}"
if [ ! -x "$cmd" ]
then
echo >&2
if [ $block -eq 0 ]
then
echo >&2 "WARNING: optional command does not exist or is not executable ($cmd)"
echo >&2 "please add or correct $var in firehol-defaults.conf"
val=""
else
echo >&2 "ERROR: required command does not exist or is not executable ($cmd)"
echo >&2 "please add or correct $var in firehol-defaults.conf"
exit 1
fi
fi
return 0
elif [ $block -eq 0 ]
then
eval set -- "$@"
for cmd in "$@"
do
eval "NEED_${var}"="\$NEED_${var}' ${cmd/ */}'"
done
return 0
fi
if [ $# -eq 0 ]
then
eval set -- "\$NEED_${var}"
fi
echo >&2
echo >&2 "ERROR: FIREHOL REQUIRES ONE OF THESE COMMANDS:"
echo >&2
echo >&2 " ${@}"
echo >&2
echo >&2 " You have requested the use of a FireHOL"
echo >&2 " feature that requires certain external programs"
echo >&2 " to be installed in the running system."
echo >&2
echo >&2 " Please consult your Linux distribution manual to"
echo >&2 " install the package(s) that provide these external"
echo >&2 " programs and retry."
echo >&2
echo >&2 " Note that you need an operational 'which' command"
echo >&2 " for FireHOL to find all the external programs it"
echo >&2 " needs. Check it yourself. Run:"
echo >&2
for x in "${@}"
do
echo >&2 " which $x"
done
exit 1
}
which_all() {
local cmd_var="$1"
eval set -- "$2"
for cmd in "$@"
do
which_cmd $cmd_var $cmd && break
done
}
# Where required = Y, if a command is not found, FireHOL will refuse to run.
# Where required = N, the command only required when it is actually used
#
# If a command is specified in /etc/firehol/firehol-defaults.conf it will
# be used. Otherwise, if the script has been configured with ./configure
# the detected versions will be used. If the script has not been configured
# then the list of possible commands is autodetected.
while IFS="|" read required cmd_var autoconf possibles
do
if [ "@AUTOCONF_RUN@" = "Y" ]
then
case "$autoconf" in
"@"*) autoconf=""; ;;
esac
fi
eval set_in_defaults=\"\$$cmd_var\"
if [ "$set_in_defaults" ]
then
:
elif [ "@AUTOCONF_RUN@" = "Y" -a ! -z "$autoconf" ]
then
eval $cmd_var=\"$autoconf\"
else
dirname="${0%/*}"
if [ "$dirname" = "$0" ]; then dirname="."; fi
PATH="/bin:/usr/bin:/sbin:/usr/sbin:$PATH:$dirname" which_all $cmd_var "$possibles"
fi
if [ "$required" = "Y" ]
then
require_cmd $cmd_var $possibles
else
require_cmd -n $cmd_var $possibles
fi
done <<-!
common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-!
Y|CAT_CMD|@CAT@|cat
Y|CUT_CMD|@CUT@|cut
Y|CHOWN_CMD|@CHOWN@|chown
@ -1049,42 +876,34 @@ Y|WC_CMD|@WC@|wc
Y|CP_CMD|@CP@|cp
Y|SLEEP_CMD|@SLEEP@|sleep
!
status=$?
test $status -eq 0 || exit $status
VERSION=$(get_version)
VERSION=$(common_get_version '$Id$')
emit_version() {
${CAT_CMD} <<EOF
FireHOL $VERSION
(C) Copyright 2003-2015 Costa Tsaousis <costa@tsaousis.gr>
(C) Copyright 2012-2015 Phil Whineray <phil@firehol.org>
FireHOL is distributed under the GPL v2+.
Home Page: http://firehol.org
-------------------------------------------------------------------------
Get notified of new FireHOL releases by subscribing to the mailing list:
http://lists.firehol.org/mailman/listinfo/firehol-support/
-------------------------------------------------------------------------
EOF
}
RUNNING_ON_TERMINAL=0
if [ "z$1" = "z-nc" ]
then
shift
elif [ ! -z "$TPUT_CMD" ]
then
test -t 2 && RUNNING_ON_TERMINAL=1
if [ -t 2 -a $[$($TPUT_CMD colors 2>/dev/null)] -ge 8 ]
then
# Enable colors
COLOR_RESET="\e[0m"
COLOR_BLACK="\e[30m"
COLOR_RED="\e[31m"
COLOR_GREEN="\e[32m"
COLOR_YELLOW="\e[33m"
COLOR_BLUE="\e[34m"
COLOR_PURPLE="\e[35m"
COLOR_CYAN="\e[36m"
COLOR_WHITE="\e[37m"
COLOR_BGBLACK="\e[40m"
COLOR_BGRED="\e[41m"
COLOR_BGGREEN="\e[42m"
COLOR_BGYELLOW="\e[43m"
COLOR_BGBLUE="\e[44m"
COLOR_BGPURPLE="\e[45m"
COLOR_BGCYAN="\e[46m"
COLOR_BGWHITE="\e[47m"
COLOR_BOLD="\e[1m"
COLOR_DIM="\e[2m"
COLOR_UNDERLINED="\e[4m"
COLOR_BLINK="\e[5m"
COLOR_INVERTED="\e[7m"
fi
else
common_setup_terminal && RUNNING_ON_TERMINAL=1
fi
# disable the spinner when we don't run on a terminal
@ -1176,9 +995,6 @@ firehol_concurrent_run_lock() {
return 0
}
# Make sure our generated files cannot be accessed by anyone else.
umask 077
# Be nice on production environments
${RENICE_CMD} 10 $$ >/dev/null 2>/dev/null
@ -3365,7 +3181,7 @@ do
fi
fi
done
cd "${FIREHOL_DEFAULT_WORKING_DIRECTORY}" || exit 1
cd "${PROGRAM_PWD}" || exit 1
# ------------------------------------------------------------------------------
@ -4479,7 +4295,7 @@ FIREHOL_TPROXY_IP_ROUTE_TABLE="241"
FIREHOL_TPROXY_ROUTE_DEVICE="lo"
tproxy_setup_ip_route() {
require_cmd IP_CMD
common_require_cmd $PROGRAM_FILE IP_CMD
local x=
for x in inet inet6
@ -6202,7 +6018,7 @@ fi
if [ -z "${KERNEL_CONFIG}" -a -f "/proc/config.gz" ]
then
KERNEL_CONFIG="/proc/config.gz"
require_cmd ZCAT_CMD
common_require_cmd $PROGRAM_FILE ZCAT_CMD
${ZCAT_CMD} /proc/config.gz >"${FIREHOL_DIR}/kcfg" || KERNEL_CONFIG=
fi
@ -6370,7 +6186,7 @@ load_kernel_module() {
done
LOADED_KERNEL_MODULES="${LOADED_KERNEL_MODULES} ${mod}"
require_cmd MODPROBE_CMD
common_require_cmd $PROGRAM_FILE MODPROBE_CMD
${MODPROBE_CMD} ${mod}
if [ $? -gt 0 -a $? -ne 17 ] # 17: insmod, already loaded
then
@ -11253,10 +11069,10 @@ fi
if [ "${FIREHOL_MODE}" = "WIZARD" ]
then
# require commands for wizard mode
require_cmd IP_CMD
require_cmd SS_CMD
require_cmd DATE_CMD
require_cmd HOSTNAME_CMD
common_require_cmd $PROGRAM_FILE IP_CMD
common_require_cmd $PROGRAM_FILE SS_CMD
common_require_cmd $PROGRAM_FILE DATE_CMD
common_require_cmd $PROGRAM_FILE HOSTNAME_CMD
wizard_ask() {
local prompt="${1}" def="${2}" ans= c= t=
@ -12233,8 +12049,8 @@ fi
if [ -n "$WAIT_FOR_IFACE" ]
then
require_cmd DATE_CMD
require_cmd IP_CMD
common_require_cmd $PROGRAM_FILE DATE_CMD
common_require_cmd $PROGRAM_FILE IP_CMD
for i in "$WAIT_FOR_IFACE"
do
wait_for_interface $i
@ -12468,7 +12284,7 @@ then
echo >&2 "activation disabled, like this:"
echo >&2
printf >&2 "${PROGRAM_FILE} nofast "
printf >&2 "%q " "${FIREHOL_ORIGINAL_ARGS[@]}"
printf >&2 "%q " "${PROGRAM_ORIGINAL_ARGS[@]}"
printf >&2 "\n"
fi

248
sbin/fireqos.in
View File

@ -35,49 +35,41 @@ then
exit 1
fi
PROGRAM_FILE="${0}"
PROGRAM_DIR="${0%/*}"
if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi
PROGRAM_PWD="${PWD}"
declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
# Start defaults before configure
prefix_POST=/usr
sysconfdir_POST=/etc
localstatedir_POST=/var
libdir_POST=$PROGRAM_DIR
# End defaults before configure
for functions_file in $libdir_POST/functions.common.sh
do
if [ -r $functions_file ]
then
source $functions_file
else
1>&2 echo "Cannot access $functions_file"
exit 1
fi
done
FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol"
common_disable_localization || exit
common_public_umask || exit
common_require_root || exit
# make sure sbin is included in the path
# it seems that pppd ip-up.d script need this
export PATH="$PATH:/sbin:/usr/sbin:/usr/local/sbin"
get_version() {
GIT_REF='$Format:%d,commit-%h$'
local IFS=":(), "
set -- "$GIT_REF"
ver='$Id$'
for i in $@
do
case "$i" in
*[0-9].[0-9]*)
echo "$i" | $SED_CMD -e 's/^v//'
return 0
;;
commit-[0-9a-zA-Z]*)
ver="$i"
;;
esac
done
echo "$ver"
return 0
}
# Make sure we don't get localized results
export LC_ALL=C
# let everyone read our status info
umask 022
PROGRAM_FILE="$0"
# enabled extended pattern matching in bash
shopt -s extglob
if [ "@AUTOCONF_RUN@" = "Y" ]
then
FIREHOL_CONFIG_DIR="@FIREHOL_CONFIG_DIR@"
else
FIREHOL_CONFIG_DIR="/etc/firehol"
fi
FIREQOS_SYSLOG_FACILITY="daemon"
FIREQOS_CONFIG=/etc/firehol/fireqos.conf
FIREQOS_LOCK_FILE=/var/run/fireqos.lock
@ -126,150 +118,7 @@ then
source "${FIREHOL_CONFIG_DIR}/firehol-defaults.conf" || exit 1
fi
# Load commands FireQOS will need.
which_cmd() {
local name="$1"
shift
if [ "$1" = ":" ]
then
eval $name=":"
return 0
fi
unalias $1 >/dev/null 2>&1
local cmd=`which $1 2>/dev/null | head -n 1`
if [ $? -gt 0 -o ! -x "${cmd}" ]
then
return 1
fi
shift
if [ $# -eq 0 ]
then
eval $name="'${cmd}'"
else
eval $name="'${cmd} ${@}'"
fi
return 0
}
require_cmd() {
local var= val= block=1
if [ "$1" = "-n" ]
then
block=0
shift
fi
var="$1"
shift
eval val=\$\{${var}\}
if [ "${val}" ]
then
local cmd="${val/ */}"
if [ ! -x "$cmd" ]
then
echo >&2
if [ $block -eq 0 ]
then
echo >&2 "WARNING: optional command does not exist or is not executable ($cmd)"
echo >&2 "please add or correct $var in firehol-defaults.conf"
val=""
else
echo >&2 "ERROR: required command does not exist or is not executable ($cmd)"
echo >&2 "please add or correct $var in firehol-defaults.conf"
exit 1
fi
fi
return 0
elif [ $block -eq 0 ]
then
eval set -- "$@"
for cmd in "$@"
do
eval "NEED_${var}"="\$NEED_${var}' ${cmd/ */}'"
done
return 0
fi
if [ $# -eq 0 ]
then
eval set -- "\$NEED_${var}"
fi
echo >&2
echo >&2 "ERROR: FIREQOS REQUIRES ONE OF THESE COMMANDS:"
echo >&2
echo >&2 " ${@}"
echo >&2
echo >&2 " You have requested the use of a FireQOS"
echo >&2 " feature that requires certain external programs"
echo >&2 " to be installed in the running system."
echo >&2
echo >&2 " Please consult your Linux distribution manual to"
echo >&2 " install the package(s) that provide these external"
echo >&2 " programs and retry."
echo >&2
echo >&2 " Note that you need an operational 'which' command"
echo >&2 " for FireQOS to find all the external programs it"
echo >&2 " needs. Check it yourself. Run:"
echo >&2
for x in "${@}"
do
echo >&2 " which $x"
done
exit 1
}
which_all() {
local cmd_var="$1"
eval set -- "$2"
for cmd in "$@"
do
which_cmd $cmd_var $cmd && break
done
}
# Where required = Y, if a command is not found, FireHOL will refuse to run.
# Where required = N, the command only required when it is actually used
#
# If a command is specified in /etc/firehol/firehol-defaults.conf it will
# be used. Otherwise, if the script has been configured with ./configure
# the detected versions will be used. If the script has not been configured
# then the list of possible commands is autodetected.
while IFS="|" read required cmd_var autoconf possibles
do
if [ "@AUTOCONF_RUN@" = "Y" ]
then
case "$autoconf" in
"@"*) autoconf=""; ;;
esac
fi
eval set_in_defaults=\"\$$cmd_var\"
if [ "$set_in_defaults" ]
then
:
elif [ "@AUTOCONF_RUN@" = "Y" -a ! -z "$autoconf" ]
then
eval $cmd_var=\"$autoconf\"
else
dirname="${0%/*}"
if [ "$dirname" = "$0" ]; then dirname="."; fi
PATH="/bin:/usr/bin:/sbin:/usr/sbin:$PATH:$dirname" which_all $cmd_var "$possibles"
fi
if [ "$required" = "Y" ]
then
require_cmd $cmd_var $possibles
else
require_cmd -n $cmd_var $possibles
fi
done <<-!
common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-!
N|TPUT_CMD|@TPUT@|tput
Y|IP_CMD|@IP@|ip
Y|MODPROBE_CMD|@MODPROBE@|'modprobe -q' insmod
@ -295,42 +144,17 @@ Y|LS_CMD|@LS@|ls
Y|DATE_CMD|@DATE@|date
Y|TAIL_CMD|@TAIL@|tail
!
status=$?
test $status -eq 0 || exit $status
VERSION=$(get_version)
VERSION=$(common_get_version '$Id$')
RUNNING_ON_TERMINAL=0
if [ "z$1" = "z-nc" ]
then
shift
elif [ ! -z "$TPUT_CMD" ]
then
test -t 2 && RUNNING_ON_TERMINAL=1
if [ -t 2 -a $[$($TPUT_CMD colors 2>/dev/null)] -ge 8 ]
then
# Enable colors
COLOR_RESET="\e[0m"
COLOR_BLACK="\e[30m"
COLOR_RED="\e[31m"
COLOR_GREEN="\e[32m"
COLOR_YELLOW="\e[33m"
COLOR_BLUE="\e[34m"
COLOR_PURPLE="\e[35m"
COLOR_CYAN="\e[36m"
COLOR_WHITE="\e[37m"
COLOR_BGBLACK="\e[40m"
COLOR_BGRED="\e[41m"
COLOR_BGGREEN="\e[42m"
COLOR_BGYELLOW="\e[43m"
COLOR_BGBLUE="\e[44m"
COLOR_BGPURPLE="\e[45m"
COLOR_BGCYAN="\e[46m"
COLOR_BGWHITE="\e[47m"
COLOR_BOLD="\e[1m"
COLOR_DIM="\e[2m"
COLOR_UNDERLINED="\e[4m"
COLOR_BLINK="\e[5m"
COLOR_INVERTED="\e[7m"
fi
else
common_setup_terminal && RUNNING_ON_TERMINAL=1
fi
# service definitions
@ -3195,7 +3019,7 @@ stats_colors() {
htb_stats() {
local x=
require_cmd GAWK_CMD
common_require_cmd $PROGRAM_FILE GAWK_CMD
trap cleanup_stats EXIT
trap cleanup_stats SIGHUP
@ -3583,7 +3407,7 @@ add_monitor() {
}
monitor() {
require_cmd TCPDUMP_CMD
common_require_cmd $PROGRAM_FILE TCPDUMP_CMD
if [ -z "$1" -o ! -f "${FIREQOS_DIR}/$1.conf" ]
then

261
sbin/functions.common.sh Executable file
View File

@ -0,0 +1,261 @@
#
# Copyright
#
# Copyright (C) 2003-2014 Costa Tsaousis <costa@tsaousis.gr>
# Copyright (C) 2012-2014 Phil Whineray <phil@sanewall.org>
#
# See sbin/firehol.in for details
#
# This file contains functions used by the firehol suite.
# To keep the namespace clean, functions defined in functions.x.sh
# should be of the form x_whatever() if they are intended for general
# use or int_x_whatever() if they are intended as helpers to the other
# functions in the file.
#
common_get_version() {
local ver="$1"
shift
GIT_REF='$Format:%d,commit-%h$'
local IFS=":(), "
set -- "$GIT_REF"
for i in $@
do
case "$i" in
*[0-9].[0-9]*)
echo "$i" | $SED_CMD -e 's/^v//'
return 0
;;
commit-[0-9a-zA-Z]*)
ver="$i"
;;
esac
done
echo "$ver"
return 0
}
which_cmd() {
local name="$1"
shift
if [ "$1" = ":" ]
then
eval $name=":"
return 0
fi
unalias $1 >/dev/null 2>&1
local cmd=
IFS= read cmd <<-EOF
$(which $1 2> /dev/null)
EOF
if [ $? -gt 0 -o ! -x "${cmd}" ]
then
return 1
fi
shift
if [ $# -eq 0 ]
then
eval $name="'${cmd}'"
else
eval $name="'${cmd} ${@}'"
fi
return 0
}
common_require_cmd() {
local progname= var= val= block=1
progname="$1"
shift
if [ "$1" = "-n" ]
then
block=0
shift
fi
var="$1"
shift
eval val=\$\{${var}\} || return 2
if [ "${val}" ]
then
local cmd="${val/ */}"
if [ ! -x "$cmd" ]
then
echo >&2
if [ $block -eq 0 ]
then
echo >&2 "WARNING: optional command does not exist or is not executable ($cmd)"
echo >&2 "please add or correct $var in firehol-defaults.conf"
val=""
else
echo >&2 "ERROR: required command does not exist or is not executable ($cmd)"
echo >&2 "please add or correct $var in firehol-defaults.conf"
return 2
fi
fi
# link-balancer calls itself; export our findings so
# we do not repeat all of the lookups
eval export "$var"
return 0
elif [ $block -eq 0 ]
then
eval set -- "$@"
for cmd in "$@"
do
eval "NEED_${var}"="\$NEED_${var}' ${cmd/ */}'"
done
return 0
fi
if [ $# -eq 0 ]
then
eval set -- "\$NEED_${var}"
fi
echo >&2
echo >&2 "ERROR: $progname REQUIRES ONE OF THESE COMMANDS:"
echo >&2
echo >&2 " ${@}"
echo >&2
echo >&2 " You have requested the use of a $progname"
echo >&2 " feature that requires certain external programs"
echo >&2 " to be installed in the running system."
echo >&2
echo >&2 " Please consult your Linux distribution manual to"
echo >&2 " install the package(s) that provide these external"
echo >&2 " programs and retry."
echo >&2
echo >&2 " Note that you need an operational 'which' command"
echo >&2 " for $progname to find all the external programs it"
echo >&2 " needs. Check it yourself. Run:"
echo >&2
for x in "${@}"
do
echo >&2 " which $x"
done
return 2
}
int_common_which_all() {
local cmd_var="$1"
eval set -- "$2"
for cmd in "$@"
do
which_cmd $cmd_var $cmd && break
done
}
# Where required = Y, if a command is not found, FireHOL will refuse to run.
# Where required = N, the command only required when it is actually used
#
# If a command is specified in /etc/firehol/firehol-defaults.conf it will
# be used. Otherwise, if the script has been configured with ./configure
# the detected versions will be used. If the script has not been configured
# then the list of possible commands is autodetected.
common_load_commands() {
local progname="$1"
shift
local AUTOCONF_RUN="$1"
shift
while IFS="|" read required cmd_var autoconf possibles
do
if [ "$AUTOCONF_RUN" = "Y" ]
then
case "$autoconf" in
"@"*) autoconf=""; ;;
esac
fi
eval set_in_defaults=\"\$$cmd_var\"
if [ "$set_in_defaults" ]
then
:
elif [ "$AUTOCONF_RUN" = "Y" -a ! -z "$autoconf" ]
then
eval $cmd_var=\"$autoconf\"
else
dirname="${0%/*}"
if [ "$dirname" = "$0" ]; then dirname="."; fi
PATH="/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin:$PATH:$dirname" int_common_which_all $cmd_var "$possibles"
fi
if [ "$required" = "Y" ]
then
common_require_cmd $progname $cmd_var $possibles || return
else
common_require_cmd $progname -n $cmd_var $possibles || return
fi
done
}
common_require_root() {
if [ "${UID}" != 0 ]
then
echo >&2
echo >&2 "ERROR:"
echo >&2 "Only user root can run ${1}"
echo >&2
return 1
fi
return 0
}
common_disable_localization() {
export LC_ALL=C
}
common_private_umask() {
# Make sure our generated files cannot be accessed by anyone else.
umask 077
}
common_public_umask() {
# let everyone read our status info
umask 022
}
common_setup_terminal() {
# Are stdout/stderr on the terminal? If not, then fail
test -t 2 || return 1
test -t 1 || return 1
if [ ! -z "$TPUT_CMD" ]
then
if [ $[$($TPUT_CMD colors 2>/dev/null)] -ge 8 ]
then
# Enable colors
COLOR_RESET="\e[0m"
COLOR_BLACK="\e[30m"
COLOR_RED="\e[31m"
COLOR_GREEN="\e[32m"
COLOR_YELLOW="\e[33m"
COLOR_BLUE="\e[34m"
COLOR_PURPLE="\e[35m"
COLOR_CYAN="\e[36m"
COLOR_WHITE="\e[37m"
COLOR_BGBLACK="\e[40m"
COLOR_BGRED="\e[41m"
COLOR_BGGREEN="\e[42m"
COLOR_BGYELLOW="\e[43m"
COLOR_BGBLUE="\e[44m"
COLOR_BGPURPLE="\e[45m"
COLOR_BGCYAN="\e[46m"
COLOR_BGWHITE="\e[47m"
COLOR_BOLD="\e[1m"
COLOR_DIM="\e[2m"
COLOR_UNDERLINED="\e[4m"
COLOR_BLINK="\e[5m"
COLOR_INVERTED="\e[7m"
fi
fi
return 0
}

273
sbin/link-balancer.in
View File

@ -35,61 +35,40 @@ then
exit 1
fi
PROGRAM_FILE="${0}"
PROGRAM_DIR="${0%/*}"
if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi
PROGRAM_PWD="${PWD}"
declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
# Start defaults before configure
prefix_POST=/usr
sysconfdir_POST=/etc
localstatedir_POST=/var
libdir_POST=$PROGRAM_DIR
# End defaults before configure
for functions_file in $libdir_POST/functions.common.sh
do
if [ -r $functions_file ]
then
source $functions_file
else
1>&2 echo "Cannot access $functions_file"
exit 1
fi
done
FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol"
common_disable_localization || exit
common_private_umask || exit
common_require_root || exit
# make sure sbin is included in the path
# it seems that pppd ip-up.d script need this
export PATH="$PATH:/sbin:/usr/sbin:/usr/local/sbin"
PROGRAM_FILE="${0}"
get_version() {
GIT_REF='$Format:%d,commit-%h$'
local IFS=":(), "
set -- "$GIT_REF"
ver='$Id$'
for i in $@
do
case "$i" in
*[0-9].[0-9]*)
echo "$i" | $SED_CMD -e 's/^v//'
return 0
;;
commit-[0-9a-zA-Z]*)
ver="$i"
;;
esac
done
echo "$ver"
return 0
}
# Make sure only root can run us.
if [ ! "${UID}" = 0 ]
then
echo >&2
echo >&2
echo >&2 "Only user root can run Link Balancer."
echo >&2
exit 1
fi
if [ "@AUTOCONF_RUN@" = "Y" ]
then
FIREHOL_CONFIG_DIR="@FIREHOL_CONFIG_DIR@"
else
FIREHOL_CONFIG_DIR="/etc/firehol"
fi
declare -a LB_ORIGINAL_ARGS=("${@}")
LB_DEFAULT_WORKING_DIRECTORY="${PWD}"
if [ "$LB_DEBUGGING" ]; then set -v; set -x; fi
# Make sure we don't get localized results
export LC_ALL=C
# Make sure our generated files cannot be accessed by anyone else.
umask 077
# link-balancer temporary directory.
# every instance of link-balancer creates a random directory
# within this one.
@ -144,156 +123,7 @@ LB_IPV=
# Load commands link-balancer will need.
which_cmd() {
local name="$1"
shift
if [ "$1" = ":" ]
then
eval $name=":"
return 0
fi
unalias $1 >/dev/null 2>&1
local cmd=
IFS= read cmd <<-EOF
$(which $1 2> /dev/null)
EOF
if [ $? -gt 0 -o ! -x "${cmd}" ]
then
return 1
fi
shift
if [ $# -eq 0 ]
then
eval $name="'${cmd}'"
else
eval $name="'${cmd} ${@}'"
fi
return 0
}
require_cmd() {
local var= val= block=1
if [ "$1" = "-n" ]
then
block=0
shift
fi
var="$1"
shift
eval val=\$\{${var}\}
if [ "${val}" ]
then
local cmd="${val/ */}"
if [ ! -x "$cmd" ]
then
echo >&2
if [ $block -eq 0 ]
then
echo >&2 "WARNING: optional command does not exist or is not executable ($cmd)"
echo >&2 "please add or correct $var in firehol-defaults.conf"
val=""
else
echo >&2 "ERROR: required command does not exist or is not executable ($cmd)"
echo >&2 "please add or correct $var in firehol-defaults.conf"
exit 1
fi
fi
# link-balancer calls itself; export our findings so
# we do not repeat all of the lookups
eval export "$var"
return 0
elif [ $block -eq 0 ]
then
eval set -- "$@"
for cmd in "$@"
do
eval "NEED_${var}"="\$NEED_${var}' ${cmd/ */}'"
done
return 0
fi
if [ $# -eq 0 ]
then
eval set -- "\$NEED_${var}"
fi
echo >&2
echo >&2 "ERROR: LINK-BALANCER REQUIRES ONE OF THESE COMMANDS:"
echo >&2
echo >&2 " ${@}"
echo >&2
echo >&2 " You have requested the use of a link-balancer"
echo >&2 " feature that requires certain external programs"
echo >&2 " to be installed in the running system."
echo >&2
echo >&2 " Please consult your Linux distribution manual to"
echo >&2 " install the package(s) that provide these external"
echo >&2 " programs and retry."
echo >&2
echo >&2 " Note that you need an operational 'which' command"
echo >&2 " for link-balancer to find all the external programs it"
echo >&2 " needs. Check it yourself. Run:"
echo >&2
for x in "${@}"
do
echo >&2 " which $x"
done
exit 1
}
which_all() {
local cmd_var="$1"
eval set -- "$2"
for cmd in "$@"
do
which_cmd $cmd_var $cmd && break
done
}
# Where required = Y, if a command is not found, FireHOL will refuse to run.
# Where required = N, the command only required when it is actually used
#
# If a command is specified in /etc/firehol/firehol-defaults.conf it will
# be used. Otherwise, if the script has been configured with ./configure
# the detected versions will be used. If the script has not been configured
# then the list of possible commands is autodetected.
while IFS="|" read required cmd_var autoconf possibles
do
if [ "@AUTOCONF_RUN@" = "Y" ]
then
case "$autoconf" in
"@"*) autoconf=""; ;;
esac
fi
eval set_in_defaults=\"\$$cmd_var\"
if [ "$set_in_defaults" ]
then
:
elif [ "@AUTOCONF_RUN@" = "Y" -a ! -z "$autoconf" ]
then
eval $cmd_var=\"$autoconf\"
else
dirname="${0%/*}"
if [ "$dirname" = "$0" ]; then dirname="."; fi
PATH="/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/sbin:$PATH:$dirname" which_all $cmd_var "$possibles"
fi
if [ "$required" = "Y" ]
then
require_cmd $cmd_var $possibles
else
require_cmd -n $cmd_var $possibles
fi
done <<-!
common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-!
Y|IP_CMD|@IP@|ip
Y|DIFF_CMD|@DIFF@|diff
Y|FLOCK_CMD|@FLOCK@|flock
@ -326,42 +156,17 @@ N|WGET_CMD|@WGET@|wget
N|SCREEN_CMD|@SCREEN@|screen
Y|IPRANGE_CMD|@IPRANGE@|iprange
!
status=$?
test $status -eq 0 || exit $status
VERSION=$(get_version)
VERSION=$(common_get_version '$Id$')
RUNNING_ON_TERMINAL=0
if [ "z$1" = "z-nc" ]
then
shift
elif [ ! -z "$TPUT_CMD" ]
then
test -t 2 && RUNNING_ON_TERMINAL=1
if [ -t 2 -a $[$($TPUT_CMD colors 2>/dev/null)] -ge 8 ]
then
# Enable colors
COLOR_RESET="\e[0m"
COLOR_BLACK="\e[30m"
COLOR_RED="\e[31m"
COLOR_GREEN="\e[32m"
COLOR_YELLOW="\e[33m"
COLOR_BLUE="\e[34m"
COLOR_PURPLE="\e[35m"
COLOR_CYAN="\e[36m"
COLOR_WHITE="\e[37m"
COLOR_BGBLACK="\e[40m"
COLOR_BGRED="\e[41m"
COLOR_BGGREEN="\e[42m"
COLOR_BGYELLOW="\e[43m"
COLOR_BGBLUE="\e[44m"
COLOR_BGPURPLE="\e[45m"
COLOR_BGCYAN="\e[46m"
COLOR_BGWHITE="\e[47m"
COLOR_BOLD="\e[1m"
COLOR_DIM="\e[2m"
COLOR_UNDERLINED="\e[4m"
COLOR_BLINK="\e[5m"
COLOR_INVERTED="\e[7m"
fi
else
common_setup_terminal && RUNNING_ON_TERMINAL=1
fi
# if called with the parameter 'boot', create a new screen that
@ -369,7 +174,7 @@ fi
if [ "$1" = "boot" ]
then
shift
require_cmd SCREEN_CMD
common_require_cmd $PROGRAM_FILE SCREEN_CMD
$SCREEN_CMD -S 'link-balancer' -d -m "$0" loop "${@}"
exit 0
fi
@ -1833,10 +1638,10 @@ updated_rules() {
# 2. it queries whois for this IP to find its AS.
# 3. it queries RIPE to get all the IP address space for this AS.
asips() {
require_cmd WHOIS_CMD
require_cmd JQ_CMD
require_cmd HEAD_CMD
require_cmd WGET_CMD
common_require_cmd $PROGRAM_FILE WHOIS_CMD
common_require_cmd $PROGRAM_FILE JQ_CMD
common_require_cmd $PROGRAM_FILE HEAD_CMD
common_require_cmd $PROGRAM_FILE WGET_CMD
local ip="${1}"

251
sbin/update-ipsets.in
View File

@ -80,35 +80,32 @@
# -----------------------------------------------------------------------------
get_version() {
GIT_REF='$Format:%d,commit-%h$'
local IFS=":(), "
set -- "$GIT_REF"
ver='$Id$'
for i in $@
do
case "$i" in
*[0-9].[0-9]*)
echo "$i" | $SED_CMD -e 's/^v//'
return 0
;;
commit-[0-9a-zA-Z]*)
ver="$i"
;;
esac
done
echo "$ver"
return 0
}
PROGRAM_FILE="${0}"
PROGRAM_DIR="${0%/*}"
if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi
PROGRAM_PWD="${PWD}"
declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
if [ "@AUTOCONF_RUN@" = "Y" ]
then
FIREHOL_CONFIG_DIR="@FIREHOL_CONFIG_DIR@"
else
FIREHOL_CONFIG_DIR="/etc/firehol"
fi
# Start defaults before configure
prefix_POST=/usr
sysconfdir_POST=/etc
localstatedir_POST=/var
libdir_POST=$PROGRAM_DIR
# End defaults before configure
for functions_file in $libdir_POST/functions.common.sh
do
if [ -r $functions_file ]
then
source $functions_file
else
1>&2 echo "Cannot access $functions_file"
exit 1
fi
done
FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol"
common_disable_localization || exit
common_private_umask || exit
marksreset() { :; }
markdef() { :; }
@ -117,165 +114,7 @@ then
source "${FIREHOL_CONFIG_DIR}/firehol-defaults.conf" || exit 1
fi
PATH="${PATH}:/sbin:/usr/sbin"
LC_ALL=C
umask 077
# -----------------------------------------------------------------------------
# Load commands update-ipsets will need.
which_cmd() {
local name="$1"
shift
if [ "$1" = ":" ]
then
eval $name=":"
return 0
fi
unalias $1 >/dev/null 2>&1
local cmd=
IFS= read cmd <<-EOF
$(which $1 2> /dev/null)
EOF
if [ $? -gt 0 -o ! -x "${cmd}" ]
then
return 1
fi
shift
if [ $# -eq 0 ]
then
eval $name="'${cmd}'"
else
eval $name="'${cmd} ${@}'"
fi
return 0
}
require_cmd() {
local var= val= block=1
if [ "$1" = "-n" ]
then
block=0
shift
fi
var="$1"
shift
eval val=\$\{${var}\}
if [ "${val}" ]
then
local cmd="${val/ */}"
if [ ! -x "$cmd" ]
then
echo >&2
if [ $block -eq 0 ]
then
echo >&2 "WARNING: optional command does not exist or is not executable ($cmd)"
echo >&2 "please add or correct $var in firehol-defaults.conf"
val=""
else
echo >&2 "ERROR: required command does not exist or is not executable ($cmd)"
echo >&2 "please add or correct $var in firehol-defaults.conf"
exit 1
fi
fi
# link-balancer calls itself; export our findings so
# we do not repeat all of the lookups
eval export "$var"
return 0
elif [ $block -eq 0 ]
then
eval set -- "$@"
for cmd in "$@"
do
eval "NEED_${var}"="\$NEED_${var}' ${cmd/ */}'"
done
return 0
fi
if [ $# -eq 0 ]
then
eval set -- "\$NEED_${var}"
fi
echo >&2
echo >&2 "ERROR: UPDATE-IPSETS REQUIRES ONE OF THESE COMMANDS:"
echo >&2
echo >&2 " ${@}"
echo >&2
echo >&2 " You have requested the use of a update-ipsets"
echo >&2 " feature that requires certain external programs"
echo >&2 " to be installed in the running system."
echo >&2
echo >&2 " Please consult your Linux distribution manual to"
echo >&2 " install the package(s) that provide these external"
echo >&2 " programs and retry."
echo >&2
echo >&2 " Note that you need an operational 'which' command"
echo >&2 " for update-ipsets to find all the external programs it"
echo >&2 " needs. Check it yourself. Run:"
echo >&2
for x in "${@}"
do
echo >&2 " which $x"
done
exit 1
}
which_all() {
local cmd_var="$1"
eval set -- "$2"
for cmd in "$@"
do
which_cmd $cmd_var $cmd && break
done
}
# Where required = Y, if a command is not found, FireHOL will refuse to run.
# Where required = N, the command only required when it is actually used
#
# If a command is specified in /etc/firehol/firehol-defaults.conf it will
# be used. Otherwise, if the script has been configured with ./configure
# the detected versions will be used. If the script has not been configured
# then the list of possible commands is autodetected.
while IFS="|" read required cmd_var autoconf possibles
do
if [ "@AUTOCONF_RUN@" = "Y" ]
then
case "$autoconf" in
"@"*) autoconf=""; ;;
esac
fi
eval set_in_defaults=\"\$$cmd_var\"
if [ "$set_in_defaults" ]
then
:
elif [ "@AUTOCONF_RUN@" = "Y" -a ! -z "$autoconf" ]
then
eval $cmd_var=\"$autoconf\"
else
dirname="${0%/*}"
if [ "$dirname" = "$0" ]; then dirname="."; fi
PATH="/bin:/usr/bin:/sbin:/usr/sbin:$PATH:$dirname" which_all $cmd_var "$possibles"
fi
if [ "$required" = "Y" ]
then
require_cmd $cmd_var $possibles
else
require_cmd -n $cmd_var $possibles
fi
done <<-!
common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-!
Y|IPRANGE_CMD|@IPRANGE@|iprange
Y|DIRNAME_CMD|@DIRNAME@|dirname
Y|TAIL_CMD|@TAIL@|tail
@ -314,47 +153,17 @@ N|UNZIP_CMD|@UNZIP@|unzip
N|FUNZIP_CMD|@FUNZIP@|funzip
N|GIT_CMD|@GIT@|git
!
status=$?
test $status -eq 0 || exit $status
VERSION=$(get_version)
PROGRAM_PWD="${PWD}"
PROGRAM_DIR="`$DIRNAME_CMD ${0}`"
# -----------------------------------------------------------------------------
# terminal
VERSION=$(common_get_version '$Id$')
RUNNING_ON_TERMINAL=0
if [ "z$1" = "z-nc" ]
then
shift
elif [ ! -z "$TPUT_CMD" ]
then
test -t 2 && RUNNING_ON_TERMINAL=1
if [ -t 2 -a $[$($TPUT_CMD colors 2>/dev/null)] -ge 8 ]
then
# Enable colors
COLOR_RESET="\e[0m"
COLOR_BLACK="\e[30m"
COLOR_RED="\e[31m"
COLOR_GREEN="\e[32m"
COLOR_YELLOW="\e[33m"
COLOR_BLUE="\e[34m"
COLOR_PURPLE="\e[35m"
COLOR_CYAN="\e[36m"
COLOR_WHITE="\e[37m"
COLOR_BGBLACK="\e[40m"
COLOR_BGRED="\e[41m"
COLOR_BGGREEN="\e[42m"
COLOR_BGYELLOW="\e[43m"
COLOR_BGBLUE="\e[44m"
COLOR_BGPURPLE="\e[45m"
COLOR_BGCYAN="\e[46m"
COLOR_BGWHITE="\e[47m"
COLOR_BOLD="\e[1m"
COLOR_DIM="\e[2m"
COLOR_UNDERLINED="\e[4m"
COLOR_BLINK="\e[5m"
COLOR_INVERTED="\e[7m"
fi
else
common_setup_terminal && RUNNING_ON_TERMINAL=1
fi
$RENICE_CMD 10 $$ >/dev/null 2>/dev/null

239
sbin/vnetbuild.in
View File

@ -25,37 +25,31 @@
# See the file COPYING for details.
#
# make sure sbin is included in the path
# it seems that pppd ip-up.d script need this
export PATH="$PATH:/sbin:/usr/sbin:/usr/local/sbin"
PROGRAM_FILE="${0}"
PROGRAM_DIR="${0%/*}"
if [ "$PROGRAM_DIR" = "$0" ]; then PROGRAM_DIR="."; fi
PROGRAM_PWD="${PWD}"
declare -a PROGRAM_ORIGINAL_ARGS=("${@}")
get_version() {
GIT_REF='$Format:%d,commit-%h$'
local IFS=":(), "
set -- "$GIT_REF"
ver='$Id$'
for i in $@
do
case "$i" in
*[0-9].[0-9]*)
echo "$i" | $SED_CMD -e 's/^v//'
return 0
;;
commit-[0-9a-zA-Z]*)
ver="$i"
;;
esac
done
echo "$ver"
return 0
}
# Start defaults before configure
prefix_POST=/usr
sysconfdir_POST=/etc
localstatedir_POST=/var
libdir_POST=$PROGRAM_DIR
# End defaults before configure
for functions_file in $libdir_POST/functions.common.sh
do
if [ -r $functions_file ]
then
source $functions_file
else
1>&2 echo "Cannot access $functions_file"
exit 1
fi
done
if [ "@AUTOCONF_RUN@" = "Y" ]
then
FIREHOL_CONFIG_DIR="@FIREHOL_CONFIG_DIR@"
else
FIREHOL_CONFIG_DIR="/etc/firehol"
fi
FIREHOL_CONFIG_DIR="$sysconfdir_POST/firehol"
common_disable_localization || exit
marksreset() { :; }
markdef() { :; }
@ -64,158 +58,7 @@ then
source "${FIREHOL_CONFIG_DIR}/firehol-defaults.conf" || exit 1
fi
# Load commands vnetbuild will need.
which_cmd() {
local name="$1"
shift
if [ "$1" = ":" ]
then
eval $name=":"
return 0
fi
unalias $1 >/dev/null 2>&1
local cmd=
IFS= read cmd <<-EOF
$(which $1 2> /dev/null)
EOF
if [ $? -gt 0 -o ! -x "${cmd}" ]
then
return 1
fi
shift
if [ $# -eq 0 ]
then
eval $name="'${cmd}'"
else
eval $name="'${cmd} ${@}'"
fi
return 0
}
require_cmd() {
local var= val= block=1
if [ "$1" = "-n" ]
then
block=0
shift
fi
var="$1"
shift
eval val=\$\{${var}\}
if [ "${val}" ]
then
local cmd="${val/ */}"
if [ ! -x "$cmd" ]
then
echo >&2
if [ $block -eq 0 ]
then
echo >&2 "WARNING: optional command does not exist or is not executable ($cmd)"
echo >&2 "please add or correct $var in firehol-defaults.conf"
val=""
else
echo >&2 "ERROR: required command does not exist or is not executable ($cmd)"
echo >&2 "please add or correct $var in firehol-defaults.conf"
exit 1
fi
fi
# link-balancer calls itself; export our findings so
# we do not repeat all of the lookups
eval export "$var"
return 0
elif [ $block -eq 0 ]
then
eval set -- "$@"
for cmd in "$@"
do
eval "NEED_${var}"="\$NEED_${var}' ${cmd/ */}'"
done
return 0
fi
if [ $# -eq 0 ]
then
eval set -- "\$NEED_${var}"
fi
echo >&2
echo >&2 "ERROR: LINK-BALANCER REQUIRES ONE OF THESE COMMANDS:"
echo >&2
echo >&2 " ${@}"
echo >&2
echo >&2 " You have requested the use of a link-balancer"
echo >&2 " feature that requires certain external programs"
echo >&2 " to be installed in the running system."
echo >&2
echo >&2 " Please consult your Linux distribution manual to"
echo >&2 " install the package(s) that provide these external"
echo >&2 " programs and retry."
echo >&2
echo >&2 " Note that you need an operational 'which' command"
echo >&2 " for link-balancer to find all the external programs it"
echo >&2 " needs. Check it yourself. Run:"
echo >&2
for x in "${@}"
do
echo >&2 " which $x"
done
exit 1
}
which_all() {
local cmd_var="$1"
eval set -- "$2"
for cmd in "$@"
do
which_cmd $cmd_var $cmd && break
done
}
# Where required = Y, if a command is not found, FireHOL will refuse to run.
# Where required = N, the command only required when it is actually used
#
# If a command is specified in /etc/firehol/firehol-defaults.conf it will
# be used. Otherwise, if the script has been configured with ./configure
# the detected versions will be used. If the script has not been configured
# then the list of possible commands is autodetected.
while IFS="|" read required cmd_var autoconf possibles
do
if [ "@AUTOCONF_RUN@" = "Y" ]
then
case "$autoconf" in
"@"*) autoconf=""; ;;
esac
fi
eval set_in_defaults=\"\$$cmd_var\"
if [ "$set_in_defaults" ]
then
:
elif [ "@AUTOCONF_RUN@" = "Y" -a ! -z "$autoconf" ]
then
eval $cmd_var=\"$autoconf\"
else
dirname="${0%/*}"
if [ "$dirname" = "$0" ]; then dirname="."; fi
PATH="/bin:/usr/bin:/sbin:/usr/sbin:$PATH:$dirname" which_all $cmd_var "$possibles"
fi
if [ "$required" = "Y" ]
then
require_cmd $cmd_var $possibles
else
require_cmd -n $cmd_var $possibles
fi
done <<-!
common_load_commands $PROGRAM_FILE @AUTOCONF_RUN@ <<-!
Y|IP_CMD|@IP@|ip
Y|BRIDGE_CMD|@BRIDGE@|bridge
Y|GREP_CMD|@GREP@|grep
@ -231,23 +74,10 @@ Y|RM_CMD|@RM@|rm
Y|MKTEMP_CMD|@MKTEMP@|mktemp
N|NEATO_CMD|@NEATO@|neato
!
status=$?
test $status -eq 0 || exit $status
VERSION=$(get_version)
emit_version() {
$CAT_CMD <<EOF
FireHOL vnetbuild $VERSION
(C) Copyright 2015 Phil Whineray <phil@firehol.org>
(C) Copyright 2015 Costa Tsaousis <costa@tsaousis.gr>
FireHOL is distributed under the GPL v2+.
Home Page: http://firehol.org
-------------------------------------------------------------------------
Get notified of new FireHOL releases by subscribing to the mailing list:
http://lists.firehol.org/mailman/listinfo/firehol-support/
-------------------------------------------------------------------------
EOF
}
VERSION=$(common_get_version '$Id$')
needroot=Y
haderror=""
@ -269,7 +99,7 @@ case "$mode" in
:
;;
graphviz)
require_cmd NEATO_CMD
common_require_cmd $PROGRAM_FILE NEATO_CMD
needroot=
case "$outfile" in
*.gv|"")
@ -302,7 +132,18 @@ esac
if [ "$mode" = "" ]
then
emit_version
$CAT_CMD <<-EOF
FireHOL vnetbuild $VERSION
(C) Copyright 2015 Phil Whineray <phil@firehol.org>
(C) Copyright 2015 Costa Tsaousis <costa@tsaousis.gr>
FireHOL is distributed under the GPL v2+.
Home Page: http://firehol.org
------------------------------------------------------------------------
Get notified of new FireHOL releases by subscribing to the mailing list:
http://lists.firehol.org/mailman/listinfo/firehol-support/
------------------------------------------------------------------------
EOF
fi
if [ "$needroot" -a "${UID}" != "0" ]

1
unittest/firehol/cmdline/panic-test.run.sh
View File

@ -1,5 +1,6 @@
#!/bin/sh
export SSH_CLIENT=
$kcov $script panic
status=$?
if [ $status -eq 1 ]