From 30a5c7ebd7806dbf1cf18cefe3c9a0ca2c7dd017 Mon Sep 17 00:00:00 2001 From: Soner Tari Date: Thu, 21 Oct 2021 22:06:41 +0300 Subject: [PATCH] Update to 7.0 --- Doxyfile | 2 +- README.md | 28 +- src/Model/include.php | 4 +- src/Model/lib/Macro.php | 14 +- src/Model/lib/Rule.php | 4 +- src/Model/model.php | 533 ++++++++++++++++++ src/Model/pf.php | 492 +--------------- src/Model/validate.php | 2 +- src/View/lib/view.php | 4 +- src/View/locale/tr_TR/LC_MESSAGES/pfre.po | 92 +-- .../locale/tr_TR/LC_MESSAGES/pfre_CONTROL.po | 3 + .../locale/tr_TR/LC_MESSAGES/pfre_NOTICE.po | 6 + .../locale/tr_TR/LC_MESSAGES/pfre_TITLE.po | 15 +- src/View/locale/tr_TR/LC_MESSAGES/pfre__.po | 69 ++- src/View/pf/conf.editor.php | 21 +- src/View/pf/conf.files.php | 10 +- src/View/pf/conf.write.php | 6 +- src/View/pf/edit.php | 2 +- src/View/pf/lib/AfTo.php | 4 +- src/View/pf/lib/Anchor.php | 4 +- src/View/pf/lib/Antispoof.php | 4 +- src/View/pf/lib/Blank.php | 10 +- src/View/pf/lib/Comment.php | 18 +- src/View/pf/lib/DivertPacket.php | 4 +- src/View/pf/lib/DivertTo.php | 4 +- src/View/pf/lib/FilterBase.php | 4 +- src/View/pf/lib/Include.php | 6 +- src/View/pf/lib/Limit.php | 4 +- src/View/pf/lib/LoadAnchor.php | 4 +- src/View/pf/lib/Macro.php | 4 +- src/View/pf/lib/NatBase.php | 4 +- src/View/pf/lib/Option.php | 4 +- src/View/pf/lib/Queue.php | 4 +- src/View/pf/lib/Route.php | 4 +- src/View/pf/lib/Rule.php | 69 ++- src/View/pf/lib/RuleSet.php | 123 +++- src/View/pf/lib/Scrub.php | 4 +- src/View/pf/lib/State.php | 4 +- src/View/pf/lib/Table.php | 4 +- src/View/pf/lib/Timeout.php | 4 +- src/View/pf/pf.conf.html | 6 +- src/create_po.sh | 2 +- src/lib/defs.php | 2 +- .../acceptance/pf/confeditorCest.php | 36 +- .../acceptance/pf/lib/AfToCest.php | 4 +- .../acceptance/pf/lib/AnchorCest.php | 4 +- .../acceptance/pf/lib/AntispoofCest.php | 4 +- .../acceptance/pf/lib/BinatToCest.php | 4 +- .../acceptance/pf/lib/BlankCest.php | 10 +- .../acceptance/pf/lib/CommentCest.php | 4 +- .../acceptance/pf/lib/DivertPacketCest.php | 4 +- .../acceptance/pf/lib/DivertToCest.php | 4 +- .../acceptance/pf/lib/FilterCest.php | 4 +- .../acceptance/pf/lib/IncludeCest.php | 4 +- .../acceptance/pf/lib/LimitCest.php | 4 +- .../acceptance/pf/lib/LoadAnchorCest.php | 4 +- .../acceptance/pf/lib/MacroCest.php | 4 +- .../acceptance/pf/lib/NatToCest.php | 4 +- .../pf/lib/OptionBlockOptionCest.php | 4 +- .../acceptance/pf/lib/OptionDebugCest.php | 4 +- .../pf/lib/OptionFingerprintsCest.php | 4 +- .../acceptance/pf/lib/OptionHostidCest.php | 4 +- .../pf/lib/OptionLoginterfaceCest.php | 4 +- .../pf/lib/OptionOptimizationCest.php | 4 +- .../pf/lib/OptionReassembleCest.php | 4 +- .../pf/lib/OptionRulesetOptimizationCest.php | 4 +- .../acceptance/pf/lib/OptionSkipCest.php | 4 +- .../pf/lib/OptionStatePolicyCest.php | 4 +- .../pf/lib/OptionSyncookiesCest.php | 4 +- .../acceptance/pf/lib/QueueCest.php | 4 +- .../acceptance/pf/lib/RdrToCest.php | 4 +- .../acceptance/pf/lib/RouteCest.php | 4 +- tests/codeception/acceptance/pf/lib/Rule.php | 18 +- .../acceptance/pf/lib/ScrubCest.php | 4 +- .../acceptance/pf/lib/StateCest.php | 4 +- .../acceptance/pf/lib/TableCest.php | 4 +- .../acceptance/pf/lib/TimeoutCest.php | 4 +- tests/phpunit/Controller/ctlrTest.php | 28 +- tests/phpunit/Model/pfTest.php | 60 +- tests/phpunit/Model/validateTest.php | 4 +- 80 files changed, 1063 insertions(+), 828 deletions(-) diff --git a/Doxyfile b/Doxyfile index b94568d..0644aa7 100644 --- a/Doxyfile +++ b/Doxyfile @@ -5,7 +5,7 @@ #--------------------------------------------------------------------------- DOXYFILE_ENCODING = UTF-8 PROJECT_NAME = "PF Rule Editor" -PROJECT_NUMBER = 6.9 +PROJECT_NUMBER = 7.0 PROJECT_BRIEF = PROJECT_LOGO = OUTPUT_DIRECTORY = ./docs diff --git a/README.md b/README.md index 327c1ae..e5c5c16 100644 --- a/README.md +++ b/README.md @@ -58,8 +58,8 @@ You can find a couple of screenshots on the [wiki](https://github.com/sonertari/ Here are the basic steps to obtain a working PFRE installation: -- Install OpenBSD 6.9, perhaps on a VM. -- Install PHP 8.0.3, php-pcntl, and php-cgi. +- Install OpenBSD 7.0, perhaps on a VM. +- Install PHP 8.0.10, php-pcntl, and php-cgi. - Copy the files in PFRE src folder to /var/www/htdocs/pfre/. - Configure httpd.conf for PFRE. - Create admin and user users, and set their passwords. @@ -105,12 +105,12 @@ Download the required packages from an OpenBSD mirror and copy them to $PKG\_PAT gettext-runtime-0.21p1.tgz libiconv-1.16p0.tgz libsodium-1.0.18p1.tgz - libxml-2.9.10p2.tgz - oniguruma-6.9.6.tgz + libxml-2.9.12.tgz + oniguruma-6.9.7.1.tgz pcre2-10.36.tgz - php-8.0.3.tgz - php-cgi-8.0.3.tgz - php-pcntl-8.0.3.tgz + php-8.0.10p0.tgz + php-cgi-8.0.10p0.tgz + php-pcntl-8.0.10p0.tgz xz-5.2.5.tgz Install PHP, php-pcntl, and php-cgi by running the following commands, which should install their dependencies as well: @@ -132,12 +132,12 @@ Here is the expected output of that command: gettext-runtime-0.21p1 GNU gettext runtime libraries and programs libiconv-1.16p0 character set conversion library libsodium-1.0.18p1 library for network communications and cryptography - libxml-2.9.10p2 XML parsing library - oniguruma-6.9.6 regular expressions library + libxml-2.9.12 XML parsing library + oniguruma-6.9.7.1 regular expressions library pcre2-10.36 perl-compatible regular expression library, version 2 - php-8.0.3 server-side HTML-embedded scripting language - php-cgi-8.0.3 php CGI binary - php-pcntl-8.0.3 PCNTL extensions for php + php-8.0.10p0 server-side HTML-embedded scripting language + php-cgi-8.0.10p0 php CGI binary + php-pcntl-8.0.10p0 PCNTL extensions for php xz-5.2.5 LZMA compression and decompression tools ### Install PFRE @@ -239,7 +239,7 @@ Disable chroot in /etc/php-fpm.conf by commenting out the chroot line: ;chroot = /var/www -If you want to use Turkish translations, you should first install the gettext-tools package to generate the gettext mo file: +If you want to use the Turkish translations, you should first install the gettext-tools package to generate the gettext mo file: # cd /var/www/htdocs/pfre/View/locale/tr_TR/LC_MESSAGES/ # msgfmt -o pfre.mo pfre.po @@ -295,6 +295,6 @@ And uncomment the line which enables forwarding of IPv4 packets: Now you can either reboot the system or start the php cgi server and the web server manually using the following commands: # /usr/local/sbin/php-fpm-8.0 - # /usr/sbin/httpd + # /usr/sbin/httpd Finally, if you point your web browser to the IP address of PFRE, you should see the login page. And you should be able to log in by entering admin:soner123 as user and password. diff --git a/src/Model/include.php b/src/Model/include.php index 867ca36..e274b0f 100644 --- a/src/Model/include.php +++ b/src/Model/include.php @@ -98,7 +98,7 @@ function Output($msg) if ($Output === '') { $Output= $msg; } - else { + else if ($msg !== '') { $Output.= "\n".$msg; } return TRUE; @@ -120,7 +120,7 @@ function Error($msg) if ($Error === '') { $Error= $msg; } - else { + else if ($msg !== '') { $Error.= "\n".$msg; } } diff --git a/src/Model/lib/Macro.php b/src/Model/lib/Macro.php index 333441b..b115b82 100644 --- a/src/Model/lib/Macro.php +++ b/src/Model/lib/Macro.php @@ -53,12 +53,14 @@ function parse($str) $this->split(); $this->index= 0; - $this->rule['identifier']= $this->words[$this->index++]; - if ($this->words[++$this->index] != '{') { - $this->rule['value']= $this->words[$this->index]; - } else { - while (preg_replace('/,/', '', $this->words[++$this->index]) != '}' && !$this->isEndOfWords()) { - $this->rule['value'][]= $this->words[$this->index]; + if (!$this->isEndOfWords()) { + $this->rule['identifier']= $this->words[$this->index++]; + if ($this->words[++$this->index] != '{') { + $this->rule['value']= $this->words[$this->index]; + } else { + while (preg_replace('/,/', '', $this->words[++$this->index]) != '}' && !$this->isEndOfWords()) { + $this->rule['value'][]= $this->words[$this->index]; + } } } } diff --git a/src/Model/lib/Rule.php b/src/Model/lib/Rule.php index bd4c50a..5c4266d 100644 --- a/src/Model/lib/Rule.php +++ b/src/Model/lib/Rule.php @@ -176,9 +176,7 @@ function __construct($str) $this->cat= str_replace(__NAMESPACE__ . '\\', '', get_called_class()); - if ($str != '') { - $this->parse($str); - } + $this->parse($str); } /** diff --git a/src/Model/model.php b/src/Model/model.php index 9b3870f..f8fdba1 100644 --- a/src/Model/model.php +++ b/src/Model/model.php @@ -422,4 +422,537 @@ function _getMyName() return $this->GetFile($this->confDir.'myname'); } } + +trait Rules +{ + protected function registerRulesCommands() + { + $this->Commands= array_merge( + $this->Commands, + array( + 'GetRules'=> array( + 'argv' => array(FILEPATH, BOOL|NONE, BOOL|NONE), + 'desc' => _('Get rules'), + ), + + 'ParseRules'=> array( + 'argv' => array(JSON, BOOL|NONE), + 'desc' => _('Parse rules'), + ), + + 'GetRuleFiles'=> array( + 'argv' => array(), + 'desc' => _('Get rule files'), + ), + + 'DeleteRuleFile'=> array( + 'argv' => array(FILEPATH), + 'desc' => _('Delete rule file'), + ), + + 'InstallRules'=> array( + 'argv' => array(JSON, SAVEFILEPATH|NONE, BOOL|NONE, BOOL|NONE), + 'desc' => _('Install rules'), + ), + + 'GenerateRule'=> array( + 'argv' => array(JSON, NUM, BOOL|NONE), + 'desc' => _('Generate rule'), + ), + + 'GenerateRules'=> array( + 'argv' => array(JSON, BOOL|NONE, BOOL|NONE), + 'desc' => _('Generate rules'), + ), + + 'TestRules'=> array( + 'argv' => array(JSON), + 'desc' => _('Test rules'), + ), + ) + ); + } + + /** + * Reads, parses, and validates the rules in the given file. + * + * @param string $file Rules file. + * @param bool $tmp Whether the given rule file is a temporary uploaded file or not. + * @param bool $force Used to override validation or other types of errors, hence forces loading of rules. + * @return bool TRUE on success, FALSE on fail. + */ + function GetRules($file, $tmp= FALSE, $force= FALSE) + { + global $TMP_PATH, $TEST_DIR_PATH; + + if ($file !== "$this->ConfFile") { + if (!$this->ValidateFilename($file)) { + return FALSE; + } + if ($tmp == FALSE) { + $file= "$this->ConfPath/$file"; + } else { + $file= "$TMP_PATH/$file"; + } + } + + $ruleStr= $this->GetFile("$TEST_DIR_PATH$file"); + + if ($ruleStr !== FALSE) { + /// @todo Check if we need to unlink tmp file + //if ($tmp !== FALSE) { + // unlink($file); + //} + + $retval= $this->_parseRules($ruleStr, $force); + } else { + $retval= FALSE; + } + + return $retval; + } + + function ParseRules($json, $force= FALSE) + { + $ruleStr= json_decode($json, TRUE); + return $this->_parseRules($ruleStr, $force); + } + + function _parseRules($ruleStr, $force= FALSE) + { + $class= $this->getNamespace().'RuleSet'; + $ruleSet= new $class(); + $retval= $ruleSet->parse($ruleStr, $force); + + // Output ruleset, success or fail + Output(json_encode($ruleSet)); + + return $retval; + } + + /** + * Returns the file list under ConfPath. + * + * @todo Should we return success or fail status, instead of TRUE? + * + * @return bool TRUE on success, FALSE on fail. + */ + function GetRuleFiles() + { + global $TEST_DIR_PATH; + + return Output($this->GetFiles("$TEST_DIR_PATH$this->ConfPath")); + } + + /** + * Deletes the given file under ConfPath. + * + * Makes sure the file name is valid. + * Deletes only files under ConfPath. ValidateFilename() strips other file paths. + * + * @return bool TRUE on success, FALSE on fail. + */ + function DeleteRuleFile($file) + { + global $TEST_DIR_PATH; + + $result= $this->ValidateFilename($file); + + if ($result) { + $result= $this->DeleteFile("$TEST_DIR_PATH$this->ConfPath/$file"); + } + + return $result; + } + + /** + * Reads, parses, and validates the rules in the given file. + * + * @attention We never run pfctl if the rules fail validation. Hence $force can only + * force loading the rules, not running pfctl. + * + * @param string $json JSON encoded rules array. + * @param string $file File name to save to. + * @param bool $load Whether to load the rules using pfctl after saving. + * @param bool $force Used to override validation or other types of errors, hence forces loading of rules. + * @return bool TRUE on success, FALSE on fail. + */ + function InstallRules($json, $file= NULL, $load= TRUE, $force= FALSE) + { + global $INSTALL_USER, $TEST_DIR_PATH; + + if ($file == NULL) { + $file= $this->ConfFile; + } else { + if (!$this->ValidateFilename($file)) { + return FALSE; + } + $file= "$this->ConfPath/$file"; + } + + /// @todo Check if $rulesArray is in correct format + $rulesArray= json_decode($json, TRUE); + + $class= $this->getNamespace().'RuleSet'; + $ruleSet= new $class(); + $loadResult= $ruleSet->load($rulesArray, $force); + + if (!$loadResult && !$force) { + ctlr_syslog(LOG_NOTICE, __FILE__, __FUNCTION__, __LINE__, 'Will not generate rules with errors'); + return FALSE; + } + + $rules= $ruleSet->generate(); + + $output= array(); + $return= TRUE; + + $tmpFile= tempnam("$TEST_DIR_PATH/tmp", 'tmp.conf.'); + if ($this->PutFile($tmpFile, $rules) !== FALSE) { + $SUFFIX_OPT= '-B'; + if (posix_uname()['sysname'] === 'Linux') { + $SUFFIX_OPT= '-S'; + } + + exec("/usr/bin/install -o $INSTALL_USER -m 0600 -D -b $SUFFIX_OPT '.orig' '$tmpFile' $TEST_DIR_PATH$file 2>&1", $output, $retval); + if ($retval === 0) { + if ($load === TRUE) { + if ($loadResult) { + $cmd= preg_replace('//', $TEST_DIR_PATH.$file, $this->ReloadCmd); + + if (!$this->RunCmd($cmd, $output, $retval)) { + Error(_('Failed loading rules') . ": $file"); + ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, "Failed loading rules: $file"); + $return= FALSE; + } + + if ($retval !== 0) { + Error(_('Cannot load rules') . "\n" . implode("\n", $output)); + ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, 'Cannot load rules'); + $return= FALSE; + } + } else { + // Install button on the View is disabled if the ruleset has errors, so we should never reach here + // But this method can be called on the command line too, that's why we check $loadResult + Error(_('Will not load rules with errors') . ": $file"); + ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, "Will not load rules with errors: $file"); + $return= FALSE; + } + } + } else { + Error(_('Cannot install rule file') . ": $file\n" . implode("\n", $output)); + ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, "Cannot install rule file: $file"); + $return= FALSE; + } + + // Clean up after ourselves, even if there are errors + exec("/bin/rm '$tmpFile' 2>&1", $output, $retval); + if ($retval !== 0) { + Error(_('Cannot remove tmp file') . ": $tmpFile\n" . implode("\n", $output)); + ctlr_syslog(LOG_WARNING, __FILE__, __FUNCTION__, __LINE__, "Cannot remove tmp file: $tmpFile"); + $return= FALSE; + } + } else { + Error(_('Cannot write to tmp file') . ": $tmpFile\n" . implode("\n", $output)); + ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, "Cannot write to tmp file: $tmpFile"); + $return= FALSE; + } + + return $return; + } + + /** + * Validates the given file name. + * + * Strips the file path, because we work with files under ConfPath only. + * + * @param string $file File name to validate [out]. + * @return bool TRUE on success, FALSE on fail. + */ + function ValidateFilename(&$file) + { + $file= basename($file); + if (preg_match('/^[\w._\-]+$/', $file)) { + return TRUE; + } + + Error(_('Filename not accepted') . ": $file"); + ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, "Filename not accepted: $file"); + return FALSE; + } + + /** + * Loads and generates the given JSON encoded rule array. + * + * @param string $json JSON encoded rule array. + * @param int $ruleNumber Rule number. + * @param bool $force Used to override validation or other types of errors, hence forces loading of rules. + * @return bool TRUE on success, FALSE on fail. + */ + function GenerateRule($json, $ruleNumber, $force= FALSE) + { + $ruleDef= json_decode($json, TRUE); + + $cat= $this->getNamespace().$ruleDef['cat']; + + $ruleObj= new $cat(''); + $retval= $ruleObj->load($ruleDef['rule'], $ruleNumber, $force); + + if ($retval || $force) { + Output($ruleObj->generate()); + } else { + ctlr_syslog(LOG_NOTICE, __FILE__, __FUNCTION__, __LINE__, 'Will not generate rule with errors'); + } + + return $retval; + } + + /** + * Loads and generates the given JSON encoded rules array. + * + * @param string $json JSON encoded rules array. + * @param bool $lines Whether to print line numbers in front of each line. + * @param bool $force Used to override validation or other types of errors, hence forces loading of rules. + * @return bool TRUE on success, FALSE on fail. + */ + function GenerateRules($json, $lines= FALSE, $force= FALSE) + { + $rulesArray= json_decode($json, TRUE); + + $class= $this->getNamespace().'RuleSet'; + $ruleSet= new $class(); + $retval= $ruleSet->load($rulesArray, $force); + + if ($retval || $force) { + Output($ruleSet->generate($lines)); + } else { + ctlr_syslog(LOG_NOTICE, __FILE__, __FUNCTION__, __LINE__, 'Will not generate rules with errors'); + } + + return $retval; + } + + /** + * Tests the given JSON encoded rules array. + * + * Note that testing involves running pfctl, so there is no $force param here, + * because we never run pfctl with rules failed validation. + * + * @param string $json JSON encoded rules array. + * @return bool Test result, TRUE on success, FALSE on fail. + */ + function TestRules($json) + { + $rv= FALSE; + + $rulesArray= json_decode($json, TRUE); + + $class= $this->getNamespace().'RuleSet'; + $ruleSet= new $class(); + if (!$ruleSet->load($rulesArray)) { + Error(_('Will not test rules with errors')); + ctlr_syslog(LOG_NOTICE, __FILE__, __FUNCTION__, __LINE__, 'Will not test rules with errors'); + return FALSE; + } + + /// @attention pfctl reports line numbers, not rule numbers, so do not reduce multi-line rules into single-line + $rulesStr= $ruleSet->generate(); + + $cmd= $this->getTestRulesCmd($rulesStr, $tmpFile); + + if (!$this->RunCmd($cmd, $output, $retval)) { + Error(_('Failed testing rules')); + ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, 'Failed testing rules'); + goto out; + } + + if ($retval === 0) { + $rv= TRUE; + goto out; + } + + $rules= explode("\n", $rulesStr); + + foreach ($output as $o) { + if (preg_match('/^([^:]+):(\d+):\s*(.*)$/', $o, $match)) { + $src= $match[1]; + $line= $match[2]; + $err= $match[3]; + + // Rule numbers are 0 based, hence decrement once + $line--; + + if ($src == 'stdin') { + $rule= $rules[$line]; + Error(_('Line') . " $line: $err:\n
" . htmlentities($rule) . '
'); + } else { + // Rule numbers in include files need an extra decrement + $line--; + Error(_('Error in include file') . ": $src\n" . _('Line') . " $line: $err"); + } + } else { + Error($o); + } + } +out: + $rv&= $this->removeTmpTestFile($tmpFile); + return $rv; + } + + /** + * Daemonizes to run the given command. + * + * We create a sysv message queue before forking the child process. The parent process + * waits for a message from the child. The child process runs the pfctl command, packs + * its output and return value in an array, and returns it in a message. + * + * The parent loops waiting for a message from the child. In the loop we use a sleep interval + * obtained by an equation involving $PfctlTimeout, instead of a constant like 0.1, + * so that if $PfctlTimeout is set to 0, the interval becomes 0 too. + * + * However, note that disabling the sleep interval may fail pfctl calls, because the parent + * exits without waiting for a message from the child. + * + * pfctl takes a long time to return in certain cases. The WUI should not wait for too long, + * but exit upon timeout. In fact, all such external calls should timeout, instead of + * waiting indefinitely. + * + * @bug pfctl gets stuck, or takes a long time to return on some errors. + * + * Example 1: A macro using an unknown interface: int_if = "a1", + * pfctl tries to look up for its IP address, which takes a long time before failing with: + * > no IP address found for a1, + * > could not parse host specification + * + * Example 2: A table with an entry (e.g. "test") for which no DNS record can be found, + * pfctl waits for name service lookup, which takes too long: + * > no IP address found for test, + * > could not parse host specification + * Therefore, we need to use a function which returns upon timeout, hence this method. + * + * @param string $cmd command to run. + * @param array $output Output of cmd. + * @param int $retval Return value of cmd. + * @return bool TRUE on success, FALSE on fail. + */ + function RunCmd($cmd, &$output, &$retval) + { + global $PfctlTimeout; + + $retval= 0; + $output= array(); + + /// @todo Check why using 0 as mqid eventually (30-50 accesses later) fails creating or attaching to the queue. + $mqid= 1; + + // Create or attach to the queue before forking + $queue= msg_get_queue($mqid); + + if (!msg_queue_exists($mqid)) { + Error(_('Failed creating or attaching to message queue')); + ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, 'Failed creating or attaching to message queue'); + return FALSE; + } + + $sendtype= 1; + + $pid= pcntl_fork(); + + if ($pid == -1) { + Error(_('Cannot fork process')); + ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, 'Cannot fork process'); + } elseif ($pid) { + // This is the parent! + + $return= FALSE; + + // Parent should wait for output for $PfctlTimeout seconds + // Wait count starts from 1 due to do..while loop + $count= 1; + + // We use this $interval var instead of a constant like .1, because + // if $PfctlTimeout is set to 0, $interval becomes 0 too, effectively disabling sleep + // Add 1 to prevent division by zero ($PfctlTimeout cannot be set to -1 on the WUI) + $interval= $PfctlTimeout/($PfctlTimeout + 1)/10; + + do { + exec("/bin/sleep $interval"); + ctlr_syslog(LOG_DEBUG, __FILE__, __FUNCTION__, __LINE__, "Receive message wait count: $count, sleep interval: $interval"); + + /// @attention Do not wait for a message, loop instead: MSG_IPC_NOWAIT + $received= msg_receive($queue, 0, $recvtype, 10000, $msg, TRUE, MSG_NOERROR|MSG_IPC_NOWAIT, $error); + + if ($received && $sendtype == $recvtype) { + if (is_array($msg) && array_key_exists('retval', $msg) && array_key_exists('output', $msg)) { + $retval= $msg['retval']; + $output= $msg['output']; + + ctlr_syslog(LOG_DEBUG, __FILE__, __FUNCTION__, __LINE__, 'Received cmd output: ' . print_r($msg, TRUE)); + + $return= TRUE; + break; + } else { + Error(_('Output not in correct format') . ': ' . print_r($msg, TRUE)); + ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, 'Output not in correct format: ' . print_r($msg, TRUE)); + break; + } + } else { + ctlr_syslog(LOG_DEBUG, __FILE__, __FUNCTION__, __LINE__, 'Failed receiving cmd output: ' . posix_strerror($error)); + } + + } while ($count++ < $PfctlTimeout * 10); + + if (!$return) { + Error(_('Timed out running command')); + ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, 'Timed out running command'); + } + + // Parent removes the queue + if (!msg_remove_queue($queue)) { + Error(_('Failed removing message queue')); + ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, 'Failed removing message queue'); + } + + /// @attention Make sure the child is terminated, otherwise the parent gets stuck too. + if (posix_getpgid($pid)) { + exec("/bin/kill -KILL $pid"); + } + + // Parent survives + return $return; + } else { + // This is the child! + + // Child should run the command and send the result in a message + ctlr_syslog(LOG_DEBUG, __FILE__, __FUNCTION__, __LINE__, 'Running command'); + exec($cmd, $output, $retval); + + $msg= array( + 'retval' => $retval, + 'output' => $output + ); + + if (!msg_send($queue, $sendtype, $msg, TRUE, TRUE, $error)) { + ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, 'Failed sending output: ' . print_r($msg, TRUE) . ', error: ' . posix_strerror($error)); + } else { + ctlr_syslog(LOG_DEBUG, __FILE__, __FUNCTION__, __LINE__, 'Sent output: ' . print_r($msg, TRUE)); + } + + // Child exits + exit; + } + } + + protected function getNamespace() + { + return 'Model\\'; + } + + abstract protected function getTestRulesCmd($rulesStr, &$tmpFile); + + protected function removeTmpTestFile($tmpFile) + { + return TRUE; + } +} ?> diff --git a/src/Model/pf.php b/src/Model/pf.php index 163dcd9..3ffea74 100644 --- a/src/Model/pf.php +++ b/src/Model/pf.php @@ -28,496 +28,22 @@ class Pf extends Model { - function __construct() - { - parent::__construct(); - - $this->Commands= array_merge( - $this->Commands, - array( - 'GetPfRules'=> array( - 'argv' => array(FILEPATH, BOOL|NONE, BOOL|NONE), - 'desc' => _('Get pf rules'), - ), - - 'GetPfRuleFiles'=> array( - 'argv' => array(), - 'desc' => _('Get pf rule files'), - ), - - 'DeletePfRuleFile'=> array( - 'argv' => array(FILEPATH), - 'desc' => _('Delete pf rule file'), - ), - - 'InstallPfRules'=> array( - 'argv' => array(JSON, SAVEFILEPATH|NONE, BOOL|NONE, BOOL|NONE), - 'desc' => _('Install pf rules'), - ), - - 'GeneratePfRule'=> array( - 'argv' => array(JSON, NUM, BOOL|NONE), - 'desc' => _('Generate pf rule'), - ), - - 'GeneratePfRules'=> array( - 'argv' => array(JSON, BOOL|NONE, BOOL|NONE), - 'desc' => _('Generate pf rules'), - ), - - 'TestPfRules'=> array( - 'argv' => array(JSON), - 'desc' => _('Test pf rules'), - ), - ) - ); - } - - /** - * Reads, parses, and validates the rules in the given file. - * - * @param string $file Rules file. - * @param bool $tmp Whether the given rule file is a temporary uploaded file or not. - * @param bool $force Used to override validation or other types of errors, hence forces loading of rules. - * @return bool TRUE on success, FALSE on fail. - */ - function GetPfRules($file, $tmp= FALSE, $force= FALSE) - { - global $PF_CONFIG_PATH, $TMP_PATH, $TEST_DIR_PATH; - - if ($file !== '/etc/pf.conf') { - if (!$this->ValidateFilename($file)) { - return FALSE; - } - if ($tmp == FALSE) { - $file= "$PF_CONFIG_PATH/$file"; - } else { - $file= "$TMP_PATH/$file"; - } - } - - $ruleStr= $this->GetFile("$TEST_DIR_PATH$file"); - - if ($ruleStr !== FALSE) { - /// @todo Check if we need to unlink tmp file - //if ($tmp !== FALSE) { - // unlink($file); - //} - - $ruleSet= new RuleSet(); - $retval= $ruleSet->parse($ruleStr, $force); - - // Output ruleset, success or fail - Output(json_encode($ruleSet)); - } else { - $retval= FALSE; - } - - return $retval; - } - - /** - * Returns the file list under $PF_CONFIG_PATH. - * - * @todo Should we return success or fail status, instead of TRUE? - * - * @return bool TRUE on success, FALSE on fail. - */ - function GetPfRuleFiles() - { - global $PF_CONFIG_PATH, $TEST_DIR_PATH; - - return Output($this->GetFiles("$TEST_DIR_PATH$PF_CONFIG_PATH")); - } - - /** - * Deletes the given file under $PF_CONFIG_PATH. - * - * Makes sure the file name is valid. - * Deletes only files under $PF_CONFIG_PATH. ValidateFilename() strips other file paths. - * - * @return bool TRUE on success, FALSE on fail. - */ - function DeletePfRuleFile($file) - { - global $PF_CONFIG_PATH, $TEST_DIR_PATH; + use Rules; - $result= $this->ValidateFilename($file); - - if ($result) { - $result= $this->DeleteFile("$TEST_DIR_PATH$PF_CONFIG_PATH/$file"); - } - - return $result; - } - - /** - * Reads, parses, and validates the rules in the given file. - * - * @attention We never run pfctl if the rules fail validation. Hence $force can only - * force loading the rules, not running pfctl. - * - * @param string $json JSON encoded rules array. - * @param string $file File name to save to. - * @param bool $load Whether to load the rules using pfctl after saving. - * @param bool $force Used to override validation or other types of errors, hence forces loading of rules. - * @return bool TRUE on success, FALSE on fail. - */ - function InstallPfRules($json, $file= NULL, $load= TRUE, $force= FALSE) - { - global $PF_CONFIG_PATH, $INSTALL_USER, $TEST_DIR_PATH; - - if ($file == NULL) { - $file= '/etc/pf.conf'; - } else { - if (!$this->ValidateFilename($file)) { - return FALSE; - } - $file= "$PF_CONFIG_PATH/$file"; - } - - /// @todo Check if $rulesArray is in correct format - $rulesArray= json_decode($json, TRUE); - - $ruleSet= new RuleSet(); - $loadResult= $ruleSet->load($rulesArray, $force); - - if (!$loadResult && !$force) { - ctlr_syslog(LOG_NOTICE, __FILE__, __FUNCTION__, __LINE__, 'Will not generate rules with errors'); - return FALSE; - } - - $rules= $ruleSet->generate(); - - $output= array(); - $return= TRUE; - - $tmpFile= tempnam("$TEST_DIR_PATH/tmp", 'pf.conf.'); - if ($this->PutFile($tmpFile, $rules) !== FALSE) { - $SUFFIX_OPT= '-B'; - if (posix_uname()['sysname'] === 'Linux') { - $SUFFIX_OPT= '-S'; - } - - exec("/usr/bin/install -o $INSTALL_USER -m 0600 -D -b $SUFFIX_OPT '.orig' '$tmpFile' $TEST_DIR_PATH$file 2>&1", $output, $retval); - if ($retval === 0) { - if ($load === TRUE) { - if ($loadResult) { - $cmd= "/sbin/pfctl -f $TEST_DIR_PATH$file 2>&1"; - - if (!$this->RunPfctlCmd($cmd, $output, $retval)) { - Error(_('Failed loading pf rules') . ": $file"); - ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, "Failed loading pf rules: $file"); - $return= FALSE; - } - - if ($retval !== 0) { - Error(_('Cannot load pf rules') . "\n" . implode("\n", $output)); - ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, 'Cannot load pf rules'); - $return= FALSE; - } - } else { - // Install button on the View is disabled if the ruleset has errors, so we should never reach here - // But this method can be called on the command line too, that's why we check $loadResult - Error(_('Will not load rules with errors') . ": $file"); - ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, "Will not load rules with errors: $file"); - $return= FALSE; - } - } - } else { - Error(_('Cannot install pf rule file') . ": $file\n" . implode("\n", $output)); - ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, "Cannot install pf rule file: $file"); - $return= FALSE; - } - - // Clean up after ourselves, even if there are errors - exec("/bin/rm '$tmpFile' 2>&1", $output, $retval); - if ($retval !== 0) { - Error(_('Cannot remove tmp pf file') . ": $tmpFile\n" . implode("\n", $output)); - ctlr_syslog(LOG_WARNING, __FILE__, __FUNCTION__, __LINE__, "Cannot remove tmp pf file: $tmpFile"); - $return= FALSE; - } - } else { - Error(_('Cannot write to tmp pf file') . ": $tmpFile\n" . implode("\n", $output)); - ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, "Cannot write to tmp pf file: $tmpFile"); - $return= FALSE; - } - - return $return; - } - - /** - * Validates the given file name. - * - * Strips the file path, because we work with files under $PF_CONFIG_PATH only. - * - * @param string $file File name to validate [out]. - * @return bool TRUE on success, FALSE on fail. - */ - function ValidateFilename(&$file) - { - $file= basename($file); - if (preg_match('/^[\w._\-]+$/', $file)) { - return TRUE; - } - - Error(_('Filename not accepted') . ": $file"); - ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, "Filename not accepted: $file"); - return FALSE; - } - - /** - * Loads and generates the given JSON encoded rule array. - * - * @param string $json JSON encoded rule array. - * @param int $ruleNumber Rule number. - * @param bool $force Used to override validation or other types of errors, hence forces loading of rules. - * @return bool TRUE on success, FALSE on fail. - */ - function GeneratePfRule($json, $ruleNumber, $force= FALSE) - { - $ruleDef= json_decode($json, TRUE); + public $ConfPath= '/etc/pfre'; + public $ConfFile= '/etc/pf.conf'; - $cat= 'Model\\' . $ruleDef['cat']; - $ruleObj= new $cat(''); - $retval= $ruleObj->load($ruleDef['rule'], $ruleNumber, $force); + public $ReloadCmd= "/sbin/pfctl -f 2>&1"; - if ($retval || $force) { - Output($ruleObj->generate()); - } else { - ctlr_syslog(LOG_NOTICE, __FILE__, __FUNCTION__, __LINE__, 'Will not generate rule with errors'); - } - - return $retval; - } - - /** - * Loads and generates the given JSON encoded rules array. - * - * @param string $json JSON encoded rules array. - * @param bool $lines Whether to print line numbers in front of each line. - * @param bool $force Used to override validation or other types of errors, hence forces loading of rules. - * @return bool TRUE on success, FALSE on fail. - */ - function GeneratePfRules($json, $lines= FALSE, $force= FALSE) - { - $rulesArray= json_decode($json, TRUE); - - $ruleSet= new RuleSet(); - $retval= $ruleSet->load($rulesArray, $force); - - if ($retval || $force) { - Output($ruleSet->generate($lines)); - } else { - ctlr_syslog(LOG_NOTICE, __FILE__, __FUNCTION__, __LINE__, 'Will not generate rules with errors'); - } - - return $retval; - } - - /** - * Tests the given JSON encoded rules array. - * - * Note that testing involves running pfctl, so there is no $force param here, - * because we never run pfctl with rules failed validation. - * - * @param string $json JSON encoded rules array. - * @return bool Test result, TRUE on success, FALSE on fail. - */ - function TestPfRules($json) + function __construct() { - $rulesArray= json_decode($json, TRUE); - - $ruleSet= new RuleSet(); - if (!$ruleSet->load($rulesArray)) { - Error(_('Will not test rules with errors')); - ctlr_syslog(LOG_NOTICE, __FILE__, __FUNCTION__, __LINE__, 'Will not test rules with errors'); - return FALSE; - } - - /// @attention pfctl reports line numbers, not rule numbers, so do not reduce multi-line rules into single-line - $rulesStr= $ruleSet->generate(); - - $cmd= "/bin/echo '$rulesStr' | /sbin/pfctl -nf - 2>&1"; - - if (!$this->RunPfctlCmd($cmd, $output, $retval)) { - Error(_('Failed testing pf rules')); - ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, 'Failed testing pf rules'); - return FALSE; - } - - if ($retval === 0) { - return TRUE; - } - - $rules= explode("\n", $rulesStr); - - foreach ($output as $o) { - if (preg_match('/^([^:]+):(\d+):\s*(.*)$/', $o, $match)) { - $src= $match[1]; - $line= $match[2]; - $err= $match[3]; - - // Rule numbers are 0 based, hence decrement once - $line--; - - if ($src == 'stdin') { - $rule= $rules[$line]; - Error(_('Line') . " $line: $err:\n
" . htmlentities($rule) . '
'); - } else { - // Rule numbers in include files need an extra decrement - $line--; - Error(_('Error in include file') . ": $src\n" . _('Line') . " $line: $err"); - } - } else { - Error($o); - } - } - return FALSE; + parent::__construct(); + $this->registerRulesCommands(); } - /** - * Daemonizes to run the given pfctl command. - * - * We create a sysv message queue before forking the child process. The parent process - * waits for a message from the child. The child process runs the pfctl command, packs - * its output and return value in an array, and returns it in a message. - * - * The parent loops waiting for a message from the child. In the loop we use a sleep interval - * obtained by an equation involving $PfctlTimeout, instead of a constant like 0.1, - * so that if $PfctlTimeout is set to 0, the interval becomes 0 too. - * - * However, note that disabling the sleep interval may fail pfctl calls, because the parent - * exits without waiting for a message from the child. - * - * pfctl takes a long time to return in certain cases. The WUI should not wait for too long, - * but exit upon timeout. In fact, all such external calls should timeout, instead of - * waiting indefinitely. - * - * @bug pfctl gets stuck, or takes a long time to return on some errors. - * - * Example 1: A macro using an unknown interface: int_if = "a1", - * pfctl tries to look up for its IP address, which takes a long time before failing with: - * > no IP address found for a1, - * > could not parse host specification - * - * Example 2: A table with an entry (e.g. "test") for which no DNS record can be found, - * pfctl waits for name service lookup, which takes too long: - * > no IP address found for test, - * > could not parse host specification - * Therefore, we need to use a function which returns upon timeout, hence this method. - * - * @param string $cmd pfctl command to run. - * @param array $output Output of pfctl. - * @param int $retval Return value of pfctl. - * @return bool TRUE on success, FALSE on fail. - */ - function RunPfctlCmd($cmd, &$output, &$retval) + function getTestRulesCmd($rulesStr, &$tmpFile) { - global $PfctlTimeout; - - $retval= 0; - $output= array(); - - /// @todo Check why using 0 as mqid eventually (30-50 accesses later) fails creating or attaching to the queue. - $mqid= 1; - - // Create or attach to the queue before forking - $queue= msg_get_queue($mqid); - - if (!msg_queue_exists($mqid)) { - Error(_('Failed creating or attaching to message queue')); - ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, 'Failed creating or attaching to message queue'); - return FALSE; - } - - $sendtype= 1; - - $pid= pcntl_fork(); - - if ($pid == -1) { - Error(_('Cannot fork pfctl process')); - ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, 'Cannot fork pfctl process'); - } elseif ($pid) { - // This is the parent! - - $return= FALSE; - - // Parent should wait for output for $PfctlTimeout seconds - // Wait count starts from 1 due to do..while loop - $count= 1; - - // We use this $interval var instead of a constant like .1, because - // if $PfctlTimeout is set to 0, $interval becomes 0 too, effectively disabling sleep - // Add 1 to prevent division by zero ($PfctlTimeout cannot be set to -1 on the WUI) - $interval= $PfctlTimeout/($PfctlTimeout + 1)/10; - - do { - exec("/bin/sleep $interval"); - ctlr_syslog(LOG_DEBUG, __FILE__, __FUNCTION__, __LINE__, "Receive message wait count: $count, sleep interval: $interval"); - - /// @attention Do not wait for a message, loop instead: MSG_IPC_NOWAIT - $received= msg_receive($queue, 0, $recvtype, 10000, $msg, TRUE, MSG_NOERROR|MSG_IPC_NOWAIT, $error); - - if ($received && $sendtype == $recvtype) { - if (is_array($msg) && array_key_exists('retval', $msg) && array_key_exists('output', $msg)) { - $retval= $msg['retval']; - $output= $msg['output']; - - ctlr_syslog(LOG_DEBUG, __FILE__, __FUNCTION__, __LINE__, 'Received pfctl output: ' . print_r($msg, TRUE)); - - $return= TRUE; - break; - } else { - Error(_('Output not in correct format') . ': ' . print_r($msg, TRUE)); - ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, 'Output not in correct format: ' . print_r($msg, TRUE)); - break; - } - } else { - ctlr_syslog(LOG_DEBUG, __FILE__, __FUNCTION__, __LINE__, 'Failed receiving pfctl output: ' . posix_strerror($error)); - } - - } while ($count++ < $PfctlTimeout * 10); - - if (!$return) { - Error(_('Timed out running pfctl command')); - ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, 'Timed out running pfctl command'); - } - - // Parent removes the queue - if (!msg_remove_queue($queue)) { - Error(_('Failed removing message queue')); - ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, 'Failed removing message queue'); - } - - /// @attention Make sure the child is terminated, otherwise the parent gets stuck too. - if (posix_getpgid($pid)) { - exec("/bin/kill -KILL $pid"); - } - - // Parent survives - return $return; - } else { - // This is the child! - - // Child should run the command and send the result in a message - ctlr_syslog(LOG_DEBUG, __FILE__, __FUNCTION__, __LINE__, 'Running pfctl command'); - exec($cmd, $output, $retval); - - $msg= array( - 'retval' => $retval, - 'output' => $output - ); - - if (!msg_send($queue, $sendtype, $msg, TRUE, TRUE, $error)) { - ctlr_syslog(LOG_ERR, __FILE__, __FUNCTION__, __LINE__, 'Failed sending pfctl output: ' . print_r($msg, TRUE) . ', error: ' . posix_strerror($error)); - } else { - ctlr_syslog(LOG_DEBUG, __FILE__, __FUNCTION__, __LINE__, 'Sent pfctl output: ' . print_r($msg, TRUE)); - } - - // Child exits - exit; - } + return "/bin/echo '$rulesStr' | /sbin/pfctl -nf - 2>&1"; } } ?> diff --git a/src/Model/validate.php b/src/Model/validate.php index ebcfccc..ff19bc6 100644 --- a/src/Model/validate.php +++ b/src/Model/validate.php @@ -108,7 +108,7 @@ /// @todo Should we disallow $ and ` chars in comments? /// For example, define('RE_COMMENT_INLINE', '^[^$`]{0,100}$'); define('RE_COMMENT_INLINE', '^[\s\S]{0,100}$'); -define('RE_COMMENT', '^[\s\S]{0,1000}$'); +define('RE_COMMENT', '^[\s\S]{0,2000}$'); define('RE_ACTION', '^(pass|match|block)$'); define('RE_BLOCKOPTION', '^(drop|return|return-rst|return-icmp|return-icmp6)$'); diff --git a/src/View/lib/view.php b/src/View/lib/view.php index 2f183c7..3b75b8e 100644 --- a/src/View/lib/view.php +++ b/src/View/lib/view.php @@ -67,7 +67,7 @@ function Controller(&$output) $passwd= openssl_decrypt($ciphertext, 'AES-256-CBC', $_SESSION['cryptKey'], OPENSSL_RAW_DATA, $iv); - $ssh= new Net_SSH2('localhost'); + $ssh= new Net_SSH2('127.0.0.1'); // Give more time to all requests, the default timeout is 10 seconds $ssh->setTimeout(30); @@ -150,7 +150,7 @@ function Controller(&$output) */ function CheckAuthentication($user, $passwd) { - $ssh = new Net_SSH2('localhost'); + $ssh = new Net_SSH2('127.0.0.1'); if ($ssh->login($user, $passwd)) { $hostname= gethostname(); diff --git a/src/View/locale/tr_TR/LC_MESSAGES/pfre.po b/src/View/locale/tr_TR/LC_MESSAGES/pfre.po index 40d6542..d3670ce 100644 --- a/src/View/locale/tr_TR/LC_MESSAGES/pfre.po +++ b/src/View/locale/tr_TR/LC_MESSAGES/pfre.po @@ -12,7 +12,7 @@ msgstr "" "Plural-Forms: nplurals=1; plural=0;\n" "Language: Turkish\n" "Language-Team: Turkish \n" -"PO-Revision-Date: 2020-06-21 19:41+0300\n" +"PO-Revision-Date: 2018-11-06 22:57+0300\n" "X-Generator: Gtranslator 2.91.7\n" #, php-format @@ -100,30 +100,33 @@ msgstr "Engelleme Kuralı" msgid "Cancel" msgstr "İptal" -msgid "Cannot fork pfctl process" -msgstr "Pfctl süreci fork edilemedi" +msgid "Cannot fork process" +msgstr "Süreç fork edilemedi" msgid "Cannot generate rule" msgstr "Kural üretilemiyor" -msgid "Cannot install pf rule file" -msgstr "Pf kural dosyası kurulamadı" +msgid "Cannot generate rules" +msgstr "Kurallar üretilemiyor" -msgid "Cannot load pf rules" -msgstr "Pf kuralları yüklenemedi" +msgid "Cannot install rule file" +msgstr "Kural dosyası kurulamadı" -msgid "Cannot remove tmp pf file" -msgstr "Geçici pf dosyası silinemedi" +msgid "Cannot load rules" +msgstr "Kurallar yüklenemedi" -msgid "Cannot write to tmp pf file" -msgstr "Geçici pf dosyasına yazılamadı" +msgid "Cannot parse rules" +msgstr "Kurallar işlenemiyor" + +msgid "Cannot remove tmp file" +msgstr "Geçici dosya silinemedi" + +msgid "Cannot write to tmp file" +msgstr "Geçici dosyaya yazılamadı" msgid "Category" msgstr "Sınıf" -msgid "Check authentication" -msgstr "Kullanıcı doğrulama" - msgid "Comment" msgstr "Yorum" @@ -148,8 +151,8 @@ msgstr "Sil" msgid "Delete All" msgstr "Hepsini Sil" -msgid "Delete pf rule file" -msgstr "Pf kural dosyası silme" +msgid "Delete rule file" +msgstr "Kural dosyasını sil" msgid "Delete rules file" msgstr "Kural dosyasını sil" @@ -262,8 +265,8 @@ msgstr "Yükleme işlemi başarısız oldu" msgid "Failed loading main pf rules" msgstr "Ana pf kurallarının yüklenmesi başarısız oldu" -msgid "Failed loading pf rules" -msgstr "Pf kural yüklemesi başarısız oldu" +msgid "Failed loading rules" +msgstr "Kural yüklemesi başarısız oldu" msgid "Failed removing message queue" msgstr "Mesaj kuyruğunun silinmesi başarısız oldu" @@ -271,8 +274,8 @@ msgstr "Mesaj kuyruğunun silinmesi başarısız oldu" msgid "Failed saving" msgstr "Kayıt işlemi başarısız oldu" -msgid "Failed testing pf rules" -msgstr "Pf kurallarının testi başarısız oldu" +msgid "Failed testing rules" +msgstr "Kuralların testi başarısız oldu" msgid "Failed testing ruleset" msgstr "Kural listesinin testi başarısız oldu" @@ -322,20 +325,20 @@ msgstr "Parçalar" msgid "From Redirect Host" msgstr "Yönlendirme Adresinden" -msgid "Generate pf rule" -msgstr "Pf kural üretimi" +msgid "Generate rule" +msgstr "Kural üretimi" -msgid "Generate pf rules" -msgstr "Pf kural listesi üretimi" +msgid "Generate rules" +msgstr "Kural listesi üretimi" msgid "Generate with errors" msgstr "Hatalara rağmen üret" -msgid "Get pf rule files" -msgstr "Pf kural dosyalarını getir" +msgid "Get rule files" +msgstr "Kural dosyalarını getir" -msgid "Get pf rules" -msgstr "Pf kurallarını getir" +msgid "Get rules" +msgstr "Kuralları getir" msgid "Group" msgstr "Grup" @@ -420,8 +423,8 @@ msgstr "Kur" msgid "Install as main ruleset" msgstr "Ana kural listesi olarak kur" -msgid "Install pf rules" -msgstr "Pf kurallarını kurma" +msgid "Install rules" +msgstr "Kural kurulumu" msgid "Installed successfully" msgstr "Başarıyla kuruldu" @@ -546,6 +549,9 @@ msgstr "En Fazla Durum Sayısı" msgid "Max-mss" msgstr "En yüksek-mss" +msgid "Merges separated comments" +msgstr "Ayrılmış yorumları birleştirir" + msgid "Method does not exist" msgstr "Yöntem bulunamadı" @@ -654,9 +660,15 @@ msgstr "PF Kural Düzenleyici" msgid "Parent" msgstr "Veli" +msgid "Parse" +msgstr "İşle" + msgid "Parse Error" msgstr "İşleme Hatası" +msgid "Parse rules" +msgstr "Kuralları işle" + msgid "Password" msgstr "Parola" @@ -740,9 +752,6 @@ msgstr "Ana kural listesini tekrar yükle" msgid "Required element missing" msgstr "Gerekli eleman yok" -msgid "Resource not available" -msgstr "Kaynağa ulaşılamıyor" - msgid "Route" msgstr "Yönlendirme" @@ -809,6 +818,9 @@ msgstr "Kazıma Seçenekleri" msgid "Select Option Type" msgstr "Seçenek Türünü Seçin" +msgid "Separate" +msgstr "Ayır" + msgid "Session Timeout" msgstr "Oturum Zaman Aşımı" @@ -902,8 +914,8 @@ msgstr "Tablo Girdileri" msgid "Tables" msgstr "Tablolar" -msgid "Test pf rules" -msgstr "Pf kurallarını test et" +msgid "Test rules" +msgstr "Kuralları test et" msgid "There was an error while installing" msgstr "Kurulum sırasında bir hata oluştu" @@ -948,8 +960,8 @@ msgstr "" "kapatabilirsiniz. Yardım pencerelerini kapatmak hata veya uyarı " "pencerelerini devredışı bırakmaz." -msgid "Timed out running pfctl command" -msgstr "Pfctl komutu zaman aşımına uğradı" +msgid "Timed out running command" +msgstr "Komut zaman aşımına uğradı" msgid "Timeout" msgstr "Zaman Aşımları" @@ -960,9 +972,6 @@ msgstr "Tekrar Yönlendirme Hedef Adresi" msgid "Too many args" msgstr "Argüman sayısı fazla" -msgid "Too many args, truncating" -msgstr "Fazla argümanlar atıldı" - msgid "Turkish" msgstr "Türkçe" @@ -972,6 +981,9 @@ msgstr "Tür" msgid "UDP Timeouts" msgstr "UDP Zaman Aşımları" +msgid "Uncomment" +msgstr "Yorumu Kaldır" + msgid "Unexpected elements" msgstr "Beklenmeyen elemanlar" diff --git a/src/View/locale/tr_TR/LC_MESSAGES/pfre_CONTROL.po b/src/View/locale/tr_TR/LC_MESSAGES/pfre_CONTROL.po index 91721bd..2a9b186 100644 --- a/src/View/locale/tr_TR/LC_MESSAGES/pfre_CONTROL.po +++ b/src/View/locale/tr_TR/LC_MESSAGES/pfre_CONTROL.po @@ -160,6 +160,9 @@ msgstr "Kuyruk tanımlanmamış" msgid "Option" msgstr "Seçenekler" +msgid "Parse" +msgstr "İşle" + msgid "Queue" msgstr "Kuyruk" diff --git a/src/View/locale/tr_TR/LC_MESSAGES/pfre_NOTICE.po b/src/View/locale/tr_TR/LC_MESSAGES/pfre_NOTICE.po index 9d60acb..42ae23c 100644 --- a/src/View/locale/tr_TR/LC_MESSAGES/pfre_NOTICE.po +++ b/src/View/locale/tr_TR/LC_MESSAGES/pfre_NOTICE.po @@ -21,6 +21,12 @@ msgstr "Doğrulama başarısız" msgid "Cannot generate rule" msgstr "Kural üretilemiyor" +msgid "Cannot generate rules" +msgstr "Kurallar üretilemiyor" + +msgid "Cannot parse rules" +msgstr "Kurallar işlenemiyor" + msgid "ERROR" msgstr "HATA" diff --git a/src/View/locale/tr_TR/LC_MESSAGES/pfre_TITLE.po b/src/View/locale/tr_TR/LC_MESSAGES/pfre_TITLE.po index 83ba60d..7a785f9 100644 --- a/src/View/locale/tr_TR/LC_MESSAGES/pfre_TITLE.po +++ b/src/View/locale/tr_TR/LC_MESSAGES/pfre_TITLE.po @@ -213,9 +213,6 @@ msgstr "Kayıt Seviyesi" msgid "Logging" msgstr "Kayıt" -msgid "Logout" -msgstr "Çıkış" - msgid "Match All" msgstr "Hepsini Eşle" @@ -258,6 +255,9 @@ msgstr "En Fazla Durum Sayısı" msgid "Max-mss" msgstr "En yüksek-mss" +msgid "Merges separated comments" +msgstr "Ayrılmış yorumları birleştirir" + msgid "Min" msgstr "En az" @@ -357,9 +357,6 @@ msgstr "Tekrar Yönlendirme Seçenekleri" msgid "Redirect Port" msgstr "Tekrar Yönlendirme Kapısı" -msgid "Resource not available" -msgstr "Kaynağa ulaşılamıyor" - msgid "Route Host" msgstr "Yönlendirme Adresi" @@ -390,6 +387,9 @@ msgstr "Kazıma Seçenekleri" msgid "Select Option Type" msgstr "Seçenek Türünü Seçin" +msgid "Separate" +msgstr "Ayır" + msgid "Session Timeout" msgstr "Oturum Zaman Aşımı" @@ -459,6 +459,9 @@ msgstr "Tür" msgid "UDP Timeouts" msgstr "UDP Zaman Aşımları" +msgid "Uncomment" +msgstr "Yorumu Kaldır" + msgid "Upload rules file" msgstr "Kural dosyasını karşıya yükle" diff --git a/src/View/locale/tr_TR/LC_MESSAGES/pfre__.po b/src/View/locale/tr_TR/LC_MESSAGES/pfre__.po index afccb56..6f15792 100644 --- a/src/View/locale/tr_TR/LC_MESSAGES/pfre__.po +++ b/src/View/locale/tr_TR/LC_MESSAGES/pfre__.po @@ -21,26 +21,23 @@ msgstr "Argüman tür kontrolü başarısız oldu" msgid "Authentication failed" msgstr "Doğrulama başarısız" -msgid "Cannot fork pfctl process" -msgstr "Pfctl süreci fork edilemedi" +msgid "Cannot fork process" +msgstr "Süreç fork edilemedi" -msgid "Cannot install pf rule file" -msgstr "Pf kural dosyası kurulamadı" +msgid "Cannot install rule file" +msgstr "Kural dosyası kurulamadı" -msgid "Cannot load pf rules" -msgstr "Pf kuralları yüklenemedi" +msgid "Cannot load rules" +msgstr "Kurallar yüklenemedi" -msgid "Cannot remove tmp pf file" -msgstr "Geçici pf dosyası silinemedi" +msgid "Cannot remove tmp file" +msgstr "Geçici dosya silinemedi" -msgid "Cannot write to tmp pf file" -msgstr "Geçici pf dosyasına yazılamadı" +msgid "Cannot write to tmp file" +msgstr "Geçici dosyaya yazılamadı" -msgid "Check authentication" -msgstr "Kullanıcı doğrulama" - -msgid "Delete pf rule file" -msgstr "Pf kural dosyası silme" +msgid "Delete rule file" +msgstr "Kural dosyasını sil" msgid "English" msgstr "İngilizce" @@ -57,14 +54,14 @@ msgstr "Yüklemede hata, kural sorunlu olarak yüklendi" msgid "Failed creating or attaching to message queue" msgstr "Mesaj kuyruğu yaratılamadı veya bağlantı başarısız oldu" -msgid "Failed loading pf rules" -msgstr "Pf kural yüklemesi başarısız oldu" +msgid "Failed loading rules" +msgstr "Kural yüklemesi başarısız oldu" msgid "Failed removing message queue" msgstr "Mesaj kuyruğunun silinmesi başarısız oldu" -msgid "Failed testing pf rules" -msgstr "Pf kurallarının testi başarısız oldu" +msgid "Failed testing rules" +msgstr "Kuralların testi başarısız oldu" msgid "Failed validating command line" msgstr "Komut satırı doğrulaması başarısız oldu" @@ -75,20 +72,20 @@ msgstr "Dosya adı kabul edilmedi" msgid "Filepath wrong" msgstr "Dosya yolu yanlış" -msgid "Generate pf rule" -msgstr "Pf kural üretimi" +msgid "Generate rule" +msgstr "Kural üretimi" -msgid "Generate pf rules" -msgstr "Pf kural listesi üretimi" +msgid "Generate rules" +msgstr "Kural listesi üretimi" -msgid "Get pf rule files" -msgstr "Pf kural dosyalarını getir" +msgid "Get rule files" +msgstr "Kural dosyalarını getir" -msgid "Get pf rules" -msgstr "Pf kurallarını getir" +msgid "Get rules" +msgstr "Kuralları getir" -msgid "Install pf rules" -msgstr "Pf kurallarını kurma" +msgid "Install rules" +msgstr "Kural kurulumu" msgid "Invalid inline rules, parser output" msgstr "Geçersiz satıriçi kurallar, işleme çıktısı" @@ -141,6 +138,9 @@ msgstr "Çıktı doğru yapıda değil" msgid "Parse Error" msgstr "İşleme Hatası" +msgid "Parse rules" +msgstr "Kuralları işle" + msgid "Reached max nesting for inline anchors" msgstr "Satıriçi çapalar için en fazla içiçe sayıya ulaşıldı" @@ -183,18 +183,15 @@ msgstr "SSH kullanımını ayarla" msgid "Set user password" msgstr "Kullanıcı parolasını ayarla" -msgid "Test pf rules" -msgstr "Pf kurallarını test et" +msgid "Test rules" +msgstr "Kuralları test et" -msgid "Timed out running pfctl command" -msgstr "Pfctl komutu zaman aşımına uğradı" +msgid "Timed out running command" +msgstr "Komut zaman aşımına uğradı" msgid "Too many args" msgstr "Argüman sayısı fazla" -msgid "Too many args, truncating" -msgstr "Fazla argümanlar atıldı" - msgid "Turkish" msgstr "Türkçe" diff --git a/src/View/pf/conf.editor.php b/src/View/pf/conf.editor.php index d85cc53..a178c6a 100644 --- a/src/View/pf/conf.editor.php +++ b/src/View/pf/conf.editor.php @@ -148,7 +148,23 @@ PrintHelpWindow(_NOTICE('Ruleset deleted')); } -$View->Controller($Output, 'TestPfRules', json_encode($View->RuleSet->rules)); +if (filter_has_var(INPUT_GET, 'comment')) { + $View->RuleSet->comment(filter_input(INPUT_GET, 'comment')); +} + +if (filter_has_var(INPUT_GET, 'uncomment')) { + $View->RuleSet->uncomment(filter_input(INPUT_GET, 'uncomment')); +} + +if (filter_has_var(INPUT_GET, 'separate')) { + $View->RuleSet->separate(filter_input(INPUT_GET, 'separate')); +} + +if (filter_has_var(INPUT_POST, 'parse')) { + $View->RuleSet->parse(); +} + +$View->Controller($Output, 'TestRules', json_encode($View->RuleSet->rules)); $TopMenu= 'conf.editor'; require_once($VIEW_PATH.'/header.php'); @@ -174,6 +190,7 @@ + + - Controller($Output, 'TestPfRules', json_encode($View->RuleSet->rules))) { + if ($force || $View->Controller($Output, 'TestRules', json_encode($View->RuleSet->rules))) { /// @attention Use 0, not FALSE for boolean here, otherwise arg type check fails - if ($View->Controller($Output, 'InstallPfRules', json_encode($View->RuleSet->rules), $filepath, 0, $force)) { + if ($View->Controller($Output, 'InstallRules', json_encode($View->RuleSet->rules), $filepath, 0, $force)) { $View->RuleSet->filename= $filepath; PrintHelpWindow(_NOTICE('Saved') . ": $filepath"); } else { @@ -95,7 +95,7 @@ $deleteFile= basename(filter_input(INPUT_POST, 'deleteFilename')); $filepath= "$PF_CONFIG_PATH/$deleteFile"; - if ($View->Controller($Output, 'DeletePfRuleFile', $filepath)) { + if ($View->Controller($Output, 'DeleteRuleFile', $filepath)) { PrintHelpWindow(_NOTICE('Rules file deleted') . ": $filepath"); } else { PrintHelpWindow('
' . _NOTICE('Failed deleting') . ": $filepath", NULL, 'ERROR'); @@ -129,7 +129,7 @@ $force= 1; } - if ($View->Controller($Output, 'GeneratePfRules', json_encode($View->RuleSet->rules), 0, $force) || $force) { + if ($View->Controller($Output, 'GenerateRules', json_encode($View->RuleSet->rules), 0, $force) || $force) { if (filter_has_var(INPUT_SERVER, 'HTTP_USER_AGENT') && preg_match("/MSIE/", filter_input(INPUT_SERVER, 'HTTP_USER_AGENT'))) { // For IE ini_set('zlib.output_compression', 'Off'); @@ -152,7 +152,7 @@ } } -$View->Controller($Output, 'GetPfRuleFiles'); +$View->Controller($Output, 'GetRuleFiles'); $ruleFiles= $Output; $TopMenu= 'conf.files'; diff --git a/src/View/pf/conf.write.php b/src/View/pf/conf.write.php index 5423d15..2cff378 100644 --- a/src/View/pf/conf.write.php +++ b/src/View/pf/conf.write.php @@ -25,10 +25,10 @@ $printNumbers= 0; } -$testResult= $View->Controller($Output, 'TestPfRules', json_encode($View->RuleSet->rules)); +$testResult= $View->Controller($Output, 'TestRules', json_encode($View->RuleSet->rules)); if ($testResult) { if (filter_has_var(INPUT_POST, 'install') && filter_input(INPUT_POST, 'install') == _CONTROL('Install')) { - if ($View->Controller($Output, 'InstallPfRules', json_encode($View->RuleSet->rules))) { + if ($View->Controller($Output, 'InstallRules', json_encode($View->RuleSet->rules))) { PrintHelpWindow(_NOTICE('Installed successfully')); } else { PrintHelpWindow('
' . _NOTICE('There was an error while installing'), NULL, 'ERROR'); @@ -46,7 +46,7 @@ $StrRules= array(); $generated= FALSE; if ($testResult || $force) { - $generated= $View->Controller($StrRules, 'GeneratePfRules', json_encode($View->RuleSet->rules), $printNumbers, $force); + $generated= $View->Controller($StrRules, 'GenerateRules', json_encode($View->RuleSet->rules), $printNumbers, $force); } $TopMenu= 'conf.write'; diff --git a/src/View/pf/edit.php b/src/View/pf/edit.php index 9ca14c6..807eb24 100644 --- a/src/View/pf/edit.php +++ b/src/View/pf/edit.php @@ -46,7 +46,7 @@ $force= 1; } - $generateResult= $View->Controller($Output, 'GeneratePfRule', json_encode($ruleObj), $ruleNumber, $force); + $generateResult= $View->Controller($Output, 'GenerateRule', json_encode($ruleObj), $ruleNumber, $force); if ($generateResult || $force) { /// @attention Inline anchor rules are multi-line, hence implode. $ruleStr= implode("\n", $Output); diff --git a/src/View/pf/lib/AfTo.php b/src/View/pf/lib/AfTo.php index abaa50f..14bc811 100644 --- a/src/View/pf/lib/AfTo.php +++ b/src/View/pf/lib/AfTo.php @@ -29,7 +29,7 @@ function setType() function display($ruleNumber, $count) { - $this->dispHead($ruleNumber); + $this->dispHead($ruleNumber, $count); $this->dispAction(); $this->dispValue('direction', _TITLE('Direction')); $this->dispInterface(); @@ -39,7 +39,7 @@ function display($ruleNumber, $count) $this->dispValue('rediraf', _TITLE('Redirect Address Family')); $this->dispValues('redirhost', _TITLE('From Redirect Host')); $this->dispValues('toredirhost', _TITLE('To Redirect Host')); - $this->dispTail($ruleNumber, $count); + $this->dispTail($ruleNumber); } function input() diff --git a/src/View/pf/lib/Anchor.php b/src/View/pf/lib/Anchor.php index cb1233f..25fc0f3 100644 --- a/src/View/pf/lib/Anchor.php +++ b/src/View/pf/lib/Anchor.php @@ -24,7 +24,7 @@ class Anchor extends FilterBase { function display($ruleNumber, $count) { - $this->dispHead($ruleNumber); + $this->dispHead($ruleNumber, $count); $this->dispAction(); $this->dispValue('direction', _TITLE('Direction')); $this->dispInterface(); @@ -33,7 +33,7 @@ function display($ruleNumber, $count) $this->dispValue('state-filter', _TITLE('State')); $this->dispQueue(); $this->dispInline(); - $this->dispTail($ruleNumber, $count); + $this->dispTail($ruleNumber); } /** diff --git a/src/View/pf/lib/Antispoof.php b/src/View/pf/lib/Antispoof.php index 973e13c..629dc46 100644 --- a/src/View/pf/lib/Antispoof.php +++ b/src/View/pf/lib/Antispoof.php @@ -24,13 +24,13 @@ class Antispoof extends Rule { function display($ruleNumber, $count) { - $this->dispHead($ruleNumber); + $this->dispHead($ruleNumber, $count); $this->dispInterface(); $this->dispKey('quick', _TITLE('Quick')); $this->dispValue('af', _TITLE('Address Family')); $this->dispLog(8); $this->dispValue('label', _TITLE('Label')); - $this->dispTail($ruleNumber, $count); + $this->dispTail($ruleNumber); } function input() diff --git a/src/View/pf/lib/Blank.php b/src/View/pf/lib/Blank.php index 10e547a..795d645 100644 --- a/src/View/pf/lib/Blank.php +++ b/src/View/pf/lib/Blank.php @@ -24,9 +24,8 @@ class Blank extends Rule { function display($ruleNumber, $count) { - $this->dispHead($ruleNumber); + $this->dispHead($ruleNumber, $count); $this->dispBlank(); - $this->dispTailEditLinks($ruleNumber, $count); } /** @@ -42,9 +41,10 @@ function countLines() function dispBlank() { ?> - - rule['blank']); ?> - + + rule['blank']); ?> + + dispHead($ruleNumber); + $this->dispHead($ruleNumber, $count); $this->dispComment(); - $this->dispTailEditLinks($ruleNumber, $count); } /** @@ -45,13 +44,14 @@ function countLines() function dispComment() { ?> - - rule['comment'])) { - echo nl2br(htmlentities(stripslashes($this->rule['comment']))); - } - ?> - + + rule['comment'])) { + echo nl2br(htmlentities(stripslashes($this->rule['comment']))); + } + ?> + + dispHead($ruleNumber); + $this->dispHead($ruleNumber, $count); $this->dispAction(); $this->dispValue('direction', _TITLE('Direction')); $this->dispInterface(); @@ -39,7 +39,7 @@ function display($ruleNumber, $count) $this->dispValue('proto', _TITLE('Proto')); $this->dispSrcDest(); $this->dispValue('divertport', _TITLE('Divert Port')); - $this->dispTail($ruleNumber, $count); + $this->dispTail($ruleNumber); } function input() diff --git a/src/View/pf/lib/DivertTo.php b/src/View/pf/lib/DivertTo.php index 2abe33d..f3bef09 100644 --- a/src/View/pf/lib/DivertTo.php +++ b/src/View/pf/lib/DivertTo.php @@ -29,7 +29,7 @@ function setType() function display($ruleNumber, $count) { - $this->dispHead($ruleNumber); + $this->dispHead($ruleNumber, $count); $this->dispAction(); $this->dispValue('direction', _TITLE('Direction')); $this->dispInterface(); @@ -39,7 +39,7 @@ function display($ruleNumber, $count) $this->dispSrcDest(); $this->dispValue('diverthost', _TITLE('Divert Host')); $this->dispValue('divertport', _TITLE('Divert Port')); - $this->dispTail($ruleNumber, $count); + $this->dispTail($ruleNumber); } function input() diff --git a/src/View/pf/lib/FilterBase.php b/src/View/pf/lib/FilterBase.php index 5108aa1..cd3988d 100644 --- a/src/View/pf/lib/FilterBase.php +++ b/src/View/pf/lib/FilterBase.php @@ -24,7 +24,7 @@ class FilterBase extends State { function display($ruleNumber, $count) { - $this->dispHead($ruleNumber); + $this->dispHead($ruleNumber, $count); $this->dispAction(); $this->dispValue('direction', _TITLE('Direction')); $this->dispInterface(); @@ -34,7 +34,7 @@ function display($ruleNumber, $count) $this->dispSrcDest(); $this->dispValue('state-filter', _TITLE('State')); $this->dispQueue(); - $this->dispTail($ruleNumber, $count); + $this->dispTail($ruleNumber); } function dispAction() diff --git a/src/View/pf/lib/Include.php b/src/View/pf/lib/Include.php index 0b15ece..7479064 100644 --- a/src/View/pf/lib/Include.php +++ b/src/View/pf/lib/Include.php @@ -24,9 +24,9 @@ class _Include extends Rule { function display($ruleNumber, $count) { - $this->dispHead($ruleNumber); + $this->dispHead($ruleNumber, $count); $this->dispInclude(); - $this->dispTail($ruleNumber, $count); + $this->dispTail($ruleNumber); } function dispInclude() @@ -70,7 +70,7 @@ function editInclude() { global $View, $PF_CONFIG_PATH; - $View->Controller($ruleFiles, 'GetPfRuleFiles'); + $View->Controller($ruleFiles, 'GetRuleFiles'); ?> diff --git a/src/View/pf/lib/Limit.php b/src/View/pf/lib/Limit.php index 058beb2..e8c95e5 100644 --- a/src/View/pf/lib/Limit.php +++ b/src/View/pf/lib/Limit.php @@ -24,9 +24,9 @@ class Limit extends Rule { function display($ruleNumber, $count) { - $this->dispHead($ruleNumber); + $this->dispHead($ruleNumber, $count); $this->dispLimit(); - $this->dispTail($ruleNumber, $count); + $this->dispTail($ruleNumber); } function dispLimit() diff --git a/src/View/pf/lib/LoadAnchor.php b/src/View/pf/lib/LoadAnchor.php index ba5537d..8683f65 100644 --- a/src/View/pf/lib/LoadAnchor.php +++ b/src/View/pf/lib/LoadAnchor.php @@ -24,9 +24,9 @@ class LoadAnchor extends Rule { function display($ruleNumber, $count) { - $this->dispHead($ruleNumber); + $this->dispHead($ruleNumber, $count); $this->dispAnchor(); - $this->dispTail($ruleNumber, $count); + $this->dispTail($ruleNumber); } function dispAnchor() diff --git a/src/View/pf/lib/Macro.php b/src/View/pf/lib/Macro.php index 97fac84..50e6616 100644 --- a/src/View/pf/lib/Macro.php +++ b/src/View/pf/lib/Macro.php @@ -24,9 +24,9 @@ class Macro extends Rule { function display($ruleNumber, $count) { - $this->dispHead($ruleNumber); + $this->dispHead($ruleNumber, $count); $this->dispMacro(); - $this->dispTail($ruleNumber, $count); + $this->dispTail($ruleNumber); } function dispMacro() diff --git a/src/View/pf/lib/NatBase.php b/src/View/pf/lib/NatBase.php index 3c2d8bf..adc5077 100644 --- a/src/View/pf/lib/NatBase.php +++ b/src/View/pf/lib/NatBase.php @@ -24,7 +24,7 @@ class NatBase extends Filter { function display($ruleNumber, $count) { - $this->dispHead($ruleNumber); + $this->dispHead($ruleNumber, $count); $this->dispAction(); $this->dispValue('direction', _TITLE('Direction')); $this->dispInterface(); @@ -34,7 +34,7 @@ function display($ruleNumber, $count) $this->dispSrcDest(); $this->dispValues('redirhost', _TITLE('Redirect Host')); $this->dispValue('redirport', _TITLE('Redirect Port')); - $this->dispTail($ruleNumber, $count); + $this->dispTail($ruleNumber); } function input() diff --git a/src/View/pf/lib/Option.php b/src/View/pf/lib/Option.php index ba35851..a1b15dc 100644 --- a/src/View/pf/lib/Option.php +++ b/src/View/pf/lib/Option.php @@ -24,9 +24,9 @@ class Option extends Rule { function display($ruleNumber, $count) { - $this->dispHead($ruleNumber); + $this->dispHead($ruleNumber, $count); $this->dispOption(); - $this->dispTail($ruleNumber, $count); + $this->dispTail($ruleNumber); } function dispOption() diff --git a/src/View/pf/lib/Queue.php b/src/View/pf/lib/Queue.php index 2509fe8..05b9a44 100644 --- a/src/View/pf/lib/Queue.php +++ b/src/View/pf/lib/Queue.php @@ -24,7 +24,7 @@ class Queue extends Rule { function display($ruleNumber, $count) { - $this->dispHead($ruleNumber); + $this->dispHead($ruleNumber, $count); $this->dispValue('name', _TITLE('Name')); $this->dispInterface(); $this->dispValue('parent', _TITLE('Parent')); @@ -35,7 +35,7 @@ function display($ruleNumber, $count) $this->dispValue('quantum', _TITLE('Quantum')); $this->dispValue('qlimit', _TITLE('Qlimit')); $this->dispKey('default', _TITLE('Default')); - $this->dispTail($ruleNumber, $count); + $this->dispTail($ruleNumber); } function dispBandwidth($key, $pre, $title, $colspan) diff --git a/src/View/pf/lib/Route.php b/src/View/pf/lib/Route.php index 0c51dee..b0bcbc6 100644 --- a/src/View/pf/lib/Route.php +++ b/src/View/pf/lib/Route.php @@ -30,7 +30,7 @@ function setType() function display($ruleNumber, $count) { - $this->dispHead($ruleNumber); + $this->dispHead($ruleNumber, $count); $this->dispAction(); $this->dispValue('direction', _TITLE('Direction')); $this->dispInterface(); @@ -40,7 +40,7 @@ function display($ruleNumber, $count) $this->dispSrcDest(); $this->dispValue('type', _TITLE('Type')); $this->dispValues('routehost', _TITLE('Route Host')); - $this->dispTail($ruleNumber, $count); + $this->dispTail($ruleNumber); } function input() diff --git a/src/View/pf/lib/Rule.php b/src/View/pf/lib/Rule.php index bc7e17d..993d785 100644 --- a/src/View/pf/lib/Rule.php +++ b/src/View/pf/lib/Rule.php @@ -108,10 +108,13 @@ function display($ruleNumber, $count) * Prints rule number, rule type, and line number. * * Used by almost all rule types. + * Passes $count to dispHeadEditLinks() to disable up or down edit links of the first and + * the last rule in the rule set. * * @param int $ruleNumber Rule number. + * @param int $count Number of rules in the ruleset. */ - function dispHead($ruleNumber) + function dispHead($ruleNumber, $count) { global $lineNumber, $ruleCategoryNames; @@ -124,6 +127,9 @@ function dispHead($ruleNumber) + dispHeadEditLinks($ruleNumber, $count); + ?> @@ -158,24 +164,21 @@ function countLines() * Prints inline comments and edit links. * * Used by almost all rule types. - * Passes $count to dispTailEditLinks() to disable up or down edit links of the first and - * the last rule in the rule set. * * @param int $ruleNumber Rule number. - * @param int $count Number of rules in the ruleset. */ - function dispTail($ruleNumber, $count) + function dispTail($ruleNumber) { ?> - - rule['comment'])) { - echo htmlentities(stripslashes($this->rule['comment'])); - } - ?> - + + rule['comment'])) { + echo htmlentities(stripslashes($this->rule['comment'])); + } + ?> + + dispTailEditLinks($ruleNumber, $count); } /** @@ -189,7 +192,7 @@ function dispTail($ruleNumber, $count) * @param int $ruleNumber Rule number. * @param int $count Number of rules in the ruleset. */ - function dispTailEditLinks($ruleNumber, $count) + function dispHeadEditLinks($ruleNumber, $count) { ?> @@ -197,7 +200,6 @@ function dispTailEditLinks($ruleNumber, $count) $this->dispEditLinks($ruleNumber, $count); ?> - - e + + 0) { ?> - u + + + + - d + + + + ref]; @@ -238,8 +247,26 @@ function dispEditLinks($ruleNumber, $count, $up= 'up', $down= 'down', $del= 'del $confirmMsg= str_replace('', $ruleType, $confirmMsg); $confirmMsg= str_replace('', $ruleNumber, $confirmMsg); ?> - x + + cat != 'Comment') { + ?> + + + + + 0, not > 1 + $disabled= $this->countLines() > 0 ? '' : 'disabled'; + ?> + + + + /> + Controller($Output, 'GetPfRules', $filename, 0, $force); + $retval= $View->Controller($Output, 'GetRules', $filename, 0, $force); } else { - $retval= $View->Controller($Output, 'GetPfRules', $filename, $tmp, $force); + $retval= $View->Controller($Output, 'GetRules', $filename, $tmp, $force); } if ($retval !== FALSE || $force) { @@ -224,6 +224,123 @@ function add($ruleNumber= 0) return $ruleNumber; } } + + function comment($ruleNumber) + { + global $View; + + $retval= $View->Controller($output, 'GenerateRule', json_encode($this->rules[$ruleNumber]), $ruleNumber, 1); + if (!$retval) { + PrintHelpWindow(_NOTICE('ERROR') . ': ' . _NOTICE('Cannot generate rule'), 'auto', 'ERROR'); + } + + /// @attention Inline rules are multi-line, hence implode. + $output= explode("\n", trim(implode("\n", $output))); + for ($i= 0; $i < count($output); $i++) { + $output[$i]= '# '.trim($output[$i]); + } + $ruleStr= implode("\n", $output); + + unset($output); + $rulesArray= array(); + + $retval= $View->Controller($output, 'ParseRules', json_encode($ruleStr), 1); + if (!$retval) { + PrintHelpWindow(_NOTICE('ERROR') . ': ' . _NOTICE('Cannot parse rules'), 'auto', 'ERROR'); + } + + $rulesArray= json_decode($output[0], TRUE)['rules']; + + $ruleSet= new RuleSet(); + $ruleSet->loadArray($rulesArray); + + unset($this->rules[$ruleNumber]); + // array_slice() takes care of possible off-by-one error due to unset above + $head= array_slice($this->rules, 0, $ruleNumber); + $tail= array_slice($this->rules, $ruleNumber); + $this->rules= array_merge($head, $ruleSet->rules, $tail); + } + + function uncomment($ruleNumber) + { + global $View; + + $rulesArray= array(); + $retval= $View->Controller($output, 'ParseRules', json_encode($this->rules[$ruleNumber]->rule['comment']), 1); + if (!$retval) { + PrintHelpWindow(_NOTICE('ERROR') . ': ' . _NOTICE('Cannot parse rules'), 'auto', 'ERROR'); + } + + $rulesArray= json_decode($output[0], TRUE)['rules']; + + $ruleSet= new RuleSet(); + $ruleSet->loadArray($rulesArray); + + unset($this->rules[$ruleNumber]); + // array_slice() takes care of possible off-by-one error due to unset above + $head= array_slice($this->rules, 0, $ruleNumber); + $tail= array_slice($this->rules, $ruleNumber); + + if (count($ruleSet->rules)) { + $this->rules= array_merge($head, $ruleSet->rules, $tail); + } + else { + $blank= new Blank(); + $blank->rule['blank']= "\n"; + $this->rules= array_merge($head, array($blank), $tail); + } + } + + function separate($ruleNumber) + { + global $View; + + $rulesArray= array(); + + // Can be used to merge separated comments by reloading rules + $lines= explode("\n", $this->rules[$ruleNumber]->rule['comment']); + for ($i= 0; $i < count($lines); $i++) { + $ruleStr= '# '.trim($lines[$i]); + + $retval= $View->Controller($parseOut, 'ParseRules', json_encode($ruleStr), 1); + if (!$retval) { + PrintHelpWindow(_NOTICE('ERROR') . ': ' . _NOTICE('Cannot parse rules'), 'auto', 'ERROR'); + } + + $rulesArray[]= json_decode($parseOut[0], TRUE)['rules'][0]; + } + + $ruleSet= new RuleSet(); + $ruleSet->loadArray($rulesArray); + + unset($this->rules[$ruleNumber]); + // array_slice() takes care of possible off-by-one error due to unset above + $head= array_slice($this->rules, 0, $ruleNumber); + $tail= array_slice($this->rules, $ruleNumber); + $this->rules= array_merge($head, $ruleSet->rules, $tail); + } + + function parse() + { + global $View; + + // Merge comments by reloading rules + $retval= $View->Controller($output, 'GenerateRules', json_encode($this->rules), 0, 1); + if (!$retval) { + PrintHelpWindow(_NOTICE('ERROR') . ': ' . _NOTICE('Cannot generate rules'), 'auto', 'ERROR'); + } + + $ruleStr= trim(implode("\n", $output)); + + unset($output); + $retval= $View->Controller($output, 'ParseRules', json_encode($ruleStr), 1); + if (!$retval) { + PrintHelpWindow(_NOTICE('ERROR') . ': ' . _NOTICE('Cannot parse rules'), 'auto', 'ERROR'); + } + + $rulesArray= json_decode($output[0], TRUE)['rules']; + $this->loadArray($rulesArray); + } /** * Computes the actual rule number which can be allocated. @@ -349,7 +466,7 @@ function test($ruleNumber, $ruleObj) $rulesArray= array_slice(json_decode(json_encode($this), TRUE)['rules'], 0, $ruleNumber); $rulesArray[]= json_decode(json_encode($ruleObj), TRUE); - return $View->Controller($Output, 'TestPfRules', json_encode($rulesArray)); + return $View->Controller($Output, 'TestRules', json_encode($rulesArray)); } /** diff --git a/src/View/pf/lib/Scrub.php b/src/View/pf/lib/Scrub.php index 98d5b40..dd12fdf 100644 --- a/src/View/pf/lib/Scrub.php +++ b/src/View/pf/lib/Scrub.php @@ -24,7 +24,7 @@ class Scrub extends Filter { function display($ruleNumber, $count) { - $this->dispHead($ruleNumber); + $this->dispHead($ruleNumber, $count); $this->dispAction(); $this->dispValue('direction', _TITLE('Direction')); $this->dispInterface(); @@ -34,7 +34,7 @@ function display($ruleNumber, $count) $this->dispValue('min-ttl', _TITLE('Min-ttl')); $this->dispValue('max-mss', _TITLE('Max-mss')); $this->dispScrubOpts(); - $this->dispTail($ruleNumber, $count); + $this->dispTail($ruleNumber); } function dispScrubOpts() diff --git a/src/View/pf/lib/State.php b/src/View/pf/lib/State.php index c0d9823..59b2ded 100644 --- a/src/View/pf/lib/State.php +++ b/src/View/pf/lib/State.php @@ -24,9 +24,9 @@ class State extends Timeout { function display($ruleNumber, $count) { - $this->dispHead($ruleNumber); + $this->dispHead($ruleNumber, $count); $this->dispState(); - $this->dispTail($ruleNumber, $count); + $this->dispTail($ruleNumber); } function dispState() diff --git a/src/View/pf/lib/Table.php b/src/View/pf/lib/Table.php index ce759be..64627bd 100644 --- a/src/View/pf/lib/Table.php +++ b/src/View/pf/lib/Table.php @@ -24,14 +24,14 @@ class Table extends Rule { function display($ruleNumber, $count) { - $this->dispHead($ruleNumber); + $this->dispHead($ruleNumber, $count); $this->dispId(); $this->dispKey('const', _TITLE('Flag')); $this->dispKey('persist', _TITLE('Flag')); $this->dispKey('counters', _TITLE('Flag')); // Dummy params $this->dispValues('', ''); - $this->dispTail($ruleNumber, $count); + $this->dispTail($ruleNumber); } function dispId() diff --git a/src/View/pf/lib/Timeout.php b/src/View/pf/lib/Timeout.php index adc5177..3507da2 100644 --- a/src/View/pf/lib/Timeout.php +++ b/src/View/pf/lib/Timeout.php @@ -24,9 +24,9 @@ class Timeout extends Rule { function display($ruleNumber, $count) { - $this->dispHead($ruleNumber); + $this->dispHead($ruleNumber, $count); $this->dispTimeout(); - $this->dispTail($ruleNumber, $count); + $this->dispTail($ruleNumber); } function dispTimeout() diff --git a/src/View/pf/pf.conf.html b/src/View/pf/pf.conf.html index b1d8b7f..122c92e 100644 --- a/src/View/pf/pf.conf.html +++ b/src/View/pf/pf.conf.html @@ -394,8 +394,8 @@ - icmp-type type code code - icmp6-type type code code + icmp-type type [code code] + icmp6-type type [code code] This rule only applies to ICMP or ICMP6 packets with the specified type and code. Text names for ICMP types and codes are listed in icmp(4) and icmp6(4). The protocol and the ICMP type @@ -2284,7 +2284,7 @@ HISTORY The pf.conf file format first appeared in OpenBSD 3.0. -OpenBSD 6.9 February 1, 2021 OpenBSD 6.9 +OpenBSD 7.0 July 19, 2021 OpenBSD 7.0 diff --git a/src/create_po.sh b/src/create_po.sh index 23b1268..5fe5ab2 100755 --- a/src/create_po.sh +++ b/src/create_po.sh @@ -81,7 +81,7 @@ if ! xgettext -L "PHP" -s \ --copyright-holder="Soner Tari, The PFRE project" \ --msgid-bugs-address="sonertari@gmail.com" \ --package-name="PFRE" \ - --package-version="6.9" \ + --package-version="7.0" \ -j -o $LOCALE_FILE \ -f files.txt; then echo "FAILED generating $LOCALE_FILE" diff --git a/src/lib/defs.php b/src/lib/defs.php index 860136e..facbb42 100644 --- a/src/lib/defs.php +++ b/src/lib/defs.php @@ -23,7 +23,7 @@ */ /// Project version. -define('VERSION', '6.9.1'); +define('VERSION', '7.0'); $ROOT= dirname(dirname(dirname(__FILE__))); $SRC_ROOT= dirname(dirname(__FILE__)); diff --git a/tests/codeception/acceptance/pf/confeditorCest.php b/tests/codeception/acceptance/pf/confeditorCest.php index b03ba62..847e0ab 100644 --- a/tests/codeception/acceptance/pf/confeditorCest.php +++ b/tests/codeception/acceptance/pf/confeditorCest.php @@ -111,7 +111,7 @@ public function testShow(AcceptanceTester $I) $I->seeNumberOfElements(['xpath' => '//a[contains(@href, "conf.editor.php?del=")]'], 1); $I->seeNumberOfElements(\Codeception\Util\Locator::find('tr', ['title' => "$type rule"]), 1); - $I->seeLink('e', "http://pfre/pf/conf.editor.php?sender=$sender&rulenumber=$ruleNumber"); + $I->seeLink('', "http://pfre/pf/conf.editor.php?sender=$sender&rulenumber=$ruleNumber"); $ruleNumber++; } @@ -140,7 +140,7 @@ public function testAddLast(AcceptanceTester $I) $I->checkOption('#forcesave'); $I->click('Save'); - $I->seeLink('e', "http://pfre/pf/conf.editor.php?sender=$sender&rulenumber=$ruleNumber"); + $I->seeLink('', "http://pfre/pf/conf.editor.php?sender=$sender&rulenumber=$ruleNumber"); $ruleNumber++; } @@ -169,7 +169,7 @@ public function testAddFirst(AcceptanceTester $I) $I->checkOption('#forcesave'); $I->click('Save'); - $I->seeLink('e', "http://pfre/pf/conf.editor.php?sender=$sender&rulenumber=$ruleNumber"); + $I->seeLink('', "http://pfre/pf/conf.editor.php?sender=$sender&rulenumber=$ruleNumber"); /// @attention No need to delete the new rule //$I->click(['xpath' => '//a[contains(@href, "conf.editor.php?del=' . $ruleNumber . '")]']); @@ -201,7 +201,7 @@ public function testAddMiddle(AcceptanceTester $I) $I->checkOption('#forcesave'); $I->click('Save'); - $I->seeLink('e', "http://pfre/pf/conf.editor.php?sender=$sender&rulenumber=$ruleNumber"); + $I->seeLink('', "http://pfre/pf/conf.editor.php?sender=$sender&rulenumber=$ruleNumber"); } } @@ -225,7 +225,7 @@ public function testAddGreaterThanRuleCount(AcceptanceTester $I) $I->checkOption('#forcesave'); $I->click('Save'); - $I->seeLink('e', "http://pfre/pf/conf.editor.php?sender=filter&rulenumber=$count"); + $I->seeLink('', "http://pfre/pf/conf.editor.php?sender=filter&rulenumber=$count"); } /** @@ -273,7 +273,7 @@ public function testEditGreaterThanRuleCount(AcceptanceTester $I) $I->checkOption('#forcesave'); $I->click('Save'); - $I->seeLink('e', "http://pfre/pf/conf.editor.php?sender=filter&rulenumber=$count"); + $I->seeLink('', "http://pfre/pf/conf.editor.php?sender=filter&rulenumber=$count"); } /** @@ -299,7 +299,7 @@ public function testDelete(AcceptanceTester $I) $I->expect("clicking the Delete button deletes a $type rule $ruleNumber"); $I->seeInField('#ruleNumber', $count); - $I->seeLink('e', "http://pfre/pf/conf.editor.php?sender=$sender&rulenumber=$ruleNumber"); + $I->seeLink('', "http://pfre/pf/conf.editor.php?sender=$sender&rulenumber=$ruleNumber"); $I->fillField('#ruleNumber', $ruleNumber); $I->click('Delete'); @@ -321,7 +321,7 @@ public function testDelete(AcceptanceTester $I) $I->checkOption('#forcesave'); $I->click('Save'); - $I->seeLink('e', "http://pfre/pf/conf.editor.php?sender=$sender&rulenumber=$ruleNumber"); + $I->seeLink('', "http://pfre/pf/conf.editor.php?sender=$sender&rulenumber=$ruleNumber"); $ruleNumber++; } } @@ -337,7 +337,7 @@ public function testMoveDown(AcceptanceTester $I) $delta= 1; $moveTo= 0; while ($ruleNumber < $count) { - $I->seeLink('e', "http://pfre/pf/conf.editor.php?sender=filter&rulenumber=$ruleNumber"); + $I->seeLink('', "http://pfre/pf/conf.editor.php?sender=filter&rulenumber=$ruleNumber"); $moveTo= $ruleNumber + $delta; @@ -349,9 +349,9 @@ public function testMoveDown(AcceptanceTester $I) if ($moveTo < $count) { $I->dontSeeLink('e', "http://pfre/pf/conf.editor.php?sender=filter&rulenumber=$ruleNumber"); - $I->seeLink('e', "http://pfre/pf/conf.editor.php?sender=filter&rulenumber=$moveTo"); + $I->seeLink('', "http://pfre/pf/conf.editor.php?sender=filter&rulenumber=$moveTo"); } else { - $I->seeLink('e', "http://pfre/pf/conf.editor.php?sender=filter&rulenumber=$ruleNumber"); + $I->seeLink('', "http://pfre/pf/conf.editor.php?sender=filter&rulenumber=$ruleNumber"); $I->dontSeeLink('e', "http://pfre/pf/conf.editor.php?sender=filter&rulenumber=$moveTo"); } @@ -370,7 +370,7 @@ public function testMoveUp(AcceptanceTester $I) $ruleNumber= $count - 1; $delta= 1; while ($ruleNumber >= 0) { - $I->seeLink('e', "http://pfre/pf/conf.editor.php?sender=comment&rulenumber=$ruleNumber"); + $I->seeLink('', "http://pfre/pf/conf.editor.php?sender=comment&rulenumber=$ruleNumber"); $moveTo= $ruleNumber - $delta; @@ -382,9 +382,9 @@ public function testMoveUp(AcceptanceTester $I) if ($moveTo >= 0) { $I->dontSeeLink('e', "http://pfre/pf/conf.editor.php?sender=comment&rulenumber=$ruleNumber"); - $I->seeLink('e', "http://pfre/pf/conf.editor.php?sender=comment&rulenumber=$moveTo"); + $I->seeLink('', "http://pfre/pf/conf.editor.php?sender=comment&rulenumber=$moveTo"); } else { - $I->seeLink('e', "http://pfre/pf/conf.editor.php?sender=comment&rulenumber=$ruleNumber"); + $I->seeLink('', "http://pfre/pf/conf.editor.php?sender=comment&rulenumber=$ruleNumber"); $I->dontSeeLink('e', "http://pfre/pf/conf.editor.php?sender=comment&rulenumber=$moveTo"); } @@ -439,7 +439,7 @@ public function testDown(AcceptanceTester $I) $ruleNumber= 0; while ($ruleNumber < $count - 1) { - $I->seeLink('e', "http://pfre/pf/conf.editor.php?sender=filter&rulenumber=$ruleNumber"); + $I->seeLink('', "http://pfre/pf/conf.editor.php?sender=filter&rulenumber=$ruleNumber"); $I->click(['xpath' => '//a[contains(@href, "conf.editor.php?down=' . $ruleNumber . '")]']); @@ -447,7 +447,7 @@ public function testDown(AcceptanceTester $I) $I->dontSeeLink('e', "http://pfre/pf/conf.editor.php?sender=filter&rulenumber=$ruleNumber"); $ruleNumber++; - $I->seeLink('e', "http://pfre/pf/conf.editor.php?sender=filter&rulenumber=$ruleNumber"); + $I->seeLink('', "http://pfre/pf/conf.editor.php?sender=filter&rulenumber=$ruleNumber"); } } @@ -460,7 +460,7 @@ public function testUp(AcceptanceTester $I) $ruleNumber= $count - 1; while ($ruleNumber > 0) { - $I->seeLink('e', "http://pfre/pf/conf.editor.php?sender=comment&rulenumber=$ruleNumber"); + $I->seeLink('', "http://pfre/pf/conf.editor.php?sender=comment&rulenumber=$ruleNumber"); $I->click(['xpath' => '//a[contains(@href, "conf.editor.php?up=' . $ruleNumber . '")]']); @@ -468,7 +468,7 @@ public function testUp(AcceptanceTester $I) $I->dontSeeLink('e', "http://pfre/pf/conf.editor.php?sender=comment&rulenumber=$ruleNumber"); $ruleNumber--; - $I->seeLink('e', "http://pfre/pf/conf.editor.php?sender=comment&rulenumber=$ruleNumber"); + $I->seeLink('', "http://pfre/pf/conf.editor.php?sender=comment&rulenumber=$ruleNumber"); } } diff --git a/tests/codeception/acceptance/pf/lib/AfToCest.php b/tests/codeception/acceptance/pf/lib/AfToCest.php index e5ea5ee..98a758c 100644 --- a/tests/codeception/acceptance/pf/lib/AfToCest.php +++ b/tests/codeception/acceptance/pf/lib/AfToCest.php @@ -34,7 +34,7 @@ class AfToCest extends Rule 192.168.0.1 ssh 2222 192.168.0.2 ssh inet -192.168.0.1 192.168.0.2 Test e u d x'; +192.168.0.1 192.168.0.2 Test'; protected $modifiedRule= 'match out from { 192.168.0.1, 1.1.1.1 } to port { ssh, 1111 } af-to to { 192.168.0.2, 1.1.1.1 } # Test1'; protected $expectedDispModifiedRule= 'match out @@ -44,7 +44,7 @@ class AfToCest extends Rule 1111 192.168.0.2 1.1.1.1 -Test1 e u d x'; +Test1'; function __construct() { diff --git a/tests/codeception/acceptance/pf/lib/AnchorCest.php b/tests/codeception/acceptance/pf/lib/AnchorCest.php index ed14f0a..720631d 100644 --- a/tests/codeception/acceptance/pf/lib/AnchorCest.php +++ b/tests/codeception/acceptance/pf/lib/AnchorCest.php @@ -68,13 +68,13 @@ function __construct() anchor out { pass proto tcp from any to port { 25, 80, 443 } } -pass in proto tcp to any port 22 Test e u d x'; +pass in proto tcp to any port 22 Test'; $this->expectedDispModifiedRule= $this->ruleNumber . ' ' . $this->type . ' ' . $this->lineNumber . ' out 192.168.0.1 1.1.1.1 ssh 1111 -Test1 e u d x'; +Test1'; $this->revertedRule= 'anchor "test" in on em0 inet proto tcp from 192.168.0.1 port { ssh, 2222 } os openbsd to 192.168.0.2 port ssh user root group wheel flags S/SA tos 1 allow-opts once label "test" tag "test" !tagged "test" set prio 2 rtable 3 max-pkt-rate 100/10 probability 10% prio 4 set tos 5 !received-on em0 keep state ( max 1, max-src-states 2, max-src-nodes 3, max-src-conn 4, max-src-conn-rate 5/5, sloppy, no-sync, pflow, if-bound, overload flush global, source-track rule, frag 1, interval 2, src.track 3, tcp.first 4, tcp.opening 5, tcp.established 6, tcp.closing 7, tcp.finwait 8, tcp.closed 9, udp.first 10, udp.single 11, udp.multiple 12, icmp.first 13, icmp.error 14, other.first 15, other.single 16, other.multiple 17, adaptive.start 18, adaptive.end 19 ) { block anchor out { diff --git a/tests/codeception/acceptance/pf/lib/AntispoofCest.php b/tests/codeception/acceptance/pf/lib/AntispoofCest.php index df706eb..6a8e393 100644 --- a/tests/codeception/acceptance/pf/lib/AntispoofCest.php +++ b/tests/codeception/acceptance/pf/lib/AntispoofCest.php @@ -31,10 +31,10 @@ class AntispoofCest extends Rule protected $expectedDispOrigRule= 'em0 quick inet log all, matches, user, to=pflog0 test -Test e u d x'; +Test'; protected $modifiedRule= 'antispoof # Test1'; - protected $expectedDispModifiedRule= 'Test1 e u d x'; + protected $expectedDispModifiedRule= 'Test1'; protected function modifyRule(AcceptanceTester $I) { diff --git a/tests/codeception/acceptance/pf/lib/BinatToCest.php b/tests/codeception/acceptance/pf/lib/BinatToCest.php index b294cb8..b1bdc8d 100644 --- a/tests/codeception/acceptance/pf/lib/BinatToCest.php +++ b/tests/codeception/acceptance/pf/lib/BinatToCest.php @@ -34,7 +34,7 @@ class BinatToCest extends Rule 192.168.0.1 ssh 2222 192.168.0.2 ssh 192.168.0.1 ssh -Test e u d x'; +Test'; protected $modifiedRule= 'match out from { 192.168.0.1, 1.1.1.1 } to port { ssh, 1111 } binat-to 1.1.1.1 # Test1'; protected $expectedDispModifiedRule= 'match out @@ -42,7 +42,7 @@ class BinatToCest extends Rule 1.1.1.1 ssh 1111 -1.1.1.1 Test1 e u d x'; +1.1.1.1 Test1'; function __construct() { diff --git a/tests/codeception/acceptance/pf/lib/BlankCest.php b/tests/codeception/acceptance/pf/lib/BlankCest.php index 93d583e..bf7ef9e 100644 --- a/tests/codeception/acceptance/pf/lib/BlankCest.php +++ b/tests/codeception/acceptance/pf/lib/BlankCest.php @@ -38,17 +38,11 @@ function __construct() parent::__construct(); $this->expectedDispOrigRule= $this->ruleNumber . ' ' . $this->type . ' ' . $this->lineNumber . ' -' . ($this->lineNumber + 1) . ' - -e u d x'; +' . ($this->lineNumber + 1); $this->expectedDispModifiedRule= $this->ruleNumber . ' ' . $this->type . ' ' . $this->lineNumber . ' ' . ($this->lineNumber + 1) . ' ' . ($this->lineNumber + 2) . ' -' . ($this->lineNumber + 3) . ' - - - -e u d x'; +' . ($this->lineNumber + 3); } /** diff --git a/tests/codeception/acceptance/pf/lib/CommentCest.php b/tests/codeception/acceptance/pf/lib/CommentCest.php index 262e8de..9aee067 100644 --- a/tests/codeception/acceptance/pf/lib/CommentCest.php +++ b/tests/codeception/acceptance/pf/lib/CommentCest.php @@ -43,14 +43,14 @@ function __construct() $this->expectedDispOrigRule= $this->ruleNumber . ' ' . $this->type . ' ' . $this->lineNumber . ' ' . ($this->lineNumber + 1) . ' Line1 -Line2 e u d x'; +Line2'; $this->expectedDispModifiedRule= $this->ruleNumber . ' ' . $this->type . ' ' . $this->lineNumber . ' ' . ($this->lineNumber + 1) . ' ' . ($this->lineNumber + 2) . ' ' . ($this->lineNumber + 3) . ' Line1 Line2 Line3 -Line4 e u d x'; +Line4'; $this->dLink= NULL; } diff --git a/tests/codeception/acceptance/pf/lib/DivertPacketCest.php b/tests/codeception/acceptance/pf/lib/DivertPacketCest.php index eabe3a5..bf66b2c 100644 --- a/tests/codeception/acceptance/pf/lib/DivertPacketCest.php +++ b/tests/codeception/acceptance/pf/lib/DivertPacketCest.php @@ -34,7 +34,7 @@ class DivertPacketCest extends Rule 192.168.0.1 ssh 2222 192.168.0.2 ssh ssh -Test e u d x'; +Test'; protected $modifiedRule= 'match out from { 192.168.0.1, 1.1.1.1 } to port { ssh, 1111 } divert-packet port 1111 # Test1'; protected $expectedDispModifiedRule= 'match out @@ -43,7 +43,7 @@ class DivertPacketCest extends Rule ssh 1111 1111 -Test1 e u d x'; +Test1'; function __construct() { diff --git a/tests/codeception/acceptance/pf/lib/DivertToCest.php b/tests/codeception/acceptance/pf/lib/DivertToCest.php index d895b44..f71d3d7 100644 --- a/tests/codeception/acceptance/pf/lib/DivertToCest.php +++ b/tests/codeception/acceptance/pf/lib/DivertToCest.php @@ -35,7 +35,7 @@ class DivertToCest extends Rule 2222 192.168.0.2 ssh 192.168.0.1 ssh -Test e u d x'; +Test'; protected $modifiedRule= 'match out from { 192.168.0.1, 1.1.1.1 } to port { ssh, 1111 } divert-to 1.1.1.1 # Test1'; protected $expectedDispModifiedRule= 'match out @@ -44,7 +44,7 @@ class DivertToCest extends Rule ssh 1111 1.1.1.1 -Test1 e u d x'; +Test1'; function __construct() { diff --git a/tests/codeception/acceptance/pf/lib/FilterCest.php b/tests/codeception/acceptance/pf/lib/FilterCest.php index f3fbf15..996e8c9 100644 --- a/tests/codeception/acceptance/pf/lib/FilterCest.php +++ b/tests/codeception/acceptance/pf/lib/FilterCest.php @@ -35,7 +35,7 @@ class FilterCest extends Rule 2222 192.168.0.2 ssh keep std -service Test e u d x'; +service Test'; protected $modifiedRule= 'match out from { 192.168.0.1, 1.1.1.1 } to port { ssh, 1111 } # Test1'; protected $expectedDispModifiedRule= 'match out @@ -43,7 +43,7 @@ class FilterCest extends Rule 1.1.1.1 ssh 1111 -Test1 e u d x'; +Test1'; function __construct() { diff --git a/tests/codeception/acceptance/pf/lib/IncludeCest.php b/tests/codeception/acceptance/pf/lib/IncludeCest.php index ec19647..bb6f0cb 100644 --- a/tests/codeception/acceptance/pf/lib/IncludeCest.php +++ b/tests/codeception/acceptance/pf/lib/IncludeCest.php @@ -28,10 +28,10 @@ class IncludeCest extends Rule protected $sender= 'include'; protected $origRule= 'include "/etc/pfre/include.conf" # Test'; - protected $expectedDispOrigRule= 'include /etc/pfre/include.conf Test e u d x'; + protected $expectedDispOrigRule= 'include /etc/pfre/include.conf Test'; protected $modifiedRule= 'ERROR: Cannot generate rule'; - protected $expectedDispModifiedRule= 'include Test1 e u d x'; + protected $expectedDispModifiedRule= 'include Test1'; function __construct() { diff --git a/tests/codeception/acceptance/pf/lib/LimitCest.php b/tests/codeception/acceptance/pf/lib/LimitCest.php index 394eb5c..b023769 100644 --- a/tests/codeception/acceptance/pf/lib/LimitCest.php +++ b/tests/codeception/acceptance/pf/lib/LimitCest.php @@ -28,10 +28,10 @@ class LimitCest extends Rule protected $sender= 'limit'; protected $origRule= 'set limit { states 1, frags 2, src-nodes 3, tables 4, table-entries 5 } # Test'; - protected $expectedDispOrigRule= 'states: 1, frags: 2, src-nodes: 3, tables: 4, table-entries: 5 Test e u d x'; + protected $expectedDispOrigRule= 'states: 1, frags: 2, src-nodes: 3, tables: 4, table-entries: 5 Test'; protected $modifiedRule= ' # Test1'; - protected $expectedDispModifiedRule= 'Test1 e u d x'; + protected $expectedDispModifiedRule= 'Test1'; protected function modifyRule(AcceptanceTester $I) { diff --git a/tests/codeception/acceptance/pf/lib/LoadAnchorCest.php b/tests/codeception/acceptance/pf/lib/LoadAnchorCest.php index 6e8f072..523879f 100644 --- a/tests/codeception/acceptance/pf/lib/LoadAnchorCest.php +++ b/tests/codeception/acceptance/pf/lib/LoadAnchorCest.php @@ -28,10 +28,10 @@ class LoadAnchorCest extends Rule protected $sender= 'loadanchor'; protected $origRule= 'load anchor test from "/etc/pfre/include.conf" # Test'; - protected $expectedDispOrigRule= 'test /etc/pfre/include.conf Test e u d x'; + protected $expectedDispOrigRule= 'test /etc/pfre/include.conf Test'; protected $modifiedRule= 'load anchor test1 from "/etc/pfre/test.conf" # Test1'; - protected $expectedDispModifiedRule= 'test1 /etc/pfre/test.conf Test1 e u d x'; + protected $expectedDispModifiedRule= 'test1 /etc/pfre/test.conf Test1'; protected function modifyRule(AcceptanceTester $I) { diff --git a/tests/codeception/acceptance/pf/lib/MacroCest.php b/tests/codeception/acceptance/pf/lib/MacroCest.php index 93553a7..9645752 100644 --- a/tests/codeception/acceptance/pf/lib/MacroCest.php +++ b/tests/codeception/acceptance/pf/lib/MacroCest.php @@ -31,14 +31,14 @@ class MacroCest extends Rule protected $expectedDispOrigRule= 'test ssh 2222 -Test e u d x'; +Test'; protected $modifiedRule= 'test1 = "{ ssh, 2222, 1111 }" # Test1'; protected $expectedDispModifiedRule= 'test1 ssh 2222 1111 -Test1 e u d x'; +Test1'; protected function modifyRule(AcceptanceTester $I) { diff --git a/tests/codeception/acceptance/pf/lib/NatToCest.php b/tests/codeception/acceptance/pf/lib/NatToCest.php index f2672d2..83a0921 100644 --- a/tests/codeception/acceptance/pf/lib/NatToCest.php +++ b/tests/codeception/acceptance/pf/lib/NatToCest.php @@ -34,7 +34,7 @@ class NatToCest extends Rule 192.168.0.1 ssh 2222 192.168.0.2 ssh 192.168.0.1 ssh -Test e u d x'; +Test'; protected $modifiedRule= 'pass out from { 192.168.0.1, 1.1.1.1 } to port { ssh, 1111 } nat-to { 192.168.0.1, 1.1.1.1 } # Test1'; protected $expectedDispModifiedRule= 'pass out @@ -44,7 +44,7 @@ class NatToCest extends Rule 1111 192.168.0.1 1.1.1.1 -Test1 e u d x'; +Test1'; function __construct() { diff --git a/tests/codeception/acceptance/pf/lib/OptionBlockOptionCest.php b/tests/codeception/acceptance/pf/lib/OptionBlockOptionCest.php index 26c4eef..d90c2a7 100644 --- a/tests/codeception/acceptance/pf/lib/OptionBlockOptionCest.php +++ b/tests/codeception/acceptance/pf/lib/OptionBlockOptionCest.php @@ -28,10 +28,10 @@ class OptionBlockOptionCest extends Rule protected $sender= 'option'; protected $origRule= 'set block-policy drop # Test'; - protected $expectedDispOrigRule= 'block-policy: drop Test e u d x'; + protected $expectedDispOrigRule= 'block-policy: drop Test'; protected $modifiedRule= 'set block-policy return # Test1'; - protected $expectedDispModifiedRule= 'block-policy: return Test1 e u d x'; + protected $expectedDispModifiedRule= 'block-policy: return Test1'; function __construct() { diff --git a/tests/codeception/acceptance/pf/lib/OptionDebugCest.php b/tests/codeception/acceptance/pf/lib/OptionDebugCest.php index 837baaf..aa032d3 100644 --- a/tests/codeception/acceptance/pf/lib/OptionDebugCest.php +++ b/tests/codeception/acceptance/pf/lib/OptionDebugCest.php @@ -28,10 +28,10 @@ class OptionDebugCest extends Rule protected $sender= 'option'; protected $origRule= 'set debug notice # Test'; - protected $expectedDispOrigRule= 'debug: notice Test e u d x'; + protected $expectedDispOrigRule= 'debug: notice Test'; protected $modifiedRule= 'set debug debug # Test1'; - protected $expectedDispModifiedRule= 'debug: debug Test1 e u d x'; + protected $expectedDispModifiedRule= 'debug: debug Test1'; function __construct() { diff --git a/tests/codeception/acceptance/pf/lib/OptionFingerprintsCest.php b/tests/codeception/acceptance/pf/lib/OptionFingerprintsCest.php index d7d2a28..8f116e5 100644 --- a/tests/codeception/acceptance/pf/lib/OptionFingerprintsCest.php +++ b/tests/codeception/acceptance/pf/lib/OptionFingerprintsCest.php @@ -28,10 +28,10 @@ class OptionFingerprintsCest extends Rule protected $sender= 'option'; protected $origRule= 'set fingerprints "/etc/pf.os" # Test'; - protected $expectedDispOrigRule= 'fingerprints: /etc/pf.os Test e u d x'; + protected $expectedDispOrigRule= 'fingerprints: /etc/pf.os Test'; protected $modifiedRule= 'set fingerprints "/etc/pf.os1" # Test1'; - protected $expectedDispModifiedRule= 'fingerprints: /etc/pf.os1 Test1 e u d x'; + protected $expectedDispModifiedRule= 'fingerprints: /etc/pf.os1 Test1'; function __construct() { diff --git a/tests/codeception/acceptance/pf/lib/OptionHostidCest.php b/tests/codeception/acceptance/pf/lib/OptionHostidCest.php index e170d38..a6473f8 100644 --- a/tests/codeception/acceptance/pf/lib/OptionHostidCest.php +++ b/tests/codeception/acceptance/pf/lib/OptionHostidCest.php @@ -28,10 +28,10 @@ class OptionHostidCest extends Rule protected $sender= 'option'; protected $origRule= 'set hostid 1 # Test'; - protected $expectedDispOrigRule= 'hostid: 1 Test e u d x'; + protected $expectedDispOrigRule= 'hostid: 1 Test'; protected $modifiedRule= 'set hostid 2 # Test1'; - protected $expectedDispModifiedRule= 'hostid: 2 Test1 e u d x'; + protected $expectedDispModifiedRule= 'hostid: 2 Test1'; function __construct() { diff --git a/tests/codeception/acceptance/pf/lib/OptionLoginterfaceCest.php b/tests/codeception/acceptance/pf/lib/OptionLoginterfaceCest.php index 6955e5e..6c5bf11 100644 --- a/tests/codeception/acceptance/pf/lib/OptionLoginterfaceCest.php +++ b/tests/codeception/acceptance/pf/lib/OptionLoginterfaceCest.php @@ -28,10 +28,10 @@ class OptionLoginterfaceCest extends Rule protected $sender= 'option'; protected $origRule= 'set loginterface em0 # Test'; - protected $expectedDispOrigRule= 'loginterface: em0 Test e u d x'; + protected $expectedDispOrigRule= 'loginterface: em0 Test'; protected $modifiedRule= 'set loginterface em1 # Test1'; - protected $expectedDispModifiedRule= 'loginterface: em1 Test1 e u d x'; + protected $expectedDispModifiedRule= 'loginterface: em1 Test1'; function __construct() { diff --git a/tests/codeception/acceptance/pf/lib/OptionOptimizationCest.php b/tests/codeception/acceptance/pf/lib/OptionOptimizationCest.php index 8aa3e9d..f1857aa 100644 --- a/tests/codeception/acceptance/pf/lib/OptionOptimizationCest.php +++ b/tests/codeception/acceptance/pf/lib/OptionOptimizationCest.php @@ -28,10 +28,10 @@ class OptionOptimizationCest extends Rule protected $sender= 'option'; protected $origRule= 'set optimization normal # Test'; - protected $expectedDispOrigRule= 'optimization: normal Test e u d x'; + protected $expectedDispOrigRule= 'optimization: normal Test'; protected $modifiedRule= 'set optimization high-latency # Test1'; - protected $expectedDispModifiedRule= 'optimization: high-latency Test1 e u d x'; + protected $expectedDispModifiedRule= 'optimization: high-latency Test1'; function __construct() { diff --git a/tests/codeception/acceptance/pf/lib/OptionReassembleCest.php b/tests/codeception/acceptance/pf/lib/OptionReassembleCest.php index eaa1e9c..820bf44 100644 --- a/tests/codeception/acceptance/pf/lib/OptionReassembleCest.php +++ b/tests/codeception/acceptance/pf/lib/OptionReassembleCest.php @@ -28,10 +28,10 @@ class OptionReassembleCest extends Rule protected $sender= 'option'; protected $origRule= 'set reassemble yes # Test'; - protected $expectedDispOrigRule= 'reassemble: yes Test e u d x'; + protected $expectedDispOrigRule= 'reassemble: yes Test'; protected $modifiedRule= 'set reassemble no no-df # Test1'; - protected $expectedDispModifiedRule= 'reassemble: no no-df Test1 e u d x'; + protected $expectedDispModifiedRule= 'reassemble: no no-df Test1'; function __construct() { diff --git a/tests/codeception/acceptance/pf/lib/OptionRulesetOptimizationCest.php b/tests/codeception/acceptance/pf/lib/OptionRulesetOptimizationCest.php index 553ab97..f969a4b 100644 --- a/tests/codeception/acceptance/pf/lib/OptionRulesetOptimizationCest.php +++ b/tests/codeception/acceptance/pf/lib/OptionRulesetOptimizationCest.php @@ -28,10 +28,10 @@ class OptionRulesetOptimizationCest extends Rule protected $sender= 'option'; protected $origRule= 'set ruleset-optimization none # Test'; - protected $expectedDispOrigRule= 'ruleset-optimization: none Test e u d x'; + protected $expectedDispOrigRule= 'ruleset-optimization: none Test'; protected $modifiedRule= 'set ruleset-optimization basic # Test1'; - protected $expectedDispModifiedRule= 'ruleset-optimization: basic Test1 e u d x'; + protected $expectedDispModifiedRule= 'ruleset-optimization: basic Test1'; function __construct() { diff --git a/tests/codeception/acceptance/pf/lib/OptionSkipCest.php b/tests/codeception/acceptance/pf/lib/OptionSkipCest.php index f182054..d93a26f 100644 --- a/tests/codeception/acceptance/pf/lib/OptionSkipCest.php +++ b/tests/codeception/acceptance/pf/lib/OptionSkipCest.php @@ -28,10 +28,10 @@ class OptionSkipCest extends Rule protected $sender= 'option'; protected $origRule= 'set skip on { lo, em0 } # Test'; - protected $expectedDispOrigRule= 'skip on lo, em0 Test e u d x'; + protected $expectedDispOrigRule= 'skip on lo, em0 Test'; protected $modifiedRule= ' # Test1'; - protected $expectedDispModifiedRule= 'skip on Test1 e u d x'; + protected $expectedDispModifiedRule= 'skip on Test1'; protected function modifyRule(AcceptanceTester $I) { diff --git a/tests/codeception/acceptance/pf/lib/OptionStatePolicyCest.php b/tests/codeception/acceptance/pf/lib/OptionStatePolicyCest.php index 05b85a1..1797433 100644 --- a/tests/codeception/acceptance/pf/lib/OptionStatePolicyCest.php +++ b/tests/codeception/acceptance/pf/lib/OptionStatePolicyCest.php @@ -28,10 +28,10 @@ class OptionStatePolicyCest extends Rule protected $sender= 'option'; protected $origRule= 'set state-policy if-bound # Test'; - protected $expectedDispOrigRule= 'state-policy: if-bound Test e u d x'; + protected $expectedDispOrigRule= 'state-policy: if-bound Test'; protected $modifiedRule= 'set state-policy floating # Test1'; - protected $expectedDispModifiedRule= 'state-policy: floating Test1 e u d x'; + protected $expectedDispModifiedRule= 'state-policy: floating Test1'; function __construct() { diff --git a/tests/codeception/acceptance/pf/lib/OptionSyncookiesCest.php b/tests/codeception/acceptance/pf/lib/OptionSyncookiesCest.php index 3e20176..5c521a0 100644 --- a/tests/codeception/acceptance/pf/lib/OptionSyncookiesCest.php +++ b/tests/codeception/acceptance/pf/lib/OptionSyncookiesCest.php @@ -28,10 +28,10 @@ class OptionSyncookiesCest extends Rule protected $sender= 'option'; protected $origRule= 'set syncookies adaptive (start 25%, end 12%) # Test'; - protected $expectedDispOrigRule= 'syncookies: adaptive (start 25%, end 12%) Test e u d x'; + protected $expectedDispOrigRule= 'syncookies: adaptive (start 25%, end 12%) Test'; protected $modifiedRule= 'set syncookies always # Test1'; - protected $expectedDispModifiedRule= 'syncookies: always Test1 e u d x'; + protected $expectedDispModifiedRule= 'syncookies: always Test1'; function __construct() { diff --git a/tests/codeception/acceptance/pf/lib/QueueCest.php b/tests/codeception/acceptance/pf/lib/QueueCest.php index d829a04..d06efca 100644 --- a/tests/codeception/acceptance/pf/lib/QueueCest.php +++ b/tests/codeception/acceptance/pf/lib/QueueCest.php @@ -40,12 +40,12 @@ class QueueCest extends Rule time: 10ms 1024 1 100 -default Test e u d x'; +default Test'; protected $modifiedRule= 'queue test1 # Test1'; /// @todo Check why we have a new line after test1 protected $expectedDispModifiedRule= 'test1 -Test1 e u d x'; +Test1'; protected function modifyRule(AcceptanceTester $I) { diff --git a/tests/codeception/acceptance/pf/lib/RdrToCest.php b/tests/codeception/acceptance/pf/lib/RdrToCest.php index 372e571..0e4ee02 100644 --- a/tests/codeception/acceptance/pf/lib/RdrToCest.php +++ b/tests/codeception/acceptance/pf/lib/RdrToCest.php @@ -34,7 +34,7 @@ class RdrToCest extends Rule 192.168.0.1 ssh 2222 192.168.0.2 ssh 192.168.0.1 ssh -Test e u d x'; +Test'; protected $modifiedRule= 'match out from { 192.168.0.1, 1.1.1.1 } to port { ssh, 1111 } rdr-to { 192.168.0.1, 1.1.1.1 } # Test1'; protected $expectedDispModifiedRule= 'match out @@ -44,7 +44,7 @@ class RdrToCest extends Rule 1111 192.168.0.1 1.1.1.1 -Test1 e u d x'; +Test1'; function __construct() { diff --git a/tests/codeception/acceptance/pf/lib/RouteCest.php b/tests/codeception/acceptance/pf/lib/RouteCest.php index ada756b..180b49b 100644 --- a/tests/codeception/acceptance/pf/lib/RouteCest.php +++ b/tests/codeception/acceptance/pf/lib/RouteCest.php @@ -36,7 +36,7 @@ class RouteCest extends Rule 192.168.0.2 ssh route-to 192.168.0.1 192.168.0.2 -Test e u d x'; +Test'; protected $modifiedRule= 'match out from { 192.168.0.1, 1.1.1.1 } to port { ssh, 1111 } dup-to 192.168.0.1 # Test1'; protected $expectedDispModifiedRule= 'match out @@ -45,7 +45,7 @@ class RouteCest extends Rule ssh 1111 dup-to -192.168.0.1 Test1 e u d x'; +192.168.0.1 Test1'; function __construct() { diff --git a/tests/codeception/acceptance/pf/lib/Rule.php b/tests/codeception/acceptance/pf/lib/Rule.php index 7651417..4739002 100644 --- a/tests/codeception/acceptance/pf/lib/Rule.php +++ b/tests/codeception/acceptance/pf/lib/Rule.php @@ -163,10 +163,10 @@ public function testDisplay(AcceptanceTester $I, Codeception\Test\Unit $tester) $actualDisp = $I->grabTextFrom(\Codeception\Util\Locator::find('tr', ['title' => $this->trTitle])); $tester->assertEquals($this->expectedDispOrigRule, $actualDisp); - $I->seeLink('e', $this->eLink); - $I->seeLink('u', $this->uLink); - $I->seeLink('d', $this->dLink); - $I->seeLink('x', $this->xLink); + $I->seeLink('', $this->eLink); + $I->seeLink('', $this->uLink); + $I->seeLink('', $this->dLink); + $I->seeLink('', $this->xLink); } /** @@ -200,7 +200,7 @@ protected function gotoEditPage(AcceptanceTester $I) //$I->click(['xpath' => '//a[contains(@href, "rulenumber=' . $this->ruleNumber . '")]']); //$I->click('//a[contains(@href, "rulenumber=' . $this->ruleNumber . '")]'); - $I->seeLink('e', 'http://pfre/pf/conf.editor.php?sender=' . $this->sender . '&rulenumber=' . $this->ruleNumber); + $I->seeLink('', 'http://pfre/pf/conf.editor.php?sender=' . $this->sender . '&rulenumber=' . $this->ruleNumber); $I->click(\Codeception\Util\Locator::href('conf.editor.php?sender=' . $this->sender . '&rulenumber=' . $this->ruleNumber)); $I->wait(STALE_ELEMENT_INTERVAL); @@ -285,10 +285,10 @@ public function testDisplayModifiedWithErrorsForced(AcceptanceTester $I, Codecep $display = $I->grabTextFrom(\Codeception\Util\Locator::find('tr', ['title' => $this->trTitle])); $tester->assertEquals($this->expectedDispModifiedRule, $display); - $I->seeLink('e', $this->eLink); - $I->seeLink('u', $this->uLink); - $I->seeLink('d', $this->dLink); - $I->seeLink('x', $this->xLink); + $I->seeLink('', $this->eLink); + $I->seeLink('', $this->uLink); + $I->seeLink('', $this->dLink); + $I->seeLink('', $this->xLink); } /** diff --git a/tests/codeception/acceptance/pf/lib/ScrubCest.php b/tests/codeception/acceptance/pf/lib/ScrubCest.php index 85aeb8e..f2df211 100644 --- a/tests/codeception/acceptance/pf/lib/ScrubCest.php +++ b/tests/codeception/acceptance/pf/lib/ScrubCest.php @@ -38,7 +38,7 @@ class ScrubCest extends Rule no-df random-id reassemble tcp -Test e u d x'; +Test'; protected $modifiedRule= 'match out from { 192.168.0.1, 1.1.1.1 } to port { ssh, 1111 } scrub # Test1'; protected $expectedDispModifiedRule= 'match out @@ -46,7 +46,7 @@ class ScrubCest extends Rule 1.1.1.1 ssh 1111 -Test1 e u d x'; +Test1'; function __construct() { diff --git a/tests/codeception/acceptance/pf/lib/StateCest.php b/tests/codeception/acceptance/pf/lib/StateCest.php index 8b7d1d5..25d0acf 100644 --- a/tests/codeception/acceptance/pf/lib/StateCest.php +++ b/tests/codeception/acceptance/pf/lib/StateCest.php @@ -28,10 +28,10 @@ class StateCest extends Rule protected $sender= 'state'; protected $origRule= 'set state-defaults max 1, max-src-states 2, max-src-nodes 3, max-src-conn 4, max-src-conn-rate 5/5, sloppy, no-sync, pflow, if-bound, overload flush global, source-track rule, frag 1, interval 2, src.track 3, tcp.first 4, tcp.opening 5, tcp.established 6, tcp.closing 7, tcp.finwait 8, tcp.closed 9, udp.first 10, udp.single 11, udp.multiple 12, icmp.first 13, icmp.error 14, other.first 15, other.single 16, other.multiple 17, adaptive.start 18, adaptive.end 19 # Test'; - protected $expectedDispOrigRule= 'max: 1, max-src-states: 2, max-src-nodes: 3, max-src-conn: 4, max-src-conn-rate: 5/5, sloppy, no-sync, pflow, if-bound, overload: flush global, source-track rule, frag: 1, interval: 2, src.track: 3, tcp.first: 4, tcp.opening: 5, tcp.established: 6, tcp.closing: 7, tcp.finwait: 8, tcp.closed: 9, udp.first: 10, udp.single: 11, udp.multiple: 12, icmp.first: 13, icmp.error: 14, other.first: 15, other.single: 16, other.multiple: 17, adaptive.start: 18, adaptive.end: 19 Test e u d x'; + protected $expectedDispOrigRule= 'max: 1, max-src-states: 2, max-src-nodes: 3, max-src-conn: 4, max-src-conn-rate: 5/5, sloppy, no-sync, pflow, if-bound, overload: flush global, source-track rule, frag: 1, interval: 2, src.track: 3, tcp.first: 4, tcp.opening: 5, tcp.established: 6, tcp.closing: 7, tcp.finwait: 8, tcp.closed: 9, udp.first: 10, udp.single: 11, udp.multiple: 12, icmp.first: 13, icmp.error: 14, other.first: 15, other.single: 16, other.multiple: 17, adaptive.start: 18, adaptive.end: 19 Test'; protected $modifiedRule= 'set state-defaults frag 1, interval 2 # Test1'; - protected $expectedDispModifiedRule= 'frag: 1, interval: 2 Test1 e u d x'; + protected $expectedDispModifiedRule= 'frag: 1, interval: 2 Test1'; protected function modifyRule(AcceptanceTester $I) { diff --git a/tests/codeception/acceptance/pf/lib/TableCest.php b/tests/codeception/acceptance/pf/lib/TableCest.php index ce774a3..011e5bb 100644 --- a/tests/codeception/acceptance/pf/lib/TableCest.php +++ b/tests/codeception/acceptance/pf/lib/TableCest.php @@ -32,7 +32,7 @@ class TableCest extends Rule 192.168.0.2 file "/etc/pf.restrictedips1" file "/etc/pf.restrictedips2" -Test e u d x'; +Test'; protected $modifiedRule= 'table file "/etc/pf.restrictedips1" file "/etc/pf.restrictedips2" file "/etc/pf.restrictedips3" { 192.168.0.1, 192.168.0.2, 1.1.1.1 } # Test1'; protected $expectedDispModifiedRule= 'test1 192.168.0.1 @@ -41,7 +41,7 @@ class TableCest extends Rule file "/etc/pf.restrictedips1" file "/etc/pf.restrictedips2" file "/etc/pf.restrictedips3" -Test1 e u d x'; +Test1'; protected function modifyRule(AcceptanceTester $I) { diff --git a/tests/codeception/acceptance/pf/lib/TimeoutCest.php b/tests/codeception/acceptance/pf/lib/TimeoutCest.php index 0a58562..ff578f2 100644 --- a/tests/codeception/acceptance/pf/lib/TimeoutCest.php +++ b/tests/codeception/acceptance/pf/lib/TimeoutCest.php @@ -28,10 +28,10 @@ class TimeoutCest extends Rule protected $sender= 'timeout'; protected $origRule= 'set timeout { frag 1, interval 2, src.track 3, tcp.first 4, tcp.opening 5, tcp.established 6, tcp.closing 7, tcp.finwait 8, tcp.closed 9, udp.first 10, udp.single 11, udp.multiple 12, icmp.first 13, icmp.error 14, other.first 15, other.single 16, other.multiple 17, adaptive.start 18, adaptive.end 19 } # Test'; - protected $expectedDispOrigRule= 'frag: 1, interval: 2, src.track: 3, tcp.first: 4, tcp.opening: 5, tcp.established: 6, tcp.closing: 7, tcp.finwait: 8, tcp.closed: 9, udp.first: 10, udp.single: 11, udp.multiple: 12, icmp.first: 13, icmp.error: 14, other.first: 15, other.single: 16, other.multiple: 17, adaptive.start: 18, adaptive.end: 19 Test e u d x'; + protected $expectedDispOrigRule= 'frag: 1, interval: 2, src.track: 3, tcp.first: 4, tcp.opening: 5, tcp.established: 6, tcp.closing: 7, tcp.finwait: 8, tcp.closed: 9, udp.first: 10, udp.single: 11, udp.multiple: 12, icmp.first: 13, icmp.error: 14, other.first: 15, other.single: 16, other.multiple: 17, adaptive.start: 18, adaptive.end: 19 Test'; protected $modifiedRule= ' # Test1'; - protected $expectedDispModifiedRule= 'Test1 e u d x'; + protected $expectedDispModifiedRule= 'Test1'; protected function modifyRule(AcceptanceTester $I) { diff --git a/tests/phpunit/Controller/ctlrTest.php b/tests/phpunit/Controller/ctlrTest.php index 67f2482..de44e50 100644 --- a/tests/phpunit/Controller/ctlrTest.php +++ b/tests/phpunit/Controller/ctlrTest.php @@ -234,13 +234,13 @@ function testSetPfctlTimeout() unlink($file . '.bak'); } - function testGetPfRules() + function testGetRules() { global $TEST_DIR_PATH; $file= $TEST_DIR_PATH . '/etc/pfre/pf.conf'; - $cmdline= "$this->ctlr -t ".escapeshellarg(json_encode(['en_EN', 'GetPfRules', $file, 0, 0], JSON_UNESCAPED_SLASHES)); + $cmdline= "$this->ctlr -t ".escapeshellarg(json_encode(['en_EN', 'GetRules', $file, 0, 0], JSON_UNESCAPED_SLASHES)); exec($cmdline, $outputArray, $retval); @@ -257,11 +257,11 @@ function testGetPfRules() $this->assertJsonStringEqualsJsonString($expected, $actual); } - function testGetPfRuleFiles() + function testGetRuleFiles() { global $TEST_DIR_PATH; - $cmdline= "$this->ctlr -t ".escapeshellarg(json_encode(['en_EN', 'GetPfRuleFiles'], JSON_UNESCAPED_SLASHES)); + $cmdline= "$this->ctlr -t ".escapeshellarg(json_encode(['en_EN', 'GetRuleFiles'], JSON_UNESCAPED_SLASHES)); exec($cmdline, $outputArray, $retval); @@ -280,7 +280,7 @@ function testGetPfRuleFiles() $this->assertEquals($expected, $actual); } - function testDeletePfRuleFile() + function testDeleteRuleFile() { global $TEST_DIR_PATH; @@ -294,7 +294,7 @@ function testDeletePfRuleFile() $this->assertFileExists($file); - $cmdline= "$this->ctlr -t ".escapeshellarg(json_encode(['en_EN', 'DeletePfRuleFile', $file], JSON_UNESCAPED_SLASHES)); + $cmdline= "$this->ctlr -t ".escapeshellarg(json_encode(['en_EN', 'DeleteRuleFile', $file], JSON_UNESCAPED_SLASHES)); exec($cmdline, $outputArray, $retval); @@ -302,7 +302,7 @@ function testDeletePfRuleFile() $this->assertFileNotExists($file); } - function testInstallPfRulesInstallConf() + function testInstallRulesInstallConf() { global $TEST_DIR_PATH; @@ -321,7 +321,7 @@ function testInstallPfRulesInstallConf() $this->assertFileNotExists($destFile); $json= json_encode($ruleSet->rules); - $cmdline= "$this->ctlr -t ".escapeshellarg(json_encode(['en_EN', 'InstallPfRules', $json, $destFile, 0], JSON_UNESCAPED_SLASHES)); + $cmdline= "$this->ctlr -t ".escapeshellarg(json_encode(['en_EN', 'InstallRules', $json, $destFile, 0], JSON_UNESCAPED_SLASHES)); exec($cmdline, $outputArray, $retval); @@ -333,7 +333,7 @@ function testInstallPfRulesInstallConf() unlink($destFile); } - function testGeneratePfRule() + function testGenerateRule() { global $TEST_PATH; @@ -347,7 +347,7 @@ function testGeneratePfRule() ); $json= json_encode($ruleDef); - $cmdline= "$this->ctlr -t ".escapeshellarg(json_encode(['en_EN', 'GeneratePfRule', $json, 0], JSON_UNESCAPED_SLASHES)); + $cmdline= "$this->ctlr -t ".escapeshellarg(json_encode(['en_EN', 'GenerateRule', $json, 0], JSON_UNESCAPED_SLASHES)); exec($cmdline, $outputArray, $retval); @@ -358,7 +358,7 @@ function testGeneratePfRule() $this->assertEquals($test->out, $actual); } - function testGeneratePfRules() + function testGenerateRules() { global $TEST_PATH; @@ -372,7 +372,7 @@ function testGeneratePfRules() ); $json= json_encode($rulesArray); - $cmdline= "$this->ctlr -t ".escapeshellarg(json_encode(['en_EN', 'GeneratePfRules', $json], JSON_UNESCAPED_SLASHES)); + $cmdline= "$this->ctlr -t ".escapeshellarg(json_encode(['en_EN', 'GenerateRules', $json], JSON_UNESCAPED_SLASHES)); exec($cmdline, $outputArray, $retval); @@ -383,7 +383,7 @@ function testGeneratePfRules() $this->assertEquals($test->out, $actual); } - function testGeneratePfRulesLines() + function testGenerateRulesLines() { global $TEST_PATH; @@ -397,7 +397,7 @@ function testGeneratePfRulesLines() ); $json= json_encode($rulesArray); - $cmdline= "$this->ctlr -t ".escapeshellarg(json_encode(['en_EN', 'GeneratePfRules', $json, 1], JSON_UNESCAPED_SLASHES)); + $cmdline= "$this->ctlr -t ".escapeshellarg(json_encode(['en_EN', 'GenerateRules', $json, 1], JSON_UNESCAPED_SLASHES)); exec($cmdline, $outputArray, $retval); diff --git a/tests/phpunit/Model/pfTest.php b/tests/phpunit/Model/pfTest.php index 5af67d8..b32b3f9 100644 --- a/tests/phpunit/Model/pfTest.php +++ b/tests/phpunit/Model/pfTest.php @@ -29,13 +29,13 @@ class pfTest extends \PHPUnit_Framework_TestCase { - function testGetPfRules() + function testGetRules() { global $TEST_DIR_PATH, $Output; $pf= new \Pf(); $Output= ''; - $result= $pf->GetPfRules('/etc/pfre/pf.conf'); + $result= $pf->GetRules('/etc/pfre/pf.conf'); $ruleStr= file_get_contents($TEST_DIR_PATH . '/etc/pfre/pf.conf'); $ruleSet= new RuleSet(); @@ -48,13 +48,13 @@ function testGetPfRules() $this->assertJsonStringEqualsJsonString($expected, $actual); } - function testGetPfRulesTmpFile() + function testGetRulesTmpFile() { global $TEST_DIR_PATH, $Output; $pf= new \Pf(); $Output= ''; - $result= $pf->GetPfRules('/tmp/tmp.conf', TRUE); + $result= $pf->GetRules('/tmp/tmp.conf', TRUE); $ruleStr= file_get_contents($TEST_DIR_PATH . '/tmp/tmp.conf'); $ruleSet= new RuleSet(); @@ -67,13 +67,13 @@ function testGetPfRulesTmpFile() $this->assertJsonStringEqualsJsonString($expected, $actual); } - function testGetPfRulesTmpFileNoTmpArg() + function testGetRulesTmpFileNoTmpArg() { global $TEST_DIR_PATH, $Output; $pf= new \Pf(); $Output= ''; - $result= $pf->GetPfRules('/tmp/tmp.conf'); + $result= $pf->GetRules('/tmp/tmp.conf'); $expected= ''; $actual= $Output; @@ -82,13 +82,13 @@ function testGetPfRulesTmpFileNoTmpArg() $this->assertEquals($expected, $actual); } - function testGetPfRulesNonExistentFile() + function testGetRulesNonExistentFile() { global $TEST_DIR_PATH, $Output; $pf= new \Pf(); $Output= ''; - $result= $pf->GetPfRules('/etc/pfre/none.conf'); + $result= $pf->GetRules('/etc/pfre/none.conf'); $expected= ''; $actual= $Output; @@ -97,13 +97,13 @@ function testGetPfRulesNonExistentFile() $this->assertEquals($expected, $actual); } - function testGetPfRulesInvalidFilename() + function testGetRulesInvalidFilename() { global $TEST_DIR_PATH, $Output; $pf= new \Pf(); $Output= ''; - $result= $pf->GetPfRules('/etc/pfre/pf$.conf'); + $result= $pf->GetRules('/etc/pfre/pf$.conf'); $expected= ''; $actual= $Output; @@ -112,13 +112,13 @@ function testGetPfRulesInvalidFilename() $this->assertEquals($expected, $actual); } - function testGetPfRulesInvalidLocation() + function testGetRulesInvalidLocation() { global $TEST_DIR_PATH, $Output; $pf= new \Pf(); $Output= ''; - $result= $pf->GetPfRules('/etc/invalid.conf'); + $result= $pf->GetRules('/etc/invalid.conf'); $expected= ''; $actual= $Output; @@ -127,13 +127,13 @@ function testGetPfRulesInvalidLocation() $this->assertEquals($expected, $actual); } - function testGetPfRuleFiles() + function testGetRuleFiles() { global $TEST_DIR_PATH, $Output; $pf= new \Pf(); $Output= ''; - $pf->GetPfRuleFiles(); + $pf->GetRuleFiles(); exec("ls -1 $TEST_DIR_PATH/etc/pfre/", $output); @@ -143,7 +143,7 @@ function testGetPfRuleFiles() $this->assertEquals($expected, $actual); } - function testDeletePfRuleFile() + function testDeleteRuleFile() { global $TEST_DIR_PATH; @@ -158,13 +158,13 @@ function testDeletePfRuleFile() $this->assertFileExists($file); $pf= new \Pf(); - $result= $pf->DeletePfRuleFile($file); + $result= $pf->DeleteRuleFile($file); $this->assertTrue($result); $this->assertFileNotExists($file); } - function testDeletePfRuleFileNonExistentFile() + function testDeleteRuleFileNonExistentFile() { global $TEST_DIR_PATH; @@ -177,13 +177,13 @@ function testDeletePfRuleFileNonExistentFile() $this->assertFileNotExists($file); $pf= new \Pf(); - $result= $pf->DeletePfRuleFile($file); + $result= $pf->DeleteRuleFile($file); $this->assertFalse($result); $this->assertFileNotExists($file); } - function testDeletePfRuleFileInvalidFilename() + function testDeleteRuleFileInvalidFilename() { global $TEST_DIR_PATH; @@ -192,13 +192,13 @@ function testDeletePfRuleFileInvalidFilename() $this->assertFileExists($file); $pf= new \Pf(); - $result= $pf->DeletePfRuleFile('pf$.conf'); + $result= $pf->DeleteRuleFile('pf$.conf'); $this->assertFalse($result); $this->assertFileExists($file); } - function testInstallPfRules() + function testInstallRules() { global $TEST_DIR_PATH; @@ -217,7 +217,7 @@ function testInstallPfRules() $this->assertFileNotExists($destFile); $pf= new \Pf(); - $result= $pf->InstallPfRules(json_encode($ruleSet->rules), NULL, FALSE); + $result= $pf->InstallRules(json_encode($ruleSet->rules), NULL, FALSE); $this->assertTrue($result); $this->assertFileExists($destFile); @@ -226,7 +226,7 @@ function testInstallPfRules() unlink($destFile); } - function testInstallPfRulesInstallConf() + function testInstallRulesInstallConf() { global $TEST_DIR_PATH; @@ -245,7 +245,7 @@ function testInstallPfRulesInstallConf() $this->assertFileNotExists($destFile); $pf= new \Pf(); - $result= $pf->InstallPfRules(json_encode($ruleSet->rules), $destFile, FALSE); + $result= $pf->InstallRules(json_encode($ruleSet->rules), $destFile, FALSE); $this->assertTrue($result); $this->assertFileExists($destFile); @@ -276,7 +276,7 @@ function testValidateFilenameInvalid() $this->assertEquals('pf$.conf', $filename); } - function testGeneratePfRule() + function testGenerateRule() { global $TEST_PATH, $Output; @@ -291,13 +291,13 @@ function testGeneratePfRule() $pf= new \Pf(); $Output= ''; - $result= $pf->GeneratePfRule(json_encode($ruleDef), 0); + $result= $pf->GenerateRule(json_encode($ruleDef), 0); $this->assertTrue($result); $this->assertEquals($test->out, $Output); } - function testGeneratePfRules() + function testGenerateRules() { global $TEST_PATH, $Output; @@ -312,13 +312,13 @@ function testGeneratePfRules() $pf= new \Pf(); $Output= ''; - $result= $pf->GeneratePfRules(json_encode($rulesArray)); + $result= $pf->GenerateRules(json_encode($rulesArray)); $this->assertTrue($result); $this->assertEquals($test->out, $Output); } - function testGeneratePfRulesLines() + function testGenerateRulesLines() { global $TEST_PATH, $Output; @@ -333,7 +333,7 @@ function testGeneratePfRulesLines() $pf= new \Pf(); $Output= ''; - $result= $pf->GeneratePfRules(json_encode($rulesArray), TRUE); + $result= $pf->GenerateRules(json_encode($rulesArray), TRUE); $this->assertTrue($result); $this->assertEquals(' 0: ' . $test->out . " 1: \n", $Output); diff --git a/tests/phpunit/Model/validateTest.php b/tests/phpunit/Model/validateTest.php index c0e2840..646ae36 100644 --- a/tests/phpunit/Model/validateTest.php +++ b/tests/phpunit/Model/validateTest.php @@ -883,10 +883,10 @@ function testCOMMENT() { RE_COMMENT, array( '', - str_repeat('0', 1000), + str_repeat('0', 2000), ), array( - str_repeat('0', 1001), + str_repeat('0', 2001), ), FALSE, FALSE