Create a function to generate aliases and nested aliases. This will translate all network and hosts aliases in tables and there will be no more ugly tricks in the code. While here fix the bug that aliases can generate a line longer than 4096 characters that is not supported by pf(4). The new functionality supports alias nesting for network and host type of aliases but the gui needs improvemnet on this.

author: Ermal Luçi <eri@pfsense.org> 2009-07-22 18:23:29 +0000
committer: Ermal Luçi <eri@pfsense.org> 2009-07-22 18:25:05 +0000
commit: 7258e0355dc9a8c90a9dc3ec9cfcec462a131c90 (patch)
tree: 31d913d4382348284d6f04de2e0b686622c549a2 /etc
parent: fb265ec09cd7931e2331387abe9903a21ece4daa (diff)
download: pfsense-7258e0355dc9a8c90a9dc3ec9cfcec462a131c90.zip
pfsense-7258e0355dc9a8c90a9dc3ec9cfcec462a131c90.tar.gz
1 files changed, 30 insertions, 36 deletions
diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 02e65dc..d93d857 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -356,15 +356,33 @@ function filter_generate_scrubing()
 	return $scrubrules;
 }
 
+function filter_generate_nested_alias($alias) {
+	global $aliastable;
+	
+	$addresses = split(" ", $alias);
+	$finallist = "";
+	foreach ($addresses as $address) {
+		$linelength = strlen($finallist);
+		if (isset($aliastable[$address]))
+			$tmpline = filter_generate_nested_alias($aliastable[$address]);
+		else
+			$tmpline = " $address";
+		if ((strlen($tmpline)+ $linelength) > 4036)
+			$finallist .= "\n";
+		$finallist .= " {$tmpline}";
+	}
+	return $finallist;
+}
+
 function filter_generate_aliases() {
-	global $config, $FilterIflist;
+	global $config, $FilterIflist, $aliastable;
 	if(isset($config['system']['developerspew'])) {
 		$mt = microtime();
 		echo "filter_generate_aliases() being called $mt\n";
 	}
 	$alias = "#System aliases\n ";
 	$aliases .= "loopback = \"{ lo0 }\"\n";
-	$bridgetracker = 0;
+
 	foreach ($FilterIflist as $if => $ifcfg) {
 		$aliases .= "{$ifcfg['descr']} = \"{ {$ifcfg['if']}";
 		$aliases .= " }\"\n";
@@ -376,7 +394,12 @@ function filter_generate_aliases() {
 			$extraalias = "";
 			$ip = find_interface_ip($aliased['address']);
 			$extraalias = " " . link_ip_to_carp_interface($ip);
-			$aliases .= "{$aliased['name']} = \"{ {$aliased['address']}{$extralias} }\"\n";
+			$addrlist = filter_generate_nested_alias($aliased['address']);
+			if ($aliased['type'] == "host" || $aliased['type'] == "network") {
+				$aliases .= "table <{$aliased['name']}> { {$addrlist}{$extralias} } \n";
+				$aliases .= "{$aliased['name']} = \"<{$aliased['name']}>\"\n";
+			} else 
+				$aliases .= "{$aliased['name']} = \"{ {$aliased['address']}{$extralias} }\"\n";
 		}
 	}
 	$result = "{$alias} \n";
@@ -1070,7 +1093,7 @@ function filter_generate_user_rule_arr($rule)
 
 function filter_generate_address(& $rule, $target = "source") 
 {
-	global $FilterIflist, $table_cache;
+	global $FilterIflist;
 	$src = "";
 
 	if (isset($rule[$target]['any'])) {
@@ -1130,29 +1153,7 @@ function filter_generate_address(& $rule, $target = "source")
                         $not = "!";
                 else
                         $not = "";
-                if (stristr($expsrc, "$")) {
-                        if($not) {
-                                $src = "{";
-                                foreach(preg_split("/[\s]+/", alias_expand_value($rule[$target]['address'])) as $item) {
-                                        if($item != "") {
-                                                $src .= " {$not}{$item}";
-                                        }
-                                }
-                                /* added support for tables */
-                                $src .= " 0/0 }";
-                                $src_table = "<not" . $rule[$target]['address'] . ">";
-                        }
-                        else {
-                                $src = "{ {$not} " . alias_expand_value($rule[$target]['address']) . " } ";
-                                $src_table = "<" . $rule[$target]['address'] . ">";
-                        }
-                        /* support for tables */
-                        $src_table_line = "table $src_table {$src}\n";
-                        $src = $src_table;
-			/* cache entries */
-                       	$table_cache[$src_table] = $src_table_line;
-                } else
-                        $src = "{ {$not} {$expsrc} }";
+		$src = " {$not} {$expsrc}";
         }
 
 	if (in_array($rule['protocol'], array("tcp","udp","tcp/udp"))) {
@@ -1518,7 +1519,7 @@ function filter_generate_user_rule($rule)
 
 function filter_rules_generate() 
 {
-	global $config, $g, $table_cache, $FilterIflist, $time_based_rules;
+	global $config, $g, $FilterIflist, $time_based_rules;
 	
 	update_filter_reload_status("Creating default rules");
 	if(isset($config['system']['developerspew'])) {
@@ -1526,9 +1527,6 @@ function filter_rules_generate()
 		echo "filter_rules_generate() being called $mt\n";
 	}
 
-	if (!is_array($table_cache))
-		$table_cache = array();
-
 	$pptpdcfg = $config['pptpd'];
 	$pppoecfg = $config['pppoe'];
 
@@ -1841,10 +1839,6 @@ EOD;
 		}
 		$rule_arr = array_merge($rule_arr1,$rule_arr2);
 
-		$ipfrules .= "\n# User-defined aliases follow\n";
-		/* tables for aliases */
-		foreach($table_cache as $table)
-			$ipfrules .= $table;
 		$ipfrules .= "\n# User-defined rules follow\n";
 		/* Generate user rule lines */
 		foreach($rule_arr as $rule) {
@@ -2275,4 +2269,4 @@ EOD;
 	return($ipfrules);
 }
 
-?>
-\ No newline at end of file
+?>
author	Ermal Luçi <eri@pfsense.org>	2009-07-22 18:23:29 +0000
committer	Ermal Luçi <eri@pfsense.org>	2009-07-22 18:25:05 +0000
commit	7258e0355dc9a8c90a9dc3ec9cfcec462a131c90 (patch)
tree	31d913d4382348284d6f04de2e0b686622c549a2 /etc
parent	fb265ec09cd7931e2331387abe9903a21ece4daa (diff)
download	pfsense-7258e0355dc9a8c90a9dc3ec9cfcec462a131c90.zip pfsense-7258e0355dc9a8c90a9dc3ec9cfcec462a131c90.tar.gz