From 7258e0355dc9a8c90a9dc3ec9cfcec462a131c90 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ermal=20Lu=E7i?= <eri@pfsense.org>
Date: Wed, 22 Jul 2009 18:23:29 +0000
Subject: Create a function to generate aliases and nested aliases. This will
 translate all network and hosts aliases in tables and there will be no more
 ugly tricks in the code. While here fix the bug that aliases can generate a
 line longer than 4096 characters that is not supported by pf(4). The new
 functionality supports alias nesting for network and host type of aliases but
 the gui needs improvemnet on this.

---
 etc/inc/filter.inc | 66 +++++++++++++++++++++++++-----------------------------
 1 file changed, 30 insertions(+), 36 deletions(-)

(limited to 'etc/inc/filter.inc')

diff --git a/etc/inc/filter.inc b/etc/inc/filter.inc
index 02e65dc..d93d857 100644
--- a/etc/inc/filter.inc
+++ b/etc/inc/filter.inc
@@ -356,15 +356,33 @@ function filter_generate_scrubing()
 	return $scrubrules;
 }
 
+function filter_generate_nested_alias($alias) {
+	global $aliastable;
+	
+	$addresses = split(" ", $alias);
+	$finallist = "";
+	foreach ($addresses as $address) {
+		$linelength = strlen($finallist);
+		if (isset($aliastable[$address]))
+			$tmpline = filter_generate_nested_alias($aliastable[$address]);
+		else
+			$tmpline = " $address";
+		if ((strlen($tmpline)+ $linelength) > 4036)
+			$finallist .= "\n";
+		$finallist .= " {$tmpline}";
+	}
+	return $finallist;
+}
+
 function filter_generate_aliases() {
-	global $config, $FilterIflist;
+	global $config, $FilterIflist, $aliastable;
 	if(isset($config['system']['developerspew'])) {
 		$mt = microtime();
 		echo "filter_generate_aliases() being called $mt\n";
 	}
 	$alias = "#System aliases\n ";
 	$aliases .= "loopback = \"{ lo0 }\"\n";
-	$bridgetracker = 0;
+
 	foreach ($FilterIflist as $if => $ifcfg) {
 		$aliases .= "{$ifcfg['descr']} = \"{ {$ifcfg['if']}";
 		$aliases .= " }\"\n";
@@ -376,7 +394,12 @@ function filter_generate_aliases() {
 			$extraalias = "";
 			$ip = find_interface_ip($aliased['address']);
 			$extraalias = " " . link_ip_to_carp_interface($ip);
-			$aliases .= "{$aliased['name']} = \"{ {$aliased['address']}{$extralias} }\"\n";
+			$addrlist = filter_generate_nested_alias($aliased['address']);
+			if ($aliased['type'] == "host" || $aliased['type'] == "network") {
+				$aliases .= "table <{$aliased['name']}> { {$addrlist}{$extralias} } \n";
+				$aliases .= "{$aliased['name']} = \"<{$aliased['name']}>\"\n";
+			} else 
+				$aliases .= "{$aliased['name']} = \"{ {$aliased['address']}{$extralias} }\"\n";
 		}
 	}
 	$result = "{$alias} \n";
@@ -1070,7 +1093,7 @@ function filter_generate_user_rule_arr($rule)
 
 function filter_generate_address(& $rule, $target = "source") 
 {
-	global $FilterIflist, $table_cache;
+	global $FilterIflist;
 	$src = "";
 
 	if (isset($rule[$target]['any'])) {
@@ -1130,29 +1153,7 @@ function filter_generate_address(& $rule, $target = "source")
                         $not = "!";
                 else
                         $not = "";
-                if (stristr($expsrc, "$")) {
-                        if($not) {
-                                $src = "{";
-                                foreach(preg_split("/[\s]+/", alias_expand_value($rule[$target]['address'])) as $item) {
-                                        if($item != "") {
-                                                $src .= " {$not}{$item}";
-                                        }
-                                }
-                                /* added support for tables */
-                                $src .= " 0/0 }";
-                                $src_table = "<not" . $rule[$target]['address'] . ">";
-                        }
-                        else {
-                                $src = "{ {$not} " . alias_expand_value($rule[$target]['address']) . " } ";
-                                $src_table = "<" . $rule[$target]['address'] . ">";
-                        }
-                        /* support for tables */
-                        $src_table_line = "table $src_table {$src}\n";
-                        $src = $src_table;
-			/* cache entries */
-                       	$table_cache[$src_table] = $src_table_line;
-                } else
-                        $src = "{ {$not} {$expsrc} }";
+		$src = " {$not} {$expsrc}";
         }
 
 	if (in_array($rule['protocol'], array("tcp","udp","tcp/udp"))) {
@@ -1518,7 +1519,7 @@ function filter_generate_user_rule($rule)
 
 function filter_rules_generate() 
 {
-	global $config, $g, $table_cache, $FilterIflist, $time_based_rules;
+	global $config, $g, $FilterIflist, $time_based_rules;
 	
 	update_filter_reload_status("Creating default rules");
 	if(isset($config['system']['developerspew'])) {
@@ -1526,9 +1527,6 @@ function filter_rules_generate()
 		echo "filter_rules_generate() being called $mt\n";
 	}
 
-	if (!is_array($table_cache))
-		$table_cache = array();
-
 	$pptpdcfg = $config['pptpd'];
 	$pppoecfg = $config['pppoe'];
 
@@ -1841,10 +1839,6 @@ EOD;
 		}
 		$rule_arr = array_merge($rule_arr1,$rule_arr2);
 
-		$ipfrules .= "\n# User-defined aliases follow\n";
-		/* tables for aliases */
-		foreach($table_cache as $table)
-			$ipfrules .= $table;
 		$ipfrules .= "\n# User-defined rules follow\n";
 		/* Generate user rule lines */
 		foreach($rule_arr as $rule) {
@@ -2275,4 +2269,4 @@ EOD;
 	return($ipfrules);
 }
 
-?>
\ No newline at end of file
+?>
-- 
cgit v1.1