rfd163-DEBUG Cdiff src/fw/lib/fw.js

Print this page

Add "log": to fwadm JSON for cfwlog tag.


*** 1084,1093 ****
--- 1084,1103 ----
          opts.targets : [ opts.targets ];
  
      // ipfilter uses /etc/protocols which calls ICMPv6 'ipv6-icmp'
      var ipfProto = (rule.protocol === 'icmp6') ? 'ipv6-icmp' : rule.protocol;
  
+     var readtags = [];
+     if (features.feature[FEATURE_INOUT_UUID]) {
+         if (rule.uuid) {
+             readtags.push(util.format('uuid=%s', rule.uuid));
+         }
+         if (rule.log) {
+             readtags.push('cfwlog');
+         }
+     }
+ 
      var sortObj = {
          action: rule.action,
          direction: dir,
          priority: rule.priority,
          protocol: rule.protocol,
*** 1099,1110 ****
          protoTargets: rule.protoTargets,
          type: opts.type,
          uuid: rule.uuid,
          value: opts.value,
          version: rule.version,
!         uuidTag: (features.feature[FEATURE_INOUT_UUID] && rule.uuid) ?
!             sprintf(' set-tag(uuid=%s)', rule.uuid) : ''
      };
  
      if (opts.type === 'wildcard' && opts.value === 'any') {
          rule.protoTargets.forEach(function (t) {
              var wild = util.format('%s %s quick proto %s from any to any %s',
--- 1109,1120 ----
          protoTargets: rule.protoTargets,
          type: opts.type,
          uuid: rule.uuid,
          value: opts.value,
          version: rule.version,
!         allTags: readtags.length !== 0 ?
!             util.format(' set-tag(%s)', readtags.join(', ')) : ''
      };
  
      if (opts.type === 'wildcard' && opts.value === 'any') {
          rule.protoTargets.forEach(function (t) {
              var wild = util.format('%s %s quick proto %s from any to any %s',
*** 1261,1276 ****
              ''];
          var ipf6Conf = ipf4Conf.slice();
          var iks = hasKey(keepInboundState, vm) ? keepInboundState[vm] : {};
  
          conf[vm].sort(compareRules).forEach(function (sortObj) {
!             assert.string(sortObj.uuidTag, 'sortObj.uuidTag');
              var ktxt = KEEP_FRAGS;
!             if (sortObj.uuidTag !== ''
                  || (sortObj.direction === 'from' && sortObj.action === 'allow')
                  || (sortObj.direction === 'to' && iks[sortObj.protocol])) {
!                 ktxt += KEEP_STATE + sortObj.uuidTag;
              }
  
              if (!hasKey(rulesIncluded, sortObj.uuid)) {
                  rulesIncluded[sortObj.uuid] = [];
              }
--- 1271,1286 ----
              ''];
          var ipf6Conf = ipf4Conf.slice();
          var iks = hasKey(keepInboundState, vm) ? keepInboundState[vm] : {};
  
          conf[vm].sort(compareRules).forEach(function (sortObj) {
!             assert.string(sortObj.allTags, 'sortObj.allTags');
              var ktxt = KEEP_FRAGS;
!             if (sortObj.allTags !== ''
                  || (sortObj.direction === 'from' && sortObj.action === 'allow')
                  || (sortObj.direction === 'to' && iks[sortObj.protocol])) {
!                 ktxt += KEEP_STATE + sortObj.allTags;
              }
  
              if (!hasKey(rulesIncluded, sortObj.uuid)) {
                  rulesIncluded[sortObj.uuid] = [];
              }