Fixed debian warnings, added multiple interface support
authorMichael Schwarz <mschwar2@math.uni-paderborn.de>
Tue, 15 Jan 2013 15:30:47 +0000 (16:30 +0100)
committerMichael Schwarz <mschwar2@math.uni-paderborn.de>
Tue, 15 Jan 2013 15:30:47 +0000 (16:30 +0100)
debian/changelog
debian/compat
debian/source/format [new file with mode: 0644]
perl5/Alff/Config.pm
perl5/Alff/Service.pm
share/plugins/plugin.d/classifyInterVlanTraffic
share/plugins/plugin.d/create_traffic_log_rules

index dfab290..a5437c4 100644 (file)
@@ -1,3 +1,16 @@
+alff (0.0.6-1) unstable; urgency=low
+
+  * added support for multiple interfaces at one vlan definition
+  * fixed some dpkg warnings
+
+ -- Michael Schwarz <schwarz@upb.de>  Tue, 15 Jan 2013 15:31:23 +0100
+
+alff (0.0.5-2) unstable; urgency=low
+
+  * Adjusted 'classifyInterVlanTraffic' to use new style iptables negotiatons.
+
+ -- Maximilian Wilhelm <mwilhelm@math.uni-paderborn.de>  Wed, 25 Jul 2012 15:27:08 +0200
+
 alff (0.0.5-1) unstable; urgency=low
 
   * Renamed plugins to enforce naming convention:
index b8626c4..7f8f011 100644 (file)
@@ -1 +1 @@
-4
+7
diff --git a/debian/source/format b/debian/source/format
new file mode 100644 (file)
index 0000000..89ae9db
--- /dev/null
@@ -0,0 +1 @@
+3.0 (native)
index 53ee39d..2af2559 100644 (file)
@@ -429,21 +429,25 @@ sub isFilteredVlan($) { # $vlan_id -> {0, 1} {{{
 } # }}}
 
 ##
-# return the interface name for vlan $vlan, "" if unset 
-sub getVlanInterface($) { # $vlan_id -> string  {{{
+# return the interface names for vlan $vlan, "" if unset 
+sub getVlanInterfaces($) { # $vlan_id -> string  {{{
        my $self = shift;
 
        my $vlan_id = shift;
        my $vlan_ref = $self->{config}->{vlan}->{$vlan_id};
 
        # If $vlan_id is not configured, there surely is no interface for it
-       return "" unless ( defined $vlan_ref );
+       return ( undef ) unless ( defined $vlan_ref );
 
        # $vlan_id exists, but <interface> is unset...
-       return "" unless ( exists $vlan_ref->{interface} );
+       return ( undef ) unless ( exists $vlan_ref->{interface} );
        
-       # Ok, <interface> is set, return it.
-       return $vlan_ref->{interface};
+       # Ok, <interface> is set
+       if ( ref( $vlan_ref->{interface} ) ) {
+               return @{$vlan_ref->{interface}};
+       } else {
+               return ( $vlan_ref->{interface} );
+       }
 } #}}}
 
 ##
index 06c2ad1..2ea3945 100644 (file)
@@ -90,16 +90,19 @@ sub allowServiceFromNetworksOfSecurityClass($) { #{{{
                        # Could be multiple networks
                        my @networks = $config->getVlanNetworks( $vlan );
                        # Maybe there is an interface specified
-                       my $interface = $config->getVlanInterface( $vlan );
-
-                       my $chain_rule = "iptables -A FORWARD ";
-                       if ( $interface ) {
-                               $chain_rule .= " -i $interface ";
+                       my @interfaces = $config->getVlanInterfaces( $vlan );
+
+                       foreach my $interface (@interfaces)
+                       {
+                               my $chain_rule = "iptables -A FORWARD ";
+                               if ($interface) {
+                                       $chain_rule .= " -i $interface ";
+                               }
+                               foreach my $network ( @networks ) { 
+                                       $main->write_line( "${chain_rule} -s ${network} -j $chain" );
+                               }
                        }
 
-                       foreach my $network ( @networks ) { 
-                               $main->write_line( "${chain_rule} -s ${network} -j $chain" );
-                       }
                        print ".";
 
                }
index 415b636..1a898ff 100755 (executable)
@@ -48,9 +48,9 @@ sub classifyTrafficFromTo($$) { #{{{
        my $chain = $src_vlan . "_to_" . $dst_vlan;
 
        # Try to get interface names
-       my $src_interface = $config->getVlanInterface( $src_vlan );
-       my $dst_interface = $config->getVlanInterface( $dst_vlan );
-
+       my @src_interfaces = $config->getVlanInterfaces( $src_vlan );
+       my @dst_interfaces = $config->getVlanInterfaces( $dst_vlan );
+       
        # There might be multiple CIDR networks which describe a vlan...
        # It´s no risk to asume this everytime.
        my @src_networks = $config->getVlanNetworks( $src_vlan );
@@ -62,26 +62,40 @@ sub classifyTrafficFromTo($$) { #{{{
        # Not that good runtime(?), but...
        foreach my $src_network ( @src_networks ) {
                foreach my $dst_network ( @dst_networks ) {
-
-                       # Build up the command line
-                       my $commandline = "iptables -A FORWARD -s $src_network ";
-
-                       if ( $config->getOption( "fw_type" ) eq "router" ) {
-                               $commandline .= " -i $src_interface " if ( $src_interface );
-                               $commandline .= " -o $dst_interface " if ( $dst_interface );
-                       }       
-                       elsif( $config->getOption( "fw_type" ) eq "bridge" ) {
-                               if ( $src_interface || $dst_interface ) {
-                                       $commandline .= " -m physdev ";
-                                       $commandline .= " --physdev-in $src_interface " if ( $src_interface );
-                                       $commandline .= " --physdev-out $dst_interface " if ( $dst_interface );
+                       foreach my $dst_interface ( @dst_interfaces ) {
+                               foreach my $src_interface ( @src_interfaces ) {
+
+                                       # Build up the command line
+                                       my $commandline = "iptables -A FORWARD ";
+               
+                                       if ($src_network =~ m/!/) {
+                                                       $src_network =~ s/!//;
+                                                       $commandline .= " ! ";
+                                       }
+                                       $commandline .= " -s $src_network ";
+               
+                                       if ( $config->getOption( "fw_type" ) eq "router" ) {
+                                               $commandline .= " -i $src_interface " if ( $src_interface );
+                                               $commandline .= " -o $dst_interface " if ( $dst_interface );
+                                       }       
+                                       elsif( $config->getOption( "fw_type" ) eq "bridge" ) {
+                                               if ( $src_interface || $dst_interface ) {
+                                                       $commandline .= " -m physdev ";
+                                                       $commandline .= " --physdev-in $src_interface " if ( $src_interface );
+                                                       $commandline .= " --physdev-out $dst_interface " if ( $dst_interface );
+                                               }
+                                               $commandline .= " -m mark --mark $src_vlan ";
+                                       }
+               
+                                       if ($dst_network =~ m/!/) {
+                                               $dst_network =~ s/!//;
+                                               $commandline .= " ! ";
+                                       }
+                                       $commandline .= " -d $dst_network -j $chain";
+               
+                                       $alff->write_line( $commandline );
                                }
-                               $commandline .= " -m mark --mark $src_vlan ";
                        }
-
-                       $commandline .= " -d $dst_network -j $chain";
-
-                       $alff->write_line( $commandline );
                }
        }
 
index 3849587..2deb113 100755 (executable)
@@ -42,10 +42,13 @@ my $interfaces = {};
 #
 # Get list of all known interfaces
 foreach my $vlan ($config->getVlanList ()) {
-       my $interface = $config->getVlanInterface ($vlan);
+       my @ints = $config->getVlanInterfaces ($vlan);
 
-       if ($interface) {
-               $interfaces->{$interface} = 42;
+       foreach my $interface ( @ints )
+       {
+               if ($interface) {
+                       $interfaces->{$interface} = 42;
+               }
        }
 }