forked from osmocom/wireshark
Qt: Firewall Rules dialog.
Add the Firewall ACL Rules dialog. Try showing all valid rules for a given product instead of making the user select from a combobox. We can add the combo back easily enough if that's desired. Add a rule hint field and use it in the Qt and GTK+ UIs. Bug: 12469 Change-Id: I39dd840e9838f96d7c5e2b4c34662811c21d0386 Reviewed-on: https://code.wireshark.org/review/15689 Petri-Dish: Gerald Combs <gerald@wireshark.org> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Gerald Combs <gerald@wireshark.org>
This commit is contained in:
parent
4b216aea94
commit
987ff3ee1b
|
@ -33,6 +33,7 @@ set(COMMON_UI_SRC
|
|||
export_object_tftp.c
|
||||
export_pdu_ui_utils.c
|
||||
help_url.c
|
||||
firewall_rules.c
|
||||
iface_lists.c
|
||||
io_graph_item.c
|
||||
language.c
|
||||
|
|
|
@ -53,6 +53,7 @@ WIRESHARK_UI_SRC = \
|
|||
export_object_smb.c \
|
||||
export_object_tftp.c \
|
||||
export_pdu_ui_utils.c \
|
||||
firewall_rules.c \
|
||||
iface_lists.c \
|
||||
io_graph_item.c \
|
||||
language.c \
|
||||
|
@ -96,6 +97,7 @@ noinst_HEADERS = \
|
|||
file_dialog.h \
|
||||
help_url.h \
|
||||
packet_list_utils.h \
|
||||
firewall_rules.h \
|
||||
iface_lists.h \
|
||||
io_graph_item.h \
|
||||
language.h \
|
||||
|
|
|
@ -0,0 +1,290 @@
|
|||
/* firewall_rules_dlg.c
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
/*
|
||||
* Generate firewall ACL rules based on packet addresses and ports.
|
||||
* For directional rules, an outside interface is assumed.
|
||||
*
|
||||
* There may be better ways to present the information, e.g. all rules
|
||||
* in one huge text window, or some sort of tree view.
|
||||
*/
|
||||
|
||||
/*
|
||||
* To add a new product, add syntax functions modify the products[] array.
|
||||
*
|
||||
* To add a new syntax function, add its prototype above the products[]
|
||||
* array, and add the function below with all the others.
|
||||
*/
|
||||
|
||||
/* Copied from gtk/firewall_rules.c */
|
||||
|
||||
#include "config.h"
|
||||
|
||||
#include <glib.h>
|
||||
|
||||
#include "epan/address.h"
|
||||
|
||||
#include "firewall_rules.h"
|
||||
|
||||
static void sf_ipfw_mac(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_netfilter_mac(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
|
||||
static void sf_ios_std_ipv4(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_ios_ext_ipv4(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_ipfilter_ipv4(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_ipfw_ipv4(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_netfilter_ipv4(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_pf_ipv4(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
/* XXX - Can you addresses-only filters using WFW/netsh? */
|
||||
|
||||
static void sf_ios_ext_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_ipfilter_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_ipfw_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_netfilter_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_pf_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_netsh_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
|
||||
static void sf_ios_ext_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_ipfilter_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_ipfw_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_netfilter_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_pf_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_netsh_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
|
||||
typedef struct _fw_product_t {
|
||||
const char *name;
|
||||
const char *rule_hint;
|
||||
const char *comment_pfx;
|
||||
syntax_func mac_func;
|
||||
syntax_func ipv4_func;
|
||||
syntax_func port_func;
|
||||
syntax_func ipv4_port_func;
|
||||
gboolean does_inbound;
|
||||
} fw_product;
|
||||
|
||||
static fw_product products[] = {
|
||||
{ "Cisco IOS (standard)", "Change NUMBER to a valid ACL number.", "!",
|
||||
NULL, sf_ios_std_ipv4, NULL, NULL, FALSE },
|
||||
{ "Cisco IOS (extended)", "Change NUMBER to a valid ACL number.", "!",
|
||||
NULL, sf_ios_ext_ipv4, sf_ios_ext_port, sf_ios_ext_ipv4_port, TRUE },
|
||||
{ "IP Filter (ipfilter)", "Change le0 to a valid interface.", "#",
|
||||
NULL, sf_ipfilter_ipv4, sf_ipfilter_port, sf_ipfilter_ipv4_port, TRUE },
|
||||
{ "IPFirewall (ipfw)", "", "#",
|
||||
sf_ipfw_mac, sf_ipfw_ipv4, sf_ipfw_port, sf_ipfw_ipv4_port, TRUE },
|
||||
{ "Netfilter (iptables)", "Change eth0 to a valid interface.", "#",
|
||||
sf_netfilter_mac, sf_netfilter_ipv4, sf_netfilter_port,
|
||||
sf_netfilter_ipv4_port, TRUE },
|
||||
{ "Packet Filter (pf)", "$ext_if should be set to a valid interface.", "#",
|
||||
NULL, sf_pf_ipv4, sf_pf_port, sf_pf_ipv4_port, TRUE },
|
||||
{ "Windows Firewall (netsh)", "", "#",
|
||||
NULL, NULL, sf_netsh_port, sf_netsh_ipv4_port, FALSE }
|
||||
};
|
||||
#define NUM_PRODS (sizeof(products) / sizeof(fw_product))
|
||||
|
||||
|
||||
size_t firewall_product_count(void)
|
||||
{
|
||||
return NUM_PRODS;
|
||||
}
|
||||
|
||||
const char *firewall_product_name(size_t product_idx)
|
||||
{
|
||||
if (product_idx >= NUM_PRODS) return "Unknown";
|
||||
return products[product_idx].name;
|
||||
}
|
||||
|
||||
const char *firewall_product_rule_hint(size_t product_idx)
|
||||
{
|
||||
if (product_idx >= NUM_PRODS) return "";
|
||||
return products[product_idx].rule_hint;
|
||||
}
|
||||
|
||||
const char *firewall_product_comment_prefix(size_t product_idx)
|
||||
{
|
||||
if (product_idx >= NUM_PRODS) return "";
|
||||
return products[product_idx].comment_pfx;
|
||||
}
|
||||
|
||||
syntax_func firewall_product_mac_func(size_t product_idx)
|
||||
{
|
||||
if (product_idx >= NUM_PRODS) return NULL;
|
||||
return products[product_idx].mac_func;
|
||||
}
|
||||
|
||||
|
||||
syntax_func firewall_product_ipv4_func(size_t product_idx)
|
||||
{
|
||||
if (product_idx >= NUM_PRODS) return NULL;
|
||||
return products[product_idx].ipv4_func;
|
||||
}
|
||||
|
||||
|
||||
syntax_func firewall_product_port_func(size_t product_idx)
|
||||
{
|
||||
if (product_idx >= NUM_PRODS) return NULL;
|
||||
return products[product_idx].port_func;
|
||||
}
|
||||
|
||||
|
||||
syntax_func firewall_product_ipv4_port_func(size_t product_idx)
|
||||
{
|
||||
if (product_idx >= NUM_PRODS) return NULL;
|
||||
return products[product_idx].ipv4_port_func;
|
||||
}
|
||||
|
||||
gboolean firewall_product_does_inbound(size_t product_idx)
|
||||
{
|
||||
if (product_idx >= NUM_PRODS) return FALSE;
|
||||
return products[product_idx].does_inbound;
|
||||
}
|
||||
|
||||
|
||||
/* MAC */
|
||||
#define IPFW_DENY (deny ? "deny" : "allow")
|
||||
#define IPFW_IN (inbound ? "in" : "out")
|
||||
static void sf_ipfw_mac(GString *rtxt, gchar *addr, guint32 port _U_, port_type ptype _U_, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "add %s MAC %s any %s",
|
||||
IPFW_DENY, addr, IPFW_IN);
|
||||
}
|
||||
|
||||
#define NF_DROP (deny ? "DROP" : "ACCEPT")
|
||||
#define NF_INPUT (inbound ? "INPUT" : "OUTPUT")
|
||||
static void sf_netfilter_mac(GString *rtxt, gchar *addr, guint32 port _U_, port_type ptype _U_, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "iptables -A %s -i eth0 --mac-source %s -j %s",
|
||||
NF_INPUT, addr, NF_DROP);
|
||||
}
|
||||
|
||||
/* IPv4 */
|
||||
#define IOS_DENY (deny ? "deny" : "permit")
|
||||
static void sf_ios_std_ipv4(GString *rtxt, gchar *addr, guint32 port _U_, port_type ptype _U_, gboolean inbound _U_, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "access-list NUMBER %s host %s", IOS_DENY, addr);
|
||||
}
|
||||
|
||||
static void sf_ios_ext_ipv4(GString *rtxt, gchar *addr, guint32 port _U_, port_type ptype _U_, gboolean inbound, gboolean deny) {
|
||||
if (inbound)
|
||||
g_string_append_printf(rtxt, "access-list NUMBER %s ip host %s any", IOS_DENY, addr);
|
||||
else
|
||||
g_string_append_printf(rtxt, "access-list NUMBER %s ip any host %s", IOS_DENY, addr);
|
||||
}
|
||||
|
||||
#define IPFILTER_DENY (deny ? "block" : "pass")
|
||||
#define IPFILTER_IN (inbound ? "in" : "out")
|
||||
static void sf_ipfilter_ipv4(GString *rtxt, gchar *addr, guint32 port _U_, port_type ptype _U_, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "%s %s on le0 from %s to any",
|
||||
IPFILTER_DENY, IPFILTER_IN, addr);
|
||||
}
|
||||
|
||||
static void sf_ipfw_ipv4(GString *rtxt, gchar *addr, guint32 port _U_, port_type ptype _U_, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "add %s ip from %s to any %s",
|
||||
IPFW_DENY, addr, IPFW_IN);
|
||||
}
|
||||
|
||||
static void sf_netfilter_ipv4(GString *rtxt, gchar *addr, guint32 port _U_, port_type ptype _U_, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "iptables -A %s -i eth0 -d %s/32 -j %s",
|
||||
NF_INPUT, addr, NF_DROP);
|
||||
}
|
||||
|
||||
#define PF_DENY (deny ? "block" : "pass")
|
||||
#define PF_IN (inbound ? "in" : "out")
|
||||
static void sf_pf_ipv4(GString *rtxt, gchar *addr, guint32 port _U_, port_type ptype _U_, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "%s %s quick on $ext_if from %s to any",
|
||||
PF_DENY, PF_IN, addr);
|
||||
}
|
||||
|
||||
/* Port */
|
||||
#define RT_TCP_UDP (ptype == PT_TCP ? "tcp" : "udp")
|
||||
static void sf_ios_ext_port(GString *rtxt, gchar *addr _U_, guint32 port, port_type ptype, gboolean inbound _U_, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "access-list NUMBER %s %s any any eq %u",
|
||||
IOS_DENY, RT_TCP_UDP, port);
|
||||
}
|
||||
|
||||
static void sf_ipfilter_port(GString *rtxt, gchar *addr _U_, guint32 port, port_type ptype _U_, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "%s %s on le0 proto %s from any to any port = %u",
|
||||
IPFILTER_DENY, IPFILTER_IN, RT_TCP_UDP, port);
|
||||
}
|
||||
|
||||
static void sf_ipfw_port(GString *rtxt, gchar *addr _U_, guint32 port, port_type ptype, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "add %s %s from any to any %u %s",
|
||||
IPFW_DENY, RT_TCP_UDP, port, IPFW_IN);
|
||||
}
|
||||
|
||||
static void sf_netfilter_port(GString *rtxt, gchar *addr _U_, guint32 port, port_type ptype, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "iptables -A %s -i eth0 -p %s --destination-port %u -j %s",
|
||||
NF_INPUT, RT_TCP_UDP, port, NF_DROP);
|
||||
}
|
||||
|
||||
static void sf_pf_port(GString *rtxt, gchar *addr _U_, guint32 port, port_type ptype, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "%s %s quick on $ext_if proto %s from any to any port %u",
|
||||
PF_DENY, PF_IN, RT_TCP_UDP, port);
|
||||
}
|
||||
|
||||
#define NETSH_DENY (deny ? "DISABLE" : "ENABLE")
|
||||
static void sf_netsh_port(GString *rtxt, gchar *addr _U_, guint32 port, port_type ptype, gboolean inbound _U_, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "add portopening %s %u Wireshark %s",
|
||||
RT_TCP_UDP, port, NETSH_DENY);
|
||||
}
|
||||
|
||||
/* IPv4 + port */
|
||||
static void sf_ios_ext_ipv4_port(GString *rtxt, gchar *addr, guint32 port _U_, port_type ptype _U_, gboolean inbound, gboolean deny) {
|
||||
if (inbound)
|
||||
g_string_append_printf(rtxt, "access-list NUMBER %s %s host %s any eq %u", IOS_DENY, RT_TCP_UDP, addr, port);
|
||||
else
|
||||
g_string_append_printf(rtxt, "access-list NUMBER %s %s any host %s eq %u", IOS_DENY, RT_TCP_UDP, addr, port);
|
||||
}
|
||||
|
||||
static void sf_ipfilter_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny) {
|
||||
if (inbound)
|
||||
g_string_append_printf(rtxt, "%s %s on le0 proto %s from %s to any port = %u",
|
||||
IPFILTER_DENY, IPFILTER_IN, RT_TCP_UDP, addr, port);
|
||||
else
|
||||
g_string_append_printf(rtxt, "%s %s on le0 proto %s from any to %s port = %u",
|
||||
IPFILTER_DENY, IPFILTER_IN, RT_TCP_UDP, addr, port);
|
||||
}
|
||||
|
||||
static void sf_ipfw_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "add %s %s from %s to any %u %s",
|
||||
IPFW_DENY, RT_TCP_UDP, addr, port, IPFW_IN);
|
||||
}
|
||||
|
||||
static void sf_pf_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "%s %s quick on $ext_if proto %s from %s to any port %u",
|
||||
PF_DENY, PF_IN, RT_TCP_UDP, addr, port);
|
||||
}
|
||||
|
||||
static void sf_netfilter_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "iptables -A %s -i eth0 -p %s -d %s/32 --destination-port %u -j %s",
|
||||
NF_INPUT, RT_TCP_UDP, addr, port, NF_DROP);
|
||||
}
|
||||
|
||||
static void sf_netsh_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound _U_, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "add portopening %s %u Wireshark %s %s",
|
||||
RT_TCP_UDP, port, NETSH_DENY, addr);
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Editor modelines - http://www.wireshark.org/tools/modelines.html
|
||||
*
|
||||
* Local variables:
|
||||
* c-basic-offset: 4
|
||||
* tab-width: 8
|
||||
* indent-tabs-mode: nil
|
||||
* End:
|
||||
*
|
||||
* vi: set shiftwidth=4 tabstop=8 expandtab:
|
||||
* :indentSize=4:tabSize=8:noTabs=true:
|
||||
*/
|
|
@ -0,0 +1,108 @@
|
|||
/* firewall_rules.h
|
||||
* Produce ACL rules for various products from a packet.
|
||||
*
|
||||
* Wireshark - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@wireshark.org>
|
||||
* Copyright 2006 Gerald Combs
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#ifndef __UI_FIREWALL_RULES_H__
|
||||
#define __UI_FIREWALL_RULES_H__
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif /* __cplusplus */
|
||||
|
||||
/* Rule types */
|
||||
typedef enum {
|
||||
RT_NONE,
|
||||
RT_MAC_SRC,
|
||||
RT_MAC_DST,
|
||||
RT_IPv4_SRC,
|
||||
RT_IPv4_DST,
|
||||
RT_PORT_SRC,
|
||||
RT_PORT_DST,
|
||||
RT_IPv4_PORT_SRC,
|
||||
RT_IPv4_PORT_DST,
|
||||
NUM_RULE_TYPES
|
||||
} rule_type_e;
|
||||
|
||||
/** Fetch the number of firewall products.
|
||||
* @return The number of firewall products. Should be used as the index for
|
||||
* the rest of the functions below.
|
||||
*/
|
||||
size_t firewall_product_count(void);
|
||||
|
||||
/** Product name
|
||||
* Given an index, return the product name.
|
||||
* @param product_idx Product index.
|
||||
* @return Product name or "Unknown".
|
||||
*/
|
||||
const char *firewall_product_name(size_t product_idx);
|
||||
|
||||
/** Product rule hint
|
||||
* Given an index, return the product's rule hint.
|
||||
* @param product_idx Product index.
|
||||
* @return Product rule hint, e.g. "Change le0 to a valid interface." or "".
|
||||
*/
|
||||
const char *firewall_product_rule_hint(size_t product_idx);
|
||||
|
||||
/** Comment prefix
|
||||
* @param product_idx Product index.
|
||||
* @return The comment prefix, e.g. "#" or an empty string.
|
||||
*/
|
||||
const char *firewall_product_comment_prefix(size_t product_idx);
|
||||
|
||||
/* Syntax function prototypes */
|
||||
typedef void (*syntax_func)(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
|
||||
/** MAC filter function
|
||||
* @param product_idx Product index.
|
||||
* @return A pointer to the MAC filter function or NULL.
|
||||
*/
|
||||
syntax_func firewall_product_mac_func(size_t product_idx);
|
||||
|
||||
/** IPv4 filter function
|
||||
* @param product_idx Product index.
|
||||
* @return A pointer to the IPv4 filter function or NULL.
|
||||
*/
|
||||
syntax_func firewall_product_ipv4_func(size_t product_idx);
|
||||
|
||||
/** Port filter function
|
||||
* @param product_idx Product index.
|
||||
* @return A pointer to the port filter function or NULL.
|
||||
*/
|
||||
syntax_func firewall_product_port_func(size_t product_idx);
|
||||
|
||||
/** IPv4+port filter function
|
||||
* @param product_idx Product index.
|
||||
* @return A pointer to the IPv4+port filter function or NULL.
|
||||
*/
|
||||
syntax_func firewall_product_ipv4_port_func(size_t product_idx);
|
||||
|
||||
/** Product inbound support
|
||||
* Given an index, return the product's ability to support inbound rules.
|
||||
* @param product_idx Product index.
|
||||
* @return TRUE or FALSE.
|
||||
*/
|
||||
gboolean firewall_product_does_inbound(size_t product_idx);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif /* __cplusplus */
|
||||
|
||||
#endif /* __UI_FIREWALL_RULES_H__ */
|
|
@ -23,13 +23,6 @@
|
|||
* in one huge text window, or some sort of tree view.
|
||||
*/
|
||||
|
||||
/*
|
||||
* To add a new product, add syntax functions modify the products[] array.
|
||||
*
|
||||
* To add a new syntax function, add its prototype above the products[]
|
||||
* array, and add the function below with all the others.
|
||||
*/
|
||||
|
||||
/* Copied from ssl-dlg.c */
|
||||
|
||||
#include "config.h"
|
||||
|
@ -44,6 +37,7 @@
|
|||
#include <wsutil/filesystem.h>
|
||||
|
||||
#include <ui/alert_box.h>
|
||||
#include <ui/firewall_rules.h>
|
||||
#include <ui/last_open_dir.h>
|
||||
|
||||
#include <wsutil/file_util.h>
|
||||
|
@ -58,24 +52,9 @@
|
|||
|
||||
#define MAX_RULE_LEN 200
|
||||
|
||||
/* Rule types */
|
||||
typedef enum {
|
||||
RT_NONE,
|
||||
RT_MAC_SRC,
|
||||
RT_MAC_DST,
|
||||
RT_IPv4_SRC,
|
||||
RT_IPv4_DST,
|
||||
RT_PORT_SRC,
|
||||
RT_PORT_DST,
|
||||
RT_IPv4_PORT_SRC,
|
||||
RT_IPv4_PORT_DST,
|
||||
NUM_RULE_TYPES
|
||||
} rule_type_t;
|
||||
|
||||
|
||||
/* Copied from packet_info struct */
|
||||
typedef struct _rule_info_t {
|
||||
gint product;
|
||||
size_t product;
|
||||
address dl_src;
|
||||
address dl_dst;
|
||||
address net_src;
|
||||
|
@ -89,68 +68,11 @@ typedef struct _rule_info_t {
|
|||
GtkWidget *inbound_cb;
|
||||
gboolean inbound;
|
||||
gboolean deny;
|
||||
rule_type_t rule_type;
|
||||
rule_type_e rule_type;
|
||||
} rule_info_t;
|
||||
|
||||
/* Syntax function prototypes */
|
||||
typedef void (*syntax_func)(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
|
||||
static void sf_dummy(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
|
||||
static void sf_ipfw_mac(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_netfilter_mac(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
|
||||
static void sf_ios_std_ipv4(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_ios_ext_ipv4(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_ipfilter_ipv4(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_ipfw_ipv4(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_netfilter_ipv4(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_pf_ipv4(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
/* XXX - Can you addresses-only filters using WFW/netsh? */
|
||||
|
||||
static void sf_ios_ext_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_ipfilter_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_ipfw_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_netfilter_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_pf_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_netsh_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
|
||||
static void sf_ios_ext_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_ipfilter_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_ipfw_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_netfilter_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_pf_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
static void sf_netsh_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
|
||||
typedef struct _fw_product_t {
|
||||
const gchar *name;
|
||||
const gchar *comment_pfx;
|
||||
syntax_func mac_func;
|
||||
syntax_func ipv4_func;
|
||||
syntax_func port_func;
|
||||
syntax_func ipv4_port_func;
|
||||
gboolean does_inbound;
|
||||
} fw_product;
|
||||
|
||||
static fw_product products[] = {
|
||||
{ "Cisco IOS (standard)", "!", NULL, sf_ios_std_ipv4, NULL, NULL, FALSE },
|
||||
{ "Cisco IOS (extended)", "!",
|
||||
NULL, sf_ios_ext_ipv4, sf_ios_ext_port, sf_ios_ext_ipv4_port, TRUE },
|
||||
{ "IP Filter (ipfilter)", "#",
|
||||
NULL, sf_ipfilter_ipv4, sf_ipfilter_port, sf_ipfilter_ipv4_port, TRUE },
|
||||
{ "IPFirewall (ipfw)", "#",
|
||||
sf_ipfw_mac, sf_ipfw_ipv4, sf_ipfw_port, sf_ipfw_ipv4_port, TRUE },
|
||||
{ "Netfilter (iptables)", "#",
|
||||
sf_netfilter_mac, sf_netfilter_ipv4, sf_netfilter_port,
|
||||
sf_netfilter_ipv4_port, TRUE },
|
||||
{ "Packet Filter (pf)", "#",
|
||||
NULL, sf_pf_ipv4, sf_pf_port, sf_pf_ipv4_port, TRUE },
|
||||
{ "Windows Firewall (netsh)", "#",
|
||||
NULL, NULL, sf_netsh_port, sf_netsh_ipv4_port, FALSE }
|
||||
};
|
||||
#define NUM_PRODS (sizeof(products) / sizeof(fw_product))
|
||||
|
||||
|
||||
static void select_product(GtkWidget * win, gpointer data);
|
||||
static void select_filter(GtkWidget * win, gpointer data);
|
||||
static void toggle_inbound(GtkToggleButton *t, gpointer data);
|
||||
|
@ -182,7 +104,7 @@ firewall_rule_cb(GtkWidget *w _U_, gpointer data _U_)
|
|||
GtkWidget *hbox, *button_hbox, *button;
|
||||
rule_info_t *rule_info;
|
||||
packet_info *pinfo = &cfile.edt->pi;
|
||||
guint i;
|
||||
size_t i;
|
||||
|
||||
rule_info = g_new0(rule_info_t, 1);
|
||||
copy_address(&(rule_info->dl_src), &(pinfo->dl_src));
|
||||
|
@ -214,8 +136,8 @@ firewall_rule_cb(GtkWidget *w _U_, gpointer data _U_)
|
|||
gtk_box_pack_start(GTK_BOX(hbox), label, FALSE, FALSE, 0);
|
||||
|
||||
product_combo_box = gtk_combo_box_text_new();
|
||||
for (i = 0; i < NUM_PRODS; i++) {
|
||||
gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT(product_combo_box), products[i].name);
|
||||
for (i = 0; i < firewall_product_count(); i++) {
|
||||
gtk_combo_box_text_append_text (GTK_COMBO_BOX_TEXT(product_combo_box), firewall_product_name(i));
|
||||
}
|
||||
g_object_set_data(G_OBJECT(product_combo_box), WS_RULE_INFO_KEY, rule_info);
|
||||
g_signal_connect(product_combo_box, "changed", G_CALLBACK(select_product), NULL);
|
||||
|
@ -313,12 +235,12 @@ select_product(GtkWidget *w, gpointer data _U_)
|
|||
rule_info_t *rule_info;
|
||||
gchar name[MAX_RULE_LEN], addr_str[MAX_RULE_LEN];
|
||||
address *addr;
|
||||
rule_type_t rule_type = RT_NONE;
|
||||
rule_type_e rule_type = RT_NONE;
|
||||
gboolean sensitive = FALSE;
|
||||
|
||||
rule_info =(rule_info_t *)g_object_get_data(G_OBJECT(w), WS_RULE_INFO_KEY);
|
||||
|
||||
if (prod >= NUM_PRODS || !rule_info)
|
||||
if (prod >= firewall_product_count() || !rule_info)
|
||||
return;
|
||||
|
||||
rule_info->product = prod;
|
||||
|
@ -327,7 +249,7 @@ select_product(GtkWidget *w, gpointer data _U_)
|
|||
ws_combo_box_clear_text_and_pointer(GTK_COMBO_BOX(rule_info->filter_combo_box));
|
||||
|
||||
/* Fill in valid combo_box list items (in the list store). */
|
||||
if (products[prod].mac_func && rule_info->dl_src.type == AT_ETHER) {
|
||||
if (firewall_product_mac_func(prod) && rule_info->dl_src.type == AT_ETHER) {
|
||||
addr = &(rule_info->dl_src);
|
||||
address_to_str_buf(addr, name, MAX_RULE_LEN);
|
||||
ADD_TO_FILTER_MENU(RT_MAC_SRC);
|
||||
|
@ -337,7 +259,7 @@ select_product(GtkWidget *w, gpointer data _U_)
|
|||
ADD_TO_FILTER_MENU(RT_MAC_DST);
|
||||
}
|
||||
|
||||
if (products[prod].ipv4_func && rule_info->net_src.type == AT_IPv4) {
|
||||
if (firewall_product_ipv4_func(prod) && rule_info->net_src.type == AT_IPv4) {
|
||||
addr = &(rule_info->net_src);
|
||||
address_to_str_buf(addr, name, MAX_RULE_LEN);
|
||||
ADD_TO_FILTER_MENU(RT_IPv4_SRC);
|
||||
|
@ -347,7 +269,7 @@ select_product(GtkWidget *w, gpointer data _U_)
|
|||
ADD_TO_FILTER_MENU(RT_IPv4_DST);
|
||||
}
|
||||
|
||||
if (products[prod].port_func && (rule_info->ptype == PT_TCP || rule_info->ptype == PT_UDP)) {
|
||||
if (firewall_product_port_func(prod) && (rule_info->ptype == PT_TCP || rule_info->ptype == PT_UDP)) {
|
||||
g_snprintf(name, MAX_RULE_LEN, "%s port %u", NAME_TCP_UDP,
|
||||
rule_info->srcport);
|
||||
ADD_TO_FILTER_MENU(RT_PORT_SRC);
|
||||
|
@ -358,7 +280,7 @@ select_product(GtkWidget *w, gpointer data _U_)
|
|||
}
|
||||
}
|
||||
|
||||
if (products[prod].ipv4_port_func && rule_info->net_src.type == AT_IPv4 &&
|
||||
if (firewall_product_ipv4_port_func(prod) && rule_info->net_src.type == AT_IPv4 &&
|
||||
(rule_info->ptype == PT_TCP || rule_info->ptype == PT_UDP)) {
|
||||
addr = &(rule_info->net_src);
|
||||
address_to_str_buf(addr, addr_str, MAX_RULE_LEN);
|
||||
|
@ -381,7 +303,7 @@ select_product(GtkWidget *w, gpointer data _U_)
|
|||
}
|
||||
|
||||
gtk_widget_set_sensitive(rule_info->filter_combo_box, sensitive);
|
||||
gtk_widget_set_sensitive(rule_info->inbound_cb, products[prod].does_inbound && sensitive);
|
||||
gtk_widget_set_sensitive(rule_info->inbound_cb, firewall_product_does_inbound(prod) && sensitive);
|
||||
gtk_widget_set_sensitive(rule_info->deny_cb, sensitive);
|
||||
}
|
||||
|
||||
|
@ -389,7 +311,7 @@ select_product(GtkWidget *w, gpointer data _U_)
|
|||
static void
|
||||
select_filter(GtkWidget *w, gpointer data _U_)
|
||||
{
|
||||
rule_type_t cur_type;
|
||||
rule_type_e cur_type;
|
||||
rule_info_t *rule_info;
|
||||
gpointer ptr;
|
||||
|
||||
|
@ -399,7 +321,7 @@ select_filter(GtkWidget *w, gpointer data _U_)
|
|||
|
||||
|
||||
if (ws_combo_box_get_active_pointer(GTK_COMBO_BOX(w), &ptr))
|
||||
cur_type = (rule_type_t)GPOINTER_TO_UINT(ptr);
|
||||
cur_type = (rule_type_e)GPOINTER_TO_UINT(ptr);
|
||||
else
|
||||
cur_type = RT_NONE; /* If nothing selected (eg: nothing in filter list) */
|
||||
|
||||
|
@ -441,44 +363,48 @@ static void
|
|||
set_rule_text(rule_info_t *rule_info) {
|
||||
GString *rtxt = g_string_new("");
|
||||
gchar addr_str[MAX_RULE_LEN];
|
||||
rule_type_t rt = rule_info->rule_type;
|
||||
guint prod = rule_info->product;
|
||||
rule_type_e rt = rule_info->rule_type;
|
||||
size_t prod = rule_info->product;
|
||||
address *addr = NULL;
|
||||
guint32 port = 0;
|
||||
syntax_func rt_func = NULL;
|
||||
|
||||
GtkTextBuffer *buf = gtk_text_view_get_buffer(GTK_TEXT_VIEW(rule_info->text));
|
||||
|
||||
if (prod < NUM_PRODS) {
|
||||
g_string_printf(rtxt, "%s %s\n", products[prod].comment_pfx, products[prod].name);
|
||||
if (prod < firewall_product_count()) {
|
||||
const char *hint = firewall_product_rule_hint(prod);
|
||||
g_string_printf(rtxt, "%s %s\n", firewall_product_comment_prefix(prod), firewall_product_name(prod));
|
||||
if (strlen(hint) > 0) {
|
||||
g_string_append_printf(rtxt, " %s", hint);
|
||||
}
|
||||
switch(rt) {
|
||||
case RT_NONE:
|
||||
g_string_append_printf(rtxt, "%s Not supported", products[prod].comment_pfx);
|
||||
g_string_append_printf(rtxt, "%s Not supported", firewall_product_comment_prefix(prod));
|
||||
rt_func = sf_dummy;
|
||||
break;
|
||||
case RT_MAC_SRC:
|
||||
case RT_MAC_DST:
|
||||
addr = DL_ADDR;
|
||||
address_to_str_buf(addr, addr_str, MAX_RULE_LEN);
|
||||
rt_func = products[prod].mac_func;
|
||||
rt_func = firewall_product_mac_func(prod);
|
||||
break;
|
||||
case RT_IPv4_SRC:
|
||||
case RT_IPv4_DST:
|
||||
addr = NET_ADDR;
|
||||
address_to_str_buf(addr, addr_str, MAX_RULE_LEN);
|
||||
rt_func = products[prod].ipv4_func;
|
||||
rt_func = firewall_product_ipv4_func(prod);
|
||||
break;
|
||||
case RT_PORT_SRC:
|
||||
case RT_PORT_DST:
|
||||
port = NET_PORT;
|
||||
rt_func = products[prod].port_func;
|
||||
rt_func = firewall_product_port_func(prod);
|
||||
break;
|
||||
case RT_IPv4_PORT_SRC:
|
||||
case RT_IPv4_PORT_DST:
|
||||
addr = NET_ADDR;
|
||||
address_to_str_buf(addr, addr_str, MAX_RULE_LEN);
|
||||
port = NET_PORT;
|
||||
rt_func = products[prod].ipv4_port_func;
|
||||
rt_func = firewall_product_ipv4_port_func(prod);
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
|
@ -502,128 +428,6 @@ set_rule_text(rule_info_t *rule_info) {
|
|||
static void sf_dummy(GString *rtxt _U_, gchar *addr _U_, guint32 port _U_, port_type ptype _U_, gboolean inbound _U_, gboolean deny _U_) {
|
||||
}
|
||||
|
||||
/* MAC */
|
||||
#define IPFW_DENY (deny ? "deny" : "allow")
|
||||
#define IPFW_IN (inbound ? "in" : "out")
|
||||
static void sf_ipfw_mac(GString *rtxt, gchar *addr, guint32 port _U_, port_type ptype _U_, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "add %s MAC %s any %s",
|
||||
IPFW_DENY, addr, IPFW_IN);
|
||||
}
|
||||
|
||||
#define NF_DROP (deny ? "DROP" : "ACCEPT")
|
||||
#define NF_INPUT (inbound ? "INPUT" : "OUTPUT")
|
||||
static void sf_netfilter_mac(GString *rtxt, gchar *addr, guint32 port _U_, port_type ptype _U_, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "iptables -A %s --mac-source %s -j %s",
|
||||
NF_INPUT, addr, NF_DROP);
|
||||
}
|
||||
|
||||
/* IPv4 */
|
||||
#define IOS_DENY (deny ? "deny" : "permit")
|
||||
static void sf_ios_std_ipv4(GString *rtxt, gchar *addr, guint32 port _U_, port_type ptype _U_, gboolean inbound _U_, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "access-list NUMBER %s host %s", IOS_DENY, addr);
|
||||
}
|
||||
|
||||
static void sf_ios_ext_ipv4(GString *rtxt, gchar *addr, guint32 port _U_, port_type ptype _U_, gboolean inbound, gboolean deny) {
|
||||
if (inbound)
|
||||
g_string_append_printf(rtxt, "access-list NUMBER %s ip host %s any", IOS_DENY, addr);
|
||||
else
|
||||
g_string_append_printf(rtxt, "access-list NUMBER %s ip any host %s", IOS_DENY, addr);
|
||||
}
|
||||
|
||||
#define IPFILTER_DENY (deny ? "block" : "pass")
|
||||
#define IPFILTER_IN (inbound ? "in" : "out")
|
||||
static void sf_ipfilter_ipv4(GString *rtxt, gchar *addr, guint32 port _U_, port_type ptype _U_, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "%s %s on le0 from %s to any",
|
||||
IPFILTER_DENY, IPFILTER_IN, addr);
|
||||
}
|
||||
|
||||
static void sf_ipfw_ipv4(GString *rtxt, gchar *addr, guint32 port _U_, port_type ptype _U_, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "add %s ip from %s to any %s",
|
||||
IPFW_DENY, addr, IPFW_IN);
|
||||
}
|
||||
|
||||
static void sf_netfilter_ipv4(GString *rtxt, gchar *addr, guint32 port _U_, port_type ptype _U_, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "iptables -A %s -i eth0 -d %s/32 -j %s",
|
||||
NF_INPUT, addr, NF_DROP);
|
||||
}
|
||||
|
||||
#define PF_DENY (deny ? "block" : "pass")
|
||||
#define PF_IN (inbound ? "in" : "out")
|
||||
static void sf_pf_ipv4(GString *rtxt, gchar *addr, guint32 port _U_, port_type ptype _U_, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "%s %s quick on $ext_if from %s to any",
|
||||
PF_DENY, PF_IN, addr);
|
||||
}
|
||||
|
||||
/* Port */
|
||||
#define RT_TCP_UDP (ptype == PT_TCP ? "tcp" : "udp")
|
||||
static void sf_ios_ext_port(GString *rtxt, gchar *addr _U_, guint32 port, port_type ptype, gboolean inbound _U_, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "access-list NUMBER %s %s any any eq %u",
|
||||
IOS_DENY, RT_TCP_UDP, port);
|
||||
}
|
||||
|
||||
static void sf_ipfilter_port(GString *rtxt, gchar *addr _U_, guint32 port, port_type ptype _U_, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "%s %s on le0 proto %s from any to any port = %u",
|
||||
IPFILTER_DENY, IPFILTER_IN, RT_TCP_UDP, port);
|
||||
}
|
||||
|
||||
static void sf_ipfw_port(GString *rtxt, gchar *addr _U_, guint32 port, port_type ptype, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "add %s %s from any to any %u %s",
|
||||
IPFW_DENY, RT_TCP_UDP, port, IPFW_IN);
|
||||
}
|
||||
|
||||
static void sf_netfilter_port(GString *rtxt, gchar *addr _U_, guint32 port, port_type ptype, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "iptables -A %s -p %s --destination-port %u -j %s",
|
||||
NF_INPUT, RT_TCP_UDP, port, NF_DROP);
|
||||
}
|
||||
|
||||
static void sf_pf_port(GString *rtxt, gchar *addr _U_, guint32 port, port_type ptype, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "%s %s quick on $ext_if proto %s from any to any port %u",
|
||||
PF_DENY, PF_IN, RT_TCP_UDP, port);
|
||||
}
|
||||
|
||||
#define NETSH_DENY (deny ? "DISABLE" : "ENABLE")
|
||||
static void sf_netsh_port(GString *rtxt, gchar *addr _U_, guint32 port, port_type ptype, gboolean inbound _U_, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "add portopening %s %u Wireshark %s",
|
||||
RT_TCP_UDP, port, NETSH_DENY);
|
||||
}
|
||||
|
||||
/* IPv4 + port */
|
||||
static void sf_ios_ext_ipv4_port(GString *rtxt, gchar *addr, guint32 port _U_, port_type ptype _U_, gboolean inbound, gboolean deny) {
|
||||
if (inbound)
|
||||
g_string_append_printf(rtxt, "access-list NUMBER %s %s host %s any eq %u", IOS_DENY, RT_TCP_UDP, addr, port);
|
||||
else
|
||||
g_string_append_printf(rtxt, "access-list NUMBER %s %s any host %s eq %u", IOS_DENY, RT_TCP_UDP, addr, port);
|
||||
}
|
||||
|
||||
static void sf_ipfilter_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny) {
|
||||
if (inbound)
|
||||
g_string_append_printf(rtxt, "%s %s on le0 proto %s from %s to any port = %u",
|
||||
IPFILTER_DENY, IPFILTER_IN, RT_TCP_UDP, addr, port);
|
||||
else
|
||||
g_string_append_printf(rtxt, "%s %s on le0 proto %s from any to %s port = %u",
|
||||
IPFILTER_DENY, IPFILTER_IN, RT_TCP_UDP, addr, port);
|
||||
}
|
||||
|
||||
static void sf_ipfw_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "add %s %s from %s to any %u %s",
|
||||
IPFW_DENY, RT_TCP_UDP, addr, port, IPFW_IN);
|
||||
}
|
||||
|
||||
static void sf_pf_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "%s %s quick on $ext_if proto %s from %s to any port %u",
|
||||
PF_DENY, PF_IN, RT_TCP_UDP, addr, port);
|
||||
}
|
||||
|
||||
static void sf_netfilter_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "iptables -A %s -p %s -d %s/32 --destination-port %u -j %s",
|
||||
NF_INPUT, RT_TCP_UDP, addr, port, NF_DROP);
|
||||
}
|
||||
|
||||
static void sf_netsh_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound _U_, gboolean deny) {
|
||||
g_string_append_printf(rtxt, "add portopening %s %u Wireshark %s %s",
|
||||
RT_TCP_UDP, port, NETSH_DENY, addr);
|
||||
}
|
||||
|
||||
/* The destroy call back has the responsibility of
|
||||
* unlinking the temporary file
|
||||
* and freeing the filter_out_filter */
|
||||
|
|
|
@ -68,6 +68,7 @@ set(WIRESHARK_QT_HEADERS
|
|||
filter_expression_frame.h
|
||||
filter_expressions_preferences_frame.h
|
||||
find_line_edit.h
|
||||
firewall_rules_dialog.h
|
||||
follow_stream_dialog.h
|
||||
follow_stream_text.h
|
||||
font_color_preferences_frame.h
|
||||
|
@ -222,6 +223,7 @@ set(WIRESHARK_QT_SRC
|
|||
filter_expression_frame.cpp
|
||||
filter_expressions_preferences_frame.cpp
|
||||
find_line_edit.cpp
|
||||
firewall_rules_dialog.cpp
|
||||
follow_stream_dialog.cpp
|
||||
follow_stream_text.cpp
|
||||
font_color_preferences_frame.cpp
|
||||
|
@ -369,6 +371,7 @@ set(WIRESHARK_QT_UI
|
|||
filter_dialog.ui
|
||||
filter_expression_frame.ui
|
||||
filter_expressions_preferences_frame.ui
|
||||
firewall_rules_dialog.ui
|
||||
follow_stream_dialog.ui
|
||||
font_color_preferences_frame.ui
|
||||
funnel_string_dialog.ui
|
||||
|
|
|
@ -205,6 +205,8 @@ filter_expression_frame.$(OBJEXT): ui_filter_expression_frame.h
|
|||
|
||||
filter_expressions_preferences_frame.$(OBJEXT): ui_filter_expressions_preferences_frame.h
|
||||
|
||||
firewall_rules_dialog.$(OBJEXT): ui_firewall_rules_dialog.h
|
||||
|
||||
follow_stream_dialog.$(OBJEXT): ui_follow_stream_dialog.h
|
||||
|
||||
font_color_preferences_frame.$(OBJEXT): ui_font_color_preferences_frame.h
|
||||
|
|
|
@ -53,6 +53,7 @@ NODIST_GENERATED_HEADER_FILES = \
|
|||
ui_filter_dialog.h \
|
||||
ui_filter_expression_frame.h \
|
||||
ui_filter_expressions_preferences_frame.h \
|
||||
ui_firewall_rules_dialog.h \
|
||||
ui_follow_stream_dialog.h \
|
||||
ui_font_color_preferences_frame.h \
|
||||
ui_funnel_string_dialog.h \
|
||||
|
@ -187,6 +188,7 @@ MOC_HDRS = \
|
|||
filter_expression_frame.h \
|
||||
filter_expressions_preferences_frame.h \
|
||||
find_line_edit.h \
|
||||
firewall_rules_dialog.h \
|
||||
follow_stream_dialog.h \
|
||||
follow_stream_text.h \
|
||||
font_color_preferences_frame.h \
|
||||
|
@ -303,6 +305,7 @@ UI_FILES = \
|
|||
filter_dialog.ui \
|
||||
filter_expression_frame.ui \
|
||||
filter_expressions_preferences_frame.ui \
|
||||
firewall_rules_dialog.ui \
|
||||
follow_stream_dialog.ui \
|
||||
font_color_preferences_frame.ui \
|
||||
funnel_string_dialog.ui \
|
||||
|
@ -455,6 +458,7 @@ WIRESHARK_QT_SRC = \
|
|||
filter_expression_frame.cpp \
|
||||
filter_expressions_preferences_frame.cpp \
|
||||
find_line_edit.cpp \
|
||||
firewall_rules_dialog.cpp \
|
||||
follow_stream_dialog.cpp \
|
||||
follow_stream_text.cpp \
|
||||
font_color_preferences_frame.cpp \
|
||||
|
|
|
@ -234,6 +234,7 @@ FORMS += \
|
|||
filter_dialog.ui \
|
||||
filter_expression_frame.ui \
|
||||
filter_expressions_preferences_frame.ui \
|
||||
firewall_rules_dialog.ui \
|
||||
follow_stream_dialog.ui \
|
||||
font_color_preferences_frame.ui \
|
||||
funnel_string_dialog.ui \
|
||||
|
@ -324,6 +325,7 @@ HEADERS += $$HEADERS_WS_C \
|
|||
filter_expression_frame.h \
|
||||
filter_expressions_preferences_frame.h \
|
||||
find_line_edit.h \
|
||||
firewall_rules_dialog.h \
|
||||
follow_stream_dialog.h \
|
||||
follow_stream_text.h \
|
||||
font_color_preferences_frame.h \
|
||||
|
@ -722,6 +724,7 @@ SOURCES += \
|
|||
filter_expression_frame.cpp \
|
||||
filter_expressions_preferences_frame.cpp \
|
||||
find_line_edit.cpp \
|
||||
firewall_rules_dialog.cpp \
|
||||
follow_stream_dialog.cpp \
|
||||
follow_stream_text.cpp \
|
||||
font_color_preferences_frame.cpp \
|
||||
|
|
|
@ -0,0 +1,225 @@
|
|||
/* firewall_rules_dialog.cpp
|
||||
*
|
||||
* Wireshark - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@wireshark.org>
|
||||
* Copyright 1998 Gerald Combs
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#include <config.h>
|
||||
|
||||
#include "firewall_rules_dialog.h"
|
||||
#include "ui_firewall_rules_dialog.h"
|
||||
|
||||
#include "epan/packet_info.h"
|
||||
#include "epan/to_str.h"
|
||||
|
||||
#include "ui/all_files_wildcard.h"
|
||||
#include "ui/firewall_rules.h"
|
||||
#include "ui/help_url.h"
|
||||
|
||||
#include "wsutil/file_util.h"
|
||||
#include "wsutil/utf8_entities.h"
|
||||
|
||||
#include "wireshark_application.h"
|
||||
|
||||
#include <QClipboard>
|
||||
#include <QFileDialog>
|
||||
#include <QMessageBox>
|
||||
#include <QPushButton>
|
||||
#include <QTextCursor>
|
||||
|
||||
FirewallRulesDialog::FirewallRulesDialog(QWidget &parent, CaptureFile &cf) :
|
||||
WiresharkDialog(parent, cf),
|
||||
ui(new Ui::FirewallRulesDialog)
|
||||
{
|
||||
ui->setupUi(this);
|
||||
|
||||
setWindowSubtitle(tr("Firewall ACL Rules"));
|
||||
|
||||
ui->buttonBox->button(QDialogButtonBox::Apply)->setText(tr("Copy"));
|
||||
|
||||
file_name_ = cf.fileName(); // XXX Add extension?
|
||||
packet_num_ = cf.packetInfo()->num;
|
||||
|
||||
packet_info *pinfo = cf.packetInfo();
|
||||
copy_address(&dl_src_, &(pinfo->dl_src));
|
||||
copy_address(&dl_dst_, &(pinfo->dl_dst));
|
||||
copy_address(&net_src_, &(pinfo->net_src));
|
||||
copy_address(&net_dst_, &(pinfo->net_dst));
|
||||
ptype_ = pinfo->ptype;
|
||||
src_port_ = pinfo->srcport;
|
||||
dst_port_ = pinfo->destport;
|
||||
int nf_item = 0;
|
||||
|
||||
for (size_t prod = 0; prod < firewall_product_count(); prod++) {
|
||||
QString prod_name = firewall_product_name(prod);
|
||||
|
||||
// Default to Netfilter since it's likely the most popular.
|
||||
if (prod_name.contains("Netfilter")) nf_item = ui->productComboBox->count();
|
||||
ui->productComboBox->addItem(prod_name);
|
||||
}
|
||||
ui->productComboBox->setCurrentIndex(nf_item);
|
||||
|
||||
ui->buttonBox->button(QDialogButtonBox::Close)->setDefault(true);
|
||||
}
|
||||
|
||||
FirewallRulesDialog::~FirewallRulesDialog()
|
||||
{
|
||||
delete ui;
|
||||
}
|
||||
|
||||
void FirewallRulesDialog::updateWidgets()
|
||||
{
|
||||
WiresharkDialog::updateWidgets();
|
||||
|
||||
QString comment_pfx = firewall_product_comment_prefix(prod_);
|
||||
QString rule_hint = firewall_product_rule_hint(prod_);
|
||||
QString rule_line;
|
||||
|
||||
rule_line = QString("%1 %2 rules for %3, packet %4.")
|
||||
.arg(comment_pfx)
|
||||
.arg(firewall_product_name(prod_))
|
||||
.arg(file_name_)
|
||||
.arg(packet_num_);
|
||||
|
||||
if (!rule_hint.isEmpty()) rule_line += " " + rule_hint;
|
||||
|
||||
ui->textBrowser->clear();
|
||||
ui->textBrowser->append(rule_line);
|
||||
|
||||
syntax_func v4_func = firewall_product_ipv4_func(prod_);
|
||||
syntax_func port_func = firewall_product_port_func(prod_);
|
||||
syntax_func v4_port_func = firewall_product_ipv4_port_func(prod_);
|
||||
syntax_func mac_func = firewall_product_mac_func(prod_);
|
||||
|
||||
if (v4_func && net_src_.type == AT_IPv4) {
|
||||
addRule(tr("IPv4 source address."), v4_func, &net_src_, src_port_);
|
||||
addRule(tr("IPv4 destination address."), v4_func, &net_dst_, dst_port_);
|
||||
}
|
||||
|
||||
if (port_func && (ptype_ == PT_TCP || ptype_ == PT_UDP)) {
|
||||
addRule(tr("Source port."), port_func, &net_src_, src_port_);
|
||||
addRule(tr("Destination port."), port_func, &net_dst_, dst_port_);
|
||||
}
|
||||
|
||||
if (v4_port_func && net_src_.type == AT_IPv4 &&
|
||||
(ptype_ == PT_TCP || ptype_ == PT_UDP)) {
|
||||
addRule(tr("IPv4 source address and port."), v4_port_func, &net_src_, src_port_);
|
||||
addRule(tr("IPv4 destination address and port."), v4_port_func, &net_dst_, dst_port_);
|
||||
}
|
||||
|
||||
if (mac_func && dl_src_.type == AT_ETHER) {
|
||||
addRule(tr("MAC source address."), mac_func, &dl_src_, src_port_);
|
||||
addRule(tr("MAC destination address."), mac_func, &dl_dst_, dst_port_);
|
||||
}
|
||||
|
||||
ui->textBrowser->moveCursor(QTextCursor::Start);
|
||||
|
||||
ui->inboundCheckBox->setEnabled(firewall_product_does_inbound(prod_));
|
||||
}
|
||||
|
||||
#define ADDR_BUF_LEN 200
|
||||
void FirewallRulesDialog::addRule(QString description, syntax_func rule_func, address *addr, guint32 port)
|
||||
{
|
||||
if (!rule_func) return;
|
||||
|
||||
char addr_buf[ADDR_BUF_LEN];
|
||||
QString comment_pfx = firewall_product_comment_prefix(prod_);
|
||||
GString *rule_str = g_string_new("");
|
||||
gboolean inbound = ui->inboundCheckBox->isChecked();
|
||||
gboolean deny = ui->denyCheckBox->isChecked();
|
||||
|
||||
address_to_str_buf(addr, addr_buf, ADDR_BUF_LEN);
|
||||
rule_func(rule_str, addr_buf, port, ptype_, inbound, deny);
|
||||
ui->textBrowser->append(QString());
|
||||
|
||||
QString comment_line = comment_pfx + " " + description;
|
||||
ui->textBrowser->append(comment_line);
|
||||
ui->textBrowser->append(rule_str->str);
|
||||
|
||||
g_string_free(rule_str, TRUE);
|
||||
}
|
||||
|
||||
|
||||
void FirewallRulesDialog::on_productComboBox_currentIndexChanged(int new_idx)
|
||||
{
|
||||
prod_ = (size_t) new_idx;
|
||||
updateWidgets();
|
||||
}
|
||||
|
||||
void FirewallRulesDialog::on_inboundCheckBox_toggled(bool)
|
||||
{
|
||||
updateWidgets();
|
||||
}
|
||||
|
||||
void FirewallRulesDialog::on_denyCheckBox_toggled(bool)
|
||||
{
|
||||
updateWidgets();
|
||||
}
|
||||
|
||||
void FirewallRulesDialog::on_buttonBox_clicked(QAbstractButton *button)
|
||||
{
|
||||
if (button == ui->buttonBox->button(QDialogButtonBox::Save)) {
|
||||
QString save_title = QString("Save %1 rules as" UTF8_HORIZONTAL_ELLIPSIS)
|
||||
.arg(firewall_product_name(prod_));
|
||||
QByteArray file_name = QFileDialog::getSaveFileName(this,
|
||||
save_title,
|
||||
wsApp->lastOpenDir().canonicalPath(),
|
||||
tr("Text file (*.txt);;All Files (" ALL_FILES_WILDCARD ")")
|
||||
).toUtf8();
|
||||
if (file_name.length() > 0) {
|
||||
QFile save_file(file_name);
|
||||
QByteArray rule_text = ui->textBrowser->toPlainText().toUtf8();
|
||||
|
||||
save_file.open(QIODevice::WriteOnly);
|
||||
save_file.write(rule_text);
|
||||
save_file.close();
|
||||
|
||||
if (save_file.error() != QFile::NoError) {
|
||||
QMessageBox::warning(this, tr("Warning"), tr("Unable to save %1").arg(save_file.fileName()));
|
||||
return;
|
||||
}
|
||||
|
||||
/* Save the directory name for future file dialogs. */
|
||||
wsApp->setLastOpenDir(file_name.constData());
|
||||
}
|
||||
} else if (button == ui->buttonBox->button(QDialogButtonBox::Apply)) {
|
||||
if (ui->textBrowser->textCursor().hasSelection()) {
|
||||
ui->textBrowser->copy();
|
||||
} else {
|
||||
wsApp->clipboard()->setText(ui->textBrowser->toPlainText());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void FirewallRulesDialog::on_buttonBox_helpRequested()
|
||||
{
|
||||
wsApp->helpTopicAction(HELP_FIREWALL_DIALOG);
|
||||
}
|
||||
|
||||
/*
|
||||
* Editor modelines
|
||||
*
|
||||
* Local Variables:
|
||||
* c-basic-offset: 4
|
||||
* tab-width: 8
|
||||
* indent-tabs-mode: nil
|
||||
* End:
|
||||
*
|
||||
* ex: set shiftwidth=4 tabstop=8 expandtab:
|
||||
* :indentSize=4:tabSize=8:noTabs=true:
|
||||
*/
|
|
@ -0,0 +1,85 @@
|
|||
/* firewall_rules_dialog.h
|
||||
*
|
||||
* Wireshark - Network traffic analyzer
|
||||
* By Gerald Combs <gerald@wireshark.org>
|
||||
* Copyright 1998 Gerald Combs
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#ifndef FIREWALL_RULES_DIALOG_H
|
||||
#define FIREWALL_RULES_DIALOG_H
|
||||
|
||||
#include "epan/address.h"
|
||||
|
||||
#include <wireshark_dialog.h>
|
||||
|
||||
namespace Ui {
|
||||
class FirewallRulesDialog;
|
||||
}
|
||||
|
||||
class QAbstractButton;
|
||||
|
||||
typedef void (*syntax_func)(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
|
||||
|
||||
class FirewallRulesDialog : public WiresharkDialog
|
||||
{
|
||||
Q_OBJECT
|
||||
|
||||
public:
|
||||
explicit FirewallRulesDialog(QWidget &parent, CaptureFile &cf);
|
||||
~FirewallRulesDialog();
|
||||
|
||||
private slots:
|
||||
void on_productComboBox_currentIndexChanged(int new_idx);
|
||||
void on_inboundCheckBox_toggled(bool);
|
||||
void on_denyCheckBox_toggled(bool);
|
||||
void on_buttonBox_helpRequested();
|
||||
|
||||
void on_buttonBox_clicked(QAbstractButton *button);
|
||||
|
||||
private:
|
||||
Ui::FirewallRulesDialog *ui;
|
||||
|
||||
QString file_name_;
|
||||
int packet_num_;
|
||||
|
||||
size_t prod_;
|
||||
address dl_src_;
|
||||
address dl_dst_;
|
||||
address net_src_;
|
||||
address net_dst_;
|
||||
port_type ptype_;
|
||||
guint32 src_port_;
|
||||
guint32 dst_port_;
|
||||
|
||||
void updateWidgets();
|
||||
void addRule(QString description, syntax_func rule_func, address *addr, guint32 port);
|
||||
};
|
||||
|
||||
#endif // FIREWALL_RULES_DIALOG_H
|
||||
|
||||
/*
|
||||
* Editor modelines
|
||||
*
|
||||
* Local Variables:
|
||||
* c-basic-offset: 4
|
||||
* tab-width: 8
|
||||
* indent-tabs-mode: nil
|
||||
* End:
|
||||
*
|
||||
* ex: set shiftwidth=4 tabstop=8 expandtab:
|
||||
* :indentSize=4:tabSize=8:noTabs=true:
|
||||
*/
|
|
@ -0,0 +1,124 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<ui version="4.0">
|
||||
<class>FirewallRulesDialog</class>
|
||||
<widget class="QDialog" name="FirewallRulesDialog">
|
||||
<property name="geometry">
|
||||
<rect>
|
||||
<x>0</x>
|
||||
<y>0</y>
|
||||
<width>650</width>
|
||||
<height>450</height>
|
||||
</rect>
|
||||
</property>
|
||||
<layout class="QVBoxLayout" name="verticalLayout">
|
||||
<item>
|
||||
<widget class="QTextBrowser" name="textBrowser"/>
|
||||
</item>
|
||||
<item>
|
||||
<layout class="QHBoxLayout" name="horizontalLayout" stretch="0,0,1,0,0,0">
|
||||
<item>
|
||||
<widget class="QLabel" name="label">
|
||||
<property name="text">
|
||||
<string>Create rules for</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item>
|
||||
<widget class="QComboBox" name="productComboBox"/>
|
||||
</item>
|
||||
<item>
|
||||
<spacer name="horizontalSpacer">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Horizontal</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>40</width>
|
||||
<height>20</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
<item>
|
||||
<widget class="QCheckBox" name="inboundCheckBox">
|
||||
<property name="text">
|
||||
<string>Inbound</string>
|
||||
</property>
|
||||
<property name="checked">
|
||||
<bool>true</bool>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item>
|
||||
<spacer name="horizontalSpacer_2">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Horizontal</enum>
|
||||
</property>
|
||||
<property name="sizeHint" stdset="0">
|
||||
<size>
|
||||
<width>20</width>
|
||||
<height>5</height>
|
||||
</size>
|
||||
</property>
|
||||
</spacer>
|
||||
</item>
|
||||
<item>
|
||||
<widget class="QCheckBox" name="denyCheckBox">
|
||||
<property name="text">
|
||||
<string>Deny</string>
|
||||
</property>
|
||||
<property name="checked">
|
||||
<bool>true</bool>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
</layout>
|
||||
</item>
|
||||
<item>
|
||||
<widget class="QDialogButtonBox" name="buttonBox">
|
||||
<property name="orientation">
|
||||
<enum>Qt::Horizontal</enum>
|
||||
</property>
|
||||
<property name="standardButtons">
|
||||
<set>QDialogButtonBox::Apply|QDialogButtonBox::Close|QDialogButtonBox::Help|QDialogButtonBox::Save</set>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
</layout>
|
||||
</widget>
|
||||
<resources/>
|
||||
<connections>
|
||||
<connection>
|
||||
<sender>buttonBox</sender>
|
||||
<signal>accepted()</signal>
|
||||
<receiver>FirewallRulesDialog</receiver>
|
||||
<slot>accept()</slot>
|
||||
<hints>
|
||||
<hint type="sourcelabel">
|
||||
<x>248</x>
|
||||
<y>254</y>
|
||||
</hint>
|
||||
<hint type="destinationlabel">
|
||||
<x>157</x>
|
||||
<y>274</y>
|
||||
</hint>
|
||||
</hints>
|
||||
</connection>
|
||||
<connection>
|
||||
<sender>buttonBox</sender>
|
||||
<signal>rejected()</signal>
|
||||
<receiver>FirewallRulesDialog</receiver>
|
||||
<slot>reject()</slot>
|
||||
<hints>
|
||||
<hint type="sourcelabel">
|
||||
<x>316</x>
|
||||
<y>260</y>
|
||||
</hint>
|
||||
<hint type="destinationlabel">
|
||||
<x>286</x>
|
||||
<y>274</y>
|
||||
</hint>
|
||||
</hints>
|
||||
</connection>
|
||||
</connections>
|
||||
</ui>
|
|
@ -2326,11 +2326,8 @@ void MainWindow::addDynamicMenus()
|
|||
}
|
||||
|
||||
// Empty menus don't show up: https://bugreports.qt.io/browse/QTBUG-33728
|
||||
// We've added a placeholder in order to make sure the "Tools" menu is
|
||||
// visible. Hide it as needed.
|
||||
if (wsApp->dynamicMenuGroupItems(REGISTER_TOOLS_GROUP_UNSORTED).length() > 0) {
|
||||
main_ui_->actionToolsPlaceholder->setVisible(false);
|
||||
}
|
||||
// We've added a placeholder in order to make sure some menus are visible.
|
||||
// Hide them as needed.
|
||||
if (wsApp->dynamicMenuGroupItems(REGISTER_STAT_GROUP_TELEPHONY_ANSI).length() > 0) {
|
||||
main_ui_->actionTelephonyANSIPlaceholder->setVisible(false);
|
||||
}
|
||||
|
|
|
@ -601,6 +601,8 @@ private slots:
|
|||
void on_actionBluetoothDevices_triggered();
|
||||
void on_actionBluetoothHCI_Summary_triggered();
|
||||
|
||||
void on_actionToolsFirewallAclRules_triggered();
|
||||
|
||||
void externalMenuItem_triggered();
|
||||
|
||||
void on_actionContextCopyBytesHexTextDump_triggered();
|
||||
|
|
|
@ -80,31 +80,31 @@
|
|||
</item>
|
||||
<item>
|
||||
<widget class="QPushButton" name="goToGo">
|
||||
<property name="maximumSize">
|
||||
<size>
|
||||
<width>16777215</width>
|
||||
<height>27</height>
|
||||
</size>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>Go to packet</string>
|
||||
</property>
|
||||
<property name="default">
|
||||
<bool>true</bool>
|
||||
</property>
|
||||
<property name="maximumSize">
|
||||
<size>
|
||||
<width>16777215</width>
|
||||
<height>27</height>
|
||||
</size>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
<item>
|
||||
<widget class="QPushButton" name="goToCancel">
|
||||
<property name="text">
|
||||
<string>Cancel</string>
|
||||
</property>
|
||||
<property name="maximumSize">
|
||||
<size>
|
||||
<width>16777215</width>
|
||||
<height>27</height>
|
||||
</size>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>Cancel</string>
|
||||
</property>
|
||||
</widget>
|
||||
</item>
|
||||
</layout>
|
||||
|
@ -651,7 +651,7 @@
|
|||
<property name="title">
|
||||
<string>&Tools</string>
|
||||
</property>
|
||||
<addaction name="actionToolsPlaceholder"/>
|
||||
<addaction name="actionToolsFirewallAclRules"/>
|
||||
</widget>
|
||||
<addaction name="menuFile"/>
|
||||
<addaction name="menuEdit"/>
|
||||
|
@ -2650,20 +2650,6 @@
|
|||
<enum>QAction::NoRole</enum>
|
||||
</property>
|
||||
</action>
|
||||
<action name="actionToolsPlaceholder">
|
||||
<property name="enabled">
|
||||
<bool>false</bool>
|
||||
</property>
|
||||
<property name="text">
|
||||
<string>No tools registered</string>
|
||||
</property>
|
||||
<property name="toolTip">
|
||||
<string>No tools have been registered.</string>
|
||||
</property>
|
||||
<property name="menuRole">
|
||||
<enum>QAction::NoRole</enum>
|
||||
</property>
|
||||
</action>
|
||||
<action name="actionTelephonyANSIPlaceholder">
|
||||
<property name="enabled">
|
||||
<bool>false</bool>
|
||||
|
@ -2925,6 +2911,14 @@
|
|||
<string>Add a display filter button.</string>
|
||||
</property>
|
||||
</action>
|
||||
<action name="actionToolsFirewallAclRules">
|
||||
<property name="text">
|
||||
<string>Firewall ACL Rules</string>
|
||||
</property>
|
||||
<property name="toolTip">
|
||||
<string>Create firewall ACL rules</string>
|
||||
</property>
|
||||
</action>
|
||||
</widget>
|
||||
<layoutdefault spacing="6" margin="11"/>
|
||||
<customwidgets>
|
||||
|
|
|
@ -106,6 +106,7 @@
|
|||
#include "file_set_dialog.h"
|
||||
#include "filter_action.h"
|
||||
#include "filter_dialog.h"
|
||||
#include "firewall_rules_dialog.h"
|
||||
#include "funnel_statistics.h"
|
||||
#include "gsm_map_summary_dialog.h"
|
||||
#include "iax2_analysis_dialog.h"
|
||||
|
@ -1217,8 +1218,8 @@ void MainWindow::setMenusForSelectedPacket()
|
|||
// set_menu_sensitivity(ui_manager_main_menubar, "/Menubar/ViewMenu/NameResolution/ResolveName",
|
||||
// frame_selected && (gbl_resolv_flags.mac_name || gbl_resolv_flags.network_name ||
|
||||
// gbl_resolv_flags.transport_name));
|
||||
// set_menu_sensitivity(ui_manager_main_menubar, "/Menubar/ToolsMenu/FirewallACLRules",
|
||||
// frame_selected);
|
||||
|
||||
main_ui_->actionToolsFirewallAclRules->setEnabled(frame_selected);
|
||||
|
||||
main_ui_->actionStatisticsTcpStreamRoundTripTime->setEnabled(is_tcp);
|
||||
main_ui_->actionStatisticsTcpStreamStevens->setEnabled(is_tcp);
|
||||
|
@ -3231,7 +3232,7 @@ void MainWindow::on_actionTelephonySipFlows_triggered()
|
|||
openVoipCallsDialog(true);
|
||||
}
|
||||
|
||||
// Bluetooth Menu
|
||||
// Wireless Menu
|
||||
|
||||
void MainWindow::on_actionBluetoothATT_Server_Attributes_triggered()
|
||||
{
|
||||
|
@ -3263,6 +3264,15 @@ void MainWindow::on_actionBluetoothHCI_Summary_triggered()
|
|||
bluetooth_hci_summary_dialog->show();
|
||||
}
|
||||
|
||||
// Tools Menu
|
||||
|
||||
void MainWindow::on_actionToolsFirewallAclRules_triggered()
|
||||
{
|
||||
FirewallRulesDialog *firewall_rules_dialog = new FirewallRulesDialog(*this, capture_file_);
|
||||
firewall_rules_dialog->show();
|
||||
}
|
||||
|
||||
|
||||
// Help Menu
|
||||
void MainWindow::on_actionHelpContents_triggered() {
|
||||
|
||||
|
|
Loading…
Reference in New Issue