Update to make _exp_ string a #define

Replaced all instances of "_exp_" with the #define EXPIRE_COMMENT_PREFIX so
that the prefix can easily be changed. so
that the prefix can easily be changed. so
that the prefix can easily be changed. so
that the prefix can easily be changed.

server/fw_util.h

@@ -36,6 +36,8 @@
 
 #define STANDARD_CMD_OUT_BUFSIZE    4096
 
+#define EXPIRE_COMMENT_PREFIX "_exp_"
+
 #if FIREWALL_IPTABLES
   #include "fw_util_iptables.h"
 #elif FIREWALL_IPFW

server/fw_util_ipfw.c

@@ -525,7 +525,7 @@ check_firewall_rules(fko_srv_options_t *opts)
 
     /* Find the first _exp_ string (if any).
     */
-    ndx = strstr(cmd_out, "_exp_");
+    ndx = strstr(cmd_out, EXPIRE_COMMENT_PREFIX);
 
     if(ndx == NULL)
     {
@@ -543,7 +543,7 @@ check_firewall_rules(fko_srv_options_t *opts)
     while (ndx != NULL) {
         /* Jump forward and extract the timestamp
         */
-        ndx +=5;
+        ndx += strlen(EXPIRE_COMMENT_PREFIX);
 
         /* remember this spot for when we look for the next
          * rule.
@@ -634,7 +634,7 @@ check_firewall_rules(fko_srv_options_t *opts)
         /* Push our tracking index forward beyond (just processed) _exp_
          * string so we can continue to the next rule in the list.
         */
-        ndx = strstr(tmp_mark, "_exp_");
+        ndx = strstr(tmp_mark, EXPIRE_COMMENT_PREFIX);
     }
 
     /* Set the next pending expire time accordingly. 0 if there are no

server/fw_util_ipfw.h

@@ -40,7 +40,7 @@ enum {
 
 /* ipfw command args
 */
-#define IPFW_ADD_RULE_ARGS           "add %u set %u pass %u from %s to me dst-port %u setup keep-state // _exp_%u"
+#define IPFW_ADD_RULE_ARGS           "add %u set %u pass %u from %s to me dst-port %u setup keep-state // " EXPIRE_COMMENT_PREFIX "%u"
 #define IPFW_ADD_CHECK_STATE_ARGS    "add %u set %u check-state"
 #define IPFW_MOVE_RULE_ARGS          "set move rule %u to %u"
 #define IPFW_MOVE_SET_ARGS           "set move %u to %u"

server/fw_util_iptables.c

@@ -798,7 +798,7 @@ check_firewall_rules(fko_srv_options_t *opts)
         if(opts->verbose > 2)
             log_msg(LOG_INFO, "RES=%i, CMD_BUF: %s\nRULES LIST: %s", res, cmd_buf, cmd_out);
 
-        ndx = strstr(cmd_out, "_exp_");
+        ndx = strstr(cmd_out, EXPIRE_COMMENT_PREFIX);
         if(ndx == NULL)
         {
             /* we did not find an expected rule.
@@ -815,7 +815,7 @@ check_firewall_rules(fko_srv_options_t *opts)
         while (ndx != NULL) {
             /* Jump forward and extract the timestamp
             */
-            ndx +=5;
+            ndx += strlen(EXPIRE_COMMENT_PREFIX);
 
             /* remember this spot for when we look for the next
              * rule.
@@ -901,7 +901,7 @@ check_firewall_rules(fko_srv_options_t *opts)
             /* Push our tracking index forward beyond (just processed) _exp_
              * string so we can continue to the next rule in the list.
             */
-            ndx = strstr(tmp_mark, "_exp_");
+            ndx = strstr(tmp_mark, EXPIRE_COMMENT_PREFIX);
         }
 
         /* Set the next pending expire time accordingly. 0 if there are no

server/fw_util_iptables.h

@@ -35,11 +35,11 @@
 
 /* iptables command args            
 */
-#define IPT_ADD_RULE_ARGS "-t %s -A %s -p %i -s %s --dport %i -m comment --comment _exp_%u -j %s 2>&1"
-#define IPT_ADD_OUT_RULE_ARGS "-t %s -A %s -p %i -d %s --sport %i -m comment --comment _exp_%u -j %s 2>&1"
-#define IPT_ADD_FWD_RULE_ARGS "-t %s -A %s -p %i -s %s -d %s --dport %i -m comment --comment _exp_%u -j %s 2>&1"
-#define IPT_ADD_DNAT_RULE_ARGS "-t %s -A %s -p %i -s %s --dport %i -m comment --comment _exp_%u -j %s --to-destination %s:%i 2>&1"
-#define IPT_ADD_SNAT_RULE_ARGS "-t %s -A %s -p %i -d %s --dport %i -m comment --comment _exp_%u -j %s %s 2>&1"
+#define IPT_ADD_RULE_ARGS "-t %s -A %s -p %i -s %s --dport %i -m comment --comment " EXPIRE_COMMENT_PREFIX "%u -j %s 2>&1"
+#define IPT_ADD_OUT_RULE_ARGS "-t %s -A %s -p %i -d %s --sport %i -m comment --comment " EXPIRE_COMMENT_PREFIX "%u -j %s 2>&1"
+#define IPT_ADD_FWD_RULE_ARGS "-t %s -A %s -p %i -s %s -d %s --dport %i -m comment --comment " EXPIRE_COMMENT_PREFIX "%u -j %s 2>&1"
+#define IPT_ADD_DNAT_RULE_ARGS "-t %s -A %s -p %i -s %s --dport %i -m comment --comment " EXPIRE_COMMENT_PREFIX "%u -j %s --to-destination %s:%i 2>&1"
+#define IPT_ADD_SNAT_RULE_ARGS "-t %s -A %s -p %i -d %s --dport %i -m comment --comment " EXPIRE_COMMENT_PREFIX "%u -j %s %s 2>&1"
 #define IPT_DEL_RULE_ARGS "-t %s -D %s %i 2>&1"
 #define IPT_NEW_CHAIN_ARGS "-t %s -N %s 2>&1"
 #define IPT_FLUSH_CHAIN_ARGS "-t %s -F %s 2>&1"

server/fw_util_pf.c

@@ -394,7 +394,7 @@ check_firewall_rules(fko_srv_options_t *opts)
 
     /* Find the first _exp_ string (if any).
     */
-    ndx = strstr(cmd_out, "_exp_");
+    ndx = strstr(cmd_out, EXPIRE_COMMENT_PREFIX);
 
     if(ndx == NULL)
     {
@@ -414,7 +414,7 @@ check_firewall_rules(fko_srv_options_t *opts)
     {
         /* Jump forward and extract the timestamp
         */
-        ndx +=5;
+        ndx += strlen(EXPIRE_COMMENT_PREFIX);
 
         /* remember this spot for when we look for the next
          * rule.
@@ -499,7 +499,7 @@ check_firewall_rules(fko_srv_options_t *opts)
         /* Push our tracking index forward beyond (just processed) _exp_
          * string so we can continue to the next rule in the list.
         */
-        ndx = strstr(tmp_mark, "_exp_");
+        ndx = strstr(tmp_mark, EXPIRE_COMMENT_PREFIX);
 
     }
 

server/fw_util_pf.h

@@ -37,7 +37,7 @@
 
 /* pf command args
 */
-#define PF_ADD_RULE_ARGS              "pass in quick proto %u from %s to any port %u keep state label _exp_%u"
+#define PF_ADD_RULE_ARGS              "pass in quick proto %u from %s to any port %u keep state label " EXPIRE_COMMENT_PREFIX "%u"
 #define PF_WRITE_ANCHOR_RULES_ARGS    "-a %s -f -"
 #define PF_LIST_ANCHOR_RULES_ARGS     "-a %s -s rules 2>&1"
 #define PF_LIST_ALL_RULES_ARGS        "-s rules 2>&1"  /* to check for fwknop anchor */