If you like BoxMatrix then please contribute Supportdata, Supportdata2, Firmware and/or Hardware (get in touch).
My metamonk@yahoo.com is not reachable by me since years. Please use hippie2000@webnmail.de instead.
Property:STATE FWACL FWACLCFG
| BoxMatrix >> System >> STATE_FWACL_FWACLCFG | @ BoxMatrix - IRC-Chat - Translate: de es fr it nl pl |
| News | Selectors | Models | Accessories | Components | Environment | Config | Commands | System | Webif | Software | Develop | Lexicon | Community | Project | Media |
| Devices | Filesystems | Partitions | Sockets | Netlink | Pipes | Interfaces | Bridges | Ports | Events | Sources | Sinks | AVMIPC | Processes | Watchdogs | Memory | Slab | Vmalloc | ProcFS | SysFS | Research |
AVMIPC-State
| AVMIPC-State: | STATE_FWACL_FWACLCFG - type State | Wiki | Freetz | IPPF | whmf | AVM | Web |
| Location: | System >> AVMIPC-Datastore - Origin: AVM | ||||||
| Listeners: | me_dsld.ctl, me_multid.ctl, me_pcpd.ctl | ||||||
| Properties: | Firmware: 7.01 - 7.90 | ||||||
| Function: | State of the firewall access control list (FWACL). | ||||||
Goto: JSON-Data - Dependencies - Model-Matrix - Help Supportdata2 - SMW-Browser
Details
STATE_FWACL_FWACLCFG provides the realtime state of the firewall access control list (FWACL) in JSON format.
So far this state always was empty in all probes so the purpose of this state still is an assumption.
This state is maintained by libavmfwacl.so.
All listeners if this state call the function fwacl_init, these are dsld, pcpd and showfwacl.
dsld calls the functions fwacl_client_allowed and fwacl_someone_allowed.
pcpd calls the functions fwacl_client_allowed and fwacl_peek_config.
showfwacl only calls fwacl_peek_config.
The sender of this state is multid which calls these functions:
fwacl_get_config,fwacl_set_configfwacl_find_client,fwacl_append_clientfwaclclient_append_ipaddr,fwaclclient_append_ip6addr,fwaclclient_append_ip6prefix
So the FWACL is a list of clients, with appended IPs or prefixes each. There are 2 related error messages in multid:
fwacl: can't find client for uniqid %u fwacl: can't find landevices for %s
dsld.service contains a comment explaining why multid.service needs to be started before dsld:
; multid sets up necessary network interfaces and sends fwacl configuration (IGD part)
JSON-Data
Sample output of a 7520 fw 7.29 calling aicmd avmipcd datastore query STATE_FWACL_FWACLCFG full.
If the sample contains a size info then it's a snippet of aicmd avmipcd datastore show full from Supportdata2.
STATE_FWACL_FWACLCFG : size 19, set by local , local:dsld local:pcpd
DATA: <<!EOF!
fwacl {
}
// EOF
!EOF!
Dependencies
Daily updated index of all dependencies of this state. Last update: 2024-04-19 04:27 GMT.
A ** in the Mod column marks info from Supportdata2 probes, which will always stay incomplete.
A - in the Mod column marks manual research, the Firmware then shows where the Object occurs, not the Relation.
| Relation | Typ | Object | Mod | Firmware | Info | Origin |
|---|---|---|---|---|---|---|
| Listener | sock | me_dsld.ctl | 21** | 7.01 - 7.90 | avmipc_command endpoint of dsld | AVM |
| Listener | sock | me_pcpd.ctl | 21** | 7.01 - 7.90 | avmipc_command endpoint of pcpd | AVM |
| Sender | lib | libavmfwacl.so | - | 6.35 - 7.90 | Maintains the firewall access control list (FWACL). | AVM |
| Sender | cmd | multid (avmcmd) | - | 1.133 - 7.90 | LAN management daemon. | AVM |
| 4 dependencies for this state | ||||||
Model-Matrix
Daily updated index of the presence, path and size of this state for each model. Last update: 2024-04-19 04:27 GMT.
Showing all models using this state. Click any column header (click-wait-click) to sort the list by the respective data.
The (main/scrpn/boot/arm/prx/atom) label in the Model column shows which CPU is meant for models with multiple Linux instances.
Note that this list comes from Supportdata2 probes, which can have arbitrary settings and come from different firmware versions.
It doesn't say much if a model is not listed here. It may be a missing supportdata2 file or just a disabled feature.
Help Supportdata2
The data in this article is incomplete since it was manually collected using the Supportdata2 project.
Unlike the Supportdata-Probes which have been collected for years Supportdata2 is brand new and only has a few probes.
If you have access to a shell then please help to extend the Supportdata2 collection to improve this data.
It's easy and it's done in minutes. Please send created data as an Email attachment to the address listed here. Thanks!
