projects
/
project
/
firewall3.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
ubus: store rule origin as comment
[project/firewall3.git]
/
snats.c
diff --git
a/snats.c
b/snats.c
index
c7f29c6
..
7dae2ee
100644
(file)
--- a/
snats.c
+++ b/
snats.c
@@
-26,6
+26,7
@@
const struct fw3_option fw3_snat_opts[] = {
FW3_OPT("family", family, snat, family),
FW3_OPT("src", device, snat, src),
FW3_OPT("family", family, snat, family),
FW3_OPT("src", device, snat, src),
+ FW3_OPT("device", string, snat, device),
FW3_OPT("ipset", setmatch, snat, ipset),
FW3_OPT("ipset", setmatch, snat, ipset),
@@
-103,32
+104,62
@@
check_families(struct uci_element *e, struct fw3_snat *r)
return true;
}
return true;
}
+
+static struct fw3_snat*
+alloc_snat(struct fw3_state *state)
+{
+ struct fw3_snat *snat = calloc(1, sizeof(*snat));
+
+ if (snat) {
+ INIT_LIST_HEAD(&snat->proto);
+ list_add_tail(&snat->list, &state->snats);
+ snat->enabled = true;
+ }
+
+ return snat;
+}
+
+
void
void
-fw3_load_snats(struct fw3_state *state, struct uci_package *p)
+fw3_load_snats(struct fw3_state *state, struct uci_package *p
, struct blob_attr *a
)
{
struct uci_section *s;
struct uci_element *e;
{
struct uci_section *s;
struct uci_element *e;
- struct fw3_snat *snat;
+ struct fw3_snat *snat, *n;
+ struct blob_attr *rule, *opt;
+ unsigned rem, orem;
INIT_LIST_HEAD(&state->snats);
INIT_LIST_HEAD(&state->snats);
- uci_foreach_element(&p->sections, e)
- {
- s = uci_to_section(e);
+ blob_for_each_attr(rule, a, rem) {
+ const char *type = NULL;
+ blobmsg_for_each_attr(opt, rule, orem)
+ if (!strcmp(blobmsg_name(opt), "type"))
+ type = blobmsg_get_string(opt);
- if (
strcmp(s->
type, "nat"))
+ if (
!type || strcmp(
type, "nat"))
continue;
continue;
- snat = malloc(sizeof(*snat));
+ if (!(snat = alloc_snat(state)))
+ continue;
- if (!snat)
+ if (!fw3_parse_blob_options(snat, fw3_snat_opts, rule))
+ {
+ fprintf(stderr, "ubus section skipped due to invalid options\n");
+ fw3_free_snat(snat);
continue;
continue;
+ }
+ }
- memset(snat, 0, sizeof(*snat));
+ uci_foreach_element(&p->sections, e)
+ {
+ s = uci_to_section(e);
- INIT_LIST_HEAD(&snat->proto);
+ if (strcmp(s->type, "nat"))
+ continue;
- snat->enabled = true;
+ if (!(snat = alloc_snat(state)))
+ continue;
if (!fw3_parse_options(snat, fw3_snat_opts, s))
{
if (!fw3_parse_options(snat, fw3_snat_opts, s))
{
@@
-136,7
+167,10
@@
fw3_load_snats(struct fw3_state *state, struct uci_package *p)
fw3_free_snat(snat);
continue;
}
fw3_free_snat(snat);
continue;
}
+ }
+ list_for_each_entry_safe(snat, n, &state->snats, list)
+ {
if (!snat->enabled)
{
fw3_free_snat(snat);
if (!snat->enabled)
{
fw3_free_snat(snat);
@@
-219,8
+253,6
@@
fw3_load_snats(struct fw3_state *state, struct uci_package *p)
set(snat->_src->flags, FW3_FAMILY_V4, FW3_FLAG_SNAT);
snat->_src->conntrack = true;
}
set(snat->_src->flags, FW3_FAMILY_V4, FW3_FLAG_SNAT);
snat->_src->conntrack = true;
}
-
- list_add_tail(&snat->list, &state->snats);
}
}
}
}
@@
-308,6
+340,7
@@
print_snat(struct fw3_ipt_handle *h, struct fw3_state *state,
r = fw3_ipt_rule_create(h, proto, NULL, NULL, src, dst);
fw3_ipt_rule_sport_dport(r, spt, dpt);
r = fw3_ipt_rule_create(h, proto, NULL, NULL, src, dst);
fw3_ipt_rule_sport_dport(r, spt, dpt);
+ fw3_ipt_rule_device(r, snat->device, true);
fw3_ipt_rule_ipset(r, &snat->ipset);
fw3_ipt_rule_limit(r, &snat->limit);
fw3_ipt_rule_time(r, &snat->time);
fw3_ipt_rule_ipset(r, &snat->ipset);
fw3_ipt_rule_limit(r, &snat->limit);
fw3_ipt_rule_time(r, &snat->time);